.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo $_POST['user']; ?></title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body vlink="purple" link="blue" class="xl70"> <table cellspacing="0" cellpadding="0" border="1" style="border-collapse: collapse;table-layout:fixed;" id='dvData'> <tbody> <?php $select="select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.status,gt.notice,gt.lat,gt.lng,gt.imei,gt.speed,gt.device,gt.name,gt.sim_number FROM gs_objects as gt INNER JOIN gs_user_objects as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id ORDER BY gt.dt_tracker DESC"; $select2 = "select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gt.device,gt.name,gt.sim_number FROM gs_objects as gt INNER JOIN gs_user_objects as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id ORDER BY gt.dt_tracker DESC"; set_time_limit(5000); $con = mysqli_connect("localhost", "root", "", "gs"); $result = mysqli_query($con, $select); $result2 = mysqli_query($con, $select2); $num_rows = mysqli_num_rows($result); $num_rows2 = mysqli_num_rows($result2); ?> <tr height="21" style="height:15.75pt"> <td width="156" height="21" style="height:15.75pt;width:117pt" class="xl65 xl72"><?php echo $_POST['user']; ?></td> <td width="181" style="border-left:none;width:136pt" class="xl66 xl72">Date:<font class="font11"><?php echo $_POST['Date']; ?></font></td> <td width="177" style="width:133pt" dir="RTL" class="xl67 xl72">العدد الكلي على الموقع=<font class="font11"><?php echo $num_rows2 ?></font></td> <td width="147" style="width:110pt" class="xl66 xl68 xl72">العدد =<font class="font11"><?php echo $num_rows ?></font></td> <td width="216" style="width:162pt" class="xl69"><input type="button" onclick="tableToExcel('dvData', '<?php echo $_POST['user'] . '_' . $_POST['Date']; ?>')" value="Export to Excel"> </input></td> <td width="216" style="width:162pt" class="xl69"></td> <td width="330" class="xl70"></td> <td width="117" style="width:88pt" class="xl70"></td> <td width="112" style="width:84pt" class="xl70"></td> <td width="150" style="width:59pt" class="xl70"></td> <td width="150" style="width:91pt" class="xl70"></td> <td width="150" style="width:62pt" class="xl70 xl72"></td> </tr> <tr height="21" style="height:15.75pt"> <td height="21" style="height:15.75pt;" dir="RTL" class="xl71 xl72">تاريخ أخر تحديث</td> <td width="181" style="border-left:none;width:136pt" dir="RTL" class="xl71 xl72">رقم الجهاز</td> <td width="177" style="border-left:none;width:133pt" dir="RTL" class="xl71 xl72">نوع الجهاز</td> <td width="147" style="border-left:none;width:110pt" dir="RTL" class="xl71 xl72">رقم الشريحة</td> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">اسم السيارة</td> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">التصنيف</td> <td width="300" style="border-left:none;width:581pt"dir="RTL" class="xl71 xl72">موقع السيارة عند اخر حديث</td> <td width="117" style="border-left:none;width:88pt" dir="RTL" class="xl71 xl72">ملاحظات العميل</td> <td width="112" style="border-left:none;width:84pt" dir="RTL" class="xl71 xl72">تاريخ التقرير</td> <td width="150" style="border-left:none;width:59pt" dir="RTL" class="xl71 xl72">حالة الصيانة</td> <td width="150" style="border-left:none;width:91pt" dir="RTL" class="xl71 xl72">نوع الصيانة</td> <td width="150" style="border-left:none;width:62pt" dir="RTL" class="xl71 xl72">تاريخ الصيانة</td> </tr> <?php while ($row = mysqli_fetch_array($result)) { ?> <tr height="25" style="height:18.75pt"> <td height="25" style="height:18.75pt;border-top:none" class="xl72"><?php if($row['dt_tracker']=='0000-00-00 00:00:00') echo 'No Data';else echo $row['dt_tracker']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['imei']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['device']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['sim_number']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['name']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo getgroup($row['group_id']); ?></td> <td style="text-align:right;border-top:none;border-left:none" class="xl72"><?php if (!empty($row['lat']) || !empty($row['lng'])) getPlaceName($row['lat'], $row['lng']); ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['notice']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo date("Y-m-d");?></td> <td width="150" style="border-top:none;border-left:none" class="xl72"><?php echo $row['status']; ?></td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> </tr> <?php } ?> <?php function getgroup($id) { $query = "SELECT gs_user_object_groups.group_name FROM gs_user_object_groups WHERE gs_user_object_groups.group_id='" . $id . "'"; $con = mysqli_connect("localhost", "root", "", "gs"); $result = mysqli_query($con, $query); while ($ro = mysqli_fetch_array($result)) { return $ro[0]; } } ?> </tbody> </table> <?php function getPlaceName($latitude, $longitude) { //This below statement is used to send the data to google maps api and get the place //name in different formats. we need to convert it as required. $geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false&language=ar'); $output = json_decode($geocode); //Here "formatted_address" is used to display the address in a user friendly format. if (!empty($output->results[0]->formatted_address)) // echo $output->results[0]->formatted_address; echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; else { $geocode2 = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false'); $output = json_decode($geocode2); if (!empty($output->results[0]->formatted_address)) echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; else { echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>$latitude °, $longitude°</a>"; } } }?> </body> <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script> <script type="text/javascript"> var tableToExcel = (function() { var uri = 'data:application/vnd.ms-excel;base64,' , template = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40"><head><!--[if gte mso 9]><xml><x:ExcelWorkbook><x:ExcelWorksheets><x:ExcelWorksheet><x:Name>{worksheet}</x:Name><x:WorksheetOptions><x:DisplayGridlines/></x:WorksheetOptions></x:ExcelWorksheet></x:ExcelWorksheets></x:ExcelWorkbook></xml><![endif]--></head><body><table>{table}</table></body></html>' , base64 = function(s) { return window.btoa(unescape(encodeURIComponent(s))) } , format = function(s, c) { return s.replace(/{(\w+)}/g, function(m, p) { return c[p]; }) } return function(table, name) { if (!table.nodeType) table = document.getElementById(table) var ctx = {worksheet: name || 'Worksheet', table: table.innerHTML} window.location.href = uri + base64(format(template, ctx)) } })() </script> </html>
Rename:
-