.:: :[ AK-74 Security Team Web-shell ]: ::.

General information File manager phpinfo() Run PHP Execute the command

Edit the file

<?php set_time_limit(0); session_start(); include ('../init.php'); include ('fn_common.php'); include ('../tools/email.php'); include ('../tools/sms.php'); checkUserSession(); checkUserCPanelPrivileges(); loadLanguage($_SESSION["language"], $_SESSION["units"]); //echo '<pre>'; //print_r($_POST); //die(); if (!empty($_POST['cmd'])) $cmd = $_POST['cmd']; //echo $cmd; //die(); if ($_POST['cmd'] == 'userregisteration') { if (!empty($_POST['user_id'])) { $user_id = $_POST['user_id']; $wasltype = $_POST['activity']; if (!empty($_POST['sfdaCompanyActivity'])) { $sfdaCompanyActivity = $_POST['sfdaCompanyActivity']; } unset($_POST['cmd']); unset($_POST['user_id']); $data = json_encode($_POST); $WASL_KEY = $gsValues['WASL_KEY']; $connect_url = "https://wasl.tga.gov.sa/api/tracking/v1/operating-companies"; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => $connect_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_HTTPHEADER => array( "x-api-key: $WASL_KEY", "cache-control: no-cache", "content-type: application/json", ), )); $response = curl_exec($curl); print_r($response); die(); $response1 = $response; $response = json_decode($response); $response = objectToArray($response); if (!empty($response['result'])) $referenceKey = $response['result']['referenceKey']; $q = "UPDATE `gs_users` SET `info`='$data' WHERE (`id`=' $user_id')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); if (!empty($referenceKey)) { $r = mysqli_query($ms, $q); // $q = "INSERT INTO `clients` (`identityNumber`, `commercialRecordNumber`, `commercialRecordIssueDateHijri`, `phoneNumber`, `extensionNumber`, `emailAddress`, `managerName`, `managerPhoneNumber`, `managerMobileNumber`, `referenceKey`) VALUES ('$identityNumber', '$commercialRecordNumber', '$commercialRecordIssueDateHijri', '$phoneNumber', '$extensionNumber', '$emailAddress', '$managerName', '$managerPhoneNumber', '$managerMobileNumber', '$referenceKey')"; if ($wasltype == 'DEFAULT') $q = "UPDATE `gs_users` SET `wasl`='1' ,`referenceKey`='$referenceKey' WHERE (`id`=' $user_id')"; if ($wasltype == 'TOW_CAR') $q = "UPDATE `gs_users` SET `wasltow`='1',`referenceKey`='$referenceKey' WHERE (`id`=' $user_id')"; if ($wasltype == 'SFDA') $q = "UPDATE `gs_users` SET `waslsfda`='1',`sfdaCompanyActivity`='$sfdaCompanyActivity', `referenceKey`='$referenceKey' WHERE (`id`=' $user_id')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); if ($r) print_r($response1); } else { print_r($response1); } } } if ($cmd == 'carregisteration') { unset($_POST['cmd']); $number = $_POST['vehiclePlate']['number']; $rightLetter = $_POST['vehiclePlate']['rightLetter']; $middleLetter = $_POST['vehiclePlate']['middleLetter']; $leftLetter = $_POST['vehiclePlate']['leftLetter']; $sequenceNumber = $_POST['sequenceNumber']; $plateType = $_POST['plateType']; $imei = $_POST['imeiNumber']; $activity = $_POST['activity']; $data = json_encode($_POST); $WASL_KEY = $gsValues['WASL_KEY']; $company_referenceKey = $_SESSION['referenceKey']; $connect_url = "https://wasl.tga.gov.sa/api/tracking/v1/operating-companies/$company_referenceKey/vehicles"; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => $connect_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_HTTPHEADER => array( "x-api-key: $WASL_KEY", "cache-control: no-cache", "content-type: application/json", ), )); $response = curl_exec($curl); // $response='{ //"resultCode": "success", //"result": { //"isValid": false, //"rejectionReason": "latitude_not_send", //"referenceKey": "f08fd0c5-1ad7-44c7-94ad-52ee8fd0afd9", //"vehicleInfo": { //"licenseExpiryDateHijri": "1443-08-15", //"brandArabic": "رأس ", //"manufacturerArabic": "مرسيدس ", //"modelYear": 2019, //"colorArabic": "احمر " //} //}, //"success": true //}'; $response1 = $response; $response = json_decode($response); $response = objectToArray($response); // print_r($response); // die(); if (!empty($response['result']['referenceKey'])) $referenceKey = $response['result']['referenceKey']; else { print_r($response1); } if (!empty($referenceKey)) { $q = "UPDATE `gs_objects` SET `objectwaslnumber`='$number', `rightLetter`='$rightLetter', `middleLetter`='$middleLetter', `leftLetter`='$leftLetter', `sequenceNumber`='$sequenceNumber', `plateType`='$plateType', `activity`='$activity', `referenceKey`='$referenceKey' WHERE (`imei`='$imei')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); print_r($response1); } else { print_r($response1); } } //register at driver if ($cmd == 'driverregisteration') { unset($_POST['cmd']); // echo '<pre>'; // print_r($_POST); // die(); $identityNumber = $_POST['identityNumber']; $dateOfBirthHijri = $_POST['dateOfBirthHijri']; $mobileNumber = $_POST['mobileNumber']; $data = json_encode($_POST); $WASL_KEY = $gsValues['WASL_KEY']; $company_referenceKey = $_SESSION['referenceKey']; $user_id = $_SESSION['user_id']; $connect_url = "https://wasl.tga.gov.sa/api/tracking/v1/operating-companies/$company_referenceKey/drivers"; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => $connect_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_HTTPHEADER => array( "x-api-key: $WASL_KEY", "cache-control: no-cache", "content-type: application/json", ), )); $response = curl_exec($curl); $response = json_decode($response); $response = objectToArray($response); if (!empty($response['result'])) $referenceKey = $response['result']['referenceKey']; if (!empty($referenceKey)) { // $q = "UPDATE gs_user_object_drivers` SET `driver_idn`='$identityNumber', `dateOfBirthHijri`='$dateOfBirthHijri',`driver_phone`='$mobileNumber',`referenceKey`='$referenceKey' WHERE (`user_id`='$user_id')"; //echo $q; //die(); $q = "INSERT INTO `gs_user_object_drivers` (`user_id`, `driver_idn`, `driver_phone`, `dateOfBirthHijri`, `referenceKey`) VALUES ('$user_id', '$identityNumber', '$mobileNumber', '$dateOfBirthHijri', '$referenceKey')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); if ($r) echo true; } else { echo false; } } //delete car if ($cmd == 'cardelete') { unset($_POST['cmd']); $VEHICLE_REFERENCE_KEY = $_POST['VEHICLE_REFERENCE_KEY']; $imei = $_POST['imeiNumber']; $WASL_KEY = $gsValues['WASL_KEY']; // echo '<pre>'; $company_referenceKey = $_SESSION['referenceKey']; $connect_url = "https://wasl.tga.gov.sa/api/tracking/v1/operationCompany/$company_referenceKey/vehicle/$VEHICLE_REFERENCE_KEY?activity=DEFAULT"; // print_r($url); // die(); // $ch = curl_init(); // curl_setopt($ch, CURLOPT_URL, $url); // curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE"); // //curl_setopt($ch, CURLOPT_POSTFIELDS, $json); // curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // $result = curl_exec($ch); // $result = '{ //"resultCode": "success", //"result": { //"isValid": true //}, //"success": true //}'; $curl = curl_init(); curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE"); curl_setopt_array($curl, array( CURLOPT_URL => $connect_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( "x-api-key: $WASL_KEY", "cache-control: no-cache", "content-type: application/json", ), )); $response = curl_exec($curl); echo $response; $result = json_decode($response); $result = objectToArray($result); if ($result['resultCode'] == 'success') { $q = "UPDATE `gs_objects` SET `objectwaslnumber`='', `rightLetter`='', `middleLetter`='', `leftLetter`='', `sequenceNumber`='', `plateType`='', `activity`='', `referenceKey`='' WHERE (`imei`='$imei')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); return true; } //print_r($result); //die(); curl_close($curl); //return $result; } if ($cmd == 'companydelete') { $COMPANY_REFERENCE_KEY = $_POST['COMPANY_REFERENCE_KEY']; $user_id = $_POST['user_id']; // echo $COMPANY_REFERENCE_KEY; // die(); $WASL_KEY = $gsValues['WASL_KEY']; $connect_url = "https://wasl.tga.gov.sa/api/tracking/v1/operating-companies/$COMPANY_REFERENCE_KEY?activity=DEFAULT"; $curl = curl_init(); curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE"); curl_setopt_array($curl, array( CURLOPT_URL => $connect_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( "x-api-key: $WASL_KEY", "cache-control: no-cache", "content-type: application/json", ), )); $response = curl_exec($curl); echo $response; $result = json_decode($response); $result = objectToArray($result); if ($result['resultCode'] == 'success') { // $q = "UPDATE `gs_objects` SET `objectwaslnumber`='', `rightLetter`='', `middleLetter`='', `leftLetter`='', `sequenceNumber`='', `plateType`='', `activity`='', `referenceKey`='' WHERE (`imei`='$imei')"; $q = "UPDATE `gs_users` SET `wasl`='0',`info`='' ,`referenceKey`='' WHERE (`id`=' $user_id')"; mysqli_set_charset($ms, 'utf8'); $r = mysqli_query($ms, $q); return true; } curl_close($curl); } function objectToArray($d) { if (is_object($d)) { // Gets the properties of the given object // with get_object_vars function $d = get_object_vars($d); } if (is_array($d)) { /* * Return array converted to object * Using __FUNCTION__ (Magic constant) * for recursive call */ return array_map(__FUNCTION__, $d); } else { // Return array return $d; } } ?> Rename: -

Generation time: 0.001784086227417