[Plugin: WordPress Exploit Scanner] Evals and Base 64’s | WordPress.org

steve-d
(@steve-d)

13 years, 12 months ago

Excuse me for being ignorant. But I’m learning. What is this stuff?

Could be JavaScript code used to hide code inserted by a hacker.
input = eval(‘(‘ + input + ‘)’);

I have six of the above input = eval(‘(‘ + input + ‘)’); in php’s of some plugins. And one each in plugin php’s below.

Often used by malicous scripts to decode previously encoded data, such as malicious URLs
$data = base64_decode($data);
eval( $cache );

Often used by malicous scripts to decode previously encoded data, such as malicious URLs
$content = base64_decode($resources[ $_GET[‘resource’] ]);

Could be JavaScript code used to hide code inserted by a hacker.
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||

Do I have a problem? Or this this normal?

Viewing 1 replies (of 1 total)

petercasier
(@petercasier)

13 years, 11 months ago

“base64_decode” has been used in the latest massive blog attacks on GoDaddy and other shared hosts, so it is normal the scan reveals possible misuse.
(but the recent hacks had a different pattern than what you describe above, see this post )

So is the code you quote devious? It depends in which files you found them. Check the file names, and see if they actually make part of a plug-in, or a standard installation. If they are, then you are ok. If not, there is trouble.

P.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: WordPress Exploit Scanner] Evals and Base 64’s’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: petercasier
Last activity: 13 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics