blob: f3dc8d1a26001a0c1885ec055b9c9d0797bd0869 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
<?php
function php_chdir($dir) {
$ret = chdir($dir);
echo '<input type="hidden" name="d" value="'.getcwd().'" />';
return $ret;
}
function php_exec($com, $cwd='') {
if ($cwd != '') { php_chdir($cwd); }
if ($com=='') { return 0; }
$root = dirname(__FILE__);
$ifs=' ';
$path = $root.'/bin';
$env = array('IFS' => $ifs, 'PATH' => $path);
$coms = array();
$a = 0;
$c = 0;
$q = '';
while ($com != '') {
$char = substr($com,0,1);
$com = substr($com,1);
if (substr_count ('\'',$char)!==0) {
if (substr($q,0,1)===$char) {
$q = substr($q,1);
} else {
$q = $char.$q;
}
} elseif ($q != '') {
$coms[$c][$a].=$char;
} elseif (substr_count ($ifs,$char)!==0) {
if (isset($coms[$c][$a])) {
$a++;
}
} elseif (substr_count (';',$char)!==0) {
$c++;
} else {
$coms[$c][$a].=$char;
}
}
$ret=0;
foreach ($coms as $args) {
$file=$path.'/'.$args[0].'.php';
if (file_exists($file)) {
include($file);
$ret = main($args,$env);
} else {
echo 'sh: command not found: `'.$args[0]."'\n";
$ret = 1;
}
}
return $ret;
}
|