HEX
Server: LiteSpeed
System: Linux php-prod-3.spaceapp.ru 5.15.0-151-generic #161-Ubuntu SMP Tue Jul 22 14:25:40 UTC 2025 x86_64
User: sarli3128 (1010)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /usr/local/lsws/admin/html/view/inc/
Upload Files
File: //usr/local/lsws/admin/html/view/inc/global.php
<?php

ob_start(); // just in case


header("Expires: -1"); 

header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
header("X-Frame-Options: SAMEORIGIN");
header("Content-Security-Policy: frame-ancestors 'self'");
header("Referrer-Policy: same-origin");
header("X-Content-Type-Options: nosniff");

define ('SERVER_ROOT', $_SERVER['LS_SERVER_ROOT']);

ini_set('include_path',
SERVER_ROOT . 'admin/html/lib/:' .
SERVER_ROOT . 'admin/html/lib/ows/:' .
SERVER_ROOT . 'admin/html/view/:.');

// **PREVENTING SESSION HIJACKING**
// Prevents javascript XSS attacks aimed to steal the session ID
ini_set('session.cookie_httponly', 1);

// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
ini_set('session.use_only_cookies', 1);

// Uses a secure connection (HTTPS) if possible
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
	ini_set('session.cookie_secure', 1);
}

date_default_timezone_set('America/New_York');

spl_autoload_register( function ($class) {
	include $class . '.php';
});
@ Telegram