Last active
December 22, 2015 02:49
-
-
Save halilim/6406360 to your computer and use it in GitHub Desktop.
A PHP file and db explorer (shell?) experiment from the past
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //İ | |
define('_K','b7f3l0h'); | |
define('U_IPC',true); | |
define('U_U','test'); | |
define('U_P','test'); | |
define('U_UA',$_SERVER['HTTP_USER_AGENT']); | |
define('U_IP',$_SERVER['REMOTE_ADDR']); | |
// todo: secure this (i.e. include in the logged in part) | |
if (isset($_GET['dl'])) | |
{ | |
header("Content-Disposition: attachment; filename=\"".basename($_GET['dl'])."\";" ); | |
readfile($_GET['dl']); | |
exit; | |
} | |
header("Pragma: no-cache"); | |
header("Cache-Control: no-cache, must-revalidate"); | |
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); | |
header('Content-Type:text/html; charset:utf-8'); | |
session_name(_K); | |
session_start(); | |
function l_re($l,$e){header('Location: '.$l);if($e)exit;} | |
function u_cook($n,$v,$e,$p='',$d=''){return setcookie($n,$v,$e,$p,$d);} | |
function u_eat($n){return u_cook($n,0,0);} | |
function o_h(){echo'<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>-</title><style>.rt{text-align:right}</style></head><body>';} | |
function o_hf(){echo'</body></html>';} | |
function o_hi($t,$n,$v,$s){echo'<input type="'.$t.'" id="'.$n.'" name="'.$n.'" value="'.$v.'" size="'.$s.'">';} | |
function unixize($path){return str_replace(array('\\','\\\\','//'),'/',$path);} | |
$lgn=false; | |
if(!isset($_COOKIE[session_name()])||!isset($_SESSION['lgn'])||$_SESSION['lgn']!==true||!isset($_SESSION['ua'])||$_SESSION['ua']!==U_UA||(U_IPC&&$_SESSION['IP']!==U_IP)) | |
{ | |
if(!empty($_POST)&&$_POST['u_u']===U_U&&$_POST['u_p']===U_P) | |
{ | |
session_regenerate_id(true); | |
$_SESSION['lgn']=true; | |
$_SESSION['ua']=U_UA; | |
$_SESSION['IP']=U_IP; | |
$lgn=true; | |
} | |
else | |
{ | |
o_h(); | |
echo'<form method="post" action="?g=1">';o_hi('text','u_u','',20);o_hi('text','u_p','',20);o_hi('submit','','>',15);echo'</form>';o_hf();exit; | |
} | |
} | |
else $lgn=true; | |
if ($lgn) | |
{ | |
if(isset($_GET['_X'])){session_destroy();$_SESSION=array();u_eat(session_name());l_re($_SERVER['REQUEST_URI'],1);} | |
o_h(); | |
echo '<div class="rt"><a href="?MGMT=f">file<a> | <a href="?MGMT=d">db<a> | <a href="?_X=1">X<a></div>'; | |
if(in_array($_GET['MGMT'],array('f','d'))) $_SESSION['MGMT']=$_GET['MGMT']; | |
switch ($_SESSION['MGMT']) | |
{ | |
case 'f': | |
f(); | |
break; | |
case 'd': | |
d(); | |
break; | |
} | |
o_hf(); | |
} | |
function f() | |
{ | |
echo '<h1>File</h1> | |
<form method="get">Chg Drv : '; | |
o_hi('text','drv','',1); | |
o_hi('submit','','>',''); | |
echo '</form>'; | |
if (!isset($_SESSION['pwd'])){$curDir=unixize(dirname(__FILE__));$_SESSION['pwd']=$curDir;} | |
else $curDir=$_SESSION['pwd']; | |
if(isset($_GET['cd'])) | |
{ | |
switch ($_GET['cd']) | |
{ | |
case '.': | |
break; | |
case '..': | |
if($pos=strrpos($curDir,'/')) | |
$_SESSION['pwd']=$curDir=substr($curDir,0,$pos); | |
break; | |
default: | |
if(is_dir($curDir.'/'.$_GET['cd'])) $curDir.='/'.$_GET['cd']; | |
break; | |
} | |
} | |
if (isset($_GET['drv'])) | |
{ | |
$drv=strtoupper($_GET['drv']).':'; | |
if(is_dir($drv)) $_SESSION['pwd']=$curDir=$drv; | |
} | |
echo '<h5>'.$curDir.' ('.sprintf('%o',fileperms($curDir)).')</h5>'; | |
echo '<pre>';print_r(stat($curDir));echo '</pre>'; | |
if ($curFolder = @opendir($curDir)) | |
{ | |
$folders = array(); | |
$files = array(); | |
while ( $sFile = @readdir( $curFolder ) ) | |
{ | |
if(is_dir( $curDir.'/'.$sFile ) ) | |
{ | |
$folders[] = $sFile; | |
} | |
else | |
{ | |
$files[] = $sFile; | |
} | |
} | |
sort($folders);sort($files); | |
echo '<table>'; | |
foreach ($folders as $v) { | |
echo '<tr><td>(dir) <a href="?cd='.$v.'">'.$v.'</a></td></tr>'; | |
} | |
echo '</table>'; | |
echo '<table>'; | |
foreach ($files as $v) { | |
echo '<tr><td><a href="?dl='.$curDir.'/'.$v.'">'.$v.'</a></td></tr>'; | |
} | |
echo '</table>'; | |
@closedir( $curFolder ) ; | |
} | |
else | |
echo '"'.$curDir.'" dizini açılamıyor. Lütfen belirtilen dizinin varlığından ve gerekli izinlere sahip olduğundan emin olun.'; | |
} | |
function d() | |
{ | |
echo '<h1>DB</h1>'; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment