BlogWP HTML Taint Check
Oct 31
2

WP HTML Taint Check

Posted by Jaimie Sirovich on Oct. 31st, 2007. 2 comments — voice your opinion.

BECOME AN EGGHEAD. SUBSCRIBE TO OUR RSS FEED OR FOLLOW US ON TWITTER!

Learn to be as nerdy as we are by never missing our latest blog entries. Receive great tips, tricks, and ideas on improving your web site every day! Subscribe via our RSS Feed, follow us, or use the chicklets in the sidebar for more options. 		X

<?

/*
Plugin Name: HTMLTaintCheck
Plugin URI: http://www.seoegghead.com/
Description: Checks for suspicious links in posts. MAKE SURE TO REPLACE YOUR
EMAIL ADDRESS IN THE CODE BELOW — ALSO ONLY LEAVE THIS ON TO CHECK, THEN TURN IT BACK OFF!!!
Author: Jaimie Sirovich
Version: 0.1
Author URI: http://www.seoegghead.com/
*/ 

if (true) {
  check_posts();
}

function check_posts()
{    

    global $wpdb$table_prefix;

    $items $wpdb->get_results("

        SELECT post_title, ID, post_name, post_content

        FROM {$table_prefix}posts

        WHERE TRUE
    ");    
    
    $copy ";
    
    foreach ($items as $i) {
        if (preg_match('#adshelper|softicana#i'$i->post_content)) {
            $copy .= $i->ID ' ' "IS SUSPICIOUS.\r\n";
        } else {
            $copy .= $i->ID ' ' "OK.\r\n";
        }
    }
    
    mail('YOUREMAIL@ADDRESS.com', 'test', $copy);    
}

?>

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook



Related posts:
Code for HTML Auditing <? // +———————————————————————-+ // | HTMLParser                                                           | // | Simple HTML Parsing Library                                          | // | Based on Jose Solorzano's Library; his notice is below.              | // +———————————————————————-+ // | Portions Copyright (c) 2004-2005 Jaimie Sirovich                     | // +———————————————————————-+ // | This program is free software; you can redistribute it and/or        |...
Stop SEO Death By Pagination This post is now (mostly) obsolete and replaced by WordPress...
XSS & HTML Injection are Frighteningly Trivial to Find at Harvard.edu This recent article mentions that XSS and HTML injection are...
Find HTML Injection Vulnerabilities with Google Code Search I guess I think like a hacker, because I thought...
Auditing for HTML Tainting Note: the code for the auditing script is located here....



"2 Wise Comments Banged Out Somewhere On The Internet ..."


SEO Egghead by Jaimie Sirovich » Latest WordPress 2.3.1 Apparently Vulnerable To Hackers

[...] writing a quick-and-dirty WordPress plugin to scan your blog for the signature of the HTML-tainting. Install it. It will email you with the [...]

Peter’s Blog » Blog Archive » Wordpress Vulnerable (2.3.1 and below)

[...] has released the plugin as promised which can be viewed HERE. Unfortunately the plugin has not given any clues as to how the hack was achieved. The plugin [...]



Care To Bang On The Keys ... ?

BECOME AN EGGHEAD. SUBSCRIBE TO OUR RSS FEED!

Learn to be as nerdy as we are by never missing our latest blog entries. Receive great tips, tricks, and ideas on improving your web site every day! Subscribe via our RSS Feed or use the chicklets in the sidebar.