‘Hacker’ issues WP Pull Request on GitHub for PHP Shell

At the beginning of September, a user by the name of  ‘maxymax’ forked WordPress, added a PHP Shell to the twentyten theme, and made a pull request to merge back in to the official release.

https://github.com/maxymax/WordPress/commit/2fa93590c7881fab043be7b8b51358894dbc1466

Suffice to say the inclusion of Saudi Shell v1.0 in TwentyTen may not have been the best idea, nevermind the total lack of obfuscation or concealment.

Since the original pull request no longer exists, I’ve taken the liberty of mirroring a copy of the last available Google cache here as an mht file, for all to view.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.