110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/reg-tools/ drwxr-xr-x Free 52.66 GB of 127.8 GB (41.2%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/reg-tools/ drwxr-xr-x
Free 52.66 GB of 127.8 GB (41.2%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: addCourseCSV.php (4.62 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
if (isset($_REQUEST["submit"])) {
	//print_r($_REQUEST);
	//echo "<br>";
	if (isset($_FILES['fileUpload'])) {

		$file = strtolower($_FILES["fileUpload"]["name"]);
		$type = strrchr($file, ".");
		if (($type == ".csv")) {
			$objFopen = fopen($_FILES["fileUpload"]["tmp_name"], 'r');
			if ($objFopen) {
				while (!feof($objFopen)) {
					$tmp[] = fgetcsv($objFopen);
				}
				fclose($objFopen);

				$sql = "SELECT * FROM rg_Curriculum WHERE curId = '" . $_REQUEST["curSelect"] . "'";
				$link->query($sql);
				$rsCur = $link->getnext();

				echo "<br/>&nbsp;&nbsp;&nbsp; ***** นำเข้าข้อมูลรายวิชา " . $rsCur->curName . " ******<br/>";

				for ($i = 1; $i < count($tmp); $i++) {

					$sql = "SELECT * FROM rg_CurriculumStructure WHERE csCurId = '" . $_REQUEST["curSelect"] . "' AND csSeq = '" . $tmp[$i][11] . "'";
					$link->query($sql);
					$rsCs = $link->getnext();

					$sql = "INSERT INTO rg_Course VALUES ('','" . $tmp[$i][1] . "','" . $tmp[$i][2] . "','" . $tmp[$i][3] . "','" . $tmp[$i][4] . "','','','','','" . $tmp[$i][7] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][8] . "','" . $tmp[$i][9] . "','" . $tmp[$i][10] . "','" . $tmp[$i][5] . "','Y','','" . $rsCs->csCdId1 . "','1',now(),'reg-tools',now(),'reg-tools')";
					$link->query($sql);

					$sql = "INSERT INTO rg_ProgramCourses VALUES ('" . $rsCs->csCurId . "','" . $rsCs->csCdId1 . "','" . $rsCs->csCdId2 . "','" . $link->last_insert_id() . "','C','C','Y')";
					$link->query($sql);


					echo "&nbsp;&nbsp;&nbsp;" . $i . ".บันทึกข้อมูลสำเร็จ -> " . $tmp[$i][1] . " " . $tmp[$i][3] . "<br>";
				}
			}
		} else {
			echo '<br><br><hr><div align="center" style="color:#F00;">การอัพโหลดไม่สำเร็จ !!!<br>กรุณาอัพโหลดไฟล์ CSV เท่านั้น</div>';
		}
	}
} else {
?>
	<form method="post" name="regForm" id="regForm" action="" enctype="multipart/form-data" class="needs-validation" novalidate>
		<div class="container">
			<p class="fs-3">เพิ่มข้อมูลรายวิชา</p>
			<div class="input-group mb-3">
				<label for="inputGroupSelect01" class="input-group-text">หลักสูตร</label>
				<select class="form-select" name="curSelect" id="curSelect" aria-label="Default select example" required>
					<option selected disabled value="">-- เลือก --</option>
					<?php
					$sql = "SELECT * FROM rg_Curriculum WHERE curStatus = 'Y'";
					$link->query($sql);
					while ($data = $link->getnext()) {
						echo "<option value='" . $data->curId . "'>" . $data->curName . "</option>";
					}
					?>
				</select>
				<div class="invalid-feedback">
					กรุณาเลือกหลักสูตร
				</div>
			</div>
			<!--<div class="input-group mb-3" id="condition">
					<label for="inputGroupSelect02" class="input-group-text">หมวดวิชา</label>
					<select class="form-select" name="conSelect" id="conSelect" aria-label="Default select example" required>
						<option selected disabled value="">-- เลือก --</option>
						<?php
						/*$sql = "SELECT * FROM rg_Condition Where cdNameE LIKE '%วสส.ชลบุรี%' ORDER BY cdId DESC";
						$link->query($sql);
						while ($data = $link->getnext()) {
							echo "<option value='" . $data->cdId . "'>" . $data->cdName . "</option>";
						}*/
						?>
					</select>
					<div class="invalid-feedback">
						กรุณาเลือกหมวดวิชา
					</div>
				</div>-->
			<div class="input-group mb-3">
				<label class="input-group-text" for="inputGroupFile01">อัพโหลดไฟล์รายวิชา (csv)</label>
				<input type="file" class="form-control" name="fileUpload" id="fileUpload" accept=".csv" required>
				<div class="invalid-feedback">
					กรุณาเลือกไฟล์ csv
				</div>
			</div>
			<div class="col-12 text-center">
				<button class="btn btn-primary" type="submit" name="submit">Import</button>
			</div>
		</div>
	</form>

	<script>
		(() => {
			'use strict'

			// Fetch all the forms we want to apply custom Bootstrap validation styles to
			const forms = document.querySelectorAll('.needs-validation')

			// Loop over them and prevent submission
			Array.from(forms).forEach(form => {
				form.addEventListener('submit', event => {
					if (!form.checkValidity()) {
						event.preventDefault()
						event.stopPropagation()
					}

					form.classList.add('was-validated')
				}, false)
			})
		})()
	</script>

<?php
}
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--