There is NO virus in this plugin.
Please don’t make such claims without providing any evidence.
I have the log of my server where u can find the attack. Im just warning other people to check this files before they upload the plugin to their servers
Again, could you please back up your claims?
Here are the files:
http://plugins.trac.wordpress.org/browser/tabbed-widgets/tags/1.3.1
Can you please explain in which file, which line the “virus” is?
Im very sorry, you are right. I dont have to directly accuse the plugin as a virus but it maybe have one or any vulnerability. This is a single entry on my security log:
[unique_id “XXXXXXXXXXXXXXXXXxx”]
[Sat Jan 29 19:24:50 2011] [error] [client XXXXXXXXX]
ModSecurity: Access denied with code 406 (phase 2). Pattern match
“\\b(\\d+) ?= ?\\1\\b|[\\'”](\\w+)[\\'”] ?= ?[\\'”]\\2\\b” at
REQUEST_HEADERS:Cookie. [file
“XXXXXXXXXXXXXX”] [line “86”] [id “XXXXX”]
[msg “SQL Injection Attack”] [data “1=1”] [severity “CRITICAL”] [tag
“WEB_ATTACK/SQL_INJECTION”] [hostname “XXXXXXXXXXXX”] [uri
“/wp-content/plugins/tabbed-widgets/css/tabbed-widgets.css”]
It happens with this file aswell: /wp-content/plugins/tabbed-widgets/js/jquery-cookie.min.js
I dont know if that helps.
The reason why you have this error is because someone (probably a bot) added “\\b(\\d+) ?= ?\\1\\b|[\\'”](\\w+)[\\'”] ?= ?[\\'”]\\2\\b” to the HTTP request when requesting tabbed-widgets.css and the mod_security thinks the server is being attacked.
This has nothing to do with Tabbed Widgets.
Many people have had such errors because of mis-configured mod_security apache module: http://www.webhostingtalk.com/showthread.php?t=945768
Thanx for the answer. So do you think this is a false positive?
Definitely, a false positive!
