!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/mistk/eoffice/admin/   drwxr-xr-x
Free 53.7 GB of 127.8 GB (42.02%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processCheckRunningPsId.php (3.55 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
echo "<meta http-equiv='refresh' content='0; URL=editRunningDocConfirm.php'>";
/*
include_once "template.php";
include_once "../link/function.php";

if($pwd==""){
session_unregister("Pass");

include_once "../class/clsPerson.php";
include_once "../class/clsSysConfig.php";
//include_once "connectums.php";

include_once "../class/clsUmuser.php";

$oCu = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_UMS'], $GLOBALS['DBUSER_UMS'], $GLOBALS['DBPASS_UMS']);
$oUm = new umuser($oCu);
$oUm->SearchByUsPsCode($editRunningPsId);
$oUm->GetRecord();


$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);
$oPS = new person($oC);
$oCc = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);
$oSys = new sysConfig($oCc);



//$oUm = new umuser($oCu);

$editRunningPsId = $oSys->SearchByeditRunningPsId();
$oPS->SearchByKey($editRunningPsId);  $oPS->GetRecord();



?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<iframe id="addrunningDoc" name="addrunningDoc" src="" style="width:$0px;height:0px;border:0"></iframe>
<br>
<fieldset>
      <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="?mm=1">ตั้งค่าการใช้งานระบบ</a>
      <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="?mm=1">แก้ไขข้อมูลทะเบียนหนังสือกรณีพิเศษ</a>
<img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle">แก้ไขข้อมูลทะเบียนหนังสือของวิทยาลัย
</font></legend><br>
     <table width="70%" border="0" align="center">
  
  <form name="ff"  method="post">
      <tr>
    <td align="center" colspan="2" height="22">
    <font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">
    <? if($checkfalse=="1"){  echo "รหัสผ่านไม่ถูกต้อง";  }?>
    </font>
    </td>
    </tr>
    <tr>
      <td height="22" align="right"><strong> 
        ผู้มีสิทธิ์ในการแก้ไขทะเบียนหนังสือ :: </strong> 
        </td>
        <td align="left">&nbsp;<? echo "&nbsp;&nbsp;".GetPrefix($oPS->prefixId).$oPS->fName."&nbsp;".$oPS->lName; ?></td>
    </tr>
    <tr> 
      <td width="280" height="22" align="right"><strong>รหัสผ่าน ::</strong></td>
   <td align="left">&nbsp;<input name="pwd" type="password" size="15"></td>
    </tr>
    <tr> 
      <td colspan="3"><div align="center"><br>
          <input type="submit" name="add" value="ลงชื่อเข้าใช้" onClick="return checkSubmitAll();">
          <input type="reset" name="clear" value="เคลียร์ข้อมูล">
          <input type="button" name="cancel" value="ยกเลิก" onClick="location.href = 'runningDoc.php'">
          <input type="hidden" name="method" value="checkpwd">
           <input type="hidden" name="UsPsCode" value="<? echo $oUm->UsPsCode; ?>">
        </div></td>
    </tr>
 </form> </table>
</fieldset>
<script language="JavaScript">
function checkSubmitAll(){
    if(document.ff.pwd.value == ""){
        alert("กรุณากรอกรหัสผ่าน");
        document.ff.pwd.focus();
        return false;
    }
}
</script>
<? }else{    //$oUs->SearchByLogin($username, $password);
         $oUs->SearchByLogin($username, $password);
        //if($oU->SearchByPsCodeAndPasswd($UsPsCode , $pwd)){
            session_register("Pass");
            $Pass=1;
            echo "<meta http-equiv='refresh' content='0; URL=editRunningDocConfirm.php'>";
        }else{
            echo "<meta http-equiv='refresh' content='0; URL=processCheckRunningPsId.php?checkfalse=1'>";
        }
 } 
 
 */
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0095 ]--