[wp-hackers] Evaluating impact from yesterday's Trojan'd plugins?
wordpress at zed1.com
Wed Jun 22 13:15:37 UTC 2011
On Wed, Jun 22, 2011 at 14:12, Patrick Laverty <patrick_laverty at brown.edu>wrote:
> On Wed, Jun 22, 2011 at 9:02 AM, Alexander Concha <alex at buayacorp.com
> > It allowed php code execution.
> Even if you have exec() and eval() disabled on your server?
Yes. It was cleverer than a simple exec or eval. But, as pointed out, did
not do anything at all on it's own.
At least, I can confirm that for the wptouch backdoor as that is the only
one I updated. I've assumed the others were the same/similar.
More information about the wp-hackers