DONT TRY TO HACK!
"; echo "Your IP is logged, an administrator has been informed!
"; echo "Script written by h44z"; exit; } elseif(down_home($abs_dir)==true) { $abs_dir = "DONTTRYTOHACK"; echo "

DONT TRY TO HACK!

"; echo "Your IP is logged, an administrator has been informed!
"; echo "Script written by h44z"; exit; } //SECURITY FIXX ------------------------------ else { $abs_dir = $abs_dir; } ob_start(); $browser=id_browser(); header('Content-Type: '.(($browser=='IE' || $browser=='OPERA')? 'application/octetstream':'application/octet-stream')); header('Expires: '.gmdate('D, d M Y H:i:s').' GMT'); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.filesize($abs_item)); if($browser=='IE') { header('Content-Disposition: attachment; filename="'.$item.'"'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Content-Disposition: attachment; filename="'.$item.'"'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); } ob_end_flush(); function get_abs_dir($dir) { // get absolute path $abs_dir="/home/christoph/explorer"; if($dir!="") $abs_dir.="/".$dir; return $abs_dir; } function get_abs_item($dir, $item) { // get absolute file+path return get_abs_dir($dir)."/".$item; } function id_browser() { $browser=$GLOBALS['__SERVER']['HTTP_USER_AGENT']; if(ereg('Opera(/| )([0-9].[0-9]{1,2})', $browser)) { return 'OPERA'; } else if(ereg('MSIE ([0-9].[0-9]{1,2})', $browser)) { return 'IE'; } else if(ereg('OmniWeb/([0-9].[0-9]{1,2})', $browser)) { return 'OMNIWEB'; } else if(ereg('(Konqueror/)(.*)', $browser)) { return 'KONQUEROR'; } else if(ereg('Mozilla/([0-9].[0-9]{1,2})', $browser)) { return 'MOZILLA'; } else { return 'OTHER'; } } //String contains funktion function contains($str, $content, $ignorecase=true) { if ($ignorecase){ $str = strtolower($str); $content = strtolower($content); } return strpos($content,$str) ? true : false; } function get_show_item($dir, $item) { // show this file? if($item == "..") return false; if("^\.ht"!="" && @eregi("^\.ht",$item)) return false; if(false==false) { $dirs=explode("/",$dir); foreach($dirs as $i) if(substr($i,0,1)==".") return false; } return true; } function down_home($abs_dir) { // dir deeper than home? $real_home = @realpath("/home/christoph/explorer"); $real_dir = @realpath($abs_dir); if($real_home===false || $real_dir===false) { if(@eregi("\\.\\.",$abs_dir)) return false; } else if(strcmp($real_home,@substr($real_dir,0,strlen($real_home)))) { return false; } return true; } @readfile($abs_item); exit; ?>