[Systems] File alteration in sunjammer

Bernie Innocenti bernie at codewiz.org
Thu Jul 16 23:48:54 EDT 2015

Previous message: [Systems] File alteration in sunjammer (was: Re: Somosazucar.org blog victim to SQL injection?)
Next message: [Systems] File alteration in sunjammer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16/07/15 20:18, Sebastian Silva wrote:
> Hello all,
>
> So finally I spent some time trying to fix this.
>
> There was nothing wrong with the database, but the file
> wp-includes/functions.php was corrupted. There was a part of itself
> appended to the end of the file.
>
> I doubt anyone else wrote to it, nor had I even ever opened this file.
> I suspect maybe there was filesystem corruption? I don't know how this
> might have come to pass.
>
> Anyone have a theory?

Was the file writable by apache? If it was, then it was a failed attempt 
at an exploit. Wordpress has many known vulnerabilities that let 
attackers inject php code.

-- 
  _ // Bernie Innocenti
  \X/  http://codewiz.org

Previous message: [Systems] File alteration in sunjammer (was: Re: Somosazucar.org blog victim to SQL injection?)
Next message: [Systems] File alteration in sunjammer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list