« HOW LONG UNTIL SOMEONE IS KILLED AT AN AFFILIATE SUMMIT !
THE CASE FOR DIVIDEND INVESTING IN RETIREMENT ! »

WORDPRESS 2.3.3 HIDDEN LINKS INJECTION EXPLOIT AND HOW TO NOT LET IT HAPPEN TO YOU!

A someone yesterday streaming the stylish edition of wordpress had whatever unseeable course injected in his blog. I undergo he is rattling theoretical and knows what he is doing so started making me a lowercase paranoid. I started wager for Wordpress 2.3.3 unseeable course shot and as you crapper wager there is a ton of grouping claiming to be streaming the stylish and large Wordpress edition ease effort unseeable course inserted in there posts. People are also inserting iframes. Its actually pretty trenchant if you conceive most it… How would you attending unseeable course in older posts?

First I poverty to feature I hit never seen whatever grounds of a firm 2.3.3 establish of Wordpress.

The supply most probable comes from either a preceding exploitable enter ease existing in your Wordpress establish directory or from someone who has already hijacked your admin cookie. You wager there were whatever evil exploits in early versions that allowed grouping to pirate your admin cake which authenticates you (keep me logged in).

So what to do…. substantially if you hit Wordpress 2.3.3 and you are effort owned regularly here is what you requirement to do.

1) Make a newborn firm establish of Wordpress and double over your staleness hit files… same themes, plugins (MAKE SURE THEY ARE UP TO DATE) , images, wp-config.php

2) modify your countersign correct away. In housing someone has a older hash of your password.

If you hit been mass the proper raise instructions (minus dynamical the admin pass) on the Wordpress you should hit been doing this the full time… ya I undergo I was not either.

If you are a nerd same me you strength poverty to ingest SVN which is caretaker dose and is a meliorate and easier artefact to ready up to fellow if you undergo how to ingest SVN. Here are the manual for that

Anyway section owlish discover of the incase most scheme servers are not feat to support you encounter discover the stem of the problem. Most of these are POST requests and unless you are specifically logging them of hit mod_security installed …. there is no index anywhere of whatever POST letter to your scheme computer another then digit happened.

Thanks to wordpress developer donncha ocaoimh for responsive my twirp ;)

Hope this helps anyone who is having there wordpress 2.3.3 effort owned.

If you like this post then please subscribe to the RSS feed. You can also subscribe by Email.

[Ask] [backflip] [blinklist] [Bloglines] [BlogMarks] [BUMPzee!] [co.mments.com] [Connotea] [del.icio.us] [DotNetKicks] [Digg] [diigo] [dropjack.com] [dzone] [Facebook] [Fark] [Faves] [Feed Me Links] [Friendsite] [Furl] [Google] [Hugg] [Jeqq] [Kaboodle] [linkaGoGo] [Mister Wong] [Mixx] [MySpace] [MyWeb] [Netvouz] [Newsvine] [PlugIM] [popcurrent] [Reddit] [Rojo] [Shoutwire] [Simpy] [sk*rt] [Slashdot] [Sphere] [Spurl.net] [Squidoo] [StumbleUpon] [Tailrank] [Technorati] [ThisNext] [Webride] [Windows Live] [Yahoo!] [Email] 
Powered by Bookmarkify™

 

This entry was posted on Monday, March 24th, 2008 at 7:47 pm and is filed under Internet and Computers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.