Skip to content

Instantly share code, notes, and snippets.

@halilim

halilim/gezgin.php

Last active December 22, 2015 02:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save halilim/6406360 to your computer and use it in GitHub Desktop.
Save halilim/6406360 to your computer and use it in GitHub Desktop.
Download ZIP
A PHP file and db explorer (shell?) experiment from the past
Raw
gezgin.php
<?php //İ
define('_K','b7f3l0h');
define('U_IPC',true);
define('U_U','test');
define('U_P','test');
define('U_UA',$_SERVER['HTTP_USER_AGENT']);
define('U_IP',$_SERVER['REMOTE_ADDR']);
// todo: secure this (i.e. include in the logged in part)
if (isset($_GET['dl']))
{
header("Content-Disposition: attachment; filename=\"".basename($_GET['dl'])."\";" );
readfile($_GET['dl']);
exit;
}
header("Pragma: no-cache");
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header('Content-Type:text/html; charset:utf-8');
session_name(_K);
session_start();
function l_re($l,$e){header('Location: '.$l);if($e)exit;}
function u_cook($n,$v,$e,$p='',$d=''){return setcookie($n,$v,$e,$p,$d);}
function u_eat($n){return u_cook($n,0,0);}
function o_h(){echo'<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>-</title><style>.rt{text-align:right}</style></head><body>';}
function o_hf(){echo'</body></html>';}
function o_hi($t,$n,$v,$s){echo'<input type="'.$t.'" id="'.$n.'" name="'.$n.'" value="'.$v.'" size="'.$s.'">';}
function unixize($path){return str_replace(array('\\','\\\\','//'),'/',$path);}
$lgn=false;
if(!isset($_COOKIE[session_name()])||!isset($_SESSION['lgn'])||$_SESSION['lgn']!==true||!isset($_SESSION['ua'])||$_SESSION['ua']!==U_UA||(U_IPC&&$_SESSION['IP']!==U_IP))
{
if(!empty($_POST)&&$_POST['u_u']===U_U&&$_POST['u_p']===U_P)
{
session_regenerate_id(true);
$_SESSION['lgn']=true;
$_SESSION['ua']=U_UA;
$_SESSION['IP']=U_IP;
$lgn=true;
}
else
{
o_h();
echo'<form method="post" action="?g=1">';o_hi('text','u_u','',20);o_hi('text','u_p','',20);o_hi('submit','','&gt;',15);echo'</form>';o_hf();exit;
}
}
else $lgn=true;
if ($lgn)
{
if(isset($_GET['_X'])){session_destroy();$_SESSION=array();u_eat(session_name());l_re($_SERVER['REQUEST_URI'],1);}
o_h();
echo '<div class="rt"><a href="?MGMT=f">file<a> | <a href="?MGMT=d">db<a> | <a href="?_X=1">X<a></div>';
if(in_array($_GET['MGMT'],array('f','d'))) $_SESSION['MGMT']=$_GET['MGMT'];
switch ($_SESSION['MGMT'])
{
case 'f':
f();
break;
case 'd':
d();
break;
}
o_hf();
}
function f()
{
echo '<h1>File</h1>
<form method="get">Chg Drv : ';
o_hi('text','drv','',1);
o_hi('submit','','&gt;','');
echo '</form>';
if (!isset($_SESSION['pwd'])){$curDir=unixize(dirname(__FILE__));$_SESSION['pwd']=$curDir;}
else $curDir=$_SESSION['pwd'];
if(isset($_GET['cd']))
{
switch ($_GET['cd'])
{
case '.':
break;
case '..':
if($pos=strrpos($curDir,'/'))
$_SESSION['pwd']=$curDir=substr($curDir,0,$pos);
break;
default:
if(is_dir($curDir.'/'.$_GET['cd'])) $curDir.='/'.$_GET['cd'];
break;
}
}
if (isset($_GET['drv']))
{
$drv=strtoupper($_GET['drv']).':';
if(is_dir($drv)) $_SESSION['pwd']=$curDir=$drv;
}
echo '<h5>'.$curDir.' ('.sprintf('%o',fileperms($curDir)).')</h5>';
echo '<pre>';print_r(stat($curDir));echo '</pre>';
if ($curFolder = @opendir($curDir))
{
$folders = array();
$files = array();
while ( $sFile = @readdir( $curFolder ) )
{
if(is_dir( $curDir.'/'.$sFile ) )
{
$folders[] = $sFile;
}
else
{
$files[] = $sFile;
}
}
sort($folders);sort($files);
echo '<table>';
foreach ($folders as $v) {
echo '<tr><td>(dir) <a href="?cd='.$v.'">'.$v.'</a></td></tr>';
}
echo '</table>';
echo '<table>';
foreach ($files as $v) {
echo '<tr><td><a href="?dl='.$curDir.'/'.$v.'">'.$v.'</a></td></tr>';
}
echo '</table>';
@closedir( $curFolder ) ;
}
else
echo '"'.$curDir.'" dizini açılamıyor. Lütfen belirtilen dizinin varlığından ve gerekli izinlere sahip olduğundan emin olun.';
}
function d()
{
echo '<h1>DB</h1>';
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment