Wordpress Twenty Eleven searchform.php vulnerability -
my wordpress 20 11 searchform.php got hacked , created evil eval(base64_decode("hi have hacked site. haha")) found out nginx access log, found script executing via http protocol, set exit @ first line stopped script generating mass spam mails server.
my question how can happen initially? did hacker posted post or variables via form in searchform.php knowing @ stage executed eval() function included fopen , fwrite part of string?
if so, eval() located , how processed?
my searchform.php got rewritten
any ideas guys?
the lastly , updated version of theme twentytwelve : http://wordpress.org/extend/themes/twentytwelve
about vulnerability of website, authorizations of folders or have set in 777?
check link : http://www.orangecopper.com/blog/recommended-file-and-folder-permissions-for-your-wordpress-blog-installation/
php wordpress eval
No comments:
Post a Comment