M2404 Backdoor, Recoded By M2404
| Current Path : /home/vhosts/pusdiklatlhk.coolpage.biz/BDK Pematangsiantar/ADMIN/ |
| Current File : /home/vhosts/pusdiklatlhk.coolpage.biz/BDK Pematangsiantar/ADMIN/upload1.php |
<?php
include_once "../koneksi/koneksi.php";
$UNIT= $_GET['UNIT'];
$DARI= $_GET['DARI'];
$NAMA= $_GET['NAMA'];
$ID= $_GET['ID'];
$HAK= $_GET['HAK'];
$INSTANSI= $_GET['INSTANSI'];
$DATA= $_GET['DATA'];
$PASSWORD= $_GET['PASSWORD2'];
$PHOTO=$_GET['foto'];
$tmp=$_FILES['foto']['tmp_name'];
if(!is_uploaded_file($tmp)){
echo "";
}
$namafile=$_FILES['foto']['name'];
$X=strlen($namafile);
$Y=strlen($namafile)-3;
$Z=$Y-$X;
$SET=substr($namafile,$Y,3);
if ($SET=='php') {echo "SALAH"; exit;}
if ($SET=='PHP') {echo "SALAH"; exit;}
// if ($namafile=='') {$namafile='bk_body.png';}else {;}
if(!move_uploaded_file($tmp,$dir.$namafile)){
echo "";
}
$T='.';
$ukuran=$_FILES['foto']['size'];
$file_type=$_FILES['foto']['type'];
if ($namafile=='') {$namafile='parade.gif';}else {;}
$update="UPDATE kdr_pusdik SET
USER='Pematangsiantar',
$DATA='$namafile'
WHERE ID='$ID'";
mysql_query($update,$konek)
or die ("GAGAL".MYSQL_error());
header ("location:index.php?ATRIBUT=ATRIBUT&MENU=SETTING&UNIT=$UNIT");
?>