WordPress.org

Ready to get started?Download WordPress

Forums

WordTwit Twitter Plugin
[Plugin: WordTwit] Suspicious Code base64_decode ( 'ZGVma (3 posts)

  1. wpsecuritylock
    Member
    Posted 3 years ago #

    I have found suspicious looking code on line 351 inside the wordtwit/include/oauth-twitter.php as follows:

    eval( base64_decode( 'ZGVmaW5lKCAnV09SRFRXSVRfT0FVVEhfQ09OU1VNRVJfU0VDUkVUJywgJ0cxWkVTQjVXUGpDVDE4dVhDeldxNVZxbHBtdDdKanNVYVN0ZG5Gd3dhdycgKTs=' ) );

    To me, this looks suspicious. Please confirm that this is part of your original coding and why you chose to make it this way.

    Note: This is from a fresh download as of today from wordpress.org plugin page.

    http://wordpress.org/extend/plugins/wordtwit/

  2. Duane Storey
    Member
    Plugin Author

    Posted 3 years ago #

    Yes, it's by design. It represents the OAuth token secret. Ideally it's kept secret, but since that's not possible in a PHP plugin the best we can do is obfuscate it, which is what's done there.

  3. Aaron Brazell
    Member
    Posted 3 years ago #

    You should be aware that the obfuscation not only doesn't solve the problem of it being a secret, but the way it is written causes problems in some setups. Break it into two lines... the base64_decode() returned to a string. The string then eval()'d.

    This works in our environment where the current way does not. I know it's weird. But trust me...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic