security breach on wp-load.php | WordPress.org

azizpoonawalla
(@azizpoonawalla)

17 years, 2 months ago

I want to bring this to the attention of the community – my wp-load.php was hacked, here is a full copy of the infected file at pastebin:

http://azizhp.pastebin.com/f61346174

as you can see from line 24 an html script snippet was inserted. This actually broke my site backend, as when i tried to access the dashboard I got “headers already sent errors”. As I had logged in just two days prior, this must have happenned quite recently.

It was easily fixed, i reuploaded a copy of the normal wp-load.php file from v2,7 and overwrote the file. I am overwriting all files in my installation just to be on eth safe side.

My install was not previously compromised so the hacker must have some mechanism to inject code. I am also reporting this to Dreamhost.

using wordpress 2.7, domain haibane.info

The topic ‘security breach on wp-load.php’ is closed to new replies.

Tags

In: Fixing WordPress
0 replies
1 participant
Last reply from: azizpoonawalla
Last activity: 17 years, 2 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics