Created
May 1, 2012 14:27
-
-
Save karolk/2568309 to your computer and use it in GitHub Desktop.
tokens to grep for in wordpress code to check if it was hacked into
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eval( | |
| auth_pass | |
| _0x4 | |
| WordPress\.Org | |
| 5db4c956bb56f6f050412fecd239344f | |
| hgerwhu45 | |
| maridora | |
| strrev | |
| base64_decode | |
| decrypt | |
| <iframe | |
| %3C%73%63 | |
| republikainfo | |
| 3C696672616D65207372633D22687474703A2F2F6C657A68756E7465722E636F6D2F73742F6373732F7A2F7374617469632E70687022206865696768743D223222207374796C653D22646973706C61793A6E6F6E65222077696474683D2232223E3C2F696672616D653E | |
| rss_f541b3abd05e7962fcab37737f40fad8 | |
| (lave |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
strrev, base64_decode and eval are often used in combination to unpack cryptic looking blocks of letters and digits into php or javascript code. After finding occurrences of those tokens in the code you have to evaluate what they are trying to do. In the wordpress codebase there are many places using those functions in a legitimate way, so it takes some judgement. Other tokens are various strings found in wordpress codebase infected with various exploits.