This is really simple&primitive and dangerous script which allows you:
- iterate throw directory structure and show permissions, it uses 2 methods:
- plain PHP which can be limited via open_basedir
- shell_exec system function which can be limited by disabled_functions
- show basic info about PHP configuraion (version, extensions, disable functions, open_basedir, or complete phpinfo)
- download files from the server (if enabled)
- upload files from URL to the server (if enabled)
- read files and show their content (text, images, archives content)
- run system commands via various methods (if enabled)
The script will delete itself after 1 hour for security reasons (you can configure this behavior). It is also possible to set credentials to use this script, of course.
Caution
Do not grant “MFB” access to untrusted users, as a skilled user could escalate their privileges and do anything to your site and server 😉. The script is full of security threats and can cause FPD, XSS, SQLi, SSRF, LFI, RCE, WTF, etc.
View text files content
Show images
Show files inside archive (zip, tar, tgz)
Note: this project is still alive :-)