[wp-trac] [WordPress Trac] #7955: Prototype.js needs an update.
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 24 00:24:14 GMT 2008
#7955: Prototype.js needs an update.
--------------------------------+-------------------------------------------
Reporter: SupersonicSquirrel | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Administration | Version: 2.6.1
Severity: major | Keywords: prototype.js javascript
--------------------------------+-------------------------------------------
(I hope I'm doing this right, as it's clearly not a forum topic, but a
serious issue.)
I have experienced hacking of my prototype.js file on a high-traffic
website a couple of times within the recent week and each time malicious
code would be added to it in order to open an inline frame leading to a
website that was automatically downloading Trojans to a visitor's
computer.
Of course, I always update my installation of WordPress within 1-2 hours
from when an update is available (and I obviously use 2.6.3 and not
2.6.1...), the only writeable files on my server are the sitemaps; I know
how to protect my files and folders; so I assume this is an issue that
could repeat on someone else's website as well.
From what I can see, the file on http://www.prototypejs.org/download is
different from the file included with WordPress. I wonder if updating the
file included in wp-includes/js/ would change anything.
I'm sorry if I wasted anyone's time here. When I report a vulnerability at
the forum, I get response from newbies telling me stupid things.
--
Ticket URL: <http://trac.wordpress.org/ticket/7955>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list