[wp-hackers] wpau-backup being exploited?
jorgepblank at gmail.com
Mon May 26 07:35:16 GMT 2008
I don't use it so it doesn't affect me, best to somehow tell its users
On Mon, May 26, 2008 at 12:24 AM, Ozh <ozh at planetozh.com> wrote:
> >So...is it being exploited or not?
> Worst case scenario:
> the plugin has a vulnerability that makes spammers able to inject content
> in the backup directory, ie uploading the file like:
> Best case scenario:
> Malicious files were present before backup (ie there's another vuln
> somewhere) but anyway the plugin allows for directory indexing of
> potentially compromising stuff (don't know the plugin itself but I
> wouldn't like anyone to be able to see the whole list of files under my
> wordpress root)
> So the answer is: yes, this is exploiting.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers