9 hours ago
In 2020, a critical bug was discovered in the widely-used WordPress tool Search-Replace-DB (SRDB) — specifically in version 3.x — by GOD OF SERVER. This tool, developed by Interconnect IT, is designed to help developers perform safe, serialized string replacement in WordPress databases.
But when left exposed (as many do), it becomes a high-risk backdoor capable of full site manipulation — including replacing admin email addresses, WordPress titles, and even username credentials.
Affected Paths
But when left exposed (as many do), it becomes a high-risk backdoor capable of full site manipulation — including replacing admin email addresses, WordPress titles, and even username credentials.
Affected Paths
- Code:
/Search-Replace-DB-master/ - Code:
/SRDB/ - Code:
/srdb/ - (commonly renamed for obfuscation)Code:
/search/
Impact & ExploitIf publicly accessible, SRDB can be used to:
- Change the WordPress site title (
)Code:wp_options -> blogname
- Replace admin email addresses (
)Code:wp_options -> admin_email
- No authentication is needed if the script is unprotected — which many deployments are.
- Modify user credentials, including
andCode:user_login
(Code:user_email
)Code:wp_users
- Break or hijack plugin settings
- Inject phishing or spam payloads into serialized arrays
Â
Exploit Example (Manual)Target:
Replace Admin EmailCode:https://target.com/SRDB/
- Find table: Code:
wp_options - Replace:
- Search for:
Code:admin@target.com - Replace with:
Code:yourmail@exploit.com
- Search for:
- Replace Username
- Table: Code:
wp_users - Search:
Code:admin - Replace:
Code:hacked - Â
- Click Live Run, then Submit