[wp-forums] Any comments?
Mika A Epstein
ipstenu at ipstenu.org
Thu Feb 21 19:08:52 UTC 2013
If a plugin allows for SQL injection, you don't need admin access to do
it :/
bc works wrote:
>
> I can't provide a specific example, but this brings up a related issue I'd
> very much like to understand better.
>
> We know some hacks store info in the DB, much as the pharma hack does, or
> the referenced OP's. What I'd like to know is how does the hacker exploit
> this info if all other PHP code is completely cleaned or restored, and all
> access credentials (FTP, cPanel, WP Admin, etc.) are changed to strong
> passwords?
>
> The only scenario I can imagine is some small bootstrap code that is
> easily
> overlooked is run to extract the DB info and enable reinitialization
> of the
> full hack. Without some such code or access credentials, I cannot see how
> storing info in the DB benefits the hacker. How is this info accessed?
> What
> am I missing in how these DB hacks work?
> -bc (Glenn)
> ----------------------------------------------------------
> esmi at quirm dot net wrote:
>
> tl;dr: Clueful OP has been hacked, carried out full cleanup, hack
> immediately re-appeared in root.htaccess and theme header.php. In-depth
> check of db revealed FTP details stored in a serialized array in the
> wp_options.
>
> Question: Other than a plugin, is there any known scenario that would
> result in FTP details being stored like this?
>
> Mel
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list