Forums

WordPress › Support » Plugins and Hacks

Jetpack by WordPress.com
[resolved] LizaMoon SQL Injection (2 posts)

  1. dai1976
    Member
    Posted 7 months ago #

    Thanks for Wordfence security i discovered one of my sites had the LizaMoon SQL Injection attack that is currently doing the rounds..

    it was in the jetpack twitter.php , and looks like this

    function normalize_tweet_text( $text ) {
    // Hack to replace this junk from the tweets.
    // /2011/03/31/lizamoon_mass_injection_attack/
    return str_replace( '</title><script src=http://lizamoon.com/ur.php></script>', '', $text );
    }

    function normalize_tweet_text( $text ) {
    // Hack to replace this junk from the tweets.
    // /2011/03/31/lizamoon_mass_injection_attack/
    return str_replace( '</title><script src=http://lizamoon.com/ur.php></script>', '', $text );
    }

    i deleted jetpack because i was unsure of how to deal with this

    anyone else had this ?

    ps i had to remove parts of it because it camw up on here as a link ..

    http://wordpress.org/extend/plugins/jetpack/

  2. Jeremy Herve
    Member
    Posted 7 months ago #

    No worries, this code was actually there to protect your site from malicious SQL injections.

    However, the code has now been removed from the Jetpack plugin.

    You can read more about it here:
    http://wordpress.org/support/topic/lizamoon-reference-in-jetpack-twitter-php-file?replies=9

Reply

You must log in to post.

About this Plugin

About this Topic

Tags