hxxp://enerjietudu[.]com/
Interesting if you browse to the homepage you get returned the wp-config.php file
Full contents here
And like every good wp-config.php file it contains information such as
define('DB_NAME', 'enerjik3460');
define('DB_USER', 'enerjik34');
define('DB_PASSWORD', 'energy34');
define('DB_HOST', '94.73.144.196');
And all the encryption deets
define('AUTH_KEY', ...
define('SECURE_AUTH_KEY',
define('LOGGED_IN_KEY',
define('NONCE_KEY',
define('AUTH_SALT',
define('SECURE_AUTH_SALT',
define('LOGGED_IN_SALT',
define('NONCE_SALT', ...
All the comments are in Turkish per google translate.
The bottom has an error showing the full path we are sitting in
Fatal error: Call to undefined function wp() in /home/enerjietudu.com/httpdocs/wp-blog-header.php on line 22
I notice that no matter which page I go to (wp-admin/admin.php, etc.) the wp-config.php contents show and an error is thrown.
If I had to guess I think somebody hacked this wordpress site by finding a vulnerability in the wordpress blog header, they found some vulnerability that outputs the content of a file, and so of course they chose the wp-config.php file, and now it's being displayed in the header of every page you navigate to. Then they used that output to login and take control of the database and then were able to use the database to write files to the www root folder and use it in phishing campaigns.
I don't claim to know everything, I'm just guessing. Anybody want to explain what really happened? Thanks!
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment