glennn

i’ve just been hacked on Godaddy’s servers in a ZenCart install with a WordPress install. it’s this iframe injection:

[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

can someone tell me where to look to find the exploit, please?

i’m guessing maybe it’s ok that WP_Query($args) runs once for EACH post that’s returned? if there’re 100 results, will this be ok?

thanks!!!

this semi worked:

$query = "Select MLS_Number from idx WHERE City = 'ALAMO'";
$result1 = Mysql_query($query) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
while($row = mysql_fetch_array($result1, MYSQL_ASSOC))
{
$MLS_Number = $row['MLS_Number'];

$query2 = "select post_id from wp_postmeta where meta_key = '_option_8' and meta_value = '$MLS_Number'";
$result2 = Mysql_query($query2) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error()); 

	while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
	{
	$Post_id = $row['post_id'];
	$Uquery = "update wp_term_relationships set term_taxonomy_id = 10 where term_taxonomy_id = 11 and object_id = $Post_id";
	$result = Mysql_query($Uquery) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
	// echo  $MLS_Number." -- ";
	// echo $Post_id." | ";
	}

echo $Post_id;
$args=array(
  'post__in'=>array($Post_id),
  'post_type' => 'post',
  'post_status' => 'publish',
  'posts_per_page' => -1,
  'caller_get_posts'=> 1
);
$my_query = null;
$my_query = new WP_Query($args);

if( $my_query->have_posts() ) {
  while ($my_query->have_posts()) : $my_query->the_post(); ?>
    <p><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></p>
    <?php
  endwhile;
}

}

but it printed “

21
Post Tile

30
Post Title “

which tells me it’s running the query_posts for each $Post_ID, which is not good…?

that would tell a real WP person what’s going on, tho…? :o)

ok, for sure, help.

$query = "Select MLS_Number from idx WHERE City = 'ALAMO'";
$result1 = Mysql_query($query) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
while($row = mysql_fetch_array($result1, MYSQL_ASSOC))
{
$MLS_Number = $row['MLS_Number'];

$query2 = "select post_id from wp_postmeta where meta_key = '_option_8' and meta_value = '$MLS_Number'";
$result2 = Mysql_query($query2) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error()); 

	while($row = mysql_fetch_array($result2, MYSQL_ASSOC))
	{
	$Post_id = $row['post_id'];
	$Uquery = "update wp_term_relationships set term_taxonomy_id = 10 where term_taxonomy_id = 11 and object_id = $Post_id";
	$result = Mysql_query($Uquery) or die("<font color=\"#FF0000\">Query Error</font>" . mysql_error());
	// echo  $MLS_Number." -- ";
	// echo $Post_id." | ";

echo $Post_id;

	}
}

this does indeed return “2130”…

your array only returns the last post entry, 30. 21 and 30 ARE both posts and published. nothing different about them.

PLEASE HELP????

i take that back – the $MLS_Number returned 123456123456 (where a single mls # is 123456) – when i echod “$mls#” and then “$post_id” i got them both, as long as i stayed within either while() {…

heck, i dunno.
i’ll try yours – i played with the $args=array( for a bit, but couldn’t get what i wanted. i was just using ‘post__in’ => array($Post_ID) – and i was getting an error, unexpected double arrow or something…

i’ll try this and let you know. thanks

oh – :o)
thanks !!

thanks – not quite sure how incorporate the_category(); into

$the_output .= '<div class="post-meta"><div class="row">';
$the_output .=  apply_filters('the_content', $pbcresult->post_content);

$the_output .=   '<em>'. the_category(); . '</em>';

$the_output .= '</div></div>';

don’t know where to place your query – within the $the_output .= ”; ?

that was the ticket, although i had to change if ($count==2) to ==0 to get it to land after one post for some reason…

anyway, thanks

well, when i change the_content() to the_excerpt() in index.php, the_excerpt() works, so i’m wondering why the_content() is not getting any content…