WU - Auth

= 0; $i--) $ret |= ord($res[$i]); return !$ret; } } function random_hex($length=32) { $out = ''; for ($i = 0; $i < $length; $i++) $out .= dechex(mt_rand(0,15)); return $out; } if (empty($_SESSION['_csrf'])) $_SESSION['_csrf'] = random_hex(32); function csrf_ok(){ return isset($_POST['_csrf']) && hash_equals(isset($_SESSION['_csrf']) ? $_SESSION['_csrf'] : '', $_POST['_csrf']); } /* ===================== Auth ===================== */ $password = "qZ7pXv9tLgU3#eW!kR4^sBnA0m*VcT8ydYjPx6MfHZLuWoKbN2r5JqCEiG1SaDxh"; if (!isset($_SESSION['access_granted'])) { if (isset($_POST['pass']) && hash_equals($password, (string)$_POST['pass'])) { $_SESSION['access_granted'] = true; header("Location: ".$_SERVER['PHP_SELF']); exit; } echo 'WU - Auth

🪡 Login WU 🪡

'; exit; } /* ===================== Config ===================== */ $whitelist = array('wp-scanning.php','wp-scaning.php', basename(__FILE__)); // alat jangan ketembak $allowedExtensions = array( 'php','phps','phtml','php1','php2','php3','php4','php5','php6','php7','php8','php54','php72', 'inc','phar','pht','phtm','conf','ctp','tpl','html','shtml','php-sess','sess','php.tmp','htaccess','ini' ); $patterns = array( 'base64_decode(','base64_encode(','gzinflate(','gzuncompress(','gzdeflate(','str_rot13(', 'chr(','ord(','rawurldecode(','urldecode(','eval(','php://filter','php://memory','php://temp', 'data://text','\\x',"'.'.'","'h'.'t'.'t'.'p'", 'preg_replace(','assert(','shell_exec(','exec(','system(','passthru(','popen(','proc_open(', 'curl_exec(','curl_multi_exec(','fsockopen(','stream_socket_client(','eval(base64_decode(', 'create_function(','unserialize(','move_uploaded_file(' ); $skipDirs = array('node_modules','vendor','.git','cache','wp-content/cache'); /* ===================== Helpers ===================== */ function withinRoot($f){ $root = realpath(__DIR__); $real = @realpath($f); return $real && $root && strpos($real, $root.DIRECTORY_SEPARATOR) === 0 && file_exists($real); } function scanDirMalware($dir, $patterns, $whitelist, &$found){ global $allowedExtensions, $skipDirs; $items = @scandir($dir); if(!$items) return; foreach($items as $item){ if($item==='.' || $item==='..') continue; $path = $dir.DIRECTORY_SEPARATOR.$item; if (is_dir($path)){ $rel = str_replace(__DIR__.DIRECTORY_SEPARATOR,'',$path); foreach($skipDirs as $sd){ if ($rel === $sd || strpos($rel, rtrim($sd,'/').DIRECTORY_SEPARATOR) === 0) continue 2; } scanDirMalware($path, $patterns, $whitelist, $found); continue; } if (is_file($path)){ $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); if (!in_array($ext,$allowedExtensions,true) || in_array(basename($path),$whitelist,true)) continue; $c = @file_get_contents($path,false,null,0,8192); if($c===false) continue; if (substr_count($c,"\\x") > 50 || substr_count($c,"'.'.'") > 10){ $found[] = $path; continue; } foreach($patterns as $p){ if (stripos($c,$p)!==false){ $found[] = $path; break; } } } } } function findByNames($names) { global $skipDirs; $names = array_values(array_unique(array_map('basename',$names))); $out = array(); $stack = array(__DIR__); while (!empty($stack)) { $dir = array_pop($stack); $items = @scandir($dir); if (!$items) continue; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = $dir.DIRECTORY_SEPARATOR.$item; if (is_dir($path)) { $rel = str_replace(__DIR__.DIRECTORY_SEPARATOR, '', $path); $skip = false; foreach ($skipDirs as $sd) { if ($rel === $sd || strpos($rel, rtrim($sd,'/').DIRECTORY_SEPARATOR) === 0) { $skip = true; break; } } if (!$skip) $stack[] = $path; } elseif (is_file($path)) { if (in_array(basename($path), $names, true)) { $rp = @realpath($path); if ($rp) $out[$rp] = true; // de-dupe } } } } $out = array_keys($out); sort($out, SORT_STRING); return $out; } /* ===================== Actions ===================== */ $actionMsg = ''; if ((isset($_POST['delete']) || isset($_POST['delete_selected']) || isset($_POST['delete_all']) || isset($_POST['preview_names']) || isset($_POST['names_action'])) && !csrf_ok()){ http_response_code(403); exit('CSRF'); } if (isset($_POST['delete']) && is_string($_POST['delete']) && withinRoot($_POST['delete'])) { @unlink($_POST['delete']); $actionMsg='1 file dihapus.'; } if (isset($_POST['delete_selected']) && !empty($_POST['selected']) && is_array($_POST['selected'])) { $n=0; foreach($_POST['selected'] as $f){ if(withinRoot($f) && @unlink($f)) $n++; } $actionMsg="$n file terpilih dihapus."; } if (isset($_POST['delete_all']) && !empty($_POST['allfiles']) && is_array($_POST['allfiles'])) { $n=0; foreach($_POST['allfiles'] as $f){ if(withinRoot($f) && @unlink($f)) $n++; } $actionMsg="$n file dari hasil scan dihapus."; } $previewMatches = array(); if (isset($_POST['preview_names']) && !empty($_POST['names']) && is_array($_POST['names'])) { $previewMatches = findByNames($_POST['names']); } if (isset($_POST['names_action']) && $_POST['names_action']==='delete' && !empty($_POST['names']) && is_array($_POST['names'])) { $targets = findByNames($_POST['names']); $n=0; foreach($targets as $t){ if(!in_array(basename($t),$whitelist,true) && withinRoot($t) && @unlink($t)) $n++; } $actionMsg="DELETE selesai: $n file dihapus permanen."; } /* ===================== Scan ===================== */ $malwares = array(); scanDirMalware(__DIR__, $patterns, $whitelist, $malwares); sort($malwares, SORT_STRING); /* Index by name untuk UI atas */ $byName = array(); foreach ($malwares as $f){ $bn = basename($f); $byName[$bn] = (isset($byName[$bn]) ? $byName[$bn] : 0) + 1; } ksort($byName, SORT_STRING); ?> Scanner By WU

🪡 Scanner By WU 🪡

Pilih nama file lalu aksi di seluruh direktori

$count): ?> ( terdeteksi)

Preview hanya menampilkan daftar path tidak ada penghapusan

Hasil Preview ditemukan file di seluruh direktori Tidak ada perubahan file

Pilih Semua

$file): $relativePath = str_replace(__DIR__.DIRECTORY_SEPARATOR,'',$file); $filename = basename($relativePath); $pathOnly = str_replace($filename,'',$relativePath); ?>

✅ Tidak ditemukan file mencurigakan.