[wp-hackers] Security Vulnerability found - Forum Post

John Sinteur john at sinteur.com
Wed Apr 13 18:31:46 GMT 2005

On Apr 13, 2005, at 20:17, denis at semiologic.com wrote:

>> John Sinteur wrote:
>> (...) I don't think this comes close to anything critical.
> Er... Were I a hacker taking advantage of said exploit, I would 
> definitly not
> deface the blog. Rather, I would:

You mis-cut the comment, attributing that quote to me when it wasn't 
mine. Anyway, you're assuming way too much malice in the attacker.

ready-made cookie-stealing scripts are available from other exploits, 
so putting a simple exploit script together for wordpress isn't that 
difficult. Getting the exploit script to automatically search for 
wordpress blogs with these options set is just cut and paste from other 
existing exploits as well - I assume lots of us remember the attacks 
from the phpscripting host scam site, it's the reason I block all 
"lwp-agent " user-agent strings from my weblog.

It's terribly tempting for a script-kiddie to do the copy/paste, launch 
the resulting script and sit back and watch cnet report "thousands of 
weblogs defaced"

I do agree with Matt that a simple limited html-disable for certain 
user levels is more than enough to plug this hole.


More information about the wp-hackers mailing list