[plugin: exploit scanner] base64_decode issue

  • remocompany

    (@remocompany)


    14 years, 1 month ago

    Hi all,

    Exploit scanner had detected a few suspicious (?) files in one of my plugins:

    wp-content/plugins/bpbplugin/lib/xorcrypt/xorcrypt.php:36
Used by malicious scripts to decode previously obscured data/programs	$enc_text = base64_decode($enc_text);
wp-content/plugins/bpbplugin/importbuddy.php:736
Used by malicious scripts to decode previously obscured data/programs	$this->_backupdata = unserialize( base64_decode( $backupdata ) );
wp-content/plugins/bpbplugin/importbuddy.php:1308
Often used to execute malicious code	.src,async:false,dataType:"script"})}else{o.globalEval(F.text||F.textContent||F.innerHTML||"")}if(F.pa
wp-content/plugins/bpbplugin/importbuddy.php:1310
Often used to execute malicious code	)}if(typeof I==="string"){if(H=="script"){o.globalEval(I)}if(H=="json"){I=l["eval"]("("+I+")")}}return
wp-content/plugins/bpbplugin/importbuddy.php:1873
Used by malicious scripts to decode previously obscured data/programs	echo gzuncompress(base64_decode(str_replace(' ', '', $image['code'])));
wp-content/plugins/bpbplugin/importbuddy.php:4653
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(
wp-content/plugins/bpbplugin/importbuddy.php:4807
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_ADD].'
wp-content/plugins/bpbplugin/importbuddy.php:5730
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
wp-content/plugins/bpbplugin/importbuddy.php:5977
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
wp-content/plugins/bpbplugin/importbuddy.php:6098
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
wp-content/plugins/bpbplugin/importbuddy.php:6166
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
wp-content/plugins/bpbplugin/importbuddy.php:6213
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
wp-content/plugins/bpbplugin/importbuddy.php:6284
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
wp-content/plugins/bpbplugin/importbuddy.php:7806
Used by malicious scripts to decode previously obscured data/programs	$enc_text = base64_decode($enc_text);

    Does it look like hackers code, or it should be safe?
    I’ve taken pretty much every security measure possible, but I get freaked out by the base64_decode line, and I’m not that technical to understand if it’s safe or not.

    Thanks for your help!

The topic ‘[plugin: exploit scanner] base64_decode issue’ is closed to new replies.