Support » Plugin: WordTwit Twitter Plugin » [Plugin: WordTwit] Suspicious Code base64_decode ( 'ZGVma

  • I have found suspicious looking code on line 351 inside the wordtwit/include/oauth-twitter.php as follows:

    eval( base64_decode( ‘ZGVmaW5lKCAnV09SRFRXSVRfT0FVVEhfQ09OU1VNRVJfU0VDUkVUJywgJ0cxWkVTQjVXUGpDVDE4dVhDeldxNVZxbHBtdDdKanNVYVN0ZG5Gd3dhdycgKTs=’ ) );

    To me, this looks suspicious. Please confirm that this is part of your original coding and why you chose to make it this way.

    Note: This is from a fresh download as of today from wordpress.org plugin page.

    http://wordpress.org/extend/plugins/wordtwit/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Duane Storey

    (@duanestorey)

    Yes, it’s by design. It represents the OAuth token secret. Ideally it’s kept secret, but since that’s not possible in a PHP plugin the best we can do is obfuscate it, which is what’s done there.

    Aaron Brazell

    (@technosailor)

    You should be aware that the obfuscation not only doesn’t solve the problem of it being a secret, but the way it is written causes problems in some setups. Break it into two lines… the base64_decode() returned to a string. The string then eval()’d.

    This works in our environment where the current way does not. I know it’s weird. But trust me…

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: WordTwit] Suspicious Code base64_decode ( 'ZGVma’ is closed to new replies.