[wp-hackers] wpau-backup being exploited?
Ozh
ozh at planetozh.com
Mon May 26 07:24:16 GMT 2008
>So...is it being exploited or not?
Worst case scenario:
the plugin has a vulnerability that makes spammers able to inject content
in the backup directory, ie uploading the file like:
> http://conexions.org/wordpress/wpau-backup/wordpress/wp-content/themes/classic/css/fence/fencing-tools.html
Best case scenario:
Malicious files were present before backup (ie there's another vuln
somewhere) but anyway the plugin allows for directory indexing of
potentially compromising stuff (don't know the plugin itself but I
wouldn't like anyone to be able to see the whole list of files under my
wordpress root)
So the answer is: yes, this is exploiting.
More information about the wp-hackers
mailing list