WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix Secure WordPress
[resolved] [Plugin: Secure WordPress] Code injection Scanner (3 posts)

  1. danka
    Member
    Posted 3 years ago #

    Would be cool if you make a scanner to check for code injection in all code files [php, js, css] and database, I mean code injection like this ones, but not limited to:
    eval(gzinflate(base64_decode('Code')))
    eval(gzinflate(str_rot13(base64_decode('Code'))))
    eval(gzinflate(base64_decode(str_rot13('Code'))))
    eval(gzinflate(base64_decode(base64_decode(str_rot13('Code')))))
    eval(gzuncompress(base64_decode('Code')))
    eval(gzuncompress(str_rot13(base64_decode('Code'))))
    eval(gzuncompress(base64_decode(str_rot13('Code'))))
    eval(base64_decode('Code'))
    eval(str_rot13(gzinflate(base64_decode('Code'))))
    eval(gzinflate(base64_decode(strrev(str_rot13('Code')))))
    eval(gzinflate(base64_decode(strrev('Code'))))
    eval(gzinflate(base64_decode(str_rot13('Code'))))
    eval(gzinflate(base64_decode(str_rot13(strrev('Code')))))

    There are also some injections that some guys do in Free themes ans some free plugins... for example, they try to include a URL in many places as possible, including external image links to get who is using their theme/plugin verifying by link reference, this could be solved hiding the referer in external links, or just removing the link. I think this feature is desired to avoid being target.

    Thanks.

    http://wordpress.org/extend/plugins/secure-wordpress/

  2. Frank
    Member
    Posted 3 years ago #

    yes, this plugin use bas64_decode for view very fast images via base64 string and not a http-request. The scanner scna only for the function, not what to do the function.

  3. danka
    Member
    Posted 3 years ago #

    Sorry, I think I was not clear enough...

    I was referring to people that offer Themes and plugins for free, and some times they hide codes using some of the techniques I told in my first post... and such hided code could represent a problem... for example, say that the hided code inject things on DB or in other files or do something worst... so, the propose is to add a scanner in this plugin to check for encoded hided codes in the Themes and plugins and maybe in all other WP files...

    If someone cant understand yet what I am saying... take a look on the plugin TAC... this plugin is limited only to scan Themes, and it dont check for all types of code injection...

    Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic