How do I use phpMyAdmin to look for SQL Injection?

We have a WordPress MYSQL database that appears to have
had a SQL injection. We’re attempting to clean the file and have
a few questions if anyone is up for this challange.

1) Are there any tools available that can scan a
backup of a MySQL table exported from phpMyAdmin
and clean out a SQL Injection?

2) Are there any tools available that can scan an online MySQL
database and clean out a SQL Injection?

3) Are there any tools that can detect any other problems
in regards to a WordPress installation that has been compromised?

We’re new to this cleanup process and any help at all in
locating any tools would be greatly appreciated.

Hi

We have just had our website taken down by our hosting company as they say that

This site was using large amounts of CPU on the production server, which upon investigation could be replicated by clicking links to any of the news items on the site. The search facility on the site was also using excessive amounts of CPU when used.

I cannot get access to any of the files online so I’ll have to look at the code of the theme offline to disable the search function. But I cannot get access to our MySQL database with phpmyadmin while the site is down.

Is there a problem with a problem with WordPress ? We are running the latest version and I know that there are a lot of SQL injectioni attacks going on at the moment.

Any pointers or help would be appreciated.

I’d like answers to all of the above if anyone has any ideas.

It’s starting to feel like the hackers have given up on Microsoft and started to focus on WordPress – and that’s likely to grow as more ecommerce plugins become available, so I think it’s a good time to start addressing stuff like this – perhaps a special “Security Codex”?

Gaz

I’d like answers to all of the above if anyone has any ideas.

//me looks for question marks.

If I can successfully rule out plugins and themes, I would like to scan and scrub my databases for injected code. What should I be looking for? In which tables?

anything that doesnt belong there. in all of them. taking shortcuts doesnt help.

Is there a list somewhere of plugins that are problematic?

depeends on how you define problematic. problematic isnt necessarily insecure, and something being insecure, doesnt mean its on a list anywhere.

if youre asking if there’s a place to look for publically known insecure plugins — sure, go do a search on milw0rm.com for wordpress

Im sure that’s not all-inclusive, but it’s a start.

ANYONE can write a wordpress plugin, even my dog can, and thats a double edged sword. ANYONE can, and nearly everyone has. That doesnt necessarily mean that the plugins are written well, or that the writer knows how to properly sanitize user input, variables, etc..

Is there a list somewhere of themes that are problematic?

No, and the same ‘user issues’ that exist with plugins exist with themes.

One thing that Ive seen is that some theme authors are still using php_self in the search code. Thats a no-no, generally speaking. Way way back when, the 2 themes that were included were revamped to no longer use that, and I dont know if there was an internal check put into the core to account for themes that continue to use that.

this is ‘problematic’:

<form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">

this is not:

<form id="searchform" method="get" action="<?php bloginfo('home'); ?>">

Are there any tools available that can scan a backup of a MySQL table exported from phpMyAdmin and clean out a SQL Injection?

A good set of eyes is your best and safest bet. It takes longer, but in the end, trusting software is not the solution.

Are there any tools that can detect any other problems
in regards to a WordPress installation that has been compromised?

what ‘other problems’ ?? I cant answer that, since i dont know what youre asking.

Is there a problem with a problem with WordPress ?

huh?

—

hows that gaz?