Skip to content

Instantly share code, notes, and snippets.

@AbhishekGhosh

AbhishekGhosh/wordpres-shell.php

Created February 10, 2014 07:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AbhishekGhosh/8911697 to your computer and use it in GitHub Desktop.
Save AbhishekGhosh/8911697 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Shell
Raw
wordpres-shell.php
<?php
/* Don't remove this line. */
require('wp-config.php');
/* Checking login & pass in the database */
function veriflog() {
global $cookiehash;
global $tableusers, $wpdb;
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash];
} else {
return false;
}
if ('' == $user_login)
return false;
if (!$user_pass_md5)
return false;
$login = $wpdb->get_row("SELECT user_login, user_pass FROM $tableusers WHERE user_login = '$user_login'");
if (!$login) {
return false;
} else {
if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) {
return true;
} else {
return false;
}
}
}
if ( !veriflog() ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
$error= __("<strong>Error</strong>: wrong login or password.");
}
$redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
header($redir);
exit();
}
get_currentuserinfo();
if ($user_level < 10) {
die('Sorry, not allowed to Execute Commands');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/1">
<title><?php bloginfo('name'); ?><?php wp_title(); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('charset'); ?>" />
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats -->
<style type="text/css" media="screen">
@import url( <?php echo get_settings('siteurl'); ?>/wp-layout.css );
</style>
<link rel="stylesheet" type="text/css" media="print" href="<?php echo get_settings('siteurl'); ?>/print.css" />
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" />
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" />
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" />
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
<?php wp_get_archives('type=monthly&format=link'); ?>
<?php //comments_popup_script(); // off by default ?>
<?php wp_head(); ?>
</head>
<body>
<div id="rap">
<h1 id="header"><a href="<?php bloginfo('url'); ?>"><?php bloginfo('name'); ?></a></h1>
<div id="content">
<?php
if ($_POST['nextPhase'] == '1') { ?>
<div class="post">
<pre>
<?php $command_Desc = $_POST['commandDesc']; $last_line = system($command_Desc, $retval);
echo nl2br($retval); ?>
</pre>
</div><hr/>
<?php
}
?>
<div class="post">
Type in the command you would like to perform:<p>
<form method="POST" name="commandInfo" ACTION="output.php">
<input type="text" name="commandDesc">
<input type="submit" name="Button" value="Execute">
<input type="hidden" name="nextPhase" value="1">
</form>
</td>
</div>
</div>
</body>
</html>
@AbhishekGhosh
Copy link
Author

This is gist is created by Abhishek Ghosh for the blog article Run shell commands with PHP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment