[wp-hackers] [Full-disclosure] Possible Code Execution vulnerability in WordPress ?
marc at let.de
Sun Jul 3 15:21:52 UTC 2011
On Jul 3, 2011, at 2:43 PM, Chip Bennett wrote:
> The Hackers list is not the first, or best, audience for this type of
> message. You should email security at wordpress.org directly if you
> believe you
> have discovered evidence of a vulnerability or an exploit vector.
> Also, be sure to read the Hardening WordPress entry in the Codex:
thanks , but they do nothing else then set the ticket to "invalid" ?
and dont respond on emails ?
> On Sun, Jul 3, 2011 at 6:33 AM, Marc Manthey <marc at let.de> wrote:
>> hello list,
>> i am using wordpress since 2 years without any trouble, update
>> regulary ,
>> but last friday, i got a mail from my hoster
>> that someone "uploaded" a phishing script into my "upload folder"
>> after i
>> found out that the "contact form" module might cause
>> the problem because i allways found a "wpcf7_captcha" directory in my
>> "upload folder , i removed the module and all when fine.
>> Today i ve got another mail from rsa.com that the same script is
>> still on
>> my site just in a "theme" folder.
>> I looked into the installed "phishing script"
>> it seems everything is loaded from https://www1.royalbank.com/ for
>> > < but this is not the original banking site !!
>> Is this a DNS manipulation ? https://www1.royalbank.com < ??? when
>> i try
>> http://www.royalbank.com it redirects me to the original banking
>> site at
>> http://www.rbcroyalbank.com !!!!
>> After i searched for some information , i found this on the full
>> disclosure list , and i am a bit concerned now....
>> [Full-disclosure] Code Execution vulnerability in WordPress
>> any idea what todo ?
>>>> -------- Original Message --------
>>>> Subject: Fraudulent site, please shut down! [RBC 11266] IP:
>>>> 188.8.131.52 Domain: let.de
>>>> Date: Sun, 3 Jul 2011 02:33:05 +0300
>>>> From: <afcc at rsa.com>
>>>> To: <abuse at speedpartner.de>
>>>> CC: <metz at speedpartner.de>
-- Les enfants teribbles - research / deployment
Marc Manthey- Vogelsangerstrasse 97
50823 Köln - Germany
facebook : http://opencu.tk
More information about the wp-hackers