NYCPHP Meetup

NYPHP.org

[nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack

Rob Marscher rmarscher at beaffinitive.com
Fri Feb 24 14:09:00 EST 2012


On Feb 24, 2012, at 1:07 PM, David Mintz wrote:
> Unfortunately I do not know how this happened; don't know if there is a huge vulnerability in one of the apps up there that was exploited, or if it was an inside job, or what.

Our company wordpress blog was compromised a few months ago due to a vulnerability in the "timthumb.php" image resizing script in one of the themes.  http://www.terranetwork.net/blog/2011/08/new-vulnerability-in-many-wordpress-themes/

The hackers uploaded a couple files that trick the server by starting with a gif signature but then have php code in them.  Those files than open a backdoor that allows for additional scripts to be uploaded that essentially give shell access to the compromised machine.  In our case, the rest of the machine was locked down enough that no harm was done.

Anyway, that might be something to look for.  Good luck.
-Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120224/a119f07b/attachment.html>


More information about the talk mailing list