WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WordPress Exploit Scanner] Evals and Base 64's (2 posts)

  1. Steve D
    Member
    Posted 4 years ago #

    Excuse me for being ignorant. But I'm learning. What is this stuff?

    Could be JavaScript code used to hide code inserted by a hacker.
    input = eval('(' + input + ')');

    I have six of the above input = eval('(' + input + ')'); in php's of some plugins. And one each in plugin php's below.

    Often used by malicous scripts to decode previously encoded data, such as malicious URLs
    $data = base64_decode($data);
    eval( $cache );

    Often used by malicous scripts to decode previously encoded data, such as malicious URLs
    $content = base64_decode($resources[ $_GET['resource'] ]);

    Could be JavaScript code used to hide code inserted by a hacker.
    strpos($_SERVER['REQUEST_URI'], "eval(") ||

    Do I have a problem? Or this this normal?

  2. petercasier
    Member
    Posted 4 years ago #

    "base64_decode" has been used in the latest massive blog attacks on GoDaddy and other shared hosts, so it is normal the scan reveals possible misuse.
    (but the recent hacks had a different pattern than what you describe above, see this post )

    So is the code you quote devious? It depends in which files you found them. Check the file names, and see if they actually make part of a plug-in, or a standard installation. If they are, then you are ok. If not, there is trouble.

    P.

Topic Closed

This topic has been closed to new replies.

About this Topic