Linux ip-172-31-23-120.eu-west-1.compute.internal 5.10.245-245.983.amzn2.x86_64 #1 SMP Wed Dec 3 00:02:10 UTC 2025 x86_64
Apache/2.4.65 () OpenSSL/1.0.2k-fips
: 172.31.23.120 | : 64.252.114.95
Cant Read [ /etc/named.conf ]
8.2.29
apache
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
produccion /
presta /
classes /
[ HOME SHELL ]
Name
Size
Permission
Action
cache
[ DIR ]
drwxrwxr--
controller
[ DIR ]
drwxrwxr--
db
[ DIR ]
drwxrwxr--
exception
[ DIR ]
drwxrwxr--
helper
[ DIR ]
drwxrwxr--
log
[ DIR ]
drwxrwxr--
module
[ DIR ]
drwxrwxr--
order
[ DIR ]
drwxrwxr--
pdf
[ DIR ]
drwxrwxr--
range
[ DIR ]
drwxrwxr--
shop
[ DIR ]
drwxrwxr--
stock
[ DIR ]
drwxrwxr--
tax
[ DIR ]
drwxrwxr--
tree
[ DIR ]
drwxrwxr--
webservice
[ DIR ]
drwxrwxr--
.htaccess
31
B
-rwxrwxr--
Address.php
13.21
KB
-rwxrwxr--
AddressFormat.php
17.47
KB
-rwxrwxr--
AdminTab.php
95.55
KB
-rwxrwxr--
Alias.php
3.83
KB
-rwxrwxr--
Attachment.php
5.85
KB
-rwxrwxr--
Attribute.php
11.16
KB
-rwxrwxr--
AttributeGroup.php
9.91
KB
-rwxrwxr--
Blowfish.php
18.39
KB
-rwxrwxr--
CMS.php
7.34
KB
-rwxrwxr--
CMSCategory.php
20.65
KB
-rwxrwxr--
CSV.php
2.61
KB
-rwxrwxr--
Carrier.php
43
KB
-rwxrwxr--
Cart.php
134.47
KB
-rwxrwxr--
CartRule.php
54.99
KB
-rwxrwxr--
Category.php
55.61
KB
-rwxrwxr--
Chart.php
4.48
KB
-rwxrwxr--
Combination.php
9.85
KB
-rwxrwxr--
CompareProduct.php
4.75
KB
-rwxrwxr--
Configuration.php
18.05
KB
-rwxrwxr--
ConfigurationKPI.php
4.93
KB
-rwxrwxr--
ConfigurationTest.php
8.74
KB
-rwxrwxr--
Connection.php
8.68
KB
-rwxrwxr--
ConnectionsSource.php
4.45
KB
-rwxrwxr--
Contact.php
2.84
KB
-rwxrwxr--
Context.php
5.18
KB
-rwxrwxr--
ControllerFactory.php
1.96
KB
-rwxrwxr--
Cookie.php
11.35
KB
-rwxrwxr--
Country.php
11.96
KB
-rwxrwxr--
County.php
3.22
KB
-rwxrwxr--
Currency.php
13.13
KB
-rwxrwxr--
Customer.php
27.3
KB
-rwxrwxr--
CustomerMessage.php
3.63
KB
-rwxrwxr--
CustomerThread.php
7.16
KB
-rwxrwxr--
Customization.php
8.47
KB
-rwxrwxr--
CustomizationField.php
2.11
KB
-rwxrwxr--
DateRange.php
2.08
KB
-rwxrwxr--
Delivery.php
2.8
KB
-rwxrwxr--
Discount.php
7.4
KB
-rwxrwxr--
Dispatcher.php
28.87
KB
-rwxrwxr--
Employee.php
13.68
KB
-rwxrwxr--
Feature.php
10.15
KB
-rwxrwxr--
FeatureValue.php
6.12
KB
-rwxrwxr--
FileUploader.php
9.28
KB
-rwxrwxr--
Gender.php
2.06
KB
-rwxrwxr--
Group.php
11.13
KB
-rwxrwxr--
GroupReduction.php
8.05
KB
-rwxrwxr--
Guest.php
6.32
KB
-rwxrwxr--
Hook.php
23.5
KB
-rwxrwxr--
Image.php
20.66
KB
-rwxrwxr--
ImageManager.php
15.48
KB
-rwxrwxr--
ImageType.php
5.14
KB
-rwxrwxr--
Language.php
32.21
KB
-rwxrwxr--
Link.php
25.38
KB
-rwxrwxr--
LocalizationPack.php
13.54
KB
-rwxrwxr--
Mail.php
18.04
KB
-rwxrwxr--
Mail.php.comprado
15.56
KB
-rwxrwxr--
Mail.php.original
16.12
KB
-rwxrwxr--
Manufacturer.php
14.99
KB
-rwxrwxr--
Media.php
29.59
KB
-rwxrwxr--
Message.php
5.28
KB
-rwxrwxr--
Meta.php
14.92
KB
-rwxrwxr--
Notification.php
5.68
KB
-rwxrwxr--
ObjectModel.php
52.92
KB
-rwxrwxr--
Pack.php
13.29
KB
-rwxrwxr--
Page.php
3.68
KB
-rwxrwxr--
PaymentCC.php
2.34
KB
-rwxrwxr--
PaymentModule.php
41.77
KB
-rwxrwxr--
PrestaShopAutoload.php
6.78
KB
-rwxrwxr--
PrestaShopBackup.php
8.64
KB
-rwxrwxr--
PrestaShopCollection.php
16.84
KB
-rwxrwxr--
PrestaShopLogger.php
5.38
KB
-rwxrwxr--
Product.php
193.96
KB
-rwxrwxr--
ProductDownload.php
8.74
KB
-rwxrwxr--
ProductSale.php
10
KB
-rwxrwxr--
ProductSupplier.php
6.71
KB
-rwxrwxr--
Profile.php
4.53
KB
-rwxrwxr--
QuickAccess.php
2.4
KB
-rwxrwxr--
Referrer.php
14.72
KB
-rwxrwxr--
RequestSql.php
15.76
KB
-rwxrwxr--
Rijndael.php
2.27
KB
-rwxrwxr--
Risk.php
2.16
KB
-rwxrwxr--
Scene.php
8.28
KB
-rwxrwxr--
Search.php
31.89
KB
-rwxrwxr--
SearchEngine.php
2.25
KB
-rwxrwxr--
SmartyCacheResourceMysql.php
4.41
KB
-rwxrwxr--
SpecificPrice.php
16.33
KB
-rwxrwxr--
SpecificPriceRule.php
10.91
KB
-rwxrwxr--
State.php
5.91
KB
-rwxrwxr--
Store.php
4.34
KB
-rwxrwxr--
Supplier.php
13.34
KB
-rwxrwxr--
Tab.php
16.24
KB
-rwxrwxr--
Tag.php
6.81
KB
-rwxrwxr--
Theme.php
10.65
KB
-rwxrwxr--
Tools.php
99.37
KB
-rwxrwxr--
Translate.php
9.55
KB
-rwxrwxr--
TranslatedConfiguration.php
3.59
KB
-rwxrwxr--
Upgrader.php
9.06
KB
-rwxrwxr--
Uploader.php
6.85
KB
-rwxrwxr--
Validate.php
27.63
KB
-rwxrwxr--
Zone.php
2.98
KB
-rwxrwxr--
index.php
1.24
KB
-rwxrwxr--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : RequestSql.php
<?php /* * 2007-2015 PrestaShop * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@prestashop.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your * needs please refer to http://www.prestashop.com for more information. * * @author PrestaShop SA <contact@prestashop.com> * @copyright 2007-2015 PrestaShop SA * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ class RequestSqlCore extends ObjectModel { public $name; public $sql; /** * @see ObjectModel::$definition */ public static $definition = array( 'table' => 'request_sql', 'primary' => 'id_request_sql', 'fields' => array( 'name' => array('type' => self::TYPE_STRING, 'validate' => 'isString', 'required' => true, 'size' => 200), 'sql' => array('type' => self::TYPE_SQL, 'validate' => 'isString', 'required' => true), ), ); /** @var array : List of params to tested */ public $tested = array( 'required' => array('SELECT', 'FROM'), 'option' => array('WHERE', 'ORDER', 'LIMIT', 'HAVING', 'GROUP', 'UNION'), 'operator' => array( 'AND', '&&', 'BETWEEN', 'AND', 'BINARY', '&', '~', '|', '^', 'CASE', 'WHEN', 'END', 'DIV', '/', '<=>', '=', '>=', '>', 'IS', 'NOT', 'NULL', '<<', '<=', '<', 'LIKE', '-', '%', '!=', '<>', 'REGEXP', '!', '||', 'OR', '+', '>>', 'RLIKE', 'SOUNDS', '*', '-', 'XOR', 'IN' ), 'function' => array( 'AVG', 'SUM', 'COUNT', 'MIN', 'MAX', 'STDDEV', 'STDDEV_SAMP', 'STDDEV_POP', 'VARIANCE', 'VAR_SAMP', 'VAR_POP', 'GROUP_CONCAT', 'BIT_AND', 'BIT_OR', 'BIT_XOR' ), 'unauthorized' => array( 'DELETE', 'ALTER', 'INSERT', 'REPLACE', 'CREATE', 'TRUNCATE', 'OPTIMIZE', 'GRANT', 'REVOKE', 'SHOW', 'HANDLER', 'LOAD', 'ROLLBACK', 'SAVEPOINT', 'UNLOCK', 'INSTALL', 'UNINSTALL', 'ANALZYE', 'BACKUP', 'CHECK', 'CHECKSUM', 'REPAIR', 'RESTORE', 'CACHE', 'DESCRIBE', 'EXPLAIN', 'USE', 'HELP', 'SET', 'DUPLICATE', 'VALUES', 'INTO', 'RENAME', 'CALL', 'PROCEDURE', 'FUNCTION', 'DATABASE', 'SERVER', 'LOGFILE', 'DEFINER', 'RETURNS', 'EVENT', 'TABLESPACE', 'VIEW', 'TRIGGER', 'DATA', 'DO', 'PASSWORD', 'USER', 'PLUGIN', 'FLUSH', 'KILL', 'RESET', 'START', 'STOP', 'PURGE', 'EXECUTE', 'PREPARE', 'DEALLOCATE', 'LOCK', 'USING', 'DROP', 'FOR', 'UPDATE', 'BEGIN', 'BY', 'ALL', 'SHARE', 'MODE', 'TO','KEY', 'DISTINCTROW', 'DISTINCT', 'HIGH_PRIORITY', 'LOW_PRIORITY', 'DELAYED', 'IGNORE', 'FORCE', 'STRAIGHT_JOIN', 'SQL_SMALL_RESULT', 'SQL_BIG_RESULT', 'QUICK', 'SQL_BUFFER_RESULT', 'SQL_CACHE', 'SQL_NO_CACHE', 'SQL_CALC_FOUND_ROWS', 'WITH' ) ); public $attributes = array( 'passwd' => '*******************', 'secure_key' => '*******************' ); /** @var array : list of errors */ public $error_sql = array(); /** * Get list of request SQL * * @static * @return array|bool */ public static function getRequestSql() { if (!$result = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('SELECT * FROM `'._DB_PREFIX_.'request_sql` ORDER BY `id_request_sql`')) return false; $request_sql = array(); foreach ($result as $row) $request_sql[] = $row['sql']; return $request_sql; } /** * Get list of request SQL by id request * * @static * @param $id * @return array */ public static function getRequestSqlById($id) { return Db::getInstance()->executeS('SELECT `sql` FROM `'._DB_PREFIX_.'request_sql` WHERE `id_request_sql` = '.(int)$id); } /** * Call the parserSQL() method in Tools class * Cut the request in table for check it * * @param $sql * @return bool */ public function parsingSql($sql) { return Tools::parserSQL($sql); } /** * Check if the parsing of the SQL request is good or not * * @param $tab * @param bool $in * @param $sql * @return bool */ public function validateParser($tab, $in = false, $sql) { if (!$tab) return false; elseif (isset($tab['UNION'])) { $union = $tab['UNION']; foreach ($union as $tab) if (!$this->validateSql($tab, $in, $sql)) return false; return true; } else return $this->validateSql($tab, $in, $sql); } /** * Cut the request for check each cutting * * @param $tab * @param $in * @param $sql * @return bool */ public function validateSql($tab, $in, $sql) { if (!$this->testedRequired($tab)) return false; elseif (!$this->testedUnauthorized($tab)) return false; elseif (!$this->checkedFrom($tab['FROM'])) return false; elseif (!$this->checkedSelect($tab['SELECT'], $tab['FROM'], $in)) return false; elseif (isset($tab['WHERE'])) { if (!$this->checkedWhere($tab['WHERE'], $tab['FROM'], $sql)) return false; } elseif (isset($tab['HAVING'])) { if (!$this->checkedHaving($tab['HAVING'], $tab['FROM'])) return false; } elseif (isset($tab['ORDER'])) { if (!$this->checkedOrder($tab['ORDER'], $tab['FROM'])) return false; } elseif (isset($tab['GROUP'])) { if (!$this->checkedGroupBy($tab['GROUP'], $tab['FROM'])) return false; } elseif (isset($tab['LIMIT'])) { if (!$this->checkedLimit($tab['LIMIT'])) return false; } if (empty($this->_errors) && !Db::getInstance()->executeS($sql)) return false; return true; } /** * Get list of all tables * * @return array */ public function getTables() { $results = Db::getInstance()->executeS('SHOW TABLES'); foreach ($results as $result) { $key = array_keys($result); $tables[] = $result[$key[0]]; } return $tables; } /** * Get list of all attributes by an table * * @param $table * @return array */ public function getAttributesByTable($table) { return Db::getInstance()->executeS('DESCRIBE '.pSQL($table)); } /** * Cut an join sentence * * @param $attrs * @param $from * @return array|bool */ public function cutJoin($attrs, $from) { $tab = array(); foreach ($attrs as $attr) { if (in_array($attr['expr_type'], array('operator', 'const'))) continue; if ($attribut = $this->cutAttribute($attr['base_expr'], $from)) $tab[] = $attribut; } return $tab; } /** * Cut an attribute with or without the alias * * @param $attr * @param $from * @return array|bool */ public function cutAttribute($attr, $from) { $matches = array(); if (preg_match('/((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))\.((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))$/i', $attr, $matches, PREG_OFFSET_CAPTURE)) { $tab = explode('.', str_replace(array('`', '(', ')'), '', $matches[0][0])); if ($table = $this->returnNameTable($tab[0], $from)) return array( 'table' => $table, 'alias' => $tab[0], 'attribut' => $tab[1], 'string' => $attr ); } elseif (preg_match('/((`(\()?([a-z0-9_])+`(\))?)|((\()?([a-z0-9_])+(\))?))$/i', $attr, $matches, PREG_OFFSET_CAPTURE)) { $attribut = str_replace(array('`', '(', ')'), '', $matches[0][0]); if ($table = $this->returnNameTable(false, $from, $attr)) return array( 'table' => $table, 'attribut' => $attribut, 'string' => $attr ); } return false; } /** * Get name of table by alias * * @param bool $alias * @param $tables * @return array|bool */ public function returnNameTable($alias = false, $tables, $attr = null) { if ($alias) { foreach ($tables as $table) if (isset($table['alias']) && $table['alias']['no_quotes'] == $alias) return array($table['table']); } elseif (count($tables) > 1) { if ($attr !== null) { $tab = array(); foreach ($tables as $table) if ($this->attributExistInTable($attr, $table['table'])) $tab = $table['table']; if (count($tab) == 1) return $tab; } $this->error_sql['returnNameTable'] = false; return false; } else { $tab = array(); foreach ($tables as $table) $tab[] = $table['table']; return $tab; } } /** * Check if an attributes existe in an table * * @param $attr * @param $table * @return bool */ public function attributExistInTable($attr, $table) { if (!$attr) return true; if (is_array($table) && (count($table) == 1)) $table = $table[0]; $attributs = $this->getAttributesByTable($table); foreach ($attributs as $attribut) if ($attribut['Field'] == trim($attr, ' `')) return true; return false; } /** * Check if all required sentence existing * * @param $tab * @return bool */ public function testedRequired($tab) { foreach ($this->tested['required'] as $key) if (!array_key_exists($key, $tab)) { $this->error_sql['testedRequired'] = $key; return false; } return true; } /** * Check if an unauthorized existing in an array * * @param $tab * @return bool */ public function testedUnauthorized($tab) { foreach ($this->tested['unauthorized'] as $key) if (array_key_exists($key, $tab)) { $this->error_sql['testedUnauthorized'] = $key; return false; } return true; } /** * Check a "FROM" sentence * * @param $from * @return bool */ public function checkedFrom($from) { $nb = count($from); for ($i = 0; $i < $nb; $i++) { $table = $from[$i]; if (!in_array(str_replace('`', '', $table['table']), $this->getTables())) { $this->error_sql['checkedFrom']['table'] = $table['table']; return false; } if ($table['ref_type'] == 'ON' && (trim($table['join_type']) == 'LEFT' || trim($table['join_type']) == 'JOIN')) { if ($attrs = $this->cutJoin($table['ref_clause'], $from)) { foreach ($attrs as $attr) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedFrom']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedFrom'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedFrom'] = false; return false; } } } } return true; } /** * Check a "SELECT" sentence * * @param $select * @param $from * @param bool $in * @return bool */ public function checkedSelect($select, $from, $in = false) { $nb = count($select); for ($i = 0; $i < $nb; $i++) { $attribut = $select[$i]; if ($attribut['base_expr'] != '*' && !preg_match('/\.*$/', $attribut['base_expr'])) { if ($attribut['expr_type'] == 'colref') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedSelect']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedSelect'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedSelect'] = false; return false; } } } } elseif ($in) { $this->error_sql['checkedSelect']['*'] = false; return false; } } return true; } /** * Check a "WHERE" sentence * * @param $where * @param $from * @param $sql * @return bool */ public function checkedWhere($where, $from, $sql) { $nb = count($where); for ($i = 0; $i < $nb; $i++) { $attribut = $where[$i]; if ($attribut['expr_type'] == 'colref' || $attribut['expr_type'] == 'reserved') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedWhere']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedWhere'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedWhere'] = false; return false; } } } elseif ($attribut['expr_type'] == 'operator') { if (!in_array(strtoupper($attribut['base_expr']), $this->tested['operator'])) { $this->error_sql['checkedWhere']['operator'] = array($attribut['base_expr']); return false; } } elseif ($attribut['expr_type'] == 'subquery') { $tab = $attribut['sub_tree']; return $this->validateParser($tab, true, $sql); } } return true; } /** * Check a "HAVING" sentence * * @param $having * @param $from * @return bool */ public function checkedHaving($having, $from) { $nb = count($having); for ($i = 0; $i < $nb; $i++) { $attribut = $having[$i]; if ($attribut['expr_type'] == 'colref') { if ($attr = $this->cutAttribute(trim($attribut['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedHaving']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedHaving'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedHaving'] = false; return false; } } } if ($attribut['expr_type'] == 'operator') { if (!in_array(strtoupper($attribut['base_expr']), $this->tested['operator'])) { $this->error_sql['checkedHaving']['operator'] = array($attribut['base_expr']); return false; } } } return true; } /** * Check a "ORDER" sentence * * @param $order * @param $from * @return bool */ public function checkedOrder($order, $from) { $order = $order[0]; if ($order['type'] == 'expression') { if ($attr = $this->cutAttribute(trim($order['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedOrder']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedOrder'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedOrder'] = false; return false; } } } return true; } /** * Check a "GROUP BY" sentence * * @param $group * @param $from * @return bool */ public function checkedGroupBy($group, $from) { $group = $group[0]; if ($group['type'] == 'expression') { if ($attr = $this->cutAttribute(trim($group['base_expr']), $from)) { if (!$this->attributExistInTable($attr['attribut'], $attr['table'])) { $this->error_sql['checkedGroupBy']['attribut'] = array($attr['attribut'], implode(', ', $attr['table'])); return false; } } else { if (isset($this->error_sql['returnNameTable'])) { $this->error_sql['checkedGroupBy'] = $this->error_sql['returnNameTable']; return false; } else { $this->error_sql['checkedGroupBy'] = false; return false; } } } return true; } /** * Check a "LIMIT" sentence * * @param $limit * @return bool */ public function checkedLimit($limit) { if (!preg_match('#^[0-9]+$#', trim($limit['start'])) || !preg_match('#^[0-9]+$#', trim($limit['end']))) { $this->error_sql['checkedLimit'] = false; return false; } return true; } }
Close
