[wp-hackers] Security Vulnerability found - Forum Post
John Sinteur
john at sinteur.com
Wed Apr 13 18:31:46 GMT 2005
On Apr 13, 2005, at 20:17, denis at semiologic.com wrote:
>> John Sinteur wrote:
>> (...) I don't think this comes close to anything critical.
>
> Er... Were I a hacker taking advantage of said exploit, I would
> definitly not
> deface the blog. Rather, I would:
>
You mis-cut the comment, attributing that quote to me when it wasn't
mine. Anyway, you're assuming way too much malice in the attacker.
ready-made cookie-stealing scripts are available from other exploits,
so putting a simple exploit script together for wordpress isn't that
difficult. Getting the exploit script to automatically search for
wordpress blogs with these options set is just cut and paste from other
existing exploits as well - I assume lots of us remember the attacks
from the phpscripting host scam site, it's the reason I block all
"lwp-agent " user-agent strings from my weblog.
It's terribly tempting for a script-kiddie to do the copy/paste, launch
the resulting script and sit back and watch cnet report "thousands of
weblogs defaced"
I do agree with Matt that a simple limited html-disable for certain
user levels is more than enough to plug this hole.
-John
More information about the wp-hackers
mailing list