[wp-hackers] Evaluating impact from yesterday's Trojan'd plugins?

Patrick Laverty patrick_laverty at brown.edu
Wed Jun 22 13:12:00 UTC 2011


On Wed, Jun 22, 2011 at 9:02 AM, Alexander Concha <alex at buayacorp.com>wrote:

> On Wed, Jun 22, 2011 at 2:59 PM, Doug Stewart <zamoose at gmail.com> wrote:
> > Howdy all,
> > I was one of the users that blindly updated one of the affected
> > plugins (WPtouch). I quickly updated to the recommended clean version
> > as soon as I heard about the exploit, but the descriptions of the
> > attack thus far have been free of details. I'd like to know more about
> > what, if any, of my site's data was compromised and how best to keep
> > watch over my sites in case any follow-on exploits are attempted.
> >
> > Was it simply insertion of spam links in body content, or did it call
> > home? Did it send in-flight passwords, or DB contents, or file
> > locations, or did it traverse my filesystem to check for other
> > potentially-vulnerable software?
>
> It allowed php code execution.


Even if you have exec() and eval() disabled on your server?


More information about the wp-hackers mailing list