Linux ubuntu22 5.15.0-133-generic #144-Ubuntu SMP Fri Feb 7 20:47:38 UTC 2025 x86_64
nginx/1.18.0
: 128.199.27.159 | : 216.73.216.189
Cant Read [ /etc/named.conf ]
8.1.31
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
html /
phpmyadmin /
libraries /
classes /
[ HOME SHELL ]
Name
Size
Permission
Action
Charsets
[ DIR ]
drwxr-xr-x
Command
[ DIR ]
drwxr-xr-x
Config
[ DIR ]
drwxr-xr-x
ConfigStorage
[ DIR ]
drwxr-xr-x
Controllers
[ DIR ]
drwxr-xr-x
Crypto
[ DIR ]
drwxr-xr-x
Database
[ DIR ]
drwxr-xr-x
Dbal
[ DIR ]
drwxr-xr-x
Display
[ DIR ]
drwxr-xr-x
Engines
[ DIR ]
drwxr-xr-x
Exceptions
[ DIR ]
drwxr-xr-x
Export
[ DIR ]
drwxr-xr-x
Gis
[ DIR ]
drwxr-xr-x
Html
[ DIR ]
drwxr-xr-x
Http
[ DIR ]
drwxr-xr-x
Image
[ DIR ]
drwxr-xr-x
Import
[ DIR ]
drwxr-xr-x
Navigation
[ DIR ]
drwxr-xr-x
Partitioning
[ DIR ]
drwxr-xr-x
Plugins
[ DIR ]
drwxr-xr-x
Properties
[ DIR ]
drwxr-xr-x
Providers
[ DIR ]
drwxr-xr-x
Query
[ DIR ]
drwxr-xr-x
Server
[ DIR ]
drwxr-xr-x
Setup
[ DIR ]
drwxr-xr-x
Table
[ DIR ]
drwxr-xr-x
Twig
[ DIR ]
drwxr-xr-x
Utils
[ DIR ]
drwxr-xr-x
WebAuthn
[ DIR ]
drwxr-xr-x
Advisor.php
12.32
KB
-rw-r--r--
Bookmark.php
9.19
KB
-rw-r--r--
BrowseForeigners.php
10.63
KB
-rw-r--r--
Cache.php
1.5
KB
-rw-r--r--
Charsets.php
6.82
KB
-rw-r--r--
CheckUserPrivileges.php
11.3
KB
-rw-r--r--
Common.php
19.4
KB
-rw-r--r--
Config.php
41.65
KB
-rw-r--r--
Console.php
3.25
KB
-rw-r--r--
Core.php
28.91
KB
-rw-r--r--
CreateAddField.php
15.83
KB
-rw-r--r--
DatabaseInterface.php
71.73
KB
-rw-r--r--
DbTableExists.php
2.86
KB
-rw-r--r--
Encoding.php
8.41
KB
-rw-r--r--
Error.php
13.63
KB
-rw-r--r--
ErrorHandler.php
18.63
KB
-rw-r--r--
ErrorReport.php
8.99
KB
-rw-r--r--
Export.php
45.7
KB
-rw-r--r--
FieldMetadata.php
11.11
KB
-rw-r--r--
File.php
19.75
KB
-rw-r--r--
FileListing.php
2.88
KB
-rw-r--r--
FlashMessages.php
1.22
KB
-rw-r--r--
Font.php
5.58
KB
-rw-r--r--
Footer.php
8.06
KB
-rw-r--r--
Git.php
18
KB
-rw-r--r--
Header.php
20
KB
-rw-r--r--
Import.php
48.72
KB
-rw-r--r--
Index.php
14.83
KB
-rw-r--r--
IndexColumn.php
4.75
KB
-rw-r--r--
InsertEdit.php
89.05
KB
-rw-r--r--
InternalRelations.php
17.31
KB
-rw-r--r--
IpAllowDeny.php
9.13
KB
-rw-r--r--
Language.php
4.47
KB
-rw-r--r--
LanguageManager.php
22.74
KB
-rw-r--r--
Linter.php
4.99
KB
-rw-r--r--
ListAbstract.php
1.67
KB
-rw-r--r--
ListDatabase.php
4.11
KB
-rw-r--r--
Logging.php
2.69
KB
-rw-r--r--
Menu.php
20.4
KB
-rw-r--r--
Message.php
18.68
KB
-rw-r--r--
Mime.php
918
B
-rw-r--r--
Normalization.php
41.53
KB
-rw-r--r--
OpenDocument.php
8.62
KB
-rw-r--r--
Operations.php
35.11
KB
-rw-r--r--
OutputBuffering.php
4.1
KB
-rw-r--r--
ParseAnalyze.php
2.34
KB
-rw-r--r--
Pdf.php
4.17
KB
-rw-r--r--
Plugins.php
21.83
KB
-rw-r--r--
Profiling.php
2.16
KB
-rw-r--r--
RecentFavoriteTable.php
11.44
KB
-rw-r--r--
Replication.php
4.81
KB
-rw-r--r--
ReplicationGui.php
21.24
KB
-rw-r--r--
ReplicationInfo.php
4.79
KB
-rw-r--r--
ResponseRenderer.php
13.5
KB
-rw-r--r--
Routing.php
6.55
KB
-rw-r--r--
Sanitize.php
11.98
KB
-rw-r--r--
SavedSearches.php
11.33
KB
-rw-r--r--
Scripts.php
3.74
KB
-rw-r--r--
Session.php
8.16
KB
-rw-r--r--
Sql.php
64.01
KB
-rw-r--r--
SqlQueryForm.php
6.74
KB
-rw-r--r--
StorageEngine.php
15.71
KB
-rw-r--r--
SystemDatabase.php
3.98
KB
-rw-r--r--
Table.php
90.33
KB
-rw-r--r--
Template.php
4.5
KB
-rw-r--r--
Theme.php
7.32
KB
-rw-r--r--
ThemeManager.php
7
KB
-rw-r--r--
Tracker.php
30.34
KB
-rw-r--r--
Tracking.php
36.11
KB
-rw-r--r--
Transformations.php
16.31
KB
-rw-r--r--
TwoFactor.php
7.49
KB
-rw-r--r--
Types.php
25.85
KB
-rw-r--r--
Url.php
10.61
KB
-rw-r--r--
UrlRedirector.php
1.74
KB
-rw-r--r--
UserPassword.php
6.86
KB
-rw-r--r--
UserPreferences.php
10.49
KB
-rw-r--r--
Util.php
86.45
KB
-rw-r--r--
Version.php
556
B
-rw-r--r--
VersionInformation.php
7.3
KB
-rw-r--r--
ZipExtension.php
10.33
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : Sanitize.php
<?php /** * This class includes various sanitization methods that can be called statically */ declare(strict_types=1); namespace PhpMyAdmin; use PhpMyAdmin\Html\MySQLDocumentation; use function __; use function array_keys; use function array_merge; use function count; use function htmlspecialchars; use function in_array; use function is_array; use function is_bool; use function is_int; use function is_string; use function preg_match; use function preg_replace; use function preg_replace_callback; use function str_replace; use function str_starts_with; use function strlen; use function strtolower; use function strtr; use function substr; /** * This class includes various sanitization methods that can be called statically */ class Sanitize { /** * Checks whether given link is valid * * @param string $url URL to check * @param bool $http Whether to allow http links * @param bool $other Whether to allow ftp and mailto links */ public static function checkLink($url, $http = false, $other = false): bool { $url = strtolower($url); $valid_starts = [ 'https://', './url.php?url=https%3a%2f%2f', './doc/html/', './index.php?', ]; $is_setup = self::isSetup(); // Adjust path to setup script location if ($is_setup) { foreach ($valid_starts as $key => $value) { if (substr($value, 0, 2) !== './') { continue; } $valid_starts[$key] = '.' . $value; } } if ($other) { $valid_starts[] = 'mailto:'; $valid_starts[] = 'ftp://'; } if ($http) { $valid_starts[] = 'http://'; } if ($is_setup) { $valid_starts[] = '?page=form&'; $valid_starts[] = '?page=servers&'; } foreach ($valid_starts as $val) { if (substr($url, 0, strlen($val)) == $val) { return true; } } return false; } /** * Check if we are currently on a setup folder page */ public static function isSetup(): bool { return $GLOBALS['config'] !== null && $GLOBALS['config']->get('is_setup'); } /** * Callback function for replacing [a@link@target] links in bb code. * * @param array $found Array of preg matches * * @return string Replaced string */ public static function replaceBBLink(array $found) { /* Check for valid link */ if (! self::checkLink($found[1])) { return $found[0]; } /* a-z and _ allowed in target */ if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) { return $found[0]; } /* Construct target */ $target = ''; if (! empty($found[3])) { $target = ' target="' . $found[3] . '"'; if ($found[3] === '_blank') { $target .= ' rel="noopener noreferrer"'; } } /* Construct url */ if (substr($found[1], 0, 4) === 'http') { $url = Core::linkURL($found[1]); } else { $url = $found[1]; } return '<a href="' . $url . '"' . $target . '>'; } /** * Callback function for replacing [doc@anchor] links in bb code. * * @param string[] $found Array of preg matches */ public static function replaceDocLink(array $found): string { if (count($found) >= 4) { /* doc@page@anchor pattern */ $page = $found[1]; $anchor = $found[3]; } else { /* doc@anchor pattern */ $anchor = $found[1]; if (str_starts_with($anchor, 'faq')) { $page = 'faq'; } elseif (str_starts_with($anchor, 'cfg')) { $page = 'config'; } else { /* Guess */ $page = 'setup'; } } $link = MySQLDocumentation::getDocumentationLink($page, $anchor, self::isSetup() ? '../' : './'); return '<a href="' . $link . '" target="documentation">'; } /** * Sanitizes $message, taking into account our special codes * for formatting. * * If you want to include result in element attribute, you should escape it. * * Examples: * * <p><?php echo Sanitize::sanitizeMessage($foo); ?></p> * * <a title="<?php echo Sanitize::sanitizeMessage($foo, true); ?>">bar</a> * * @param string $message the message * @param bool $escape whether to escape html in result * @param bool $safe whether string is safe (can keep < and > chars) */ public static function sanitizeMessage(string $message, $escape = false, $safe = false): string { if (! $safe) { $message = strtr($message, ['<' => '<', '>' => '>']); } /* Interpret bb code */ $replace_pairs = [ '[em]' => '<em>', '[/em]' => '</em>', '[strong]' => '<strong>', '[/strong]' => '</strong>', '[code]' => '<code>', '[/code]' => '</code>', '[kbd]' => '<kbd>', '[/kbd]' => '</kbd>', '[br]' => '<br>', '[/a]' => '</a>', '[/doc]' => '</a>', '[sup]' => '<sup>', '[/sup]' => '</sup>', '[conferr]' => '<iframe src="show_config_errors.php"><a href=' . '"show_config_errors.php">show_config_errors.php</a></iframe>', // used in libraries/Util.php '[dochelpicon]' => Html\Generator::getImage('b_help', __('Documentation')), ]; $message = strtr($message, $replace_pairs); /* Match links in bb code ([a@url@target], where @target is options) */ $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/'; /* Find and replace all links */ $message = (string) preg_replace_callback($pattern, static function (array $match) { return self::replaceBBLink($match); }, $message); /* Replace documentation links */ $message = (string) preg_replace_callback( '/\[doc@([a-zA-Z0-9_-]+)(@([a-zA-Z0-9_-]*))?\]/', /** @param string[] $match */ static function (array $match): string { return self::replaceDocLink($match); }, $message ); /* Possibly escape result */ if ($escape) { $message = htmlspecialchars($message); } return $message; } /** * Sanitize a filename by removing anything besides legit characters * * Intended usecase: * When using a filename in a Content-Disposition header * the value should not contain ; or " * * When exporting, avoiding generation of an unexpected double-extension file * * @param string $filename The filename * @param bool $replaceDots Whether to also replace dots * * @return string the sanitized filename */ public static function sanitizeFilename($filename, $replaceDots = false) { $pattern = '/[^A-Za-z0-9_'; // if we don't have to replace dots if (! $replaceDots) { // then add the dot to the list of legit characters $pattern .= '.'; } $pattern .= '-]/'; $filename = preg_replace($pattern, '_', $filename); return $filename; } /** * Format a string so it can be a string inside JavaScript code inside an * eventhandler (onclick, onchange, on..., ). * This function is used to displays a javascript confirmation box for * "DROP/DELETE/ALTER" queries. * * @param string $a_string the string to format * @param bool $add_backquotes whether to add backquotes to the string or not * * @return string the formatted string */ public static function jsFormat($a_string = '', $add_backquotes = true) { $a_string = htmlspecialchars((string) $a_string); $a_string = self::escapeJsString($a_string); // Needed for inline javascript to prevent some browsers // treating it as a anchor $a_string = str_replace('#', '\\#', $a_string); return $add_backquotes ? Util::backquote($a_string) : $a_string; } /** * escapes a string to be inserted as string a JavaScript block * enclosed by <![CDATA[ ... ]]> * this requires only to escape ' with \' and end of script block * * We also remove NUL byte as some browsers (namely MSIE) ignore it and * inserting it anywhere inside </script would allow to bypass this check. * * @param string $string the string to be escaped * * @return string the escaped string */ public static function escapeJsString($string) { return preg_replace( '@</script@i', '</\' + \'script', strtr( (string) $string, [ "\000" => '', '\\' => '\\\\', '\'' => '\\\'', '"' => '\"', "\n" => '\n', "\r" => '\r', ] ) ); } /** * Formats a value for javascript code. * * @param string|bool|int $value String to be formatted. * * @return int|string formatted value. */ public static function formatJsVal($value) { if (is_bool($value)) { if ($value) { return 'true'; } return 'false'; } if (is_int($value)) { return $value; } return '"' . self::escapeJsString($value) . '"'; } /** * Formats an javascript assignment with proper escaping of a value * and support for assigning array of strings. * * @param string $key Name of value to set * @param mixed $value Value to set, can be either string or array of strings * @param bool $escape Whether to escape value or keep it as it is * (for inclusion of js code) * * @return string Javascript code. */ public static function getJsValue($key, $value, $escape = true) { $result = $key . ' = '; if (! $escape) { $result .= $value; } elseif (is_array($value)) { $result .= '['; foreach ($value as $val) { $result .= self::formatJsVal($val) . ','; } $result .= "];\n"; } else { $result .= self::formatJsVal($value) . ";\n"; } return $result; } /** * Removes all variables from request except allowed ones. * * @param string[] $allowList list of variables to allow */ public static function removeRequestVars(&$allowList): void { // do not check only $_REQUEST because it could have been overwritten // and use type casting because the variables could have become // strings $keys = array_keys( array_merge((array) $_REQUEST, (array) $_GET, (array) $_POST, (array) $_COOKIE) ); foreach ($keys as $key) { if (! in_array($key, $allowList)) { unset($_REQUEST[$key], $_GET[$key], $_POST[$key]); continue; } // allowed stuff could be compromised so escape it // we require it to be a string if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) { unset($_REQUEST[$key]); } if (isset($_POST[$key]) && ! is_string($_POST[$key])) { unset($_POST[$key]); } if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) { unset($_COOKIE[$key]); } if (! isset($_GET[$key]) || is_string($_GET[$key])) { continue; } unset($_GET[$key]); } } }
Close
