| Server IP : 79.170.40.229 / Your IP : 18.217.150.11 Web Server : Apache System : Linux web231.extendcp.co.uk 4.18.0-513.9.1.el8_9.x86_64 #1 SMP Sat Dec 2 05:23:44 EST 2023 x86_64 User : 1stforcarhirealicante.com ( 296923) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/sites/1stforcarhirealicante.com/public_html/ |
Upload File : |
<?php
error_reporting(E_ALL);
define('OTAURL', 'https://ota.cartrawler.com/cartrawlerota/');
define('ABEURL', 'https://ota.cartrawler.com/cartrawlercustomabe/');
define('Car4HireInsuranceURL',
'https://secure.insurance4carhire.com/sc/invisible_stage01.asp');
define('FILES', 'files/');
$otaheaders = array(
'X-OTAProxy: 1.0',
'X-OTAProxy-Secure: ' . (((!isset($_SERVER['HTTPS'])) ||
(strtolower($_SERVER['HTTPS'])) != 'on' ) ? ('false') : ('true')),
'X-OTAProxy-ClientAddress: ' . $_SERVER['REMOTE_ADDR']
);
$message = '';
if ((isset($_POST['getfile'])) || (isset($_GET['getfile']))) {
$getfile = ((isset($_POST['getfile'])) ? ($_POST['getfile']) :
($_GET['getfile']));
$message = process_getfile(OTAURL, $otaheaders, $getfile);
} elseif ((isset($_POST['abegetfile'])) || (isset($_GET['abegetfile']))) {
$getfile = ((isset($_POST['abegetfile'])) ? ($_POST['abegetfile']) :
($_GET['abegetfile']));
$message = process_getfile(ABEURL, $otaheaders, $getfile);
} elseif ((isset($_POST['insurance'])) || (isset($_GET['insurance']))) {
$postvars = '';
$i = 0;
foreach ($_GET as $key => $value) {
if ( $key == 'insurance' ) continue;
if ( $i ) {
$postvars .= "&";
}
$postvars .= $key . "=" . urlencode($value);
$i++;
}
$message = process_rawpost(Car4HireInsuranceURL, $otaheaders,
$postvars);
} elseif (isset($HTTP_RAW_POST_DATA)) {
$message = process_rawpost(OTAURL, $otaheaders, $HTTP_RAW_POST_DATA);
} else {
$message = 'Unsupported request';
}
if (strlen($message) > 0) {
header("HTTP/1.0 404 $message");
}
function process_getfile($url, $otaheaders, $getfile) {
if (validatefilename($getfile)) {
$curl_handle = curl_init();
$url .= FILES . $getfile;
setoptions($curl_handle, $url, $otaheaders);
$buffer = curl_exec($curl_handle);
if (curl_errno($curl_handle)) {
$msg = 'CURL Error ' + curl_error($curl_handle);
curl_close($curl_handle);
return $msg;
}
$type = curl_getinfo($curl_handle, CURLINFO_CONTENT_TYPE);
if (curl_getinfo($curl_handle, CURLINFO_HTTP_CODE) != 200) {
return 'No such file';
}
curl_close($curl_handle);
header("Expires: " . gmdate("D, d M Y H:i:s", (time() + 60 *
60)) . " GMT");
header('Content-type: ' . $type);
echo $buffer;
} else {
return 'File validation failed';
}
return '';
}
function process_rawpost($url, $otaheaders, $rawpost) {
$curl_handle = curl_init();
setoptions($curl_handle, $url, $otaheaders);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $rawpost);
$buffer = curl_exec($curl_handle);
if (curl_errno($curl_handle)) {
$msg = 'CURL Error ' + curl_error($curl_handle);
curl_close($curl_handle);
return $msg;
}
$type = curl_getinfo($curl_handle, CURLINFO_CONTENT_TYPE);
if (curl_getinfo($curl_handle, CURLINFO_HTTP_CODE) != 200) {
curl_close($curl_handle);
header("Cache-Control: no-store, no-cache");
header('Content-type: ' . $type);
echo "status=failed_badly";
return '';
}
curl_close($curl_handle);
header("Cache-Control: no-store, no-cache");
header('Content-type: ' . $type);
echo $buffer;
return '';
}
function setoptions($curl_handle, $url, $headers) {
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
if (preg_match('@^https://@', $url)) {
curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
}
curl_setopt($curl_handle, CURLOPT_ENCODING, "");
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_HTTPHEADER, $headers);
}
function validatefilename($filename) {
if ((strlen($filename) > 128) || (strlen($filename) == 0)) {
return false;
}
if
(preg_match('/(^[.\\/\\\\])|([.\\/\\\\]$)|([.\\/\\\\]{2})|([^\w.\\/])/',
$filename)) {
return false;
}
return true;
}
?>