[wp-trac] Re: [WordPress Trac] #4627: Link manager exploit?

WordPress Trac wp-trac at lists.automattic.com
Mon Oct 15 21:35:20 GMT 2007


#4627: Link manager exploit?
----------------------+-----------------------------------------------------
 Reporter:  cbdilger  |        Owner:  pishmishy
     Type:  defect    |       Status:  reopened 
 Priority:  normal    |    Milestone:           
Component:  Security  |      Version:  2.2      
 Severity:  normal    |   Resolution:           
 Keywords:            |  
----------------------+-----------------------------------------------------
Changes (by auxesis):

  * status:  closed => reopened
  * resolution:  invalid =>

Comment:

 I'm able to reproduce this. I'm getting an avalanche of blogroll link spam
 every night. The links appear to be pointing to other compromised wp
 instances.

 I set up an alert so i'd get notified when my blog was compromised. The
 exact time was 2007/10/15T04:16-1000. The apache log fragment is as
 follows:

 {{{

 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:06:19 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 500 1383
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:06:21 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 302 -
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:16:10 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 500 1383
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:16:14 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 302 -
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:18:24 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 500 1375
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:18:26 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 302 -
 holmwood.id.au 195.5.116.246 - - [15/Oct/2007:04:26:59 -1000] "POST
 /~lindsay/wp
 -admin/link.php HTTP/1.0" 500 1379

 }}}

 I'm running a newly upgraded 2.3.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4627#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list