WordPress.org

Ready to get started?Download WordPress

Forums

Jetpack by WordPress.com
[resolved] LizaMoon SQL Injection (2 posts)

  1. dai1976
    Member
    Posted 1 year ago #

    Thanks for Wordfence security i discovered one of my sites had the LizaMoon SQL Injection attack that is currently doing the rounds..

    it was in the jetpack twitter.php , and looks like this

    function normalize_tweet_text( $text ) {
    // Hack to replace this junk from the tweets.
    // /2011/03/31/lizamoon_mass_injection_attack/
    return str_replace( '</title><script src=http://lizamoon.com/ur.php></script>', '', $text );
    }

    function normalize_tweet_text( $text ) {
    // Hack to replace this junk from the tweets.
    // /2011/03/31/lizamoon_mass_injection_attack/
    return str_replace( '</title><script src=http://lizamoon.com/ur.php></script>', '', $text );
    }

    i deleted jetpack because i was unsure of how to deal with this

    anyone else had this ?

    ps i had to remove parts of it because it camw up on here as a link ..

    http://wordpress.org/extend/plugins/jetpack/

  2. Jeremy Herve
    Member
    Posted 1 year ago #

    No worries, this code was actually there to protect your site from malicious SQL injections.

    However, the code has now been removed from the Jetpack plugin.

    You can read more about it here:
    http://wordpress.org/support/topic/lizamoon-reference-in-jetpack-twitter-php-file?replies=9

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic