Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/webservice/ drwxr-xr-x |
Viewing file: testwebservice.php (2 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <?php require_once('nusoap.php'); function bio_student($studentId) { $host="localhost"; $username="root"; $pass_word=""; $db="reg"; mysql_query("SET NAMES TIS620"); mysql_connect( $host,$username,$pass_word) or die ("ติดต่อกับฐานข้อมูล Mysql ไม่ได้ "); mysql_select_db($db) or die("เลือกฐานข้อมูลไม่ได้"); //$sql = "SELECT * FROM StudentMaster, StudentBio WHERE (StudentId like '%$studentId%') and (StudentCode =StudentCode) and (StudentMaster.studentId=StudentBio.studentId) ORDER BY studentId"; $sql = "SELECT * FROM StudentMaster WHERE (studentId='492101001') and (StudentMaster.studentId=StudentBio.studentId)"; $dbquery = mysql_query($sql); $information = '<?xml version="1.0" encoding="windows-874"?>'; $information .= '<Biography>'; $StudentID = '1'; while($result= mysql_fetch_array($dbquery)) { $StudentID = $result["studentId"]; $information .= '<student>'; $information .= '<code>'; $information .= $result["studentCode"]; $information .= '</code>'; $information .= '<Name>'; $information .= $result["studentName"]; $information .= '</Name>'; $information .= '<Surname>'; $information .= $result["studentSurname"]; $information .= '</Surname>'; $information .= '<phone>'; $information .= $result["HomePhoneNo"]; $information .= '</phone>'; $information .= '<Email>'; $information .= $result["ParentEmail"]; $information .= '</Email>'; $information .= '</student>'; } $information .= '</Biography>'; return $information; } $server = new soap_server; $server->configureWSDL('bio_student_wsdl', 'urn:bio_student_wsdl'); $server->register('bio_student', array('studentid' => 'xsd:string'), array('information' => 'xsd:string'), 'http://61.19.29.30/webservice/', 'http://61.19.29.30/webservice/', 'rpc', 'encoded', 'Search_For_bio_student'); $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; $server->service($HTTP_RAW_POST_DATA); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |