WordPress mysql injection permalink, wp 2.8 versions security vulnerability

Tagged with: hack

WordPress MySQL Injection – Permalink hack %&({${eval(base64_decode($_SERVER[HTTTP_REFFER]

Just want to write up a quick post on the latest WordPress MySQL Injection that has seemed to attack many of the WordPress blogs – including several of my own.And sorry for the delay coz i just logged in now to my admin panel and was surprised to see my permanantlink structure is injeceted with some extra redirector script.Weired and now its rectified.But i have to find a permanant fix for this issue.

I saw my URL like this:

Put your mouse cursor over a permalink (or over a post title) and see if it has the following string appearing in the URL:

%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%

If you have this weired URI then you have been hacked!

How to Fix:

Login to your WordPress dashboard and go to Settings -> Permalinks

Change your permalink structure to what you had before.

Then you want to remove a hidden admin user to your blog. You will most likely not be able to see who this is if you go to Users tab:

You will be amazed to see that another user is also having the admin previlages.So just delete that user entry.

Now as a preventive mechanism i have taken away the registration system from the website for the time being.

Seviere website Monitoring is going on now.

Here is the video tutorial to explain you in practical how this is happening

Solution for nasty url (MySQL Injection) in Wp 2.8.*:

Use phpMyAdmin to browse WordPress MySQL database tables. Go to wp_options table,

empty the row named _transient_rewrite_rules
edit the row named permalink_structure –>

So always keep an eye on your WordPress 2.8.* coz it has a possiblity that at any time this version of wordpress can be hacked.I will be checking for a permanant solution soon and will update you the same.Dont worry we will find a solution.