[wp-hackers] wpau-backup being exploited?

Ozh ozh at planetozh.com
Mon May 26 07:24:16 GMT 2008

>So...is it being exploited or not?

Worst case scenario:
the plugin has a vulnerability that makes spammers able to inject content 
in the backup directory, ie uploading the file like:
> http://conexions.org/wordpress/wpau-backup/wordpress/wp-content/themes/classic/css/fence/fencing-tools.html

Best case scenario:
Malicious files were present before backup (ie there's another vuln 
somewhere) but anyway the plugin allows for directory indexing of 
potentially compromising stuff (don't know the plugin itself but I 
wouldn't like anyone to be able to see the whole list of files under my 
wordpress root)

So the answer is: yes, this is exploiting.

More information about the wp-hackers mailing list