Dre4m Shell
Server IP : 103.6.199.200  /  Your IP : 3.144.40.216
Web Server : Microsoft-IIS/10.0
System : Windows NT EMPUSA 10.0 build 20348 (Windows Server 2016) i586
User : EMPUSA$ ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Domains/feenixmy/kunci.feenix.my/wwwroot/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/Domains/feenixmy/kunci.feenix.my/wwwroot/cdg.php
<?php include "h.php";?>

<script type="text/JavaScript">
<!--
function confirm_delete()
{
  if (confirm("Hapus maklumat kunci Bilik/Makmal/Bengkel ini?")==true)
    return true;
  else
    return false;
}
</script>

<script type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { //v4.0
  var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
  for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]);
    if (val) { nm=val.name; if ((val=val.value)!="") {
      if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
        if (p<1 || p==(val.length-1)) errors+='- '+nm+' mestilah Alamat Emel yang sah.\n';
      } else if (test!='R') { num = parseFloat(val);
        if (isNaN(val)) errors+='- '+nm+' hendaklah terdiri daripada nombor-nombor.\n';
        if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
          min=test.substring(8,p); max=test.substring(p+1);
          if (num<min || max<num) errors+='- '+nm+' hendaklah mengandungi nombor diantara '+min+' dan '+max+'.\n';
    } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' WAJIB dimasukkan.\n'; }
  } if (errors) alert('Ralat:\n'+errors);
  document.MM_returnValue = (errors == '');
}
//-->
</script>
<?php
		if(isset($_POST['Hant'])) {
		/*$ToEmail = "shim_apekfan@yahoo.com.my";
		$EmailSubject = "CADANGAN PENAMBAHBAIKAN SISTEM MAKLUMAT KUNCI";
		
		$mailheader = "From: ".$_POST["Name"]."\r\n";
		$mailheader .= "Reply-To: ".$_POST["Email"]."\r\n";
		$mailheader .= "Subjek Emel: ".$_POST["Subject"]."\r\n";
		$mailheader .= "Content-type: text/html; charset=iso-8859-1\r\n";
		
		$MESSAGE_BODY = "Nama Pengirim: <strong>".$_POST["Name"]."</strong><br>";
		$MESSAGE_BODY .= "Cadangan/Mesej: ".nl2br($_POST["Message"])."";
		mail($ToEmail, $EmailSubject, $MESSAGE_BODY, $mailheader) or die ("GAGAL mengakses talian INTERNET"); 	*/
		
		 $name = $_POST['Name'];
		 $visitor_email = $_POST['Email'];
		 $message = $_POST['Message'];
		 
		 $email_from = 'shim_apekfan@yahoo.com.my';
		 $email_subject = "CADANGAN/MAKLUMBALAS SISTEM MAKLUMAT KUNCI: ".$_POST['Subject'];
		 $email_body = "Assalamualaikum warahmatullah~\n\nCADANGAN/MAKLUMBALAS SISTEM MAKLUMAT KUNCI:\n\n";
		  
		 $to = "shim_apekfan@yahoo.com.my";
		 $headers = "From: $email_from \r\n";
		 $headers .= "Reply-To: $visitor_email \r\n";
		 mail($to,$email_subject,$email_body,$headers);
		 
		 /*
		 Securing the form against email injection
		 Spammers are looking for exploitable email forms to send spam emails. They use the form handler script as a ‘relay’. What they do is to submit the form with
		 manipulated form values. To secure our form from such attacks, we need to validate the submitted form data.
		 All the values that go in the ‘headers‘ parameter should be checked to see whether it contains \r or \n. The hackers insert these characters and add their own
		 code to fool the function.
		 */
		 function IsInjected($str){
		 	$injections = array('(\n+)','(\r+)','(\t+)','(%0A+)','(%0D+)','(%08+)','(%09+)'
			);
			
		$inject = join('|', $injections);
		$inject = "/$inject/i";
		
		if(preg_match($inject,$str)){
			return true;
			}
		else{
			return false;
			}
		}
		
		if(IsInjected($visitor_email)){
			echo "Bad email value!";
			exit;
			}
			
		//insert code to cdg table database
		$s=mysqli_query($paut, "INSERT INTO cdg (Nme,Em,Sub,Cdg,de,me,ye,te) VALUES ('".$_POST["Name"]."','".$_POST["Email"]."','".$_POST["Subject"]."','".$_POST["Message"]."','".date("d")."','".date("M")."','".date("Y")."','".date("h:i A")."')");
		
		echo "<div style='border: 1px solid rgb(207, 207, 207); padding: 10px; top: 0px;'><font color='green'><center><strong>CADANGAN/MESEJ ANDA TELAH DIHANTAR</strong></center></font></div><br><br>";  
		}
	?>
	
<div style="border: 1px solid rgb(70, 70, 0); padding: 10px; background-color: rgb(235, 235, 214); margin: 5px;">

<h2>CADANGAN PENAMBAHBAIKAN</h2>

  <p>&nbsp;</p>
  <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" name="form2" id="form2" onsubmit="MM_validateForm('Name','','R','Email','','RisEmail','Subject','','R','Message','','R');return document.MM_returnValue">
  <p>
    <input class="carian" name="Name" type="text" id="Name" size="60" maxlength="100" placeholder="Masukkan NAMA anda.." />
  </p>
  <p>
    <input class="carian" name="Email" type="text" id="Email" size="60" maxlength="100" placeholder="Masukkan ALAMAT EMEL anda.." />
  </p>
  <p> 
    <input class="carian" name="Subject" type="text" id="Subject" size="60" maxlength="100" placeholder="Masukkan SUBJEK anda.." />
  </p>
  <p>
    <textarea class="carian3" name="Message" cols="55" rows="10" wrap="physical" id="Message"  placeholder="Masukkan CADANGAN/MAKLUMBALAS/PERTANYAAN anda.." /></textarea>    </p>
  <p>
    <input class="btn-carian" name="Hant" type="submit" id="Hant" value="Hantar Cadangan/Mesej" />
  </p>
  </form>
</div>

<?php include"f.php";?>

<style>
img {
    max-width: 100%;
}

.carian{
	max-width: 100%
}

.carian3{
	max-width: 100%
}

.btn-carian{
	max-width: 100%
}
</style>

Anon7 - 2022
AnonSec Team