[wp-testers] c99shell.php and uploading php files

Rick Beckman rick.beckman at gmail.com
Fri Nov 3 00:46:29 GMT 2006 

No, the wp-config.php file was always created prior to installation by
renaming wp-config-sample.php (or whatever it is), editing the variables,
and uploading.

--
Rick

On 11/2/06, Rafael Rivera Jr. <rafael at extended64.com> wrote:
>
> Are you letting the install.php script create wp-config.php? Last I
> checked, the installer creates this file with 666 perms...
>
> Rafael
>
> Rick Beckman wrote:
> > My host (Dreamhost) said it was a problem with Wordpress or one of its
> > plugins and left it at that.
> >
> > The only files the cracker accessed though were related to login,
> > dashboard,
> > presentation, theme editor, and c99.php (a name variant of the
> > c99shell.phpscript).
> >
> > I'm not upset with Wordpress--moreso my host for being less than
> > helpful--and was only wondering if it was a possible vulnerability. If
> it
> > was strictly password related, it's hard to imagine it happening twice
> > without repeated accesses of the login file.
> >
> > Oh well,
> > Rick :-)
> >
> > On 11/2/06, steve caturan <scaturan at negimaki.com> wrote:
> >>
> >> looks like a local security breach. :) so forward your findings to
> >> your host. they need to work with you to resolve the issue.
> >>
> >> On 11/2/06, Rick Beckman <rick.beckman at gmail.com> wrote:
> >> > Using 2.0.5, I have had my whole hosting account wiped out twice via
> a
> >> user
> >> > being able to upload a script (commonly called c99shell.php) which is
> >> able
> >> > to do a number of malicious things. From what I have seen online via
> a
> >> few
> >> > Google searches, users are able to upload via the File Upload in the
> >> > Wordpress admin without logging in. However, I also noticed in my
> logs
> >> that
> >> > the user was toying around in the Wordpress theme editor, but I
> >> have no
> >> idea
> >> > what he was doing. And passwords were all changed between the site
> >> > defacings.
> >> >
> >> > So, I'm just writing to confirm whether or not such a thing is
> >> possible
> >> (i.e.,
> >> > could WordPress be to blame?) and is there a way to forbid the
> >> uploading
> >> of
> >> > php files?
> >> >
> >> > --
> >> > Rick Beckman
> >> > _______________________________________________
> >> > wp-testers mailing list
> >> > wp-testers at lists.automattic.com
> >> > http://lists.automattic.com/mailman/listinfo/wp-testers
> >> >
> >> _______________________________________________
> >> wp-testers mailing list
> >> wp-testers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-testers
> >>
> > _______________________________________________
> > wp-testers mailing list
> > wp-testers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-testers
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>

More information about the wp-testers mailing list