[wp-hackers] wpau-backup being exploited?
ozh at planetozh.com
Mon May 26 07:24:16 GMT 2008
>So...is it being exploited or not?
Worst case scenario:
the plugin has a vulnerability that makes spammers able to inject content
in the backup directory, ie uploading the file like:
Best case scenario:
Malicious files were present before backup (ie there's another vuln
somewhere) but anyway the plugin allows for directory indexing of
potentially compromising stuff (don't know the plugin itself but I
wouldn't like anyone to be able to see the whole list of files under my
So the answer is: yes, this is exploiting.
More information about the wp-hackers