.:: :[ AK-74 Security Team Web-shell ]: ::.
phpinfo()
PHP
<?php include("include/config.php"); include("include/connect.php"); include("include/function.php"); @header("Content-Type: text/html; charset=utf-8"); include("include/blockMember.php"); if (!@in_array($_POST['gender'], $a_gender) && !@in_array($_POST['gender'], $a_gender_extra)) { ?> <script type="text/javascript"> alert('ไม่สามารถบันทึกข้อมูลได้'); window.history.back(); </script> <?php exit(); } // end if (!@in_array($_POST['gender'], $a_gender) && !@in_array($_POST['gender'], $a_gender_extra)) { if ($_POST['message'] != '') { /*if (isset($_COOKIE["$configCookieNameBan"])) { ?> <script language="javascript"> alert('IP นี้ถูก Ban ไม่สามารถใช้งานระบบได้'); window.location = '<?php echo $configMyFileFirstPage?>'; </script> <?php exit(); }*/ /*if (!checkBandIP($_SERVER['REMOTE_ADDR'])) { setcookie($configCookieNameBan, 'Ban', time()+3600*60*24*30*3); ?> <script language="javascript"> alert('IP นี้ถูก Ban ไม่สามารถใช้งานระบบได้'); window.location = '/logout.php'; </script> <?php exit(); }*/ if (!checkBandEmail($_SESSION['s_member_id'])) { ?> <script language="javascript"> alert('Email ของคุณไม่สามารถใช้งานกับเว็บไซต์นี้ได้\nเนื่องจาก Email นี้ถูก Ban'); window.location = '/logout.php'; </script> <?php exit(); } // end if (!checkBandEmail($_SESSION['s_member_id'])) { if ($_FILES['file1']['tmp_name'] <> '') { $aType = explode('.', $_FILES['file1']['name']); $fileType = $aType[(count($aType)-1)]; if ( ($fileType <> 'jpg') && ($fileType <> 'gif') && ($fileType <> 'png') ) { $_SESSION['s_message_post'] = $_POST['message']; ?> <script language="javascript"> alert('รูปภาพที่อนุญาติให้ upload ได้คือ .jpg, .png, .gif \nและขนาดไม่เกิน <?php echo $configMemberPostSize/1024?> Kb เท่านั้น'); window.location = '/<?php echo $configMyFileFirstPage?>'; </script> <?php exit(); } if ($_FILES['file1']['size'] > $configMemberPostSize) { $_SESSION['s_message_post'] = $_POST['message']; ?> <script language="javascript"> alert('รูปภาพที่อนุญาติให้ upload ได้คือ .jpg, .png, .gif \nและขนาดไม่เกิน <?php echo $configMemberPostSize/1024?> Kb เท่านั้น'); window.location = '/<?php echo $configMyFileFirstPage?>'; </script> <?php exit(); } } // end if ($_FILES['file1']['tmp_name'] <> '') { $a_param = array('bid'); $a_not_exists = array(); $param = get_pre_param($a_param, $a_not_exists); $PK_field = 'member_post_id'; $tbl_name = 'member_post'; /*$sql = "SELECT rank FROM $tbl_name WHERE member_id = '".$_SESSION['s_member_id']."'"; $query = sql_query($sql); if (sql_num_rows($query) > 0) { $rec = sql_fetch_array($query); $sql = " UPDATE $tbl_name SET rank = (rank - 1) WHERE rank > '".$rec['rank']."' "; sql_query($sql); $sql = "DELETE FROM $tbl_name WHERE member_id = '".$_SESSION['s_member_id']."'"; sql_query($sql); } // end if (sql_num_rows($query) > 0) { $sql = " UPDATE $tbl_name SET rank = (rank + 1) WHERE rank >= 1 "; sql_query($sql);*/ //$fieldlist = array('member_id','board_post_id','message','post_date','ip','rank'); $fieldlist = array('member_id','board_post_id','message','post_date','ip'); $_POST['post_date'] = date("Y-m-d H:i:s"); $_POST['ip'] = $_SERVER['REMOTE_ADDR']; $_POST['member_id'] = $_SESSION['s_member_id']; $_POST['message'] = htmlspecialchars($_POST['message']); //$_POST['rank'] = 1; $counter = $countChar = 0; $lastChar = 'Stop'; $messageLength = mb_strlen($_POST['message']); $newMessage = ''; while (1) { $currentChar = mb_substr($_POST['message'], $counter, 1, 'utf8'); $newMessage .= $currentChar; if ($lastChar <> $currentChar) { $lastChar = $currentChar; $countChar = 1; } else { if(++$countChar == 5) { $newMessage .= ' '; $countChar = 0; } } if (++$counter >= $messageLength) break; } // end while (1) $_POST['message'] = $newMessage; //include('include/m_add.php'); $sql = " SELECT $PK_field FROM $tbl_name WHERE member_id = '".$_SESSION['s_member_id']."' "; $query = sql_query($sql); if (sql_num_rows($query) > 0) { $rec = sql_fetch_array($query); $_POST["$PK_field"] = $rec["$PK_field"]; include('include/m_update.php'); } else { include('include/m_add.php'); } $_POST['hi5_link'] = strtolower($_POST['hi5_link']); $_POST['facebook_link'] = strtolower($_POST['facebook_link']); $_POST['hi5_link'] = str_ireplace('http://', '', $_POST['hi5_link']); $_POST['hi5_link'] = str_ireplace('www.', '', $_POST['hi5_link']); $_POST['hi5_link'] = str_ireplace('@hi5.com', '.hi5.com', $_POST['hi5_link']); $_POST['facebook_link'] = str_ireplace('http://', '', $_POST['facebook_link']); $_POST['facebook_link'] = str_ireplace('https://', '', $_POST['facebook_link']); $addSlashesField = array('camera', 'gender', 'age', 'province', 'hi5_link', 'facebook_link', 'room', 'bb_pin', 'line_id', 'instagram', 'enews_receive'); foreach ($addSlashesField as $fieldValue) { if (!get_magic_quotes_gpc()) $_POST[$fieldValue] = addslashes($_POST[$fieldValue]); } $sql = " UPDATE member SET camera = '".$_POST['camera']."', gender = '".$_POST['gender']."', age = '".$_POST['age']."', province = '".$_POST['province']."', hi5_link = '".$_POST['hi5_link']."', facebook_link = '".$_POST['facebook_link']."', room = '".$_POST['room']."', bb_pin = '".$_POST['bb_pin']."', line_id = '".$_POST['line_id']."', instagram = '".$_POST['instagram']."', enews_receive = '".$_POST['enews_receive']."', alarm_status = 0, alarm_image_status = 0, post_record = (post_record+1) WHERE member_id = '".$_SESSION['s_member_id']."' "; sql_query($sql); if ($_FILES['file1']['tmp_name'] != '') { $imagePath = 'uploads/memberPost/'; $imagePathFull = 'uploads/memberPost/full/'; $sql = " SELECT image, image_full FROM member WHERE member_id = '".$_SESSION['s_member_id']."' "; $query = sql_query($sql); $rec = sql_fetch_array($query); if ($rec['image'] != 'alert.gif') { @unlink($imagePath.$rec['image']); @unlink($imagePathFull.$rec['image_full']); } //$imagePath.$rec['image']; // thumb $input_file_path = $imagePath; $aData = explode('.',$_FILES['file1']['name']); $type = $aData[(count($aData)-1)]; $input_file_name = check_file_in_path($type,$path,6); $width = $configMemberPostWidth; $quality = 80; $actionFix = 'width'; uploadfile2($input_file_path, $input_file_name, $_FILES['file1']['tmp_name'], $width , $quality, $actionFix); // full $input_file_path = $imagePathFull; $width = $configMemberPostFullWidth; uploadfile2($input_file_path, $input_file_name, $_FILES['file1']['tmp_name'], $width , $quality, $actionFix); $sql = "UPDATE member SET image = '".$input_file_name."', image_full = '".$input_file_name."' WHERE member_id = '".$_SESSION['s_member_id']."'"; sql_query($sql); } // end if ($_FILES['file1']['tmp_name'] != '') { saveQtyMember(''); //setRankMemberPost(); // ทำการ Set ตำแหน่งของ Post ต่างๆ ในกรณี ที่มีการซื้อ Package ตำแหน่งการ Post ?> <script language="javascript"> alert('โพทส์ข้อมูลเสร็จเรียบร้อยแล้ว'); window.location = '/<?php echo $configMyFileFirstPage?>'; </script> <?php exit(); } else { // end if ($_POST['message'] != '') { ?> <script language="javascript"> window.location = '/<?php echo $configMyFileFirstPage?>'; </script> <?php } ?>
Rename:
-