[Systems] Somosazucar.org blog victim to SQL injection?

Sebastian Silva sebastian at fuentelibre.org
Sat Jul 4 00:58:29 EDT 2015

Previous message: [Systems] [Sugar-devel] [Announcing] an extra UNSTABLE 0.105.3 release (code-frozen)
Next message: [Systems] Somosazucar.org blog victim to SQL injection?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
I noticed our blog today is prepending a string to every page:

siteid ) ) )

	return update_site_option( $key, $value );

	

	$value = sanitize_option( $key, $value );

	wp_cache_set( $cache_key, $value, 'site-options');

	

	$value = maybe_serialize($value);

	

	$wpdb-


I looked around and it looks like it's coming from wp-includes/functions.php

Anybody found something like this before?
The code looks like it's there to add stuff to the template, i'm
guessing it's found something injected into the SQL database?

Thanks for any hints

-- 
I+D SomosAzucar.Org
"icarito" #somosazucar en Freenode IRC
"Nadie libera a nadie, nadie se libera solo. Los seres humanos se liberan en comunión" - P. Freire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20150703/e11d6576/attachment.html>

Previous message: [Systems] [Sugar-devel] [Announcing] an extra UNSTABLE 0.105.3 release (code-frozen)
Next message: [Systems] Somosazucar.org blog victim to SQL injection?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list