KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/21573/root/home/queenjbs/junsu/admin/Proc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/21573/root/home/queenjbs/junsu/admin/Proc/news_proc.php
<?include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php";?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?
$todayfull = date("YmdHis");
$contents = addslashes($contents); //특수문자db에 들어가게..

if ($addfile_name) {
	if($_FILES['addfile']['size'] > "11162773"){

		?>
		<SCRIPT LANGUAGE="JavaScript">
		<!--
			alert("10mb以下で保存することが可能です。");
			history.back(-1);
		//-->
		</SCRIPT>
		<?
	}
	$savedir 	= $_SERVER['DOCUMENT_ROOT']."/files/board";
	$addfile_ext = strtolower(substr($addfile_name,-3)); // 확장자
	if($addfile_ext!="com" or $addfile_ext!="exe" or $addfile_ext!="php" or $addfile_ext!="htm") { //소문자.. 대문자.. 구분가능..
		$vName = $tableName."_".$todayfull.".".$addfile_ext; //화명명 변경 예)20061212_6437210.jpg
		$realName = $addfile_name;
		$file_count = 1;
		if(!copy($addfile, "$savedir/$vName")) {
			//echo("upload fail");
			?>
					<SCRIPT LANGUAGE="JavaScript">
					<!--
						alert("upload fail.");
						history.back();
					//-->
					</SCRIPT>
			<?
		}
		unlink($addfile);
	}else{
?>
		<SCRIPT LANGUAGE="JavaScript">
		<!--
			alert("添付ファイルはファイル(exe,com,php,html)のみアップロード可能です.");
			history.back();
		//-->
		</SCRIPT>
<?
	}
}
$formChk = "view";
$tableName = "news";
if($is_secret == "") $is_secret ='N';
if($is_notice == "") $is_notice ='N';
if($idx){
	if($mode == "proc"){
		$queryupok = "update board_$tableName set subject='$subject',contents='$contents',general_setting='$m_chk',is_secret='$is_secret', is_notice='$is_notice',reg_date= '$reg_date',modify_date=now()  where no = '$idx'";
		$boardNo = get_db("select no from board_$tableName where no = '$idx'");
		if($vName){
			//기존 파일 삭제
			$fileName = Get_db("select file_name from files where module_name='$tableName' and module_no = '$idx'");
				$del_file="../files/board/".$fileName;
				if($fileName && is_file($del_file)) unlink($del_file);
			if($fileName){
			$file_query = "update files set original_name='$realName',file_name='$vName',file_type='$addfile_ext',reg_date=now() where module_name='$tableName' and module_no = '$idx'";
			}else{
				$orderBy = mktime( 0, 0, 0, date("m"), date("d"), date("Y"));
				$file_query = "INSERT INTO files
										(module_no,module_name,original_name,file_name,file_type,order_by,reg_date)
									VALUES
										('$boardNo','$tableName', '$realName','$vName','$addfile_ext','$orderBy',now())";
			}

			//echo $file_query;
			$result = mysql_query($file_query,$db_con);
		}else if($delfile){
			$fileName = Get_db("select file_name from files where module_name='$tableName' and module_no = '$idx'");

			if($fileName){
				// 파일 삭제
				$del_file="../files/board/".$fileName;
				if($fileName && is_file($del_file)) unlink($del_file);
				$delqry =  mysql_query("DELETE FROM files where module_name='$tableName' and module_no = '$idx'",$db_con);
				$filesCnt =  mysql_query("update board_$tableName set files_count='0',modify_date=now() where no = '$idx'",$db_con);
			}
		}

	}else if($mode == "del"){
		$queryupok = "update board_$tableName set is_delete='Y',modify_date=now() where no = '$idx'";
		$formChk = "list";
	}
	$queryupok_result = mysql_query($queryupok,$db_con);

}else{
	$query = "INSERT INTO board_$tableName
									(module_no,user_no,user_id,user_name,reg_date,modify_date,is_secret,is_notice,subject,general_setting,contents,files_count,hit,ip)
								VALUES
									('$tableName', '$sessionIDX','$sessionID','$sessionNickname',now(),now(),'$is_secret','$is_notice','$subject','$m_chk','$contents','$file_count','0','$REMOTE_ADDR')";

	//echo $query;
	$result = mysql_query($query,$db_con);
	$boardNo = get_db("select no from board_$tableName order by no desc");
	if($vName){
		$orderBy = mktime( 0, 0, 0, date("m"), date("d"), date("Y"));
		$file_query = "INSERT INTO files
										(module_no,module_name,original_name,file_name,file_type,order_by,reg_date)
									VALUES
										('$boardNo','$tableName', '$realName','$vName','$addfile_ext','$orderBy',now())";

		//echo $file_query;
		$result = mysql_query($file_query,$db_con);
	}
 $idx = $boardNo; //IDX 변수 치환
}
if($mode == "del"){
	$saveName = "削除";
	$urlchk ="../news.php";
}else{
	$saveName = "保存";
	$urlchk ="../news_detail.php";
}

?>
<form name="form" method="post" action="<?=$urlchk?>" onsubmit="return validate();" enctype="multipart/form-data">
<input type="hidden" name="mode" value="<?=$mode?>">
<input type="hidden" name="idx" value="<?=$idx?>">
</form>
<script>
alert("<?=$saveName?> OK");
document.form.submit();
</script>

Anon7 - 2021