[wp-hackers] wpau-backup being exploited?

Jorge Peña jorgepblank at gmail.com
Mon May 26 07:35:16 GMT 2008


I don't use it so it doesn't affect me, best to somehow tell its users
though.

On Mon, May 26, 2008 at 12:24 AM, Ozh <ozh at planetozh.com> wrote:

> >So...is it being exploited or not?
>
> Worst case scenario:
> the plugin has a vulnerability that makes spammers able to inject content
> in the backup directory, ie uploading the file like:
> >
> http://conexions.org/wordpress/wpau-backup/wordpress/wp-content/themes/classic/css/fence/fencing-tools.html
>
> Best case scenario:
> Malicious files were present before backup (ie there's another vuln
> somewhere) but anyway the plugin allows for directory indexing of
> potentially compromising stuff (don't know the plugin itself but I
> wouldn't like anyone to be able to see the whole list of files under my
> wordpress root)
>
> So the answer is: yes, this is exploiting.
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list