Exploit Scanner - Version 0.7

Version Description

Download this release

Release Info

Developer ryan
Plugin Icon wp plugin Exploit Scanner
Version 0.7
Comparing to
See all releases

Code changes from version 0.6 to 0.7

Files changed (4) hide show
  1. create-md5.sh +1 -1
  2. exploit-scanner.php +1137 -277
  3. hashes-2.8.6.php +728 -0
  4. readme.txt +12 -8
create-md5.sh CHANGED
@@ -11,7 +11,7 @@ for i in `find $1 -type f`;
11
  do
12
  export filename=`echo $i|sed "s/$1\///"`
13
  /bin/echo -n "'$filename' => '" >> /tmp/md5.txt;
14
- export m=`cat $i | md5sum|awk '{print $1}'`
15
  echo "$m'," >> /tmp/md5.txt
16
  echo $i done;
17
  done
11
  do
12
  export filename=`echo $i|sed "s/$1\///"`
13
  /bin/echo -n "'$filename' => '" >> /tmp/md5.txt;
14
+ export m=`cat $i | md5|awk '{print $1}'`
15
  echo "$m'," >> /tmp/md5.txt
16
  echo $i done;
17
  done
exploit-scanner.php CHANGED
@@ -3,339 +3,1199 @@
3
  Plugin Name: WordPress Exploit Scanner
4
  Plugin URI: http://ocaoimh.ie/exploit-scanner/
5
  Description: Scans your WordPress site for possible exploits.
6
- Version: 0.6
7
  Author: Donncha O Caoimh
8
  Author URI: http://ocaoimh.ie/
9
  */
10
 
11
- add_action('admin_menu', 'exploitscanner_menu');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
 
13
- function exploitscanner_menu() {
14
- add_submenu_page('index.php', 'Exploit Scanner', 'Exploit Scanner', 'manage_options', 'exploit-admin-page', 'exploit_admin_page');
15
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
16
 
17
- function exploit_admin_page() {
18
- global $wp_version; ?>
19
- <div class="wrap">
20
- <h2>Exploit Scanner</h2>
21
- <p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p>
22
- <?php
23
- if ( isset( $_GET['scan'] ) && $_GET['scan'] == 'all' ) {
24
- check_admin_referer( 'exploitscanner-scan_all' );
25
- exploitscanner_file_search();
26
- exploitscanner_db_search();
27
- } elseif ( isset( $_GET['customscan'] ) ) {
28
- check_admin_referer( 'exploitscanner-scan_customstrings' );
29
- $strings = explode( ',', $_GET['customscan'] );
30
- exploitscanner_file_search( array_flip( $strings ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
31
  }
32
 
33
- $scan_url = '?page=exploit-admin-page&scan=all';
34
- $scan_action = 'exploitscanner-scan_all';
35
- $scan_link = wp_nonce_url( $scan_url, $scan_action );
36
- ?>
37
- <form action='?page=exploit-admin-page&scan=all' method='POST'>
38
- <table>
39
- <tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='128' />MB (Max memory used by PHP.)</td></tr>
40
- <tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='400' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>
41
- </table>
42
- <?php wp_nonce_field( 'exploitscanner-scan_all' ); ?>
43
- <input type='submit' value='Run the Scan' />
44
- </form>
45
- <p>If you run into memory problems, increase the PHP memory limit or reduce the file size limit.</p>
46
- <div style='margin-top: 20px; text-align:center'>
47
- <p>Or search the files on your site for a custom string:</p>
48
- <form method="get">
49
- <input type="hidden" name="page" value="exploit-admin-page" />
50
- <input type="text" name="customscan" class="regular-text code" />
51
- <?php wp_nonce_field( 'exploitscanner-scan_customstrings' ); ?>
52
- <input type="submit" class="button exploit-scan-button" value="Search Files" />
53
- </form>
54
- </div>
55
- <script type="text/javascript">
56
- jQuery(document).ready(function($){
57
- $('.exploit-scan-button').click( function() {
58
- $('#loader').show();
59
- });
60
- });
61
- </script>
62
- <div id="loader" style="display:none; margin: 10px; padding: 10px; border: 1px solid #333; margin-top: 30px; text-align: center">
63
- <p><strong>Searching your filesystem and database for hidden links, malicious JavaScript and other possible exploit code</strong><br /><br />Please wait while loading...</p>
64
- <img src="<?php echo WP_PLUGIN_URL; ?>/exploit-scanner/loader.gif" height="16px" width="16px" alt="loading-icon" />
65
- </div>
66
- <h4>DISCLAIMER</h4>
67
- <p>Unfortunately it's impossible to catch every hack, and it's also too easy to catch "false positives" or things that aren't hacks. If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof. </p>
68
 
69
- <h5>For the paranoid...</h5>
70
- <p>To prevent someone hiding malicious code inside this plugin and to check that the signatures file (hashes.txt) hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. If they match, this file is ok. You'll get extra points if you check this file has the actual md5_file() calls.</p>
71
- <p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?></code></p>
72
- <?php if ( file_exists( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ) ) { ?>
73
- <p style="text-align: center">MD5 of hashes-<?php echo $wp_version; ?>.php: <code><?php echo md5_file( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ); ?></code></p>
74
- <?php } ?>
75
- </div>
76
- <?php }
77
 
78
- function exploitscanner_scan( $directory, &$text, &$filehashes, &$skipped_files ) {
79
- global $suspicious_files, $modified_core_files;
80
-
81
- set_time_limit( 60 );
82
- if(is_dir($directory)) {
83
- $directory = rtrim($directory, '/').'/';
84
- $entries = glob($directory. '*');
85
- if( is_array( $entries ) && !empty( $entries ) ) foreach ($entries as $entry) {
86
- if ($entry != '.' && $entry != '..') {
87
- if( !is_dir( $entry ) ) {
88
- $filename = str_replace( ABSPATH, '', $entry );
89
- if ( filesize( $entry ) > ( (int)$_POST[ 'filesize_limit' ] * 1024 ) ) {
90
- if ( isset( $filehashes[$filename] ) ) {
91
- $skipped_files[] = "$entry (core)";
92
  } else {
93
- $skipped_files[] = $entry;
 
 
 
94
  }
95
- continue;
96
  }
 
 
 
97
 
98
- $md5 = md5_file( $entry );
99
- $contents = file_get_contents( $entry );
100
- reset( $text );
101
- foreach( $text as $exploit ) {
102
- if( $exploit == '' )
103
- continue;
104
- if( strpos( $contents, $exploit ) !== false ) {
105
- if( !isset( $filehashes[$filename] ) && $filename != 'wp-content/plugins/exploit-scanner/exploit-scanner.php' || ( isset( $filehashes[$filename] ) && $md5 != $filehashes[$filename] ) ) {
106
- $suspicious_files[$exploit][] = $entry;
107
- }
108
- }
 
 
109
  }
110
- if( isset( $filehashes[$filename] ) && $md5 != $filehashes[$filename] ) {
111
- $modified_core_files[] = $entry;
112
- }
113
- } else {
114
- exploitscanner_scan( $entry, $text, $filehashes, $skipped_files );
115
  }
116
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
117
  }
 
118
  }
119
- }
120
 
121
- function exploitscanner_file_search( $suspicious_text = '' ) {
122
- global $wp_version, $suspicious_files, $modified_core_files;
 
 
 
 
 
 
 
 
 
123
 
124
- if ( isset( $_POST[ 'memory_limit' ] ) )
125
- @ini_set( 'memory_limit', (int)$_POST[ 'memory_limit' ] . 'M' ); // increase the memory limit if possible, to avoid out of memory errors
126
-
127
- if ( $suspicious_text == '' ) {
128
- $suspicious_text = array(
129
- '<iframe' => 'iframes can sometimes be used by hackers to load their own adverts and code on your site.',
130
- 'visibility:hidden' => 'CSS styling used to hide parts of a web page (can be used legitimately)',
131
- 'display:none' => 'CSS styling used to hide parts of a web page (is often used legitimately, be concerned if it\'s used to hide a link)',
132
- 'display: none' => 'CSS styling used to hide parts of a web page (is often used legitimately, be concerned if it\'s used to hide a link)',
133
- 'ShellBOT' => 'This may be a script used by hackers to get control of your server.',
134
- 'uname -a' => 'Tells a hacker what operating system your server is running',
135
- 'shell_exec' => 'Executes a server command like ls, cd, wget, etc. This may be a script used by hackers.',
136
- 'YW55cmVzdWx0cy5uZXQ=' => 'Base64 encoded text found in PHP code that redirects visitors from Google.',
137
- 'eval(' => 'Could be JavaScript code used to hide code inserted by a hacker.',
138
- 'String.fromCharCode' => 'JavaScript code used to hide suspicious code, but can also be legitimate code.',
139
- '$_COOKIE["yahg"]' => "YAHG Googlerank.info exploit code. See <a href='http://creativebriefing.com/wordpress-hacked-googlerankinfo/'>here</a> for further info.",
140
- 'base64_decode' => 'Often used by malicous scripts to decode previously encoded data, such as malicious URLs'
141
- );
 
 
 
142
  }
143
 
144
- unset( $filehashes );
145
- $hashes = dirname(__FILE__) . '/hashes-'. $wp_version .'.php';
146
- if ( file_exists( $hashes ) ) {
147
- include_once( $hashes );
148
- } else {
149
- $modified_core_files[] = 'The file containing the checksums of all the core WordPress files appears to be missing. Either you have upgraded WordPress and this plugin hasn\'t been updated with the new hashes or the file has been deleted/renamed. You will find that a lot more files have been returned in the Suspicious Strings section.';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
150
  }
151
 
152
- $skipped_files = array();
153
- exploitscanner_scan( ABSPATH, array_keys( $suspicious_text ), $filehashes, $skipped_files );
154
- echo '<h3>Skipped Files</h3>';
155
- if (!empty($skipped_files)) {
156
- echo count( $skipped_files ) . " files were skipped:";
157
- echo '<ol>';
158
- foreach ($skipped_files as $file) {
159
- echo "<li>$file</li>";
160
- }
161
- echo '</ol>';
162
- } else {
163
- echo 'Hooray! None of your core WordPress files have been modified.';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
164
  }
165
 
166
- echo '<h3>Modified Core Files</h3>';
167
- if (!empty($modified_core_files)) {
168
- echo '<ol>';
169
- foreach ($modified_core_files as $file) {
170
- echo "<li>$file</li>";
171
- }
172
- echo '</ol>';
173
- } else {
174
- echo 'Hooray! None of your core WordPress files have been modified.';
 
 
 
 
 
 
 
 
 
 
 
175
  }
176
 
177
- if( !empty( $suspicious_files ) ) {
178
- echo '<h3>Suspicious Strings</h3>';
179
- foreach ( $suspicious_files as $exploit => $files ) {
180
- echo '<h4>' . wp_specialchars( $exploit ) . '<br /><em>' . $suspicious_text[$exploit] . '</em></h4><p>Found in the following file(s):</p><ol>';
181
- foreach ( $files as $file ) {
182
- $contents = file_get_contents( $file );
183
- echo '<li>' . wp_specialchars( $file ) . ' <blockquote style="border: 1px solid #333; background: #eee; overflow-x: scroll;">';
184
- hilight_text( $contents, $exploit );
185
- echo '</blockquote></li>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
186
  }
187
- ?></ol><?php
 
 
 
 
 
 
 
 
 
 
 
 
188
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
189
  ?>
 
 
 
 
 
 
 
 
 
 
 
190
 
191
- <?php } else { ?>
192
- <h3>Suspicious Strings</h3>
193
- <p>Hooray! No suspicious strings have been found in any of your files.</p>
194
- <?php }
195
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
196
 
197
- function hilight_text( $contents, $text ) {
198
- while( $contents ) {
199
- $start = strpos( $contents, $text ) - 50;
200
- if ( $start < 0 )
201
- $start = 0;
202
- $contents = substr( $contents, $start );
203
- echo '<p style="margin-left: 1em;"><code>' . nl2br( str_replace( wp_specialchars( $text ), '<span style="background: #ff0">' . wp_specialchars( $text ) . '</span>', wp_specialchars( substr( $contents, 0, 300 ) ) ) ) . '</code></p>';
204
- $contents = substr( $contents, strpos( $contents, $text ) + strlen( $text ) );
205
- if( strpos( $contents, $text ) === false ) {
206
- $contents = false;
207
- } else {
208
- echo '<hr />';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
209
  }
 
 
210
  }
211
- }
212
 
213
- function exploitscanner_db_search() {
214
- global $wpdb;
215
 
216
- // Suspicious Plugins
217
- $active_plugins = get_option( 'active_plugins' );
218
- if ( is_array( $active_plugins ) && !empty( $active_plugins ) ) {
219
- $suspect_plugins = array();
220
- foreach ( $active_plugins as $plugin ) {
221
- if ( strpos( $plugin, '..' ) !== false || substr( $plugin, -4 ) != '.php' ) {
222
- $suspect_plugins[] = $plugin;
 
223
  }
224
  }
225
- if ( !empty( $suspect_plugins ) ) {
226
- ?><h3>Suspicious Plugins</h3>
227
- <p>These plugin files look suspect. Please verify they are files you uploaded.</p><?php
228
- reset( $suspect_plugins );
229
- echo '<ol>';
230
- foreach ( $suspect_plugins as $plugin ) {
231
- if ( $plugin == '' )
232
- $plugin = 'Blank entry found. Should be removed. It will look like \'i:0;s:0:\"\";\' in the active_records field.';
233
- echo '<li>$plugin</li>';
234
- }
235
- echo '</ol>';
236
- } else {
237
- ?><h3>Suspicious Plugins</h3>
238
- <p>Hooray! No suspicious plugins found in the <code>active_plugins</code> database record.</p><?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
239
  }
 
 
 
 
 
 
 
 
 
 
 
 
240
  }
241
 
242
- // Suspcicious text in posts and comments
243
- $suspect_posts = array();
244
- $suspect_comments = array();
245
- $suspect_options = array();
246
- $suspect_usermeta = array();
247
- $suspect_post_text = array( 'ekibastos', 'visibility:hidden', 'visibility: hidden', '<iframe', 'display:none', 'display: none' );
248
- $suspect_options_text = array('eval(', 'script language="JavaScript"');
249
-
250
- foreach ( $suspect_options_text as $exploit_text ) {
251
- $options = $wpdb->get_results( "SELECT * FROM {$wpdb->options} WHERE option_value LIKE '%{$exploit_text}%'" );
252
- if ( $options )
253
- $suspect_options[$exploit_text] = $options;
254
  }
255
- unset($options);
256
- if ( !empty( $suspect_options ) ) { ?>
257
- <h3>Suspicious Settings</h3>
258
- <p>Some settings on your blog contain suspicious text that may have been placed there by hackers.</p><ul><?php
259
- foreach ( $suspect_options as $exploit => $options ) {
260
- foreach ( $options as $option ) {
261
- echo "<li>" . esc_html($option->option_name) . "<br /><blockquote style='border: 1px solid #333; background: #eee;'>";
262
- hilight_text( $option->option_value, $exploit );
263
- echo "</blockquote></li>";
264
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
265
  }
266
- } else { ?>
267
- <h3>Suspicious Settings</h3>
268
- <p>Hooray! No suspicious text was found in any of your settings!</p><?php
 
 
269
  }
270
 
271
- foreach ( $suspect_post_text as $exploit_text ) {
272
- $posts = $wpdb->get_results( "SELECT * FROM {$wpdb->posts} WHERE post_type<>'revision' AND post_content LIKE '%{$exploit_text}%'" );
273
- if ( $posts )
274
- $suspect_posts[$exploit_text] = $posts;
275
- $comments = $wpdb->get_results( "SELECT * FROM {$wpdb->comments} WHERE comment_content LIKE '%{$exploit_text}%'" );
276
- if ( $comments )
277
- $suspect_comments[$exploit_text] = $comments;
278
  }
279
- unset($posts);
280
- unset($comments);
281
-
282
- if ( !empty( $suspect_posts ) ) { ?>
283
- <h3>Suspicious Posts and Comments</h3>
284
- <p>Some posts and comments on your blog contain suspicious text that may have been placed there by hackers.</p><ul><?php
285
- foreach ( $suspect_posts as $exploit => $posts ) {
286
- foreach ( $posts as $post ) {
287
- $edit_url = "<strong>Post:</strong> <a href='post.php?action=edit&amp;post=$post->ID' title='Edit this post'>$post->post_title</a>";
288
- $contents = $post->post_content;
289
- echo "<li>$edit_url<br /><blockquote style='border: 1px solid #333; background: #eee;'>";
290
- hilight_text( $contents, $exploit );
291
- echo "</blockquote></li>";
 
 
 
 
 
 
 
 
 
 
292
  }
293
  }
294
- foreach ( $suspect_comments as $exploit => $comments ) {
295
- foreach ( $comments as $comment ) {
296
- $edit_url = "<strong>Comment:</strong> <a href='comment.php?action=editcomment&amp;c=$comment->comment_ID' title='Edit this comment'>$comment->comment_author</a>";
297
- $contents = $comment->comment_content;
298
- echo "<li>$edit_url<br /><blockquote style='border: 1px solid #333; background: #eee;'>";
299
- hilight_text( $contents, $exploit );
300
- echo "</blockquote></li>";
301
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
302
  }
303
- echo "</ul>";
304
- } else { ?>
305
- <h3>Suspicious Posts and Comments</h3>
306
- <p>Hooray! No suspicious text was found in any of your posts or comments!</p><?php
 
 
 
307
  }
308
 
309
- // List all administrators ?>
310
- <h3>Administrators</h3>
311
- <table class="widefat fixed" style="margin-bottom: 2em;">
312
- <thead>
313
- <tr>
314
- <th scope="col" style="width: 5%">ID</th>
315
- <th scope="col">Username</th>
316
- <th scope="col">Name</th>
317
- <th scope="col">Email</th>
318
- </tr>
319
- </thead>
320
- <tbody>
321
- <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
322
 
323
- $sort_users = 'user_nicename';
324
- $user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $wpdb->users.ID FROM $wpdb->users ORDER BY %s ASC", $sort_users ) );
325
 
326
- foreach ( $user_ids as $id ) {
327
- $user = get_userdata( $id );
328
- if ( $user->user_level == '10' ) {
329
- echo '<tr><td>' . $user->ID . '</td><td>' . $user->user_login . '</td><td>';
330
- if ( isset( $user->last_name ) && isset( $user->first_name ) ) {
331
- echo $user->first_name . ' ' . $user->last_name;
 
 
 
 
 
 
 
 
 
 
 
 
332
  }
333
- echo '</td><td>' . $user->user_email . '</td></tr>';
334
  }
335
- } ?>
336
- </tbody>
337
- </table>
338
 
339
- <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
340
  }
341
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  Plugin Name: WordPress Exploit Scanner
4
  Plugin URI: http://ocaoimh.ie/exploit-scanner/
5
  Description: Scans your WordPress site for possible exploits.
6
+ Version: 0.7
7
  Author: Donncha O Caoimh
8
  Author URI: http://ocaoimh.ie/
9
  */
10
 
11
+ /**
12
+ * Exploit_Scanner class to encapsulate the scanning functions to keep them portable
13
+ *
14
+ * @author: Thorsten Ott
15
+ * @since: 0.7
16
+ * @todo: get rules and hashes from external source in encrypted format to avoid manipulation and keep them up to date
17
+ */
18
+ class Exploit_Scanner
19
+ {
20
+ var $_path = '';
21
+ var $_init_path = '';
22
+ var $_exploit_scanner_filename = 'exploit-scanner-v2.php';
23
+ var $_prepared_patterns = array();
24
+ var $_pattern_descriptions = array();
25
+ var $patterns = array();
26
+ var $_search_results = array();
27
+ var $_whitelist_hits = array();
28
+ var $inaccessible = array();
29
 
30
+ var $file_size_limit = 50;
31
+
32
+ var $scan_source = 'file';
33
+ var $allowed_extensions = array();
34
+
35
+ var $changed_core_files = array();
36
+ var $skipped_core_files = array();
37
+ var $all_core_files = array();
38
+
39
+ var $filehashes = array();
40
+ var $skip_files = array();
41
+
42
+ var $display_severities = array( 'raw', 'blocker', 'severe', 'warning' );
43
+
44
+ var $_severities = array( 'blocker', 'severe', 'warning', 'note' );
45
+
46
+ /**
47
+ * Definition of scan groups and the functions they run
48
+ */
49
+ var $_possible_scans = array( 'file_scan' => array( 'hash_file_scan', 'file_permission_scan', 'file_scan' ), 'db_scan' => array ( 'db_scan_plugins', 'db_scan_options', 'db_scan_posts', 'db_scan_comments' ), 'info' => array( 'list_admins', 'get_serverinfo' ) );
50
+ /**
51
+ * Better descriptions for each of the scans
52
+ */
53
+ var $_scan_names = array( 'hash_file_scan' => 'MD5 Checksum Test', 'file_permission_scan' => 'Scan file permissions', 'file_scan' => 'Filesystem pattern scan', 'db_scan_plugins' => 'Database active plugins test', 'db_scan_options' => 'Database options scan', 'db_scan_posts' => 'Database post scan', 'db_scan_comments' => 'Database comment scan', 'list_admins' => 'Administrator List', 'get_serverinfo' => 'Basic server information' );
54
+ var $memory_limit = '';
55
+
56
+ var $php_user = '';
57
+
58
+ function Exploit_Scanner( $path )
59
+ {
60
+ $this->_path = $this->format_directory_name( $path );
61
+ $this->_init_path = $this->_path;
62
+
63
+ set_time_limit(300);
64
+
65
+ /**
66
+ * Definition of restricted commands
67
+ * "command_name" => array( "level" => "severity as defined in $_severities", "note" => "Free text note describing the problem" )
68
+ */
69
+ $this->restricted_commands = array(
70
+ // wordpress functions
71
+ //
72
 
73
+ "remove_filter" => array( "level" => "Warning", "note" => "Removing filters" ),
74
+ "remove_action" => array( "level" => "Warning", "note" => "Removing actions" ),
75
+ "add_filter" => array( "level" => "Note", "note" => "Altering filters" ),
76
+ "add_action" => array( "level" => "Note", "note" => "Altering actions" ),
77
+
78
+ // filesystem functions
79
+ //
80
+
81
+ //"basename" => array( "level" => "Note", "note" => "Returns filename component of path" ),
82
+ "chgrp" => array( "level" => "Blocker", "note" => "Changes file group" ),
83
+ "chmod" => array( "level" => "Blocker", "note" => "Changes file mode" ),
84
+ "chown" => array( "level" => "Blocker", "note" => "Changes file owner" ),
85
+ "clearstatcache" => array( "level" => "Warning", "note" => "Clears file status cache" ),
86
+ "copy" => array( "level" => "Blocker", "note" => "Copies file" ),
87
+ "delete" => array( "level" => "Blocker", "note" => "See unlink or unset" ),
88
+ //"dirname" => array( "level" => "Warning", "note" => "Returns directory name component of path" ),
89
+ "disk_free_space" => array( "level" => "Warning", "note" => "Returns available space in directory" ),
90
+ "disk_total_space" => array( "level" => "Warning", "note" => "Returns the total size of a directory" ),
91
+ "diskfreespace" => array( "level" => "Warning", "note" => "Alias of disk_free_space" ),
92
+ "fclose" => array( "level" => "Warning", "note" => "Closes an open file pointer" ),
93
+ "feof" => array( "level" => "Warning", "note" => "Tests for end-of-file on a file pointer" ),
94
+ "fflush" => array( "level" => "Blocker", "note" => "Flushes the output to a file" ),
95
+ "fgetc" => array( "level" => "Severe", "note" => "Gets character from file pointer" ),
96
+ "fgetcsv" => array( "level" => "Severe", "note" => "Gets line from file pointer and parse for CSV fields" ),
97
+ "fgets" => array( "level" => "Severe", "note" => "Gets line from file pointer" ),
98
+ "fgetss" => array( "level" => "Severe", "note" => "Gets line from file pointer and strip HTML tags" ),
99
+ //"file_exists" => array( "level" => "Warning", "note" => "Checks whether a file or directory exists" ),
100
+ "file_get_contents" => array( "level" => "Severe", "note" => "Reads entire file into a string" ),
101
+ "file_put_contents" => array( "level" => "Blocker", "note" => "Write a string to a file" ),
102
+ "file" => array( "level" => "Severe", "note" => "Reads entire file into an array" ),
103
+ "fileatime" => array( "level" => "Warning", "note" => "Gets last access time of file" ),
104
+ "filectime" => array( "level" => "Warning", "note" => "Gets inode change time of file" ),
105
+ "filegroup" => array( "level" => "Warning", "note" => "Gets file group" ),
106
+ "fileinode" => array( "level" => "Warning", "note" => "Gets file inode" ),
107
+ "filemtime" => array( "level" => "Warning", "note" => "Gets file modification time" ),
108
+ "fileowner" => array( "level" => "Warning", "note" => "Gets file owner" ),
109
+ "fileperms" => array( "level" => "Warning", "note" => "Gets file permissions" ),
110
+ "filesize" => array( "level" => "Warning", "note" => "Gets file size" ),
111
+ "filetype" => array( "level" => "Warning", "note" => "Gets file type" ),
112
+ "flock" => array( "level" => "Warning", "note" => "Portable advisory file locking" ),
113
+ "fnmatch" => array( "level" => "Warning", "note" => "Match filename against a pattern" ),
114
+ "fopen" => array( "level" => "Blocker", "note" => "Opens file or URL" ),
115
+ "fpassthru" => array( "level" => "Severe", "note" => "Output all remaining data on a file pointer" ),
116
+ "fputcsv" => array( "level" => "Blocker", "note" => "Format line as CSV and write to file pointer" ),
117
+ "fputs" => array( "level" => "Blocker", "note" => "Alias of fwrite" ),
118
+ "fread" => array( "level" => "Severe", "note" => "Binary-safe file read" ),
119
+ "fscanf" => array( "level" => "Severe", "note" => "Parses input from a file according to a format" ),
120
+ "fseek" => array( "level" => "Severe", "note" => "Seeks on a file pointer" ),
121
+ "fstat" => array( "level" => "Warning", "note" => "Gets information about a file using an open file pointer" ),
122
+ "ftell" => array( "level" => "Warning", "note" => "Returns the current position of the file read/write pointer" ),
123
+ "ftruncate" => array( "level" => "Severe", "note" => "Truncates a file to a given length" ),
124
+ "fwrite" => array( "level" => "Blocker", "note" => "Binary-safe file write" ),
125
+ "glob" => array( "level" => "Warning", "note" => "Find pathnames matching a pattern" ),
126
+ "is_dir" => array( "level" => "Warning", "note" => "Tells whether the filename is a directory" ),
127
+ "is_executable" => array( "level" => "Warning", "note" => "Tells whether the filename is executable" ),
128
+ "is_file" => array( "level" => "Warning", "note" => "Tells whether the filename is a regular file" ),
129
+ "is_link" => array( "level" => "Warning", "note" => "Tells whether the filename is a symbolic link" ),
130
+ //"is_readable" => array( "level" => "Warning", "note" => "Tells whether the filename is readable" ),
131
+ "is_uploaded_file" => array( "level" => "Warning", "note" => "Tells whether the file was uploaded via HTTP POST" ),
132
+ "is_writable" => array( "level" => "Warning", "note" => "Tells whether the filename is writable" ),
133
+ "is_writeable" => array( "level" => "Warning", "note" => "Alias of is_writable" ),
134
+ "lchgrp" => array( "level" => "Blocker", "note" => "Changes group ownership of symlink" ),
135
+ "lchown" => array( "level" => "Blocker", "note" => "Changes user ownership of symlink" ),
136
+ "link" => array( "level" => "Blocker", "note" => "Create a hard link" ),
137
+ "linkinfo" => array( "level" => "Warning", "note" => "Gets information about a link" ),
138
+ "lstat" => array( "level" => "Warning", "note" => "Gives information about a file or symbolic link" ),
139
+ "mkdir" => array( "level" => "Blocker", "note" => "Makes directory" ),
140
+ "move_uploaded_file" => array( "level" => "Severe", "note" => "Moves an uploaded file to a new location" ),
141
+ "parse_ini_file" => array( "level" => "Severe", "note" => "Parse a configuration file" ),
142
+ "parse_ini_string" => array( "level" => "Severe", "note" => "Parse a configuration string" ),
143
+ "pathinfo" => array( "level" => "Warning", "note" => "Returns information about a file path" ),
144
+ "pclose" => array( "level" => "Warning", "note" => "Closes process file pointer" ),
145
+ "popen" => array( "level" => "Blocker", "note" => "Opens process file pointer" ),
146
+ "readfile" => array( "level" => "Severe", "note" => "Outputs a file" ),
147
+ "readlink" => array( "level" => "Severe", "note" => "Returns the target of a symbolic link" ),
148
+ "realpath" => array( "level" => "Severe", "note" => "Returns canonicalized absolute pathname" ),
149
+ "rename" => array( "level" => "Blocker", "note" => "Renames a file or directory" ),
150
+ "rewind" => array( "level" => "Warning", "note" => "Rewind the position of a file pointer" ),
151
+ "rmdir" => array( "level" => "Blocker", "note" => "Removes directory" ),
152
+ "set_file_buffer" => array( "level" => "Warning", "note" => "Alias of stream_set_write_buffer" ),
153
+ "stat" => array( "level" => "Warning", "note" => "Gives information about a file" ),
154
+ "symlink" => array( "level" => "Blocker", "note" => "Creates a symbolic link" ),
155
+ "tempnam" => array( "level" => "Severe", "note" => "Create file with unique file name" ),
156
+ "tmpfile" => array( "level" => "Blocker", "note" => "Creates a temporary file" ),
157
+ "touch" => array( "level" => "Blocker", "note" => "Sets access and modification time of file" ),
158
+ "umask" => array( "level" => "Blocker", "note" => "Changes the current umask" ),
159
+ "unlink" => array( "level" => "Blocker", "note" => "Deletes a file" ),
160
+
161
+ // process control functions
162
+ //
163
+ "pcntl_alarm" => array( "level" => "Blocker", "note" => "Set an alarm clock for delivery of a signal" ),
164
+ "pcntl_exec" => array( "level" => "Blocker", "note" => "Executes specified program in current process space" ),
165
+ "pcntl_fork" => array( "level" => "Blocker", "note" => "Forks the currently running process" ),
166
+ "pcntl_getpriority" => array( "level" => "Blocker", "note" => "Get the priority of any process" ),
167
+ "pcntl_setpriority" => array( "level" => "Blocker", "note" => "Change the priority of any process" ),
168
+ "pcntl_signal_dispatch" => array( "level" => "Blocker", "note" => "Calls signal handlers for pending signals" ),
169
+ "pcntl_signal" => array( "level" => "Blocker", "note" => "Installs a signal handler" ),
170
+ "pcntl_sigprocmask" => array( "level" => "Blocker", "note" => "Sets and retrieves blocked signals" ),
171
+ "pcntl_sigtimedwait" => array( "level" => "Blocker", "note" => "Waits for signals, with a timeout" ),
172
+ "pcntl_sigwaitinfo" => array( "level" => "Blocker", "note" => "Waits for signals" ),
173
+ "pcntl_wait" => array( "level" => "Blocker", "note" => "Waits on or returns the status of a forked child" ),
174
+ "pcntl_waitpid" => array( "level" => "Blocker", "note" => "Waits on or returns the status of a forked child" ),
175
+ "pcntl_wexitstatus" => array( "level" => "Blocker", "note" => "Returns the return code of a terminated child" ),
176
+ "pcntl_wifexited" => array( "level" => "Blocker", "note" => "Checks if status code represents a normal exit" ),
177
+ "pcntl_wifsignaled" => array( "level" => "Blocker", "note" => "Checks whether the status code represents a termination due to a signal" ),
178
+ "pcntl_wifstopped" => array( "level" => "Blocker", "note" => "Checks whether the child process is currently stopped" ),
179
+ "pcntl_wstopsig" => array( "level" => "Blocker", "note" => "Returns the signal which caused the child to stop" ),
180
+ "pcntl_wtermsig" => array( "level" => "Blocker", "note" => "Returns the signal which caused the child to terminate" ),
181
+
182
+ // system functions
183
+ //
184
+ "shell_exec" => array( "level" => "Blocker", "note" => "Executes a server command like ls, cd, wget, etc. This may be a script used by hackers." ),
185
+ "eval" => array( "level" => "Blocker", "note" => "Could be JavaScript code used to hide code inserted by a hacker." ),
186
+
187
+ // other suspicious functions
188
+ 'base64_decode' => array( "level" => "Severe", "note" => "Often used by malicous scripts to decode previously encoded data, such as malicious URLs" ),
189
+
190
+ );
191
+ /**
192
+ * Definition of restricted patterns
193
+ * "preg_match pattern" => array( "level" => "severity as defined in $_severities", "note" => "Free text note describing the problem" )
194
+ */
195
+ $this->restricted_patterns = array(
196
+ // Direct Database queries
197
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(ALTER)+\s+/msiU" => array( "level" => "Severe", "note" => "Possible database table alteration" ),
198
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(CREATE)+\s+/msiU" => array( "level" => "Severe", "note" => "Possible database table creation" ),
199
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(DROP)+\s+/msiU" => array( "level" => "Severe", "note" => "Possible database table deletion" ),
200
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(DELETE)+\s+(FROM)+\s+/msiU" => array( "level" => "Warning", "note" => "Direct database delete query" ),
201
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(UPDATE)+\s+/msiU" => array( "level" => "Warning", "note" => "Direct database update query" ),
202
+ "/(\\\$wpdb->|mysql_|WP_Query)+.+(SELECT)+\s.+/msiU" => array( "level" => "Note", "note" => "Direct Database select query" ),
203
+ "/(^GLOBAL)(\\\$wpdb->|mysql_|WP_Query)+/msiU" => array( "level" => "Note", "note" => "Possible direct database query" ),
204
+
205
+ // Output of variables
206
+ "/(echo|print|\<\?\=)+.+(\\\$GLOBALS|\\\$_SERVER|\\\$_GET|\\\$_REQUEST|\\\$_POST)+/msiU" => array( "level" => "Warning", "note" => "Possible output of restricted variables" ),
207
+ "/(echo|print|\<\?\=)+.+(get_search_query)+/msiU" => array( "level" => "Severe", "note" => "Output of search query" ),
208
+
209
+ // Possible exploit patterns
210
+ "/<iframe/msiU" => array( "level" => "Severe", "note" => "iframes can sometimes be used by hackers to load their own adverts and code on your site." ),
211
+ "/visibility:hidden/msiU" => array( "level" => "Warning", "note" => "CSS styling used to hide parts of a web page (can be used legitimately)" ),
212
+ "/display:none/msiU" => array( "level" => "Warning", "note" => "CSS styling used to hide parts of a web page (is often used legitimately, be concerned if it's used to hide a link)" ),
213
+ "/display: none/msiU" => array( "level" => "Warning", "note" => "CSS styling used to hide parts of a web page (is often used legitimately, be concerned if it's used to hide a link)" ),
214
+ "/ShellBOT/msiU" => array( "level" => "Blocker", "note" => "This may be a script used by hackers to get control of your server." ),
215
+ "/uname -a/msiU" => array( "level" => "Blocker", "note" => "Tells a hacker what operating system your server is running" ),
216
+ "/YW55cmVzdWx0cy5uZXQ=/msiU" => array( "level" => "Blocker", "note" => "Base64 encoded text found in PHP code that redirects visitors from Google." ),
217
+ "/eval\(/msiU" => array( "level" => "Severe", "note" => "Could be JavaScript code used to hide code inserted by a hacker." ),
218
+ "/String\.fromCharCode/msiU" => array( "level" => "Warning", "note" => "JavaScript code used to hide suspicious code, but can also be legitimate code." ),
219
+ "/\$_COOKIE\[\"yahg\"\]/msiU" => array( "level" => "Blocker", "note" => "YAHG Googlerank.info exploit code. See <a href='http://creativebriefing.com/wordpress-hacked-googlerankinfo/'>here</a> for further info." ),
220
+ "/ekibastos/msiU" => array( "level" => "Blocker", "note" => "Possible Ekibastos attack. See <a href='http://ocaoimh.ie/did-your-wordpress-site-get-hacked/'>here</a> for more info." ),
221
+ "/script language=\"JavaScript\"/msiU" => array( "level" => "Severe", "note" => "Could be JavaScript code used to hide code inserted by a hacker." ),
222
+ "/eval\s*\(\s*base64_decode\s*\(/msiU" => array( "level" => "Blocker", "note" => "Most likely used by malicous scripts to decode previously encoded data and execute it" ),
223
+ "/<!--\s*[A-Za-z0-9]+\s*--><\?php/msiU" => array( "level" => "Blocker", "note" => "Frequently used by Wordpress, MediaTemple, and an Injection Attack. See <a href='http://www.kyle-brady.com/2009/11/07/wordpress-mediatemple-and-an-injection-attack/'>here</a>" ),
224
+
225
+ );
226
+ /**
227
+ * Definition of whitelist patterns (patterns that need to be existing somewhere in the path)
228
+ * "preg_match pattern" => array( "level" => "severity as defined in $_severities", "note" => "Free text note describing the problem" )
229
+ */
230
+ $this->whitelist_patterns = array(
231
+ "/(wp_head)+\s?\(\)/msiU" => array( "level" => "Severe", "note" => "wp_head() call missing" ),
232
+ "/(wp_footer)+\s?\(\)/msiU" => array( "level" => "Severe", "note" => "wp_footer() call missing" ),
233
+ );
234
+
235
+ /**
236
+ * Definition files that should be skipped
237
+ */
238
+ $this->skip_files = array(
239
+ '.svn', // skip .svn directories
240
+ str_replace( ABSPATH, '', basename( __FILE__ ) ), // skip the current file
241
+ );
242
+ }
243
+
244
+
245
+ function format_directory_name( $dir )
246
+ {
247
+ $dir = preg_split( '/\/+$/', $dir, -1, PREG_SPLIT_NO_EMPTY );
248
+ return $dir[0];
249
+ }
250
+
251
+ function search_file_for_pattern( $file )
252
+ {
253
+
254
+ if ( !is_readable( $file ) ) {
255
+ if ( !isset( $this->inaccessible['files']['inaccessible'] ) || !in_array( $file, $this->inaccessible['files']['inaccessible'] ) ) {
256
+ $this->inaccessible['files']['inaccessible'][] = $file;
257
+ }
258
+ return;
259
+ }
260
+
261
+ if ( !file( $file ) ) {
262
+ if ( !isset( $this->inaccessible['files']['empty'] ) || !in_array( $file, $this->inaccessible['files']['empty'] ) ) {
263
+ $this->inaccessible['files']['empty'][] = $file;
264
+ }
265
+ return;
266
  }
267
 
268
+ if ( filesize( $file ) > ( (int) $this->file_size_limit * 1024 ) ) {
269
+ $this->add_result( $file, '', '', '', 'file skipped due to filesize', 'Note', 'file_scan' );
270
+ return;
271
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
272
 
273
+ if ( in_array( $file, $this->all_core_files ) && !in_array( $file, $this->changed_core_files ) ) {
274
+ $this->add_result( $file, '', '', '', 'unmodified core file skipped', 'Note', 'file_scan' );
275
+ return;
276
+ }
 
 
 
 
277
 
278
+ $file_lines = file( $file );
279
+ foreach ( $this->_prepared_patterns as $pattern ) {
280
+ foreach ( $file_lines as $line_number => $line_content ) {
281
+ $line_content = trim( $line_content );
282
+ if ( preg_match( $pattern,$line_content ) ) {
283
+ if ( isset( $this->whitelist_patterns[ $pattern ] ) ) {
284
+ $this->_whitelist_hits[$pattern]++;
 
 
 
 
 
 
 
285
  } else {
286
+ $problem_description = $this->_pattern_descriptions[ $pattern ][ 'note' ];
287
+ $problem_level = $this->_pattern_descriptions[ $pattern ][ 'level' ];
288
+ // log result
289
+ $this->add_result( $file, $line_content, $line_number+1, $pattern, $problem_description, $problem_level, $this->scan_source );
290
  }
 
291
  }
292
+ }
293
+ }
294
+ }
295
 
296
+ function scan_directory( $dir, $callback )
297
+ {
298
+ $sub_dirs = array();
299
+ $dir_files = array();
300
+ if ( $handle = @opendir( $dir ) ) {
301
+ while ( false !== ( $file = readdir( $handle ) ) ) {
302
+ if ( $file != "." && $file != ".." && !in_array( $file, $this->skip_files ) ) {
303
+ if ( is_dir( $dir . "/" . $file ) ) {
304
+ $sub_dirs[] = $dir."/".$file;
305
+ } elseif ( is_file( $dir . "/" . $file ) && $this->is_extension( $file ) ) {
306
+ $dir_files[] = $dir."/".$file;
307
+ } else {
308
+ ///neither file, nor directory >>> not interested.
309
  }
 
 
 
 
 
310
  }
311
  }
312
+ closedir( $handle );
313
+ foreach ( $dir_files as $file ) {
314
+ if ( is_callable( array( $this, $callback ) ) )
315
+ call_user_func( array( $this, $callback ), $file );
316
+ }
317
+ if ( count( $sub_dirs ) > 0) {
318
+ foreach ( $sub_dirs as $sub_dir ) {
319
+ $this->scan_directory( $sub_dir, $callback );
320
+ }
321
+ }
322
+ } else {
323
+ if ( !isset( $this->inaccessible['dirs']['inaccessible'] ) || !in_array( $dir,$this->inaccessible['dirs']['inaccessible'] ) ) {
324
+ $this->inaccessible['dirs']['inaccessible'][] = $dir;
325
+ }
326
  }
327
+
328
  }
 
329
 
330
+ function is_extension($file)
331
+ {
332
+ if ( empty( $this->allowed_extensions ) )
333
+ return true;
334
+
335
+ $file_ext = array_pop( explode( ".",$file ) );
336
+ if ( in_array( $file_ext, $this->allowed_extensions ) ) {
337
+ return true;
338
+ }
339
+ return false;
340
+ }
341
 
342
+ function prepare_patterns() {
343
+ if ( ! empty( $this->restricted_patterns ) ) {
344
+ foreach ( $this->restricted_patterns as $pattern => $data ) {
345
+ $this->_prepared_patterns[] = $pattern;
346
+ $this->_pattern_descriptions[ $pattern ] = $data;
347
+ }
348
+ }
349
+ if ( ! empty( $this->whitelist_patterns ) ) {
350
+ foreach ( $this->whitelist_patterns as $pattern => $data ) {
351
+ $this->_prepared_patterns[] = $pattern;
352
+ $this->_pattern_descriptions[ $pattern ] = $data;
353
+ }
354
+ }
355
+
356
+ if ( ! empty( $this->restricted_commands ) ) {
357
+ foreach ( $this->restricted_commands as $command => $data) {
358
+ $cmd_pattern = "/\s+($command)+\s?\(+[\$|\'|\"]+/msiU";
359
+ $this->_prepared_patterns[] = $cmd_pattern;
360
+ $this->_pattern_descriptions[ $cmd_pattern ] = $data;
361
+ }
362
+ }
363
  }
364
 
365
+ function run( $scans=array() ) {
366
+ if ( !empty( $this->memory_limit ) )
367
+ @ini_set( 'memory_limit', (int) $this->memory_limit . 'M' );
368
+
369
+ $this->prepare_patterns();
370
+
371
+ if ( empty( $scans ) || !is_array( $scans ) )
372
+ $this->add_result( '', '', '', '', 'You did not select any scans. Please select at least one scan to execute.', 'Blocker', 'run' );
373
+
374
+ foreach ( (array) $this->_possible_scans as $group => $scan_types ) {
375
+ if ( in_array( $group, $scans ) ) {
376
+ foreach ( (array) $scan_types as $scan ) {
377
+ if ( is_callable( array( &$this, $scan ) ) )
378
+ call_user_func( array( &$this, $scan ) );
379
+ }
380
+ }
381
+ }
382
+ }
383
+
384
+ function hash_file_scan() {
385
+ global $wp_version;
386
+
387
+ $this->scan_source = 'hash_file_scan';
388
+
389
+ unset( $filehashes );
390
+ $hashes = dirname(__FILE__) . '/hashes-'. $wp_version .'.php';
391
+ if ( file_exists( $hashes ) ) {
392
+ include_once( $hashes );
393
+ } else {
394
+ $this->add_result( $hashes, '', '', '', 'The file containing the checksums of all the core WordPress files appears to be missing. Either you have upgraded WordPress and this plugin hasn\'t been updated with the new hashes or the file has been deleted/renamed. You will find that a lot more files have been returned in the Suspicious Strings section.', 'Blocker', 'hash_file_scan' );
395
+ return;
396
+ }
397
+
398
+ if ( !empty( $filehashes ) ) {
399
+ $this->filehashes = $filehashes;
400
+ } else {
401
+ $this->add_result( $hashes, '', '', '', 'The file containing the checksums of all the core WordPress files appears to be corrupt and does not include any hash values.', 'Blocker', 'hash_file_scan' );
402
+ return;
403
+ }
404
+ if ( is_file( $this->_path ) ) {
405
+ // run search on the file
406
+ $this->verify_hash( $this->_path );
407
+ } elseif ( is_dir( $this->_path ) ) {
408
+ // scan directory contents for string
409
+ $this->scan_directory($this->_path, 'verify_hash');
410
+ }
411
+
412
+ $this->_path = $this->_init_path;
413
  }
414
 
415
+ function file_permission_scan() {
416
+ global $wp_version;
417
+
418
+ $this->php_user = trim( @exec( 'whoami' ) );
419
+ // most likely an error
420
+ if ( !empty( $this->php_user ) && count( split(" ", $this->php_user ) ) > 1 )
421
+ $this->php_user = '';
422
+
423
+
424
+ $this->scan_source = 'file_permission_scan';
425
+
426
+ if ( is_file( $this->_path ) ) {
427
+ // run search on the file
428
+ $this->verify_permissions( $this->_path );
429
+ } elseif ( is_dir( $this->_path ) ) {
430
+ // scan directory contents for string
431
+ $this->scan_directory( $this->_path, 'verify_permissions' );
432
+ }
433
+
434
+ $this->_path = $this->_init_path;
435
+ }
436
+
437
+ function file_scan() {
438
+ $this->scan_source = 'file_scan';
439
+
440
+ if ( is_file( $this->_path ) ) {
441
+ // run search on the file
442
+ $this->search_file_for_pattern( $this->_path );
443
+ } elseif ( is_dir( $this->_path ) ) {
444
+ // scan directory contents for string
445
+ $this->scan_directory( $this->_path, 'search_file_for_pattern' );
446
+ }
447
+
448
+ if ( ! empty( $this->whitelist_patterns ) ) {
449
+ foreach ( $this->whitelist_patterns as $pattern => $data ) {
450
+ if ( !isset( $this->_whitelist_hits[$pattern] ) )
451
+ $this->add_result( '', '', '', $pattern, $data['note'], $data['level'], $this->scan_source );
452
+ }
453
+ }
454
+
455
+ $this->_path = $this->_init_path;
456
  }
457
 
458
+ function db_scan_plugins() {
459
+ global $wpdb;
460
+ $this->scan_source = 'db_scan_plugins';
461
+
462
+ // Suspicious Plugins
463
+ $active_plugins = get_option( 'active_plugins' );
464
+ if ( is_array( $active_plugins ) && !empty( $active_plugins ) ) {
465
+ $suspect_plugins = array();
466
+ foreach ( $active_plugins as $plugin ) {
467
+ if ( strpos( $plugin, '..' ) !== false || substr( $plugin, -4 ) != '.php' ) {
468
+ $suspect_plugins[] = $plugin;
469
+ }
470
+ }
471
+ if ( !empty( $suspect_plugins ) ) {
472
+ foreach ( $suspect_plugins as $plugin ) {
473
+ if ( $plugin == '' )
474
+ $this->add_result( '', '', '', '', 'Blank entry found. Should be removed. It will look like \'i:0;s:0:\"\";\' in the active_records field.', 'Blocker', $this->scan_source );
475
+ }
476
+ }
477
+ }
478
  }
479
 
480
+ function db_scan_options() {
481
+ global $wpdb;
482
+ $this->scan_source = 'db_scan_options';
483
+
484
+ $options = $wpdb->get_results( "SELECT option_name, option_value FROM {$wpdb->options}" );
485
+ if ( !$options ) {
486
+ $this->add_result('', '', '', '', 'No options found, that\'s odd.', 'Blocker', $this->scan_source);
487
+ return;
488
+ }
489
+
490
+ foreach ( $this->_prepared_patterns as $pattern ) {
491
+ foreach ( $options as $option ) {
492
+ $value = $option->option_value;
493
+ $key = $option->option_name;
494
+ if ( preg_match( $pattern, $value ) ) {
495
+ if ( isset( $this->whitelist_patterns[ $pattern ] ) ) {
496
+ $this->_whitelist_hits[$pattern]++;
497
+ } else {
498
+ $problem_description = $this->_pattern_descriptions[ $pattern ][ 'note' ];
499
+ $problem_level = $this->_pattern_descriptions[ $pattern ][ 'level' ];
500
+ // log result
501
+ $this->add_result( $key, $value, $key, $pattern, $problem_description, $problem_level, $this->scan_source );
502
+ }
503
+ }
504
+ }
505
  }
506
+ unset( $options );
507
+ return;
508
+ }
509
+
510
+ function db_scan_posts() {
511
+ global $wpdb;
512
+ set_time_limit(0);
513
+ $this->scan_source = 'db_scan_posts';
514
+
515
+ $post_count = $wpdb->get_var( "SELECT count(*) FROM {$wpdb->posts} WHERE post_type<>'revision'" );
516
+ if ( !$post_count || 0 == $post_count ) {
517
+ $this->add_result( '', '', '', '', 'No posts found, that\'s odd.', 'Blocker', $this->scan_source );
518
+ return;
519
  }
520
+ $start = 0;
521
+ $max = 50; // run always 50 posts at once in order to keep memory kinda empty
522
+ $end = $limit;
523
+
524
+ while ( $end < $post_count ) {
525
+ $end = $start+$max;
526
+ $limit = " LIMIT $start, $max";
527
+ $start = $end;
528
+ $posts = $wpdb->get_results( "SELECT ID, post_title, concat_ws(' ', post_title, post_content, post_excerpt) as content FROM {$wpdb->posts} WHERE post_type<>'revision' $limit" );
529
+
530
+
531
+ foreach ( $this->_prepared_patterns as $pattern ) {
532
+ foreach ( $posts as $post ) {
533
+ if ( preg_match( $pattern, $post->content ) ) {
534
+ if ( isset( $this->whitelist_patterns[ $pattern ] ) ) {
535
+ $this->_whitelist_hits[$pattern]++;
536
+ } else {
537
+ $problem_description = $this->_pattern_descriptions[ $pattern ][ 'note' ];
538
+ $problem_level = $this->_pattern_descriptions[ $pattern ][ 'level' ];
539
+ // log result
540
+ $this->add_result( $post->ID, $post->content, $post->post_title, $pattern, $problem_description, $problem_level, $this->scan_source );
541
+ }
542
+ }
543
+ }
544
+ }
545
+ unset( $posts );
546
+ }
547
+ return;
548
+ }
549
+
550
+ function db_scan_comments() {
551
+ global $wpdb;
552
+ set_time_limit(0);
553
+ $this->scan_source = 'db_scan_comments';
554
+
555
+ $comment_count = $wpdb->get_var( "SELECT count(*) FROM {$wpdb->comments}" );
556
+ if ( !$comment_count || 0 == $comment_count ) {
557
+ $this->add_result('', '', '', '', 'No comments found, that\'s odd.', 'Blocker', $this->scan_source);
558
+ return;
559
+ }
560
+ $start = 0;
561
+ $max = 100; // run always 100 comments at once in order to keep memory kinda empty
562
+ $end = $limit;
563
+
564
+ while ( $end < $comment_count ) {
565
+ $end = $start+$max;
566
+ $limit = " LIMIT $start, $max";
567
+ $start = $end;
568
+ $comments = $wpdb->get_results( "SELECT comment_ID, comment_content, comment_author FROM {$wpdb->comments} $limit" );
569
+ foreach ( $this->_prepared_patterns as $pattern ) {
570
+ foreach ( $comments as $comment ) {
571
+ if ( preg_match( $pattern, $comment->comment_content ) ) {
572
+ if ( isset( $this->whitelist_patterns[ $pattern ] ) ) {
573
+ $this->_whitelist_hits[$pattern]++;
574
+ } else {
575
+ $problem_description = $this->_pattern_descriptions[ $pattern ][ 'note' ];
576
+ $problem_level = $this->_pattern_descriptions[ $pattern ][ 'level' ];
577
+ // log result
578
+ $this->add_result( $comment->comment_ID, $comment->comment_content, $comment->comment_author, $pattern, $problem_description, $problem_level, $this->scan_source );
579
+ }
580
+ }
581
+ }
582
+ }
583
+ unset( $comments );
584
+ }
585
+ return;
586
+ }
587
+
588
+ function list_admins() {
589
+ global $wpdb;
590
+ $this->scan_source = 'list_admins';
591
+
592
+ // List all administrators
593
+ ob_start();
594
  ?>
595
+ <table class="widefat fixed" style="margin-bottom: 2em;">
596
+ <thead>
597
+ <tr>
598
+ <th scope="col" style="width: 5%">ID</th>
599
+ <th scope="col">Username</th>
600
+ <th scope="col">Name</th>
601
+ <th scope="col">Email</th>
602
+ </tr>
603
+ </thead>
604
+ <tbody>
605
+ <?php
606
 
607
+ $sort_users = 'user_nicename';
608
+ $user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $wpdb->users.ID FROM $wpdb->users ORDER BY %s ASC", $sort_users ) );
609
+
610
+ foreach ( $user_ids as $id ) {
611
+ $user = get_userdata( $id );
612
+ if ( $user->user_level == '10' ) {
613
+ echo '<tr><td>' . $user->ID . '</td><td>' . $user->user_login . '</td><td>';
614
+ if ( isset( $user->last_name ) && isset( $user->first_name ) ) {
615
+ echo $user->first_name . ' ' . $user->last_name;
616
+ }
617
+ echo '</td><td>' . $user->user_email . '</td></tr>';
618
+ }
619
+ } ?>
620
+ </tbody>
621
+ </table>
622
+ <?php
623
+ $list = ob_get_clean();
624
+ $this->add_result('', $list, '', '', '', 'raw', $this->scan_source);
625
+ }
626
+
627
+ function get_serverinfo() {
628
+ global $wpdb;
629
+ $this->scan_source = 'get_serverinfo';
630
 
631
+ $info['sqlversion'] = $wpdb->get_var( "SELECT VERSION() AS version" );
632
+ $mysqlinfo = $wpdb->get_results( "SHOW VARIABLES LIKE 'sql_mode'" );
633
+ if ( is_array( $mysqlinfo ) )
634
+ $info['sql_mode'] = $mysqlinfo[0]->Value;
635
+
636
+ $ini_vars = array( 'safe_mode', 'allow_url_fopen', 'upload_max_filesize', 'post_max_size', 'max_execution_time', 'memory_limit' );
637
+ foreach ( $ini_vars as $var ) {
638
+ if ( $val = ini_get( $var ) )
639
+ $info[$var] = $val;
640
+ else
641
+ $info[$var] = ( $var === false) ? 'off' : 'n/a';
642
+ }
643
+
644
+ if ( function_exists( 'memory_get_usage' ) )
645
+ $info['memory_usage'] = round( memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
646
+
647
+ ob_start();
648
+ ?>
649
+ <table class="widefat fixed" style="margin-bottom: 2em;">
650
+ <thead>
651
+ <tr>
652
+ <th scope="col">Setting</th>
653
+ <th scope="col">Value</th>
654
+ <th scope="col">Description</th>
655
+ </tr>
656
+ </thead>
657
+ <tbody>
658
+ <?php
659
+ foreach ( $info as $var => $value ) {
660
+ if ( isset( $info_desc[$var] ) )
661
+ $description = $info_desc[$var];
662
+ else
663
+ $description = 'n/a';
664
+ echo '<tr><td>' . $var . '</td><td>' . $value . '</td><td>' . $description . '</td></tr>';
665
  }
666
+ $list = ob_get_clean();
667
+ $this->add_result('', $list, '', '', '', 'raw', $this->scan_source);
668
  }
 
669
 
670
+
 
671
 
672
+ function verify_hash( $file ) {
673
+ $filename = str_replace( ABSPATH, '', $file );
674
+ if ( filesize( $file ) > ( (int) $this->file_size_limit * 1024 ) ) {
675
+ if ( isset( $this->filehashes[$filename] ) ) {
676
+ $this->add_result( $file, '', '', '', 'core file skipped due to filesize', 'Warning', 'hash_file_scan' );
677
+ $this->skipped_core_files[] = $file;
678
+ } else {
679
+ $this->add_result( $file, '', '', '', 'file skipped due to filesize', 'Warning', 'hash_file_scan' );
680
  }
681
  }
682
+
683
+ $md5 = md5_file( $file );
684
+ if ( isset( $this->filehashes[$filename] ) )
685
+ $this->all_core_files[] = $file;
686
+
687
+ if ( isset( $this->filehashes[$filename] ) && $md5 != $this->filehashes[$filename] ) {
688
+ $this->add_result( $file, '', '', '', 'altered core file', 'Blocker', 'hash_file_scan' );
689
+ $this->changed_core_files[] = $file;
690
+ }
691
+ }
692
+
693
+ function verify_permissions( $file ) {
694
+ $filename = str_replace( ABSPATH, '', $file );
695
+
696
+ $fileinfo = $this->power_stat( $file );
697
+ if ( !$fileinfo ) {
698
+ $this->add_result($file, '', '', '', 'Could not gather information about this file', 'Severe', $this->scan_source);
699
+ return;
700
+ }
701
+
702
+ $apache_file = $is_writable = $is_executable = $changed_last_day = $root_file = false;
703
+
704
+ if ( !empty( $this->php_user ) && $fileinfo['owner']['owner']['name'] == $this->php_user )
705
+ $apache_file = true;
706
+
707
+ if ( $fileinfo['filetype']['is_writable'] == 1 )
708
+ $is_writable = true;
709
+
710
+ if ( $fileinfo['filetype']['is_executable'] == 1 )
711
+ $is_executable = true;
712
+
713
+ if ( time() - $fileinfo['time']['mtime'] < 86400 )
714
+ $changed_last_day = true;
715
+
716
+ if ( 'root' == $fileinfo['owner']['owner']['name'] || 0 == $fileinfo['owner']['fileowner'] || 0 == $fileinfo['owner']['filegroup'] ) {
717
+ $root_file = true;
718
  }
719
+
720
+ if ( 'wp-config.php' == $filename && $is_writable )
721
+ $this->add_result($file, '', '', '', 'Config file is writable (' . $fileinfo['perms']['human'] . ')', 'Blocker', $this->scan_source);
722
+ else if ( in_array( $file, $this->all_core_files ) && $apache_file && !$is_writable )
723
+ $this->add_result($file, '', '', '', 'Core file owned by apache user ' . $this->php_user . ' (' . $fileinfo['perms']['human'] . ')', 'Warning', $this->scan_source);
724
+ else if ( in_array( $file, $this->all_core_files ) && $apache_file && $is_writable )
725
+ $this->add_result($file, '', '', '', 'Core file owned by apache user ' . $this->php_user . ' and writable (' . $fileinfo['perms']['human'] . ')', 'Severe', $this->scan_source);
726
+ else if ( $apache_file && $is_writable )
727
+ $this->add_result($file, '', '', '', 'File owned by apache user ' . $this->php_user . ' and writable (' . $fileinfo['perms']['human'] . ')', 'Warning', $this->scan_source);
728
+
729
+ if ( $changed_last_day )
730
+ $this->add_result($file, '', '', '', 'File changed in last 24 hours', 'Note', $this->scan_source);
731
  }
732
 
733
+ function add_result( $file_path, $line_contents, $line_number,$pattern, $problem_description, $problem_level, $scan_source = 'file' ) {
734
+ $this->_search_results[] = array(
735
+ 'file_path' => $file_path,
736
+ 'line_contents' => $line_contents,
737
+ 'line_number' => $line_number,
738
+ 'pattern' => $pattern,
739
+ 'problem_description' => $problem_description,
740
+ 'problem_level' => $problem_level,
741
+ 'scan_source' => $scan_source,
742
+ );
 
 
743
  }
744
+
745
+ function get_search_results( $type = '' ) {
746
+ switch( $type ) {
747
+ case 'raw';
748
+ case 'blocker':
749
+ case 'severe':
750
+ case 'warning':
751
+ case 'note':
752
+ $resultset = array();
753
+ reset( $this->_search_results );
754
+ foreach ( $this->_search_results AS $result ) {
755
+ if ( $type == strtolower( $result['problem_level'] ) )
756
+ $resultset[] = $result;
757
+ }
758
+ return $resultset;
759
+ break;
760
+ case 'hash_file_scan':
761
+ case 'file_permission_scan':
762
+ case 'file_scan':
763
+ case 'db_scan_plugins':
764
+ case 'db_scan_options':
765
+ case 'db_scan_posts':
766
+ case 'db_scan_comments':
767
+ case 'list_admins':
768
+ case 'get_serverinfo':
769
+ $resultset = array();
770
+ reset( $this->_search_results );
771
+ foreach ( $this->_search_results AS $result ) {
772
+ if ( $type == strtolower( $result['scan_source'] ) )
773
+ $resultset[] = $result;
774
+ }
775
+ return $resultset;
776
+ break;
777
+ default:
778
+ return $this->_search_results;
779
+ break;
780
  }
781
+ return $this->_search_results;
782
+ }
783
+
784
+ function get_inaccessible() {
785
+ return $this->inaccessible;
786
  }
787
 
788
+ function get_results() {
789
+ return $this->_search_results;
 
 
 
 
 
790
  }
791
+
792
+ function get_path() {
793
+ return $this->_path;
794
+ }
795
+
796
+ function get_html_result() {
797
+ $html_result = "<hr/><h3>Results for path " . $this->get_path() . "</h3>\n";
798
+ foreach ( $this->display_severities as $level ) {
799
+ if ( !in_array( $level, $this->_severities ) && 'raw' != $level )
800
+ continue;
801
+
802
+ $result = $this->get_search_results( $level );
803
+ if ( 'raw' == $level && !empty( $result ) )
804
+ $html_result .= $this->_draw_raw( $result );
805
+ /*else if ( !empty( $result ) ) {
806
+ $html_result .= "<h4>Results with impact level " . $level . "</h4><ul>\n";
807
+ $html_result .= $this->_drawRows( $result ) . "\n";
808
+ $html_result .= "</ul>\n";
809
+ }*/
810
+ else if ( !empty( $result ) ) {
811
+ $html_result .= "<h4>Results with impact level " . $level . "</h4><ul>\n";
812
+ $html_result .= $this->_draw_table_rows( $result ) . "\n";
813
+ $html_result .= "</ul>\n";
814
  }
815
  }
816
+ return $html_result;
817
+ }
818
+
819
+ function _draw_raw( $data ) {
820
+ $result = '';
821
+ foreach ( $data as $row ) {
822
+ if ( isset( $this->_scan_names[$row['scan_source']] ) )
823
+ $scan_description = $this->_scan_names[$row['scan_source']];
824
+ else
825
+ $scan_description = $row['scan_source'];
826
+ $result.= "<h4>$scan_description</h4>";
827
+ $result.= $row['line_contents'];
828
+ }
829
+ return $result;
830
+ }
831
+
832
+ function _draw_table_rows( $data ) {
833
+ $result = '
834
+ <table class="widefat fixed" style="margin-bottom: 2em;">
835
+ <thead>
836
+ <tr>
837
+ <th scope="col" style="width:75px;">Severity</th>
838
+ <th scope="col">Impact category</th>
839
+ <th scope="col">Description</th>
840
+ <th scope="col">File/Dataset</th>
841
+ </tr>
842
+ </thead>
843
+ <tbody>
844
+ ';
845
+ foreach ( $data as $row ) {
846
+ if ( 'db_scan_posts' == $row['scan_source'] )
847
+ $line = "<strong>Post:</strong> <a href='post.php?action=edit&amp;post=" . $row['file_path'] . "' title='Edit this post'>" . $row['line_number'] . "</a>";
848
+ else if ( 'db_scan_comments' == $row['scan_source'] )
849
+ $line = "<strong>Comment from:</strong> <a href='comment.php?action=editcomment&amp;c=" . $row['file_path'] . "' title='Edit this comment'>" . $row['line_number'] . "</a>";
850
+ else if ( !empty( $row['line_number'] ) )
851
+ $line = str_replace( ABSPATH, '[ABSPATH]/', $row['file_path'] ) . ":" . $row['line_number'];
852
+ else
853
+ $line = str_replace( ABSPATH, '[ABSPATH]/', $row['file_path'] );
854
+
855
+ switch( strtolower( $row['problem_level'] ) ) {
856
+ case "blocker":
857
+ $color = "#f00";
858
+ break;
859
+ case "severe":
860
+ $color = "#f0d";
861
+ break;
862
+ case "warning":
863
+ $color = "#ff0";
864
+ break;
865
+ case "note":
866
+ $color = "#0f0";
867
+ break;
868
+ }
869
+
870
+ $out_line = '';
871
+ if ( ":" != $line && !empty( $line ) )
872
+ $out_line = "$line";
873
+ else
874
+ $row['line_contents'] = $row['pattern'];
875
+
876
+ if ( isset( $this->_scan_names[$row['scan_source']] ) )
877
+ $scan_description = $this->_scan_names[$row['scan_source']];
878
+ else
879
+ $scan_description = $row['scan_source'];
880
+
881
+ $result .= sprintf( '<tr><td style="width:75px;"><span style="background:#000;color:%s;font-weight:bold;">%s</span></td><td>%s</td><td>%s</td><td>%s</td></tr>',
882
+ $color, $row['problem_level'], $scan_description, $row['problem_description'], $out_line);
883
+
884
+ if ( !empty( $row['line_contents'] ) )
885
+ $result .= sprintf( '<tr><td>Context</td><td colspan="3"><div>%s</div></td></tr>', $this->hilight_text( $row['line_contents'], $row['pattern'] ) );
886
  }
887
+
888
+ $result .= '
889
+ </tbody>
890
+ </table>
891
+ ';
892
+
893
+ return $result;
894
  }
895
 
896
+ function _drawRows( $data ) {
897
+ $result = '';
898
+ foreach ( $data as $row ) {
899
+ if ( 'db_scan_posts' == $row['scan_source'] )
900
+ $line = "<strong>Post:</strong> <a href='post.php?action=edit&amp;post=" . $row['file_path'] . "' title='Edit this post'>" . $row['line_number'] . "</a>";
901
+ else if ( 'db_scan_comments' == $row['scan_source'] )
902
+ $line = "<strong>Comment from:</strong> <a href='comment.php?action=editcomment&amp;c=" . $row['file_path'] . "' title='Edit this comment'>" . $row['line_number'] . "</a>";
903
+ else
904
+ $line = $row['file_path'] . ":" . $row['line_number'];
905
+ switch( strtolower( $row['problem_level'] ) ) {
906
+ case "blocker":
907
+ $color = "#f00";
908
+ break;
909
+ case "severe":
910
+ $color = "#f0d";
911
+ break;
912
+ case "warning":
913
+ $color = "#ff0";
914
+ break;
915
+ case "note":
916
+ $color = "#0f0";
917
+ break;
918
+ }
919
+
920
+ $out_line = '';
921
+ if ( ":" != $line )
922
+ $out_line = "($line)";
923
+ else
924
+ $row['line_contents'] = $row['pattern'];
925
+
926
+ if ( isset( $this->_scan_names[$row['scan_source']] ) )
927
+ $scan_description = $this->_scan_names[$row['scan_source']];
928
+ else
929
+ $scan_description = $row['scan_source'];
930
+
931
+ $result .= sprintf( '<li><span style="background:#000;color:%s;font-weight:bold;margin-right:10px;">%s</span><em>(%s)</em> &nbsp; %s %s<div>%s</div></li>',
932
+ $color, $row['problem_level'], $scan_description, $row['problem_description'], $out_line, $this->hilight_text( $row['line_contents'], $row['pattern'] )
933
+ );
934
+ }
935
+ return $result;
936
+ }
937
 
 
 
938
 
939
+ function hilight_text( $contents, $pattern ) {
940
+ $out = '';
941
+ if ( !empty($pattern) && preg_match( $pattern, $contents, $matches ) ) {
942
+ $text = $matches[0];
943
+ } else {
944
+ if ( !empty( $contents ) )
945
+ $out.= '<p><code>' . nl2br( wp_specialchars( substr( $contents, 0, 300 ) ) ) . '</code></p>';
946
+ return $out;
947
+ }
948
+ while ( $contents ) {
949
+ $start = strpos( $contents, $text ) - 50;
950
+ if ( $start < 0 )
951
+ $start = 0;
952
+ $contents = substr( $contents, $start );
953
+ $out.= '<p><code>' . nl2br( substr( str_replace( wp_specialchars( $text ), '<span style="background: #ff0;">' . wp_specialchars( $text ) . '</span>', wp_specialchars( $contents ) ), 0, 300 ) ) . '</code></p>';
954
+ $contents = substr( $contents, strpos( $contents, $text ) + strlen( $text ) );
955
+ if ( strpos( $contents, $text ) === false ) {
956
+ $contents = false;
957
  }
 
958
  }
959
+
960
+ return $out;
961
+ }
962
 
963
+
964
+ function power_stat( $file ) {
965
+ clearstatcache();
966
+ $ss=@stat($file);
967
+ if ( !$ss )
968
+ return false; //Couldnt stat file
969
+
970
+ $ts=array(
971
+ 0140000=>'ssocket',
972
+ 0120000=>'llink',
973
+ 0100000=>'-file',
974
+ 0060000=>'bblock',
975
+ 0040000=>'ddir',
976
+ 0020000=>'cchar',
977
+ 0010000=>'pfifo'
978
+ );
979
+
980
+ $p=$ss['mode'];
981
+ $t=decoct($ss['mode'] & 0170000); // File Encoding Bit
982
+
983
+ $str =(array_key_exists(octdec($t),$ts))?$ts[octdec($t)]{0}:'u';
984
+ $str.=(($p&0x0100)?'r':'-').(($p&0x0080)?'w':'-');
985
+ $str.=(($p&0x0040)?(($p&0x0800)?'s':'x'):(($p&0x0800)?'S':'-'));
986
+ $str.=(($p&0x0020)?'r':'-').(($p&0x0010)?'w':'-');
987
+ $str.=(($p&0x0008)?(($p&0x0400)?'s':'x'):(($p&0x0400)?'S':'-'));
988
+ $str.=(($p&0x0004)?'r':'-').(($p&0x0002)?'w':'-');
989
+ $str.=(($p&0x0001)?(($p&0x0200)?'t':'x'):(($p&0x0200)?'T':'-'));
990
+
991
+ $s=array(
992
+ 'perms'=>array(
993
+ 'umask'=>sprintf("%04o",@umask()),
994
+ 'human'=>$str,
995
+ 'octal1'=>sprintf("%o", ($ss['mode'] & 000777)),
996
+ ),
997
+ 'owner'=>array(
998
+ 'fileowner'=>$ss['uid'],
999
+ 'filegroup'=>$ss['gid'],
1000
+ 'owner'=>
1001
+ (function_exists('posix_getpwuid'))?
1002
+ @posix_getpwuid($ss['uid']):'',
1003
+ 'group'=>
1004
+ (function_exists('posix_getgrgid'))?
1005
+ @posix_getgrgid($ss['gid']):''
1006
+ ),
1007
+
1008
+ 'file'=>array(
1009
+ 'filename'=>$file,
1010
+ 'realpath'=>(@realpath($file) != $file) ? @realpath($file) : '',
1011
+ 'dirname'=>@dirname($file),
1012
+ 'basename'=>@basename($file)
1013
+ ),
1014
+
1015
+ 'filetype'=>array(
1016
+ 'type'=>substr($ts[octdec($t)],1),
1017
+ 'type_octal'=>sprintf("%07o", octdec($t)),
1018
+ 'is_file'=>@is_file($file),
1019
+ 'is_dir'=>@is_dir($file),
1020
+ 'is_link'=>@is_link($file),
1021
+ 'is_readable'=> @is_readable($file),
1022
+ 'is_writable'=> @is_writable($file),
1023
+ 'is_executable'=> @is_executable($file)
1024
+
1025
+ ),
1026
+
1027
+ 'size'=>array(
1028
+ 'size'=>$ss['size'], //Size of file, in bytes.
1029
+ 'blocks'=>$ss['blocks'], //Number 512-byte blocks allocated
1030
+ 'block_size'=> $ss['blksize'] //Optimal block size for I/O.
1031
+ ),
1032
+
1033
+ 'time'=>array(
1034
+ 'mtime'=>$ss['mtime'], //Time of last modification
1035
+ 'atime'=>$ss['atime'], //Time of last access.
1036
+ 'ctime'=>$ss['ctime'], //Time of last status change
1037
+ 'accessed'=>@date('Y M D H:i:s',$ss['atime']),
1038
+ 'modified'=>@date('Y M D H:i:s',$ss['mtime']),
1039
+ 'created'=>@date('Y M D H:i:s',$ss['ctime'])
1040
+ ),
1041
+ );
1042
+
1043
+ clearstatcache();
1044
+ return $s;
1045
+ }
1046
+
1047
+ }
1048
+
1049
+
1050
+
1051
+
1052
+ add_action('admin_menu', 'exploitscanner_menu');
1053
+
1054
+ function exploitscanner_menu() {
1055
+ wp_enqueue_script( 'jquery-form' );
1056
+ add_submenu_page('index.php', 'Exploit Scanner', 'Exploit Scanner', 'manage_options', 'exploit-admin-page', 'exploit_admin_page');
1057
+
1058
+ }
1059
+
1060
+
1061
+ add_action('wp_ajax_get_exploitscanner_results_all', 'exploitscanner_ajax_action_all');
1062
+ function exploitscanner_ajax_action_all() {
1063
+ global $wp_version;
1064
+ check_admin_referer( 'exploitscanner-scan_all' );
1065
+ $scanner = new Exploit_Scanner( ABSPATH );
1066
+ $scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
1067
+ $scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
1068
+ $scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
1069
+ array_push( $scanner->display_severities, 'raw' );
1070
+ $scanner->run( $_POST['scans'] );
1071
+ die( $scanner->get_html_result() );
1072
  }
1073
+
1074
+ add_action('wp_ajax_get_exploitscanner_results_custom', 'exploitscanner_ajax_action_custom');
1075
+ function exploitscanner_ajax_action_custom() {
1076
+ global $wp_version;
1077
+ check_admin_referer( 'exploitscanner-scan_customstrings' );
1078
+ $strings = explode( ',', $_GET['customscan'] );
1079
+ $scanner = new Exploit_Scanner( ABSPATH );
1080
+ $scanner->restricted_commands = array();
1081
+ $scanner->whitelist_patterns = array();
1082
+ $scanner->restricted_patterns = array();
1083
+ $scanner->display_severities = array('raw','blocker');
1084
+ foreach ( (array) $strings as $string ) {
1085
+ $scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
1086
+ }
1087
+ $scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
1088
+ $scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
1089
+ $scanner->run( array( 'file_scan', 'db_scan' ) );
1090
+ die( $scanner->get_html_result() );
1091
+ }
1092
+
1093
+ function exploit_admin_page() {
1094
+ global $wp_version ?>
1095
+ <div class="wrap">
1096
+ <h2>WordPress Exploit Scanner</h2>
1097
+ <?php
1098
+ $scan_url = '?page=exploit-admin-page&scan=all';
1099
+ $scan_action = 'exploitscanner-scan_all';
1100
+ $scan_link = wp_nonce_url( $scan_url, $scan_action );
1101
+ ?>
1102
+
1103
+ <h3>Exploit scan</h3>
1104
+ <p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p>
1105
+ <form action='?page=exploit-admin-page&scan=all' id="exploit_scan" method='POST'>
1106
+ <input type="hidden" name="action" value="get_exploitscanner_results_all">
1107
+ <table>
1108
+ <tr><td>Scans to execute:</td><td>General Infos <input type='checkbox' name='scans[]' value='info' checked="checked"/> &nbsp; File scan <input type='checkbox' name='scans[]' value='file_scan' checked="checked"/> &nbsp; Database scan <input type='checkbox' name='scans[]' value='db_scan' checked="checked"/></td></tr>
1109
+ <tr><td>Severities to show:</td><td> Blocker <input type='checkbox' name='show[]' value='blocker' checked="checked"/> &nbsp; Severe <input type='checkbox' name='show[]' value='severe' checked="checked"/> &nbsp; Warning <input type='checkbox' name='show[]' value='warning' checked="checked"/> &nbsp; Note <input type='checkbox' name='show[]' value='note' /></td></tr>
1110
+ <tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='128' />MB (Max memory used by PHP.)</td></tr>
1111
+ <tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='400' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>
1112
+ </table>
1113
+ <?php wp_nonce_field( 'exploitscanner-scan_all' ); ?>
1114
+ <input type='submit' class="button exploit-scan-button" value='Run the Scan' />
1115
+ </form>
1116
+ <p>If you run into memory problems, increase the PHP memory limit or reduce the file size limit.</p>
1117
+ <div style='margin-top: 20px;'>
1118
+ <h3>Custom search</h3>
1119
+ <p>You can also search the files and database on your site for a custom string:</p>
1120
+ <form method="get" id="exploit_scan_custom">
1121
+ <input type="hidden" name="action" value="get_exploitscanner_results_custom">
1122
+ <input type="hidden" name="page" value="exploit-admin-page" />
1123
+ <input type="text" name="customscan" class="regular-text code" />
1124
+ <?php wp_nonce_field( 'exploitscanner-scan_customstrings' ); ?>
1125
+ <input type="submit" class="button exploit-scan-button" value="Search Files" />
1126
+ </form>
1127
+ </div>
1128
+ <script type="text/javascript">
1129
+ jQuery(document).ready(function($){
1130
+ var options = {
1131
+ url: '<?php echo admin_url("admin-ajax.php"); ?>',
1132
+ target: '#output1', // target element(s) to be updated with server response
1133
+ beforeSubmit: showRequest, // pre-submit callback
1134
+ success: showResponse,
1135
+ };
1136
+
1137
+ var options2 = {
1138
+ url: '<?php echo admin_url("admin-ajax.php"); ?>',
1139
+ target: '#output1', // target element(s) to be updated with server response
1140
+ beforeSubmit: showRequest, // pre-submit callback
1141
+ success: showResponse,
1142
+ };
1143
+
1144
+ jQuery('#exploit_scan').ajaxForm(options);
1145
+ jQuery('#exploit_scan_custom').ajaxForm(options2);
1146
+
1147
+ });
1148
+ function showRequest(formData, jqForm, options) {
1149
+ jQuery('#loader').show();
1150
+ jQuery('#output1').hide();
1151
+ }
1152
+ function showResponse(responseText, statusText) {
1153
+ jQuery('#loader').hide();
1154
+ jQuery('#output1').show();
1155
+ return false;
1156
+ }
1157
+
1158
+ </script>
1159
+ <?php
1160
+ if ( isset( $_GET['scan'] ) && $_GET['scan'] == 'all' ) {
1161
+ check_admin_referer( 'exploitscanner-scan_all' );
1162
+ $scanner = new Exploit_Scanner( ABSPATH );
1163
+ $scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
1164
+ $scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
1165
+ $scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
1166
+ array_push( $scanner->display_severities, 'raw' );
1167
+ $scanner->run( $_POST['scans'] );
1168
+ echo $scanner->get_html_result();
1169
+ } elseif ( isset( $_GET['customscan'] ) ) {
1170
+ check_admin_referer( 'exploitscanner-scan_customstrings' );
1171
+ $strings = explode( ',', $_GET['customscan'] );
1172
+ $scanner = new Exploit_Scanner( ABSPATH );
1173
+ $scanner->restricted_commands = array();
1174
+ $scanner->whitelist_patterns = array();
1175
+ $scanner->restricted_patterns = array();
1176
+ $scanner->display_severities = array('blocker');
1177
+ foreach ( (array) $strings as $string ) {
1178
+ $scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
1179
+ }
1180
+ $scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
1181
+ $scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
1182
+ $scanner->run( array( 'file_scan', 'db_scan' ) );
1183
+ echo $scanner->get_html_result();
1184
+ }
1185
+ ?>
1186
+ <div id="output1"></div>
1187
+ <div id="loader" style="display:none; margin: 10px; padding: 10px; border: 1px solid #333; margin-top: 30px; text-align: center">
1188
+ <p><strong>Searching your filesystem and database for hidden links, malicious JavaScript and other possible exploit code</strong><br /><br />Please wait while loading...</p>
1189
+ <img src="<?php echo WP_PLUGIN_URL; ?>/exploit-scanner/loader.gif" height="16px" width="16px" alt="loading-icon" />
1190
+ </div>
1191
+ <h4>DISCLAIMER</h4>
1192
+ <p>Unfortunately it's impossible to catch every hack, and it's also too easy to catch "false positives" or things that aren't hacks. If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof. </p>
1193
+
1194
+ <h5>For the paranoid...</h5>
1195
+ <p>To prevent someone hiding malicious code inside this plugin and to check that the signatures file (hashes.txt) hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. If they match, this file is ok. You'll get extra points if you check this file has the actual md5_file() calls.</p>
1196
+ <p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?></code></p>
1197
+ <?php if ( file_exists( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ) ) { ?>
1198
+ <p style="text-align: center">MD5 of hashes-<?php echo $wp_version; ?>.php: <code><?php echo md5_file( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ); ?></code></p>
1199
+ <?php } ?>
1200
+ </div>
1201
+ <?php }
hashes-2.8.6.php ADDED
@@ -0,0 +1,728 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $filehashes = array(
3
+ 'index.php' => '67395ee44d8a23a998eaa8df023d4d7a',
4
+ 'license.txt' => '4d1f767863b6a3985f43e9401b0739f6',
5
+ 'readme.html' => '027283d03b08abae67279fd17a37760b',
6
+ 'wp-admin/admin-ajax.php' => 'c3865f19ac4b72dbedaa040024fd4591',
7
+ 'wp-admin/admin-footer.php' => '4fa2df4c894a7fe2391ecf118ea1d859',
8
+ 'wp-admin/admin-functions.php' => '8d7148c613538bf567216bf9ec3c8572',
9
+ 'wp-admin/admin-header.php' => 'e1ad6ce990533e5d41ba26d02be53f86',
10
+ 'wp-admin/admin-post.php' => 'b263826ffd46c1241ff2817890b8c840',
11
+ 'wp-admin/admin.php' => '515cc4c3bd73af643dbdc3d3d0baeb9e',
12
+ 'wp-admin/async-upload.php' => '1bd1df39461758b0cb0429b772475059',
13
+ 'wp-admin/categories.php' => 'e5451eb0c7492902657ee3cc48a9de5a',
14
+ 'wp-admin/comment.php' => 'c568126864001bedf150adf16c205ff1',
15
+ 'wp-admin/css/colors-classic-rtl.css' => '74e3bc0961e42685a1b2918ee21de19f',
16
+ 'wp-admin/css/colors-classic.css' => '4f0524bd41bf91793c2eab07e8737b24',
17
+ 'wp-admin/css/colors-fresh-rtl.css' => 'eee458d5eaf8a119e8543f311b3b77ed',
18
+ 'wp-admin/css/colors-fresh.css' => '04f64d74b428649848955844036812f2',
19
+ 'wp-admin/css/dashboard-rtl.css' => '81238c176822f1efd9d121eea5fbb3d7',
20
+ 'wp-admin/css/dashboard.css' => '9c505ae63a80736883260c90740e2e7c',
21
+ 'wp-admin/css/farbtastic-rtl.css' => '117dc1e6ac587635c98975cfcdfb0444',
22
+ 'wp-admin/css/farbtastic.css' => 'b45e420bae504bad3ad026f11fb34414',
23
+ 'wp-admin/css/global-rtl.css' => '639432085f54f73cc7857d5e6b3fdb22',
24
+ 'wp-admin/css/global.css' => '5ec06085a2ae7d41dcfcc9f48701caaf',
25
+ 'wp-admin/css/ie-rtl.css' => 'a0d306ff28ee7a91c04dd2ba920d589a',
26
+ 'wp-admin/css/ie.css' => '886e4191f990f81168d9d9e7c842ca6a',
27
+ 'wp-admin/css/install-rtl.css' => '39eb6cb46f5071727c143ba407b54b53',
28
+ 'wp-admin/css/install.css' => '0380e33272aa60d16b2e7d405e7288a8',
29
+ 'wp-admin/css/login-rtl.css' => 'd356512a353a71d70dbeddc53fdf93ce',
30
+ 'wp-admin/css/login.css' => 'c6f1a4e8396191754e8043b78cc6e8b1',
31
+ 'wp-admin/css/media-rtl.css' => '8d9762bb606d52329ce469823b56119d',
32
+ 'wp-admin/css/media.css' => '56b3176fa896ff69ebea6d6689f1b5df',
33
+ 'wp-admin/css/plugin-install-rtl.css' => 'ff2cc41b3ec965996608fc6a416c0d34',
34
+ 'wp-admin/css/plugin-install.css' => '48705f886f1714e4c4c130e5fa7443f8',
35
+ 'wp-admin/css/press-this-rtl.css' => '098fcc8fa903f68d4827a80b19ed8624',
36
+ 'wp-admin/css/press-this.css' => 'fb5beaa57223ab3cd864e925731bf76f',
37
+ 'wp-admin/css/theme-editor-rtl.css' => '67937f3a3e8e4b9eeaa5fe15c1cce63b',
38
+ 'wp-admin/css/theme-editor.css' => '1d469fa64b12915edd13d68148453c72',
39
+ 'wp-admin/css/theme-install.css' => 'caca2d1c6d7f70138a2cae7cff992f9c',
40
+ 'wp-admin/css/widgets-rtl.css' => 'c72b211f292a7ac48348b3aa47e8f9c1',
41
+ 'wp-admin/css/widgets.css' => 'c4d1ad88ee2a59c096cee1ac30690056',
42
+ 'wp-admin/custom-header.php' => '632997600dd79ad291ed65ca969ca0bb',
43
+ 'wp-admin/edit-attachment-rows.php' => '78df25e168c316610d4e3471e921e7a9',
44
+ 'wp-admin/edit-category-form.php' => 'fd6cd34002ce6e005ba9ab54f127f97e',
45
+ 'wp-admin/edit-comments.php' => '60946abbe37bf8968c46c31b358f8435',
46
+ 'wp-admin/edit-form-advanced.php' => '381969d3b7321567e741c212181bc05e',
47
+ 'wp-admin/edit-form-comment.php' => 'f944e0de9c3828b672c32584fa94db7b',
48
+ 'wp-admin/edit-link-categories.php' => '4dad62fc3811b01a419f1af05cd183d8',
49
+ 'wp-admin/edit-link-category-form.php' => '5f91fb7619741704b7d51086c8ebf8ca',
50
+ 'wp-admin/edit-link-form.php' => 'db6471427a4ecc0c8649683cae47d072',
51
+ 'wp-admin/edit-page-form.php' => 'b2940d3605dfbec83b8f767be5b8f39d',
52
+ 'wp-admin/edit-pages.php' => 'cedd36cd423ee16d8e0bf13f63cbf4c1',
53
+ 'wp-admin/edit-post-rows.php' => '6b033cf4c4dee90ccf74739efa6d8d23',
54
+ 'wp-admin/edit-tag-form.php' => '5bc3563c4c3f9f2b6458c5cb576913c9',
55
+ 'wp-admin/edit-tags.php' => 'bd6f2d8432eb5c9065468ac16fa1f4ca',
56
+ 'wp-admin/edit.php' => '874569992dab2079e758fa34ec7181b5',
57
+ 'wp-admin/export.php' => 'fe7409978fe44e7a9265079b7bf6e362',
58
+ 'wp-admin/gears-manifest.php' => '645221e41afbd86c8461061dc51314dc',
59
+ 'wp-admin/images/align-center.png' => 'a1427c5dd8d6f9292430f6650824270a',
60
+ 'wp-admin/images/align-left.png' => '731f8ceb9ea5cf3ad41810cf0af73821',
61
+ 'wp-admin/images/align-none.png' => 'de2bd2479bc66930d4db049e91b7451a',
62
+ 'wp-admin/images/align-right.png' => 'f1c033dd4d0600bf18af7ed9a7441ea5',
63
+ 'wp-admin/images/archive-link.png' => '9be05a7e7b41b72e75a2beddc4f6ac55',
64
+ 'wp-admin/images/blue-grad.png' => 'e475da9341c39501f1c29e29756942f8',
65
+ 'wp-admin/images/browse-happy.gif' => '3bad5ccecc83f7e368c79bc7f961e337',
66
+ 'wp-admin/images/bubble_bg-rtl.gif' => '0acb13b5fb21466f3984a5a3bdfc3869',
67
+ 'wp-admin/images/bubble_bg.gif' => 'b78fd5758e486128cf448c5973ca6ee4',
68
+ 'wp-admin/images/button-grad-active-vs.png' => '60f72449e40ee8a8d6bef4e8ed0260fd',
69
+ 'wp-admin/images/button-grad-active.png' => 'cadd565a465b3eb73ed386c210145fe2',
70
+ 'wp-admin/images/button-grad-vs.png' => 'c614f82ed58080d37618cc1839e4ce02',
71
+ 'wp-admin/images/button-grad.png' => '16609cb9ee7897725e7692c17e9c29e4',
72
+ 'wp-admin/images/comment-grey-bubble.png' => '165ba7d3a093473cf47a6b0fbd141dbb',
73
+ 'wp-admin/images/date-button.gif' => '6785862d31a929183751cfa86cddfdca',
74
+ 'wp-admin/images/ed-bg-vs.gif' => '01112dae05c7c37e16eeb3647c138a66',
75
+ 'wp-admin/images/ed-bg.gif' => '58d491c508be7f09809f11bca4a1bd77',
76
+ 'wp-admin/images/fade-butt.png' => 'e6c8b1c6db50db66bf04da9bbbe3ee0e',
77
+ 'wp-admin/images/fav-arrow-rtl.gif' => '8dcc7939100a91147bb7fb6d2a651bec',
78
+ 'wp-admin/images/fav-arrow-vs.gif' => 'a80771dd731c047e5dbbee8829163e82',
79
+ 'wp-admin/images/fav-arrow.gif' => 'e46967a00b05a38fc0a09933d8e007a3',
80
+ 'wp-admin/images/fav-top-vs.gif' => '0b16e5449ce8cd8fc7c7412f385e9edc',
81
+ 'wp-admin/images/fav-top.png' => '6d51aeeb995d529ea74d3339c8fd826b',
82
+ 'wp-admin/images/fav-vs.png' => '8720fba5c7c55ff7becb4c1ee4bff05b',
83
+ 'wp-admin/images/fav.png' => '35ec77238a48560932bf6165a6db7e6c',
84
+ 'wp-admin/images/generic.png' => 'ec85cdf6efc2a983e50f7d86a976c467',
85
+ 'wp-admin/images/gray-grad.png' => 'c5fd1e0895b8dec4db822fa9a3f7b92d',
86
+ 'wp-admin/images/icons32-vs.png' => '74426dbce10c55709c4877554d455c4e',
87
+ 'wp-admin/images/icons32.png' => '23c825ff877459a4339cf7a7b2258141',
88
+ 'wp-admin/images/list-vs.png' => '978f0351d99a761bdafd313e76201be9',
89
+ 'wp-admin/images/list.png' => 'cce19b15b4d3e4ad7dac568f1a1c1f90',
90
+ 'wp-admin/images/loading-publish.gif' => '27c1513ac7487e7d4e09fd57d85dd15c',
91
+ 'wp-admin/images/loading.gif' => '9a8269421303631316be4ab5e34870e1',
92
+ 'wp-admin/images/logo-ghost.png' => 'c406a787e10714b99129ff7dff95efcd',
93
+ 'wp-admin/images/logo-login.gif' => 'c62e03cf2e9417e6019657b3f5379802',
94
+ 'wp-admin/images/logo.gif' => 'a402ef261eb443496e6179f6e9653d29',
95
+ 'wp-admin/images/marker.png' => '4f932ddbee5d5e9ebd89a2ec63eda2d1',
96
+ 'wp-admin/images/mask.png' => 'c6dc921c0d6f2197793d9174b4267ca0',
97
+ 'wp-admin/images/media-button-image.gif' => '0357183d4a361456b8b121209af5c608',
98
+ 'wp-admin/images/media-button-music.gif' => '0fec8f86c9c036a2ecf54dbb66a63133',
99
+ 'wp-admin/images/media-button-other.gif' => '22dd6f85320fb13797ab7e3ff890515b',
100
+ 'wp-admin/images/media-button-video.gif' => 'bc7efebd002f34e8e6c30769ff417bdd',
101
+ 'wp-admin/images/menu-arrows.gif' => 'f8872ea252d5551b77eff89ff7c74dcc',
102
+ 'wp-admin/images/menu-bits-rtl-vs.gif' => '622bc5e4f63493c37b114406561c5de5',
103
+ 'wp-admin/images/menu-bits-rtl.gif' => 'e432360b7566ff59bd6c7b4df564b713',
104
+ 'wp-admin/images/menu-bits-vs.gif' => 'b1627ef5a5aad512136dcef1213763ee',
105
+ 'wp-admin/images/menu-bits.gif' => 'f8e09b1fc524fd96735945077d401793',
106
+ 'wp-admin/images/menu-dark-rtl.gif' => 'b6f525c71c056ecedfd837daf18c3c4a',
107
+ 'wp-admin/images/menu-dark.gif' => 'a5af317b01fd87c8eceedef87ae0c26f',
108
+ 'wp-admin/images/menu-vs.png' => '8bef8c397f737a91ff8c4a2edbc16b36',
109
+ 'wp-admin/images/menu.png' => '1a36e748b6be3b15dfaa18b2149beefe',
110
+ 'wp-admin/images/no.png' => 'f787d0b0069027fc7b571dbbdabaa3c5',
111
+ 'wp-admin/images/required.gif' => '449bfee22ffa295314e08b314604cd0c',
112
+ 'wp-admin/images/resize.gif' => '68a8e57741df1a16444713a11d7c5b82',
113
+ 'wp-admin/images/screen-options-left.gif' => '1f4510095793f25a12c376f136429880',
114
+ 'wp-admin/images/screen-options-right-up.gif' => '745eebb21d33c943adbfea7bc6d37aa4',
115
+ 'wp-admin/images/screen-options-right.gif' => 'ae671f7223fff3a47375d47a4bcf587f',
116
+ 'wp-admin/images/se.png' => 'e9b50c73bfb3dc46a1eccf07f4bfc6ab',
117
+ 'wp-admin/images/star.gif' => '53b4445439bcf04aa36901548e379f12',
118
+ 'wp-admin/images/toggle-arrow-rtl.gif' => 'da61f45c1385ee6ed1663676eec4aed2',
119
+ 'wp-admin/images/toggle-arrow.gif' => 'a3722fea95a66f24f350f36147bc8beb',
120
+ 'wp-admin/images/visit-site-button-grad-vs.gif' => '4fd90308cccfc4fe131b07df35be96d4',
121
+ 'wp-admin/images/visit-site-button-grad.gif' => '75e555e701dd658659474dfb3a70e851',
122
+ 'wp-admin/images/wheel.png' => '2b6d304868ff398c17252b7b0a0414c4',
123
+ 'wp-admin/images/white-grad-active.png' => '6b6d2eab57230f1d2afd4b6d9380fd1c',
124
+ 'wp-admin/images/white-grad.png' => '3090f8947eac64830900abf4562ca8e1',
125
+ 'wp-admin/images/wordpress-logo.png' => '1a77b8aa7318b3e3b99e103aac47e448',
126
+ 'wp-admin/images/wp-logo-vs.gif' => '4a094808ccb90b388ac92611d6e9e365',
127
+ 'wp-admin/images/wp-logo.gif' => '797be4dafa9e042735e030df67ec0f26',
128
+ 'wp-admin/images/wpspin_dark.gif' => '5bf61d27a7893daaf24bb158fddb550a',
129
+ 'wp-admin/images/wpspin_light.gif' => '67f40a30bfa13743e5c4e86bfa467a90',
130
+ 'wp-admin/images/xit.gif' => '6a03660e0544b85fc84d4de174c28741',
131
+ 'wp-admin/images/yes.png' => '94040f30512d9d0993f0b903b25024e2',
132
+ 'wp-admin/import/blogger.php' => 'd7e0e19732f97a41e8e23036ebf11926',
133
+ 'wp-admin/import/blogware.php' => '20415f7ff4d106185b768a8c90514a18',
134
+ 'wp-admin/import/dotclear.php' => 'de433f8ff866952a9a91a49f8370ae9e',
135
+ 'wp-admin/import/greymatter.php' => '6961a7e931c50def9787677d87a1cc61',
136
+ 'wp-admin/import/livejournal.php' => 'e99abd5cd281f6c0ccfd5baf52fcc017',
137
+ 'wp-admin/import/mt.php' => '4e31bcc6f6a87d26b40731862b8cb52b',
138
+ 'wp-admin/import/opml.php' => '92b3b8101405d6caa71aacfd1c0553c0',
139
+ 'wp-admin/import/rss.php' => '6be458611debe108db3e59a0029f56c7',
140
+ 'wp-admin/import/stp.php' => 'bda74909223cd3e3be2d3be58e4a1d70',
141
+ 'wp-admin/import/textpattern.php' => 'f298e25f2efbf3a5c480075cbe422b87',
142
+ 'wp-admin/import/utw.php' => '380d600de9773803d79f4e8ff8c8c358',
143
+ 'wp-admin/import/wordpress.php' => '2bc1941f3b90078b0c437cd22fa75f4f',
144
+ 'wp-admin/import/wp-cat2tag.php' => '5944d5a4154387738b970af23fed32c2',
145
+ 'wp-admin/import.php' => 'cd76e928a29433162a7721481d9bcc9e',
146
+ 'wp-admin/includes/admin.php' => '1976c45c622641437e4e83771a20aa2c',
147
+ 'wp-admin/includes/bookmark.php' => 'a682bdd2a59052ed0ee2f686cd912bdd',
148
+ 'wp-admin/includes/class-ftp-pure.php' => 'ecc03dc71a4ecbaa30831d6375c6e15c',
149
+ 'wp-admin/includes/class-ftp-sockets.php' => '983e77ea48e8a21676334295e75e1e2f',
150
+ 'wp-admin/includes/class-ftp.php' => '0e0389109a3fd469cf55acc2d974d5b4',
151
+ 'wp-admin/includes/class-pclzip.php' => '5eb649d754475c5ba8c03f43e9d4c35e',
152
+ 'wp-admin/includes/class-wp-filesystem-base.php' => 'f33ae72d118fb3b405e4c38c7b044ef5',
153
+ 'wp-admin/includes/class-wp-filesystem-direct.php' => 'b9631c47f1a55707c7ccc468e77e5813',
154
+ 'wp-admin/includes/class-wp-filesystem-ftpext.php' => '2c38d4f9b9e44407be7f9e4659b15779',
155
+ 'wp-admin/includes/class-wp-filesystem-ftpsockets.php' => '103ceabdaa0da8e1cb143737370cb691',
156
+ 'wp-admin/includes/class-wp-filesystem-ssh2.php' => 'ed5f048601b8b7621d98e4b715324dd4',
157
+ 'wp-admin/includes/class-wp-upgrader.php' => '106cc69da7f13ad3820be38ae913412f',
158
+ 'wp-admin/includes/comment.php' => 'b951259804498c71bd6901dba9f175a7',
159
+ 'wp-admin/includes/continents-cities.php' => '024b57d99bbe8b9e133316d1e98fc79d',
160
+ 'wp-admin/includes/dashboard.php' => 'e38010fec18c2eb5e82925007c095c27',
161
+ 'wp-admin/includes/export.php' => '34a08bf4b3cd07ba70cc95b790db03d3',
162
+ 'wp-admin/includes/file.php' => 'aebfbe5a831756b9c2eab92b8234c385',
163
+ 'wp-admin/includes/image.php' => '71af3690851d90e9b0b9c90d3c04891e',
164
+ 'wp-admin/includes/import.php' => '38cb3659f2da51e9c9c635e883920f00',
165
+ 'wp-admin/includes/manifest.php' => '4d5e9b6dc52bab7235999fb58633c3bd',
166
+ 'wp-admin/includes/media.php' => 'da8f1c48d945f78e8bb1ca9dc957c48f',
167
+ 'wp-admin/includes/misc.php' => '8ecf08693920efd68955b769c39261d9',
168
+ 'wp-admin/includes/plugin-install.php' => 'e854b624a9a98247de2ac3a43b0590f0',
169
+ 'wp-admin/includes/plugin.php' => 'b252ae3b3d4ecd6d98416d5c230e660c',
170
+ 'wp-admin/includes/post.php' => 'a53f8817d89b1d396e9ffb78e99b8953',
171
+ 'wp-admin/includes/schema.php' => '21bf0bdf60715b208941a27b8d41e946',
172
+ 'wp-admin/includes/taxonomy.php' => 'e3bd63a4ae306fee68272541bc17fee1',
173
+ 'wp-admin/includes/template.php' => '197138e312f93ed92766a1a34d1c594b',
174
+ 'wp-admin/includes/theme-install.php' => 'feae973a353ef8d871e59a8568358a1a',
175
+ 'wp-admin/includes/theme.php' => '0356ab781892ac9a1c53ff0e5f86826c',
176
+ 'wp-admin/includes/update-core.php' => 'a6b20656a4c8d0853972b9e441fce7c7',
177
+ 'wp-admin/includes/update.php' => 'e98e2fa4a3a3a9ad45ec914f2ab6f0dd',
178
+ 'wp-admin/includes/upgrade.php' => '83d8674eb2c0d969e8366f68c507d3f9',
179
+ 'wp-admin/includes/user.php' => 'c06bcb31a77362d9f419307f155d2dda',
180
+ 'wp-admin/includes/widgets.php' => 'c9d23e1e5f11155b9cb14f9bb9ca6522',
181
+ 'wp-admin/index-extra.php' => 'b61221d48f6121a9fde8c16a7004c71a',
182
+ 'wp-admin/index.php' => '0be16d3331c61a45f2e01d22962d9ee3',
183
+ 'wp-admin/install-helper.php' => '27824cad71dd883f9de818e03abb685d',
184
+ 'wp-admin/install.php' => '04cf5ebf5a1bd140f024f136d75deb22',
185
+ 'wp-admin/js/cat.dev.js' => 'ed5cc1456007f3712e9722ea27253bb2',
186
+ 'wp-admin/js/cat.js' => '8a0487d34029c6621081f5a89d91a82d',
187
+ 'wp-admin/js/categories.dev.js' => 'cbb0371ccea124798628e181ca157a55',
188
+ 'wp-admin/js/categories.js' => '80b80ef0cb2360338c6e4668829ad013',
189
+ 'wp-admin/js/comment.dev.js' => 'ebdf0f396c101af015d57df13c8e825b',
190
+ 'wp-admin/js/comment.js' => 'f58da1479570a8daae958114afe35ed9',
191
+ 'wp-admin/js/common.dev.js' => 'b3006945c3b8408f9c889b6aa6d28e44',
192
+ 'wp-admin/js/common.js' => '2b623d55968742539ffde9ff9416bb29',
193
+ 'wp-admin/js/custom-fields.dev.js' => '06cb5141c3ac8e8abdfa887560fc9fc0',
194
+ 'wp-admin/js/custom-fields.js' => '14698a9d69a9256b8b63e1552dc85f06',
195
+ 'wp-admin/js/dashboard.dev.js' => '3e3fbecb5bc1fa258a22a6f9a2a534b1',
196
+ 'wp-admin/js/dashboard.js' => '2c8218cfd143404d332975abed1aa569',
197
+ 'wp-admin/js/edit-comments.dev.js' => '6b85ab29401b236b7248d2a1aba7f209',
198
+ 'wp-admin/js/edit-comments.js' => 'f1fb0174b531476f287709b0b9a523e3',
199
+ 'wp-admin/js/editor.dev.js' => '5237280cf062f0466e1bb2c52b7585fe',
200
+ 'wp-admin/js/editor.js' => '40f8ea7fd6fe99ea9ebf66ae9af50166',
201
+ 'wp-admin/js/farbtastic.js' => 'ba2afcd06915d8d312f7140c464938c1',
202
+ 'wp-admin/js/gallery.dev.js' => 'eb4e740117c8ff840c0bad6c23cdffbe',
203
+ 'wp-admin/js/gallery.js' => '89772dfb0b8cc96168923a057ba97131',
204
+ 'wp-admin/js/inline-edit-post.dev.js' => '0803e8b6ee18cfba4bf61503f40fe9dc',
205
+ 'wp-admin/js/inline-edit-post.js' => '830550348b2fcab412282a6f0415d67a',
206
+ 'wp-admin/js/inline-edit-tax.dev.js' => '23d59c5aefc3f6f0b809e3972ba19403',
207
+ 'wp-admin/js/inline-edit-tax.js' => '8419d6590d1eacdd654695b963d1bc01',
208
+ 'wp-admin/js/link.dev.js' => 'ecf1bfdbf145bdab5a0d61ea4039ef55',
209
+ 'wp-admin/js/link.js' => 'c4a2322a9fd0b704a2c78e090d402011',
210
+ 'wp-admin/js/media-upload.dev.js' => '61af37c5377935cadec17885b0f46e99',
211
+ 'wp-admin/js/media-upload.js' => '813637207d5f403cbc32feefb0ec32d7',
212
+ 'wp-admin/js/media.dev.js' => '82151afee85ea31377c2d756319d8d87',
213
+ 'wp-admin/js/media.js' => 'f5f319c12c4a5494df30c1d326465a6b',
214
+ 'wp-admin/js/page.dev.js' => 'd94c023c0c18b0900218f78b9aad9d3b',
215
+ 'wp-admin/js/page.js' => 'd8613d8d5318ca18f488428db7e0d97f',
216
+ 'wp-admin/js/password-strength-meter.dev.js' => '2072440d1515a541623bd1ef77373c12',
217
+ 'wp-admin/js/password-strength-meter.js' => '21310235a8b2671858df84db50a44cb3',
218
+ 'wp-admin/js/plugin-install.dev.js' => '7cd872829eeaeee63270591b89d50ce9',
219
+ 'wp-admin/js/plugin-install.js' => '62abb0285535502328c0cf33f5a3db63',
220
+ 'wp-admin/js/post.dev.js' => '4758b37ba0588d0100bfad9ea7557bf9',
221
+ 'wp-admin/js/post.js' => '88ce6f35b60890ede66b1ca4c39fc4af',
222
+ 'wp-admin/js/postbox.dev.js' => '866680547d1d53c6782291784e89f873',
223
+ 'wp-admin/js/postbox.js' => '9bbabda30eba2bf23c9c9cd3b6afec1f',
224
+ 'wp-admin/js/revisions-js.php' => '55ebf5d40e3bd309adc7aea654e4b7ee',
225
+ 'wp-admin/js/slug.dev.js' => '216b3181cccbf143cef4cae1d09dcb1d',
226
+ 'wp-admin/js/slug.js' => '6856b5d635ea0863e4a0531df329c8ae',
227
+ 'wp-admin/js/tags.dev.js' => '4d39fa68e503ff895b3896b8b30ca544',
228
+ 'wp-admin/js/tags.js' => 'b4f6de1adf243fb1c4ca11109ca8358b',
229
+ 'wp-admin/js/theme-preview.dev.js' => '1594334801bab2aa5bbcac672d855780',
230
+ 'wp-admin/js/theme-preview.js' => '2a45bb51fcab2c53f7e723ca2daf1847',
231
+ 'wp-admin/js/user-profile.dev.js' => 'b1ba00820be627f9a5bb9ad51c226c6e',
232
+ 'wp-admin/js/user-profile.js' => '6f264365c799d04bf353784315b3541e',
233
+ 'wp-admin/js/utils.dev.js' => 'ff272859f10cd239e8e27cae422b6656',
234
+ 'wp-admin/js/utils.js' => 'e102613271d205d357aa317ee6c8f32b',
235
+ 'wp-admin/js/widgets.dev.js' => 'b54c11ff884ea8fcfe6e821835638da2',
236
+ 'wp-admin/js/widgets.js' => '0aabf147505c4f70b2118bf9f2cd441e',
237
+ 'wp-admin/js/word-count.dev.js' => '2e2c9c93a59d78c9004c4359a2a05161',
238
+ 'wp-admin/js/word-count.js' => 'a74398b6c7a69d86c66f1e2c2e763a36',
239
+ 'wp-admin/js/wp-gears.dev.js' => '56bb1aec2083a149e8b0dbab78eccdf2',
240
+ 'wp-admin/js/wp-gears.js' => '596473e965c68ad64c8c20b5c56e0da3',
241
+ 'wp-admin/js/xfn.dev.js' => '07f6405c0e3617f34ce1d404088fe2bb',
242
+ 'wp-admin/js/xfn.js' => 'ab6a19cf026e7befa133ff49e4d27e66',
243
+ 'wp-admin/link-add.php' => '796d273d6569da0534a5622cf41a7b8f',
244
+ 'wp-admin/link-category.php' => '699855b991c70d1af8545bbea7cf4a9f',
245
+ 'wp-admin/link-manager.php' => '0b8bd2659c2e092782ad0eff5f3a0104',
246
+ 'wp-admin/link-parse-opml.php' => 'cfef4044e1dd3c63aa482d9df48dbd7a',
247
+ 'wp-admin/link.php' => 'bfe9e765719cc2693ec86ddb15ce35ce',
248
+ 'wp-admin/load-scripts.php' => '9949f1b21c81ba97e7b6e01d910b8251',
249
+ 'wp-admin/load-styles.php' => 'efce2e0b83c74adf856048a6c3bbfb5e',
250
+ 'wp-admin/media-new.php' => '462bd844b135aa094eb1f689dcf7fb63',
251
+ 'wp-admin/media-upload.php' => '1ac316dbaaec667dd60028ae9312fa33',
252
+ 'wp-admin/media.php' => '749d3b574173c347b73efa349dffc963',
253
+ 'wp-admin/menu-header.php' => '57ab03b93f224778c3417d8ec0679eb4',
254
+ 'wp-admin/menu.php' => '35f26a3e7fd50d4a7158e7d11cdbc95d',
255
+ 'wp-admin/moderation.php' => '26f9c8e07438e56b3e12b94f5475d8d9',
256
+ 'wp-admin/options-discussion.php' => 'e10901812e3e28a2fb138843285aa7f5',
257
+ 'wp-admin/options-general.php' => '5d4f320c681787957963a6e00548a7d3',
258
+ 'wp-admin/options-head.php' => '16536ddb6e35433770f5269a80a9cf0f',
259
+ 'wp-admin/options-media.php' => '92274a35f5f6cacdaabe605970aee6ac',
260
+ 'wp-admin/options-misc.php' => '9b94164e9973b7aa32d4c2a41908f336',
261
+ 'wp-admin/options-permalink.php' => '6b7bd80a7f9c19daeb4f0d4d31f76eec',
262
+ 'wp-admin/options-privacy.php' => '942b180e8feffc42ecae4a2ad9e58e01',
263
+ 'wp-admin/options-reading.php' => 'bfcf187d9d2946041be456ef8e6d4ea9',
264
+ 'wp-admin/options-writing.php' => '7c0c1f88514d00047a2e0e8f57d917f0',
265
+ 'wp-admin/options.php' => '2643989b8e050554b10070f524362d15',
266
+ 'wp-admin/page-new.php' => 'aa59b1462889a68a71a8d98ffdd85c11',
267
+ 'wp-admin/page.php' => '4f2373d5bb33bf078067771a4ed6f56e',
268
+ 'wp-admin/plugin-editor.php' => 'f281fc531319443171cde14b73e8f096',
269
+ 'wp-admin/plugin-install.php' => '023c6bf41d1a37f1b71e67a7302dd0a0',
270
+ 'wp-admin/plugins.php' => 'b6619f40a726e7ac36f90f7977707019',
271
+ 'wp-admin/post-new.php' => 'c23c90b39bb2345ea516c70d464057b1',
272
+ 'wp-admin/post.php' => '6d188230b578fe9b8dc64402027c2436',
273
+ 'wp-admin/press-this.php' => 'f16f34810619f656cfa6c714b36ae932',
274
+ 'wp-admin/profile.php' => 'de2fd0d74ac9dd0faffa04a7c9aa05b4',
275
+ 'wp-admin/revision.php' => '450523deb2eedcdd7bcf1c28dc053a1b',
276
+ 'wp-admin/rtl.css' => '395db168cd1238d99584184ead0b324e',
277
+ 'wp-admin/setup-config.php' => 'b50f632ad687f2884ec2a91d67800bbd',
278
+ 'wp-admin/sidebar.php' => 'eea4be9ae39437e8dfabb68062bfb0d9',
279
+ 'wp-admin/theme-editor.php' => '59764ad1ed424b255e821fd90c9b8035',
280
+ 'wp-admin/theme-install.php' => '4d7007ac86975e5eb355451edea2afc3',
281
+ 'wp-admin/themes.php' => '811a00edf47053a750fa9198b160bc26',
282
+ 'wp-admin/tools.php' => '78889e58f037d26b681890f9c5b3d9db',
283
+ 'wp-admin/update-core.php' => '2d7a476b1fa1a3974310366e986ef6a3',
284
+ 'wp-admin/update-links.php' => '30008788bb31542ea7a4ad3f510be08b',
285
+ 'wp-admin/update.php' => '746bb374d256f4aa07b0d088230498ce',
286
+ 'wp-admin/upgrade-functions.php' => '33fe9811dd41ddc7f3eee22e33169ae6',
287
+ 'wp-admin/upgrade.php' => 'f1c248f62d1096cff7de2520897373f4',
288
+ 'wp-admin/upload.php' => '4bac64504760f1e307c07d606f572740',
289
+ 'wp-admin/user-edit.php' => '27b6218a8e889dc31402546644b41aa8',
290
+ 'wp-admin/user-new.php' => '4a512d13c25a87b22f98fd900deafaf8',
291
+ 'wp-admin/users.php' => '9cf52b448f5e45c74c7e9b28606f4a93',
292
+ 'wp-admin/widgets.php' => 'da925f49253bdbb131e58f9cc3e1039e',
293
+ 'wp-admin/wp-admin.css' => '27cd5586d26660072c71e77a2e530496',
294
+ 'wp-app.php' => '707b306e8c01ced508622c95eff4d880',
295
+ 'wp-atom.php' => '4c9918dd470acdbef6d9fde9e1e54491',
296
+ 'wp-blog-header.php' => '5d214b74e322860b09f7c3b606287171',
297
+ 'wp-comments-post.php' => '630d65b09e1a99f234ce7d3400efd56a',
298
+ 'wp-commentsrss2.php' => '96d5824afd7896c0913b9c43de4dd067',
299
+ 'wp-config-sample.php' => '022ff109f1bf5b1aaff3487b09455702',
300
+ 'wp-content/index.php' => '96137494913a1f730a592e8932af394e',
301
+ 'wp-content/plugins/akismet/akismet.gif' => '67a9581cbfcbeae70439582269022c45',
302
+ 'wp-content/plugins/akismet/akismet.php' => 'd5c2167c068f53caa990d92edfd8cdac',
303
+ 'wp-content/plugins/akismet/readme.txt' => '4d5e52da417aa0101054bd41e6243389',
304
+ 'wp-content/plugins/hello.php' => '00487ee0cfa3e15917db9bb48048deb4',
305
+ 'wp-content/plugins/index.php' => '96137494913a1f730a592e8932af394e',
306
+ 'wp-content/themes/classic/comments-popup.php' => '92b30369db46d783c3fb2c2d4929c5b0',
307
+ 'wp-content/themes/classic/comments.php' => '51b8f64ab323a597b961bc2f58cc5bbc',
308
+ 'wp-content/themes/classic/footer.php' => 'b2433c370b3a57058e9d6732485c0c01',
309
+ 'wp-content/themes/classic/functions.php' => 'ada708407ce454d4bbb2c86fb19812e9',
310
+ 'wp-content/themes/classic/header.php' => 'de455e9fddaf5e5f43e8473736a5308e',
311
+ 'wp-content/themes/classic/index.php' => '0083d2ae8be140e3001aa019ebc196d1',
312
+ 'wp-content/themes/classic/rtl.css' => '77120614911aa1c74c604db40b6f8a84',
313
+ 'wp-content/themes/classic/screenshot.png' => '60baf51fc9ae291e896257973cca52db',
314
+ 'wp-content/themes/classic/sidebar.php' => '3dc68f44538e33ba8d1d71147655ae72',
315
+ 'wp-content/themes/classic/style.css' => 'af8bcec8729f678ca6891d94fb84d5ac',
316
+ 'wp-content/themes/default/404.php' => 'b65bec68d5000e379eb69594fd72f729',
317
+ 'wp-content/themes/default/archive.php' => 'df48cb3d5d31be1e16d03db2cb87f31f',
318
+ 'wp-content/themes/default/archives.php' => 'd785b710f39303a8542140ceae4187fa',
319
+ 'wp-content/themes/default/comments-popup.php' => '7fe71d0aacc89dfa0ca02fc54445806e',
320
+ 'wp-content/themes/default/comments.php' => '13df173acf6544611c10e6c7fa0a1222',
321
+ 'wp-content/themes/default/footer.php' => 'a85b134a024b9d2c57c9e115642468e0',
322
+ 'wp-content/themes/default/functions.php' => '7725904936efa06d774095bc958d4fb5',
323
+ 'wp-content/themes/default/header.php' => '8665c5ba9a484fb2b6c0928efdb0ed9a',
324
+ 'wp-content/themes/default/image.php' => '16e3b8d3be0ff3824abe60181b3c0ebb',
325
+ 'wp-content/themes/default/images/audio.jpg' => '9e02a249556a063953ae1cf1c8719a98',
326
+ 'wp-content/themes/default/images/header-img.php' => 'f97e74ff319b5424a5f31409b70554ce',
327
+ 'wp-content/themes/default/images/kubrickbg-ltr.jpg' => 'fb899a26d58f085c095573b4d572f7cd',
328
+ 'wp-content/themes/default/images/kubrickbg-rtl.jpg' => '6a9d85b0c47fba2847f083594e15d5ef',
329
+ 'wp-content/themes/default/images/kubrickbgcolor.jpg' => '59ca34439ac4985d8b7e83f17fc77916',
330
+ 'wp-content/themes/default/images/kubrickbgwide.jpg' => '49ea932ba2ae3783de988f7409c1e2ee',
331
+ 'wp-content/themes/default/images/kubrickfooter.jpg' => 'b92131b91f6b17f3dae54b37b5acde5d',
332
+ 'wp-content/themes/default/images/kubrickheader.jpg' => '762773d093daa7fb6974b8ff759b3803',
333
+ 'wp-content/themes/default/index.php' => 'c5e79b8a1213a24d4e00e55db30b787e',
334
+ 'wp-content/themes/default/links.php' => '04dbeb0cf0768df26735ac1a1ea21728',
335
+ 'wp-content/themes/default/page.php' => 'bfc1ff7c028f1fd8b3aacad28ec2a804',
336
+ 'wp-content/themes/default/rtl.css' => '3f4f200c57792a6fb6c4bb3cbd8a5d75',
337
+ 'wp-content/themes/default/screenshot.png' => 'a4f53fe2cca5d931ce3bf413156dcf52',
338
+ 'wp-content/themes/default/search.php' => '2c5f95b3c960b31b9d72bbd281519fd3',
339
+ 'wp-content/themes/default/sidebar.php' => '949ab46a916a65c8ff32254dd8ee8f1d',
340
+ 'wp-content/themes/default/single.php' => 'df6ad8d5e28e53f1025cf47867367c37',
341
+ 'wp-content/themes/default/style.css' => 'c3b996b88857e0155e95f1e3591bcea0',
342
+ 'wp-content/themes/index.php' => '96137494913a1f730a592e8932af394e',
343
+ 'wp-cron.php' => 'e65d828eb949e2d87e12a1e0b684fcc4',
344
+ 'wp-feed.php' => 'ec83d6f441482af4d1fae9cbb59df43e',
345
+ 'wp-includes/atomlib.php' => '4266adfe07df3392cc31d8c1637cf893',
346
+ 'wp-includes/author-template.php' => 'eeee4fb883299d3e3e9363fc4deaa1cf',
347
+ 'wp-includes/bookmark-template.php' => '9ec74411868276638b4316f3698bc945',
348
+ 'wp-includes/bookmark.php' => '9d1d37873259f3a0622aa52e3f5d58ea',
349
+ 'wp-includes/cache.php' => '3efb3c7097649e24436699281e9506bc',
350
+ 'wp-includes/canonical.php' => 'c3dcba0d529b893cd0419f2bf2c624f6',
351
+ 'wp-includes/capabilities.php' => '03bf9309bd82e4cbd94468fa6d4f5270',
352
+ 'wp-includes/category-template.php' => 'd3f15173008793ddcabbb7b658203ec3',
353
+ 'wp-includes/category.php' => '0bb4c78710b6255af2e9b9b312a86b84',
354
+ 'wp-includes/class-feed.php' => '43014701893db5ce2b0f58c689646471',
355
+ 'wp-includes/class-IXR.php' => '96e0768733bbeeaf88f351915af3c5e8',
356
+ 'wp-includes/class-phpass.php' => 'd983dd632901b785e93a39e40776f51a',
357
+ 'wp-includes/class-phpmailer.php' => '3e6657c8713841da6c94d4fb1970b016',
358
+ 'wp-includes/class-pop3.php' => '6b89d3911c7a532c90b9ca4ae295b560',
359
+ 'wp-includes/class-simplepie.php' => 'bab6390bcd184b5f72f21b4c1bb14107',
360
+ 'wp-includes/class-smtp.php' => '9434751c23dde416a498c4f4eed2c542',
361
+ 'wp-includes/class-snoopy.php' => '5124e56fe7317607f6eb2242ede7630f',
362
+ 'wp-includes/class.wp-dependencies.php' => '582fe9c3f15503729d2c2be079cb7738',
363
+ 'wp-includes/class.wp-scripts.php' => '0dc1f8b9611f5844de9693546595717b',
364
+ 'wp-includes/class.wp-styles.php' => '3e01b21a2e4ec187b2c01d0e96485a1a',
365
+ 'wp-includes/classes.php' => 'be842f1bf347e3ee2cea08275f96d0de',
366
+ 'wp-includes/comment-template.php' => '90c1e90730fd1b4e3f243e474795d12c',
367
+ 'wp-includes/comment.php' => '8bca8443169ef93cd88b8a0f88ab78ff',
368
+ 'wp-includes/compat.php' => 'c88c90aaa8ab6a7cf6e56f0d6b92c4ca',
369
+ 'wp-includes/cron.php' => 'cae2a4cee92ebcea0b91429ee8791e84',
370
+ 'wp-includes/default-filters.php' => '13756fb823f3fa9bee42675b14b769b3',
371
+ 'wp-includes/default-widgets.php' => 'a4c5277bd2f1067d2981c98b5606caeb',
372
+ 'wp-includes/deprecated.php' => '96951213febbd4f9266cc10b9e94db62',
373
+ 'wp-includes/feed-atom-comments.php' => 'eddf5501b84eb83327ecc0d4ab8b8fc1',
374
+ 'wp-includes/feed-atom.php' => '4cb5797d085be48c8924499f2faa7b4d',
375
+ 'wp-includes/feed-rdf.php' => 'a1d78f644407921f988ad94d7732045c',
376
+ 'wp-includes/feed-rss.php' => '1e21cfa2c53976483aa6192c09ff9f63',
377
+ 'wp-includes/feed-rss2-comments.php' => 'ac578c6a75028dcf7b408e000a4be5da',
378
+ 'wp-includes/feed-rss2.php' => '0e3a592ddf682b551e9646d28c3cb143',
379
+ 'wp-includes/feed.php' => '371b9e3e381e5a08e6508319dd6b9de4',
380
+ 'wp-includes/formatting.php' => 'd3d168382db4a7b5426b93de535d9f48',
381
+ 'wp-includes/functions.php' => 'db2b108932a6ec986e4aa58a24b1d1c1',
382
+ 'wp-includes/functions.wp-scripts.php' => '3428b7c6a18ef7f827510bbd9bd53c52',
383
+ 'wp-includes/functions.wp-styles.php' => 'ca8faf3374eda261f5098a2c31687430',
384
+ 'wp-includes/general-template.php' => '1909f4773ffbe765fd071ce3facfea0b',
385
+ 'wp-includes/gettext.php' => '5296194576098b2ce03344a2b25acbfe',
386
+ 'wp-includes/http.php' => '98b5c272b999417d0ee03624b6b930ef',
387
+ 'wp-includes/images/blank.gif' => '6d22e4f2d2057c6e8d6fab098e76e80f',
388
+ 'wp-includes/images/crystal/archive.png' => '93a5da9e9cb5553d570a271c5b6e98fc',
389
+ 'wp-includes/images/crystal/audio.png' => 'b9daa96636b39b9c94475ee4f2686e11',
390
+ 'wp-includes/images/crystal/code.png' => '7943ed0e713a89c87601daec06ba272d',
391
+ 'wp-includes/images/crystal/default.png' => 'd510e9e0ac0d9dd2af7a846029c69e2b',
392
+ 'wp-includes/images/crystal/document.png' => 'e6d7abf70fe3653e0e7208da55b3dbdc',
393
+ 'wp-includes/images/crystal/interactive.png' => 'cc537b760f40258679df957cbe061a0e',
394
+ 'wp-includes/images/crystal/license.txt' => 'f01b121b601cac57c42110e8d2fc7e32',
395
+ 'wp-includes/images/crystal/spreadsheet.png' => 'b3954af9d01078755e8d2e8e819bb31a',
396
+ 'wp-includes/images/crystal/text.png' => '17c0cf58506a41596a42a7a28030e951',
397
+ 'wp-includes/images/crystal/video.png' => 'c8caf92649ddfbd515b97a455f91d113',
398
+ 'wp-includes/images/rss.png' => '0ee254a56334189fd471afeec067186f',
399
+ 'wp-includes/images/smilies/icon_arrow.gif' => '394bffa679f650b7d2f22aa263cc06ba',
400
+ 'wp-includes/images/smilies/icon_biggrin.gif' => 'f970a6591668c625e4b9dbd3b7a450d7',
401
+ 'wp-includes/images/smilies/icon_confused.gif' => '4affed1b55e5f73c9f0675ae7d0ad823',
402
+ 'wp-includes/images/smilies/icon_cool.gif' => '25c83ea511f206e88f214719dad9c88c',
403
+ 'wp-includes/images/smilies/icon_cry.gif' => '7605eca95aaeda46e641745ef6f0e0b0',
404
+ 'wp-includes/images/smilies/icon_eek.gif' => '52e43743e38a67d5d28845a104ca8c7d',
405
+ 'wp-includes/images/smilies/icon_evil.gif' => '178255bb3fe2c3aa790c1f8ec8738504',
406
+ 'wp-includes/images/smilies/icon_exclaim.gif' => 'da86bbf377f97d06047aa781a582c52f',
407
+ 'wp-includes/images/smilies/icon_idea.gif' => 'aaebc9c048367118ba65e1da46bc3e08',
408
+ 'wp-includes/images/smilies/icon_lol.gif' => 'b76e7729d43c4a49182d020741285bef',
409
+ 'wp-includes/images/smilies/icon_mad.gif' => 'e4355c00894da1bd78341a6b54d20b56',
410
+ 'wp-includes/images/smilies/icon_mrgreen.gif' => '54e8505227edae1e583cf2f9554abc3a',
411
+ 'wp-includes/images/smilies/icon_neutral.gif' => '4e8b7a51c7f60a2362a4f67fbbc937e7',
412
+ 'wp-includes/images/smilies/icon_question.gif' => '0518596a4eb94c32a2b2ed898bdc3549',
413
+ 'wp-includes/images/smilies/icon_razz.gif' => '7aec68426aa06f01e2b1ac250e5aee62',
414
+ 'wp-includes/images/smilies/icon_redface.gif' => 'd7e9d095432cbcf09375ffc782c30c23',
415
+ 'wp-includes/images/smilies/icon_rolleyes.gif' => '19071b1af987946e96dcef6ce0611c6b',
416
+ 'wp-includes/images/smilies/icon_sad.gif' => '5a50535a06def9d01076772e5e9d235b',
417
+ 'wp-includes/images/smilies/icon_smile.gif' => '9ee646ffab71107d1a11407be52f33a5',
418
+ 'wp-includes/images/smilies/icon_surprised.gif' => 'ae735b5dd659dc4b3b0f249ce59bef79',
419
+ 'wp-includes/images/smilies/icon_twisted.gif' => 'c9c3d12da1e9da699e490b86d24eee85',
420
+ 'wp-includes/images/smilies/icon_wink.gif' => 'f058206bb8ff732dbe8e7aa10d74c9cd',
421
+ 'wp-includes/images/upload.png' => '11904681d8fc3a10d44a96acec2d9044',
422
+ 'wp-includes/images/wlw/wp-comments.png' => 'f12204bb737213d9c0b530b918da182d',
423
+ 'wp-includes/images/wlw/wp-icon.png' => 'e44d22b74f7ee4435e22062d5adf4a6a',
424
+ 'wp-includes/images/wlw/wp-watermark.png' => 'c5a6a59365ad54aa20c71e79da9dfd7a',
425
+ 'wp-includes/js/autosave.dev.js' => '10cd5dfe482cfff61d7e628a81e61922',
426
+ 'wp-includes/js/autosave.js' => 'f00b01f80b2ed4e5f6753b602258874c',
427
+ 'wp-includes/js/codepress/codepress.css' => '9ac88960aa13b291891f128267233040',
428
+ 'wp-includes/js/codepress/codepress.html' => '930e281d2080dfe3e2d1cacedca458d7',
429
+ 'wp-includes/js/codepress/codepress.js' => 'aa0c74b76c8cc60de8737d59cb0e7cdf',
430
+ 'wp-includes/js/codepress/engines/gecko.js' => '7c956d369c49985b58dd290d34582219',
431
+ 'wp-includes/js/codepress/engines/khtml.js' => 'd41d8cd98f00b204e9800998ecf8427e',
432
+ 'wp-includes/js/codepress/engines/msie.js' => 'f3b838bc550dc9bc558227fafce84533',
433
+ 'wp-includes/js/codepress/engines/older.js' => 'd41d8cd98f00b204e9800998ecf8427e',
434
+ 'wp-includes/js/codepress/engines/opera.js' => 'f74fa89f8ad2fb9a181a208f10da7b85',
435
+ 'wp-includes/js/codepress/images/line-numbers.png' => 'a76c9f4012abdcc34f6a5f7e5a192a8e',
436
+ 'wp-includes/js/codepress/languages/asp.css' => '2d4b45ac584d7baa65fd044b523161c6',
437
+ 'wp-includes/js/codepress/languages/asp.js' => '26687456026882c672818c7ecb60a15a',
438
+ 'wp-includes/js/codepress/languages/autoit.css' => 'd41bb2cf55d7c5c7e47dfe3e4d86db0b',
439
+ 'wp-includes/js/codepress/languages/autoit.js' => '8d361eab73d9102e860ffefe4e4f8c6a',
440
+ 'wp-includes/js/codepress/languages/csharp.css' => '983220b0ee96cb5b166de574ad989d93',
441
+ 'wp-includes/js/codepress/languages/csharp.js' => '83dca53adedd600821680a056d250d52',
442
+ 'wp-includes/js/codepress/languages/css.css' => '7c645111eabe8877ad347cee16e592bf',
443
+ 'wp-includes/js/codepress/languages/css.js' => 'aa387749d0225b801966586cb3440feb',
444
+ 'wp-includes/js/codepress/languages/generic.css' => 'e971d7976986a2fb16f492975170bb22',
445
+ 'wp-includes/js/codepress/languages/generic.js' => '8ab6d398feb9e9c1c77525143f05ec74',
446
+ 'wp-includes/js/codepress/languages/html.css' => '7c2c3977b42d65c155c8478d7b6daf51',
447
+ 'wp-includes/js/codepress/languages/html.js' => 'fb2ded83464c3fe2f1e5b637040a3a94',
448
+ 'wp-includes/js/codepress/languages/java.css' => '12bc23938841da78e58634abf6496878',
449
+ 'wp-includes/js/codepress/languages/java.js' => '790af578062b6477d836e3fb2a7649c0',
450
+ 'wp-includes/js/codepress/languages/javascript.css' => 'dcf899b8e094d6ce00f862ccd29cd757',
451
+ 'wp-includes/js/codepress/languages/javascript.js' => '4d5da44c9fa9ecadf7798348216e9ffb',
452
+ 'wp-includes/js/codepress/languages/perl.css' => 'dfb384ec9b7e486a00395c1e770a34f9',
453
+ 'wp-includes/js/codepress/languages/perl.js' => 'e98daf8aeacba58424d112e3f6e593c8',
454
+ 'wp-includes/js/codepress/languages/php.css' => '9b73eec0ab489d7cd832fc01dac0d448',
455
+ 'wp-includes/js/codepress/languages/php.js' => '62832f855a526454f812e8b67ad826e6',
456
+ 'wp-includes/js/codepress/languages/ruby.css' => '271da30b0a22637d4c255abb60644870',
457
+ 'wp-includes/js/codepress/languages/ruby.js' => '91e8cd2f56bca1c8f494b3be0625a0d6',
458
+ 'wp-includes/js/codepress/languages/sql.css' => '02f092e68dc9db24938f5eeb3d5c8567',
459
+ 'wp-includes/js/codepress/languages/sql.js' => '0dba07c9dc503965d361f900d3eac5a1',
460
+ 'wp-includes/js/codepress/languages/text.css' => 'abaac598019c3320c840d668e3e51f29',
461
+ 'wp-includes/js/codepress/languages/text.js' => '870cfa7de88e106a459a97e65cbe4663',
462
+ 'wp-includes/js/codepress/languages/vbscript.css' => '73dca79fa86f18c94570e0e1cfc62aae',
463
+ 'wp-includes/js/codepress/languages/vbscript.js' => '26687456026882c672818c7ecb60a15a',
464
+ 'wp-includes/js/codepress/languages/xsl.css' => '07599e630b9c2c13da05e32cddc0033e',
465
+ 'wp-includes/js/codepress/languages/xsl.js' => '9c7b6a5314b3cee0810447d6f65156e9',
466
+ 'wp-includes/js/codepress/license.txt' => 'adc05bf63f3776f4f7c2950825b770a9',
467
+ 'wp-includes/js/colorpicker.dev.js' => 'a513cd35728deb3db7dcb9b75da0a62d',
468
+ 'wp-includes/js/colorpicker.js' => '3211fa8ad9b5ff52a438e30c3b7c2998',
469
+ 'wp-includes/js/comment-reply.dev.js' => '20ef5771571f1be483869066b2830c2f',
470
+ 'wp-includes/js/comment-reply.js' => '500ceaa723d95be311592bd902d6823e',
471
+ 'wp-includes/js/crop/cropper.css' => 'de9cb42ec723c60deb69440104800c22',
472
+ 'wp-includes/js/crop/cropper.js' => '1d97b296d918482e1273c56fbff6a8e2',
473
+ 'wp-includes/js/crop/marqueeHoriz.gif' => '9b4c27fccf817923f59b78fa6099c376',
474
+ 'wp-includes/js/crop/marqueeVert.gif' => '2b2adfe6df6517f146b5b7c5b86eda42',
475
+ 'wp-includes/js/hoverIntent.dev.js' => 'd0d5fed467b2ac6c1b79e88ec7a8b514',
476
+ 'wp-includes/js/hoverIntent.js' => '1fb2abfd1de9863aa4fb38e4c5dd8ac3',
477
+ 'wp-includes/js/jcrop/Jcrop.gif' => '7a4b4c6ebdb549fcbe47408f9457493e',
478
+ 'wp-includes/js/jcrop/jquery.Jcrop.css' => '3888e9f93e218814c97a146069d104f1',
479
+ 'wp-includes/js/jcrop/jquery.Jcrop.dev.js' => 'ed882314c841932770eab4413337b4b0',
480
+ 'wp-includes/js/jcrop/jquery.Jcrop.js' => 'ead9e5f733592ae8f9b227507de37ee6',
481
+ 'wp-includes/js/jquery/interface.js' => '6bc3151d1902096d20d92f6042f85757',
482
+ 'wp-includes/js/jquery/jquery.color.dev.js' => 'ec1d98b35884ecc9de0e6f058fefe6b8',
483
+ 'wp-includes/js/jquery/jquery.color.js' => '5291cf4f8f19bd8692befbebc2761440',
484
+ 'wp-includes/js/jquery/jquery.form.dev.js' => '820f80306571dbe0a1deb0b63496d85f',
485
+ 'wp-includes/js/jquery/jquery.form.js' => '2ff1a749aeaa2a874b8bd53960e982cc',
486
+ 'wp-includes/js/jquery/jquery.hotkeys.dev.js' => 'dfdd8d2cc9be955dbb8dd14aae1daf40',
487
+ 'wp-includes/js/jquery/jquery.hotkeys.js' => 'f27ed67b7faedaff1bdaaad859692e6a',
488
+ 'wp-includes/js/jquery/jquery.js' => '25e59325cb47d2ab5ea650d47f431a9c',
489
+ 'wp-includes/js/jquery/jquery.schedule.js' => '0426b39754aa6bc766d89ea4c41bbd06',
490
+ 'wp-includes/js/jquery/jquery.table-hotkeys.dev.js' => 'baa8747ae1cb2d15755733fa4f96f1b7',
491
+ 'wp-includes/js/jquery/jquery.table-hotkeys.js' => 'e56f81676f199db7bf937e69a64909fa',
492
+ 'wp-includes/js/jquery/suggest.dev.js' => '24afc2920f7ace150877a5bcbd39f409',
493
+ 'wp-includes/js/jquery/suggest.js' => 'a4c05e4240802706a7fa33ca1e6a8c74',
494
+ 'wp-includes/js/jquery/ui.core.js' => '77081f376fc4bc59694d88000fba7c3c',
495
+ 'wp-includes/js/jquery/ui.dialog.js' => '58e37a6a9905f9aa09170df90c5517e2',
496
+ 'wp-includes/js/jquery/ui.draggable.js' => '10f4e2da1843f09b7398217ce96402e2',
497
+ 'wp-includes/js/jquery/ui.droppable.js' => '422b880abd2de6c562ce1956ed6ba842',
498
+ 'wp-includes/js/jquery/ui.resizable.js' => '5c04b89c0237cb4408d364b38d0888a2',
499
+ 'wp-includes/js/jquery/ui.selectable.js' => 'bcb1ae0fac5fa2d18aa6b36ab65c59d3',
500
+ 'wp-includes/js/jquery/ui.sortable.js' => '8b26b1568a703a7ff4cc4653b4982c0a',
501
+ 'wp-includes/js/jquery/ui.tabs.js' => '92321373c9dcad8d096abd76ba18c02d',
502
+ 'wp-includes/js/prototype.js' => 'bab4179aef164e96e866b03ac432bdf7',
503
+ 'wp-includes/js/quicktags.dev.js' => '0ee241770ed514d28020ddedc9db2326',
504
+ 'wp-includes/js/quicktags.js' => '954c48f2a654620e6c8c286d6016d224',
505
+ 'wp-includes/js/scriptaculous/builder.js' => '92cc9bddf6afcff5e641eeba9e3eacc0',
506
+ 'wp-includes/js/scriptaculous/controls.js' => 'fcf61880c81c69a8c892020de19216e6',
507
+ 'wp-includes/js/scriptaculous/dragdrop.js' => 'e07ef5d6af2980f8e72cd74e67690a54',
508
+ 'wp-includes/js/scriptaculous/effects.js' => '29a97dc0bf45c93560b28421843b75c2',
509
+ 'wp-includes/js/scriptaculous/MIT-LICENSE' => 'b72c811c3e4b902332903aacd47eef47',
510
+ 'wp-includes/js/scriptaculous/prototype.js' => 'bab4179aef164e96e866b03ac432bdf7',
511
+ 'wp-includes/js/scriptaculous/scriptaculous.js' => 'b4c44f312deb6cd7f76f8684276da04c',
512
+ 'wp-includes/js/scriptaculous/slider.js' => 'e38b722aa3e5bf6f52c521d9fca0235f',
513
+ 'wp-includes/js/scriptaculous/sound.js' => 'd654e517c3813d9a21280b6c2e58a8db',
514
+ 'wp-includes/js/scriptaculous/unittest.js' => 'b41840d00193331f0fb68fc54f1085c6',
515
+ 'wp-includes/js/scriptaculous/wp-scriptaculous.js' => '1b6a98a2e2b55d90a88524faea79f0a8',
516
+ 'wp-includes/js/swfobject.js' => 'eaa5417940c71f441b016b12c534665d',
517
+ 'wp-includes/js/swfupload/handlers.dev.js' => '6659d58b56b0aa9121f88dd048acee1c',
518
+ 'wp-includes/js/swfupload/handlers.js' => 'fd1fdc830e7c1c1e4b6d3f0b29a2da05',
519
+ 'wp-includes/js/swfupload/plugins/swfupload.cookies.js' => '7fa57ec00dda88dd6b5c2037ccb4d5cf',
520
+ 'wp-includes/js/swfupload/plugins/swfupload.queue.js' => '9953522fbd4a1b02bbf635a92d76cd8f',
521
+ 'wp-includes/js/swfupload/plugins/swfupload.speed.js' => '415a3787846bb6c2d745602c2afb73ac',
522
+ 'wp-includes/js/swfupload/plugins/swfupload.swfobject.js' => 'cea8193a75561bb8ba40ea1809b96c67',
523
+ 'wp-includes/js/swfupload/swfupload-all.js' => '8c132780860b2d20c1837c6e05869393',
524
+ 'wp-includes/js/swfupload/swfupload.js' => '603bd14299f61a7329b2d353b2b56c2f',
525
+ 'wp-includes/js/swfupload/swfupload.swf' => '3a1c6cc728dddc258091a601f28a9c12',
526
+ 'wp-includes/js/thickbox/loadingAnimation.gif' => 'c33734a1bf58bec328ffa27872e96ae1',
527
+ 'wp-includes/js/thickbox/macFFBgHack.png' => '6e63d8058c61e28953cc285de8d5c37d',
528
+ 'wp-includes/js/thickbox/tb-close.png' => '7c088dbddefa7aff7a860580a98f3e30',
529
+ 'wp-includes/js/thickbox/thickbox.css' => '9e2094eaecb034d8e9d3d726518aab05',
530
+ 'wp-includes/js/thickbox/thickbox.js' => '4988c924f8df0898cabbca27c2dc57ef',
531
+ 'wp-includes/js/tinymce/blank.htm' => 'f3519538055a4d1fdbe39fb84def65a5',
532
+ 'wp-includes/js/tinymce/langs/wp-langs-en.js' => '6f3b5dc08823e70c717422e13b3ce1c9',
533
+ 'wp-includes/js/tinymce/langs/wp-langs.php' => '03aa60302f8952eefa358b771284ee21',
534
+ 'wp-includes/js/tinymce/license.txt' => '0571cf371683742c14f1735079a78e38',
535
+ 'wp-includes/js/tinymce/plugins/directionality/editor_plugin.js' => '653c3a89058b610fd12242faf4f01cdf',
536
+ 'wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js' => '994124fa3bbad1cfc9fb9900c10a6b00',
537
+ 'wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm' => 'ca9817da53d28adaee86603ca94d69dc',
538
+ 'wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js' => '047a9618f11ee697eec716c88dedd8e8',
539
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif' => '56646a5e811547c8bc3d1b9790496b89',
540
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/button.gif' => '9e911a2c3cb4720d44844ef2d1832a51',
541
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif' => '2e101a4aa637bfd16cef7e763e8c2eed',
542
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif' => '44f1d55b14fbc66b98f3899d90611c3c',
543
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif' => '2e89a17a473f0e488f3e789ce998f064',
544
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/drag.gif' => 'c8984e70b184ca51bc427aa106c29453',
545
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif' => '0365e75dd4a9ad61dc98dcb641207c21',
546
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif' => '193884a332e91059643448ed4bde2e04',
547
+ 'wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css' => '0fb7cbeaf364b4377fb3126384482aec',
548
+ 'wp-includes/js/tinymce/plugins/inlinepopups/template.htm' => '2b2ca7c291b8b1b867b44a6e5bca7991',
549
+ 'wp-includes/js/tinymce/plugins/media/css/content.css' => 'ebcad73e7f6785a308328129aa90d5cb',
550
+ 'wp-includes/js/tinymce/plugins/media/css/media.css' => '51795abbefc981b9f77083afd672a495',
551
+ 'wp-includes/js/tinymce/plugins/media/editor_plugin.js' => '8711a73c0d6d417b635bf646dc5091c8',
552
+ 'wp-includes/js/tinymce/plugins/media/img/flash.gif' => '6c69b02015d09280332ff8b07e4ea2f3',
553
+ 'wp-includes/js/tinymce/plugins/media/img/flv_player.swf' => 'fe011e9725b2722b59bb8ef4991bf6bb',
554
+ 'wp-includes/js/tinymce/plugins/media/img/quicktime.gif' => '9a6a9fdead205b125c07ea37e71ed4f1',
555
+ 'wp-includes/js/tinymce/plugins/media/img/realmedia.gif' => 'b9734ee16d790e67bea01046feba28b7',
556
+ 'wp-includes/js/tinymce/plugins/media/img/shockwave.gif' => 'baa643b587565755157618032dc93e3c',
557
+ 'wp-includes/js/tinymce/plugins/media/img/trans.gif' => '12bf9e19374920de3146a64775f46a5e',
558
+ 'wp-includes/js/tinymce/plugins/media/img/windowsmedia.gif' => 'c327cd167b3a7bc263d908b0d0154ead',
559
+ 'wp-includes/js/tinymce/plugins/media/js/embed.js' => '5df3783492b848adde42124a1e9cf383',
560
+ 'wp-includes/js/tinymce/plugins/media/js/media.js' => 'cac808d6007f1003b334e315f01ceec6',
561
+ 'wp-includes/js/tinymce/plugins/media/media.htm' => '03453eabdffe90cf7e9406d618b78c10',
562
+ 'wp-includes/js/tinymce/plugins/paste/blank.htm' => '5dbbcbc1f4bcbe5fe9f22905a7838b57',
563
+ 'wp-includes/js/tinymce/plugins/paste/editor_plugin.js' => 'e203448d1abcf685301d3f6a24251ced',
564
+ 'wp-includes/js/tinymce/plugins/paste/js/pastetext.js' => '9db07e9a6d27f06ee292ee9d0793a725',
565
+ 'wp-includes/js/tinymce/plugins/paste/js/pasteword.js' => '179e37760324b39e7d41b61bc707abb3',
566
+ 'wp-includes/js/tinymce/plugins/paste/pastetext.htm' => 'b82c2ee67a44ac0915ba6693ab622a36',
567
+ 'wp-includes/js/tinymce/plugins/paste/pasteword.htm' => 'd958f3b1931464c30d68b499231f9d63',
568
+ 'wp-includes/js/tinymce/plugins/safari/blank.htm' => 'c9a4909a579f24cd23fc0ae847e06241',
569
+ 'wp-includes/js/tinymce/plugins/safari/editor_plugin.js' => '9bf27e117e423eea7754fb6e471276ee',
570
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php' => '5688c3912e266411fea5c40e452a616e',
571
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php' => 'c6481cd9c06b9e3e4ed27c3ffdadee9b',
572
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php' => 'dbc6556b5e976cbe545a0760c16d4ab9',
573
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php' => '14be5b8b59128d99893c4bc2031c10f8',
574
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php' => '69d90a002a9989573165fb83891f83df',
575
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php' => '45c8c0209512901903c4892950a5378b',
576
+ 'wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php' => '317dfd9569fb1169121809b4b7bcf36e',
577
+ 'wp-includes/js/tinymce/plugins/spellchecker/config.php' => 'fe7abad1a001941469e265cb1d588c38',
578
+ 'wp-includes/js/tinymce/plugins/spellchecker/css/content.css' => 'd236d4333281b4eae7a1e2b514b691f4',
579
+ 'wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js' => '1cb7ad26e99573dae76e9db4bf8eacae',
580
+ 'wp-includes/js/tinymce/plugins/spellchecker/img/wline.gif' => 'c136c9f8e00718a98947a21d8adbcc56',
581
+ 'wp-includes/js/tinymce/plugins/spellchecker/includes/general.php' => '00038d123e736cce0e321612695dc596',
582
+ 'wp-includes/js/tinymce/plugins/spellchecker/rpc.php' => 'e650bc1a0db28fa7b6402ebf83349ed1',
583
+ 'wp-includes/js/tinymce/plugins/tabfocus/editor_plugin.js' => '1a8e22759ea3340a010af52f4210a26e',
584
+ 'wp-includes/js/tinymce/plugins/wordpress/css/content.css' => '947de1cd730bff4b3cea0bc8c5ec1178',
585
+ 'wp-includes/js/tinymce/plugins/wordpress/editor_plugin.dev.js' => 'b1a44bb492d150ba2fc3ef091649a6ac',
586
+ 'wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js' => 'dd5628adfb50edf54fe9f81e2eb9d210',
587
+ 'wp-includes/js/tinymce/plugins/wordpress/img/audio.gif' => 'edc58dce8aab5d12e83fd4aac849cc05',
588
+ 'wp-includes/js/tinymce/plugins/wordpress/img/help.gif' => '4cd4a5d2cdcd74c8aeced17813afd6ea',
589
+ 'wp-includes/js/tinymce/plugins/wordpress/img/image.gif' => 'c25dc2e7e5c0c2203ca0ca516ca852a9',
590
+ 'wp-includes/js/tinymce/plugins/wordpress/img/media.gif' => 'b1a62e29a44128ae7a3d932b4941ea33',
591
+ 'wp-includes/js/tinymce/plugins/wordpress/img/more.gif' => 'dff3bc0a01a614b601b7826415bfe4ca',
592
+ 'wp-includes/js/tinymce/plugins/wordpress/img/more_bug.gif' => 'c38cc928b95c0be49ec083648084d190',
593
+ 'wp-includes/js/tinymce/plugins/wordpress/img/page.gif' => 'ec8d1ed1b0fd137cacdda9e316ebed31',
594
+ 'wp-includes/js/tinymce/plugins/wordpress/img/page_bug.gif' => '32a68c86a6beffdd042abf0b0c595328',
595
+ 'wp-includes/js/tinymce/plugins/wordpress/img/toolbars.gif' => '33e46a907572061c981e459ae022b40d',
596
+ 'wp-includes/js/tinymce/plugins/wordpress/img/trans.gif' => '12bf9e19374920de3146a64775f46a5e',
597
+ 'wp-includes/js/tinymce/plugins/wordpress/img/video.gif' => '10a455edf8439d00599854ffd2add437',
598
+ 'wp-includes/js/tinymce/plugins/wpeditimage/css/editimage-rtl.css' => '9afbd20302a56bc9e0d7bcc5c3c61c7c',
599
+ 'wp-includes/js/tinymce/plugins/wpeditimage/css/editimage.css' => '316db36315e941a43831b726bc7cc7ad',
600
+ 'wp-includes/js/tinymce/plugins/wpeditimage/editimage.html' => '60340807d945876ff6da82338c84153a',
601
+ 'wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.dev.js' => '7e2136d5e077774bb677dcf3576cb203',
602
+ 'wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js' => 'c4c59bfbf6ac1101ee884761914d76da',
603
+ 'wp-includes/js/tinymce/plugins/wpeditimage/img/delete.png' => '748b2a72b7e2aeec7e32f3f1846b5ff9',
604
+ 'wp-includes/js/tinymce/plugins/wpeditimage/img/image.png' => 'a7a2baa789bbfef570b3c4be0a838ebd',
605
+ 'wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.js' => 'bb5ecafedc219aac400807dc283fe273',
606
+ 'wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.dev.js' => '208d2715778f5e1f2086e5efba4be695',
607
+ 'wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js' => 'c9fdf1db2027922e9bbdcd77dac6fb8b',
608
+ 'wp-includes/js/tinymce/plugins/wpgallery/img/delete.png' => '748b2a72b7e2aeec7e32f3f1846b5ff9',
609
+ 'wp-includes/js/tinymce/plugins/wpgallery/img/edit.png' => '9554f2aa129d2d01e247a73669bb832d',
610
+ 'wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png' => '1f35ba36cb43f1c5382a13e6941483df',
611
+ 'wp-includes/js/tinymce/plugins/wpgallery/img/t.gif' => '12bf9e19374920de3146a64775f46a5e',
612
+ 'wp-includes/js/tinymce/themes/advanced/about.htm' => '7e80709c52260a0022f7f336b72cd71b',
613
+ 'wp-includes/js/tinymce/themes/advanced/anchor.htm' => 'b84f177905e368a80d9a25e728182794',
614
+ 'wp-includes/js/tinymce/themes/advanced/charmap.htm' => 'cf2e5b2fec3c06f763bd176d87ed4d0e',
615
+ 'wp-includes/js/tinymce/themes/advanced/color_picker.htm' => 'a7a73c580a302db16002989c84c5bf4c',
616
+ 'wp-includes/js/tinymce/themes/advanced/editor_template.js' => 'e4f47b78c98d99433c91ec4a145f7ff5',
617
+ 'wp-includes/js/tinymce/themes/advanced/image.htm' => '08e69d593392dd50963dcb346ca0071c',
618
+ 'wp-includes/js/tinymce/themes/advanced/img/colorpicker.jpg' => '02ae48639aa5729e6a40fb64455c32a2',
619
+ 'wp-includes/js/tinymce/themes/advanced/img/fm.gif' => 'ac4a63cad5d195d24ec4c91121e9be2f',
620
+ 'wp-includes/js/tinymce/themes/advanced/img/gotmoxie.png' => 'c1fb3ef2ad854a88d9eb8ee32d15e4ad',
621
+ 'wp-includes/js/tinymce/themes/advanced/img/icons.gif' => 'e893a1f9e0c9c6240ba28756cf838f5f',
622
+ 'wp-includes/js/tinymce/themes/advanced/img/sflogo.png' => '18cbf7ea0ccc1d0aa42260aa9787af6f',
623
+ 'wp-includes/js/tinymce/themes/advanced/js/about.js' => 'cd4f25e57d9c7c3c5eaed2b4234c8787',
624
+ 'wp-includes/js/tinymce/themes/advanced/js/anchor.js' => '8988b8d83a5d753ddcb3600b976780fd',
625
+ 'wp-includes/js/tinymce/themes/advanced/js/charmap.js' => '27f30d99721bd0ff665a443c49a22702',
626
+ 'wp-includes/js/tinymce/themes/advanced/js/color_picker.js' => '2ce934aa3086cba10c51c6d055177f8f',
627
+ 'wp-includes/js/tinymce/themes/advanced/js/image.js' => 'fd4ba60e7499e1e06d8efc5841073a44',
628
+ 'wp-includes/js/tinymce/themes/advanced/js/link.js' => '85e3d12f288b9ead43fd6f4e3b341815',
629
+ 'wp-includes/js/tinymce/themes/advanced/js/source_editor.js' => 'cd02d9651fd1f076f4ac5d7d7961bd58',
630
+ 'wp-includes/js/tinymce/themes/advanced/link.htm' => '86603ac86e519d4d65fe077fb4d8d0be',
631
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/content.css' => '2f921f2c07fa24953530b23bf2000e0a',
632
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/dialog.css' => '61f260cc574683934afbb0af6917179c',
633
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/buttons.png' => '1e0acdc2135897e6a95bb40cfde2fbc6',
634
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/items.gif' => '5cb42865ce70a58d420786854fed4ae1',
635
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_arrow.gif' => 'e21752451a9d80e276fef7b602bdbdba',
636
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_check.gif' => 'c7d003885737f94768eecae49dcbca63',
637
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/progress.gif' => '50c5e3e79b276c92df6cc52caeb464f0',
638
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/img/tabs.gif' => '93f97588a35da1f45fdcb975d4380913',
639
+ 'wp-includes/js/tinymce/themes/advanced/skins/default/ui.css' => '95f5bbc6ea992fcb641f0275025dc438',
640
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/content.css' => '4a0a94603795b7bfc41ff76ea8889db7',
641
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/dialog.css' => '55252ba2c0ed8e6cf62e28e111cb3b4d',
642
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg.png' => '8c9b1f0ee9deb6374983650edbd6ddfc',
643
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg_black.png' => 'a5ad448e9c25120cb7e05fffe4a6234f',
644
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg_silver.png' => '5690ef573f4dc74ec3eb4d101806976e',
645
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui.css' => 'b9db394d414b1d2f0d8930522e676c5d',
646
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui_black.css' => 'dd03578fd4e33798de6d86c4564e4c66',
647
+ 'wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui_silver.css' => '623a420867f1da38168b5ab0eac1afcc',
648
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/content.css' => 'a1b36551d8a606622d8fa44f42850ec7',
649
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css' => '9c93f6a41d7c635d738dd6796536a7c3',
650
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/butt2.png' => 'f8177b2875cc2f1988f3a8645edfddb8',
651
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/button_bg.png' => '8c9b1f0ee9deb6374983650edbd6ddfc',
652
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/down_arrow.gif' => '7bbbc00f708a791dc4e674f9e21aa2ca',
653
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/fade-butt.png' => 'e6c8b1c6db50db66bf04da9bbbe3ee0e',
654
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/separator.gif' => '9636c1e228dc5d7c58ec2722a6d9ec23',
655
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/tabs.gif' => '93f97588a35da1f45fdcb975d4380913',
656
+ 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css' => 'a464cac9829cb4b064c6e3f91fcccb7c',
657
+ 'wp-includes/js/tinymce/themes/advanced/source_editor.htm' => '4b5f5a3e7846a30fe9dcb878f9e8f2cb',
658
+ 'wp-includes/js/tinymce/tiny_mce.js' => '56c606da29ea9b8f8d823eeab8038ee8',
659
+ 'wp-includes/js/tinymce/tiny_mce_popup.js' => 'd9e6163fd6707bf0582635247bc17a5c',
660
+ 'wp-includes/js/tinymce/utils/editable_selects.js' => '6ae9d8d2ae563c29652b41b0ace13cc1',
661
+ 'wp-includes/js/tinymce/utils/form_utils.js' => '950d229c37a570fc26a13da71d73f9b8',
662
+ 'wp-includes/js/tinymce/utils/mctabs.js' => '7727d6ef7c831c363ebfe40fc3f4e144',
663
+ 'wp-includes/js/tinymce/utils/validate.js' => '6fc5abb84e8ba8ba87b12ad6806f48d1',
664
+ 'wp-includes/js/tinymce/wp-mce-help.php' => '396ace74429f86a0e7ea9c196554e537',
665
+ 'wp-includes/js/tinymce/wp-tinymce.js' => '9d2c582fe6cb12203ad0b857a029bd33',
666
+ 'wp-includes/js/tinymce/wp-tinymce.js.gz' => '953c4f11c4e771f648c1fe2d51c597fb',
667
+ 'wp-includes/js/tinymce/wp-tinymce.php' => '36a26bc150dabe78aea06beff9058063',
668
+ 'wp-includes/js/tw-sack.dev.js' => 'b989a5bd84f6ebcbc1393ec003e6e991',
669
+ 'wp-includes/js/tw-sack.js' => 'f103f8c3fb6d11562faf82f3943459c7',
670
+ 'wp-includes/js/wp-ajax-response.dev.js' => 'ddc65b357dbc1b10b4a9eeb97a4bd704',
671
+ 'wp-includes/js/wp-ajax-response.js' => '18554862b00befc3db669e3c4af0f568',
672
+ 'wp-includes/js/wp-lists.dev.js' => '3307a4b7fce5e39e3c13f0e3478cbb5d',
673
+ 'wp-includes/js/wp-lists.js' => '2dfd550d6f8fc069af07cbc3464f152a',
674
+ 'wp-includes/kses.php' => '0a3e7ca281994629c2b091e537e4768e',
675
+ 'wp-includes/l10n.php' => '2191989044dae399616ea2d3a2b856db',
676
+ 'wp-includes/link-template.php' => '687cfc21bcc3b13c6f1d8ec022e8ba45',
677
+ 'wp-includes/locale.php' => '42760339c4260cddfab481d88bdc6929',
678
+ 'wp-includes/media.php' => 'd7b38dee5a651413b7f40c823aad1a86',
679
+ 'wp-includes/pluggable.php' => '0465eaba3ecfa5ebd9264ba58b2d1863',
680
+ 'wp-includes/plugin.php' => 'f0d038d8bdb368ea4bc42e1145f3eeca',
681
+ 'wp-includes/pomo/entry.php' => '9a81062822fedc441fc78fdde236e828',
682
+ 'wp-includes/pomo/mo.php' => '44ffa96a94e1fbaee380b492a4743ddd',
683
+ 'wp-includes/pomo/po.php' => '2dbafc1b5a3b744fafcb87b084767f0d',
684
+ 'wp-includes/pomo/streams.php' => 'db2cea2608720e1e990c3107b184915e',
685
+ 'wp-includes/pomo/translations.php' => '74140db3d59851b6408c4cab7465bd14',
686
+ 'wp-includes/post-template.php' => 'c9595436224ad85c3fe2d2caf5179306',
687
+ 'wp-includes/post.php' => '9700da001f10b7facafb0557ed263f22',
688
+ 'wp-includes/query.php' => '90dfacd0c7cf00db760535f4b1d5d930',
689
+ 'wp-includes/registration-functions.php' => '9621cfd0209996069892c3214bae4063',
690
+ 'wp-includes/registration.php' => 'a800b21a86328185de2e1ef65304efa1',
691
+ 'wp-includes/rewrite.php' => 'b8dbe81f44e079a1c9efca93c88444ad',
692
+ 'wp-includes/rss-functions.php' => '05445df90595598ba7523ad41119ca9d',
693
+ 'wp-includes/rss.php' => '082d21011a174ce558228df2fff3ebd5',
694
+ 'wp-includes/script-loader.php' => '347dfeb2db4558a5385e50eaffbd2e61',
695
+ 'wp-includes/shortcodes.php' => '58d0eee6e67c75b689d6663e3eaa3acb',
696
+ 'wp-includes/streams.php' => '45adcc60484e4cea869dc82aa44a84e5',
697
+ 'wp-includes/taxonomy.php' => 'eccfcfdb0471dbccbc86620d5c915459',
698
+ 'wp-includes/template-loader.php' => '2bec981bd5faa5f0ffd1a4a336123bf1',
699
+ 'wp-includes/Text/Diff/Engine/native.php' => 'e247115bac139d02c6187d21e9d2e5de',
700
+ 'wp-includes/Text/Diff/Engine/shell.php' => 'd41590be828b5ccd5a09ea48d6cc117c',
701
+ 'wp-includes/Text/Diff/Engine/string.php' => 'ec8296ac7f8f6a9d84ffa09d8153dd72',
702
+ 'wp-includes/Text/Diff/Engine/xdiff.php' => '741ea02215b1ca4eb1c8d64a07f3a450',
703
+ 'wp-includes/Text/Diff/Renderer/inline.php' => '29ef69f38612d424595e338d43008746',
704
+ 'wp-includes/Text/Diff/Renderer.php' => '29d72d407f3c7e0362927215688d50f1',
705
+ 'wp-includes/Text/Diff.php' => '9e7164b2b3f56bbedc4e3383306261d0',
706
+ 'wp-includes/theme.php' => '66e1632a0cc13076e1f52e80ea3c2d90',
707
+ 'wp-includes/update.php' => '720be5817f33aee75ce5ddcd576e326f',
708
+ 'wp-includes/user.php' => '26b61667c947a336dd2dd548cd6c2703',
709
+ 'wp-includes/vars.php' => '2dd14f006c7f5f487317b4604d886528',
710
+ 'wp-includes/version.php' => '8de61a5a2ab8e75342dc57e328d71b21',
711
+ 'wp-includes/widgets.php' => '84ed20db54832ba0993931f8772bb723',
712
+ 'wp-includes/wlwmanifest.xml' => '8da76e497b2666873eaa3b2f9f19617b',
713
+ 'wp-includes/wp-db.php' => '9a1b0140ad2fc8658e2a64ab7d56440a',
714
+ 'wp-includes/wp-diff.php' => 'f29611675ebc56fc420ee4d7b8eecf90',
715
+ 'wp-links-opml.php' => '8f6823712a343058ed74b9f132804a45',
716
+ 'wp-load.php' => '8be2dfe7b0f86a84d27c9ad98bc50591',
717
+ 'wp-login.php' => '33d7b90462627674dfe53cc85317f9d6',
718
+ 'wp-mail.php' => '34e33f2f88fe36295b5d9cc7838a5ae6',
719
+ 'wp-pass.php' => 'b2d13ddac2f77eaeb09717da09b21e53',
720
+ 'wp-rdf.php' => 'efab873ea26cfa56e6f4aa4c3eaa988b',
721
+ 'wp-register.php' => '287dc5ab04cb97e1a45873f1c87525ca',
722
+ 'wp-rss.php' => '6e22f880b0db7beababe042e995cea43',
723
+ 'wp-rss2.php' => 'ec83d6f441482af4d1fae9cbb59df43e',
724
+ 'wp-settings.php' => '833527f7bc8916434420e3a6d91b290c',
725
+ 'wp-trackback.php' => '0723b47768875a2c89b5af969741b03f',
726
+ 'xmlrpc.php' => '90a7b9b557f12b29ab38401fa1dc94dc',
727
+ );
728
+ ?>
readme.txt CHANGED
@@ -1,8 +1,8 @@
1
  === WordPress Exploit Scanner ===
2
  Contributors: donncha, duck_, ryan, azaozz
3
  Tags: hacking, spam, hack, crack, exploit, vulnerability
4
- Tested up to: 2.8.5
5
- Stable tag: 0.6
6
  Requires at least: 2.7.1
7
  Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
8
 
@@ -13,12 +13,16 @@ This plugin searches the files on your website, and the posts and comments table
13
 
14
  It does not remove anything. That is left to the user to do.
15
 
16
- MD5 for version 0.1: 6a88a18a37c4add7dabd72fc97be13b6
17
- MD5 for version 0.2: 48dd892fb9c41899af14e9cf94ec7ea8
18
- MD5 for version 0.3: 44cc8a46861f18698789357fa2fc7e60
19
- MD5 for version 0.4: 54f04bb11ab369063a9c8cc34fe9ee86
20
- MD5 for version 0.5: e434bad527c860ebf95777c05d551784
21
- MD5 for hashes-2.8.5.php: a64eb922fa9d21bd43398467e8eb67cc
 
 
 
 
22
 
23
  See the [WordPress Exploit Scanner homepage](http://ocaoimh.ie/exploit-scanner/) for further information.
24
 
1
  === WordPress Exploit Scanner ===
2
  Contributors: donncha, duck_, ryan, azaozz
3
  Tags: hacking, spam, hack, crack, exploit, vulnerability
4
+ Tested up to: 2.8.6
5
+ Stable tag: 0.7
6
  Requires at least: 2.7.1
7
  Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
8
 
13
 
14
  It does not remove anything. That is left to the user to do.
15
 
16
+ * MD5 for version 0.7: 1d4b6797f10685bd271ebc1ec17b782c
17
+ * MD5 for version 0.6: a36d9eb168e51b62c61b1ab4afee8243
18
+ * MD5 for version 0.5: e434bad527c860ebf95777c05d551784
19
+ * MD5 for version 0.4: 54f04bb11ab369063a9c8cc34fe9ee86
20
+ * MD5 for version 0.3: 44cc8a46861f18698789357fa2fc7e60
21
+ * MD5 for version 0.2: 48dd892fb9c41899af14e9cf94ec7ea8
22
+ * MD5 for version 0.1: 6a88a18a37c4add7dabd72fc97be13b6
23
+
24
+ * MD5 for hashes-2.8.6.php: 32a343d966821502113b7813c9195389
25
+ * MD5 for hashes-2.8.5.php: a64eb922fa9d21bd43398467e8eb67cc
26
 
27
  See the [WordPress Exploit Scanner homepage](http://ocaoimh.ie/exploit-scanner/) for further information.
28