SEO Egghead by Jaimie Sirovich: A blog about SEO, written for nerds, by a nerd.

Choose a Topic:

» Suggest a topic or buzz to cover; if I write about it, you'll get credit with a link in the post!

Wed
31
Oct '07

WP HTML Taint Check

<?

/*
Plugin Name: HTMLTaintCheck
Plugin URI: http://www.seoegghead.com/
Description: Checks for suspicious links in posts. MAKE SURE TO REPLACE YOUR EMAIL ADDRESS IN THE CODE BELOW -- ALSO ONLY LEAVE THIS ON TO CHECK, THEN TURN IT BACK OFF!!!
Author: Jaimie Sirovich
Version: 0.1
Author URI: http://www.seoegghead.com/
*/ 

if (true) {
  
check_posts();
}

function check_posts()
{    

    global $wpdb$table_prefix;

    $items $wpdb->get_results("

        SELECT post_title, ID, post_name, post_content

        FROM {$table_prefix}posts

        WHERE TRUE
    ");    
    
    
$copy '';
    
    foreach (
$items as $i) {
        if (
preg_match('#adshelper|softicana#i'$i->post_content)) {
            
$copy .= $i->ID ' ' "IS SUSPICIOUS.\r\n";
        } else {
            
$copy .= $i->ID ' ' "OK.\r\n";
        }
    }
    
    
mail('YOUREMAIL@ADDRESS.com', 'test', $copy);    
}

?>

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Furl
  • Reddit
  E-Mail This Post/Page

2 Responses to “WP HTML Taint Check”

  1. SEO Egghead by Jaimie Sirovich » Latest WordPress 2.3.1 Apparently Vulnerable To Hackers Says:

    [...] writing a quick-and-dirty WordPress plugin to scan your blog for the signature of the HTML-tainting. Install it. It will email you with the [...]

  2. Peter’s Blog » Blog Archive » Wordpress Vulnerable (2.3.1 and below) Says:

    [...] has released the plugin as promised which can be viewed HERE. Unfortunately the plugin has not given any clues as to how the hack was achieved. The plugin [...]

Leave a Reply