Administrator access to a WordPress site is gained by exploiting a vulnerability or simply logging in via leaked credentials.
SEO poisoning is used to push the malicious or fake website to the top in search results.
WordPress is a well-known open-source content management system (CMS) used for creating websites and personal blogs. Given the wide usage of the platform which is used by 35% of all websites, it makes an ideal target for threat actors.
A weak point in the platform is all it takes to allow an attacker to break a website’s security and take control over it. Here’s a look at some critical points that can lead to attacks on WordPress sites.
Attacking WordPress sites via hacked admin access
This attack method is initiated after attackers gain administrator access to a WordPress-powered site. Access to the site is gained by exploiting a vulnerability or simply logging in via leaked credentials.
After the website is compromised, the attackers can install a customized backdoor or a malicious plugin to upload other payloads.
The deployment is done by using GET or POST requests when the payload is encoded inside COOKIES or POST data.
Deploying Alfa-Shell on infected websites
Alfa-Shell is an advanced web shell deployed on infected WordPress sites. It is capable of getting database credentials from the WordPress configuration file, dumping the database and getting all virtual domains and DNS settings.
Usually, a web shell provides a user-friendly interface for RCE on WordPress-powered sites. In this case, Alfa-Shell can download and execute a reverse shell from the developer website. In this way, an infected WordPress can serve an advertisement redirector for unsuspecting victims.
SEO poisoning
Also referred to as B ..
Support the originator by clicking the read the rest link below.
