Chinese PHP Backdoor on Wordpress : AK47

le 09/03/2015 11:38
Chinese PHP Backdoor on Wordpress : AK47

Wordpress security alert

Multiples vulnerabilities are used on wordpress to upload a PHP WebShell named AK47. This backdoor is uploaded in a file name wp-log.php in the root folder of Wordpress. The main language of this shell is Chinese. The pirate use it to inject some code from url "" in your pages, essentialy in the file footer.php from your theme.

Multiple database connectors

This backdoor has the ability to connect on :



- PostgreSQL

- Oracle

How to detect it

Simply check on your wordpress site if there is a wp-log.php file on the root folder : http://mywpsite.something/wp-log.php . If yes, you should have a form with one input ( standard pass is "123x" ). If you get one, please send it at with a maximum of information, then remove it from your wordpress site. You can get more informations on

Pour partager l'information :
Twitter Facebook Google Plus Linkedin email