Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/ws_standard_on_mis/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php $information = '<?xml version="1.0" encoding="windows-874"?>'; //Project_budget $information .= "\n<Project_budget>"; //project $information .= "\n<projects>"; $dsn_name = "project"; $username =""; $password =""; $connect= odbc_connect($dsn_name, $username, $password) or die("µÔ´µèÍ DSN äÁèä´é"); //selece_database_project $sql = "SELECT TProject.id as a, TProject.NameT ,TProject.NameE ,TProject.Type_id, TProject.TypeSub_id, TProject.budget3 , TProject.budget4, TProject.budget2 FROM TProject, TTypeProject, TTypeProjectSub WHERE (TProject.Type_id=TTypeProject.id) and (TProject.TypeSub_id=TTypeProjectSub.id)and (TProject.Type_id='1') and (TProject.TypeSub_id='01') "; $execute = odbc_exec($connect, $sql) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); $i=1; $num1=0; while($row = odbc_fetch_array($execute)) { $TProject_id=$row['a']; $TProject_NameT=$row["NameT"]; $TProject_NameE=$row["NameE"]; $TProject_Type_id=$row["Type_id"]; $TProject_TypeSub_id=$row["TypeSub_id"]; $TProject_budget2=$row["budget2"]; $TProject_budget3=$row["budget3"]; $TProject_budget4=$row["budget4"]; //selece_database_TTypeProject $sql2 = "SELECT * FROM TTypeProject WHERE (id='$TProject_Type_id')"; $execute2 = odbc_exec($connect, $sql2) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row2 = odbc_fetch_array($execute2)) { $TTypeProject_id=$row2["id"]; $TTypeProject_name=$row2["name"]; } //selece_database_TTypeProjectSub $sql3 = "SELECT * FROM TTypeProjectSub WHERE (id='$TProject_TypeSub_id')"; //$sql = "SELECT * FROM TProject"; $execute3 = odbc_exec($connect, $sql3) or die ("àÍç¡«Ô¤ÔÇÊì¤ÓÊÑè§äÁèä´é"); while($row3 = odbc_fetch_array($execute3)) { $TTypeProjectSub_id=$row3["id"]; $TTypeProjectSub_name=$row3["name"]; } $num1++; $information .= "\n<project>"; $information .= "\n<project_id>"; $information .= "$TProject_id"; $information .= "\n</project_id>"; $information .= "\n<project_tname>"; $information .= "$TProject_NameT"; $information .= "\n</project_tname>"; $information .= "\n<project_ename>"; $information .= "$TProject_NameE"; $information .= "\n</project_ename>"; $information .= "\n<project_type_id>"; $information .= "$TProject_Type_id"; $information .= "\n</project_type_id>"; $information .= "\n<project_type_name>"; $information .= "$TTypeProject_name"; $information .= "\n</project_type_name>"; $information .= "\n<budget2>"; $information .= "$TProject_budget2"; $information .= "\n</budget2>"; $information .= "\n<budget3>"; $information .= "$TProject_budget3"; $information .= "\n</budget3>"; $information .= "\n<budget4>"; $information .= "$TProject_budget4"; $information .= "\n</budget4>"; $information .= "\n</project>"; $TProject_budget2_sum=$TProject_budget2_sum+$TProject_budget2; $TProject_budget3_sum=$TProject_budget3_sum+$TProject_budget3; $TProject_budget4_sum=$TProject_budget4_sum+$TProject_budget4; } //end_selece_database_project $information .= "\n</projects>"; //sum_Project_budget $information .= "\n<budget2_sum>"; $information .= "$TProject_budget2_sum"; $information .= "\n</budget2_sum>"; $information .= "\n<budget3_sum>"; $information .= "$TProject_budget3_sum"; $information .= "\n</budget3_sum>"; $information .= "\n<budget4_sum>"; $information .= "$TProject_budget4_sum"; $information .= "\n</budget4_sum>"; $information .= "\n</Project_budget>"; echo "$information"; ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]-- |