[wp-hackers] OT: Decoding injected scripts
beau at dentedreality.com.au
Thu Aug 6 02:00:10 UTC 2009
The ones I've seen have usually just been base64 encoded (sometimes a
Usually all it takes is a quick base64_decode() in PHP to see what's in there.
On Wed, Aug 5, 2009 at 6:55 PM, John Blackbourn<johnbillion+wp at gmail.com> wrote:
> In the last few days two of my clients' sites have been hacked or
> somehow otherwise compromised and both have resulted in encoded
> scripts being injected into pages on the sites.
> Both the attacks were different. One has resulted in some encoded
> The other resulted in some very strange PHP being injected into a PHP
> file which looks like it might be partially base encoded.
> Does anyone have tips on how I might go about decoding these scripts
> to see what they were attempting to do?
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers