Chinese PHP Backdoor on Wordpress : AK47

le 09/03/2015 11:38
Chinese PHP Backdoor on Wordpress : AK47

Wordpress security alert

Multiples vulnerabilities are used on wordpress to upload a PHP WebShell named AK47. This backdoor is uploaded in a file name wp-log.php in the root folder of Wordpress. The main language of this shell is Chinese. The pirate use it to inject some code from url "http://bewinshell.zrp.li/index.php?r=links&v=STDYd" in your pages, essentialy in the file footer.php from your theme.

Multiple database connectors

This backdoor has the ability to connect on :

- MySQL

- MsSQL

- PostgreSQL

- Oracle

How to detect it

Simply check on your wordpress site if there is a wp-log.php file on the root folder : http://mywpsite.something/wp-log.php . If yes, you should have a form with one input ( standard pass is "123x" ). If you get one, please send it at http://openbreach.com/submit/ with a maximum of information, then remove it from your wordpress site. You can get more informations on http://openbreach.com/index/OB-2015-0002

Pour partager l'information :
Twitter Facebook Google Plus Linkedin email