[wp-trac] Re: [WordPress Trac] #4627: Link manager exploit?
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 15 21:35:20 GMT 2007
#4627: Link manager exploit?
----------------------+-----------------------------------------------------
Reporter: cbdilger | Owner: pishmishy
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 2.2
Severity: normal | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Changes (by auxesis):
* status: closed => reopened
* resolution: invalid =>
Comment:
I'm able to reproduce this. I'm getting an avalanche of blogroll link spam
every night. The links appear to be pointing to other compromised wp
instances.
I set up an alert so i'd get notified when my blog was compromised. The
exact time was 2007/10/15T04:16-1000. The apache log fragment is as
follows:
{{{
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:06:19 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 500 1383
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:06:21 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 302 -
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:16:10 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 500 1383
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:16:14 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 302 -
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:18:24 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 500 1375
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:18:26 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 302 -
holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:26:59 -1000] "POST
/~lindsay/wp
-admin/link.php HTTP/1.0" 500 1379
}}}
I'm running a newly upgraded 2.3.
--
Ticket URL: <http://trac.wordpress.org/ticket/4627#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list