HEX
Server: LiteSpeed
System: Linux 112.webhostingindonesia.co.id 5.14.0-570.62.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Nov 11 10:10:59 EST 2025 x86_64
User: iyfwylsv (10313)
PHP: 8.2.30
Disabled: NONE
$ pwd: /proc/self/root/usr/local/softaculous/pl/
Upload Files
File: //proc/self/root/usr/local/softaculous/pl/index.php
<?php

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Content-Type: text/html; charset=UTF-8");
if((@$_GET['act'] == 'backups' || @$_GET['act'] == 'import_export' || @$_GET['act'] == 'templates') && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	header('Content-Disposition: attachment; filename="'.$_GET['download'].'"');
}

if(!function_exists('shell_exec')){
	die('shell_exec function is required for Softaculous to work.');
}

/*echo '<pre>';
print_r($_SERVER);
print_r($GLOBALS);
echo '</pre>';*/

$array = array();
$array['SERVER'] = $_SERVER;
$array['POST'] = $_POST;
$array['GET'] = $_GET;
$array['REQUEST'] = $_REQUEST;
$array['COOKIE'] = $_COOKIE;
$array['FILES'] = $_FILES;
if(!empty($GLOBALS["session"])){
	$array['usertype'] = (int) $GLOBALS["session"]->_type;
	$array['login'] = $GLOBALS["session"]->_login;
}

// Get any DOMAIN ID or CLIENT ID
$GLOBALS["domainId"] = (int) (!empty($GLOBALS["domainId"]) ? $GLOBALS["domainId"] : @$GLOBALS["dom_id"]);
$GLOBALS["clientId"] = (int) (!empty($GLOBALS["clientId"]) ? $GLOBALS["clientId"] : @$GLOBALS["cl_id"]);

$psa_tmp = file_get_contents('/etc/psa/.psa.shadow');

$plesk_conn = soft_mysql_connect('localhost', 'admin', trim($psa_tmp));

if(!empty($plesk_conn)){
	if(!(@soft_mysql_select_db('psa', $plesk_conn))){
		die('ERROR SELECTING DB');
	}
}else{
	die('ERROR CONNECTING TO MYSQL');
}

$plesk_ver = _plesk_version();
$plesk_version_full = _plesk_version_full();

if($plesk_ver > 12){
	pm_Context::init('softaculous');

	// Get the info if Softaculous extension is installed
	if($plesk_version_full > 17.5){
		try{
			$extension = pm_Extension::getById('softaculous');
			$moduleVersion = $extension->getVersion();
		}catch(Exception $e){}
	}
}

// In plesk 12 there is little structure change 
if($plesk_ver >= 12){
	
	$array['usertype'] = $_SESSION['auth']['type'];
	
	if(!empty($_SESSION['auth']['sessionClientId'])){
		$GLOBALS["clientId"] = $_SESSION['auth']['sessionClientId'];
	}
	
	if(!empty($_SESSION['auth']['clientId'])){
		$GLOBALS["clientId"] = $_SESSION['auth']['clientId'];
	}
}

// ADD the SESSION ID and the Forgery protection token
foreach($_SESSION as $k => $v){
	
	if($plesk_ver >= 12){
		$array['session_key'] = @$_COOKIE['PHPSESSID'];
		$array['forgery_protection_token'] = $_SESSION['panel']['forgeryProtectionToken'];
		
	}else{
		if(strpos($k, 'key_check_wrong') !== false){
			$array['session_key'] = str_replace('___key_check_wrong', '', $k);
		}
		
		if(strpos($k, 'forgery_protection_token') !== false){
			$array['session_key'] = str_replace('_forgery_protection_token', '', $k);
			$array['forgery_protection_token'] = $v;
		}
	}
}

if($array['usertype'] == 1){
	
	// Is there a Softaculous Cookie ?
	if(!empty($_COOKIE['softdomid'])){
		// No need to check for the Admins
		$cookie_domain_id = (int) $_COOKIE['softdomid'];
		
		//Check if the domain ID set in the cookie exists or not
		if($plesk_ver > 12){
			$all_domains = pm_Domain::getAllDomains();
			$domain_ids = array_keys($all_domains);
			
			if(!empty($all_domains) && in_array($cookie_domain_id, $domain_ids)){
				$GLOBALS["domainId"] = $cookie_domain_id;
			}
		}else{
			$result = soft_mysql_query("SELECT * FROM domains WHERE id = ".$cookie_domain_id, $plesk_conn);
			$tmp = soft_mysql_fetch_assoc($result);
			// Free resourse
			soft_mysql_free_result($result);
			
			if(!empty($tmp)){
				$GLOBALS["domainId"] = $cookie_domain_id;
			}
		}
	}
	
	if(empty($GLOBALS["domainId"])){
		
		if($plesk_ver > 12){
			
			$all_domains = pm_Domain::getAllDomains();
			
			foreach($all_domains as $dom_id => $dom_values){
				$domain_htype = pm_Domain::getByDomainId($dom_id)->getProperty('htype');
				if($domain_htype == 'vrt_hst'){
					$GLOBALS["domainId"] = $dom_id;
					break;
				}
			}
			
		}else{
			$result = soft_mysql_query("SELECT * FROM domains WHERE htype = 'vrt_hst' ORDER BY id ASC", $plesk_conn);
			
			$tmp = soft_mysql_fetch_assoc($result);
			// Free resourse
			soft_mysql_free_result($result);
			$GLOBALS["domainId"] = $tmp['id'];
		}
		
	}
	
	$array['domainId'] = $GLOBALS["domainId"];

// If you are a USER or CLIENT
}elseif($array['usertype'] == 4 || $array['usertype'] == 8 || $array['usertype'] == 2){ // 2 is for reseller
	
	$array["dom_Ids"] = array();
	
	if($plesk_ver > 12){
		
		if($array['usertype'] == 8){
			$cl_id = $GLOBALS["clientId"];
			//print_r($cl_id);
			$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
			//print_r($domains);
			$domid = array_keys($domains);
			
			foreach($domid as $dk => $dv){
				$res = pm_Session::getClient()->hasAccessToDomain($dv);
				if(!empty($res)){
					$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
					if($domain_htype == 'vrt_hst'){
						$array["dom_Ids"][] = $dv;
					}
				}
			}
		}
		
		if($array['usertype'] == 2){
			$cl_id = $GLOBALS["clientId"];
			//print_r($cl_id);
			$domains = array();
			// We are not using SDK functions because it returns only domains created under reseller account and not under users owned by the reseller
			$result = soft_mysql_query("SELECT id, name FROM domains WHERE vendor_id=".$cl_id."
							AND htype = 'vrt_hst'
							ORDER BY id ASC", $plesk_conn);
			
			while($tmp = soft_mysql_fetch_assoc($result)){
				$domains[$tmp['id']] = $tmp['name'];
			}
			
			//print_r($domains);
			$domid = array_keys($domains);
			
			foreach($domid as $dk => $dv){
				$res = pm_Session::getClient()->hasAccessToDomain($dv);
				if(!empty($res)){
					$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
					if($domain_htype == 'vrt_hst'){
						$array["dom_Ids"][] = $dv;
					}
				}
			}
		}
	}
	
	// Is there a Softaculous Cookie ?
	if(!empty($_COOKIE['softdomid'])){
	
		$cookietmp = (int) $_COOKIE['softdomid'];
		
		if($plesk_ver > 12){
			
			//pm_Domain was throwing a FATAL error if the domain didn't exist.
			try{
				$domain = new pm_Domain($cookietmp);
				if($domain->getProperty('cl_id') == $GLOBALS["clientId"] && $domain->getProperty('htype') == 'vrt_hst'){
					$GLOBALS["domainId"] = $domain->getId();
				}
			}catch(Exception $e){}
			
		}else{
			$result = soft_mysql_query("SELECT * FROM domains
						WHERE cl_id = ".$GLOBALS["clientId"]."
						AND id= '".$cookietmp."'
						AND htype = 'vrt_hst'", $plesk_conn);
								
			if(soft_mysql_num_rows($result) > 0){
				$GLOBALS["domainId"] = $cookietmp;
			}
		}
	}
	
	// You will need to choose a domain
	if(empty($GLOBALS["domainId"])){
		
		//Changes related to WHMCS Auto Install module
		if(optGET('autoinstall')){
			$autoinstall_data = unserialize(base64_decode(optGET('autoinstall')));
			$selected_domain = $autoinstall_data['softdomain'];
		}
		
		if($plesk_ver > 12){
			
			$cl_id = $GLOBALS["clientId"];
			//print_r($cl_id);
			$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
			//print_r($domains);
			$domid = array_keys($domains);
			
			foreach($domid as $dk => $dv){
				$res = pm_Session::getClient()->hasAccessToDomain($dv);
				if(!empty($res)){
					$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
					$domain_name = pm_Domain::getByDomainId($dv)->getProperty('name');
					if($domain_htype == 'vrt_hst'){
						$array["dom_Ids"][] = $dv;
						if(!empty($selected_domain) && $domain_name == $selected_domain){
							$selected_domid = $dv;
						}
					}
				}
			}
			
			try{
				$curr_domainId = pm_Session::getCurrentDomain()->getId();
			}catch(Exception $e){
				// Do nothing. We will handle it later
			}
			
			if(!in_array($curr_domainId, $array["dom_Ids"])){
				$curr_domainId = $array["dom_Ids"][0];
			}
			
			if(!empty($selected_domid)){
				$curr_domainId = $selected_domid;
			}
			
			$GLOBALS["domainId"] = $curr_domainId;
		}else{						
			$result = soft_mysql_query("SELECT * FROM domains
								WHERE cl_id = ".$GLOBALS["clientId"]."
								AND htype = 'vrt_hst'
								ORDER BY id ASC", $plesk_conn);
								
			while($tmp = soft_mysql_fetch_assoc($result)){
				$tmp1[$tmp['id']] = $tmp['name'];
				if(!empty($selected_domain) && $tmp['name'] == $selected_domain){
					$selected_domid = $tmp['id'];
				}
			}
			
			$curr_domainId = key($tmp1);			
			if(!empty($selected_domid)){
				$curr_domainId = $selected_domid;
			}
			
			$GLOBALS["domainId"] = $curr_domainId;
		}
		
	}
	
	// Is user allowed access to Softaculous via Service Plans ?
	// We have added Permissions.php in extension version 1.4 so check only if extension version is higher
	if($plesk_version_full > 17.5 && $moduleVersion >= 1.4){
		if(!pm_Domain::getByDomainId($GLOBALS["domainId"])->hasPermission('manage_softaculous')){
			throw new pm_Exception(pm_Locale::lmsg('permissionDenied'));
		}
	}
	
	$array['domainId'] = $GLOBALS["domainId"];
	$array['clientId'] = $GLOBALS["clientId"];
	
}else{

	die('Softaculous is not available for the type of account you are logged in with. Please try a domain level.');
	
}

if(function_exists('random_bytes')){
	$sess = md5(bin2hex(random_bytes(32)));
}else{
	$sess = str_shuffle(md5(uniqid(microtime())));
}

$file = "/var/softtmp/".$sess;

// Touch the file
touch($file);
chmod($file, 0600);
	
$fp = fopen($file, "a");

if(empty($fp)){
	die('Could not write SESSION DATA.');
}

fwrite($fp, json_encode($array));
fclose($fp);
chmod($file, 0600);

echo shell_exec('/usr/local/softaculous/bin/soft sess '.$sess);
@unlink($file); // load.php will also try to delete it!

// Just to ensure that there should not be any files as a security measures.
$d = date('i');
if($d % 2 == 0){
	
	if ($dh = opendir('/var/softtmp/')) {
		
		while (($dfile = readdir($dh)) !== false) {
			if($dfile == '.' || $dfile == '..') continue;
			
			clearstatcache();
			$stime = filemtime('/var/softtmp/'.$dfile);

			// Delete the file if its there for more than 10 seconds
			if($stime < (time() - 10)){
				@unlink('/var/softtmp/'.$dfile);
			}
		}
		
		closedir($dh);
	}
}

function _plesk_version(){

	$plesk_version = @file_get_contents('/usr/local/psa/version');
	$version = (int) substr($plesk_version, 0, strpos($plesk_version, '.'));
	return  $version;
}

function _plesk_version_full(){

	$plesk_version = @file_get_contents('/usr/local/psa/version');
	return  $plesk_version;
}

function soft_mysql_connect($host, $user, $pass, $newlink = false){
	
	try{
		if(extension_loaded('mysqli')){
			//echo 'mysqli';
			$sconn = @mysqli_connect($host, $user, $pass);
		}else{
			//echo 'mysql';
			$sconn = @mysql_connect($host, $user, $pass, $newlink);
		}
	}catch(Exception $e){
		return false;
	}

	return $sconn;
}

function soft_mysql_select_db($db, $conn){

	if(empty($conn)){
		return false;
	}

	try{
		if(extension_loaded('mysqli')){
			$return = @mysqli_select_db($conn, $db);
		}else{
			$return = @mysql_select_db($db, $conn);
		}
	}catch(Exception $e){
		return false;
	}

	return $return;
}

function soft_mysql_query($query, $conn, $unbuffer_mode = 0){

	if(empty($conn) || empty($query)){
		return false;
	}

	try{
		if(extension_loaded('mysqlnd') && !empty($unbuffer_mode)){
			$return = @mysqli_query($conn, $query, MYSQLI_USE_RESULT);
		}elseif(extension_loaded('mysqli')){
			$return = @mysqli_query($conn, $query);
		}else{
			$return = @mysql_query($query, $conn);
		}
	}catch(Exception $e){
		return false;
	}
	
	return $return;
}

function soft_mysql_fetch_assoc($result){
	
	// If $result is not a resource return else it will lead to FATAL error
	if(empty($result)){
		return false;
	}
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_fetch_assoc($result);
	}else{
		$return = @mysql_fetch_assoc($result);
	}
	
	return $return;
}

function soft_mysql_num_rows($result){
	
	// If $result is not a resource return else it will lead to FATAL error
	if(empty($result)){
		return false;
	}
	
	// $result->type == 1 when mysqlnd and unbuffered queries i.e. with use result
	// $result->type == 0 when not mysqlnd and buffered queries i.e. without use result
	if(extension_loaded('mysqlnd') && !empty($result->type)){
		$return = (int) (!empty($result));
	}elseif(extension_loaded('mysqli')){
		$return = @mysqli_num_rows($result);
	}else{
		$return = @mysql_num_rows($result);
	}
	
	return $return;
}

function soft_mysql_free_result($result){
	
	// If $result is not a mysql result object return else it will lead to FATAL error
	if(empty($result) || !is_object($result)){
		return false;
	}
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_free_result($result);
	}else{
		$return = @mysql_free_result($result);
	}
	
	return $return;
}

function optGET($name, $default = ''){

global $error;

	//Check the GETED NAME was GETed
	if(isset($_GET[$name])){
	
		return inputsec(htmlizer(trim($_GET[$name])));
		
	}else{
		
		return $default;
	
	}

}

function inputsec($string){
	
	//get_magic_quotes_gpc is depricated in php 7.4
	if(version_compare(PHP_VERSION, '7.4', '<')){
		if(!get_magic_quotes_gpc()){
		
			$string = addslashes($string);
		
		}else{
		
			$string = stripslashes($string);
			$string = addslashes($string);
		
		}
	}else{
		$string = addslashes($string);
	}
	
	// This is to replace ` which can cause the command to be executed in exec()
	$string = str_replace('`', '\`', $string);
	
	return $string;

}

function htmlizer($string){

global $globals;

	$string = htmlentities($string, ENT_QUOTES, 'UTF-8');
	
	preg_match_all('/(&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});)/', $string, $matches);//r_print($matches);
	
	foreach($matches[1] as $mk => $mv){		
		$tmp_m = entity_check($matches[2][$mk]);
		$string = str_replace($matches[1][$mk], $tmp_m, $string);
	}
	
	return $string;
	
}

function entity_check($string){
	
	//Convert Hexadecimal to Decimal
	$num = ((substr($string, 0, 1) === 'x') ? hexdec(substr($string, 1)) : (int) $string);
	
	//Squares and Spaces - return nothing 
	$string = (($num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num < 0x20) ? '' : '&#'.$num.';');
	
	return $string;
			
}

?>
@ Telegram