[wp-hackers] Help with intrusion issues in forums
Peter Westwood
peter.westwood at ftwr.co.uk
Wed Nov 26 16:14:37 GMT 2008
Michael E. Hancock wrote:
> Anyone care to look at some 'intrusion' issues that have come up in
> the Forums:
> http://wordpress.org/support/topic/220496
> http://wordpress.org/support/topic/220447
>
Firstly a number have people have suggested that the following change in
2.6.5 could be what is being exploited to hack blogs here:
http://trac.wordpress.org/ticket/8291
The code affected by this change is already protected by a nonce and so
it was not possible to craft a simple XSS attack to exploit this issue.
Secondly, The symptoms of the issue here suggest a server level hack has
taken place and the hacker has run a script to change the content of
lots of files on a shared server.
It doesn't look to me like a WordPress security issue
westi
--
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers
mailing list