yet another variation of the CMSmap – WordPress Shell

yet another variation of the CMSmap – WordPress Shell

Noticed a file named wp-logn.php file in the plugins directory that was trying to pass as a WordPress plugin, with the following code:

    function Class_UC_key($string){
		$array = strlen (trim($string));
		$debuger = '';
		for($one = 0;$one < $array;$one+=2) {
			$debuger .= pack ("C",hexdec (substr ($string,$one,2)));
		return $debuger;
header("content-Type: text/html; charset=gb2312");

Upon opening it in the browser the following login page pops up, the password in our case was will

login 1024x545 - yet another variation of the CMSmap – WordPress Shell

This pretty basic PHP web shell was written in Chinese and it offers general shell functionality:

  • view server information
  • upload and modify files
  • execute PHP and SQL code
  • Scan ports
  • Reverse shell
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.