security breach on wp-load.php
I want to bring this to the attention of the community – my wp-load.php was hacked, here is a full copy of the infected file at pastebin:
as you can see from line 24 an html script snippet was inserted. This actually broke my site backend, as when i tried to access the dashboard I got “headers already sent errors”. As I had logged in just two days prior, this must have happenned quite recently.
It was easily fixed, i reuploaded a copy of the normal wp-load.php file from v2,7 and overwrote the file. I am overwriting all files in my installation just to be on eth safe side.
My install was not previously compromised so the hacker must have some mechanism to inject code. I am also reporting this to Dreamhost.
using wordpress 2.7, domain haibane.info
- The topic ‘security breach on wp-load.php’ is closed to new replies.