[wp-hackers] Mysql.com cracked, possible bad PR for WordPress
Vid Luther
vid at zippykid.com
Wed Mar 30 13:21:40 UTC 2011
So, security lists are going to have a field day with this one, and I wanted to help this community get ahead of it.
First see http://seclists.org/fulldisclosure/2011/Mar/309?utm_source=twitterfeed&utm_medium=twitter
and
http://pastebin.com/raw.php?i=BayvYdcP (the end of this link may be NSFW, depending on where you work).
A knee jerk reaction I'm seeing in channels is that it's WordPress' fault, it's easy to blame, but it may be more a case of a known
exploit not being patched, I'm not aware of any SQL injection vulnerabilities in the past year though.
Here's wishing them all luck, and a reminder to all of you to update your installs, including PHP/apache etc :).
More information about the wp-hackers
mailing list