ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/root/lib64/nagios/plugins/
Upload Files
File: //proc/self/root/lib64/nagios/plugins/check_a2_php_versions.shared
#!/bin/bash
#
# check_php_versions - A bash script for check_mk that will check all alt-php versions load correctly
# Ref: SYSENG-24502
# Author : mterrats@a2hosting.com
#
# Refactored: BFENG-1072, BFENG-1196 - Added hard coded php versions and let script check all php versions and not quit on first error.
#                                    - Added fix for Plesk MWP servers
#                                    - Added retry attempts to prevent false positives - zsarfraz

a2u='a2webhos'
a2h=$(hostname)

if [ -f /sbin/plesk ]; then
  dir="/var/www/vhosts/www${a2h}/httpdocs/phpvermon"
  owner="$a2u:psacln"
else
  dir="/home/${a2u}/public_html/phpvermon"
  owner="$a2u:$a2u"
fi

if [[ ! -d "$dir" ]]; then
  mkdir -p "$dir"
  chown $owner "$dir"
fi

true > "$dir/index.php"
chown $owner "$dir/index.php"

if [[ ! -f "$dir/.htaccess" ]]; then
  touch "$dir/.htaccess"
  chown $owner "$dir/.htaccess"
fi

_php_versions_list=("52" "53" "54" "55" "56" "70" "71" "72" "73" "74" "80" "81" "82" "83")

check_url() {
  local url=$1
  check_result=$(curl --connect-timeout 5 -s "$url")
  echo "$check_result"
}

attempt=1
max_attempts=3
retry_delay=5

while [ $attempt -le $max_attempts ]; do
  unreachable_php_versions=""
  exposed_php_versions=""
  success=true

  for php_version in "${_php_versions_list[@]}"; do
    if [[ ! -f "$dir/index.php${php_version}" ]]; then
      echo -e "<?php\ndie(phpversion().\" \".base64_decode('YTJwaHB0ZXN0'));\n" > "$dir/index.php${php_version}"
      chown $owner "$dir/index.php${php_version}"
      sleep 1
    fi
    if [[ $(grep -c "x-httpd-alt-php${php_version}" "$dir/.htaccess") -lt 1 ]]; then
      echo -e "<FilesMatch \"\\.(php$php_version)\$\">\nSetHandler application/x-httpd-alt-php${php_version}___lsphp\n</FilesMatch>\n" >> "$dir/.htaccess"
      sleep 1
    fi
    url="https://www$a2h/phpvermon/index.php$php_version"
    check=$(check_url "$url")
    if [[ -n "$check" ]]; then
      if [[ "$check" =~ "YTJwaHB0ZXN0" ]]; then
        exposed_php_versions+="${php_version}, "
        success=false
      elif [[ "$check" =~ "a2phptest" ]]; then
        nver=$(echo "$check" | awk -F '.' '{print $1 $2}')
        if [[ $php_version != "$nver" ]]; then
          echo "php$php_version loads but shows a different version: $nver ($url)"
          exit 1
          success=false
        fi
      else
        unreachable_php_versions+="${php_version}, "
        success=false
      fi
    else
      unreachable_php_versions+="${php_version}, "
      success=false
    fi
  done

  unreachable_php_versions=${unreachable_php_versions%, }
  exposed_php_versions=${exposed_php_versions%, }

  if $success; then
    echo "All PHP versions are loading correctly."
    exit 0
  fi

  if [[ $attempt -lt $max_attempts ]]; then
    sleep $retry_delay
  fi

  attempt=$((attempt + 1))
done

if [[ -n "$unreachable_php_versions" ]]; then
  echo "PHP ${unreachable_php_versions} isn't working correctly."
  exit 2
fi

if [[ -n "$exposed_php_versions" ]]; then
  echo "PHP ${exposed_php_versions} isn't being rendered correctly and source code is exposed."
  exit 2
fi

exit 0
@ Telegram