Thread Starter
zogar
(@zogar)
I’m having problems with the hacking of my list of pagination.
The normal link would be /page/56/
But is: /page/56/?x=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
I triet to replace a pugglin of pagination wp-pagenavi to pagenumber and the problem is still there.
The problem apparently only happens when WP-cache is being active and the only solution that I found is clear my caché. After a few hours, I have the problem again with the links being infected.
It looks like someone was trying to brute force a remote file inclusion trick on your pagination. /etc/passwd is your unix password file. It’s encrypted, but the passwords can be cracked if they are common enough.
http://en.wikipedia.org/wiki/Remote_File_Inclusion
However, it wouldn’t make sense for WordPress to directly feed this variable into the command line, so I don’t think the culprits were successful. If anything, the thing you should watch out for there is SQL injection.
http://en.wikipedia.org/wiki/SQL_injection