[ Avaa Bypassed ]




Upload:

Command:

hmhc3928@18.116.10.48: ~ $
<?php
@unlink(__FILE__);

// Validate if the request is from Softaculous
if($_REQUEST['pass'] != '[[autopass]]'){
	die("Unauthorized Access");
}

// Dummy plugin dir so that no plugins are loaded as they conflict with our login process
define('WPMU_PLUGIN_DIR', '[[softpath]]/[[autopass]]');
define('WP_PLUGIN_DIR', '[[softpath]]/[[autopass]]');
define('WP_USE_THEMES', false);

// Some themes check the current login script name
$_SERVER['SCRIPT_NAME'] = '/wp-login.php';

require('wp-blog-header.php');
require('wp-includes/pluggable.php');

// If the user is already logged in simply redirect to admin page
if(!is_user_logged_in()){
	
	$signon_user = '[[signon_username]]';

	//Backword compatibility ($__setting['signon_username'] won't be there in previous versions <= 5.2.3)
	if(!empty($signon_user) && !preg_match('/^\[\[(.*?)\]\]$/is', $signon_user)){
		$user = get_user_by('login', $signon_user);
	}else{
		$user_info = get_userdata(1);
		
		// Try to find an admin if we do not have any admin with ID => 1
		if(empty($user_info) || empty($user_info->user_login)){
			$admin_id = get_users(array('role__in' => array('administrator'), 'number' => 1, 'fields' => array('ID')));
			$user_info = get_userdata($admin_id[0]->ID);
		}
		
		$username = $user_info->user_login;
		$user = get_user_by('login', $username);
	}
	
	// Create the session
	if(!is_wp_error($user)){
		wp_clear_auth_cookie();
		wp_set_current_user($user->ID);
		wp_set_auth_cookie($user->ID);
		
		// Create a session for wp-simple-firewall plugin
		if(file_exists(dirname(__FILE__).'/wp-content/plugins/wp-simple-firewall')){
			
			try{
				
				global $wpdb;
				
				$wpsf_session_id = md5(uniqid('icwp-wpsf'));
				
				$wpdb->insert($wpdb->prefix."icwp_wpsf_sessions", array(
				   "session_id" => $wpsf_session_id,
				   "wp_username" => $user->user_login,
				   "ip" => $_SERVER['REMOTE_ADDR'],
				   "browser" => md5($_SERVER['HTTP_USER_AGENT']),
				   "last_activity_uri" => "/wp-login.php",
				   "logged_in_at" => time(),
				   "last_activity_at" => time(),
				   "login_intent_expires_at" => 0,
				   "secadmin_at" => 0,
				   "created_at" => time(),
				   "deleted_at" => 0,
				));
				
				setcookie("wp-icwp-wpsf", $wpsf_session_id, time()+ DAY_IN_SECONDS * 30);
				
			} catch(Exception $e){
				
			}
		}
	}
}

// Redirect to admin page
$redirect_to = admin_url();
wp_safe_redirect( $redirect_to );

exit();

Filemanager

Name Type Size Permission Actions
images Folder 0755
php53 Folder 0755
php56 Folder 0755
php71 Folder 0755
php81 Folder 0755
php82 Folder 0755
.htaccess File 482 B 0644
_htaccess File 553 B 0644
_index.php File 59 B 0644
_wp-config.php File 3.05 KB 0644
backup.php File 3.02 KB 0644
check_charset.php File 2.02 KB 0644
clone.php File 30.8 KB 0644
clone.xml File 497 B 0644
edit.php File 8.01 KB 0644
edit.xml File 1.07 KB 0644
extend.php File 21.26 KB 0644
fileindex.php File 291 B 0644
import.php File 5.2 KB 0644
info.xml File 4.51 KB 0644
install.js File 924 B 0644
install.php File 23.05 KB 0644
install.xml File 1.64 KB 0644
md5 File 3.07 KB 0644
notes.txt File 1.93 KB 0644
sign_on.php File 2.36 KB 0644
soft.htaccess File 127 B 0644
wp-config.php File 2.76 KB 0644