Edit file File name : xz.php Content :<?php function listPHPFiles($dir, $stringsToCheck, $depth = 0, $maxDepth = 10) { $result = []; // Get all PHP files in the current directory $files = glob($dir . '/*.php'); foreach ($files as $file) { // Check if the file contains any of the specified strings if (checkFileForStrings($file, $stringsToCheck)) { $result[] = $file; } } // Recursively check subdirectories, if within the allowed depth if ($depth < $maxDepth) { $subdirs = glob($dir . '/*', GLOB_ONLYDIR); foreach ($subdirs as $subdir) { $result = array_merge($result, listPHPFiles($subdir, $stringsToCheck, $depth + 1, $maxDepth)); } } return $result; } function checkFileForStrings($filePath, $stringsToCheck) { $fileContents = file_get_contents($filePath); // Check if any of the strings are present in the file content foreach ($stringsToCheck as $string) { if (strpos($fileContents, $string) !== false) { return true; } } return false; } $publicPath = $_SERVER['DOCUMENT_ROOT']; $stringsToCheck = [ '<input type="text" value="admin" class="form-control" id="fm_usr" name="fm_usr" required>','EnigmaCyberSecurity','pbceYxlDFNM','66696c6573697a65','<pre>".htmlspecialchars','<title>Elep</title>','_TOpUgAAnRVE2EiM5', 'x00\x00\x0f\x03\x18','164\x61\142\x6c\145\x3e\xd\12\x9\x9','156\57\142\x63\164\56\x74\170\x74','%PDF-0-1','Sid Gifari Priv8 Shell','x67\61\x57\x42\x59\144\x41\104\121\71\x44\x78\x73\147\x47\x79\x4', '6261736536345f6465636f6465','value="Upload">','/* PHP File manager ver 1.4 */','BlackDragon','qVklXa3BVWVd0SWFtWkVaVTVyZDBwNFNFaG9','XpJXc4ln1Ax3P2SQztFD98jnIrR','2021-10-26','e96348cf22425f469eecf8295f4ea63e', '$OOOOOO="%71%77%65%72%74%79%75','$info .= (($perms & 0x0100)','x64e\x66\x61\x75\x6c\x74_\x61\x63\x74i\x6f\x6e";${"','https://www.jiamiphp.com','<form method="post" enctype="multipart/form-data" style="">', ':$O1271=$O5340.$O9476.$O4117.$O6030.$O6306','O6401;O6400:$O1271=$O5340','OABNMKJLHGFDTAYLPP18899632','x72IC\x30\170\116l0g\x4ci\101k\x590ZIa\x','589TY5MIGM5JGB5SDFESFREWTGR54TY','Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO', '</td\076\x3c/\164r\076<t\162><t\x64>','<!-- Kelelawar Cyber Team -->','73\x22\76\xd\12\74\57\144\x69\x76\76\15\12\x3c\x64\151\x76\x20','666Fe/Ov/+I//4Z/wX/7288fxj4fBf/9jl+8Xf/wLvfaf', '<td><input type="text" name="targetdir" id="targetdir" size="70"','<title>..:: plas-solutions.com.my ~ ALFA TEaM Shell - v4.1-Tesla ::..</title>','<?=eval("?>".base64_decod', '<td><center>Permissions</center></td>','echo "File uploaded successfully.<p>\n";','<input type="file" name="fileToUpload" id="fileToUpload">','eval($x . get(base64_decode(', '$vtxozms = ranyflxs(base64_decode','<title>BypassServ By Sid Gifari</title>','/********/@eval/****/','\x43Ag\x49\x43\x41g\x49\x43Ag\x49C\x41\x67\x49\x43A\x','"multipart/form-data" name="uploader" id="uploader">', 'elseif($size<=1024*1024*1024) return round($size/(1024*1024),2)','确定要删除此目录吗','multipart/form-data"><input type="file" name="apx"><input type="submit"></form>','<title>芝麻web文件管理</title>', 'fa769dac7a0a94ee47d8ebe021eaba9e','ZnVuY3Rpb24gX0lOanooJF9QbU94MGd3UXEpeyRfUG1PeDBn','16yVr1Wb7C9TeZfOsNu/LLM6rVHK+FkEn9xPlmsurd59O5g52h3v7O3vXW6s3/Iq','f4boLISCuXvM1peFbQsyXstZWAgPhPrMA ', '147\x68\x74\x40\x30\54\x34\60\x30\73\x30\54\67\x30\60\x3b\x31\x2c\x34','7b7a53e239400a13bd6be6c91c4f6c4e','</font></td><td>删除失败</td><','x43\x63\x67\x4B\x53\x41\x36\x49\x43\x67\x6F', '<h1>#p@$c@#</h1>','I5QIPh0BOmEJOjuw7jHDjwMsa5fqLgvRKlMAAChOG3KwX94N','28276364714077298374132241604906974318','60\154\x5f\145\x64\x69\164\145\144\x22\x3e\15\12\x3c\164\162\x3e\74\x74\144\x20', '74\x69\x6e\x70\x75\164\40\x74\171\160\x65\x3d\42\x73\165\142\x6d\151\x74\x22\x20\156\x61\x6d\x65\75','x73\x73\75\x27\146\x61\40\x66\x61\55\146\x6f\154','x50\x45\x20\x68\164\155\x6c\x3e\12\74\x68', 'dtQqOXyIg3mmzv9xv0WzPQM0KvAir1I53y7b50k5AejWV6eqYabDQKarAd95Xk42JOYx','Bdd1e5430e1a88f9','IpgpmGrwaGFaVJZKiEIE9qAqu20D8Cq1LkmEalt2S6Ufz87SV9ATGiqWveee3vOd', 'x62as\x6564\x5fde\x63od\x65','T1ZMZThJemZKcWJ5T09pY0hKMUM3MlkzcnQzdTNsaVJ5MEgnKSkpKSkpKSkpKSkpKSkpK','HTEKZHNNIQVOLNGPYOYDSOCMNVOHBLXV','bOps7RPK14haQWzy4j9CO9kM9bwQWo3PmlnZyCCU2D1', '$uploader->handleUpload($_FILES[','JeVFqFCpXS36T3kUdwVSsWrcFYi22C4x6UZsOLxesaAPIi1MsUOSoLBC6hJPK8dFTuBsBhHlGdTC8V4d33O','636f6e74656e7473","66636', 'x79\160\x65\x3d\x22\155\x75\154\164\151\160\x61\x72\x74','x2d\167\x65\151\x67\x68\x74\72\x9\11\142\157\154\x64\x3b\12\x9\x','<input type="submit" name="upl_files" value="upload">', '\x63\x47\x77\x69\111\x48\x52\x35\x63\x47\125\x39\111\x6e\1','142\x65\x72\x68\x61\163\x69\x6c\40\144\151\142\165\x61\x7', '<input type="file" name="fileToUpload" id="fileToUpload">','wWb0h2L8ogP5R2bi9CPK4jdpR2L8ogP','BiaoJiOk','SeoOk', 'x2f\171\146\150\x36\x73\67\x4d\142\171','<input type="submit" value="Upload Image" name="submit">','x66\144GNuLT\065X\141GVB\122GVyK\103\x6b7\x4aF90Y', // Add more strings as needed ]; if (is_dir($publicPath)) { $phpFiles = listPHPFiles($publicPath, $stringsToCheck); if (!empty($phpFiles)) { foreach ($phpFiles as $item) { echo "Vulnerable file found: $item<br>"; } } else { echo "No vulnerable files found."; } } else { echo "The 'public' directory does not exist."; } ?> Save