<?php
/*
*
* Written by Orange@chroot.org
*
*/
$cookie_key = "◢▆▅▄▃崩╰(〒皿〒)╯潰▃▄▅▇◣";
$iv = "00000000";
function safe( $s ) {
if ( is_string( $s ) && strpos( $s, "\0" ) === false ) {
if ( strpos( $s, 'O:' ) === false ) {
return true;
} else if ( ! preg_match('/(^|;|})s:[+\-0-9]+:"/', $s ) ) {
return true;
}
}
return false;
}
class qoo{
var $key_var = "FakeKey";
function __construct(){}
function __destruct(){
$keyfile = $this->key_var . ".php";
$keyfile = basename( $keyfile );
include( $keyfile );
print $key;
}
}
$checksum = $_COOKIE['checksum'];
if ( @md5($checksum) == '' ) {
$auth_str = $_COOKIE['auth_str'];
$auth_str = base64_decode( $auth_str );
$auth_str = mcrypt_decrypt( MCRYPT_BLOWFISH,
$cookie_key,
$auth_str,
MCRYPT_MODE_ECB,
$iv );
$auth_str = trim( $auth_str );
if ( safe($auth_str) )
unserialize( $auth_str );
else
die( 'Auth string is not safe' );
} else {
new qoo();
}
?>