!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/version_client/application/views/version/   drwxr-xr-x
Free 50.79 GB of 127.8 GB (39.74%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_cli_upd.php (4.84 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script language="javascript">
    jQuery(document).ready(function(){
    
        jQuery(":checkbox[class^='chkUpd']").bind('click',function(){
            
            var objClass = jQuery(this).attr("class");
            jQuery("."+objClass).attr("checked",this.checked);
            var num = jQuery(":checked[class^='chkUpd']").length;
            if( num <= 0)
                jQuery("#btnSubmit").attr("disabled","disabled");
            else
                jQuery("#btnSubmit").attr("disabled","");
        });
    });
    function chkSelect(target,flag)
    {
        jQuery(":checkbox[class^='"+target+"']").attr("checked",flag);
        if(flag == 0)
            jQuery("#btnSubmit").attr("disabled","disabled");
        else
            jQuery("#btnSubmit").attr("disabled","");
    }
</script>
    <div class='ver_center' style="font-weight:bold;margin:10px auto;font-size:18px;"><?php echo isset($tb_header)?$tb_header:'';?></div>
    <?php
        if(isset($flag_upd) && $flag_upd ==1)
            echo form_open($this->config->item('ver_folder').'ver_client/process_query');
    ?>
    <table class="ver_table" style="width:100%;">
    <?php
        if(isset($flag_upd) && $flag_upd ==1)
        {
    ?>
        <col/>
    <?php
        }
    ?>
        <col style="width:8%;"/>
        <col style="width:15%;"/>
        <col/>
        <col/>
        <col style="width:15%;"/>
        <col style="width:15%;"/>
        <thead>
            <tr>
            <?php
                $num_col 6;
                if(isset($flag_upd) && $flag_upd ==1)
                {
                    $num_col 7;
            ?>
                <th></th>
            <?php
                }
            ?>
                <th>ลำดับที่</th>
                <th>วันที่อัพเดท</th>
                <th>ชื่อตาราง</th>
                <th>ชนิดคำสั่ง</th>
                <th>สถานะการอัพเดท</th>
                <th>รายละเอียด</th>
            </tr>
        </thead>
        <tbody>
        <?php
            if(isset($rs_udt) && $rs_udt->num_rows())
            {
                $sys_id '';
                foreach($rs_udt->result() as $row)
                {
                    if($sys_id != $row->csys_id)
                    {
                        $sys_id $row->csys_id;
        ?>
            <tr>
                <td colspan="<?php echo $num_col;?>" style="text-align:left;font-weight:bold;">
                <?php
                    if(isset($flag_upd) && $flag_upd ==1)
                    {
                ?>
                    <input type="checkbox" name="chkheader[]" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $sys_id;?>" />&nbsp;&nbsp;
                <?php
                    }
                    echo $row->csys_th_name;?>
                </td>
            </tr>
        <?php
                    }
        ?>
            <tr>
        <?php
                    if(isset($flag_upd) && $flag_upd ==1)
                    {
        ?>
                <td style="text-align:center;"><input type="checkbox" name="chkUpd[]" class="chkUpd_<?php echo $sys_id;?>" value="<?php echo $row->udt_id;?>"/></td>
        <?php
                    }
        ?>
                <td style="text-align:center;"><?php echo $row->udt_tx_id;?></td>
                <td><?php echo abbreDate(splitDateDb2($row->udt_date)).' '.$row->udt_time;?></td>
                <td style="text-align:left;"><?php echo $row->udt_tx_tb_name;?></td>
                <td style="text-align:center;"><?php echo $row->udt_tx_opt;?></td>
                <td style="text-align:center;">
                <?php 
                    if(strtolower($row->udt_status)=='u')
                    {
                ?>
                <img src="<?php echo base_url().$this->config->item('ver_pic_cp');?>" title="อัพเดทเสร็จสิ้น" alt="อัพเดทเสร็จสิ้น" width="16" height="16" />
                <?php
                    }
                    else
                    {
                ?>
                <img src="<?php echo base_url().$this->config->item('ver_no_db');?>" title="อัพเดทเสร็จสิ้น" alt="อัพเดทเสร็จสิ้น" width="16" height="16" />
                <?php
                    }
                ?>
                </td>
                <td style="text-align:center;">
                <?php 
                    $title  "รายละเอียดคำสั่ง";
                    $pop_url site_url($this->config->item('ver_folder').'ver_client/detail_query');
                    echo anchor('#',"<img src=\"".base_url().$this->config->item('ver_pic_view')."\" class=\"noborder preventDf\" width=\"16\" height=\"16\" alt=\"".$title."\" title=\"".$title."\" onclick=\"sendPost('frmPopup',{'udt_id':'".$row->udt_id."'},'".$pop_url."',{})\" />");        
                ?>
                </td>
            </tr>
        <?php
                }
            }
        ?>
        </tbody>
    </table>
        <?php
            if(isset($flag_upd) && $flag_upd ==1)
            {
        ?>
    <div>
        <input type="button" name="btnChkAll" id="btnChkAll" value="เลือกทั้งหมด" onclick="chkSelect('chkUpd',1)"/>
        <input type="button" name="btnUnChkAll" id="btnChkAll" value="ไม่เลือกทั้งหมด" onclick="chkSelect('chkUpd',0)"/>
    </div>
        <?php
            }
            if(isset($limit))
            {
        ?>
    <div style="text-align:right;margin-top:20px;">
        <?php
            echo anchor($this->config->item('ver_folder').'ver_client/show_update',"<img src=\"".base_url().$this->config->item('ver_pic_view')."\" class=\"noborder\" width=\"16\" height=\"16\" />ดูประวัติการเปลี่ยนแปลงข้อมูลพื้นฐานกลางทั้งหมด","");
        ?>
    </div>
        <?php
            }
        ?>

<?php
    if(isset($flag_upd) && $flag_upd ==1)
    {
?>
    <div style="text-align:center;"><input type="submit" name="btnSubmit" id="btnSubmit" value="อัพเดทข้อมูล" disabled="disabled"/></div>
<?php
        echo form_close();
    }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0154 ]--