403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/news/datacenter/admin/core/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/news/datacenter/admin/core/importtea.php
<?php 
require_once "../config.php";
require_once ABSPATH."/core/checklogin.php";
require_once ABSPATH."/core/functions.php";
require_once ABSPATH."/core/PasswordHash.php";
require_once ABSPATH."/core/resize-class.php";

$uid = filter_input(INPUT_GET, 'uid', FILTER_SANITIZE_STRING);

$SQL = $mysqli->query("SELECT * FROM users WHERE `username` ='$uid'");
$Row = mysqli_fetch_array($SQL); 
$role_id="4";
$active=$Row['active'];
$email_verified=$Row['email_verified'];
$groups=$Row['groups'];
 if(isset($_POST['importtea'])){
    // Allowed mime types
    $csvMimes = array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain');
    
    // Validate whether selected file is a CSV file
    if(!empty($_FILES['file']['name']) && in_array($_FILES['file']['type'], $csvMimes)){
        
        // If the file is uploaded
        if(is_uploaded_file($_FILES['file']['tmp_name'])){
            
            // Open uploaded CSV file with read-only mode
            $csvFile = fopen($_FILES['file']['tmp_name'], 'r');
            
            // Skip the first line
            fgetcsv($csvFile);
            
            // Parse data from CSV file line by line
            while(($line = fgetcsv($csvFile)) !== FALSE){
                // Get row data
                $colum1  = $line[0];
                $colum2 = $line[1];
				$colum3 = $line[2];
		$hasher = new PasswordHash(8, false);
		$password_db = $hasher->HashPassword($colum2);		
		$sqlnum= $mysqli->query("SELECT * FROM `users` WHERE username = '$colum1' ");
		$totalnum=mysqli_num_rows($sqlnum);
		if($totalnum > 0 ) { 
header("Location: ../account.php?page=teacher&op31=1&msg=error_import");		
		}else {
$query = "INSERT INTO ".DB_PREFIX."users (user_id, username, password, name, role_id, active, email_verified, groups, gset) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?)"; 
$stmt = $conn->prepare($query);
$stmt->bindParam(1, $colum1, PDO::PARAM_STR);
$stmt->bindParam(2, $password_db, PDO::PARAM_STR);
$stmt->bindParam(3, $colum3, PDO::PARAM_STR);
$stmt->bindParam(4, $role_id, PDO::PARAM_INT);
$stmt->bindParam(5, $active, PDO::PARAM_INT);
$stmt->bindParam(6, $email_verified, PDO::PARAM_INT);
$stmt->bindParam(7, $groups, PDO::PARAM_STR);
$stmt->bindParam(8, $uid, PDO::PARAM_STR);
$stmt->execute();
header("Location: ../account.php?page=teacher&op31=1&msg=add_ok");			
		}
			
            }
            
            // Close opened CSV file
            fclose($csvFile);
            
            $qstring = '?status=succ';
        }else{
            $qstring = '?status=err';
        }
    }else{
        $qstring = '?status=invalid_file';
    }
 }
	
exit;

Youez - 2016 - github.com/yon3zu
LinuXploit