403Webshell
Server IP : 27.254.66.5  /  Your IP : 216.73.217.39
Web Server : Apache/2
System : Linux cs82.hostneverdie.com 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User : technic2 ( 1951)
PHP Version : 7.4.30
Disable Function : apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd,exec, fp, fput, highlight_file, ini_alter, ini_restore, inject_code, passthru,phpAds_remoteInfo, phpAds_XmlRpc,phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,posix_setuid, posix_setuid, posix_uname,proc_open,proc_close, proc_get_status, proc_nice, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode, show_source,sleep,pcntl_exec,virtual,suexec,dbmopen,dl,symlink,disk_free_space,diskfreespace,leak
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/technic2/domains/technicrayong.ac.th/private_html/old-website/jivec58/mahanakhon/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/technic2/domains/technicrayong.ac.th/private_html/old-website/jivec58/mahanakhon/save.php
<?php 
Ob_start();
session_start();
if ($_SESSION["osj_name"] == "no" or $_SESSION["osj_name"] == "")
{
	header("Location:../index.php");
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Refresh" content="5;url=menu.php">
<title>Untitled Document</title>

<?php 
require_once("config.php");
$sql = "select max(invention_id) as count_id from jivec where vocational_name = '" . $_SESSION["osj_name"] . "'";
$result = mysql_query($sql) or die ("คำสั่ง sql ผิด");
  	while ($row = mysql_fetch_array($result))
	{
		$count_id = $_SESSION["province_id"] . str_pad((substr($row["count_id"], -5, 5) + 1), 5, "0", STR_PAD_LEFT);
		echo $count_id;
		
		if ($_POST["image1"] <> "ไม่มีภาพ")
{
		$image1_name = $count_id . "1.jpg";
}
else
{
		$image1_name = "ไม่มีภาพ";	
}

		if ($_POST["image2"] <> "ไม่มีภาพ")
{
		$image2_name = $count_id . "2.jpg";
}
else
{
		$image2_name = "ไม่มีภาพ";	
}

		if ($_POST["pdf"] <> "ไม่มีภาพ")
{
		$pdf_name = $count_id . ".pdf";
}
else
{
		$pdf_name = "ไม่แนบไฟล์ pdf";	
}

	}
?>

</head>

<body>
<?php 


require_once("config.php");
$sql = "INSERT INTO jivec (invention_id, invention_name, invention_level, budget, college_name, address, moo, sub_district, district, province, postal_code, vocational_name, invention_type, creator_name1, creator_level1, creator_department1, creator_name2, creator_level2, creator_department2, creator_name3, creator_level3, creator_department3, creator_name4, creator_level4, creator_department4, creator_name5, creator_level5, creator_department5, creator_name6, creator_level6, creator_department6, creator_name7, creator_level7, creator_department7, creator_name8, creator_level8, creator_department8, creator_name9, creator_level9, creator_department9, creator_name10, creator_level10, creator_department10, advisor_name1, advisor_idcard1, advisor_position1, advisor_department1, advisor_phone1, advisor_email1, advisor_name2, advisor_idcard2, advisor_position2, advisor_department2, advisor_phone2, advisor_email2, advisor_name3, advisor_idcard3, advisor_position3, advisor_department3, advisor_phone3, advisor_email3, advisor_name4, advisor_idcard4, advisor_position4, advisor_department4, advisor_phone4, advisor_email4, advisor_name5, advisor_idcard5, advisor_position5, advisor_department5, advisor_phone5, advisor_email5, power220v, power220a, power380v, power380a, use_water, use_gas, use_fuel_engine, pollution, have_noise, have_exhaust, have_smoke, other_data, invention_wide, invention_long, invention_high, male_student_amount, female_student_amount, male_advisor_amount, female_advisor_amount, total_person_amount, college_phone, advisor_phone6,image1, image2, pdf, abstract, property, date_time_record) VALUES ('" . $count_id . "', '" . $_POST["invention_name"] . "', '" . $_POST["invention_level"] . "', '" . $_POST["budget"] . "', '" . $_POST["college_name"] . "', '" . $_POST["address"] . "', '" . $_POST["moo"] . "', '" . $_POST["sub_district"] . "', '" . $_POST["district"] . "', '" . $_POST["province"] . "', '" . $_POST["postal_code"] . "', '" . $_POST["vocational_name"] . "', '" . $_POST["invention_type"] . "', '" . $_POST["creator_name1"] . "', '" . $_POST["creator_level1"] . "', '" . $_POST["creator_department1"] . "', '" . $_POST["creator_name2"] . "', '" . $_POST["creator_level2"] . "', '" . $_POST["creator_department2"] . "', '" . $_POST["creator_name3"] . "', '" . $_POST["creator_level3"] . "', '" . $_POST["creator_department3"] . "', '" . $_POST["creator_name4"] . "', '" . $_POST["creator_level4"] . "', '" . $_POST["creator_department4"] . "', '" . $_POST["creator_name5"] . "', '" . $_POST["creator_level5"] . "', '" . $_POST["creator_department5"] . "', '" . $_POST["creator_name6"] . "', '" . $_POST["creator_level6"] . "', '" . $_POST["creator_department6"] . "', '" . $_POST["creator_name7"] . "', '" . $_POST["creator_level7"] . "', '" . $_POST["creator_department7"] . "', '" . $_POST["creator_name8"] . "', '" . $_POST["creator_level8"] . "', '" . $_POST["creator_department8"] . "', '" . $_POST["creator_name9"] . "', '" . $_POST["creator_level9"] . "', '" . $_POST["creator_department9"] . "', '" . $_POST["creator_name10"] . "', '" . $_POST["creator_level10"] . "', '" . $_POST["creator_department10"] . "', '" . $_POST["advisor_name1"] . "', '" . $_POST["advisor_idcard1"] . "', '" . $_POST["advisor_position1"] . "', '" . $_POST["advisor_department1"] . "', '" . $_POST["advisor_phone1"] . "', '" . $_POST["advisor_email1"] . "', '" . $_POST["advisor_name2"] . "', '" . $_POST["advisor_idcard2"] . "', '" . $_POST["advisor_position2"] . "', '" . $_POST["advisor_department2"] . "', '" . $_POST["advisor_phone2"] . "', '" . $_POST["advisor_email2"] . "', '" . $_POST["advisor_name3"] . "', '" . $_POST["advisor_idcard3"] . "', '" . $_POST["advisor_position3"] . "', '" . $_POST["advisor_department3"] . "', '" . $_POST["advisor_phone3"] . "', '" . $_POST["advisor_email3"] . "', '" . $_POST["advisor_name4"] . "', '" . $_POST["advisor_idcard4"] . "', '" . $_POST["advisor_position4"] . "', '" . $_POST["advisor_department4"] . "', '" . $_POST["advisor_phone4"] . "', '" . $_POST["advisor_email4"] . "', '" . $_POST["advisor_name5"] . "', '" . $_POST["advisor_idcard5"] . "', '" . $_POST["advisor_position5"] . "', '" . $_POST["advisor_department5"] . "', '" . $_POST["advisor_phone5"] . "', '" . $_POST["advisor_email5"] . "', '" . $_POST["power220v"] . "', '" . $_POST["power220a"] . "', '" . $_POST["power380v"] . "', '" . $_POST["power380a"] . "', '" . $_POST["use_water"] . "', '" . $_POST["use_gas"] . "', '" . $_POST["use_fuel_engine"] . "', '" . $_POST["pollution"] . "', '" . $_POST["have_noise"] . "', '" . $_POST["have_exhaust"] . "', '" . $_POST["have_smoke"] . "', '" . $_POST["other_data"] . "', '" . $_POST["invention_wide"] . "', '" . $_POST["invention_long"] . "', '" . $_POST["invention_high"] . "', '" . $_POST["male_student_amount"] . "', '" . $_POST["female_student_amount"] . "', '" . $_POST["male_advisor_amount"] . "', '" . $_POST["female_advisor_amount"] . "', '" . $_POST["total_person_amount"] . "', '" . $_POST["college_phone"] . "', '" . $_POST["advisor_phone6"] . "', '" . $image1_name . "', '" . $image2_name . "', '" . $pdf_name . "', '" . $_POST["abstract"] . "', '" . $_POST["property"] . "', now())";

//echo $sql;  เอาไว้ทดสอบว่า sql ถูกต้องหรือไม่

mysql_query($sql) or die("sql ผิด เพิ่มข้อมูลไม่สำเร็จ");

echo "เพิ่มข้อมูลสำเร็จแล้ว ครับบบบบบ";

?>

<?php

if ($_POST["image1"] <> "ไม่มีภาพ")
{
rename("tmp/" . iconv('UTF-8', 'windows-874', $_POST["image1"]) ,"image/" . $image1_name); 
}

if ($_POST["image2"] <> "ไม่มีภาพ")
{
rename("tmp/" . iconv('UTF-8', 'windows-874', $_POST["image2"]) ,"image/" . $image2_name); 
}

if ($_POST["pdf"] <> "ไม่แนบไฟล์ pdf")
{
rename("tmp/" . iconv('UTF-8', 'windows-874', $_POST["pdf"]) ,"pdf/" . $pdf_name); 
}

?>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit