!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/mistk/eoffice/admin/   drwxr-xr-x
Free 50.78 GB of 127.8 GB (39.74%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addcollege_c.php (5.51 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "template.php";
include_once 
"../class/clsTable.php";
include_once 
"../link/functionshow.php";
include_once 
"funct.php";
include_once 
"../link/keyThai.php";
include_once 
"../class/clsCollegeDetail.php";
include_once 
"../class/clsSysConfig.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oCd = new collegedetail($oC);
$oCd2 = new collegedetail($oC);
$oSys = new sysConfig($oC);

$oSys->RSsysConfig();
$oSys->GetRecord();
?>
<?
if($method=="addpbriHost"){
        if(
$actionpbriHost=="บันทึก"){
            
$oSys->RSsysConfig();
            
$oSys->GetRecord();
            
$oSys->Edit();
            
$oSys->pbriHost=$pbriHost;
            
$oSys->Save();
?>
        <script language="JavaScript">
        parent.location.href ="addcollege_c.php";
        </script>
<?
        
}else if($actionpbriHost=="แก้ไข"){
            if(
$e==1){
                
$oSys->RSsysConfig();
                
$oSys->GetRecord();
                
$oSys->Edit();
                
$oSys->pbriHost=$pbriHost;
                
$oSys->Save();
?>
        <script language="JavaScript">
        parent.location.href ="addcollege_c.php";
        </script>
<?        
            
}
?>
        <script language="JavaScript">
        parent.location.href ="addcollege_c.php?e=1";
        </script>
<?        
        
}     

}

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<iframe id="configCollege" name="configCollege" src="" style="width:$0px;height:0px;border:0"></iframe>
<br>
<table  width=703  align="center">
<tr><td height="150">
<fieldset>
      <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="?mm=1">ตั้งค่าการใช้งานระบบ</a>
      <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle">กำหนดข้อมูลวิทยาลัย</font></legend>
      <form name="ff" action="addcollege_c.php" method="post" target="configCollege"><?  //   ?>
      <table width="95%"  border="0" align="center" >
      <tr><td>ชื่อเครื่อง server (สบช.)&nbsp;<input name="pbriHost" type="text" value="<?  echo $oSys->pbriHost?><? if($e!="1" && $oSys->pbriHost!=''){ echo "disabled";    }?> >
      <input name="method"  type="hidden" value="addpbriHost">
      <input name="e"  type="hidden" value="<? echo $e;?>">
      <? if($oSys->pbriHost==''){  $act="บันทึก"; }else{  $act="แก้ไข"; }  ?>
      <input name="actionpbriHost" type="submit" value="<? echo $act?>" ></td></tr>
      </table>
      </form>
      
      <? if($oSys->pbriHost!=''){   
?>      
      <form name="ff" action="processAddCollege.php" method="post" target="configCollege"><? // ?>
<?                  
if($r!=''){ 
?>
      <table width="95%"  border="0" align="center" >
                      <tr><td align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">
                    <strong>
                    <? if($r==1){  echo "เกิดความผิดพลาดในการส่งข้อมูล<br>กรุณากดปุ่มอัพเดทโปรแกรมอีกครั้ง"
                            }else if(
$r==2){  echo "ไม่สามารถติดต่อกับเครื่อง server ได้<br>กรุณาตรวจสอบชื่อเครื่อง Server อีกครั้ง"
                            }else if(
$r==3){  echo "ข้อมูลวิทยาลัยถูกอัพเดทแล้ว"; }
                    
?></strong></font></td></tr>
      </table>
<?  ?>
      <table width="95%"  border="0" align="center" >
      <tr><td align="center"><input name="add" type="submit" value="อัพเดทข้อมูลวิทยาลัย" ></td></tr>
      </table>
      <input type="hidden" name="method" value="updatecollege">
      </form>       
        <table width="95%" height="100%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA" style="border-collapse:collapse">
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_15"];?>">
                            <td align="center" width="5%"><strong>รหัสวิทยาลัย</strong></td>
                            <td align="center" width="35%"><strong>ชื่อวิทยาลัย</strong></td>
                            <td align="center" width="15%"><strong>ชื่อย่อวิทยาลัย</strong></td>
                            <td align="center" width="20%"><strong>ip ของวิทยาลัย</strong></td>
                            <td align="center" width="10%"><strong>สถานะ<br>การใช้งาน</strong></td>
                        </tr>
                        <?     
                                $i
=0;
                                
$oCd->RScollegedetail();
                                while(
$oCd->GetRecord()){
                                      if((
$i%2) == 0)
                                              echo 
"<tr>";
                                        else
                                              echo 
"<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_16"]."\">";                                        
                        
?>
                        <td align="center"><? echo $oCd->collegeID?></td>
                        <td>&nbsp;<? echo $oCd->collegeName?></td>
                        <td>&nbsp;<? echo $oCd->collegeAbbr;  ?></td>
                        <td>&nbsp;<? echo $oCd->collegeHost;  ?></td>
                        <td align="center"><? if($oCd->collegeType=="Y"){ ?><img src="../picture/apply.gif" alt="ใช้งาน"><? }else{ ?><img src="../picture/delete.gif" alt="ไม่ถูกใช้งาน"><? ?>
                    </td></tr>    
                        <?  $i++;} if($i==0){ ?>
                        <tr><td align="center" bgcolor="#FFFFFF" colspan="5"><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">** ไม่มีข้อมูลวิทยาลัย **</font></td></tr>
                        <? ?>
                    </table><? ?> 
      <table border="0" align="center" width="100%"><tr><td align="center">
    <br>
                <input type="hidden" name="method">
                <input type="hidden" name="editID">
                <input type="button" name="cancel" value="กลับสู่เมนูหลัก" onClick="location.href = '?mm=1'">
            </td>
        </tr></table>
      
</fieldset> 
        <br>

</td>
</tr>
</table>
</body>
</html>

<script language="javascript">
 function checkFormat(editID){ 
                var agree=confirm("คุณต้องการแก้ไขข้อมูลวิทยาลัยแน่นอนใช่หรือไม่ ?");
                if (agree){
                    document.ff.editID.value=editID;
                    document.ff.method.value="addcollege";
                    document.ff.submit();
                    return true;
                }else{
                    return false ;
                }     

}
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0106 ]--