[wp-trac] [WordPress Trac] #16447: JS in new admin user when updating through SVN
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 3 03:13:12 UTC 2011
#16447: JS in new admin user when updating through SVN
---------------------------------------+----------------------
Reporter: webtechman | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: javascript, script, admin |
---------------------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
That user would've been on the site before you upgraded, There's a good
chance that obfuscated JS there was previously hiding it from your view,
Knowing from what version you upgraded from helps.
For a quick checkpoint on where to go from here:
http://codex.wordpress.org/FAQ_My_site_was_hacked
The next thing will be to check your database, Look at the date of the
users registration, in the users table, check the 'user_registered' field,
it'll let you know when your install was compromised (Assuming you didn't
delete the user).
Finally, As long as this user wasn't registered -after- you upgraded to
3.0.4, it's likely that this was a hole in an older version of WordPress
which has since been patched up.
For future reference, To report security issues, check out:
http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues To
get support to clean up your install, check out the support forums:
http://wordpress.org/support/ and finally, you might find the "Exploit
Scanner" plugin a worthwhile tool to run over to check for any other signs
of infection:
http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues
Closing as invalid purely due to the fact that this would've happened
prior to the 3.0.4 upgrade (Please email `security at wordpress.org` if
you have a reason to believe it's a current threat, along with as much
detail of the previous version of WordPress in use, the user registered
details, any server logs which relate to it, and anything else you can
gather).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16447#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list