HEX
Server: LiteSpeed
System: Linux ws4.angoweb.net 5.14.0-611.13.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 11 04:57:59 EST 2025 x86_64
User: tswangoe (2287)
PHP: 8.1.33
Disabled: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
$ pwd: /proc/self/root/usr/local/sitepad/lib/panels/directadmin/user/
Upload Files
File: //proc/self/root/usr/local/sitepad/lib/panels/directadmin/user/index.html
<?php 

if(!empty($_SERVER['QUERY_STRING'])){
	parse_str($_SERVER['QUERY_STRING'], $_GET);

	foreach($_GET as $k => $v){
		$_REQUEST[$k] = $v;
	}
}

if(!empty($_SERVER['POST'])){
	parse_str($_SERVER['POST'], $_POST);

	foreach($_POST as $k => $v){
		$_REQUEST[$k] = $v;
	}
}

echo "HTTP/1.1 200 OK\n";
echo "Content-Type: text/html\n";
if(@$_GET['act'] == 'backups' && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	echo 'Content-Disposition: attachment; filename="'.$_GET['download'].'"'."\n";
}
echo "\n";

// These commands need to be executed as root
$da_version = @shell_exec('/usr/local/directadmin/directadmin v');

include('/usr/local/sitepad/enduser.php');

?>
@ Telegram