[Plugin: Better WP Security] function eval

Viewing 6 replies - 1 through 6 (of 6 total)
  • Bit51 (part of the iThemes family)

    (@bit51)

    11 years, 8 months ago

    Hi Bruno, what problems was this causing for you?

    Thread Starter Brunozit

    (@brunozit)

    11 years, 8 months ago

    Hello,

    I have got intrusion caused by using the fontion eval.
    détected by threat-scan-plugin that Better WP Security because it has the eval function. Is that true?

    intrusion was caused by the wp-blog-header.php containing malicious code.

    Thank you for your help

    Bruno

    Thread Starter Brunozit

    (@brunozit)

    11 years, 8 months ago

    Hello,

    Scanning Themes and Plugins for eval détected by threat-scan-plugin
    Files:
    /wp-content/plugins/better-wp-security/inc/secure.php
    49: strpos( $_SERVER[‘REQUEST_URI’], “eval(” ) ||
    plugin caused many problèmes intrusion and injection malicious code.

    Thank you for your help

    Bruno

    Bit51 (part of the iThemes family)

    (@bit51)

    11 years, 8 months ago

    Ahhh… eval can be used as an attack vector. In this case it is found in the code that is added to .htaccess to detect malicious scripts (it isn’t being executed but is in fact being used in the same fashion as your threat scanner.)

    Thread Starter Brunozit

    (@brunozit)

    11 years, 8 months ago

    Hello,

    I just wanted to draw your attention to the subject.
    Thank you for your explanation of eval.

    Bruno

    Bit51 (part of the iThemes family)

    (@bit51)

    11 years, 7 months ago

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: Better WP Security] function eval’ is closed to new replies.

Tags