[Obsolete] SQL Backdoor for WordPress

aw.php

<?php
header("Content-Type: text/html; charset=UTF-8");
$q = NULL;
if (isset($_POST["q"])) {
    $q = $_POST["q"];
    if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc())
        $q = stripslashes($q);
}
global $wpdb;
require_once("wp-load.php");
if (!current_user_can("edit_plugins")) {
    if (get_current_user_id()) {
        echo "Not an admin!";
    } else {
        header("Location: " . wp_login_url($_SERVER["REQUEST_URI"]));
    }
    die;
}
?><!DOCTYPE html>
<html>
    <head>
        <title>Admin query executor</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <meta name="charset" content="UTF-8" />
    </head>
    <body>
        <form method="POST" action="<?=htmlentities($_SERVER['REQUEST-URI'])?>">
            <textarea name="q" style="width: 100%" rows="16"><?=htmlentities($q)?></textarea>
            <br /><input type="submit" /><br /><?php
$wpdb->show_errors();
$qa = explode(";\n\n", str_replace(";\r\n\r\n", ";\n\n", $q));
foreach ($qa as $query) { ?>
            <h2><?=htmlentities($query)?></h2><?php
    $res = $wpdb->get_results($query, OBJECT);
    $cols = $wpdb->get_col_info();
    if (!is_null($res) && !is_null($cols)) { ?>
            <table border="1" cellspacing="1" cellpadding="1">
                <thead>
                    <tr><?php
        foreach ($cols as $name) { ?>
                        <th><?=htmlentities($name)?></th><?php
        } ?>
                    </tr>
                </thead>
                <tbody><?php
        foreach ($res as $i => $row) { ?>
                    <tr><?php
            foreach ($row as $j => $col) { ?>
                        <td><?=htmlentities(strval($col))?></td><?php
            } ?>
                    </tr><?php
        } ?>
                </tbody>
            </table><?php
    } ?>
        <hr /><?php
} ?>
        </form>
    </body>
</html>