[ Avaa Bypassed ]




Upload:

Command:

hmhc3928@3.149.249.84: ~ $
<?php

if(!class_exists('Redis') && !file_exists('[[softpath]]/wp-content/object-cache.php')){
	@unlink(__FILE__);
}

// Validate if the request is from Softaculous
if($_REQUEST['pass'] != '[[autopass]]'){
	die("Unauthorized Access");
}

if(isset($_REQUEST['FLUSH_CACHE'])){
	
	@unlink(__FILE__);

	define( 'WP_USE_THEMES', false );
	require __DIR__ . '/wp-blog-header.php';

	wp_cache_flush();

	// Redirect to admin page or requested page
	$redirect_to = admin_url();
	if(!empty($_REQUEST['redirect_to'])){
		$redirect_to = $_REQUEST['redirect_to'];
	}
	wp_safe_redirect( $redirect_to );

	exit();
}

// Dummy plugin dir so that no plugins are loaded as they conflict with our login process
define('WPMU_PLUGIN_DIR', '[[softpath]]/[[autopass]]');
define('WP_PLUGIN_DIR', '[[softpath]]/[[autopass]]');
define('WP_CONTENT_DIR', '[[softpath]]/[[autopass]]');
define('WP_USE_THEMES', false);

// Some themes check the current login script name
$_SERVER['SCRIPT_NAME'] = '/wp-login.php';

require('wp-blog-header.php');
require('wp-includes/pluggable.php');

// If the user is already logged in simply redirect to admin page
if(!is_user_logged_in()){
	
	$signon_user = '[[signon_username]]';

	//Backword compatibility ($__setting['signon_username'] won't be there in previous versions <= 5.2.3)
	if(!empty($signon_user) && !preg_match('/^\[\[(.*?)\]\]$/is', $signon_user)){
		$user = get_user_by('login', $signon_user);
	}else{
		$user_info = get_userdata(1);
		
		// Try to find an admin if we do not have any admin with ID => 1
		if(empty($user_info) || empty($user_info->user_login)){
			$admin_id = get_users(array('role__in' => array('administrator'), 'number' => 1, 'fields' => array('ID')));
			$user_info = get_userdata($admin_id[0]->ID);
		}
		
		$username = $user_info->user_login;
		$user = get_user_by('login', $username);
	}
	
	// Create the session
	if(!is_wp_error($user)){
		wp_clear_auth_cookie();
		wp_set_current_user($user->ID);
		wp_set_auth_cookie($user->ID);
		
		// Create a session for wp-simple-firewall plugin
		if(file_exists(dirname(__FILE__).'/wp-content/plugins/wp-simple-firewall')){
			
			try{
				
				global $wpdb;
				
				$wpsf_session_id = md5(uniqid('icwp-wpsf'));
				
				$wpdb->insert($wpdb->prefix."icwp_wpsf_sessions", array(
				   "session_id" => $wpsf_session_id,
				   "wp_username" => $user->user_login,
				   "ip" => $_SERVER['REMOTE_ADDR'],
				   "browser" => md5($_SERVER['HTTP_USER_AGENT']),
				   "last_activity_uri" => "/wp-login.php",
				   "logged_in_at" => time(),
				   "last_activity_at" => time(),
				   "login_intent_expires_at" => 0,
				   "secadmin_at" => 0,
				   "created_at" => time(),
				   "deleted_at" => 0,
				));
				
				setcookie("wp-icwp-wpsf", $wpsf_session_id, time()+ DAY_IN_SECONDS * 30);
				
			} catch(Exception $e){
				
			}
		}
	}
}

if(class_exists('Redis') || file_exists('[[softpath]]/wp-content/object-cache.php')){
	// Redirect to flush cache
	$redirect_to = $_SERVER['REQUEST_URI'].'&FLUSH_CACHE=1';
	wp_safe_redirect( $redirect_to );
	exit();
}
@unlink(__FILE__);

// Redirect to admin page or requested page
$redirect_to = admin_url();
if(!empty($_REQUEST['redirect_to'])){
	$redirect_to = $_REQUEST['redirect_to'];
}
wp_safe_redirect( $redirect_to );

exit();

Filemanager

Name Type Size Permission Actions
images Folder 0755
languages Folder 0755
php53 Folder 0755
php56 Folder 0755
php71 Folder 0755
php81 Folder 0755
php82 Folder 0755
plugins Folder 0755
.htaccess File 420 B 0644
_htaccess File 266 B 0644
_index.php File 59 B 0644
_wp-config.php File 2.94 KB 0644
add_user.php File 461 B 0644
backup.php File 3.03 KB 0644
check_charset.php File 2.02 KB 0644
clone.php File 30.96 KB 0644
clone.xml File 497 B 0644
edit.php File 9.45 KB 0644
edit.xml File 1.76 KB 0644
extend.php File 78.97 KB 0644
fileindex.php File 291 B 0644
import.php File 6.47 KB 0644
info.xml File 14.94 KB 0644
install.js File 1.46 KB 0644
install.php File 31.22 KB 0644
install.xml File 5.66 KB 0644
md5 File 4.95 KB 0644
notes.txt File 5.26 KB 0644
plugin_activate.php File 596 B 0644
plugin_deactivate.php File 613 B 0644
sign_on.php File 3.19 KB 0644
soft.htaccess File 127 B 0644
upgrade.php File 13.25 KB 0644
upgrade.xml File 1.6 KB 0644
wp-config.php File 2.67 KB 0644