Top

Tag Archives | wordpress

WordPress Hidden Include

Today we found undetected malware, which keep it hidden and try loading again if it deleted. We generated Signatures to Detect these hidden includes: /index.php: {HEX}Malware.Expert.wordpress.hidden.include.0.UNOFFICIAL FOUND /wp-load.php: {HEX}Malware.Expert.wordpress.hidden.include.1.UNOFFICIAL FOUND /wp-includes/template.php: {HEX}Malware.Expert.malware.url.7od.info.0.UNOFFICIAL FOUND /wp-includes/Requests/IPconfig.ini: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND /wp-includes/js/utilities.js: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND WordPress index.php wp-load.php End of file: template.php IPconfig.ini Remove file utilities.js Remove file Final Words Use […]

Continue Reading

xo.php

This malware trying write another malware to server, it’s using old cherry-plugin import/export file upload vulnerability. Here source code to malware: Source of xo.php Details $uri is infected server address. $url is base64 encoded remote server address, where trying download more malware and put server to remote access: http://fastwealthformula.online/callback/shell Remote file Final Words Use Malware […]

Continue Reading

WordPress hidden cookie (wp_cookie)

We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions. wp_cookie This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code. Also, […]

Continue Reading

Attacks in Pagelines for WordPress themes

Last few days we have seen very much attacks this old Pagelines WordPress theme vulnerability. Sucuri discovered Pagelines vulnerability on January 2015. Technical Details Any website using vulnerable version of the platform theme (<1.4.4) is risk Privilege Escalation and Remote Code Execution. ModSecurity Audit log, Payload [27/May/2017:02:32:09 +0300] WSi6@VQikyQAAErqcawAAAAg 93.170.77.90 37930 127.0.0.1 80 –5367c063-B– POST […]

Continue Reading

WordPress backdoor cache.php

Today we found cache.php malware, which uses server old backdoor to get more malware to the server. The server is compromised before and it uses hidden file Silence is golden – Malware to POST Payload more data to the server. POST Payload – cache.php If we look better POST Payload, which trying upload cache.php, execute […]

Continue Reading

db.php

This malware try upload db.php to WordPress clickjacking vulnerability. Clickjacking is an attack that places an invisible iframe containing a webpage over top of another, visible webpage. The victim user is lured into clicking on the invisible iframe to perform an action when they think they are clicking on the webpage they can see. The […]

Continue Reading

SQL Injection Vulnerability in NextGEN Gallery for WordPress

A WordPress NextGEN Gallery plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website’s database. Technical Details Vulnerability can be exploited by attackers in at least two different scenarios: First scenario The first attack scenario can happen if a WordPress […]

Continue Reading

Wordfence Security Plugin

We found new intresting malware that infected WordPress and Wordfence Security plugin. This malware filename is random numeric with php extension. Unlink When it just executed from remote GET Request, it remove itself at first. So it’s difficult know what happened on server and what case infection to WordPress and Wordfence. wp-blog-header.php It modifying WordPress […]

Continue Reading

RCE Attempts Against the Latest WordPress API Vulnerability

We are see remote command execution (RCE) attempts trying to exploit the latest WordPress API Vulnerability. The attackers trying to exploit sites that have plugins like the Insert PHP, Exec-PHP and similar installed plugins. These plugins, allow users to insert PHP code directly into the posts as a way to make customizations easier. Coupled with […]

Continue Reading