Forum Replies Created

Viewing 9 replies - 1 through 9 (of 9 total)
  • i’ve just been hacked on Godaddy’s servers in a ZenCart install with a WordPress install. it’s this iframe injection:

    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

    can someone tell me where to look to find the exploit, please?

    Thread Starter glennn

    (@glennn)

    i’m guessing maybe it’s ok that WP_Query($args) runs once for EACH post that’s returned? if there’re 100 results, will this be ok?

    thanks!!!

    Thread Starter glennn

    (@glennn)

    this semi worked:

    $query = "Select MLS_Number from idx WHERE City = 'ALAMO'";
    $result1 = Mysql_query($query) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
    while($row = mysql_fetch_array($result1, MYSQL_ASSOC))
    {
    $MLS_Number = $row['MLS_Number'];
    
    $query2 = "select post_id from wp_postmeta where meta_key = '_option_8' and meta_value = '$MLS_Number'";
    $result2 = Mysql_query($query2) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error()); 
    
    	while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
    	{
    	$Post_id = $row['post_id'];
    	$Uquery = "update wp_term_relationships set term_taxonomy_id = 10 where term_taxonomy_id = 11 and object_id = $Post_id";
    	$result = Mysql_query($Uquery) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
    	// echo  $MLS_Number." -- ";
    	// echo $Post_id." | ";
    	}
    
    echo $Post_id;
    $args=array(
      'post__in'=>array($Post_id),
      'post_type' => 'post',
      'post_status' => 'publish',
      'posts_per_page' => -1,
      'caller_get_posts'=> 1
    );
    $my_query = null;
    $my_query = new WP_Query($args);
    
    if( $my_query->have_posts() ) {
      while ($my_query->have_posts()) : $my_query->the_post(); ?>
        <p><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></p>
        <?php
      endwhile;
    }
    
    }

    but it printed “

    21
    Post Tile

    30
    Post Title “

    which tells me it’s running the query_posts for each $Post_ID, which is not good…?

    that would tell a real WP person what’s going on, tho…? :o)

    Thread Starter glennn

    (@glennn)

    ok, for sure, help.

    $query = "Select MLS_Number from idx WHERE City = 'ALAMO'";
    $result1 = Mysql_query($query) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
    while($row = mysql_fetch_array($result1, MYSQL_ASSOC))
    {
    $MLS_Number = $row['MLS_Number'];
    
    $query2 = "select post_id from wp_postmeta where meta_key = '_option_8' and meta_value = '$MLS_Number'";
    $result2 = Mysql_query($query2) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error()); 
    
    	while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
    	{
    	$Post_id = $row['post_id'];
    	$Uquery = "update wp_term_relationships set term_taxonomy_id = 10 where term_taxonomy_id = 11 and object_id = $Post_id";
    	$result = Mysql_query($Uquery) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
    	// echo  $MLS_Number." -- ";
    	// echo $Post_id." | ";
    
    echo $Post_id;
    
    	}
    }

    this does indeed return “2130”…

    your array only returns the last post entry, 30. 21 and 30 ARE both posts and published. nothing different about them.

    PLEASE HELP????

    Thread Starter glennn

    (@glennn)

    i take that back – the $MLS_Number returned 123456123456 (where a single mls # is 123456) – when i echod “$mls#” and then “$post_id” i got them both, as long as i stayed within either while() {…

    heck, i dunno.
    i’ll try yours – i played with the $args=array( for a bit, but couldn’t get what i wanted. i was just using ‘post__in’ => array($Post_ID) – and i was getting an error, unexpected double arrow or something…

    i’ll try this and let you know. thanks

    Thread Starter glennn

    (@glennn)

    oh – :o)
    thanks !!

    Thread Starter glennn

    (@glennn)

    thanks – not quite sure how incorporate the_category(); into

    $the_output .= '<div class="post-meta"><div class="row">';
    $the_output .=  apply_filters('the_content', $pbcresult->post_content);
    
    $the_output .=   '<em>'. the_category(); . '</em>';
    
    $the_output .= '</div></div>';

    don’t know where to place your query – within the $the_output .= ”; ?

    Thread Starter glennn

    (@glennn)

    that was the ticket, although i had to change if ($count==2) to ==0 to get it to land after one post for some reason…

    anyway, thanks

    Thread Starter glennn

    (@glennn)

    well, when i change the_content() to the_excerpt() in index.php, the_excerpt() works, so i’m wondering why the_content() is not getting any content…

Viewing 9 replies - 1 through 9 (of 9 total)