.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo $_POST['user']; ?></title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body vlink="purple" link="blue" class="xl70"> <table cellspacing="0" cellpadding="0" border="1" style="border-collapse: collapse;table-layout:fixed;" id='dvData'> <tbody> <?php $select = "select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gut.device,gut.sim_number,gut.`name` FROM gs_trackers as gt INNER JOIN gs_user_trackers as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id WHERE gt.dt_tracker <='" . $_POST['Date'] . "' AND gu.username='" . $_POST['user'] . "' ORDER BY gt.dt_tracker DESC"; $select2 = "select gut.group_id,gu.username,gu.price,gu.price,gt.dt_tracker,gt.lat,gt.lng,gt.imei,gt.speed,gut.device,gut.sim_number,gut.`name` FROM gs_trackers as gt INNER JOIN gs_user_trackers as gut ON gt.imei=gut.imei INNER JOIN gs_users as gu ON gu.id=gut.user_id WHERE gu.username='" . $_POST['user'] . "' ORDER BY gt.dt_tracker DESC"; set_time_limit(5000); $con = mysqli_connect("localhost", "root", "admin198683", "gs"); $result = mysqli_query($con, $select); $result2 = mysqli_query($con, $select2); $num_rows = mysqli_num_rows($result); $num_rows2 = mysqli_num_rows($result2); ?> <tr height="21" style="height:15.75pt"> <td width="156" height="21" style="height:15.75pt;width:117pt" class="xl65 xl72"><?php echo $_POST['user']; ?></td> <td width="181" style="border-left:none;width:136pt" class="xl66 xl72">Date:<font class="font11"><?php echo $_POST['Date']; ?></font></td> <td width="177" style="width:133pt" dir="RTL" class="xl67 xl72">العدد الكلي على الموقع=<font class="font11"><?php echo $num_rows2 ?></font></td> <td width="147" style="width:110pt" class="xl66 xl68 xl72">العدد =<font class="font11"><?php echo $num_rows ?></font></td> <td width="216" style="width:162pt" class="xl69"><input type="button" onclick="tableToExcel('dvData', '<?php echo $_POST['user'] . '_' . $_POST['Date']; ?>')" value="Export to Excel"></input></td> <td width="216" style="width:162pt" class="xl69"></td> <td width="330" class="xl70"></td> <td width="117" style="width:88pt" class="xl70"></td> <td width="112" style="width:84pt" class="xl70"></td> <td width="150" style="width:59pt" class="xl70"></td> <td width="150" style="width:91pt" class="xl70"></td> <td width="150" style="width:62pt" class="xl70 xl72"></td> </tr> <tr height="21" style="height:15.75pt"> <td height="21" style="height:15.75pt;" dir="RTL" class="xl71 xl72">تاريخ أخر تحديث</td> <td width="181" style="border-left:none;width:136pt" dir="RTL" class="xl71 xl72">رقم الجهاز</td> <td width="177" style="border-left:none;width:133pt" dir="RTL" class="xl71 xl72">نوع الجهاز</td> <td width="147" style="border-left:none;width:110pt" dir="RTL" class="xl71 xl72">رقم الشريحة</td> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">اسم السيارة</td> <td width="216" style="border-left:none;width:162pt" dir="RTL" class="xl71 xl72">التصنيف</td> <td width="300" style="border-left:none;width:581pt"dir="RTL" class="xl71 xl72">موقع السيارة عند اخر حديث</td> <td width="117" style="border-left:none;width:88pt" dir="RTL" class="xl71 xl72">ملاحظات العميل</td> <td width="112" style="border-left:none;width:84pt" dir="RTL" class="xl71 xl72">تاريخ التقرير</td> <td width="150" style="border-left:none;width:59pt" dir="RTL" class="xl71 xl72">حالة الصيانة</td> <td width="150" style="border-left:none;width:91pt" dir="RTL" class="xl71 xl72">نوع الصيانة</td> <td width="150" style="border-left:none;width:62pt" dir="RTL" class="xl71 xl72">تاريخ الصيانة</td> </tr> <?php while ($row = mysqli_fetch_array($result)) { ?> <tr height="25" style="height:18.75pt"> <td height="25" style="height:18.75pt;border-top:none" class="xl72"><?php if($row['dt_tracker']=='0000-00-00 00:00:00') echo 'No Data';else echo $row['dt_tracker']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['imei']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['device']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['sim_number']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo $row['name']; ?></td> <td style="border-top:none;border-left:none" class="xl72"><?php echo getgroup($row['group_id']); ?></td> <td style="text-align:right;border-top:none;border-left:none" class="xl72"><?php if (!empty($row['lat']) || !empty($row['lng'])) getPlaceName($row['lat'], $row['lng']); ?></td> <td style="border-top:none;border-left:none" class="xl72"> </td> <td style="border-top:none;border-left:none" class="xl72"><?php echo date("Y-m-d");?></td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> <td width="150" style="border-top:none;border-left:none" class="xl72"> </td> </tr> <?php } ?> <?php // function getObjectServicename($imei) { // $q = "SELECT name FROM `gs_tracker_service` WHERE `imei`='" . $imei . "' ORDER BY `name` ASC"; // ; // $con = mysqli_connect("localhost", "root", "admin198683", "gs"); // $result = mysqli_query($con, $q); // while ($ro = mysqli_fetch_array($result)) { // return $ro[0]; // } // } // function servicestatus($imei) { //SERVICE // global $_SESSION, $la, $user_id; // $status = ''; // $q = "SELECT * FROM `gs_tracker_service` WHERE `imei`='" . $imei . "' ORDER BY name asc"; // $con = mysqli_connect("localhost", "root", "admin198683", "gs"); // $r = mysqli_query($con, $q); // $count = mysqli_num_rows($r); // // get real odometer and engine hours // $odometer = getObjectOdometer($imei); // //$engine_hours = getObjectEngineHours($imei); // if ($_SESSION["unit_distance"] == "mi") { // $odometer = $odometer / 1.609344; // } // $odometer = round($odometer); // while ($row = mysqli_fetch_array($r, MYSQL_ASSOC)) { // $service_id = $row["service_id"]; // $name = $row['name']; // $odo_last = $la['NA']; // $engh_last = $la['NA']; // $days_last = $la['NA']; // $status = ''; // if ($row['odo'] == 'true') { // if ($_SESSION["unit_distance"] == "mi") { // $row['odo_interval'] = $row['odo_interval'] / 1.609344; // $row['odo_last'] = $row['odo_last'] / 1.609344; // //$row['odo_left_num'] = $row['odo_left_num'] / 1.609344; // } // $row['odo_interval'] = round($row['odo_interval']); // $row['odo_last'] = round($row['odo_last']); // $odo_diff = $odometer - $row['odo_last']; // $odo_diff = $row['odo_interval'] - $odo_diff; // if ($odo_diff <= 0) { // $odo_diff = abs($odo_diff); // $str = '<font color="red">' . $la['ODOMETER_EXPIRED'] . ' (' . $odo_diff . ' ' . $_SESSION["unit_distance_string"] . ').</font> '; // } else { // $str = $la['ODOMETER_LEFT'] . ' (' . $odo_diff . ' ' . $_SESSION["unit_distance_string"] . ')'; // } // $odo_last = $row['odo_last']; // $status .= $str; // } else { // $status .= ''; // } // } // return $status; // } // function getObjectOdometer($imei) { // $q = "SELECT * FROM `gs_trackers` WHERE `imei`='" . $imei . "'"; // $con = mysqli_connect("localhost", "root", "admin198683", "gs"); // $r = mysqli_query($con, $q); // $row = mysqli_fetch_array($r, MYSQL_ASSOC); // // return floor($row['odometer']); // } // function getObjectServicedate($imei) { // } function getPlaceName($latitude, $longitude) { echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>$latitude °, $longitude°</a>"; } // function getPlaceName($latitude, $longitude) { // //This below statement is used to send the data to google maps api and get the place // //name in different formats. we need to convert it as required. // $geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' // . $latitude . ',' . $longitude . '&sensor=false&language=ar'); // // // $output = json_decode($geocode); // // //Here "formatted_address" is used to display the address in a user friendly format. // if (!empty($output->results[0]->formatted_address)) // // echo $output->results[0]->formatted_address; // echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; // else { // $geocode2 = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' // . $latitude . ',' . $longitude . '&sensor=false'); // $output = json_decode($geocode2); // if (!empty($output->results[0]->formatted_address)) // echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>" . $output->results[0]->formatted_address . "</a>"; // else { // echo "<a href='http://maps.google.com/maps?q=$latitude,$longitude&t=m' target='_blank' style='text-decoration:none'>$latitude °, $longitude°</a>"; // } // } // } // function getgroup($id) { $query = "SELECT gs_user_tracker_groups.group_name FROM gs_user_tracker_groups WHERE gs_user_tracker_groups.group_id='" . $id . "'"; $con = mysqli_connect("localhost", "root", "admin198683", "gs"); $result = mysqli_query($con, $query); while ($ro = mysqli_fetch_array($result)) { return $ro[0]; } } ?> </tbody> </table> </body> <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script> <script type="text/javascript"> var tableToExcel = (function() { var uri = 'data:application/vnd.ms-excel;base64,' , template = '<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40"><head><!--[if gte mso 9]><xml><x:ExcelWorkbook><x:ExcelWorksheets><x:ExcelWorksheet><x:Name>{worksheet}</x:Name><x:WorksheetOptions><x:DisplayGridlines/></x:WorksheetOptions></x:ExcelWorksheet></x:ExcelWorksheets></x:ExcelWorkbook></xml><![endif]--></head><body><table>{table}</table></body></html>' , base64 = function(s) { return window.btoa(unescape(encodeURIComponent(s))) } , format = function(s, c) { return s.replace(/{(\w+)}/g, function(m, p) { return c[p]; }) } return function(table, name) { if (!table.nodeType) table = document.getElementById(table) var ctx = {worksheet: name || 'Worksheet', table: table.innerHTML} window.location.href = uri + base64(format(template, ctx)) } })() </script> </html>
Rename:
-