Tag Cloud

CRM 2011 (161) CRM 4.0 (144) C# (116) JScript (109) Plugin (92) Registry (90) Techpedia (77) PyS60 (68) WScript (43) Plugin Message (31) Exploit (27) ShellCode (26) FAQ (22) JavaScript (21) Killer Codes (21) Hax (18) VB 6.0 (17) Commands (16) VBScript (16) Quotes (15) Turbo C++ (13) WMI (13) Security (11) 1337 (10) Tutorials (10) Asp.Net (9) Safe Boot (9) Python (8) Interview Questions (6) video (6) Ajax (5) VC++ (5) WebService (5) Workflow (5) Bat (4) Dorks (4) Sql Server (4) Aptitude (3) Picklist (3) Tweak (3) WCF (3) regex (3) Config (2) LINQ (2) PHP (2) Shell (2) Silverlight (2) TSql (2) flowchart (2) serialize (2) ASHX (1) CRM 4.0 Videos (1) Debug (1) FetchXml (1) GAC (1) General (1) Generics (1) HttpWebRequest (1) InputParameters (1) Lookup (1) Offline Plug-ins (1) OutputParameters (1) Plug-in Constructor (1) Protocol (1) RIA (1) Sharepoint (1) Walkthrough (1) Web.config (1) design patterns (1) generic (1) iframe (1) secure config (1) unsecure config (1) url (1)

Pages

Wednesday, August 10, 2011

File Explorer 







function file_explorer($boss = false, $webmaster="webmaster@site.com")

{



	$page = "




File Explorer
";//Variable that will store all of the HTML

	$user_dir = isset($_GET['d'])? $_GET['d'] : "";

	//Uses this files location to get the directory and then looks for 'files' folder

	//make sure the folder is here, or change this variable

	$dir = substr(__FILE__, 0, strrpos(__FILE__, '/'))."files$user_dir";



	//Checks to see if they are trying to get out of your folder and roam your filesystem

	if(strpos($user_dir, "..") !== false)

	{

		$page .= "Please do not try and hack the website. You have been reported to Bosses";

		/**

		* You must have php configured to send mail before including this bit

		*/

		$headers  = 'MIME-Version: 1.0' . "\r\n";

		$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

		$headers .= 'From: File Explorer Notifier ' . "\r\n";//customize me

<--more-->

		//mail($webmaster, "Someone tried to hack admin/documents", 

		//		"
SERVER:\n\n".var_export($_SERVER, true)."\n\n---\n\nSession:\n\n".var_export($_SESSION, true)."
",
 		//		$headers);
 		return $page;
 	}
 
 	/*BREADCRUMBS*/
 	$cur_path = explode("\\", $user_dir);
 	$temp_path = "";//stores the url for the increasing breadcrumb
 	
 	$page .= "
";
 	//loops through the current directory and puts links in breadcrumb form
 	// Top --> dir1 --> dir1_1 --> dir1_1_2
 	for($cc=0;$cc 	{
 		if($cc == 0)
 			$page .= "Top";
 		else if(!empty($cur_path[$cc]))
 		{
 			$temp_path .= "\\".$cur_path[$cc];
 			$page .= " --> {$cur_path[$cc]}";
 		}
 	}
 	$page .= "
";
 	
 	//Tries to open the directory
 	$m = opendir($dir);
 	if($m !== false)//vaild directory
 	{
 		//if there is a file to be uploaded and the user has permission
 		if(isset($_FILES['uploadMe']) && $boss)
 		{
 			$name = "$dir\\[".time()."] - ".filename_safe($_FILES["uploadMe"]["name"]);//makes the filename safe
 			if(move_uploaded_file($_FILES["uploadMe"]["tmp_name"], $name))
 				$page .= "
Uploaded file to $name
";
 			else
 				$page .= "
An error occured
 
".var_export($_FILES, true)."
";
 		}
 		//if there is a directory to be created and the user has permission
 		if(isset($_POST['newdir']) && $boss)
 		{
 			$name = "$dir\\".filename_safe($_POST['newdir']);//makes the directory name safe
 			if(mkdir($name))//create directory
 				$page .= "
Created Folder: $name
";
 			else
 				$page .= "
Unable to create directory
";
 		}
 		
 		$page .= "
"; 		/** 		* Icons taken from: http://www.erichynds...ples/famfamfam/ 		*/ 		$folder_icon = ""; //check source for picture source 		$file_icon = ""; //check source for picture source 		 		//Loops through the opened directory, displays all files and directories 		$numfiles = 0;//stores the number of files it finds 		$numfolders = 0;//stores the number of folders it finds 		while (false !== ($file = readdir($m))) 		{ 			if($file == "." || $file == "..") 				continue; 			 			$f = "$dir\\$file"; 			$page .= "
"; 			if(is_dir($f))//checks if directory 			{ 				$numfolders++; 				$page .= ""; 			} 			else//its a file 			{ 				$numfiles++; 				$page .= ""; 			} 			$page .= "
 "; 		} 		$page .= "
 
 			Name 			Size 			Last Modified 			Last Accessed 			Last Created 			
 
$folder_icon$file 					N/A$file_icon$file".
round(filesize($f)/1024, 2)." KB		".date ("F d Y H:i:s.", filemtime($f)).
"		".date ("F d Y H:i:s.", fileatime($f)).
"		".date ("F d Y H:i:s.", filectime($f)).
"
";
 		
 		if($numfiles == 0 && $numfolders == 0)//no files or folders
 			$page .= "
No File or Folders
";
 		else
 			$page .= "
Files: $numfiles, Folders: $numfolders
";
 		
 		//has premission to upload and create directories
 		if($boss)
 		{
 			$page .= "
 				
 
					Will upload your file to: $dir
 Send this file: 
 					
 				
					Will create your directory in: $dir
 Create directory: 
 					
 				
";
 }
 
 }
 else
 {
 $page .= "Not a directory";
 }
 
 return $page;
 }
 ?>
By KillerCodez at 7:00:00 pm
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)