[wp-testers] c99shell.php and uploading php files

Rafael Rivera Jr. rafael at extended64.com
Fri Nov 3 00:35:59 GMT 2006 

Are you letting the install.php script create wp-config.php? Last I 
checked, the installer creates this file with 666 perms...

Rafael

Rick Beckman wrote:
> My host (Dreamhost) said it was a problem with Wordpress or one of its
> plugins and left it at that.
>
> The only files the cracker accessed though were related to login, 
> dashboard,
> presentation, theme editor, and c99.php (a name variant of the
> c99shell.phpscript).
>
> I'm not upset with Wordpress--moreso my host for being less than
> helpful--and was only wondering if it was a possible vulnerability. If it
> was strictly password related, it's hard to imagine it happening twice
> without repeated accesses of the login file.
>
> Oh well,
> Rick :-)
>
> On 11/2/06, steve caturan <scaturan at negimaki.com> wrote:
>>
>> looks like a local security breach. :) so forward your findings to
>> your host. they need to work with you to resolve the issue.
>>
>> On 11/2/06, Rick Beckman <rick.beckman at gmail.com> wrote:
>> > Using 2.0.5, I have had my whole hosting account wiped out twice via a
>> user
>> > being able to upload a script (commonly called c99shell.php) which is
>> able
>> > to do a number of malicious things. From what I have seen online via a
>> few
>> > Google searches, users are able to upload via the File Upload in the
>> > Wordpress admin without logging in. However, I also noticed in my logs
>> that
>> > the user was toying around in the Wordpress theme editor, but I 
>> have no
>> idea
>> > what he was doing. And passwords were all changed between the site
>> > defacings.
>> >
>> > So, I'm just writing to confirm whether or not such a thing is 
>> possible
>> (i.e.,
>> > could WordPress be to blame?) and is there a way to forbid the 
>> uploading
>> of
>> > php files?
>> >
>> > --
>> > Rick Beckman
>> > _______________________________________________
>> > wp-testers mailing list
>> > wp-testers at lists.automattic.com
>> > http://lists.automattic.com/mailman/listinfo/wp-testers
>> >
>> _______________________________________________
>> wp-testers mailing list
>> wp-testers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers

More information about the wp-testers mailing list