Linux vmi284606.contaboserver.net 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Apache/2.4.57 (Ubuntu)
: 167.86.127.34 | : 216.73.217.51
Cant Read [ /etc/named.conf ]
7.2.24-0ubuntu0.18.04.17
root
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
osticket /
upload /
[ HOME SHELL ]
Name
Size
Permission
Action
api
[ DIR ]
drwxr-xr-x
apps
[ DIR ]
drwxr-xr-x
assets
[ DIR ]
drwxr-xr-x
css
[ DIR ]
drwxr-xr-x
images
[ DIR ]
drwxr-xr-x
include
[ DIR ]
drwxr-xr-x
js
[ DIR ]
drwxr-xr-x
kb
[ DIR ]
drwxr-xr-x
pages
[ DIR ]
drwxr-xr-x
scp
[ DIR ]
drwxr-xr-x
account.php
4.94
KB
-rw-r--r--
ajax.php
1.8
KB
-rw-r--r--
avatar.php
1.06
KB
-rw-r--r--
bootstrap.php
14.98
KB
-rw-r--r--
captcha.php
611
B
-rw-r--r--
client.inc.php
2.91
KB
-rw-r--r--
file.php
2.33
KB
-rw-r--r--
index.php
2.28
KB
-rw-r--r--
login.php
5.55
KB
-rw-r--r--
logo.php
980
B
-rw-r--r--
logout.php
714
B
-rw-r--r--
main.inc.php
1.63
KB
-rw-r--r--
manage.php
2.36
KB
-rw-r--r--
offline.php
940
B
-rw-r--r--
open.php
2.97
KB
-rw-r--r--
profile.php
1.2
KB
-rw-r--r--
pwreset.php
2.95
KB
-rw-r--r--
secure.inc.php
1.14
KB
-rw-r--r--
tickets.php
5.77
KB
-rw-r--r--
view.php
1.55
KB
-rw-r--r--
web.config
2.15
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : file.php
<?php /********************************************************************* file.php File download facilitator for clients Peter Rotich <peter@osticket.com> Jared Hancock <jared@osticket.com> Copyright (c) 2006-2014 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require('client.inc.php'); require_once(INCLUDE_DIR.'class.file.php'); //Basic checks if (!$_GET['key'] || !$_GET['signature'] || !$_GET['expires'] || !($file = AttachmentFile::lookupByHash($_GET['key'])) ) { Http::response(404, __('Unknown or invalid file')); } // Get the object type the file is attached to $type = ''; $attachment = null; if ($_GET['id'] && ($attachment=$file->attachments->findFirst(array( 'id' => $_GET['id'])))) $type = $attachment->type; // Enforce security settings if enabled. if ($cfg->isAuthRequiredForFiles() // FAQ & Page files allowed without login. && !in_array($type, ['P', 'F']) // Check user login && !$thisuser // Check staff login && !StaffAuthenticationBackend::getUser() ) { // Try and determine if an agent is viewing the page / file if (strpos($_SERVER['HTTP_REFERRER'], ROOT_PATH . 'scp/') !== false) { $_SESSION['_staff']['auth']['dest'] = '/' . ltrim($_SERVER['REQUEST_URI'], '/'); Http::redirect(ROOT_PATH.'scp/login.php'); } else { require 'secure.inc.php'; } } // Validate session access hash - we want to make sure the link is FRESH! // and the user has access to the parent ticket!! if ($file->verifySignature($_GET['signature'], $_GET['expires'])) { try { if (($s = @$_GET['s']) && strpos($file->getType(), 'image/') === 0) return $file->display($s); // Download the file.. $filename = $attachment ? $attachment->name : $file->getName(); $disposition = @$_GET['disposition'] ?: false; $file->download($filename, $disposition, @$_GET['expires']); } catch (Exception $ex) { Http::response(500, 'Unable to find that file: '.$ex->getMessage()); } } // else Http::response(404, __('Unknown or invalid file'));
Close
