Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\AmbienteBogota\comments\admin\ drwxrwxrwx |
Viewing file: Select action/file-type: <?php /** * Copyright 2008 Grestul Group * Powered by Grestul **/ ?> <?php session_start(); require "inc/config.php"; if(!isset($_SESSION['loggedin'])) { header('Location: index.php?error=1'); exit(); } $did = SafeAddSlashes($_GET['did']); if(isset($_GET['did'])) { $req = "DELETE FROM comments WHERE ID=$did"; $result = mysql_query ($req,$db); header('Location: '.$domain.'/admin/manage.php'); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo "$webad"; ?></title> <link href="inc/admin.css" rel="stylesheet" type="text/css" /> <link href="inc/manage.css" rel="stylesheet" type="text/css" /> </head> <body> <img src="inc/images/logo.png" class="logo" /> <div class="logout"><a href="close.php">Logout</a></div> <div class="navi"> <a href="home.php"><img src="inc/images/homeoff.png" class="navihoff" /></a> <a href="management.php"><img src="inc/images/manageon.png" class="navion" /></a> <a href="stylehome.php"><img src="inc/images/styleoff.png" class="navioff" /></a> </div> <div class="contentrep"> <div class="infobar"> <div class="infotext"> <br /> <div align="center"> <form method="post" action="results.php"> <input type="text" name="search" size="50"> <select name="menu" id="menu"> <option value="ID">CID (comment ID)</option> <option value="name">Name</option> <option value="comment">Comment</option> </select> <input type="submit" value="Search"> </form> </div> </div> </div> <div class="btite"> Grestul Management - Search Comments </div> <div class="bodycontent"> <div id="wrapper"> <?php $search=htmlentities($_POST["search"]); $menu=$_POST["menu"]; $result = mysql_query("SELECT * FROM comments WHERE ".$menu." LIKE '%$search%'"); while($row=mysql_fetch_array($result)) { $id=$row["ID"]; $name=htmlentities($row["name"]); $comment=htmlentities($row["comment"]); $ip=$row["ip"]; echo '<div class="comment">'."\n"; echo ' <div class="postertime">'."\n"; echo ' <span class="poster">'; echo "$name"; echo '</span> - <span><a href="?did='.$id.'" class="remove">[Remove]</a> <a href="#wrapper" class="remove">[Top]</a>'; echo ' - [IP: '."$ip] [CID: $id]</span>"; echo ' </div>'."\n\n"; echo ' <div class="usercomment">'."\n"; echo ' <p>'.(nl2br($comment)).'</p>'."\n"; echo ' </div>'."\n\n"; echo '</div>'."\n\n"; } if (!$id) { echo 'No Results found!'; } elseif (!$name) { echo 'No Results found!'; } elseif (!$comment) { echo 'No Results found!'; } ?> </div> </div> </div> <div class="footer"> <!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW --> <!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE --> <!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION --> <!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. --> Powered By: <a href="http://grestul.com" target="_blank">Grestul,</a> Copyright © 2007-2008 <a href="http://grestul.com" target="_blank">Grestul Group.</a> </div> </body> </html> |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]-- |